[OpenAFS-devel] Progress on Linux in-kernel RxRPC library

Kyle Moffett mrmacman_g4@mac.com
Mon, 21 Mar 2005 20:01:06 -0500 

On Mar 21, 2005, at 19:23, Chaskiel M Grundman wrote:
> --On Monday, March 21, 2005 19:01:11 -0500 Kyle Moffett 
> <mrmacman_g4@mac.com> wrote:
>
>> The axscache stores cached access rights, which are applied
>> based on the identity (credentials) of the process, no?  To get
>> the identity of the process just search the keyrings with the
>> standard API for an OpenAFS token.  Take the token it finds,
>> (The one in the most-local scope) and use it to check access.
>
> The credential/token would be fine if we wanted to ask the
> fileserver for the access rights every time, but we don't. We
> want to cache them. The cache needs a key. Right now, the key
> is the pag number (which is at least 0x41000000) if there is a
> pag, and the uid if not.

So do you use the PAG to reference a per-user index of access
control rights for a collection of files, or do you use the PAG to
check access against the cached copy in a global shared cache?
It seems that the latter would make more sense, use less RAM, and
be more useful with per-OS pagecache/dentry/inode kernel APIs, but
I may not be aware of some extra AFS concern.   In the latter case,
you would just cache the ACL sent by the fileserver and check
against the principal name/id stored in the key and global cache.
If you don't always get an ACL when just doing an open() on the
client, you could just use a principal=>access mapping stored in
each inode/dentry to record the currently detected portion of the
ACL until you can gather the additional data.

> We could store a cache key in the keyring, but that would in
> fact be providing a "pag" concept that does not use groups. (which
> is fine, but it would not have eliminated PAGs).

I'm just trying to understand what part of the existing Linux
filesystem cache is insufficient for OpenAFS to utilize without
resorting to patched-in external caches.

Cheers,
Kyle Moffett

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM/CS/IT/U d- s++: a18 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
PGP+++ t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r  
!y?(-)
------END GEEK CODE BLOCK------