IETF Logo Mail Archive

Re: [Gen-art] Gen-art LC review of draft-ietf-nfsv4-rfc3530bis-33

Tom Haynes <thomas.haynes@primarydata.com> Tue, 02 December 2014 18:16 UTC

Return-Path: <thomas.haynes@primarydata.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C45F21A1B62 for <gen-art@ietfa.amsl.com>; Tue, 2 Dec 2014 10:16:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uyak3d6f9mLL for <gen-art@ietfa.amsl.com>; Tue, 2 Dec 2014 10:16:44 -0800 (PST)
Received: from mail-pd0-f175.google.com (mail-pd0-f175.google.com [209.85.192.175]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C8881A0392 for <gen-art@ietf.org>; Tue, 2 Dec 2014 10:15:43 -0800 (PST)
Received: by mail-pd0-f175.google.com with SMTP id y10so13603281pdj.6 for <gen-art@ietf.org>; Tue, 02 Dec 2014 10:15:42 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=7MkostkFJGJQzZag3XVzJjAPQmyxZ3e5+4nj6o0zb4c=; b=A6HKrQ2JUB51CzEjZrpI2YV7A8QnkB7Ex3NTH4tqASglkCh7bxzYsN9YHGF+uqzUCg UTQwUStPa08KLj82uddhU2FQpp7xZJCga+vlImAviz9Eno22YN4EM07cNBR4to4sxJWm YCVQyjG6dV7ynzfKjvG8cSsKOwvk2QikokXqUByCVK2nNqFX+ebTQT/Q/VDiMfAFNIwA 72ih7W2V07ncSR97XgwM+AytbPQv+sr7+iw/XnxbNSJQyuCvokADWOufHI4SOa9xYHsZ xIPvKE72tVk2nZP9gf9iViYjJQynLZsgYPko1tJZIhpWH25IDcuVSC4yOa2/4j4jG0tK HVVw==
X-Gm-Message-State: ALoCoQk1wV7LFcctZ3S5RzLDPBnXtQAs1ooc+auuYYnuu5iiBlnoTNPqW91yLAMGhaLCEIlQmWTH
X-Received: by 10.70.130.73 with SMTP id oc9mr1199375pdb.42.1417544142817; Tue, 02 Dec 2014 10:15:42 -0800 (PST)
Received: from [10.30.8.37] ([50.242.95.105]) by mx.google.com with ESMTPSA id qd2sm5063219pdb.0.2014.12.02.10.15.41 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 02 Dec 2014 10:15:42 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
From: Tom Haynes <thomas.haynes@primarydata.com>
In-Reply-To: <547DEBAF.9010907@dial.pipex.com>
Date: Tue, 02 Dec 2014 10:15:40 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <0A501549-DC37-43FF-9028-BA0C90514FB9@primarydata.com>
References: <54627625.9050909@dial.pipex.com> <7E1914F4-413F-4F7E-BE9A-C941FBDD422B@primarydata.com> <5465143D.6020604@dial.pipex.com> <47860B2D-1977-4062-9775-10463F7030B9@primarydata.com> <EF01418C3D9E034EB5E2FD76E33708EB22CAF09541@AUSX7MCPS308.AMER.DELL.COM> <CADaq8jdvdfqDuGs_Gj4qFZ2HxdH71GRSaKGQZfeq5APW40ZxmQ@mail.gmail.com> <CA071301-D89F-4A4C-B253-086E95A4F929@primarydata.com> <546B0F4F.3060504@dial.pipex.com> <B8733C3C-1986-49B3-9AE6-1B88A8F7CA8C@primarydata.com> <547C7E2B.10305@dial.pipex.com> <CADaq8jcNopgjGZgevo2BNEjWvvV3eCesFLgPzpwg0j33XO1t2A@mail.gmail.com> <547CC75C.7010909@dial.pipex.com> <1F2B554C-4C7C-4BF0-B078-AA7988F7B0AF@primarydata.com> <547DC609.9070104@dial.pipex.com> <CADaq8jfHP-fMQ9notdVt5iZ+mO48cu_d6jCDZ8LFpkgN93x2-w@mail.gmail.com> <547DEBAF.9010907@dial.pipex.com>
To: Elwyn Davies <elwynd@dial.pipex.com>
X-Mailer: Apple Mail (2.1993)
Archived-At: http://mailarchive.ietf.org/arch/msg/gen-art/_5HaKqV54qzLZXpVhDniqL71G6k
Cc: "gen-art >> General area reviewing team" <gen-art@ietf.org>, Barry Leiba <barryleiba@computer.org>, David Noveck <davenoveck@gmail.com>
Subject: Re: [Gen-art] Gen-art LC review of draft-ietf-nfsv4-rfc3530bis-33
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 18:16:55 -0000

Hi Elwyn,

Thanks for all of the review and help effort. Besides the inexplicable typos, you unearthed some issues which would give an experienced reader pause.

Tom


> On Dec 2, 2014, at 8:41 AM, Elwyn Davies <elwynd@dial.pipex.com> wrote:
> 
> Hi, David.
> 
> Excellent.  I think some suitable combination of your words below would fill the bill.
> 
> The point about the very large directories is well taken - I hadn't grokked that previously.
> 
> I guess the update should go in s15.26.5 after para 1:
> 
> Something like:
> 
> -----------------
> 
> As there is no way for the client to indicate that a cookie value once received, will not be subsequently used, server implementations should avoid schemes that allocate memory corresponding to a returned cookie. Such allocation can be avoided if the server bases cookie values on a value such as the offset within the directory where the scan is to be resumed.
> 
> Cookies generated by such techniques should be designed to remain valid despite modification of the associated directory.  If a server were to invalidate a cookie because of a directory modification, READDIR's of large directories might never finish.
> 
> If a directory is deleted after the client has carried out one or more READDIR operations on the directory, the cookies returned will become invalid but the server does not need to be concerned as the directory file handle used previously would have become stale and would be reported as such on subsequent READDIR operations.  The server would not need to check the cookie verifier in this case.
> 
> However, certain re-organization operations on a directory (including directory compaction) may invalidate READDDIR cookies previously given out.  When such a situation occurs, the server should modify the cookie verifier so as to accept cookies which would otherwise no longer be valid.
> 

Done, with Dave’s suggested tweak.


> -------------------
> 
> Aside: handling reorganization without creating state sounds challenging but life wouldn't be interesting without challenges! :-)
> 
> A couple of nits that got missed from yesterday:
> 
> s5.4, 2nd bullet labelled '1.': s/common to all object within given file system./common to all objects within the given file system./

Done


> 
> s9.1.3, last sentence: s/an can be treated as later./and can be treated as later./
>                         ^^^^
> 

Done

> 
> With something like the above, I think we are done.
> 
> Congratulations!  I hope this gets to be an RFC RSN.
> 
> Cheers,
> Elwyn
> 
> 
> 
> 
> 
> On 02/12/14 14:56, David Noveck wrote:
>>    Hence, NFS has no equivalent of the "directory stream" referred to
>>    in the Unix manual pages.  Furthermore you don't 'open' a directory
>>    in NFSv4, you just give it the filehandle.
>> 
>> 
>> Correct.  NFSv4 just took over the NFSv3 approach to reading directories
>> and NFSv3 doesn't support open/close at all.
>> 
>>    However the lack of a closedir equivalent means that the server has
>>    no idea when the client has finished with the READDIR cookie(s).
>> 
>> Right.
>> 
>>      I think it would be helpful to give some advice on what the server
>>    should do to avoid a build up of probably useless state.
>> 
>> how about:
>> 
>>    As there is no way for the client to indicate that a cookie value
>>    once received, will not be subsequently used, serer implementations
>>    should avoid schemes that allocate memory corresponding to a
>>    returned cookie.  Such allocation can be avoided if the server bases
>>    cookie values on a value such as the offset within the directory
>>    wher the scan is to be resumed.
>> 
>> 
>>    Given the usual usage of READDIR, I would expect that once a call
>>    has returned eof<-TRUE, the client will in almost all cases be done
>>    and the state for the (client,directory) pair can be discarded.
>> 
>> 
>> Except there is no state for  client,directory pair.  The spec does not
>> mandate that such state be maintained, and i don't know of server that
>> maintain that sort of state.  NFSv4. servers follow the NFSv3 practice,
>> where client state/per se/ did not exist.
>> 
>>    However, there might be cases where the call has to be rerun due to
>>    comms failure I suppose, so maybe after a number of calls at eof?
>>    Presumably there also ought to be some sort of timeout (like if the
>>    leases expire??)  I have no idea what current implementations do here.
>> 
>> None of these situations arise since there is no per--client readdir state.
>> 
>> 
>> 
>> Crafting a couple of sentences to mention these three items (deletion,
>> modification and stale state) would IMO be helpful.  It would certainly
>> have helped me!.
>> 
>> suggestions:
>> 
>>  * *deletion*
>> 
>>    cookies return by READDIR become invalid when the directory is
>>    removed but the server is not obliged for check for this situation
>>    or check the cookie verifier since the directory handle will become
>>    stale.
>> 
>>  * *modification*
>> 
>>    Cookies generated by such techniques should reaiin valid despite
>>    modification of the associated directory.  If a server were to
>>    invalidate a cookie because of a directory modification, READDIR's
>>    of large directories might never finish.
>> 
>>  * *stale state*
>> 
>>    I think it is clear from the text above that there is no state to
>>    become stale.  Not sure what else you can say.
>> 
>>  * *directory reorganization*
>> 
>>    certain re-organization operation on a directory (including
>>    directory compaction) may invalidate READDDIR cookies
>>    previously given out.  when these situation ocur, the server should
>>    modify the cookie verifier to accepting cookies which are no longer
>>    valid.
>> 
>> 
>> On Tue, Dec 2, 2014 at 9:00 AM, Elwyn Davies <elwynd@dial.pipex.com
>> <mailto:elwynd@dial.pipex.com>> wrote:
>> 
>>    Hi.
>> 
>>    Sorry to keep harping on about READDIR, but...
>> 
>>    Tom's comment about opendir/closedir at the end of the mail nbelow
>>    obviously triggered something in my brain overnight, 'cos I woke up
>>    realizing that I wasn't correctly understanding the semantics here.
>> 
>>    Please bear with while I parade my naivete :-(
>> 
>>    Having refreshed my memory on the semantics of reading directories
>>    in Unix and checked back on NFSv4, I realized that NFSv4 doesn't
>>    have the equivalents of opendir and closedir.
>> 
>>    Hence, NFS has no equivalent of the "directory stream" referred to
>>    in the Unix manual pages.  Furthermore you don't 'open' a directory
>>    in NFSv4, you just give it the filehandle.
>> 
>>    So, the case of the directory getting deleted under your feet
>>    between READDIR calls presumably just results in a NFS4ERR_STALE
>>    error on the next READDIR call and the issue of whether the cookie
>>    is valid is moot. It is then up to the client to map this into local
>>    OS behaviour.
>> 
>>    This means that only the directory modification case is relevant to
>>    the cookie validity issue, and I understand the comment that David
>>    was making yesterday more clearly now.
>> 
>>    However the lack of a closedir equivalent means that the server has
>>    no idea when the client has finished with the READDIR cookie(s).  I
>>    think it would be helpful to give some advice on what the server
>>    should do to avoid a build up of probably useless state.
>> 
>>    Given the usual usage of READDIR, I would expect that once a call
>>    has returned eof<-TRUE, the client will in almost all cases be done
>>    and the state for the (client,directory) pair can be discarded.
>>    However, there might be cases where the call has to be rerun due to
>>    comms failure I suppose, so maybe after a number of calls at eof?
>>    Presumably there also ought to be some sort of timeout (like if the
>>    leases expire??)  I have no idea what current implementations do here.
>> 
>>    Crafting a couple of sentences to mention these three items
>>    (deletion, modification and stale state) would IMO be helpful.  It
>>    would certainly have helped me!
>> 
>>    Regards,
>>    Elwyn
>> 
>>    On 02/12/14 00:56, Tom Haynes wrote:
>> 
>> 
>>            On Dec 1, 2014, at 11:54 AM, Elwyn Davies
>>            <elwynd@dial.pipex.com <mailto:elwynd@dial.pipex.com>> wrote:
>> 
>>            Hi, David.
>> 
>>            Thanks for the response.
>> 
>>            A couple of comments below...
>> 
>>            Regards,
>>            Elwyn
>> 
>>            On 01/12/14 18:50, David Noveck wrote:
>> 
>>                     My view (remains) that if the cookie is not tied to
>>                the change
>>                     attribute of the directory, this makes life
>>                difficult for both the
>>                     server (what does it send if the data has been
>>                changed and how does
>>                     it manage maintaining checkpoints -- where a
>>                readdir finished --, in
>>                     particular if the checkpoint was on an entry that
>>                has been deleted),
>>                     and the client.
>> 
>> 
>>                The cookie is not tied to the change attribute of the
>>                directory.
>> 
>>                The purpose of the cookie is ensuring that you do a
>>                READDIR that
>>                encompasses multiple requests:
>> 
>>                   * entries that exist during the entire period of the
>>                multi-requuest
>>                     directory read appear exactly once in the result.
>>                   * entries that exists during some part of the period
>>                of the
>>                     multi-request directory read  appear at most once
>>                in the result.
>> 
>> 
>>                Basically implementations scan through the directory as
>>                it exists on
>>                disk and if there is a created entry, the client may or
>>                may not see it,
>>                depending on where the the new entry happens to be put,
>>                with respect to
>>                the ongoing scan.  As far as deleted entries, the
>>                implementation only
>>                has to be able to move on to the next entry if it
>>                encouneters an entry
>>                marked as deleted.
>> 
>> 
>>            OK, so the server has to be clever rather than telling the
>>            client to restart the readdir -- I'm not sure this is the
>>            right trade-off since the client has to cope with being told
>>            the cached cookie is useless (as per Trond's input below)
>>            but I guess implementations work this way already and it
>>            isn't my call.  In that case I suggest that the last
>>            sentence of s15.26.4, para 9, is modified to tell server
>>            implementers a bit more clearly what they have to do.
>>            Suggestion:
>>            OLD:
>>                Ideally, the cookie value should not change if the
>>            directory is
>>                modified since the client may be caching these values.
>>            NEW:
>>                The server SHOULD try to accept cookie values issued
>>            with READDIR
>>                responses even if the directory has been modified
>>            between the
>>                READDIR calls but MAY return NFS4ERR_NOT_VALID if this
>>            is not
>>                possible as might be the case if the server has rebooted
>>            in the
>>                interim.
>> 
>> 
>>        I’ve taken this change.
>> 
>> 
>>            One nasty thought occurs to me regarding the idea that a
>>            client caches
>>            the cookie value(s):  Is the server supposed to maintain the
>>            whole
>>            sequence of cookies for a sequence of READDIRs on a single
>>            directory so
>>            the client can reissue some of the READDIR calls or is it
>>            fair enough for the server to throw them away after the
>>            client has used them once? And how long should the server
>>            hang onto cookie state in normal operation?
>> 
>> 
>>        No, it does not have to save them.
>> 
>>        But the cookies are pretty persistent in the first place. I.e.,
>>        use some property of either the inode or the dirent to generate
>>        the cookie.
>> 
>>        As such, the cookie state does not need to be held onto.
>> 
>>        And for the life, it actually needs to be “stable” between the
>>        opendir() and closedir() call on the client. While we are safe
>>        on a client reboot, a client could end up holding onto the DIR
>>        pointer for a large indeterminate time.
>> 
>>

v2.39.1 | Report a Bug | By Email | System Status