From: Trond Myklebust <trondmy@hammerspace.com>
To: "bcodding@redhat.com" <bcodding@redhat.com>
Cc: "anna@kernel.org" <anna@kernel.org>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"neilb@suse.de" <neilb@suse.de>
Subject: Re: [PATCH 0/2] NFS: limit use of ACCESS cache for negative responses
Date: Fri, 26 Aug 2022 16:56:28 +0000 [thread overview]
Message-ID: <f5a2163d11f73e24c2106d43e72d0400d5a282b6.camel@hammerspace.com> (raw)
In-Reply-To: <54685EB8-7E6D-4EC4-8A9E-2BF55F41DABA@redhat.com>
On Fri, 2022-08-26 at 12:43 -0400, Benjamin Coddington wrote:
> On 26 Aug 2022, at 11:44, Trond Myklebust wrote:
>
> > On Fri, 2022-08-26 at 10:59 -0400, Benjamin Coddington wrote:
> > > On 16 May 2022, at 21:36, Trond Myklebust wrote:
> > > > So until you have a different solution that doesn't impact the
> > > > client's
> > > > ability to cache permissions, then the answer is going to be
> > > > "no"
> > > > to
> > > > these patches.
> > >
> > > Hi Trond,
> > >
> > > We have some folks negatively impacted by this issue as well.
> > > Are
> > > you
> > > willing to consider this via a mount option?
> > >
> > > Ben
> > >
> >
> > I don't see how that answers my concern.
>
> A mount option would need to be set to enable the behavior, so the
> cases
> you're concerned about would be unaffected.
>
> > I'd rather see us set up an explicit trigger mechanism. It doesn't
> > have
> > to be particularly sophisticated. I can imagine just having a
> > global,
> > or more likely a per-container, cookie that has a control mechanism
> > in
> > /sys/fs/nfs, and that can be used to order all the inodes to
> > invalidate
> > their permissions caches when you believe there is a need to do so.
> >
> > i.e. you cache the value of the global cookie in the inode, and if
> > you
> > notice a change, then that's the signal that you need to invalidate
> > the
> > permissions cache before updating the cached value of the cookie.
> >
> > That way, you have a mechanism that serves all purposes: it can do
> > an
> > immediate one-time only flush, or you can set up a userspace job
> > that
> > issues a global flush once every so often, e.g. using a cron job.
>
> We had the every-so-often flush per-inode before 57b691819ee2.
>
> Here's the setup in play: there's a large number of v3 clients and
> users,
> and many times each day group membership changes occur which either
> restrict
> or grant access to parts of the namespace.
>
> The feedback I'm getting is that it will be a lot of extra
> orchestration to
> have to trigger something on each client when the group memberships
> change.
> The desired behavior was as before 57b691819ee2: the access cache
> expired
> with the attribute timeout. It would be nice to have a mount option
> that
> could restore the access cache behavior as it was before
> 57b691819ee2.
>
User group membership is not a per-mount thing. It's a global thing.
As I said, what I'm proposing does allow you to set up a cron job that
flushes your cache on a regular basis. There is absolutely no extra
value whatsoever provided by moving that into the kernel on a per-mount
basis.
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@hammerspace.com
next prev parent reply other threads:[~2022-08-26 16:56 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-28 1:37 [PATCH 0/2] NFS: limit use of ACCESS cache for negative responses NeilBrown
2022-04-28 1:37 ` [PATCH 2/2] " NeilBrown
2022-04-28 1:37 ` [PATCH 1/2] NFS: change nfs_access_get_cached() to nfs_access_check_cached() NeilBrown
2022-05-17 0:05 ` [PATCH 0/2] NFS: limit use of ACCESS cache for negative responses NeilBrown
2022-05-17 0:20 ` Trond Myklebust
2022-05-17 0:40 ` NeilBrown
2022-05-17 0:55 ` Trond Myklebust
2022-05-17 1:05 ` NeilBrown
2022-05-17 1:14 ` Trond Myklebust
2022-05-17 1:22 ` NeilBrown
2022-05-17 1:36 ` Trond Myklebust
2022-08-26 14:59 ` Benjamin Coddington
2022-08-26 15:44 ` Trond Myklebust
2022-08-26 16:43 ` Benjamin Coddington
2022-08-26 16:56 ` Trond Myklebust [this message]
2022-08-26 18:27 ` Benjamin Coddington
2022-08-27 0:52 ` Trond Myklebust
2022-09-19 19:09 ` Benjamin Coddington
2022-09-19 22:38 ` NeilBrown
2022-09-20 1:18 ` Trond Myklebust
2022-08-26 23:39 ` NeilBrown
2022-08-27 3:38 ` Trond Myklebust
2022-08-28 23:32 ` NeilBrown
2022-08-29 14:07 ` Jeff Layton
2022-09-03 9:57 ` NeilBrown
2022-09-03 15:49 ` Trond Myklebust
2022-09-04 23:28 ` NeilBrown
2022-09-04 23:40 ` Trond Myklebust
2022-09-05 0:09 ` NeilBrown
2022-09-05 0:49 ` Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f5a2163d11f73e24c2106d43e72d0400d5a282b6.camel@hammerspace.com \
--to=trondmy@hammerspace.com \
--cc=anna@kernel.org \
--cc=bcodding@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).