From nobody Wed Jan 22 06:27:37 2025 X-Original-To: current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YdDdm0cFsz5l02M for ; Wed, 22 Jan 2025 06:27:40 +0000 (UTC) (envelope-from glebius@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YdDdl6v5fz42Th; Wed, 22 Jan 2025 06:27:39 +0000 (UTC) (envelope-from glebius@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1737527260; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=eYnFM9kBZ4tCAbipQK0cqgHj9e1TKjXBuKoMEpECi88=; b=Z53xIZ3rZiLOEyutQ0lrNy8NRoSQ2Bv5EfvVh1mnCRTtQSGfNOH2FHoo6hNAyaBTXEAr5B xDV20fjwYmk+w/K0yhBRFljjOaJ7Hy1ZsuH3M02ao5D1RxKEMGzBJCf139AKCrknvH4SJ/ agKr637amR587LF0Vjb8c0zyxrc2LZxCmHNSiwO8h0iCCIkGgjrh29DmIM+ooJMpP0kRDc 1A95YBYoJTfbGxye8lZfsEGyskdspWVUHUPza8SH4D0/UHGZevXoDlwRlMfojHJn1M+g6x zCRpxRj3ZXM1mVXXc0bsrwq6EtqBjFQTlG9FC0vvBNKMG3RMk5NFMpiIzIBO3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1737527260; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=eYnFM9kBZ4tCAbipQK0cqgHj9e1TKjXBuKoMEpECi88=; b=jRAjyEl8ftbDFPBrvTpWL3d2587K5BdIKIKN7wefMddth8Jntjo2SdlrNy7L/ThFm5Fktw QnuFGHc/UHgdXhjs47ZGY0dxC/732JUs/AmLK281xROiPb9VkTpYKgRtLqQg+ahlFXxrKm NUOps3ufcj7LDQlOhaacEvaFDe1Kq3gPyqC7mMKpvQp7O9TL0ruHSBWpuQGIqhZky4q6gg P6TjJNdMrD24HU96KlttOj9PsLuX6wwWqjx2/M5/VXQNRC0kdkY6UH5L7PKKz1KJG+aejs dllPBthUejoWEQOijFzsZhMg0ID7cZSF/eNF9hu6lWdTt5mOxMe89ykHg3Rqzg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1737527260; a=rsa-sha256; cv=none; b=UtCY2IMq6QL/vUslME1/YOukHW1sw/dzh6631RCyN7HniYEW9imRBjqSXgeZGC6nXyLgxY 6lTdtPP9p82Nj4u1d73YedqZiReyegKffYPA1e88+EA0JnIZe/f/P+g+ZSDh1yv8ez6Reo pMX/63lX/nVv7DPTclKE6O+2QHXJGpJ8z6i6kmkPpUAafYpdWsKIETXhSS+CT2W4tvp+cs H6qUb7k4fV6PIjylwgu+ufV0/xGlz85ZopiqMOSrjB9OiiuBbDJJUugUl0GHrGp0MWiEiP 5Jou6uNr8Z4te2Cggxn/7LOaWQJm/96sI7gXuKQfBpFcjaqn1XnW4zuJFkcX2g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from cell.glebi.us (glebi.us [162.251.186.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: glebius) by smtp.freebsd.org (Postfix) with ESMTPSA id 4YdDdl3Ywgzrgx; Wed, 22 Jan 2025 06:27:39 +0000 (UTC) (envelope-from glebius@freebsd.org) Date: Tue, 21 Jan 2025 22:27:37 -0800 From: Gleb Smirnoff To: current@freebsd.org Cc: rmacklem@freebsd.org Subject: HEADS UP: NFS changes coming into CURRENT early February Message-ID: List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, TLDR version: users of NFS with Kerberos (e.g. running gssd(8)) as well as users of NFS with TLS (e.g. running rpc.tlsclntd(8) or rpc.tlsservd(8)) as well as users of network lock manager (e.g. having 'options NFSLOCKD' and running rpcbind(8)) are affected. You would need to recompile & reinstall both the world and the kernel together. Of course this is what you'd normally do when you track FreeBSD CURRENT, but better be warned. I will post hashes of the specific revisions that break API/ABI when they are pushed. Longer version: last year I tried to check-in a new implementation of unix(4) SOCK_STREAM and SOCK_SEQPACKET in d80a97def9a1, but was forced to back it out due to several kernel side abusers of a unix(4) socket. The most difficult ones are the NFS related RPC services, that act as RPC clients talking to an RPC servers in userland. Since it is impossible to fully emulate a userland process connection to a unix(4) socket they need to work with the socket internal structures bypassing all the normal KPIs and conventions. Of course they didn't tolerate the new implementation that totally eliminated intermediate buffer on the sending side. While the original motivation for the upcoming changes is the fact that I want to go forward with the new unix/stream and unix/seqpacket, I also tried to make kernel to userland RPC better. You judge if I succeeded or not :) Here are some highlights: - Code footprint both in kernel clients and in userland daemons is reduced. Example: gssd: 1 file changed, 5 insertions(+), 64 deletions(-) kgssapi: 1 file changed, 26 insertions(+), 78 deletions(-) 4 files changed, 1 insertion(+), 11 deletions(-) - You can easily see all RPC calls from kernel to userland with genl(1): # genl monitor rpcnl - The new transport is multithreaded in kernel by default, so kernel clients can send a bunch of RPCs without any serialization and if the userland figures out how to parallelize their execution, such parallelization would happen. Note: new rpc.tlsservd(8) will use threads. - One ad-hoc single program syscall is removed - gssd_syscall. Note: rpctls syscall remains, but I have some ideas on how to improve that, too. Not at this step though. - All sleeps of kernel RPC calls are now in single place, and they all have timeouts. I believe NFS services are now much more resilient to hangs. A deadlock when NFS kernel thread is blocked on unix socket buffer, and the socket can't go away because its application is blocked in some other syscall is no longer possible. The code is posted on phabricator, reviews D48547 through D48552. Reviewers are very welcome! I share my branch on Github. It is usually rebased on today's CURRENT: https://github.com/glebius/FreeBSD/commits/gss-netlink/ Early testers are very welcome! -- Gleb Smirnoff