On Fri, 2017-10-13 at 11:00 -0400, bfields@xxxxxxxxxxxx wrote: > On Fri, Oct 13, 2017 at 01:34:28PM +0000, Trond Myklebust wrote: > > On Thu, 2017-10-12 at 21:52 -0400, J. Bruce Fields wrote: > > > On Thu, Oct 12, 2017 at 03:00:51PM -0700, Tom Haynes wrote: > > > > On Thu, Oct 12, 2017 at 05:44:54PM -0400, J. Bruce Fields > > > > wrote: > > > > > Your mailer's not quoting right, it's a little hard for me to > > > > > find your > > > > > replies. Wading in: > > > > > > > > > > On Thu, Oct 12, 2017 at 09:39:04PM +0000, Thomas Haynes > > > > > wrote: > > > > > > On Oct 12, 2017, at 12:49 PM, J. Bruce Fields <bfields@fiel > > > > > > dses > > > > > > .org<mailto:bfields@xxxxxxxxxxxx>> wrote: > > > > > > > So I *think* the only correct options OK or FALSE_RETRY? > > > > > > > > > > > > It can’t be OK if the parameters to SEQUENCE differ. > > > > > > > > > > I'm getting that from: "When the replier detects a false > > > > > retry, > > > > > it is > > > > > permitted (but not always obligated) to return > > > > > NFS4ERR_FALSE_RETRY in > > > > > response to the Sequence operation when it detects a false > > > > > retry." > > > > > > > > I think you are agreeing with me that OK is not appropriate > > > > here? > > > > > > No, I think OK is OK: > > > > > > > > If i understand the following language, we're required to > > > > > return > > > > > FALSE_RETRY in the case the rpc credentials of the caller map > > > > > to > > > > > different principals, but not otherwise. > > > > > > > > This one drove me crazy: > > > > > > > > If a requester sent a Sequence operation with a slot ID and > > > > sequence > > > > ID that are in the reply cache but the replier detected that > > > > the > > > > retried request is not the same as the original request, > > > > including a > > > > retry that has different operations or different arguments > > > > in > > > > the > > > > operations from the original > > > > > > > > SEQUENCE is not special - both the compounds in this example > > > > only have the SEQUENCE op and they differ only in that in the > > > > first sa_cachethis is False and in the second it is True. > > > > > > > > So we have to return FALSE_SEQ_RETRY here... > > > > > > It says "if the replier detected" a difference, not "if there is" > > > a > > > difference. So the replier is not required to do such > > > detection. This > > > agrees with the "not always obligated" above. > > > > > > So I think it's allowed for the server to just return an old > > > cached > > > response here (with the cached OK). And I can't see any > > > practical > > > problem that would create--a client shouldn't be sending a > > > different > > > request with the same (slot, sequence) anyway. The only > > > potential > > > risk > > > is the malicious client trying to snoop somebody else's reply > > > cache, > > > hence the requirement in the case principals differ. > > > > Clients may indeed send a different request with the same slot and > > sequence if they don't know that the server received the last > > request. > > This is tbe "user pressed ^C" scenario... > > > > Servers MAY ignore that fact, but they'd be really stupid to do > > so... > > OK, OK, I'll look into fixing the server (I'm pretty sure we get this > wrong). > > You've explained the ctrl-C case before and I don't think I > understood > it. I guess otherwise the only way for the client to sort out the > situation would be to retry the original request. And that requires > keeping the arguments and credentials around to handle potential > retries. And that's impractical if the process is going away? OK. > Right, we're not going to do that just for data that is just going to be tossed away anyway. We already guarantee that non-idempotent operations (the ones that we actually do ask the server to cache) are guaranteed to complete whether or not the user presses ^C, so this is mainly about what happens when somebody interrupts an operation that we did not want the server to cache. I have a patch out there that just replays a SEQUENCE op if we detect that an RPC call was interrupted. That should be sufficient to deal with servers that cache everything (whether or not the client sets sa_cachethis), but don't want to do NFS4ERR_SEQ_FALSE_RETRY. That particular combination has been seen to be extremely toxic to the current client, because it can get replayed LOOKUP or GETATTR requests after someone presses ^C. -- Trond Myklebust Linux NFS client maintainer, PrimaryData trond.myklebust@xxxxxxxxxxxxxxx ��.n��������+%������w��{.n�����{��w���jg��������ݢj����G�������j:+v���w�m������w�������h�����٥