Message ID | 20230720-bz2223560-v2-0-070aaf2660b7@kernel.org |
---|---|
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp3307293vqt; Thu, 20 Jul 2023 11:32:49 -0700 (PDT) X-Google-Smtp-Source: APBJJlHZtiJDQiTaUiwPlyw//5Te+qroaLqq9ri/IoEbiISe2lRwjlq/uoQ8+3RGwBxPMNwpsCOn X-Received: by 2002:a17:907:8693:b0:973:d076:67ab with SMTP id qa19-20020a170907869300b00973d07667abmr7361372ejc.42.1689877969325; Thu, 20 Jul 2023 11:32:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689877969; cv=none; d=google.com; s=arc-20160816; b=sItJPS0EfaLBKlQJer7JHdhY+RQdc/lEjQdO2MzSErmlqLwV6xui75nMl883kOOP5k kVUeoWl3JEXE75dOZKVoAN/N9od02T/qAr1/8fxE/b1jov88s0sNRSFVuRrhCT6VIE9A aiUv4au6OrI8A2oJP7PcMwU9qy3H2rZDKkdvmkec1IkgSTlGsBy7ftQU2sUv+jAlf2hs Na451fWyGWmEg9j75+XLP4vI0quob/eUzsxlybzWZs7cd8gvlUuFSzdkmqOmEHhJV5Mi /ZZv0pAxTxzPMgEBdYTE8B9j1CgxlGWIrjkUVBf61Eg6GavaSELgYHLdzNR01u/XvOPr vs9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:content-transfer-encoding:mime-version :message-id:date:subject:from:dkim-signature; bh=TjoG3NTxpbWldSjOrDr+5yKdXOqd/6Bip8+IYLSPMyI=; fh=wryJ67aNNAfxHYcVRSABdXO3UEdEnufTHCKdLnm/ZR8=; b=gkuNG23nMj3TWU8AKrC+pfr8KvtG5JjS0dPc7v+ZQ9edOhqjT3oFt+ceBtRUmBy/ra f9CHC6uMcasWQZn+cznx6e+YTz0mWYfSrp4343jExHkRgdMjNQZv4MKOZCliYQziGPN6 yyUyY51IwpAxitpVKrs9lktMurQe4vgLU/o/BhnxA9FBIeFPq05K41cAqNvVk1RLs22k fo1DbfoPLz2EXesM6xKONuu6vV9neoP59QUs6ZAY+oEF/YDTvPIv+uWHXz/NwrGXTtgF QXLpltFvsbI4diC8gJ01THCCjpJw29mgWFxn8Y0gTmvKNMBPn5pz9sGBBHHSR7wCa33m nXhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=f38kPZxP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d26-20020a170906041a00b009871456e3cdsi972341eja.439.2023.07.20.11.32.25; Thu, 20 Jul 2023 11:32:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=f38kPZxP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231444AbjGTSXg (ORCPT <rfc822;chrisben.tianve@gmail.com> + 99 others); Thu, 20 Jul 2023 14:23:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58210 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230348AbjGTSXe (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Thu, 20 Jul 2023 14:23:34 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3E5292736; Thu, 20 Jul 2023 11:23:32 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CAD3461B9C; Thu, 20 Jul 2023 18:23:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6CEE3C433C8; Thu, 20 Jul 2023 18:23:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689877411; bh=2xQwZH56W7CMb6ymICRaHKSgS+Np/hOlMyBTfdiGGG4=; h=From:Subject:Date:To:Cc:From; b=f38kPZxPdfuJ4Mhdkt+6Sl4gikjZUs4ZSxBNVWO40uyf87zMy2n9ifOfZXCYjZjL3 0u8hJpPK3WV3dG/kq+QR5L3Z0xLIX3QC2Q4KGO2WUKErZA4ldVn2TJT0GW23wbdKeA E0+vnMDc+ie4vMU6TavItIff2YUVxx9qQtGPi+gHELZyYCxhY3wsLWxdPeJaCgFEr+ HiC+9ylon4nlt+pnzgXnZf1pW1mg04GbGSt1rRKwzR/lBgyQIouIl8u6zuu9GehUQ5 CWGZ4BFONm5WeUfG9GPlI/2oI18jv0e/V+xWsK89SPxHuQWc9CGV7OHs398y1c5bOP uv3StBl0lKVvQ== From: Jeff Layton <jlayton@kernel.org> Subject: [PATCH v2 0/2] nfsd: sanely handle inabilty to fetch pre/post attributes Date: Thu, 20 Jul 2023 14:23:19 -0400 Message-Id: <20230720-bz2223560-v2-0-070aaf2660b7@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-B4-Tracking: v=1; b=H4sIAJd7uWQC/23MQQ6CMBCF4auQWVsznVagrryHYUFhhEZDSWsal fTuVtYu/5eXb4PIwXGEc7VB4OSi80sJOlQwzP0ysXBjaSAkhQ2hsB8iUqcahRl0bbBvSTYWyn8 NfHOv3bp2pWcXnz68dzrJ3/pPSVJIwaPVBhG1su3lzmHhx9GHCbqc8xc0Bu2KowAAAA== To: Chuck Lever <chuck.lever@oracle.com>, Neil Brown <neilb@suse.de>, Olga Kornievskaia <kolga@netapp.com>, Dai Ngo <Dai.Ngo@oracle.com>, Tom Talpey <tom@talpey.com> Cc: Boyang Xue <bxue@redhat.com>, linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org, Jeff Layton <jlayton@kernel.org> X-Mailer: b4 0.12.3 X-Developer-Signature: v=1; a=openpgp-sha256; l=1363; i=jlayton@kernel.org; h=from:subject:message-id; bh=2xQwZH56W7CMb6ymICRaHKSgS+Np/hOlMyBTfdiGGG4=; b=owEBbQKS/ZANAwAIAQAOaEEZVoIVAcsmYgBkuXuhrbJwqrdIEIAj6HTAlOivtz/AmSVwvewhy 4uthc+WAxeJAjMEAAEIAB0WIQRLwNeyRHGyoYTq9dMADmhBGVaCFQUCZLl7oQAKCRAADmhBGVaC FdoGD/9q7MYxED2VFsn7NXxf/hSNhtb7cY2GUKJtFHubyn5SeMoxvlSI85evdDrQ/WjvyytqkNc W0e7tAeid5mY4VFMv3EHG7wXyr3DOYiOtBfqAaa1YBdsTWkFG+D0vCwJknWD87QcqI3d7bHgDMM y8xYgrxPhGENnGAHxJqwdWf1FukDpVY70eAw1zpD7ybjElhj5LfN5JCCdlL7lUpKcioQ/oSSxZD bXrnT+BYzSyzVeiBeiVsAnpvVsDZZ1m8FdpLV26ZI+EQQKpnx/fB4vAht0o2dWdzK8SBWq7JlSI EqnvhL1gMyCqutl7L6sFk6igBAqmcIaOkYlOzr+oA116SvG/vsLwzfiSbqVON9af+ksUdY/7q9+ MdAo6TGIGF/0qysfTxOSbU4FB0RkJpUYx9AW1dKSFxVJ9OywBOiU7tYIcTiTRGvk9iy7lPc1U+N 8ZiQuiEzEsyqPWy9mAPcwvB+QTqqfnxrcRl7GWlliYccZsMgMLVBYU0ErqqISzyuQR5EVpmTCWY Hv20SmEqltWCUxU0oGvJ0IRN52URdm+Yx8/iHg/QRvcrF0bVNVo/95yMCdQZWCzXKOckOVIYvmd 9w+Y7CFVU/63Zqkh2Rox9bmitmD0/qtdt2arWrUHDXvXIRJrYDPe3U05r7hLxmB0LsR3P1Iew5g 7fyT+Fx9rEzhnuA== X-Developer-Key: i=jlayton@kernel.org; a=openpgp; fpr=4BC0D7B24471B2A184EAF5D3000E684119568215 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771965481581333667 X-GMAIL-MSGID: 1771965481581333667 |
Series |
nfsd: sanely handle inabilty to fetch pre/post attributes
|
|
Message
Jeff Layton
July 20, 2023, 6:23 p.m. UTC
Boyang reported tripping the BUG_ON in set_change_info. While we
couldn't confirm it, one way this could happen would be for nfsd_lookup
to succeed and then for fh_fill_both_attrs to fail.
This patchset attempts to (sanely) fix this, usually by aborting the
operation if fetching the pre attributes fails. Post-op attribute fetch
handling is more difficult to deal with however since we've already done
the operation, so this has it just fudge the change_info4 if that
occurs.
Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
Changes in v2:
- make fh_fill_*_attrs return an error and have the callers handle it
- rework of set_change_info, to better handle missing pre/post attrs
---
Jeff Layton (2):
nfsd: handle failure to collect pre/post-op attrs more sanely
nfsd: remove unsafe BUG_ON from set_change_info
fs/nfsd/nfs3proc.c | 4 +++-
fs/nfsd/nfs4proc.c | 45 +++++++++++++++++++++++++++++++++------
fs/nfsd/nfsfh.c | 26 ++++++++++++++---------
fs/nfsd/nfsfh.h | 6 +++---
fs/nfsd/vfs.c | 62 ++++++++++++++++++++++++++++++++++--------------------
fs/nfsd/xdr4.h | 11 ----------
6 files changed, 100 insertions(+), 54 deletions(-)
---
base-commit: 070f391ca4d48e1750ee6108eb44f751a9e9448e
change-id: 20230720-bz2223560-9c4690a8217b
Best regards,
Comments
On Fri, 21 Jul 2023, Jeff Layton wrote: > Boyang reported tripping the BUG_ON in set_change_info. While we > couldn't confirm it, one way this could happen would be for nfsd_lookup > to succeed and then for fh_fill_both_attrs to fail. > > This patchset attempts to (sanely) fix this, usually by aborting the > operation if fetching the pre attributes fails. Post-op attribute fetch > handling is more difficult to deal with however since we've already done > the operation, so this has it just fudge the change_info4 if that > occurs. I think both v3 and v4 allow a reply that says "the operation was a success but there are no post-op attrs". With v4 you can say "there is no change-attr, but here are some other attrs". I think. Our xdr-encoding doesn't make that easy, but it is just a "simple matter of coding". If you think it is worth it. NeilBrown > > Signed-off-by: Jeff Layton <jlayton@kernel.org> > --- > Changes in v2: > - make fh_fill_*_attrs return an error and have the callers handle it > - rework of set_change_info, to better handle missing pre/post attrs > > --- > Jeff Layton (2): > nfsd: handle failure to collect pre/post-op attrs more sanely > nfsd: remove unsafe BUG_ON from set_change_info > > fs/nfsd/nfs3proc.c | 4 +++- > fs/nfsd/nfs4proc.c | 45 +++++++++++++++++++++++++++++++++------ > fs/nfsd/nfsfh.c | 26 ++++++++++++++--------- > fs/nfsd/nfsfh.h | 6 +++--- > fs/nfsd/vfs.c | 62 ++++++++++++++++++++++++++++++++++-------------------- > fs/nfsd/xdr4.h | 11 ---------- > 6 files changed, 100 insertions(+), 54 deletions(-) > --- > base-commit: 070f391ca4d48e1750ee6108eb44f751a9e9448e > change-id: 20230720-bz2223560-9c4690a8217b > > Best regards, > -- > Jeff Layton <jlayton@kernel.org> > >
On Fri, Jul 21, 2023 at 07:42:47AM +1000, NeilBrown wrote: > On Fri, 21 Jul 2023, Jeff Layton wrote: > > Boyang reported tripping the BUG_ON in set_change_info. While we > > couldn't confirm it, one way this could happen would be for nfsd_lookup > > to succeed and then for fh_fill_both_attrs to fail. > > > > This patchset attempts to (sanely) fix this, usually by aborting the > > operation if fetching the pre attributes fails. Post-op attribute fetch > > handling is more difficult to deal with however since we've already done > > the operation, so this has it just fudge the change_info4 if that > > occurs. > > I think both v3 and v4 allow a reply that says "the operation was a > success but there are no post-op attrs". With v4 you can say "there is > no change-attr, but here are some other attrs". I think. If the protocols enable NFSD to avoid returning made-up values, I'm all for it. > Our xdr-encoding doesn't make that easy, but it is just a "simple matter > of coding". If you think it is worth it. > > NeilBrown > > > > > > Signed-off-by: Jeff Layton <jlayton@kernel.org> > > --- > > Changes in v2: > > - make fh_fill_*_attrs return an error and have the callers handle it > > - rework of set_change_info, to better handle missing pre/post attrs > > > > --- > > Jeff Layton (2): > > nfsd: handle failure to collect pre/post-op attrs more sanely > > nfsd: remove unsafe BUG_ON from set_change_info > > > > fs/nfsd/nfs3proc.c | 4 +++- > > fs/nfsd/nfs4proc.c | 45 +++++++++++++++++++++++++++++++++------ > > fs/nfsd/nfsfh.c | 26 ++++++++++++++--------- > > fs/nfsd/nfsfh.h | 6 +++--- > > fs/nfsd/vfs.c | 62 ++++++++++++++++++++++++++++++++++-------------------- > > fs/nfsd/xdr4.h | 11 ---------- > > 6 files changed, 100 insertions(+), 54 deletions(-) > > --- > > base-commit: 070f391ca4d48e1750ee6108eb44f751a9e9448e > > change-id: 20230720-bz2223560-9c4690a8217b > > > > Best regards, > > -- > > Jeff Layton <jlayton@kernel.org> > > > > >
On Fri, 2023-07-21 at 07:42 +1000, NeilBrown wrote: > On Fri, 21 Jul 2023, Jeff Layton wrote: > > Boyang reported tripping the BUG_ON in set_change_info. While we > > couldn't confirm it, one way this could happen would be for nfsd_lookup > > to succeed and then for fh_fill_both_attrs to fail. > > > > This patchset attempts to (sanely) fix this, usually by aborting the > > operation if fetching the pre attributes fails. Post-op attribute fetch > > handling is more difficult to deal with however since we've already done > > the operation, so this has it just fudge the change_info4 if that > > occurs. > > I think both v3 and v4 allow a reply that says "the operation was a > success but there are no post-op attrs". With v4 you can say "there is > no change-attr, but here are some other attrs". I think. > v3 has this ability: union pre_op_attr switch (bool attributes_follow) { case TRUE: wcc_attr attributes; case FALSE: void; }; ...we can just set the attributes_follow flag to false there in that case. That's not possible with v4, AFAICT. Several of the *4resok structures contain a change_info4, which just looks like this: struct change_info4 { bool atomic; changeid4 before; changeid4 after; }; We can set "atomic" to false (and this patch does that in this situation), but I don't believe there is any alternative to the change attribute. If the underlying fs doesn't support native change attrs, the server is expected to fake one up somehow (usually from the ctime). We could (in principle) allow the operation to proceed on v3 even if fh_fill_pre_attrs fails, but I don't think we can do the same thing with v4. That said, if getattr is failing then it's somewhat likely that other operations will fail too, so aborting the operation in this situation doesn't seem too onerous.
On Fri, 21 Jul 2023, Jeff Layton wrote: > On Fri, 2023-07-21 at 07:42 +1000, NeilBrown wrote: > > > > I think both v3 and v4 allow a reply that says "the operation was a > > success but there are no post-op attrs". With v4 you can say "there is > > no change-attr, but here are some other attrs". I think. > > > > v3 has this ability: > > union pre_op_attr switch (bool attributes_follow) { > case TRUE: > wcc_attr attributes; > case FALSE: > void; > }; > > ...we can just set the attributes_follow flag to false there in that > case. > > That's not possible with v4, AFAICT. Several of the *4resok structures > contain a change_info4, which just looks like this: > > struct change_info4 { > bool atomic; > changeid4 before; > changeid4 after; > }; Yes... I was thinking of GETATTR which reports a bitmap of all the attributes that it can return. Though I'm not sure if the server is "allowed" to not return something that it has said is "supported". And I think changeid has to be "supported". I'm not sure. But anyway, that doesn't help change_info4 which comes with directory-modifying operation. > > We can set "atomic" to false (and this patch does that in this > situation), but I don't believe there is any alternative to the change > attribute. If the underlying fs doesn't support native change attrs, the > server is expected to fake one up somehow (usually from the ctime). I had a look again at the current code and your patch, and I think that if the "post' vfs_getattr() fails, then the operation succeeds, the change_info is marked non-atomic (as you say) and the "after" changeid is set to an uninitialised value. Is that right? Did I miss something? Maybe we should set it to the pre value plus 1. It probably doesn't matter at all in practice, but if I'm right and it is using an uninitialized value, we should at least fix that. Thanks - your v3 patch looks good in general. I like the must_check and the goto structure. Thanks, NeilBrown > > We could (in principle) allow the operation to proceed on v3 even if > fh_fill_pre_attrs fails, but I don't think we can do the same thing with > v4. That said, if getattr is failing then it's somewhat likely that > other operations will fail too, so aborting the operation in this > situation doesn't seem too onerous. > > -- > Jeff Layton <jlayton@kernel.org> >
On Sat, 2023-07-22 at 10:34 +1000, NeilBrown wrote: > On Fri, 21 Jul 2023, Jeff Layton wrote: > > On Fri, 2023-07-21 at 07:42 +1000, NeilBrown wrote: > > > > > > I think both v3 and v4 allow a reply that says "the operation was a > > > success but there are no post-op attrs". With v4 you can say "there is > > > no change-attr, but here are some other attrs". I think. > > > > > > > v3 has this ability: > > > > union pre_op_attr switch (bool attributes_follow) { > > case TRUE: > > wcc_attr attributes; > > case FALSE: > > void; > > }; > > > > ...we can just set the attributes_follow flag to false there in that > > case. > > > > That's not possible with v4, AFAICT. Several of the *4resok structures > > contain a change_info4, which just looks like this: > > > > struct change_info4 { > > bool atomic; > > changeid4 before; > > changeid4 after; > > }; > > Yes... I was thinking of GETATTR which reports a bitmap of all the > attributes that it can return. Though I'm not sure if the server is > "allowed" to not return something that it has said is "supported". And > I think changeid has to be "supported". I'm not sure. > > But anyway, that doesn't help change_info4 which comes with > directory-modifying operation. > > > > > We can set "atomic" to false (and this patch does that in this > > situation), but I don't believe there is any alternative to the change > > attribute. If the underlying fs doesn't support native change attrs, the > > server is expected to fake one up somehow (usually from the ctime). > > I had a look again at the current code and your patch, and I think that > if the "post' vfs_getattr() fails, then the operation succeeds, the > change_info is marked non-atomic (as you say) and the "after" changeid is > set to an uninitialised value. Is that right? Did I miss something? > Maybe we should set it to the pre value plus 1. > > It probably doesn't matter at all in practice, but if I'm right and it > is using an uninitialized value, we should at least fix that. > > Thanks - your v3 patch looks good in general. I like the must_check and > the goto structure. > > Thanks, > NeilBrown > > The current patch sets the missing pre/post values to 0. I'm happy to change that to pre-value+1 though if you think that'd be more correct. The client already fudges the changeid like that in the CB_GETATTR case, so I doubt that would break anything.