From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: linux-nfs-owner@vger.kernel.org Received: from fieldses.org ([174.143.236.118]:53735 "EHLO fieldses.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756878Ab2DIQVM (ORCPT ); Mon, 9 Apr 2012 12:21:12 -0400 Date: Mon, 9 Apr 2012 12:21:07 -0400 From: "bfields@fieldses.org" To: "Myklebust, Trond" Cc: Stanislav Kinsbursky , Jeff Layton , "linux-nfs@vger.kernel.org" , "linux-kernel@vger.kernel.org" Subject: Re: Grace period Message-ID: <20120409162107.GC6482@fieldses.org> References: <4F7F230A.6080506@parallels.com> <20120406234039.GA20940@fieldses.org> <4F82C6E3.3030009@parallels.com> <20120409094743.56932677@tlielax.poochiereds.net> <4F82F16C.7030303@parallels.com> <20120409112739.6a823d6f@corrin.poochiereds.net> <4F830999.5000504@parallels.com> <20120409161114.GB6482@fieldses.org> <1333988226.2688.76.camel@lade.trondhjem.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 In-Reply-To: <1333988226.2688.76.camel@lade.trondhjem.org> Sender: linux-nfs-owner@vger.kernel.org List-ID: On Mon, Apr 09, 2012 at 04:17:06PM +0000, Myklebust, Trond wrote: > On Mon, 2012-04-09 at 12:11 -0400, bfields@fieldses.org wrote: > > On Mon, Apr 09, 2012 at 08:08:57PM +0400, Stanislav Kinsbursky wrote: > > > 09.04.2012 19:27, Jeff Layton пишет: > > > > > > > >If you allow one container to hand out conflicting locks while another > > > >container is allowing reclaims, then you can end up with some very > > > >difficult to debug silent data corruption. That's the worst possible > > > >outcome, IMO. We really need to actively keep people from shooting > > > >themselves in the foot here. > > > > > > > >One possibility might be to only allow filesystems to be exported from > > > >a single container at a time (and allow that to be overridable somehow > > > >once we have a working active/active serving solution). With that, you > > > >may be able limp along with a per-container grace period handling > > > >scheme like you're proposing. > > > > > > > > > > Ok then. Keeping people from shooting themselves here sounds reasonable. > > > And I like the idea of exporting a filesystem only from once per > > > network namespace. > > > > Unfortunately that's not going to get us very far, especially not in the > > v4 case where we've got the common read-only pseudoroot that everyone > > has to share. > > I don't see how that can work in cases where each container has its own > private mount namespace. You're going to have to tie that pseudoroot to > the mount namespace somehow. Sure, but in typical cases it'll still be shared; requiring that they not be sounds like a severe limitation. --b.