Coda File System

Re: CODA kernel module limitations...

From: Jan Harkes <jaharkes_at_cs.cmu.edu>
Date: Tue, 17 Oct 2000 18:37:50 -0400
On Tue, Oct 17, 2000 at 11:49:05PM +0200, Roland Mainz wrote:
> Jan Harkes wrote:
> 
> > > > For direct operations, hack podfuk into a userspace nfs daemon.
> > >
> > > Does this really work in all cases ? Why does
> > > http://atrey.karlin.mff.cuni.cz/~pavel/podfuk/podfuk.html claim that NFS
> > > doesn't fit the needs ?
> > 
> > He has some explaination in his podfuk-old page.
> > 
> > http://atrey.karlin.mff.cuni.cz/~pavel/podfuk/podfuk-old.html
> > 
> > - NFS is a stateless protocol, and has consistency problems.
> > - Using NFS is very slow, probably because of the context switches.
> 
> NFSv2 is _painfull_ slow as it uses UDP (which also means: manual error
> checking and (at least) two context switches per packet). NFSv3 brings
> many improvements here (uses TCP which moves error checking into TCP
> layer and uses continuous streams instead of single packages).

Same two context switches occur when Coda bounces read/write calls to
userspace, and when the application happens to read single characters it
could be even worse, except if you manage to hook the r/w upcalls into
the VM subsystem (page-in/page-out).

TCP also shouldn't help that much, as the communication is still RPC
based, request...wait...reply...request...wait...reply. The only thing
TCP does here is fragmenting the large rpc messages above the IP layer,
so that a single lost ip-packet doesn't kill the whole datagram.

> > - Security is difficult.
>
> Again... the NFS-is-insecure-mythos... seems it will never die. Starting
> with NFSv3 SecureRPC, Kerberos4/5 or GSS-API may be used for
> authentification, too.

Don't worry about the insecure-mythos. Security is a never ending story,
even after you get a secure transport layer.

How do you want to tie a user identity and access permissions to a page
that is shared between multiple mappings (by different `users') of a
file when it has to get paged in?

Basically once you hit the lower layers of the VFS or are being called
out of the VM, it is very difficult to impossible to figure out who the
`authenticated user' is supposed to be. In most cases it doesn't matter
except for cases where access permission for data is being taken away.

And a stateless world makes this hard. Luckily for us, it is perfectly
valid for Coda to give the user the stale version when he still had
access.

Jan
Received on 2000-10-17 18:51:54