From: Peter Staubach <staubach-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Miklos Szeredi <miklos-sUDqSbJrdHQHWmgEVkV9KA@public.gmane.org>
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org,
trond.myklebust-41N18TsMXrtuMpJDpNschA@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH 2/3] enhanced syscall ESTALE error handling (v2)
Date: Fri, 01 Feb 2008 17:30:39 -0500 [thread overview]
Message-ID: <47A39D8F.9010003@redhat.com> (raw)
In-Reply-To: <E1JL3yn-0006KQ-AS-8f8m9JG5TPIdUIPVzhDTVZP2KDSNp7ea@public.gmane.org>
Miklos Szeredi wrote:
>>> This doesn't apply to -mm, because the ro-mounts stuff touches a lot
>>> of the same places as this patch. You probably need to rebase this on
>>> top of those changes.
>>>
>>>
>>>
>>>> This patch adds handling for the error, ESTALE, to the system
>>>> calls which take pathnames as arguments. The algorithm used
>>>> is to detect that an ESTALE error has occurred during an
>>>> operation subsequent to the lookup process and then to unwind
>>>> appropriately and then to perform the lookup process again.
>>>> Eventually, either the lookup process will return an error
>>>> or a valid dentry/inode combination and then operation can
>>>> succeed or fail based on its own merits.
>>>>
>>>>
>>> If a broken NFS server or FUSE filesysem keeps returning ESTALE, this
>>> goes into an infinite loop. How are we planning to deal with that?
>>>
>>>
>>>
>> Would you describe the situation that would cause the kernel to
>> go into an infinite loop, please?
>>
>
> The patch basically does:
>
> do {
> ...
> error = inode->i_op->foo()
> ...
> } while (error == ESTALE);
>
> What is the guarantee, that ->foo() will not always return ESTALE?
You skimmed over some stuff, like the pathname lookup component
contained in the first set of dots...
I can't guarantee that ->foo() won't always return ESTALE.
That said, the loop is not unbreakable. At least for NFS, a signal
to the process will interrupt the loop because the error returned
will change from ESTALE to EINTR.
These changes include the base assumption that the components of
the underlying file system are basically reliable, that there is
a way to deal with bugs and/or malicious entities in the short
term, and that these things will be dealt with appropriately
in the longer term.
The short term resolution is a signal. The longer term fix is
to hunt down the bug or the malicious entity and either make it
go away or fence it off via some security measure or another to
prevent it from causing another problem.
If the underlying file system is the type that could potentially
return ESTALE, then it needs to be aware of the system architecture
and handle things appropriately.
Thanx...
ps
-
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2008-02-01 22:30 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-18 15:36 [PATCH 2/3] enhanced ESTALE error handling Peter Staubach
2008-02-01 20:57 ` [PATCH 2/3] enhanced syscall ESTALE error handling (v2) Peter Staubach
2008-02-01 21:37 ` Miklos Szeredi
2008-02-01 21:51 ` Peter Staubach
[not found] ` <47A39471.4010105-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-02-01 22:03 ` Miklos Szeredi
[not found] ` <E1JL3yn-0006KQ-AS-8f8m9JG5TPIdUIPVzhDTVZP2KDSNp7ea@public.gmane.org>
2008-02-01 22:30 ` Peter Staubach [this message]
[not found] ` <47A39D8F.9010003-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-02-02 8:00 ` Miklos Szeredi
[not found] ` <E1JLDIq-000747-1y-8f8m9JG5TPIdUIPVzhDTVZP2KDSNp7ea@public.gmane.org>
2008-02-04 15:55 ` Peter Staubach
2008-02-04 17:38 ` Miklos Szeredi
2008-02-04 18:43 ` Peter Staubach
[not found] ` <47A75CCF.4090904-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-02-04 19:02 ` Miklos Szeredi
[not found] ` <47A387D4.70605-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-03-10 20:23 ` [PATCH 2/3] enhanced syscall ESTALE error handling (v3) Peter Staubach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47A39D8F.9010003@redhat.com \
--to=staubach-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=miklos-sUDqSbJrdHQHWmgEVkV9KA@public.gmane.org \
--cc=trond.myklebust-41N18TsMXrtuMpJDpNschA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).