From: Chuck Lever III <chuck.lever@oracle.com>
To: Jeff Layton <jlayton@kernel.org>
Cc: Neil Brown <neilb@suse.de>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH 0/8] NFSD: clean up locking.
Date: Thu, 14 Jul 2022 14:32:41 +0000 [thread overview]
Message-ID: <4644E5BF-9365-491E-BB17-507E77E9AA5E@oracle.com> (raw)
In-Reply-To: <305c28b90f4d51dac01456cbb383c95999ef5f65.camel@kernel.org>
> On Jul 13, 2022, at 3:13 PM, Jeff Layton <jlayton@kernel.org> wrote:
>
> On Wed, 2022-07-13 at 14:15 +0000, Chuck Lever III wrote:
>>
>>
>> Just to be clear, I'm referring to this issue:
>>
>>>> NOTE: when nfsd4_open() creates a file, the directory does *NOT* remain
>>>> locked and never has. So it is possible (though unlikely) for the
>>>> newly created file to be renamed before a delegation is handed out,
>>>> and that would be bad. This patch does *NOT* fix that, but *DOES*
>>>> take the directory lock immediately after creating the file, which
>>>> reduces the size of the window and ensure that the lock is held
>>>> consistently. More work is needed to guarantee no rename happens
>>>> before the delegation.
>>>
>>> Interesting. Maybe after taking the lock, we could re-vet the dentry vs.
>>> the info in the OPEN request? That way, we'd presumably know that the
>>> above race didn't occur.
>
> I usually like to see bugfixes first too, but I haven't heard of anyone
> ever hitting this problem in the field. We've lived with this bug for a
> long time, so I don't see a problem with cleaning up the locking first
> and then fixing this on top of that.
>
> That said, if we're concerned about it, we could just add an extra check
> to nfs4_set_delegation. Basically, take parent mutex, set the
> delegation, walk the inode->i_dentry list and vet that one of them
> matches the OPEN args. That change probably wouldn't be too invasive and
> should be backportable, but it means taking that mutex twice.
>
> The alternate idea would be to try to set the delegation a lot earlier,
> while we still hold the parent mutex for the open. That makes the
> cleanup trickier, but is potentially more efficient. I think it'd be
> simpler to implement this on top of Neil's patchset since it simplifies
> the locking. Backporting that by itself is probably going to be painful
> though.
>
> What should we aim for here?
If there is consensus that a fix for a possible delegation/rename race is
not necessary in stable kernels, then there is a little more maneuverability --
we can shoot for what is ideal moving forward.
Again, my main concerns are not perturbing the legacy code if we don't have
to, and having the NFSv4 code spell out its locking requirements clearly.
After that, performance is important, so avoiding taking locks and mutexes
(mutices?) unnecessarily would be best.
--
Chuck Lever
next prev parent reply other threads:[~2022-07-14 14:33 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-06 4:18 [PATCH 0/8] NFSD: clean up locking NeilBrown
2022-07-06 4:18 ` [PATCH 6/8] NFSD: use explicit lock/unlock for directory ops NeilBrown
2022-07-06 14:05 ` Jeff Layton
2022-07-06 16:29 ` Chuck Lever III
2022-07-15 16:11 ` Jeff Layton
2022-07-15 18:22 ` Jeff Layton
2022-07-17 23:59 ` NeilBrown
2022-07-17 23:43 ` NeilBrown
2022-07-06 4:18 ` [PATCH 8/8] NFSD: discard fh_locked flag and fh_lock/fh_unlock NeilBrown
2022-07-06 14:12 ` Jeff Layton
2022-07-06 4:18 ` [PATCH 7/8] NFSD: use (un)lock_inode instead of fh_(un)lock for file operations NeilBrown
2022-07-06 14:10 ` Jeff Layton
2022-07-06 16:30 ` Chuck Lever III
2022-07-07 1:33 ` NeilBrown
2022-07-06 4:18 ` [PATCH 2/8] NFSD: change nfsd_create() to unlock directory before returning NeilBrown
2022-07-06 13:24 ` Jeff Layton
2022-07-06 16:29 ` Chuck Lever III
2022-07-06 4:18 ` [PATCH 1/8] NFSD: drop rqstp arg to do_set_nfs4_acl() NeilBrown
2022-07-06 13:17 ` Jeff Layton
2022-07-06 4:18 ` [PATCH 4/8] NFSD: only call fh_unlock() once in nfsd_link() NeilBrown
2022-07-06 13:31 ` Jeff Layton
2022-07-06 16:29 ` Chuck Lever III
2022-07-06 4:18 ` [PATCH 3/8] NFSD: always drop directory lock in nfsd_unlink() NeilBrown
2022-07-06 13:30 ` Jeff Layton
2022-07-06 4:18 ` [PATCH 5/8] NFSD: reduce locking in nfsd_lookup() NeilBrown
2022-07-06 13:47 ` Jeff Layton
2022-07-07 1:26 ` NeilBrown
2022-07-06 16:29 ` Chuck Lever III
2022-07-07 1:29 ` NeilBrown
2022-07-06 16:29 ` [PATCH 0/8] NFSD: clean up locking Chuck Lever III
2022-07-12 2:33 ` NeilBrown
2022-07-12 14:17 ` Chuck Lever III
2022-07-13 4:32 ` NeilBrown
2022-07-13 14:15 ` Chuck Lever III
2022-07-13 19:13 ` Jeff Layton
2022-07-14 14:32 ` Chuck Lever III [this message]
2022-07-15 2:36 ` NeilBrown
2022-07-15 13:01 ` Jeff Layton
2022-07-15 13:53 ` Jeff Layton
2022-07-15 14:06 ` Chuck Lever III
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4644E5BF-9365-491E-BB17-507E77E9AA5E@oracle.com \
--to=chuck.lever@oracle.com \
--cc=jlayton@kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.