From: Bruce Fields <bfields@fieldses.org>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
linux-fsdevel@vger.kernel.org, Jeff Layton <jlayton@redhat.com>
Subject: Re: listing knfsd-held locks and opens
Date: Mon, 10 Dec 2018 14:00:48 -0500 [thread overview]
Message-ID: <20181210190048.GB2925@fieldses.org> (raw)
In-Reply-To: <08F6A3D9-6FF3-452A-BCD6-390ECA142136@oracle.com>
On Mon, Dec 10, 2018 at 12:49:02PM -0500, Chuck Lever wrote:
> > On Dec 10, 2018, at 12:47 PM, bfields@fieldses.org wrote:
> > In a little more detail, as starting point, I was considering naming
> > each client directory with a small integer, and including files like:
> >
> > info: a text file with
> > NFS protocol version
> > ascii representation of client address
> > krb5 principal if available
> >
> > clientid: NFSv4 client ID; file absent for NFSv2/3 clients.
> >
> > locks: list of locks, following something like the /proc/locks
> > format.
> >
> > opens: list of file opens, with access bits, inode numbers,
> > device number.
> >
> > Does that sound reasonable? Any other ideas?
>
> How do you plan to make this kernel API namespace-aware?
I may have some details wrong, but:
We associate most of nfsd's state with the network namespace. The
"nfsd" pseudofilesystem is where I'm thinking I might put this, and it
inherits the network namespace from the process that calls mount and
stores it in the superblock. So each mount done in a different net
namespace should get its own superblock, its own inodes, etc.
(I think that's how proc works, too?)
So when you set up containerized nfsd, you mount a new nfsd filesystem
in each container. And the list of clients visible there should only be
the ones visible to that namespace.
I guess that means that if you share an export across multiple
containers, then if you want to find all the clients locking a given
file, you have to iterate over all the container's "nfsd" mounts.
I suspect that's what we have to do, though. I mean, the client
addresses, for example, may not even make sense unless you know which
network namespace they come from.
(On the other hand... how does /proc/locks actually work? Looks to me
like it always lists every lock on the system. Can it really translate
any process on the system into a pid that makes sense in any container?
I'm not following that, from a brief look at the code.)
--b.
next prev parent reply other threads:[~2018-12-10 19:00 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-10 17:47 listing knfsd-held locks and opens J. Bruce Fields
2018-12-10 17:49 ` Chuck Lever
2018-12-10 19:00 ` Bruce Fields [this message]
2018-12-10 18:12 ` Jeff Layton
2018-12-10 19:23 ` J. Bruce Fields
2018-12-10 19:53 ` J. Bruce Fields
2018-12-10 23:35 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181210190048.GB2925@fieldses.org \
--to=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=jlayton@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox