| Message ID | 163278643081.17728.10586733395858659759.stgit@noble.brown (mailing list archive) |
|---|---|
| Headers | show |
| Series | Don't store cred in nfs_access_entry | expand |
Hi Trond/Anna, have you had a chance to look at these patches? Thanks, NeilBrown On Tue, 28 Sep 2021, NeilBrown wrote: > It turns out that storing a counted ref to 'struct cred' in > nfs_access_entry wasn't a good choice. > 'struct cred' contains counted references to 'struct key', and users > have a quota on how many keys they can have. Keeping a cred in a cache > imposes on that quota. > > The nfs access cache can keep a large number of entries, and keep them > indefinitely. This can cause a user to go over-quota. > > This series removes the 'struct cred *' from nfs_access_entry and > instead stores the uid, gid, and a pointer to the group info. > This makes the nfs_access_entry 64 bits larger. > > Thanks, > NeilBrown > > --- > > NeilBrown (3): > NFS: change nfs_access_get_cached to only report the mask > NFS: pass cred explicitly for access tests > NFS: don't store 'struct cred *' in struct nfs_access_entry > > > fs/nfs/dir.c | 63 ++++++++++++++++++++++++++++++++++------- > fs/nfs/nfs3proc.c | 5 ++-- > fs/nfs/nfs4proc.c | 13 +++++---- > include/linux/nfs_fs.h | 6 ++-- > include/linux/nfs_xdr.h | 2 +- > 5 files changed, 67 insertions(+), 22 deletions(-) > > -- > Signature > >
On Wed, 2021-11-17 at 07:49 +1100, NeilBrown wrote: > > Hi Trond/Anna, > have you had a chance to look at these patches? > Oh crap... I did see those patches, and intended to pick them up for this last merge window, but somehow forgot to move them into my 'testing' branch. Anna, can you please queue them up for the next merge window? Apologies Trond > Thanks, > NeilBrown > > On Tue, 28 Sep 2021, NeilBrown wrote: > > It turns out that storing a counted ref to 'struct cred' in > > nfs_access_entry wasn't a good choice. > > 'struct cred' contains counted references to 'struct key', and > > users > > have a quota on how many keys they can have. Keeping a cred in a > > cache > > imposes on that quota. > > > > The nfs access cache can keep a large number of entries, and keep > > them > > indefinitely. This can cause a user to go over-quota. > > > > This series removes the 'struct cred *' from nfs_access_entry and > > instead stores the uid, gid, and a pointer to the group info. > > This makes the nfs_access_entry 64 bits larger. > > > > Thanks, > > NeilBrown > > > > --- > > > > NeilBrown (3): > > NFS: change nfs_access_get_cached to only report the mask > > NFS: pass cred explicitly for access tests > > NFS: don't store 'struct cred *' in struct nfs_access_entry > > > > > > fs/nfs/dir.c | 63 ++++++++++++++++++++++++++++++++++--- > > ---- > > fs/nfs/nfs3proc.c | 5 ++-- > > fs/nfs/nfs4proc.c | 13 +++++---- > > include/linux/nfs_fs.h | 6 ++-- > > include/linux/nfs_xdr.h | 2 +- > > 5 files changed, 67 insertions(+), 22 deletions(-) > > > > -- > > Signature > > > >
On Wed, 17 Nov 2021, Trond Myklebust wrote: > On Wed, 2021-11-17 at 07:49 +1100, NeilBrown wrote: > > > > Hi Trond/Anna, > > have you had a chance to look at these patches? > > > > Oh crap... I did see those patches, and intended to pick them up for > this last merge window, but somehow forgot to move them into my > 'testing' branch. > > Anna, can you please queue them up for the next merge window? > > Apologies > Trond No problem - thanks. NeilBrown
On Tue, Nov 16, 2021 at 3:58 PM Trond Myklebust <trondmy@hammerspace.com> wrote: > > On Wed, 2021-11-17 at 07:49 +1100, NeilBrown wrote: > > > > Hi Trond/Anna, > > have you had a chance to look at these patches? > > > > Oh crap... I did see those patches, and intended to pick them up for > this last merge window, but somehow forgot to move them into my > 'testing' branch. > > Anna, can you please queue them up for the next merge window? Sure! I have them applied to my private testing branch now. I'll push them out to a public linux-next sometime in the next few weeks. Anna > > Apologies > Trond > > > Thanks, > > NeilBrown > > > > On Tue, 28 Sep 2021, NeilBrown wrote: > > > It turns out that storing a counted ref to 'struct cred' in > > > nfs_access_entry wasn't a good choice. > > > 'struct cred' contains counted references to 'struct key', and > > > users > > > have a quota on how many keys they can have. Keeping a cred in a > > > cache > > > imposes on that quota. > > > > > > The nfs access cache can keep a large number of entries, and keep > > > them > > > indefinitely. This can cause a user to go over-quota. > > > > > > This series removes the 'struct cred *' from nfs_access_entry and > > > instead stores the uid, gid, and a pointer to the group info. > > > This makes the nfs_access_entry 64 bits larger. > > > > > > Thanks, > > > NeilBrown > > > > > > --- > > > > > > NeilBrown (3): > > > NFS: change nfs_access_get_cached to only report the mask > > > NFS: pass cred explicitly for access tests > > > NFS: don't store 'struct cred *' in struct nfs_access_entry > > > > > > > > > fs/nfs/dir.c | 63 ++++++++++++++++++++++++++++++++++--- > > > ---- > > > fs/nfs/nfs3proc.c | 5 ++-- > > > fs/nfs/nfs4proc.c | 13 +++++---- > > > include/linux/nfs_fs.h | 6 ++-- > > > include/linux/nfs_xdr.h | 2 +- > > > 5 files changed, 67 insertions(+), 22 deletions(-) > > > > > > -- > > > Signature > > > > > > > > -- > Trond Myklebust > Linux NFS client maintainer, Hammerspace > trond.myklebust@hammerspace.com > >
It turns out that storing a counted ref to 'struct cred' in nfs_access_entry wasn't a good choice. 'struct cred' contains counted references to 'struct key', and users have a quota on how many keys they can have. Keeping a cred in a cache imposes on that quota. The nfs access cache can keep a large number of entries, and keep them indefinitely. This can cause a user to go over-quota. This series removes the 'struct cred *' from nfs_access_entry and instead stores the uid, gid, and a pointer to the group info. This makes the nfs_access_entry 64 bits larger. Thanks, NeilBrown --- NeilBrown (3): NFS: change nfs_access_get_cached to only report the mask NFS: pass cred explicitly for access tests NFS: don't store 'struct cred *' in struct nfs_access_entry fs/nfs/dir.c | 63 ++++++++++++++++++++++++++++++++++------- fs/nfs/nfs3proc.c | 5 ++-- fs/nfs/nfs4proc.c | 13 +++++---- include/linux/nfs_fs.h | 6 ++-- include/linux/nfs_xdr.h | 2 +- 5 files changed, 67 insertions(+), 22 deletions(-) -- Signature