[nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operations
Rick Macklem <rick.macklem@gmail.com> Fri, 09 August 2024 22:31 UTC
Return-Path: <rick.macklem@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E77BC169411 for <nfsv4@ietfa.amsl.com>; Fri, 9 Aug 2024 15:31:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qEMR2B6amhZ7 for <nfsv4@ietfa.amsl.com>; Fri, 9 Aug 2024 15:31:35 -0700 (PDT)
Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4144C15109E for <nfsv4@ietf.org>; Fri, 9 Aug 2024 15:31:35 -0700 (PDT)
Received: by mail-pf1-x436.google.com with SMTP id d2e1a72fcca58-70eb0ae23e4so2073670b3a.0 for <nfsv4@ietf.org>; Fri, 09 Aug 2024 15:31:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723242695; x=1723847495; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9QC98qkOqeu20toUzy5TJTWJ37KetUs0QJFmpxMmvPQ=; b=PNbdsPCBjK6EEcuubweLxXRjhdPGB3hlm6nSw+j+uo+q829mrn5gqER7gwYqBKTTtZ +IQUTNB4ZJ9ScMfjmEfs5vCtNDIeCJMJRuRjs1o94nkM1uqmeNYA1qb1jvGdHterOBWG vfjs2mPvgMUnf+OLWHX4akElc2FLvw7yLi8pX6ibOqRoqdoqfSA0J/jyImFnC+coRWqF 6yW0MqS1X7dP9G6prqgtDPe/0XrzI64qaCHnA8IrR/DKLb+tX8r4AzYQ+58r5w+HrSP+ 1mPGbq7Jrp53Xo8i4XP7eMjsWLMhma8uKaQZVRjzj/Jc9Eb936BOpakOyUm/s3dkb2Y3 Qb2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723242695; x=1723847495; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9QC98qkOqeu20toUzy5TJTWJ37KetUs0QJFmpxMmvPQ=; b=oqWV1yIUwEf65lBKobNQOTh4zPfCFxiezVjz78hmrw8GCAv3l1PARHGRDmRMr/b3hu QSxKe0L7NtD2UfaOxolFEmq3lUtVSAWCMiJcTgKlpzXOeuuUuNIgJR2O/FIbgwJuws9c 0ngkTyoLBK7zvTAUm9BFVyShGk3shYaLCmsfKC/tdb8Ba6191AV5aFt9p9yjg4UEooBV 1FDXtGIlq2DLBiMT39F6PuskVX6Z7z3Ji470WmfdwoCbz6RXkocWz4ojvj3XLySq0Bvx kLVXnDpRx+0sluwdbPbjO0eQiFSTAF6lUptaL9ykg/Sdb867q/mZFdrml/EqOzbCgBKh 3+Ow==
X-Gm-Message-State: AOJu0Yxrk7jPwPIA0yaHZaFmp41y+JryIsFePssiLYO6u/4fK1XKQdgk 9j57zOn8yIVyMHd6v3RGjTpL+K65EYBcQlqYlTZPHl8gSBCJ43n9yKpJ2zd3yS2yVjOXa+hX9XX +84pZXRthINzf0UtgY97hpyBWFg==
X-Google-Smtp-Source: AGHT+IGY+TjdiPiCclCs8Mkkw/+lpM9+/yZO0ctSE8Yoqd94RioCGNZK+Sd3IuUj3pk+4/5pHqxNUKnlx6UlggD+ucU=
X-Received: by 2002:a05:6a21:e85:b0:1c2:96f1:a2ce with SMTP id adf61e73a8af0-1c89fe780acmr3804487637.3.1723242694756; Fri, 09 Aug 2024 15:31:34 -0700 (PDT)
MIME-Version: 1.0
References: <CAM5tNy7g+YCiiZQD7G6Ryv_Mo8N5BeRiqMP=224zPpEXa+Yi+A@mail.gmail.com> <4F40121B-7A36-4394-91C0-92A7D74CF676@oracle.com> <CAM5tNy42RYs_Bq5G6Acujogx2UfpumdP4iYy1LH24O13BBYS9g@mail.gmail.com>
In-Reply-To: <CAM5tNy42RYs_Bq5G6Acujogx2UfpumdP4iYy1LH24O13BBYS9g@mail.gmail.com>
From: Rick Macklem <rick.macklem@gmail.com>
Date: Fri, 09 Aug 2024 15:31:24 -0700
Message-ID: <CAM5tNy5jYurF5pxf7D4vEqmn6jkBAAGzVp7-yq=4pUjcoawoWA@mail.gmail.com>
To: Chuck Lever III <chuck.lever@oracle.com>
Content-Type: multipart/alternative; boundary="000000000000aed71e061f47b40b"
Message-ID-Hash: OEHNMA6GJWR7EUASNTW32EGAFHNC44HE
X-Message-ID-Hash: OEHNMA6GJWR7EUASNTW32EGAFHNC44HE
X-MailFrom: rick.macklem@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-nfsv4.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: NFSv4 <nfsv4@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operations
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/L_6YeBbWG3Y0cm6SBjOHJl2WGL4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Owner: <mailto:nfsv4-owner@ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Subscribe: <mailto:nfsv4-join@ietf.org>
List-Unsubscribe: <mailto:nfsv4-leave@ietf.org>
On Fri, Aug 9, 2024 at 1:12 PM Rick Macklem <rick.macklem@gmail.com> wrote: > > > On Fri, Aug 9, 2024 at 8:21 AM Chuck Lever III <chuck.lever@oracle.com> > wrote: > >> >> >> > On Aug 8, 2024, at 4:36 PM, Rick Macklem <rick.macklem@gmail.com> >> wrote: >> > >> > Hi, >> > >> > Over the years, I've run into cases where it would be really >> > nice to be able to perform multiple NFSv4 operations on a >> > file without other operations done by other clients >> > "gumming up the works" by changing the file's data/metadata >> > between the operations in the compound. >> > >> > So, what do others think about an extension to NFSv4.2 that >> > adds 2 new operations: >> > MUTEX_BEGIN(CFH) >> > MUTEX_END(CFH) >> > Both would use the CFH as argument, and no other client would >> > be allowed to perform operations on the CFH between the MUTEX_BEGIN >> > and MUTEX_END. >> > >> > I think there would need to be a couple of properties for these: >> > - There would need to be an "implicit" MUTEX_END when any operation >> > between MUTEX_BEGIN and MUTEX_END returns a status other than NFS_OK. >> > - I think you would want a restriction of only one mutex for one CFH >> > at a time in a compound. Without that, there could easily be deadlocks >> > caused by other compounds acquiring mutexes on the same CFHs in a >> > different order. >> > - Only one compound can hold a mutex on a given CFH at any time. >> > - MUTEX_BEGIN/MUTEX_END can only be used in compounds where SEQUENCE >> > is the first operation. >> > - All mutexes are discarded by a server when it crashes/recovers. >> > (Any time a client receives a NFS4ERR_STALE_CLIENTID.) >> > That way RPC retries after a server reboot should work ok, I think? >> >> I favor a narrow reservation, as described here, rather than >> blocking all server operations. The usage for multiple files >> would be more complicated, as Tom says, but my intuition is >> that the server's implementation of a mutex might be more >> efficient for the single file, which might be the common case. >> >> Also, I think this needs to be explicitly tied to the client's >> lease so that a mutex reservation evaporates automatically if >> the client goes away. >> > Agreed. I did say something about NFS4ERR_STALE_CLIENTID, > but probably didn't make it clear. > > >> This could be used as a DoS vector; care should be taken to >> describe how a server mitigates or prevents clients from >> accidentally or maliciously blocking operations on a FH >> permanently. >> > I mentioned an "implicit" MUTEX_END when an operation > returns anything other than NFS_OK. > This should also apply to any other case where the processing > of the compound ends before a MUTEX_END (such as a client > not putting one in the compound. > Another one is if the file object is deleted, there needs to be an implicit MUTEX_END. > > I don't know if this is sufficient, but with a relatively short > (<= 50msec) timeout on MUTEX_BEGIN, it might? > > >> >> > I am not sure what the semantics for reading data/metadata should be, >> > but I was thinking that would be allowed to be done by compounds for >> > other clients for the CFH. If a client wanted to serialize against >> > other compounds for the CFH, it could do a MUTEX_BEGIN/MUTEX_END. >> > There is also the issue of what to do about NFSv4.0/4.1 (and NFSv3)? > - All I can think of is that they would be allowed to continue processing > operations irrespective of the mutex, but others might have better ideas. > I am now thinking that requiring processing of any operations NFSv4.0/4.1/4.2 that uses the file object (CFH or SAVEFH) should block while another compound holds the mutex for the file. (Without this, the MUTEX would be pretty useless when clients using multiple minor versions are mounted on the server.) I don't know about other server implementations, but this should be pretty easy to do for FreeBSD via vnode (represents a file) locking. Since there seems to be some interest, I'll try prototyping it on FreeBSD. Thanks for the comments, rick And then there is the question of "does it apply to other compounds done > by the same ClientID? > - I am now thinking it should apply. I can see a client wanting to throw a > bunch of writes at the server, but would like to get "change, > time_modify" > that applies to that write, by doing: > MUTEX_BEGIN > WRITE(UNSTABLE4) > GETATTR(of change, time_modify) > MUTEX_END > (A WRITE(UNSTABLE4) will not take long.) > > rick > > > >> > I see this as useful in a variety of ways: >> > - The example in the previous email of: >> > MUTEX_BEGIN >> > NVERIFY acl_truform ACL_MODEL_NFS4 >> > SETATTR posix_access_acl >> > MUTEX_END >> > - Append writing: >> > MUTEX_BEGIN >> > VERIFY size "offset in WRITE that follows" >> > WRITE "offset" etc >> > MUTEX_END >> > - A bunch of cases where NFSv4 lacks the postop_attributes >> > that were in NFSv3. >> > MUTEX_BEGIN >> > WRITE >> > GETATTR size, change,.. >> > MUTEX_END >> > >> > So, what do others think? >> > (This was obviously not possible without sessions.) >> > >> > rick >> > >> > >> > _______________________________________________ >> > nfsv4 mailing list -- nfsv4@ietf.org >> > To unsubscribe send an email to nfsv4-leave@ietf.org >> >> -- >> Chuck Lever >> >> >>
- [nfsv4] RFC: new MUTEX_BEGIN/MUTEX_END operations Rick Macklem
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Rick Macklem
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Tom Haynes
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Rick Macklem
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Pali Rohár
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Rick Macklem
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Chuck Lever III
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Jeff Layton
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Pali Rohár
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Rick Macklem
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Rick Macklem
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Jeff Layton
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Jeff Layton
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Rick Macklem
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Rick Macklem
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Jeff Layton
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Rick Macklem
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Pali Rohár
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Rick Macklem
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Trond Myklebust
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Rick Macklem
- [nfsv4] Re: RFC: new MUTEX_BEGIN/MUTEX_END operat… Rick Macklem