From owner-freebsd-stable@FreeBSD.ORG Wed Mar 22 20:20:35 2006 Return-Path: X-Original-To: stable@freebsd.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4DFBF16A41F; Wed, 22 Mar 2006 20:20:35 +0000 (UTC) (envelope-from dillon@apollo.backplane.com) Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08D7543D48; Wed, 22 Mar 2006 20:20:34 +0000 (GMT) (envelope-from dillon@apollo.backplane.com) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.13.4/8.13.4) with ESMTP id k2MKKKqI014000; Wed, 22 Mar 2006 12:20:20 -0800 (PST) Received: (from dillon@localhost) by apollo.backplane.com (8.13.4/8.13.4/Submit) id k2MKKKIF013999; Wed, 22 Mar 2006 12:20:20 -0800 (PST) Date: Wed, 22 Mar 2006 12:20:20 -0800 (PST) From: Matthew Dillon Message-Id: <200603222020.k2MKKKIF013999@apollo.backplane.com> To: Mikhail Teterin References: <200603211607.30372.mi+mx@aldan.algebra.com> <200603221312.38502.mi+mx@aldan.algebra.com> <200603221903.k2MJ37Iq013571@apollo.backplane.com> <200603221427.45219.mi+mx@aldan.algebra.com> Cc: Kostik Belousov , alc@freebsd.org, stable@freebsd.org Subject: Re: flushing "anonymous" buffers over NFS is rejected by server (more weird bugs with mmap-ing via NFS) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 20:20:35 -0000 :So, the problem is, the dirtied buffers _sometimes_ lose their owner and thus :become root-owned. When the NFS client tries to flush them out, the NFS :server (by default suspecting remote roots of being evil) rejects the :flushing, which brings the client to its weak knees. : :1. Do the yet unflushed buffers really have to be anonymous? : :2. Can't the client's knees be strengthened in this regard? : :Thanks! : : -mi Basically correct, though its not the buffers that get lost, its that the VM pages get disconnected from the buffers when the buffers are recycled, then get reconnected (sans creds info) later on. The basic answer is that we don't want to strengthen the client with regards to buffer/VM page creds, because buffers and VM pages are cached items in the system and can potentially have many different 'owners'. The entire cred infrastructure for buffers was a terrible hack put into place many years ago, solely to support NFS. It created a huge mess in the system code and didn't even solve the problem (as you found out). I've already removed most of that junk from DragonFly and I would argue that there isn't much point keeping it in FreeBSD either. The only real solution is to make the NFS client aware of the restricted user id exported by the server by requiring that the same uid be specified in the mount command the client uses to mount the NFS partition. The NFS client would then use that user id for all write I/O operations. -Matt Matthew Dillon