[LTP] [PATCH 2/2] nfsstat01: Check that RPC stats don't leak between net namespaces
Chuck Lever III
chuck.lever@oracle.com
Mon Sep 2 20:13:52 CEST 2024
> On Sep 2, 2024, at 7:49 AM, Martin Doucha <mdoucha@suse.cz> wrote:
>
> On 30. 08. 24 20:10, Chuck Lever wrote:
>> On Fri, Aug 30, 2024 at 04:13:40PM +0200, Martin Doucha wrote:
>>> When the NFS server and client run on the same host in different net
>>> namespaces, check that RPC calls from the client namespace don't
>>> change RPC statistics in the root namespace.
>>>
>>> Signed-off-by: Martin Doucha <mdoucha@suse.cz>
>>> ---
>>>
>>> I've initially tried to test both NFS and RPC client stats but it appears
>>> that NFS client stats are still shared across all namespaces. Only RPC
>>> client stats are separate for each net namespace. The kernel patchset[1]
>>> which introduced per-NS stats confirms that only RPC stats have been changed.
>> I believe that is correct, Josef changed only RPC counters. Which
>> counters did you expect also would be containerized, exactly?
>> Perhaps this issue should be raised on linux-nfs@vger, it could be
>> considered to be another information leak.
>
> I tried to test the NFS client call counters, fields 13, 15 or 24 (depending on NFS version) in the "procX" line of /proc/net/rpc/nfs. These are the counters that the test already checks after RPC.
>
> Although when I think about it some more, I'm not sure whether the NFS/RPC client statistics should be attached to network namespaces in the first place. AFAICT, processes from any network namespace can trigger client calls for both RPC and NFS as long as they can access the NFS mountpoint. Perhaps a mount namespace would be the more logical domain for counting per-NS statistics instead?
Disclaimer: I'm not one of the NFS client maintainers, but only
a very long time contributor to the Linux NFS implementation,
so I can offer only a somewhat-educated opinion on this topic.
IIRC in a container, the RPC client is bound to the network
namespace.
The statistics in /proc/self/mountstats are accrued to an
individual mount. I think those are associated with the mount
namespace. I could very well be wrong about that.
This is another topic that would be appropriate to bring to
linux-nfs@ .
--
Chuck Lever
More information about the ltp
mailing list