Received: by 2002:a05:7412:a9a2:b0:e2:908c:2ebd with SMTP id o34csp1454920rdh; Fri, 27 Oct 2023 15:11:18 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGZBmxvY9kQan79hoxqgh1KqEEGwjA7HaVtsKbVuLZpcPudANRnjkAunKcFQrZSEh9WUlKw X-Received: by 2002:a05:6a20:7288:b0:15d:53ad:22fe with SMTP id o8-20020a056a20728800b0015d53ad22femr8027018pzk.3.1698444678010; Fri, 27 Oct 2023 15:11:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698444677; cv=none; d=google.com; s=arc-20160816; b=yczqL43tG8iSw6J+r8oGqdGScg4Xs1UJ2Ezcs3kRp4XstPOViQ5sMfD6Uo6hxbksUQ 5on1aY7FHmXR8oyLbOnO8eHcADi7nxV60inIPaAt1/Fza4zepoKjOyB4Tw+e/z2SW/OL hC2utvDssiRPVTNbd8EFgpasLrXUQE4mEEta95kBvnB92HNvqyR+2nwysgFRsKOfp/V2 aVRxrxnmRkbNOS3NJPS20oXDJVKoemfhCkiN3edHnckOG+7kcwI3Am3sts/yYlgPtqrV HDVuvIUeilVXmUnjFZremaScbyzM9ubMP2532XKd+cLRkqoHRPRgrCd/timXhL6l6GRP Vl8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:references:in-reply-to:subject :cc:to:from:mime-version:content-transfer-encoding:dkim-signature :dkim-signature; bh=9jWqXm+OxPjjbhJeneEYuEaI6iD3ynOI5FZeXNxX+0A=; fh=3cVUqrBlCYKHDH/sVHASgoDP1h1US1q68V5dOsonqkA=; b=gsT5w8JW/B74N2s5MFaE8DryX+th/4Rs1Qaj7K35GGrfsyyF06kUOwAQx/J2PZB3YJ Be2r+6osLSUi55ZeTFy/W1oSALvZaaAc8U94INAcb0kXanXfUJPLBfjXR0+s6zaFV2Po +CwwJg3h0hMi8dm5f2mwP5VlVfhltYgHZjyp0w/vFsFK2imHElD+hhFQNEQckgTJAJIt WAX0pOb0OPJVuRNrdb2+XAacz2SyoY9tNcRV3/Xh7e4kxKirYOEMr6TZRZTzfCLgoD10 89hWYLSJVDMKIDa3TAYSbLrTaMtp1+iVJX2ps5IDzfMUM5pwhCsgipXprTzFFai5UgYQ nJ2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=J36jFsTQ; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=MD4AJYiH; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id e127-20020a636985000000b00578889362a2si1581059pgc.663.2023.10.27.15.11.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 27 Oct 2023 15:11:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=J36jFsTQ; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=MD4AJYiH; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 84A6F809026F; Fri, 27 Oct 2023 15:10:40 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232134AbjJ0WKa (ORCPT + 99 others); Fri, 27 Oct 2023 18:10:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36702 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229712AbjJ0WK3 (ORCPT ); Fri, 27 Oct 2023 18:10:29 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 11A601A6 for ; Fri, 27 Oct 2023 15:10:27 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id B462E1FEF4; Fri, 27 Oct 2023 22:10:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1698444625; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9jWqXm+OxPjjbhJeneEYuEaI6iD3ynOI5FZeXNxX+0A=; b=J36jFsTQyuBFILNNN66ILwtO2DE4TG/QgmRTbyQN21hYuYJs4815236R+WZGMTaHxAtXyK CY8IybhZuPf841O8LaWZOlfj+0mRmP3Ywvr62zKiZvMuWmMi0t2nwFA0KcaRU2yvgZWgME 69oUZXIEzxczj4NYsQhZVu+giRaghxs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1698444625; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9jWqXm+OxPjjbhJeneEYuEaI6iD3ynOI5FZeXNxX+0A=; b=MD4AJYiHhTa7tYqA9GNs/4I+toKbDpNr2yKjCxLszYqWi/eax7smN4fnFl9HiIAHk1uFc3 QC8THXcatrmiMwAA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 8520F1358C; Fri, 27 Oct 2023 22:10:23 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id lFooDk81PGUbOAAAMHmgww (envelope-from ); Fri, 27 Oct 2023 22:10:23 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 From: "NeilBrown" To: "Chuck Lever" Cc: "Jeff Layton" , linux-nfs@vger.kernel.org, "Olga Kornievskaia" , "Dai Ngo" , "Tom Talpey" Subject: Re: [PATCH 0/6] support admin-revocation of v4 state In-reply-to: References: <20231027015613.26247-1-neilb@suse.de>, Date: Sat, 28 Oct 2023 09:10:19 +1100 Message-id: <169844461904.20306.4942454840443131694@noble.neil.brown.name> X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Fri, 27 Oct 2023 15:10:40 -0700 (PDT) On Sat, 28 Oct 2023, Chuck Lever wrote: > On Fri, Oct 27, 2023 at 12:45:28PM +1100, NeilBrown wrote: > > This is a revised version of a patch set I sent over a year ago. > > It now supports v4.0 and has had more testing. > >=20 > > There are cirsumstances where an admin might need to unmount a > > filesystem that is NFS-exported and in active use, but does not want to > > stop the NFS server completely. These are certainly unusual > > circumstance and doing this might negatively impact any clients acting > > on the filesystem, but the admin should be able to do this. > >=20 > > Currently this is quite possible for for NFSv3. Unexporting the > > filesystem will ensure no new opens happen, and writing the path name to > > /proc/fs/nfsd/unlock_filesystem will ensure anly NLM locks held in the > > filesystem are released so that NFSD no longer prevents the filesystem > > from being unlocked. > >=20 > > It is not currently possible for NFSv4. Writing to unlock_filesystem > > does not affect NFSv4, which is arguably a bug. This series fixes the bu= g. >=20 > I agree that this is a good thing to do. >=20 > However, I'd like to migrate the "unlock_filesystem" functionality > to the nfsd netlink protocol first rather than adding this support > to /proc/fs/nfsd/. I don't believe that would be a difficult pre- > requisite to get through. >=20 > Does that seem sensible? Not to me. This is not new functionality - it is a fix for existing functionality which incorrectly ignores NFSv4. When you say "migrate" I hope you mean to add the "unlock_filesystem" functionality to netlink, but not remove it from /proc/fs/nfsd for several years at least. I certainly wouldn't want to wait several (more) years for this to land. However it lands, the interface that it used for NFSv3 should be the same as the interface that is used for NFSv4 and I think /proc/fs/nfsd/unlock_filesystem should be one such interface until (if ever) we discard the /proc/fs/nfsd filesystem. Thanks, NeilBrown >=20 >=20 > > For NFSv4.1 and later code is straight forward. We add new state types > > for admin-revoked state (open, lock, deleg) and change the type of any > > state on a filesystem - inavlidating any access and closing files as we > > go. While there are any revoked states we report this to the client in > > the response to SEQUENCE requests, and it will check and free any states > > that need to be freed. > >=20 > > For NFSv4.0 it isn't quite so easy as there is no mechanism for the > > client to explicitly acknowledged admin-revoked states. The approach > > this patchset takes is to discard NFSv4.0 admin-revoked states one > > lease-time after they were revoked, or immediately for a state that the > > client tryies to use and gets an "ADMIN_REVOKED" error for. If the > > filestystem has been unmounted (as expected), the client will see STATE > > errors before it has a chance to see ADMIN_REVOKED errors, so most often > > the timeout will be how states are discarded. > >=20 > > NeilBrown > >=20 > > [PATCH 1/6] nfsd: prepare for supporting admin-revocation of state > > [PATCH 2/6] nfsd: allow admin-revoked state to appear in > > [PATCH 3/6] nfsd: allow admin-revoked NFSv4.0 state to be freed. > > [PATCH 4/6] nfsd: allow lock state ids to be revoked and then freed > > [PATCH 5/6] nfsd: allow open state ids to be revoked and then freed > > [PATCH 6/6] nfsd: allow delegation state ids to be revoked and then > >=20 >=20 > --=20 > Chuck Lever >=20