IETF Logo Mail Archive

[nfsv4] https://datatracker.ietf.org/doc/draft-myklebust-nfsv4-pnfs-backend/

Thomas Haynes <thomas@netapp.com> Thu, 18 November 2010 00:03 UTC

Return-Path: <Thomas.Haynes@netapp.com>
X-Original-To: nfsv4@core3.amsl.com
Delivered-To: nfsv4@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 973813A6358 for <nfsv4@core3.amsl.com>; Wed, 17 Nov 2010 16:03:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.276
X-Spam-Level:
X-Spam-Status: No, score=-10.276 tagged_above=-999 required=5 tests=[AWL=0.323, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zJTD1DDvfYPL for <nfsv4@core3.amsl.com>; Wed, 17 Nov 2010 16:03:44 -0800 (PST)
Received: from mx2.netapp.com (mx2.netapp.com [216.240.18.37]) by core3.amsl.com (Postfix) with ESMTP id BF6EC3A6359 for <nfsv4@ietf.org>; Wed, 17 Nov 2010 16:03:44 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.59,213,1288594800"; d="scan'208";a="483704165"
Received: from smtp2.corp.netapp.com ([10.57.159.114]) by mx2-out.netapp.com with ESMTP; 17 Nov 2010 16:04:16 -0800
Received: from sacrsexc1-prd.hq.netapp.com (sacrsexc1-prd.hq.netapp.com [10.99.115.27]) by smtp2.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id oAI04EGc017580 for <nfsv4@ietf.org>; Wed, 17 Nov 2010 16:04:16 -0800 (PST)
Received: from rtprsexc2-prd.hq.netapp.com ([10.100.161.115]) by sacrsexc1-prd.hq.netapp.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 17 Nov 2010 16:04:15 -0800
Received: from RTPMVEXC1-PRD.hq.netapp.com ([10.100.161.112]) by rtprsexc2-prd.hq.netapp.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 17 Nov 2010 19:04:13 -0500
Received: from sc-msmith-t61.acresso.com ([10.34.17.72]) by RTPMVEXC1-PRD.hq.netapp.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 17 Nov 2010 19:04:13 -0500
From: Thomas Haynes <thomas@netapp.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 17 Nov 2010 16:04:12 -0800
Message-Id: <3614AF54-FA76-44ED-A070-EE5E37D9EB01@netapp.com>
To: nfsv4@ietf.org
Mime-Version: 1.0 (Apple Message framework v1081)
X-Mailer: Apple Mail (2.1081)
X-OriginalArrivalTime: 18 Nov 2010 00:04:13.0264 (UTC) FILETIME=[21FCC500:01CB86B4]
Subject: [nfsv4] https://datatracker.ietf.org/doc/draft-myklebust-nfsv4-pnfs-backend/
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2010 00:03:48 -0000

Trond,

Some questions I had after reading this:

1) What keeps another client from spoofing a file handle to get at a cached file?

Note that there is no export control on cached files. The caching server
has to assume that the MDS did the access checks. With AUTH_UNIX,
this means that any client can get access with a spoofed file handle.

Another implementation issue here is that the caching server, if it does
per op access checks, will now need to know to skip such checks on these
files.

2) What keeps a file handle clash from occurring?

I.e., the cached file has a file handle which maps to a valid file on the caching
server.

3) This also goes with the following from the draft:

>    When the data server receives a READ request from a client with a
> 
> 
> 
> 
> Myklebust                Expires January 7, 2010                [Page 5]
>  
> Internet-Draft      pNFS back end protocol extensions          July 2009
> 
> 
> 
>    stateid or a data server filehandle that it does not recognise, it
>    attempts to validate that request using the PROXY_OPEN call.  This
>    operation will convert the data server filehandle as provided by the
>    layout into a real filehandle, that the data server can use to access
>    the file on the metadata server.  In order to make it easy for the
>    data server to identify the file, the real filehandle SHOULD match
>    the filehandle that was returned to the client when it received the
>    read delegation.


Which I take to imply that stateids must be unique on the MDS and
these caching data servers. I.e., if a client presents a stateid that is
already being used on the caching data server and it presents a valid
filehandle from that caching data server, then the caching data server
has to assume that the client is trying to access a non-cached file.

4) I'm also reading this as saying that the data server filehandle SHOULD
match the real filehandle presented in the layout. Indeed if it does not,
then the data server will need to pass any filehandle it gets back to the
MDS to see if it is a file handle it is caching.

5) 

> 
>    The PROXY_OPEN call also checks the access rights that were granted
>    by the layout and the READ stateid for validity.  If the pNFS client
>    in question does not hold a layout for this file, the PROXY_OPEN
>    request from the data server will return NFS4ERR_PNFS_NO_LAYOUT.  In
>    this case, the data server should not attempt to service the READ
>    request, but should pass the error on to the pNFS client.
> 

Is NFS4ERR_PNFS_NO_LAYOUT the only error that can be set here?

a) File does not exist (NFS4ERR_STALE)
b) Client does not have permission to the underlying export (NFS4ERR_ACCESS)
c) ...
d) stateid is no longer valid, etc 

Ideally, the client should have gone through all of these steps in order to get
the filehandle from the MDS, but nothing stops the client from holding onto the
filehandle and the MDS deleting it, etc.

Thanks,
Tom

v2.23.0 | Report a Bug | By Email