Re: Caching semi-digested credentials in struct cred

[David Howells <dhowells@redhat.com>]

Trond Myklebust <Trond.Myklebust@netapp.com> wrote:

> > > Use the credential struct as the unique lookup key for an rpc_cred.
> > 
> > That's not good enough.  A cred struct may map to several rpc_creds as I
> > mentioned above.  I suppose the nfs_client struct address could be added
> > to the lookup key.
> 
> Huh? The RPC cred lookup function takes a pointer to an rpc_auth struct,
> which should already be tied to an rpc_client.

So where do you get the rpc_auth struct from?

How about we come at it this way: nfs_readpage() is changed to have a struct
cred * instead of a struct file *.  How do we get the appropriate rpc_auth
struct (assuming it isn't held in the cred struct)?  We need something from
the mapping to use as part of the lookup key, be that an nfs_client or an
rpc_client.

> In the case where keyrings are enabled and a key changes, then we should
> revalidate the rpc_cred and either dump it (replacing it with a new
> cred) or reuse it. We can only cache so much garbage...

You can't necessarily just arbitrarily ditch an rpc_cred just because the key
it was derived from has been replaced.  Someone may have a file open that's
using it.  Unless, of course, you accept that it's okay to change the
credential that an open file is using...  If we're happy to do that, that makes
my life a lot easier.

Also, it occurs to me that if a cred struct acts as a lookup key to find cached
rpc_creds, what controls the lifetime of the latter with respect to the former?

> Possibly, but I'm not accepting any single patch that completely
> rewrites the basic security model of NFS in one fell swoop. If you want
> to change the cred->rpc_cred mapping, then that will be done in
> incremental patches.
> Your first step is therefore to get the generic cred working with the
> _existing_ RPC security model.

I would never have thought of that.

However, there are two points you should consider: firstly, I've a patch that's
a quarter of a Meg just to add struct cred pointers into NFS so that the
appropriate credentials get down into the SunRPC layer rather than using
current's credentials; and secondly, I want some idea of where I'm going.  If
you'd rather, I can just drop the credentials into the NFS VFS methods and
leave it for you to make work.

David