Re: [nfsv4] https://datatracker.ietf.org/doc/draft-myklebust-nfsv4-pnfs-backend/
Trond Myklebust <trond.myklebust@fys.uio.no> Thu, 18 November 2010 18:52 UTC
Return-Path: <trond.myklebust@fys.uio.no>
X-Original-To: nfsv4@core3.amsl.com
Delivered-To: nfsv4@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4373D3A68AC for <nfsv4@core3.amsl.com>; Thu, 18 Nov 2010 10:52:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nVpZBZwNHPcb for <nfsv4@core3.amsl.com>; Thu, 18 Nov 2010 10:52:53 -0800 (PST)
Received: from mail-out2.uio.no (mail-out2.uio.no [129.240.10.58]) by core3.amsl.com (Postfix) with ESMTP id DAB503A68A4 for <nfsv4@ietf.org>; Thu, 18 Nov 2010 10:52:52 -0800 (PST)
Received: from mail-mx4.uio.no ([129.240.10.45]) by mail-out2.uio.no with esmtp (Exim 4.69) (envelope-from <trond.myklebust@fys.uio.no>) id 1PJ9c3-0006Vy-U5; Thu, 18 Nov 2010 19:53:39 +0100
Received: from c-68-40-206-115.hsd1.mi.comcast.net ([68.40.206.115] helo=[192.168.1.29]) by mail-mx4.uio.no with esmtpsa (SSLv3:CAMELLIA256-SHA:256) user trondmy (Exim 4.69) (envelope-from <trond.myklebust@fys.uio.no>) id 1PJ9c2-0005Lh-Qm; Thu, 18 Nov 2010 19:53:39 +0100
From: Trond Myklebust <trond.myklebust@fys.uio.no>
To: Thomas Haynes <thomas@netapp.com>
In-Reply-To: <0AB1B081-D793-40FF-ABCF-15E93F702A86@netapp.com>
References: <3614AF54-FA76-44ED-A070-EE5E37D9EB01@netapp.com> <1290045590.3070.43.camel@heimdal.trondhjem.org> <0AB1B081-D793-40FF-ABCF-15E93F702A86@netapp.com>
Content-Type: text/plain; charset="UTF-8"
Date: Thu, 18 Nov 2010 13:53:35 -0500
Message-ID: <1290106415.7245.24.camel@heimdal.trondhjem.org>
Mime-Version: 1.0
X-Mailer: Evolution 2.32.0 (2.32.0-2.fc14)
Content-Transfer-Encoding: 7bit
X-UiO-Ratelimit-Test: rcpts/h 2 msgs/h 1 sum rcpts/h 6 sum msgs/h 2 total rcpts 1173 max rcpts/h 20 ratelimit 0
X-UiO-Spam-info: not spam, SpamAssassin (score=-5.0, required=5.0, autolearn=disabled, UIO_MAIL_IS_INTERNAL=-5, uiobl=NO, uiouri=NO)
X-UiO-Scanned: 7EF4D4A1621FDEFA6DBD7C47E20C27B0F809DF21
X-UiO-SPAM-Test: remote_host: 68.40.206.115 spam_score: -49 maxlevel 80 minaction 2 bait 0 mail/h: 1 total 460 max/h 7 blacklist 0 greylist 0 ratelimit 0
Cc: nfsv4@ietf.org
Subject: Re: [nfsv4] https://datatracker.ietf.org/doc/draft-myklebust-nfsv4-pnfs-backend/
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2010 18:52:55 -0000
On Thu, 2010-11-18 at 10:26 -0800, Thomas Haynes wrote: > On Nov 17, 2010, at 5:59 PM, Trond Myklebust wrote: > > > On Wed, 2010-11-17 at 16:04 -0800, Thomas Haynes wrote: > >> Trond, > >> > >> Some questions I had after reading this: > >> > >> 1) What keeps another client from spoofing a file handle to get at a cached file? > >> > >> Note that there is no export control on cached files. The caching server > >> has to assume that the MDS did the access checks. With AUTH_UNIX, > >> this means that any client can get access with a spoofed file handle. > >> > >> Another implementation issue here is that the caching server, if it does > >> per op access checks, will now need to know to skip such checks on these > >> files. > > > > The client acting as the DS is supposed to check with the MDS that the > > file handle is valid and that the client 2 is authorised to access it. > > That's precisely what the PROXY_OPEN is for: to allow the MDS to check > > that client 2 holds a layout. > > > So I can read that in your text now. The first time through, that was not > what I got. In retrospect, I kept confusing whether the caching client or > client 2 was the one with the layout. > > > > > > >> 2) What keeps a file handle clash from occurring? > >> > >> I.e., the cached file has a file handle which maps to a valid file on the caching > >> server. > > > > It is up to the MDS to generate data server filehandles that do not > > clash. > > > The MDS can not know what filehandles the caching client has in use. When it sent the REGISTER_DS request, the DS client included a unique rea_mds_identifier which the server is supposed to put as the first 8 bytes of the data server filehandle. This ensures that the DS client can trace the data server filehandle as belonging to a particular MDS. The MDS is then at liberty to define the rest of the file handle as it pleases. > > > >> 3) This also goes with the following from the draft: > >> > >>> When the data server receives a READ request from a client with a > >>> > >>> > >>> > >>> > >>> Myklebust Expires January 7, 2010 [Page 5] > >>> > >>> Internet-Draft pNFS back end protocol extensions July 2009 > >>> > >>> > >>> > >>> stateid or a data server filehandle that it does not recognise, it > >>> attempts to validate that request using the PROXY_OPEN call. This > >>> operation will convert the data server filehandle as provided by the > >>> layout into a real filehandle, that the data server can use to access > >>> the file on the metadata server. In order to make it easy for the > >>> data server to identify the file, the real filehandle SHOULD match > >>> the filehandle that was returned to the client when it received the > >>> read delegation. > >> > >> > >> Which I take to imply that stateids must be unique on the MDS and > >> these caching data servers. I.e., if a client presents a stateid that is > >> already being used on the caching data server and it presents a valid > >> filehandle from that caching data server, then the caching data server > >> has to assume that the client is trying to access a non-cached file. > > > > What do you mean by 'valid filehandle'? Data server filehandles are > > _not_ the same as ordinary filehandles; they are filehandles that the > > MDS has handed out as part of a layout and that need to be translated > > via PROXY_OPEN. It is expected that they will be invalidated (and > > presumably forgotten by the MDS and DS) when the layout is revoked. > > > Again, there is nothing to prevent the MDS from handing out a filehandle > which happens to be one in use by the caching client. If client 2 already has > that filehandle from an earlier action, then it may be the case that it presents > it back to caching client. The DS client knows the difference between an ordinary filehandle and a DS filehandle. The latter is _only_ used as part of a pNFS READ or WRITE request by client 2 and will have been appropriately generated by the MDS (see above). Nothing stops the MDS from including information about the layout stateid in the DS filehandle. > >> 4) I'm also reading this as saying that the data server filehandle SHOULD > >> match the real filehandle presented in the layout. BTW: this is false. The DS filehandle MUST NOT match the real filehandle. See above. > Indeed if it does not, > >> then the data server will need to pass any filehandle it gets back to the > >> MDS to see if it is a file handle it is caching. > > > > It needs to do this once in order to translate the filehandle. Once that > > is done, it can rely on the server to call it back when the layout is > > revoked (and the filehandle is invalidated). > > > Yes, once it has a mapping of valid data server filehandles, it can cache > them. That's the whole point of distinguishing DS filehandles and ordinary filehandles. The former represents the layout. > > > >> a) File does not exist (NFS4ERR_STALE) > >> b) Client does not have permission to the underlying export (NFS4ERR_ACCESS) > >> c) ... > >> d) stateid is no longer valid, etc > >> > >> Ideally, the client should have gone through all of these steps in order to get > >> the filehandle from the MDS, but nothing stops the client from holding onto the > >> filehandle and the MDS deleting it, etc. > > > > The DS holds a delegation for the file. The MDS can't delete it or > > change access permissions; that would revoke the delegation, and hence > > all layouts. > > > > Cheers > > Trond > > > > I'm thinking a couple of pictures would help in the final text - I can see all of this > now, but a concrete example could have helped. OK. I'll think about how to add this info. I apparently also need to add in a paragraph about DS filehandles vs. real filehandles. Cheers Trond
- [nfsv4] https://datatracker.ietf.org/doc/draft-my… Thomas Haynes
- Re: [nfsv4] https://datatracker.ietf.org/doc/draf… Trond Myklebust
- Re: [nfsv4] https://datatracker.ietf.org/doc/draf… Tigran Mkrtchyan
- Re: [nfsv4] https://datatracker.ietf.org/doc/draf… Trond Myklebust
- Re: [nfsv4] https://datatracker.ietf.org/doc/draf… Thomas Haynes
- Re: [nfsv4] https://datatracker.ietf.org/doc/draf… Trond Myklebust