public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed
From: Steve Dickson <steved@redhat.com>
To: Charles Hedrick <hedrick@rutgers.edu>,
	"J. Bruce Fields" <bfields@fieldses.org>
Cc: Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
	dai.ngo@oracle.com,
	Olga Kornievskaia <olga.kornievskaia@gmail.com>,
	Chuck Lever <chuck.lever@oracle.com>
Subject: Re: server-to-server copy by default
Date: Mon, 1 Nov 2021 15:25:56 -0400	[thread overview]
Message-ID: <20f2fbf2-cce9-acc9-557d-82251aeef662@redhat.com> (raw)
In-Reply-To: <C0088A79-6936-4764-8ADB-4D6C32054265@rutgers.edu>

Hello,

On 11/1/21 14:22, Charles Hedrick wrote:
> I am in general concerned about turning on new features before basic ones work reliably. We’ve had enough different failures that we’ve backup up to NFS 3 for file systems with heavy use.
> 
> We first tried turning off delegation. That helped a lot. But we just ran into a two different machine hung trying to lock Chome’s profile. (I sent a bit of information on that one previously.) We had to restart NFS on the server to fix it, and that caused us to lose a bunch of VMs. (That shouldn’t have happened. It looks like ESX misbehaved.) If I could turn off NFS4 locking I would.
This is the reason I was hopping not make this a global switch
but a per export switch...

Question... Do you do many server to server copies in your world?
Meaning a client coping from one server to another?

steved.

> 
>> On Oct 20, 2021, at 11:54 AM, J. Bruce Fields <bfields@fieldses.org> wrote:
>>
>> knfsd has supported server-to-server copy for a couple years (since
>> 5.5).  You have set a module parameter to enable it.  I'm getting asked
>> when we could turn that parameter on by default.
>>
>> I've got a couple vague criteria: one just general maturity, the other a
>> security question:
>>
>> 1. General maturity: the only reports I recall seeing are from testers.
>> Is anyone using this?  Does it work for them?  Do they find a benefit?
>> Maybe we could turn it on by default in one distro (Fedora?) and promote
>> it a little and see what that turns up?
>>
>> 2. Security question: with server-to-server copy enabled, you can send
>> the server a COPY call with any random address, and the server will
>> mount that address, open a file, and read from it.  Is that safe?
>>
>> Normally we only mount servers that were chosen by root.  Here we'll
>> mount any random server that some client told us to.  What's the worst
>> that random server can do?  Do we trust our xdr decoding?  Can it DOS us
>> by throwing the client's state recovery code into some loop with weird
>> error returns?  Etc.
>>
>> Maybe it's fine.  I'm OK with some level of risk.  I just want to make
>> sure somebody's thought this through.
>>
>> There's also interest in allowing unprivileged NFS mounts, but I don't
>> think we've turned that on yet, partly for similar reasons.  This is a
>> subset of that problem.
>>
>> --b.
> 


  reply	other threads:[~2021-11-01 19:26 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-20 15:54 server-to-server copy by default J. Bruce Fields
2021-10-20 16:00 ` Chuck Lever III
2021-10-20 16:33   ` Olga Kornievskaia
2021-10-20 19:03     ` dai.ngo
2021-10-20 20:29       ` Bruce Fields
2021-10-21  5:00         ` dai.ngo
2021-10-21 14:02           ` Bruce Fields
2021-10-22  6:34             ` dai.ngo
2021-10-22 12:58               ` Bruce Fields
2021-11-01 17:37               ` dai.ngo
2021-11-01 19:33                 ` Bruce Fields
2021-11-01 19:55                   ` dai.ngo
2021-10-20 17:24   ` Steve Dickson
2021-10-20 17:51     ` Chuck Lever III
2021-10-20 16:37 ` Olga Kornievskaia
2021-10-20 17:45   ` Chuck Lever III
2021-10-20 18:15     ` Bruce Fields
2021-10-20 19:04       ` Chuck Lever III
2021-10-21 13:43         ` Steve Dickson
2021-10-21 13:56         ` Bruce Fields
2021-10-21 14:13         ` Bruce Fields
2021-10-21 14:22           ` Trond Myklebust
2021-10-21 14:38             ` bfields
2021-10-20 18:00   ` J. Bruce Fields
2021-11-01 18:22 ` Charles Hedrick
2021-11-01 19:25   ` Steve Dickson [this message]
2021-11-01 19:44     ` Charles Hedrick

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20f2fbf2-cce9-acc9-557d-82251aeef662@redhat.com \
    --to=steved@redhat.com \
    --cc=bfields@fieldses.org \
    --cc=chuck.lever@oracle.com \
    --cc=dai.ngo@oracle.com \
    --cc=hedrick@rutgers.edu \
    --cc=linux-nfs@vger.kernel.org \
    --cc=olga.kornievskaia@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox