Re: [nfsv4] Could somebody please enlighten me as to what is supposed to happen in this situation?

Linux NFS development
 help / color / mirror / Atom feed

From: Jeff Layton <jeff.layton@primarydata.com>
To: Trond Myklebust <trond.myklebust@primarydata.com>
Cc: Jeff Layton <jeff.layton@primarydata.com>,
	"nfsv4@ietf.org" <nfsv4@ietf.org>,
	Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: Re: [nfsv4] Could somebody please enlighten me as to what is supposed to happen in this situation?
Date: Sat, 27 Sep 2014 15:50:45 -0400	[thread overview]
Message-ID: <20140927155045.76ce1149@synchrony.poochiereds.net> (raw)
In-Reply-To: <CAHQdGtQBNpBO+xv_uk+bkue6zoSKMhU72xjKaeOb2gEHY012Ew@mail.gmail.com>

On Sat, 27 Sep 2014 15:25:12 -0400
Trond Myklebust <trond.myklebust@primarydata.com> wrote:

> On Sat, Sep 27, 2014 at 2:40 PM, Jeff Layton
> <jeff.layton@primarydata.com> wrote:
> > On Sat, 27 Sep 2014 11:22:29 -0400
> > Trond Myklebust <trond.myklebust@primarydata.com> wrote:
> >
> >
> > My take (quite possibly wrong, but...)
> >
> >> The scenario is this:
> >>                                        Server
> >>                                        ======
> >>                                        boot (B1)
> >> Client
> >> ======
> >> EXCHANGE_ID
> >> CREATE_SESSION
> >> OPEN(reclaim)
> >> LOCK(reclaim)
> >> RECLAIM_COMPLETE
> >>                                        (lift GRACE period)
> >
> > At this point, we'd deny reclaim from any client that has not issued a
> > RECLAIM_COMPLETE. In the case of the Linux server with nfsdcltrack, we
> > clean out any client records that have not issued a RECLAIM_COMPLETE.
> >
> >>                                        reboot (B2)
> >> EXCHANGE_ID
> >> CREATE_SESSION
> >> OPEN(reclaim)
> >>                                         reboot (while GRACE period
> >> still being enforced) (B3)
> >> EXCHANGE_ID
> >> CREATE_SESSION
> >> OPEN(reclaim)
> >>
> >> What should be the server response to the above OPEN(reclaim) from the
> >> client after reboot (B3)?
> >>
> >
> > My expectation is that it would be granted. There was a
> > RECLAIM_COMPLETE issued during the boot where the grace period was last
> > lifted, and that should be enough to allow the client to issue reclaims
> > on any subsequent reboot, until the grace period is lifted again.
> >
> > Doing anything else would be a pretty unfriendly way for the server to
> > behave. In the face of rapid reboots (a not-uncommon occurrence when
> > patching, etc), you'd lose state unless the client just happened to get
> > in there quickly enough to issue a RECLAIM_COMPLETE between each reboot.
> >
> > That was the situation with the legacy client tracker in knfsd. When
> > testing, it was trivial to reboot the machine quickly twice and on the
> > second reboot nothing could be reclaimed.
> 
> So now, what if the following scenario:
> 
>                                        Server
>                                        ======
>                                        boot (B1')
> Client
> ======
> EXCHANGE_ID
> CREATE_SESSION
> OPEN(reclaim)
> LOCK(reclaim)
> RECLAIM_COMPLETE
>                                        (lift GRACE period (G1))
>                                        reboot (B2')
> EXCHANGE_ID
> CREATE_SESSION
> OPEN(reclaim)
>                                        (lift GRACE period (G2))
>                                        reboot (B3')
> EXCHANGE_ID
> CREATE_SESSION
> OPEN(reclaim)
> 
> What should happen to the OPEN(reclaim) in (B3')?
> 

(Let's call the lifting of grace periods 'G1' and 'G2'...)
 
Denied.

There was no RECLAIM_COMPLETE issued between B2 and G2. It's possible
that client2 could creep in between G2 and B3 and acquire locks that
conflict with ones that were not reclaimed by client1 between B2 and
G2. So, we can't allow any reclaims for client1 after B3.

I should add a clarification here too. I'm assuming that the server in
this case just tracks the minimum required to allow state to be
reclaimed. If it (for instance) tracked on stable storage all of the
locks that it ever granted such that it knows that there were no
conflicts, then it could be more lenient about allowing client1 to
reclaim after B3.

-- 
Jeff Layton <jlayton@primarydata.com>

next prev parent reply	other threads:[~2014-09-27 19:50 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-27 15:22 Could somebody please enlighten me as to what is supposed to happen in this situation? Trond Myklebust
2014-09-27 18:40 ` [nfsv4] " Jeff Layton
2014-09-27 19:25   ` Trond Myklebust
2014-09-27 19:50     ` Jeff Layton [this message]
2014-09-27 20:27       ` Trond Myklebust
2014-09-27 20:57         ` Jeff Layton
2014-09-27 23:12           ` Trond Myklebust
2014-09-28  0:37             ` Jeff Layton
2014-09-28  1:17               ` Trond Myklebust
2014-09-28 11:12                 ` Jeff Layton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140927155045.76ce1149@synchrony.poochiereds.net \
    --to=jeff.layton@primarydata.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=nfsv4@ietf.org \
    --cc=trond.myklebust@primarydata.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox