Linux kernel development work - see feature branches https://git.zx2c4.com/linux-dev/atom/Documentation/filesystems/nfs?h=master 2022-05-17T19:33:21Z 2022-05-17T19:33:21Z Chuck Lever chuck.lever@oracle.com 2022-04-18T15:58:50Z urn:sha1:a28faaddb2be19659701602fc7c9934ff5fc3fa5 To enable NFSv4 to work correctly, NFSv4 client identifiers have to be globally unique and persistent over client reboots. We believe that in many cases, a good default identifier can be chosen and set when a client system is imaged. Because there are many different ways a system can be imaged, provide an explanation of how NFSv4 client identifiers and principals can be set by install scripts and imaging tools. Additional cases, such as NFSv4 clients running in containers, also need unique and persistent identifiers. The Linux NFS community sets forth this explanation to aid those who create and manage container environments. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> 2021-09-21T21:51:47Z J. Bruce Fields bfields@redhat.com 2021-09-10T18:42:54Z urn:sha1:dc451bbc6f54a2c7bacef7ec445718709071b61c We've supported reexport for a while but documentation is limited. This is mainly a simplified version of the text I wrote for the linux-nfs wiki at https://wiki.linux-nfs.org/wiki/index.php/NFS_re-export. Signed-off-by: J. Bruce Fields <bfields@redhat.com> 2020-12-09T14:39:38Z Jeff Layton jeff.layton@primarydata.com 2020-11-30T22:03:16Z urn:sha1:7f84b488f9add1d5cca3e6197c95914c7bd3c1cf It's not uncommon for some workloads to do a bunch of I/O to a file and delete it just afterward. If knfsd has a cached open file however, then the file may still be open when the dentry is unlinked. If the underlying filesystem is nfs, then that could trigger it to do a sillyrename. On a REMOVE or RENAME scan the nfsd_file cache for open files that correspond to the inode, and proactively unhash and put their references. This should prevent any delete-on-last-close activity from occurring, solely due to knfsd's open file cache. This must be done synchronously though so we use the variants that call flush_delayed_fput. There are deadlock possibilities if you call flush_delayed_fput while holding locks, however. In the case of nfsd_rename, we don't even do the lookups of the dentries to be renamed until we've locked for rename. Once we've figured out what the target dentry is for a rename, check to see whether there are cached open files associated with it. If there are, then unwind all of the locking, close them all, and then reattempt the rename. None of this is really necessary for "typical" filesystems though. It's mostly of use for NFS, so declare a new export op flag and use that to determine whether to close the files beforehand. Signed-off-by: Jeff Layton <jeff.layton@primarydata.com> Signed-off-by: Lance Shelton <lance.shelton@hammerspace.com> Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> 2020-12-09T14:39:38Z Jeff Layton jeff.layton@primarydata.com 2020-11-30T22:03:15Z urn:sha1:ba5e8187c55555519ae0b63c0fb681391bc42af9 When we start allowing NFS to be reexported, then we have some problems when it comes to subtree checking. In principle, we could allow it, but it would mean encoding parent info in the filehandles and there may not be enough space for that in a NFSv3 filehandle. To enforce this at export upcall time, we add a new export_ops flag that declares the filesystem ineligible for subtree checking. Signed-off-by: Jeff Layton <jeff.layton@primarydata.com> Signed-off-by: Lance Shelton <lance.shelton@hammerspace.com> Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> 2020-12-09T14:39:38Z Jeff Layton jeff.layton@primarydata.com 2020-11-30T22:03:14Z urn:sha1:daab110e47f8d7aa6da66923e3ac1a8dbd2b2a72 With NFSv3 nfsd will always attempt to send along WCC data to the client. This generally involves saving off the in-core inode information prior to doing the operation on the given filehandle, and then issuing a vfs_getattr to it after the op. Some filesystems (particularly clustered or networked ones) have an expensive ->getattr inode operation. Atomicity is also often difficult or impossible to guarantee on such filesystems. For those, we're best off not trying to provide WCC information to the client at all, and to simply allow it to poll for that information as needed with a GETATTR RPC. This patch adds a new flags field to struct export_operations, and defines a new EXPORT_OP_NOWCC flag that filesystems can use to indicate that nfsd should not attempt to provide WCC info in NFSv3 replies. It also adds a blurb about the new flags field and flag to the exporting documentation. The server will also now skip collecting this information for NFSv2 as well, since that info is never used there anyway. Note that this patch does not add this flag to any filesystem export_operations structures. This was originally developed to allow reexporting nfs via nfsd. Other filesystems may want to consider enabling this flag too. It's hard to tell however which ones have export operations to enable export via knfsd and which ones mostly rely on them for open-by-filehandle support, so I'm leaving that up to the individual maintainers to decide. I am cc'ing the relevant lists for those filesystems that I think may want to consider adding this though. Cc: HPDD-discuss@lists.01.org Cc: ceph-devel@vger.kernel.org Cc: cluster-devel@redhat.com Cc: fuse-devel@lists.sourceforge.net Cc: ocfs2-devel@oss.oracle.com Signed-off-by: Jeff Layton <jeff.layton@primarydata.com> Signed-off-by: Lance Shelton <lance.shelton@hammerspace.com> Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> 2020-09-25T22:01:27Z J. Bruce Fields bfields@redhat.com 2020-08-27T16:06:06Z urn:sha1:ade3dbad1459e0a9a8ee8812925e0d968a2a5252 This draft is an official RFC now. Signed-off-by: J. Bruce Fields <bfields@redhat.com> 2020-06-26T17:14:12Z Alexander A. Klimov grandmaster@al2klimov.de 2020-06-21T13:35:52Z urn:sha1:c69f22f25f1105cb4e629b5c2da61a245b653ce1 Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> Link: https://lore.kernel.org/r/20200621133552.46371-1-grandmaster@al2klimov.de Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2020-02-13T18:21:35Z Daniel W. S. Almeida dwlsalmeida@gmail.com 2020-01-29T04:49:17Z urn:sha1:cb63032b1233e03ac20fc2b60820a50d605b9bc0 Convert knfsd-stats.txt to ReST. Content remains mostly the same. Signed-off-by: Daniel W. S. Almeida <dwlsalmeida@gmail.com> Link: https://lore.kernel.org/r/20200129044917.566906-6-dwlsalmeida@gmail.com Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2020-02-13T18:21:31Z Daniel W. S. Almeida dwlsalmeida@gmail.com 2020-01-29T04:49:16Z urn:sha1:04f81fb08d067f79c59fe132929a9c81eb9cb74b Convert nfs41-server.txt to ReST. ASCII tables were converted to ReST grid table format. Signed-off-by: Daniel W. S. Almeida <dwlsalmeida@gmail.com> Link: https://lore.kernel.org/r/20200129044917.566906-5-dwlsalmeida@gmail.com Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2020-02-13T18:21:28Z Daniel W. S. Almeida dwlsalmeida@gmail.com 2020-01-29T04:49:15Z urn:sha1:250baf06aacf4eafb5641c86c91f2b1df4cf7d86 Convert rpc-server-gss.txt to ReST. Content remains mostly unchanged. Signed-off-by: Daniel W. S. Almeida <dwlsalmeida@gmail.com> Link: https://lore.kernel.org/r/20200129044917.566906-4-dwlsalmeida@gmail.com Signed-off-by: Jonathan Corbet <corbet@lwn.net>