From: Luca Barbieri <ldb@ldb.ods.org>
To: trond.myklebust@fys.uio.no
Cc: Linux FSdevel <linux-fsdevel@vger.kernel.org>,
Linux Kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] Initial support for struct vfs_cred [0/1]
Date: 02 Sep 2002 00:50:30 +0200 [thread overview]
Message-ID: <1030920630.1993.420.camel@ldb> (raw)
In-Reply-To: <15730.36080.987645.452664@charged.uio.no>
[-- Attachment #1: Type: text/plain, Size: 2519 bytes --]
On Sun, 2002-09-01 at 23:56, Trond Myklebust wrote:
> >>>>> " " == Luca Barbieri <ldb@ldb.ods.org> writes:
>
> >> Because, as has been explained to you, we have things like
> >> Coda, Intermezzo, NFS, for which this is insufficient.
> > If they only need them at open, and the open is synchronous,
> > you don't need to copy them.
>
> Bullshit. You clearly haven't got a clue what you are talking about.
> For all these 3 systems credentials need to be cached from file open
> to file close.
>
> YES EVEN NOW, WITH NO CLONE_CRED AND WITH SYNCHRONOUS OPEN !!!!
>
> On something like NFS or Coda, the server needs to receive
> authentication information for each and every RPC call we send to
> it. There's no state. The server does not know that we have opened a
> file.
But then in the _open_ syscall you don't need to send them from a copy.
However, since you need them in the later syscalls, you need to copy
them to the file structure for the later syscalls in open, but you don't
need to use copied credentials for the operation of opening a file
(assuming it's done synchronously within sys_open).
Anyway this is only relevant to decide whether to always copy uid and
gid or to use copy-write on them and access them with an extra memory
read (to read the pointer to the copy-on-write structure), which is not
the main issue.
BTW, imho a correctly designed network filesystem should have a single
stateful encrypted connection (or a pool of equally authenticated ones)
and credentials (i.e. passwords) should only be passed when the user
makes the first filesystem access. After that the server should do
authentication with the OR of all credentials received and the client
kernel should further decide whether it can give access to a particular
user.
This is off-topic here, though.
> Currently this is done by the NFS client hiding information in the
> file's private_data field. This means that other people that want to
> do write-through-caching etc are in trouble 'cos they have to cope
> with the fact that NFS has its private field, Coda has its private
> field,... And they are all doing the same thing in different ways.
Yes, I agree with the need to provide copy-on-write.
I just disagree with the idea that code should be written to handle
changing credentials and that credentials should be passed as parameters
and I suggest that always copying uid and gid might be better since
accessing uid and gid is more frequent and happens in faster paths than
copying credentials.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2002-09-01 22:50 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1030820234.4408.119.camel@ldb>
2002-08-31 19:36 ` [PATCH] Initial support for struct vfs_cred [0/1] Linus Torvalds
2002-08-31 19:38 ` Luca Barbieri
2002-08-31 22:30 ` Trond Myklebust
2002-08-31 23:13 ` Luca Barbieri
2002-09-01 13:03 ` Trond Myklebust
2002-09-01 14:10 ` Trond Myklebust
2002-09-01 14:20 ` Luca Barbieri
[not found] ` <1030890022.2145.52.camel@ldb>
2002-09-01 16:40 ` Trond Myklebust
[not found] ` <15730.17171.162970.367575@charged.uio.no>
2002-09-01 18:54 ` Luca Barbieri
2002-09-01 19:40 ` Trond Myklebust
[not found] ` <15730.27952.29723.552617@charged.uio.no>
2002-09-01 21:34 ` Luca Barbieri
[not found] ` <1030916061.2145.344.camel@ldb>
2002-09-01 21:56 ` Trond Myklebust
[not found] ` <15730.36080.987645.452664@charged.uio.no>
2002-09-01 22:50 ` Luca Barbieri [this message]
2002-09-01 14:33 ` Luca Barbieri
2002-09-01 16:38 ` Trond Myklebust
2002-09-01 18:42 ` Luca Barbieri
2002-09-01 19:25 ` Trond Myklebust
2002-09-01 21:36 ` Luca Barbieri
2002-09-01 15:15 ` Daniel Phillips
2002-09-01 15:35 ` Luca Barbieri
[not found] <15728.61345.184030.293634@charged.uio.no>
2002-08-31 18:57 ` Luca Barbieri
2002-08-31 19:51 ` Luca Barbieri
2002-08-31 16:32 Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1030920630.1993.420.camel@ldb \
--to=ldb@ldb.ods.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).