Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp3131835rwb; Mon, 19 Sep 2022 15:44:22 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7JcucX33jKgCMmC/9HMAGt35Ai3hBox8ij3hKG4HBxJdNTzypnCZrlmUPqfwJkmyqxwl9u X-Received: by 2002:a17:906:cc0d:b0:77a:c170:3019 with SMTP id ml13-20020a170906cc0d00b0077ac1703019mr14538177ejb.253.1663627462322; Mon, 19 Sep 2022 15:44:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663627462; cv=none; d=google.com; s=arc-20160816; b=rZN95W5SH1ViaSr0lrs5B5Zeb43tj1kpmnk6R4Ejw83gtgTXI9GgCTRczlkYaeU30i i86dE1aAc3l/IlWUoHLTAYtd5b6YUmwEZn0Wn+47TuMJWwJ4AUi5BimdkSfSDb88/1D7 UyCrWZT7wvNiwPAxDtBI9TxTAxUFdtz57qrV32mVuibmyEyi/HlaFbtBSk9byHuY4H15 so0HHT+gOnGEofXGlhQ7lIICfRaRwrz7UkcbNObfu2S52+Sf5BFiHZlsVaQwdMaez2VR dt+nXW1Q+Nu7ELPnFshsESyUajBJ1eM5ORevcePc7ygqvYd/YcCAIkqjHurVuSdxqOhL jrTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:references:in-reply-to:subject :cc:to:from:mime-version:content-transfer-encoding:dkim-signature :dkim-signature; bh=nnRlwtv4F+sYZly3z+BeZiinTcfO7Uaes5GCi+wzYBE=; b=mhkZt94wn/B7GYiaDzXqzIGwQsDKJhU/1YbcXsfAlySTFOc5TcplBtOp9XXDUQKRrv rsA92PbI8Yp724aRmq5yK6UJ1eQzDZ7WpubsCpjpDcbx9nwTYxj1X73tJLxz0tXFd8+l 2qK0nPUJt7Ie4qAIRfhl+u0/l3eJvOasaa32vxJ45ZvfvokfL+CAEVjq+kr/dhvWxDL0 1bIkJJ2ufL4MoCY1JIShQqv1KFxKkw/CnBe630W8TLPYgD77R6a3oKRG62sGZh0M1jmh 447fIqd1taDvJqZ77/uOT58+5KvtZFE/O/XCR2H4zJez+9fO6t7/qxfNloPSqAoHuobz SKvA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=wwjNQJH5; dkim=neutral (no key) header.i=@suse.de header.b="4xhZe+/o"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g14-20020a056402090e00b00447ded5eb70si11772943edz.553.2022.09.19.15.43.52; Mon, 19 Sep 2022 15:44:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=wwjNQJH5; dkim=neutral (no key) header.i=@suse.de header.b="4xhZe+/o"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229911AbiISWiY (ORCPT + 99 others); Mon, 19 Sep 2022 18:38:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60368 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229555AbiISWiX (ORCPT ); Mon, 19 Sep 2022 18:38:23 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A009B4F698 for ; Mon, 19 Sep 2022 15:38:22 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 2562D22033; Mon, 19 Sep 2022 22:38:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1663627101; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nnRlwtv4F+sYZly3z+BeZiinTcfO7Uaes5GCi+wzYBE=; b=wwjNQJH5cyS8Nx6afp+QOZZmUimIKiRxg1rl9TjQNCXROTDJ3+j0KAR/SKfT+q+gLghUUP RTF2EbOPL+OLALWfTYp9jwzxAZa1ChAAoUtiTOHzP1t2NmiiXfEUigDwXdAptloFZygZSy SYr63vHZQuQwn9ZlXVWfhYfgMs7W3Ng= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1663627101; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nnRlwtv4F+sYZly3z+BeZiinTcfO7Uaes5GCi+wzYBE=; b=4xhZe+/ojqp91xDLdMyC8v52eoot8EpAC4gx14uidmruZzMVUrWUVQU/ub7888K1yvVq1C sIX/m0eh8gWRN3BA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id A032713ABD; Mon, 19 Sep 2022 22:38:19 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id jD9LFVvvKGOqFgAAMHmgww (envelope-from ); Mon, 19 Sep 2022 22:38:19 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 From: "NeilBrown" To: "Benjamin Coddington" Cc: "Trond Myklebust" , anna@kernel.org, linux-nfs@vger.kernel.org Subject: Re: [PATCH 0/2] NFS: limit use of ACCESS cache for negative responses In-reply-to: <9279E15C-0A9E-4486-BE45-5DA5DF40675D@redhat.com> References: <165110909570.7595.8578730126480600782.stgit@noble.brown>, <165274590805.17247.12823419181284113076@noble.neil.brown.name>, <72f091ceaaf15069834eb200c04f0630eca7eaef.camel@hammerspace.com>, <165274805538.17247.18045261877097040122@noble.neil.brown.name>, , <165274950799.17247.7605561502483278140@noble.neil.brown.name>, <3ec50603479c7ee60cfa269aa06ae151e3ebc447.camel@hammerspace.com>, <165275056203.17247.1826100963816464474@noble.neil.brown.name>, , , , <54685EB8-7E6D-4EC4-8A9E-2BF55F41DABA@redhat.com>, , , <361256cf42393e2af9691b40bd51594ce078f968.camel@hammerspace.com>, <9279E15C-0A9E-4486-BE45-5DA5DF40675D@redhat.com> Date: Tue, 20 Sep 2022 08:38:12 +1000 Message-id: <166362709287.9160.2951057161316110877@noble.neil.brown.name> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Tue, 20 Sep 2022, Benjamin Coddington wrote: > On 26 Aug 2022, at 20:52, Trond Myklebust wrote: > > > Can we please try to solve the real problem first? The real problem is > > not that user permissions change every hour on the server. > > > > POSIX normally only expects changes to happen to your group membership > > when you log in. The problem here is that the NFS server is updating > > its rules concerning your group membership at some random time after > > your log in on the NFS client. > > > > So how about if we just do our best to approximate the POSIX rules, and > > promise to revalidate your cached file access permissions at least once > > after you log in? Then we can let the NFS server do whatever the hell > > it wants to do after that. > > IOW: If the sysadmin changes the group membership for the user, then > > the user can remedy the problem by logging out and then logging back in > > again, just like they do for local filesystems. > > This goes a long way toward fixing things up for us, I appreciate it, and > hope to see it merged. The version on your testing branch (d84b059f) can > have my: > > Reviewed-by: Benjamin Coddington > Tested-by: Benjamin Coddington > The test in that commit can be "gamed". I could write a tool that double-forks with the intermediate exiting so the grandchild will be inherited by init. Then the grandchild can access the problematic path and force the access cache for the current user to be refreshed. It would optionally need to do a 'find' to be thorough. Is this an API we are willing to support indefinitely? Should I write the tool? NeilBrown