From: Omar Walid Llorente <omar@dit.upm.es>
To: "J. Bruce Fields" <bfields@fieldses.org>,
Soumya Koduri <skoduri@redhat.com>
Cc: "Jeff Layton" <jlayton@poochiereds.net>,
linux-nfs@vger.kernel.org,
"administración del centro de cálculo del dit" <cdc@dit.upm.es>
Subject: Re: possible bug in nfs-kernel-server
Date: Mon, 14 Dec 2015 17:57:08 +0100 [thread overview]
Message-ID: <566EF4E4.60809@dit.upm.es> (raw)
In-Reply-To: <20151210144434.GB12544@fieldses.org>
[-- Attachment #1: Type: text/plain, Size: 2928 bytes --]
Thank you Bruce, others, for the responses. I send attached a complete
capture of the issue, including the glusterfs transactions.
Hope this helps to clear where may it be...
Omar
El 10/12/15 a las 15:44, J. Bruce Fields escribió:
> On Thu, Dec 10, 2015 at 05:59:33PM +0530, Soumya Koduri wrote:
>>
>> On 12/10/2015 04:02 PM, Omar Walid Llorente wrote:
>>> Hi, Jeff, Bruce, finally I got some time to get the capture of the nfs
>>> packets (you can find them in attached file nfs-problem-nks.pcap.zip).
>>> Sorry for being so late.
>>>
>>> What I did was the following:
>>>
>>> 1st) Create the RO file:
>>> cdc@l056:~/prueba-git$ rm -f kk.txt 444.txt; echo "prueba" > 444.txt;
>>> chmod 444 444.txt;
>>>
>>> 2nd) Init the capture:
>>> root@l056:~# tcpdump -i eth2 -w /tmp/nfs.pcap -s 512 port 2049
>>> tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size
>>> 512 bytes
>>>
>> GlusterFS protocol is added to wireshark from version 1.8.0 [1]. It
>> may be helpful to see what GlusterFS operations are being processed
>> as part of NFS WRITE call (which has failed in this case).
>>
>> Could you please try taking the packet trace on the machine where
>> NFS server is running (without filtering out based on the port
>> number).
>>
>> Also I tried out the same test on Fedora22 machine, but haven't run
>> into any issue. What are the fuse mount options you have used to
>> mount gluster volume?
> Oh, I think this is a simple problem (but maybe hard to fix). The
> capture shows NFSv3 traffic like:
>
> CREATE -> OK
> SETATTR (mode set to 0400) -> OK
> WRITE -> NFS3ERR_ACCES
>
> That write would succeed locally (because the mode doesn't matter to a
> local application that already holds the file open). It would fail over
> NFSv3, which doesn't know about the open--except that there's a hack for
> this case: NFSv3 servers allow IO operations to ignore the mode, if the
> operation comes from the owner of the file. NFSv3 clients are then
> careful to perform necessary access checks on open to ensure that this
> owner-override rule doesn't grant too many permissions.
>
> That allows NFSv3 applications to see behavior that's mostly like a
> local filesystem, without opening much of a security hole (since the
> owner could always chmod anyway).
>
> So, knfsd is making this special exception--but gluster (which I believe
> it's exporting in this case, via fuse?)--probably doesn't.... I'm not
> sure what you can do about that.
>
> --b.
--
----------------------------------------------------------------
Centro de Cálculo Depto. Ingeniería Sistemas Telemáticos
E-mail: omar@dit.upm.es Universidad Politécnica de Madrid
Fax:(+34) 913367333 E.T.S. Ing. Telecomunicación
Tel:(+34) 915495700-Ext.3005 28040 Madrid (Spain)
Tel:(+34) 915495762-Ext.3005
Tel:(+34) 913367366-Ext.3005
----------------------------------------------------------------
[-- Attachment #2: nfs-problem-nks+glusterfs.pcap.zip --]
[-- Type: application/zip, Size: 4726 bytes --]
next prev parent reply other threads:[~2015-12-14 16:57 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-20 11:04 possible bug in nfs-kernel-server Omar Walid Llorente
2015-11-23 21:18 ` J. Bruce Fields
2015-11-25 16:23 ` omar
[not found] ` <20151121091824.71ab1f6b@tlielax.poochiereds.net>
2015-11-25 13:50 ` omar
2015-12-10 10:32 ` Omar Walid Llorente
2015-12-10 12:29 ` Soumya Koduri
2015-12-10 14:44 ` J. Bruce Fields
2015-12-14 16:57 ` Omar Walid Llorente [this message]
2015-12-17 12:16 ` Soumya Koduri
2015-12-18 0:37 ` Malahal Naineni
2015-12-18 8:43 ` Soumya Koduri
2015-12-18 15:20 ` J. Bruce Fields
2015-12-18 17:17 ` Soumya Koduri
2015-12-18 20:08 ` J. Bruce Fields
2015-12-21 8:48 ` Soumya Koduri
2015-12-21 16:47 ` J. Bruce Fields
2015-12-21 17:58 ` Soumya Koduri
2015-12-21 20:14 ` J. Bruce Fields
[not found] ` <2443f0d3-6937-ae92-d4d5-6e1f00a19e81@dit.upm.es>
2016-11-08 20:16 ` J. Bruce Fields
2016-11-11 17:57 ` Omar Walid Llorente
2016-11-11 19:03 ` J. Bruce Fields
2016-11-11 22:04 ` J. Bruce Fields
2016-11-15 10:13 ` Miklos Szeredi
2016-11-16 18:19 ` Omar Walid Llorente
2016-11-18 14:16 ` Miklos Szeredi
2016-11-18 16:03 ` Omar Walid Llorente
2016-11-21 12:56 ` Soumya Koduri
2016-11-21 14:57 ` J. Bruce Fields
2016-11-22 14:45 ` Soumya Koduri
2016-11-28 18:03 ` Omar Walid Llorente
2016-11-28 18:25 ` J. Bruce Fields
2016-12-15 17:06 ` Omar Walid Llorente
[not found] ` <HK2PR0401MB15701B151822C20064F3D418FE9D0@HK2PR0401MB1570.apcprd04.prod.outlook.com>
2016-12-15 20:19 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=566EF4E4.60809@dit.upm.es \
--to=omar@dit.upm.es \
--cc=bfields@fieldses.org \
--cc=cdc@dit.upm.es \
--cc=jlayton@poochiereds.net \
--cc=linux-nfs@vger.kernel.org \
--cc=skoduri@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).