From: Christoph Hellwig <hch@infradead.org>
To: Mike Snitzer <snitzer@kernel.org>
Cc: Christoph Hellwig <hch@infradead.org>,
Jeff Layton <jlayton@kernel.org>,
Chuck Lever III <chuck.lever@oracle.com>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
Anna Schumaker <anna@kernel.org>,
Trond Myklebust <trondmy@hammerspace.com>,
Neil Brown <neilb@suse.de>, Dave Chinner <david@fromorbit.com>
Subject: Re: [PATCH v11 00/20] nfs/nfsd: add support for localio
Date: Thu, 4 Jul 2024 22:18:15 -0700 [thread overview]
Message-ID: <ZoeCFwzmGiQT4V0a@infradead.org> (raw)
In-Reply-To: <ZobqkgBeQaPwq7ly@kernel.org>
On Thu, Jul 04, 2024 at 02:31:46PM -0400, Mike Snitzer wrote:
> Some new layout misses the entire point of having localio work for
> NFSv3 and NFSv4. NFSv3 is very ubiquitous.
I'm getting tird of bringing up this "oh NFSv3" again and again without
any explanation of why that matters for communication insides the
same Linux kernel instance with a kernel that obviously requires
patching. Why is running an obsolete protocol inside the same OS
instance required. Maybe it is, but if so it needs a very good
explanation.
> And in this localio series, flexfiles is trained to use localio.
> (Which you apparently don't recognize or care about because nfsd
> doesn't have flexfiles server support).
And you fail to explain why it matters. You are trying to sell this
code, you better have an explanation why it's complicated and convoluted
as hell. So far we are running in circles but there has been no clear
explanation of use cases.
> > > Can the client use its localio access to bypass that since it's not
> > > going across the network anymore? Maybe by using open_by_handle_at on
> > > the NFS share on a guessed filehandle? I think we need to ensure that
> > > that isn't possible.
> >
> > If a file system is shared by containers and users in containers have
> > the capability to use open_by_handle_at the security model is already
> > broken without NFS or localio involved.
>
> Containers deployed by things like podman.io and kubernetes are
> perfectly happy to allow containers permission to drive knfsd threads
> in the host kernel. That this is foreign to you is odd.
>
> An NFS client that happens to be on the host should work perfectly
> fine too (if it has adequate permissions).
Can you please stop the personal attacks? I am just stating the fact
that IF the containers using the NFS mount has access to the exported
file systems and the privileges to use open by handle there is nothing
nfsd can do about security as the container has full access to the file
system anyway. That's a fact and how you deploy the various containers
is completely irrelevant. It is also in case that you didn't notice
it last time about the _client_ containers as stated by me and the
original poster I replied to.
> > > I wonder if it's also worthwhile to gate localio access on an export
> > > option, just out of an abundance of caution.
> >
> > export and mount option. We're speaking a non-standard side band
> > protocol here, there is no way that should be done without explicit
> > opt-in from both sides.
>
> That is already provided my existing controls. With both Kconfig
> options that default to N, and the ability to disable the use of
> localio entirely even if enabled in the Kconfig:
> echo N > /sys/module/nfs/parameters/localio_enabled
And all of that is global and not per-mount or nfsd instance, which
doesn't exactly scale to a multi-tenant container hosting setup.
next prev parent reply other threads:[~2024-07-05 5:18 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-02 16:28 [PATCH v11 00/20] nfs/nfsd: add support for localio Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 01/20] SUNRPC: add rpcauth_map_to_svc_cred_local Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 02/20] nfs: factor out {encode,decode}_opaque_fixed to nfs_xdr.h Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 03/20] nfs_common: add NFS LOCALIO auxiliary protocol enablement Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 04/20] nfsd: add "localio" support Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 05/20] nfsd: add Kconfig options to allow localio to be enabled Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 06/20] nfsd: manage netns reference in nfsd_open_local_fh Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 07/20] nfsd: use percpu_ref to interlock nfsd_destroy_serv and nfsd_open_local_fh Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 08/20] nfsd: implement server support for NFS_LOCALIO_PROGRAM Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 09/20] SUNRPC: replace program list with program array Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 10/20] nfs: pass nfs_client to nfs_initiate_pgio Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 11/20] nfs: pass descriptor thru nfs_initiate_pgio path Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 12/20] nfs: pass struct file to nfs_init_pgio and nfs_init_commit Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 13/20] nfs: add "localio" support Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 14/20] nfs: fix nfs_localio_vfs_getattr() to properly support v4 Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 15/20] nfs: enable localio for non-pNFS I/O Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 16/20] pnfs/flexfiles: enable localio for flexfiles I/O Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 17/20] SUNRPC: remove call_allocate() BUG_ON if p_arglen=0 to allow RPC with void arg Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 18/20] nfs/localio: use dedicated workqueues for filesystem read and write Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 19/20] nfs: implement client support for NFS_LOCALIO_PROGRAM Mike Snitzer
2024-07-02 16:28 ` [PATCH v11 20/20] nfs: add Documentation/filesystems/nfs/localio.rst Mike Snitzer
2024-07-02 18:06 ` [PATCH v11 00/20] nfs/nfsd: add support for localio Chuck Lever III
2024-07-02 18:32 ` Mike Snitzer
2024-07-02 20:10 ` Chuck Lever III
2024-07-03 0:57 ` Mike Snitzer
2024-07-03 0:52 ` NeilBrown
2024-07-03 1:13 ` Mike Snitzer
2024-07-03 5:04 ` Christoph Hellwig
2024-07-03 8:52 ` Mike Snitzer
2024-07-03 14:16 ` Christoph Hellwig
2024-07-03 15:11 ` Mike Snitzer
2024-07-03 15:18 ` Christoph Hellwig
2024-07-03 15:24 ` Chuck Lever III
2024-07-03 15:29 ` Christoph Hellwig
2024-07-03 15:36 ` Mike Snitzer
2024-07-03 17:06 ` Jeff Layton
2024-07-04 6:00 ` Christoph Hellwig
2024-07-04 18:31 ` Mike Snitzer
2024-07-05 5:18 ` Christoph Hellwig [this message]
2024-07-05 13:35 ` Chuck Lever III
2024-07-05 13:39 ` Christoph Hellwig
2024-07-05 14:15 ` Mike Snitzer
2024-07-05 14:18 ` Christoph Hellwig
2024-07-05 14:36 ` Mike Snitzer
2024-07-05 14:59 ` Chuck Lever III
2024-07-06 3:58 ` Mike Snitzer
2024-07-06 5:52 ` NeilBrown
2024-07-06 13:05 ` "why NFSv3?" [was: Re: [PATCH v11 00/20] nfs/nfsd: add support for localio] Mike Snitzer
2024-07-06 5:58 ` [PATCH v11 00/20] nfs/nfsd: add support for localio Christoph Hellwig
2024-07-06 13:12 ` Mike Snitzer
2024-07-08 9:46 ` Christoph Hellwig
2024-07-08 12:55 ` Mike Snitzer
2024-07-06 16:58 ` Chuck Lever III
2024-07-07 0:42 ` Mike Snitzer
2024-07-05 18:59 ` Jeff Layton
2024-07-05 22:08 ` NeilBrown
2024-07-06 6:02 ` Christoph Hellwig
2024-07-06 6:37 ` NeilBrown
2024-07-06 6:42 ` Christoph Hellwig
2024-07-06 17:15 ` Chuck Lever III
2024-07-08 4:10 ` NeilBrown
2024-07-08 14:41 ` Chuck Lever III
2024-07-08 9:40 ` Christoph Hellwig
2024-07-08 4:03 ` NeilBrown
2024-07-08 9:37 ` Christoph Hellwig
2024-07-10 0:10 ` NeilBrown
2024-07-03 17:19 ` Chuck Lever III
2024-07-03 19:04 ` Mike Snitzer
2024-07-04 5:55 ` Christoph Hellwig
2024-07-03 21:35 ` NeilBrown
2024-07-04 6:01 ` Christoph Hellwig
2024-07-04 10:13 ` Jeff Layton
2024-07-03 15:26 ` Chuck Lever III
2024-07-03 15:37 ` Mike Snitzer
2024-07-03 15:16 ` Christoph Hellwig
2024-07-03 15:28 ` Mike Snitzer
2024-07-04 5:49 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZoeCFwzmGiQT4V0a@infradead.org \
--to=hch@infradead.org \
--cc=anna@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=david@fromorbit.com \
--cc=jlayton@kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=snitzer@kernel.org \
--cc=trondmy@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox