Re: [nfsv4] https://datatracker.ietf.org/doc/draft-myklebust-nfsv4-pnfs-backend/
Tigran Mkrtchyan <tigran.mkrtchyan@desy.de> Thu, 18 November 2010 07:18 UTC
Return-Path: <tigran.mkrtchyan@desy.de>
X-Original-To: nfsv4@core3.amsl.com
Delivered-To: nfsv4@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0ADE53A659C for <nfsv4@core3.amsl.com>; Wed, 17 Nov 2010 23:18:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.247
X-Spam-Level:
X-Spam-Status: No, score=-2.247 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w4xmL76xqKac for <nfsv4@core3.amsl.com>; Wed, 17 Nov 2010 23:18:13 -0800 (PST)
Received: from smtp-out-2.desy.de (smtp-out-2.desy.de [131.169.56.85]) by core3.amsl.com (Postfix) with ESMTP id 1D5023A67E4 for <nfsv4@ietf.org>; Wed, 17 Nov 2010 23:18:12 -0800 (PST)
Received: from smtp-map-2.desy.de (smtp-map-2.desy.de [131.169.56.67]) by smtp-out-2.desy.de (DESY_OUT_1) with ESMTP id 1B5EAD4A for <nfsv4@ietf.org>; Thu, 18 Nov 2010 08:18:58 +0100 (MET)
Received: from adserv72.win.desy.de (adserv72.win.desy.de [131.169.97.58]) by smtp-map-2.desy.de (DESY_MAP_2) with ESMTP id 10B28D3D for <nfsv4@ietf.org>; Thu, 18 Nov 2010 08:18:57 +0100 (MET)
Received: from smtp-intra-1.desy.de (lb-40-26.desy.de) by adserv72.win.desy.de (Clearswift SMTPRS 5.3.4) with ESMTP id <T996a79676783a9613a1c3c@adserv72.win.desy.de> for <nfsv4@ietf.org>; Thu, 18 Nov 2010 08:18:57 +0100
Received: from adxf1.win.desy.de (adxf1.win.desy.de [131.169.69.229]) by smtp-intra-1.desy.de (DESY-INTRA-1) with ESMTP id 820383E901 for <nfsv4@ietf.org>; Thu, 18 Nov 2010 08:18:57 +0100 (MET)
Received: from tibook.kofemann.org ([131.169.40.26]) by adxf1.win.desy.de over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Thu, 18 Nov 2010 08:18:56 +0100
Message-ID: <4CE4D35E.7050201@desy.de>
Date: Thu, 18 Nov 2010 08:18:54 +0100
From: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.15) Gecko/20101026 SUSE/3.0.10 Thunderbird/3.0.10
MIME-Version: 1.0
To: nfsv4@ietf.org
References: <3614AF54-FA76-44ED-A070-EE5E37D9EB01@netapp.com> <1290045590.3070.43.camel@heimdal.trondhjem.org>
In-Reply-To: <1290045590.3070.43.camel@heimdal.trondhjem.org>
Content-Type: multipart/alternative; boundary="------------010907070407020909040705"
X-OriginalArrivalTime: 18 Nov 2010 07:18:56.0535 (UTC) FILETIME=[DCD41270:01CB86F0]
Subject: Re: [nfsv4] https://datatracker.ietf.org/doc/draft-myklebust-nfsv4-pnfs-backend/
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2010 07:18:15 -0000
On 11/18/2010 02:59 AM, Trond Myklebust wrote: > On Wed, 2010-11-17 at 16:04 -0800, Thomas Haynes wrote: > >> Trond, >> >> Some questions I had after reading this: >> >> 1) What keeps another client from spoofing a file handle to get at a cached file? >> >> Note that there is no export control on cached files. The caching server >> has to assume that the MDS did the access checks. With AUTH_UNIX, >> this means that any client can get access with a spoofed file handle. >> >> Another implementation issue here is that the caching server, if it does >> per op access checks, will now need to know to skip such checks on these >> files. >> > The client acting as the DS is supposed to check with the MDS that the > file handle is valid and that the client 2 is authorised to access it. > That's precisely what the PROXY_OPEN is for: to allow the MDS to check > that client 2 holds a layout. > > For multihomed client 2 it's possible that MDS and the client acting as a DS will see different IP. I think this may produce 'false negatives' and some requests will be denied. BTW, PROXY_OPEN desctiprions says: The PROXY_OPEN function authenticates the READ request by the pNFS client. If the data filehandle is valid, and the user identified by the popa_user_id is authorised to access the file, then the metadata server returns the true filehandle (as returned by LOOKUP and/or OPEN) of the file. but XDR says: union PROXY_OPEN4res switch (nfsstat4 status) { case NFS4_OK: /* CURRENTFH: true filehandle */ stateid4 popr_proxy_stateid; default: void; }; In other words, description promises filehandle, but XDR returns stateid. Did I get it wrong? Tigran. >> 2) What keeps a file handle clash from occurring? >> >> I.e., the cached file has a file handle which maps to a valid file on the caching >> server. >> > It is up to the MDS to generate data server filehandles that do not > clash. > > >> 3) This also goes with the following from the draft: >> >> >>> When the data server receives a READ request from a client with a >>> >>> >>> >>> >>> Myklebust Expires January 7, 2010 [Page 5] >>> >>> Internet-Draft pNFS back end protocol extensions July 2009 >>> >>> >>> >>> stateid or a data server filehandle that it does not recognise, it >>> attempts to validate that request using the PROXY_OPEN call. This >>> operation will convert the data server filehandle as provided by the >>> layout into a real filehandle, that the data server can use to access >>> the file on the metadata server. In order to make it easy for the >>> data server to identify the file, the real filehandle SHOULD match >>> the filehandle that was returned to the client when it received the >>> read delegation. >>> >> >> Which I take to imply that stateids must be unique on the MDS and >> these caching data servers. I.e., if a client presents a stateid that is >> already being used on the caching data server and it presents a valid >> filehandle from that caching data server, then the caching data server >> has to assume that the client is trying to access a non-cached file. >> > What do you mean by 'valid filehandle'? Data server filehandles are > _not_ the same as ordinary filehandles; they are filehandles that the > MDS has handed out as part of a layout and that need to be translated > via PROXY_OPEN. It is expected that they will be invalidated (and > presumably forgotten by the MDS and DS) when the layout is revoked. > > >> 4) I'm also reading this as saying that the data server filehandle SHOULD >> match the real filehandle presented in the layout. Indeed if it does not, >> then the data server will need to pass any filehandle it gets back to the >> MDS to see if it is a file handle it is caching. >> > It needs to do this once in order to translate the filehandle. Once that > is done, it can rely on the server to call it back when the layout is > revoked (and the filehandle is invalidated). > > >> 5) >> >> >>> The PROXY_OPEN call also checks the access rights that were granted >>> by the layout and the READ stateid for validity. If the pNFS client >>> in question does not hold a layout for this file, the PROXY_OPEN >>> request from the data server will return NFS4ERR_PNFS_NO_LAYOUT. In >>> this case, the data server should not attempt to service the READ >>> request, but should pass the error on to the pNFS client. >>> >>> >> Is NFS4ERR_PNFS_NO_LAYOUT the only error that can be set here? >> > No. See the next paragraph. > > >> a) File does not exist (NFS4ERR_STALE) >> b) Client does not have permission to the underlying export (NFS4ERR_ACCESS) >> c) ... >> d) stateid is no longer valid, etc >> >> Ideally, the client should have gone through all of these steps in order to get >> the filehandle from the MDS, but nothing stops the client from holding onto the >> filehandle and the MDS deleting it, etc. >> > The DS holds a delegation for the file. The MDS can't delete it or > change access permissions; that would revoke the delegation, and hence > all layouts. > > Cheers > Trond > > _______________________________________________ > nfsv4 mailing list > nfsv4@ietf.org > https://www.ietf.org/mailman/listinfo/nfsv4 >
- [nfsv4] https://datatracker.ietf.org/doc/draft-my… Thomas Haynes
- Re: [nfsv4] https://datatracker.ietf.org/doc/draf… Trond Myklebust
- Re: [nfsv4] https://datatracker.ietf.org/doc/draf… Tigran Mkrtchyan
- Re: [nfsv4] https://datatracker.ietf.org/doc/draf… Trond Myklebust
- Re: [nfsv4] https://datatracker.ietf.org/doc/draf… Thomas Haynes
- Re: [nfsv4] https://datatracker.ietf.org/doc/draf… Trond Myklebust