9635389534
Minor documentation updates: - refer to d_obtain_alias rather than d_alloc_anon - explain when to use d_splice_alias and when d_materialise_unique. - cut some details of d_splice_alias/d_materialise_unique implementation. Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
162 lines
7.2 KiB
Text
162 lines
7.2 KiB
Text
|
|
Making Filesystems Exportable
|
|
=============================
|
|
|
|
Overview
|
|
--------
|
|
|
|
All filesystem operations require a dentry (or two) as a starting
|
|
point. Local applications have a reference-counted hold on suitable
|
|
dentries via open file descriptors or cwd/root. However remote
|
|
applications that access a filesystem via a remote filesystem protocol
|
|
such as NFS may not be able to hold such a reference, and so need a
|
|
different way to refer to a particular dentry. As the alternative
|
|
form of reference needs to be stable across renames, truncates, and
|
|
server-reboot (among other things, though these tend to be the most
|
|
problematic), there is no simple answer like 'filename'.
|
|
|
|
The mechanism discussed here allows each filesystem implementation to
|
|
specify how to generate an opaque (outside of the filesystem) byte
|
|
string for any dentry, and how to find an appropriate dentry for any
|
|
given opaque byte string.
|
|
This byte string will be called a "filehandle fragment" as it
|
|
corresponds to part of an NFS filehandle.
|
|
|
|
A filesystem which supports the mapping between filehandle fragments
|
|
and dentries will be termed "exportable".
|
|
|
|
|
|
|
|
Dcache Issues
|
|
-------------
|
|
|
|
The dcache normally contains a proper prefix of any given filesystem
|
|
tree. This means that if any filesystem object is in the dcache, then
|
|
all of the ancestors of that filesystem object are also in the dcache.
|
|
As normal access is by filename this prefix is created naturally and
|
|
maintained easily (by each object maintaining a reference count on
|
|
its parent).
|
|
|
|
However when objects are included into the dcache by interpreting a
|
|
filehandle fragment, there is no automatic creation of a path prefix
|
|
for the object. This leads to two related but distinct features of
|
|
the dcache that are not needed for normal filesystem access.
|
|
|
|
1/ The dcache must sometimes contain objects that are not part of the
|
|
proper prefix. i.e that are not connected to the root.
|
|
2/ The dcache must be prepared for a newly found (via ->lookup) directory
|
|
to already have a (non-connected) dentry, and must be able to move
|
|
that dentry into place (based on the parent and name in the
|
|
->lookup). This is particularly needed for directories as
|
|
it is a dcache invariant that directories only have one dentry.
|
|
|
|
To implement these features, the dcache has:
|
|
|
|
a/ A dentry flag DCACHE_DISCONNECTED which is set on
|
|
any dentry that might not be part of the proper prefix.
|
|
This is set when anonymous dentries are created, and cleared when a
|
|
dentry is noticed to be a child of a dentry which is in the proper
|
|
prefix.
|
|
|
|
b/ A per-superblock list "s_anon" of dentries which are the roots of
|
|
subtrees that are not in the proper prefix. These dentries, as
|
|
well as the proper prefix, need to be released at unmount time. As
|
|
these dentries will not be hashed, they are linked together on the
|
|
d_hash list_head.
|
|
|
|
c/ Helper routines to allocate anonymous dentries, and to help attach
|
|
loose directory dentries at lookup time. They are:
|
|
d_obtain_alias(inode) will return a dentry for the given inode.
|
|
If the inode already has a dentry, one of those is returned.
|
|
If it doesn't, a new anonymous (IS_ROOT and
|
|
DCACHE_DISCONNECTED) dentry is allocated and attached.
|
|
In the case of a directory, care is taken that only one dentry
|
|
can ever be attached.
|
|
d_splice_alias(inode, dentry) or d_materialise_unique(dentry, inode)
|
|
will introduce a new dentry into the tree; either the passed-in
|
|
dentry or a preexisting alias for the given inode (such as an
|
|
anonymous one created by d_obtain_alias), if appropriate. The two
|
|
functions differ in their handling of directories with preexisting
|
|
aliases:
|
|
d_splice_alias will use any existing IS_ROOT dentry, but it will
|
|
return -EIO rather than try to move a dentry with a different
|
|
parent. This is appropriate for local filesystems, which
|
|
should never see such an alias unless the filesystem is
|
|
corrupted somehow (for example, if two on-disk directory
|
|
entries refer to the same directory.)
|
|
d_materialise_unique will attempt to move any dentry. This is
|
|
appropriate for distributed filesystems, where finding a
|
|
directory other than where we last cached it may be a normal
|
|
consequence of concurrent operations on other hosts.
|
|
Both functions return NULL when the passed-in dentry is used,
|
|
following the calling convention of ->lookup.
|
|
|
|
|
|
Filesystem Issues
|
|
-----------------
|
|
|
|
For a filesystem to be exportable it must:
|
|
|
|
1/ provide the filehandle fragment routines described below.
|
|
2/ make sure that d_splice_alias is used rather than d_add
|
|
when ->lookup finds an inode for a given parent and name.
|
|
|
|
If inode is NULL, d_splice_alias(inode, dentry) is equivalent to
|
|
|
|
d_add(dentry, inode), NULL
|
|
|
|
Similarly, d_splice_alias(ERR_PTR(err), dentry) = ERR_PTR(err)
|
|
|
|
Typically the ->lookup routine will simply end with a:
|
|
|
|
return d_splice_alias(inode, dentry);
|
|
}
|
|
|
|
|
|
|
|
A file system implementation declares that instances of the filesystem
|
|
are exportable by setting the s_export_op field in the struct
|
|
super_block. This field must point to a "struct export_operations"
|
|
struct which has the following members:
|
|
|
|
encode_fh (optional)
|
|
Takes a dentry and creates a filehandle fragment which can later be used
|
|
to find or create a dentry for the same object. The default
|
|
implementation creates a filehandle fragment that encodes a 32bit inode
|
|
and generation number for the inode encoded, and if necessary the
|
|
same information for the parent.
|
|
|
|
fh_to_dentry (mandatory)
|
|
Given a filehandle fragment, this should find the implied object and
|
|
create a dentry for it (possibly with d_obtain_alias).
|
|
|
|
fh_to_parent (optional but strongly recommended)
|
|
Given a filehandle fragment, this should find the parent of the
|
|
implied object and create a dentry for it (possibly with
|
|
d_obtain_alias). May fail if the filehandle fragment is too small.
|
|
|
|
get_parent (optional but strongly recommended)
|
|
When given a dentry for a directory, this should return a dentry for
|
|
the parent. Quite possibly the parent dentry will have been allocated
|
|
by d_alloc_anon. The default get_parent function just returns an error
|
|
so any filehandle lookup that requires finding a parent will fail.
|
|
->lookup("..") is *not* used as a default as it can leave ".." entries
|
|
in the dcache which are too messy to work with.
|
|
|
|
get_name (optional)
|
|
When given a parent dentry and a child dentry, this should find a name
|
|
in the directory identified by the parent dentry, which leads to the
|
|
object identified by the child dentry. If no get_name function is
|
|
supplied, a default implementation is provided which uses vfs_readdir
|
|
to find potential names, and matches inode numbers to find the correct
|
|
match.
|
|
|
|
|
|
A filehandle fragment consists of an array of 1 or more 4byte words,
|
|
together with a one byte "type".
|
|
The decode_fh routine should not depend on the stated size that is
|
|
passed to it. This size may be larger than the original filehandle
|
|
generated by encode_fh, in which case it will have been padded with
|
|
nuls. Rather, the encode_fh routine should choose a "type" which
|
|
indicates the decode_fh how much of the filehandle is valid, and how
|
|
it should be interpreted.
|