2005-04-16 15:20:36 -07:00
2005-09-09 13:10:19 -07:00
Overview of the Linux Virtual File System
2005-04-16 15:20:36 -07:00
2005-09-09 13:10:19 -07:00
Original author: Richard Gooch <rgooch@atnf.csiro.au>
2005-04-16 15:20:36 -07:00
2007-07-15 23:41:19 -07:00
Last updated on June 24, 2007.
2005-04-16 15:20:36 -07:00
2005-09-09 13:10:19 -07:00
Copyright (C) 1999 Richard Gooch
Copyright (C) 2005 Pekka Enberg
2005-04-16 15:20:36 -07:00
2005-09-09 13:10:19 -07:00
This file is released under the GPLv2.
2005-04-16 15:20:36 -07:00
2005-11-07 01:01:08 -08:00
Introduction
============
2005-04-16 15:20:36 -07:00
2005-11-07 01:01:08 -08:00
The Virtual File System (also known as the Virtual Filesystem Switch)
is the software layer in the kernel that provides the filesystem
interface to userspace programs. It also provides an abstraction
within the kernel which allows different filesystem implementations to
coexist.
2005-04-16 15:20:36 -07:00
2005-11-07 01:01:08 -08:00
VFS system calls open(2), stat(2), read(2), write(2), chmod(2) and so
on are called from a process context. Filesystem locking is described
in the document Documentation/filesystems/Locking.
2005-04-16 15:20:36 -07:00
2005-11-07 01:01:08 -08:00
Directory Entry Cache (dcache)
------------------------------
2005-04-16 15:20:36 -07:00
2005-11-07 01:01:08 -08:00
The VFS implements the open(2), stat(2), chmod(2), and similar system
calls. The pathname argument that is passed to them is used by the VFS
to search through the directory entry cache (also known as the dentry
cache or dcache). This provides a very fast look-up mechanism to
translate a pathname (filename) into a specific dentry. Dentries live
in RAM and are never saved to disc: they exist only for performance.
The dentry cache is meant to be a view into your entire filespace. As
most computers cannot fit all dentries in the RAM at the same time,
some bits of the cache are missing. In order to resolve your pathname
into a dentry, the VFS may have to resort to creating dentries along
the way, and then loading the inode. This is done by looking up the
inode.
The Inode Object
----------------
An individual dentry usually has a pointer to an inode. Inodes are
filesystem objects such as regular files, directories, FIFOs and other
beasts. They live either on the disc (for block device filesystems)
or in the memory (for pseudo filesystems). Inodes that live on the
disc are copied into the memory when required and changes to the inode
are written back to disc. A single inode can be pointed to by multiple
dentries (hard links, for example, do this).
To look up an inode requires that the VFS calls the lookup() method of
the parent directory inode. This method is installed by the specific
filesystem implementation that the inode lives in. Once the VFS has
the required dentry (and hence the inode), we can do all those boring
things like open(2) the file, or stat(2) it to peek at the inode
data. The stat(2) operation is fairly simple: once the VFS has the
dentry, it peeks at the inode data and passes some of it back to
userspace.
The File Object
---------------
2005-04-16 15:20:36 -07:00
Opening a file requires another operation: allocation of a file
structure (this is the kernel-side implementation of file
2005-09-09 13:10:19 -07:00
descriptors). The freshly allocated file structure is initialized with
2005-04-16 15:20:36 -07:00
a pointer to the dentry and a set of file operation member functions.
These are taken from the inode data. The open() file method is then
2010-04-23 00:08:02 +02:00
called so the specific filesystem implementation can do its work. You
2005-11-07 01:01:08 -08:00
can see that this is another switch performed by the VFS. The file
structure is placed into the file descriptor table for the process.
2005-04-16 15:20:36 -07:00
Reading, writing and closing files (and other assorted VFS operations)
is done by using the userspace file descriptor to grab the appropriate
2005-11-07 01:01:08 -08:00
file structure, and then calling the required file structure method to
do whatever is required. For as long as the file is open, it keeps the
dentry in use, which in turn means that the VFS inode is still in use.
2005-04-16 15:20:36 -07:00
2005-09-09 13:10:19 -07:00
Registering and Mounting a Filesystem
2005-11-07 01:01:08 -08:00
=====================================
2005-04-16 15:20:36 -07:00
2005-11-07 01:01:08 -08:00
To register and unregister a filesystem, use the following API
functions:
2005-04-16 15:20:36 -07:00
2005-11-07 01:01:08 -08:00
#include <linux/fs.h>
2005-04-16 15:20:36 -07:00
2005-11-07 01:01:08 -08:00
extern int register_filesystem(struct file_system_type *);
extern int unregister_filesystem(struct file_system_type *);
2005-04-16 15:20:36 -07:00
2005-11-07 01:01:08 -08:00
The passed struct file_system_type describes your filesystem. When a
request is made to mount a device onto a directory in your filespace,
the VFS will call the appropriate get_sb() method for the specific
filesystem. The dentry for the mount point will then be updated to
point to the root inode for the new filesystem.
2005-04-16 15:20:36 -07:00
2005-11-07 01:01:08 -08:00
You can see all filesystems that are registered to the kernel in the
file /proc/filesystems.
2005-04-16 15:20:36 -07:00
2005-09-09 13:10:19 -07:00
struct file_system_type
2005-11-07 01:01:08 -08:00
-----------------------
2005-04-16 15:20:36 -07:00
2007-07-15 23:41:19 -07:00
This describes the filesystem. As of kernel 2.6.22, the following
2005-04-16 15:20:36 -07:00
members are defined:
struct file_system_type {
const char *name;
int fs_flags;
2006-07-10 04:44:07 -07:00
int (*get_sb) (struct file_system_type *, int,
const char *, void *, struct vfsmount *);
2005-09-09 13:10:19 -07:00
void (*kill_sb) (struct super_block *);
struct module *owner;
struct file_system_type * next;
struct list_head fs_supers;
2007-07-15 23:41:19 -07:00
struct lock_class_key s_lock_key;
struct lock_class_key s_umount_key;
2005-04-16 15:20:36 -07:00
};
name: the name of the filesystem type, such as "ext2", "iso9660",
"msdos" and so on
fs_flags: various flags (i.e. FS_REQUIRES_DEV, FS_NO_DCACHE, etc.)
2005-09-09 13:10:19 -07:00
get_sb: the method to call when a new instance of this
2005-04-16 15:20:36 -07:00
filesystem should be mounted
2005-09-09 13:10:19 -07:00
kill_sb: the method to call when an instance of this filesystem
should be unmounted
owner: for internal VFS use: you should initialize this to THIS_MODULE in
most cases.
2005-04-16 15:20:36 -07:00
2005-09-09 13:10:19 -07:00
next: for internal VFS use: you should initialize this to NULL
2007-07-15 23:41:19 -07:00
s_lock_key, s_umount_key: lockdep-specific
2005-09-09 13:10:19 -07:00
The get_sb() method has the following arguments:
2005-04-16 15:20:36 -07:00
2008-07-25 19:45:33 -07:00
struct file_system_type *fs_type: describes the filesystem, partly initialized
2007-07-15 23:41:19 -07:00
by the specific filesystem code
2005-09-09 13:10:19 -07:00
int flags: mount flags
const char *dev_name: the device name we are mounting.
2005-04-16 15:20:36 -07:00
void *data: arbitrary mount options, usually comes as an ASCII
mount options: add documentation
This series addresses the problem of showing mount options in
/proc/mounts.
Several filesystems which use mount options, have not implemented a
.show_options superblock operation. Several others have implemented
this callback, but have not kept it fully up to date with the parsed
options.
Q: Why do we need correct option showing in /proc/mounts?
A: We want /proc/mounts to fully replace /etc/mtab. The reasons for
this are:
- unprivileged mounters won't be able to update /etc/mtab
- /etc/mtab doesn't work with private mount namespaces
- /etc/mtab can become out-of-sync with reality
Q: Can't this be done, so that filesystems need not bother with
implementing a .show_mounts callback, and keeping it up to date?
A: Only in some cases. Certain filesystems allow modification of a
subset of options in their remount_fs method. It is not possible
to take this into account without knowing exactly how the
filesystem handles options.
For the simple case (no remount or remount resets all options) the
patchset introduces two helpers:
generic_show_options()
save_mount_options()
These can also be used to emulate the old /etc/mtab behavior, until
proper support is added. Even if this is not 100% correct, it's still
better than showing no options at all.
The following patches fix up most in-tree filesystems, some have been
compile tested only, some have been reviewed and acked by the
maintainer.
Table displaying status of all in-kernel filesystems:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
legend:
none - fs has options, but doesn't define ->show_options()
some - fs defines ->show_options(), but some only options are shown
good - fs shows all options
noopt - fs does not have options
patch - a patch will be posted
merged - a patch has been merged by subsystem maintainer
9p good
adfs patch
affs patch
afs patch
autofs patch
autofs4 patch
befs patch
bfs noopt
cifs some
coda noopt
configfs noopt
cramfs noopt
debugfs noopt
devpts patch
ecryptfs good
efs noopt
ext2 patch
ext3 good
ext4 merged
fat patch
freevxfs noopt
fuse patch
fusectl noopt
gfs2 good
gfs2meta noopt
hfs good
hfsplus good
hostfs patch
hpfs patch
hppfs noopt
hugetlbfs patch
isofs patch
jffs2 noopt
jfs merged
minix noopt
msdos ->fat
ncpfs patch
nfs some
nfsd noopt
ntfs good
ocfs2 good
ocfs2/dlmfs noopt
openpromfs noopt
proc noopt
qnx4 noopt
ramfs noopt
reiserfs patch
romfs noopt
smbfs good
sysfs noopt
sysv noopt
udf patch
ufs good
vfat ->fat
xfs good
mm/shmem.c patch
drivers/oprofile/oprofilefs.c noopt
drivers/infiniband/hw/ipath/ipath_fs.c noopt
drivers/misc/ibmasm/ibmasmfs.c noopt
drivers/usb/core (usbfs) merged
drivers/usb/gadget (gadgetfs) noopt
drivers/isdn/capi/capifs.c patch
kernel/cpuset.c noopt
fs/binfmt_misc.c noopt
net/sunrpc/rpc_pipe.c noopt
arch/powerpc/platforms/cell/spufs patch
arch/s390/hypfs good
ipc/mqueue.c noopt
security (securityfs) noopt
security/selinux/selinuxfs.c noopt
kernel/cgroup.c good
security/smack/smackfs.c noopt
in -mm:
reiser4 some
unionfs good
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This patch:
Document the rules for handling mount options in the .show_options
super operation.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08 04:21:34 -08:00
string (see "Mount Options" section)
2005-04-16 15:20:36 -07:00
2007-07-15 23:41:19 -07:00
struct vfsmount *mnt: a vfs-internal representation of a mount point
2005-04-16 15:20:36 -07:00
2005-09-09 13:10:19 -07:00
The get_sb() method must determine if the block device specified
2007-07-15 23:41:19 -07:00
in the dev_name and fs_type contains a filesystem of the type the method
supports. If it succeeds in opening the named block device, it initializes a
struct super_block descriptor for the filesystem contained by the block device.
On failure it returns an error.
2005-04-16 15:20:36 -07:00
The most interesting member of the superblock structure that the
2005-09-09 13:10:19 -07:00
get_sb() method fills in is the "s_op" field. This is a pointer to
2005-04-16 15:20:36 -07:00
a "struct super_operations" which describes the next level of the
filesystem implementation.
2006-01-03 13:35:41 +01:00
Usually, a filesystem uses one of the generic get_sb() implementations
and provides a fill_super() method instead. The generic methods are:
2005-09-09 13:10:19 -07:00
get_sb_bdev: mount a filesystem residing on a block device
2005-04-16 15:20:36 -07:00
2005-09-09 13:10:19 -07:00
get_sb_nodev: mount a filesystem that is not backed by a device
get_sb_single: mount a filesystem which shares the instance between
all mounts
A fill_super() method implementation has the following arguments:
struct super_block *sb: the superblock structure. The method fill_super()
must initialize this properly.
void *data: arbitrary mount options, usually comes as an ASCII
mount options: add documentation
This series addresses the problem of showing mount options in
/proc/mounts.
Several filesystems which use mount options, have not implemented a
.show_options superblock operation. Several others have implemented
this callback, but have not kept it fully up to date with the parsed
options.
Q: Why do we need correct option showing in /proc/mounts?
A: We want /proc/mounts to fully replace /etc/mtab. The reasons for
this are:
- unprivileged mounters won't be able to update /etc/mtab
- /etc/mtab doesn't work with private mount namespaces
- /etc/mtab can become out-of-sync with reality
Q: Can't this be done, so that filesystems need not bother with
implementing a .show_mounts callback, and keeping it up to date?
A: Only in some cases. Certain filesystems allow modification of a
subset of options in their remount_fs method. It is not possible
to take this into account without knowing exactly how the
filesystem handles options.
For the simple case (no remount or remount resets all options) the
patchset introduces two helpers:
generic_show_options()
save_mount_options()
These can also be used to emulate the old /etc/mtab behavior, until
proper support is added. Even if this is not 100% correct, it's still
better than showing no options at all.
The following patches fix up most in-tree filesystems, some have been
compile tested only, some have been reviewed and acked by the
maintainer.
Table displaying status of all in-kernel filesystems:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
legend:
none - fs has options, but doesn't define ->show_options()
some - fs defines ->show_options(), but some only options are shown
good - fs shows all options
noopt - fs does not have options
patch - a patch will be posted
merged - a patch has been merged by subsystem maintainer
9p good
adfs patch
affs patch
afs patch
autofs patch
autofs4 patch
befs patch
bfs noopt
cifs some
coda noopt
configfs noopt
cramfs noopt
debugfs noopt
devpts patch
ecryptfs good
efs noopt
ext2 patch
ext3 good
ext4 merged
fat patch
freevxfs noopt
fuse patch
fusectl noopt
gfs2 good
gfs2meta noopt
hfs good
hfsplus good
hostfs patch
hpfs patch
hppfs noopt
hugetlbfs patch
isofs patch
jffs2 noopt
jfs merged
minix noopt
msdos ->fat
ncpfs patch
nfs some
nfsd noopt
ntfs good
ocfs2 good
ocfs2/dlmfs noopt
openpromfs noopt
proc noopt
qnx4 noopt
ramfs noopt
reiserfs patch
romfs noopt
smbfs good
sysfs noopt
sysv noopt
udf patch
ufs good
vfat ->fat
xfs good
mm/shmem.c patch
drivers/oprofile/oprofilefs.c noopt
drivers/infiniband/hw/ipath/ipath_fs.c noopt
drivers/misc/ibmasm/ibmasmfs.c noopt
drivers/usb/core (usbfs) merged
drivers/usb/gadget (gadgetfs) noopt
drivers/isdn/capi/capifs.c patch
kernel/cpuset.c noopt
fs/binfmt_misc.c noopt
net/sunrpc/rpc_pipe.c noopt
arch/powerpc/platforms/cell/spufs patch
arch/s390/hypfs good
ipc/mqueue.c noopt
security (securityfs) noopt
security/selinux/selinuxfs.c noopt
kernel/cgroup.c good
security/smack/smackfs.c noopt
in -mm:
reiser4 some
unionfs good
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This patch:
Document the rules for handling mount options in the .show_options
super operation.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08 04:21:34 -08:00
string (see "Mount Options" section)
2005-09-09 13:10:19 -07:00
int silent: whether or not to be silent on error
2005-11-07 01:01:08 -08:00
The Superblock Object
=====================
A superblock object represents a mounted filesystem.
2005-09-09 13:10:19 -07:00
struct super_operations
2005-11-07 01:01:08 -08:00
-----------------------
2005-04-16 15:20:36 -07:00
This describes how the VFS can manipulate the superblock of your
2007-07-15 23:41:43 -07:00
filesystem. As of kernel 2.6.22, the following members are defined:
2005-04-16 15:20:36 -07:00
struct super_operations {
2005-09-09 13:10:19 -07:00
struct inode *(*alloc_inode)(struct super_block *sb);
void (*destroy_inode)(struct inode *);
void (*dirty_inode) (struct inode *);
int (*write_inode) (struct inode *, int);
void (*drop_inode) (struct inode *);
void (*delete_inode) (struct inode *);
void (*put_super) (struct super_block *);
void (*write_super) (struct super_block *);
int (*sync_fs)(struct super_block *sb, int wait);
2009-01-09 16:40:58 -08:00
int (*freeze_fs) (struct super_block *);
int (*unfreeze_fs) (struct super_block *);
2006-06-23 02:02:58 -07:00
int (*statfs) (struct dentry *, struct kstatfs *);
2005-09-09 13:10:19 -07:00
int (*remount_fs) (struct super_block *, int *, char *);
void (*clear_inode) (struct inode *);
void (*umount_begin) (struct super_block *);
int (*show_options)(struct seq_file *, struct vfsmount *);
ssize_t (*quota_read)(struct super_block *, int, char *, size_t, loff_t);
ssize_t (*quota_write)(struct super_block *, int, const char *, size_t, loff_t);
2005-04-16 15:20:36 -07:00
};
All methods are called without any locks being held, unless otherwise
noted. This means that most methods can block safely. All methods are
only called from a process context (i.e. not from an interrupt handler
or bottom half).
2005-09-09 13:10:19 -07:00
alloc_inode: this method is called by inode_alloc() to allocate memory
2006-03-25 03:07:56 -08:00
for struct inode and initialize it. If this function is not
defined, a simple 'struct inode' is allocated. Normally
alloc_inode will be used to allocate a larger structure which
contains a 'struct inode' embedded within it.
2005-09-09 13:10:19 -07:00
destroy_inode: this method is called by destroy_inode() to release
2006-03-25 03:07:56 -08:00
resources allocated for struct inode. It is only required if
->alloc_inode was defined and simply undoes anything done by
->alloc_inode.
2005-09-09 13:10:19 -07:00
dirty_inode: this method is called by the VFS to mark an inode dirty.
2005-04-16 15:20:36 -07:00
write_inode: this method is called when the VFS needs to write an
inode to disc. The second parameter indicates whether the write
should be synchronous or not, not all filesystems check this flag.
drop_inode: called when the last access to the inode is dropped,
with the inode_lock spinlock held.
2005-09-09 13:10:19 -07:00
This method should be either NULL (normal UNIX filesystem
2005-04-16 15:20:36 -07:00
semantics) or "generic_delete_inode" (for filesystems that do not
want to cache inodes - causing "delete_inode" to always be
called regardless of the value of i_nlink)
2005-09-09 13:10:19 -07:00
The "generic_delete_inode()" behavior is equivalent to the
2005-04-16 15:20:36 -07:00
old practice of using "force_delete" in the put_inode() case,
but does not have the races that the "force_delete()" approach
had.
delete_inode: called when the VFS wants to delete an inode
put_super: called when the VFS wishes to free the superblock
(i.e. unmount). This is called with the superblock lock held
write_super: called when the VFS superblock needs to be written to
disc. This method is optional
2005-09-09 13:10:19 -07:00
sync_fs: called when VFS is writing out all dirty data associated with
a superblock. The second parameter indicates whether the method
should wait until the write out has been completed. Optional.
2009-01-09 16:40:58 -08:00
freeze_fs: called when VFS is locking a filesystem and
2005-11-07 01:01:08 -08:00
forcing it into a consistent state. This method is currently
used by the Logical Volume Manager (LVM).
2005-09-09 13:10:19 -07:00
2009-01-09 16:40:58 -08:00
unfreeze_fs: called when VFS is unlocking a filesystem and making it writable
2005-09-09 13:10:19 -07:00
again.
2009-04-20 18:38:28 -07:00
statfs: called when the VFS needs to get filesystem statistics.
2005-04-16 15:20:36 -07:00
remount_fs: called when the filesystem is remounted. This is called
with the kernel lock held
clear_inode: called then the VFS clears the inode. Optional
2005-09-09 13:10:19 -07:00
umount_begin: called when the VFS is unmounting a filesystem.
mount options: add documentation
This series addresses the problem of showing mount options in
/proc/mounts.
Several filesystems which use mount options, have not implemented a
.show_options superblock operation. Several others have implemented
this callback, but have not kept it fully up to date with the parsed
options.
Q: Why do we need correct option showing in /proc/mounts?
A: We want /proc/mounts to fully replace /etc/mtab. The reasons for
this are:
- unprivileged mounters won't be able to update /etc/mtab
- /etc/mtab doesn't work with private mount namespaces
- /etc/mtab can become out-of-sync with reality
Q: Can't this be done, so that filesystems need not bother with
implementing a .show_mounts callback, and keeping it up to date?
A: Only in some cases. Certain filesystems allow modification of a
subset of options in their remount_fs method. It is not possible
to take this into account without knowing exactly how the
filesystem handles options.
For the simple case (no remount or remount resets all options) the
patchset introduces two helpers:
generic_show_options()
save_mount_options()
These can also be used to emulate the old /etc/mtab behavior, until
proper support is added. Even if this is not 100% correct, it's still
better than showing no options at all.
The following patches fix up most in-tree filesystems, some have been
compile tested only, some have been reviewed and acked by the
maintainer.
Table displaying status of all in-kernel filesystems:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
legend:
none - fs has options, but doesn't define ->show_options()
some - fs defines ->show_options(), but some only options are shown
good - fs shows all options
noopt - fs does not have options
patch - a patch will be posted
merged - a patch has been merged by subsystem maintainer
9p good
adfs patch
affs patch
afs patch
autofs patch
autofs4 patch
befs patch
bfs noopt
cifs some
coda noopt
configfs noopt
cramfs noopt
debugfs noopt
devpts patch
ecryptfs good
efs noopt
ext2 patch
ext3 good
ext4 merged
fat patch
freevxfs noopt
fuse patch
fusectl noopt
gfs2 good
gfs2meta noopt
hfs good
hfsplus good
hostfs patch
hpfs patch
hppfs noopt
hugetlbfs patch
isofs patch
jffs2 noopt
jfs merged
minix noopt
msdos ->fat
ncpfs patch
nfs some
nfsd noopt
ntfs good
ocfs2 good
ocfs2/dlmfs noopt
openpromfs noopt
proc noopt
qnx4 noopt
ramfs noopt
reiserfs patch
romfs noopt
smbfs good
sysfs noopt
sysv noopt
udf patch
ufs good
vfat ->fat
xfs good
mm/shmem.c patch
drivers/oprofile/oprofilefs.c noopt
drivers/infiniband/hw/ipath/ipath_fs.c noopt
drivers/misc/ibmasm/ibmasmfs.c noopt
drivers/usb/core (usbfs) merged
drivers/usb/gadget (gadgetfs) noopt
drivers/isdn/capi/capifs.c patch
kernel/cpuset.c noopt
fs/binfmt_misc.c noopt
net/sunrpc/rpc_pipe.c noopt
arch/powerpc/platforms/cell/spufs patch
arch/s390/hypfs good
ipc/mqueue.c noopt
security (securityfs) noopt
security/selinux/selinuxfs.c noopt
kernel/cgroup.c good
security/smack/smackfs.c noopt
in -mm:
reiser4 some
unionfs good
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This patch:
Document the rules for handling mount options in the .show_options
super operation.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08 04:21:34 -08:00
show_options: called by the VFS to show mount options for
/proc/<pid>/mounts. (see "Mount Options" section)
2005-09-09 13:10:19 -07:00
quota_read: called by the VFS to read from filesystem quota file.
quota_write: called by the VFS to write to filesystem quota file.
2008-02-07 00:15:52 -08:00
Whoever sets up the inode is responsible for filling in the "i_op" field. This
is a pointer to a "struct inode_operations" which describes the methods that
can be performed on individual inodes.
2005-04-16 15:20:36 -07:00
2005-11-07 01:01:08 -08:00
The Inode Object
================
An inode object represents an object within the filesystem.
2005-09-09 13:10:19 -07:00
struct inode_operations
2005-11-07 01:01:08 -08:00
-----------------------
2005-04-16 15:20:36 -07:00
This describes how the VFS can manipulate an inode in your
2007-07-15 23:41:43 -07:00
filesystem. As of kernel 2.6.22, the following members are defined:
2005-04-16 15:20:36 -07:00
struct inode_operations {
2005-09-09 13:10:19 -07:00
int (*create) (struct inode *,struct dentry *,int, struct nameidata *);
struct dentry * (*lookup) (struct inode *,struct dentry *, struct nameidata *);
2005-04-16 15:20:36 -07:00
int (*link) (struct dentry *,struct inode *,struct dentry *);
int (*unlink) (struct inode *,struct dentry *);
int (*symlink) (struct inode *,struct dentry *,const char *);
int (*mkdir) (struct inode *,struct dentry *,int);
int (*rmdir) (struct inode *,struct dentry *);
int (*mknod) (struct inode *,struct dentry *,int,dev_t);
int (*rename) (struct inode *, struct dentry *,
struct inode *, struct dentry *);
2005-09-09 13:10:19 -07:00
int (*readlink) (struct dentry *, char __user *,int);
void * (*follow_link) (struct dentry *, struct nameidata *);
void (*put_link) (struct dentry *, struct nameidata *, void *);
2005-04-16 15:20:36 -07:00
void (*truncate) (struct inode *);
2011-01-07 17:49:58 +11:00
int (*permission) (struct inode *, int, unsigned int);
int (*check_acl)(struct inode *, int, unsigned int);
2005-09-09 13:10:19 -07:00
int (*setattr) (struct dentry *, struct iattr *);
int (*getattr) (struct vfsmount *mnt, struct dentry *, struct kstat *);
int (*setxattr) (struct dentry *, const char *,const void *,size_t,int);
ssize_t (*getxattr) (struct dentry *, const char *, void *, size_t);
ssize_t (*listxattr) (struct dentry *, char *, size_t);
int (*removexattr) (struct dentry *, const char *);
2007-07-15 23:41:43 -07:00
void (*truncate_range)(struct inode *, loff_t, loff_t);
2005-04-16 15:20:36 -07:00
};
Again, all methods are called without any locks being held, unless
otherwise noted.
create: called by the open(2) and creat(2) system calls. Only
required if you want to support regular files. The dentry you
get should not have an inode (i.e. it should be a negative
dentry). Here you will probably call d_instantiate() with the
dentry and the newly created inode
lookup: called when the VFS needs to look up an inode in a parent
directory. The name to look for is found in the dentry. This
method must call d_add() to insert the found inode into the
dentry. The "i_count" field in the inode structure should be
incremented. If the named inode does not exist a NULL inode
should be inserted into the dentry (this is called a negative
dentry). Returning an error code from this routine must only
be done on a real error, otherwise creating inodes with system
calls like create(2), mknod(2), mkdir(2) and so on will fail.
If you wish to overload the dentry methods then you should
initialise the "d_dop" field in the dentry; this is a pointer
to a struct "dentry_operations".
This method is called with the directory inode semaphore held
link: called by the link(2) system call. Only required if you want
to support hard links. You will probably need to call
d_instantiate() just as you would in the create() method
unlink: called by the unlink(2) system call. Only required if you
want to support deleting inodes
symlink: called by the symlink(2) system call. Only required if you
want to support symlinks. You will probably need to call
d_instantiate() just as you would in the create() method
mkdir: called by the mkdir(2) system call. Only required if you want
to support creating subdirectories. You will probably need to
call d_instantiate() just as you would in the create() method
rmdir: called by the rmdir(2) system call. Only required if you want
to support deleting subdirectories
mknod: called by the mknod(2) system call to create a device (char,
block) inode or a named pipe (FIFO) or socket. Only required
if you want to support creating these types of inodes. You
will probably need to call d_instantiate() just as you would
in the create() method
2005-11-07 01:01:08 -08:00
rename: called by the rename(2) system call to rename the object to
have the parent and name given by the second inode and dentry.
2005-04-16 15:20:36 -07:00
readlink: called by the readlink(2) system call. Only required if
you want to support reading symbolic links
follow_link: called by the VFS to follow a symbolic link to the
2005-09-09 13:10:19 -07:00
inode it points to. Only required if you want to support
2005-11-07 01:01:08 -08:00
symbolic links. This method returns a void pointer cookie
2005-09-09 13:10:19 -07:00
that is passed to put_link().
put_link: called by the VFS to release resources allocated by
2005-11-07 01:01:08 -08:00
follow_link(). The cookie returned by follow_link() is passed
2006-10-03 22:57:56 +02:00
to this method as the last parameter. It is used by
2005-11-07 01:01:08 -08:00
filesystems such as NFS where page cache is not stable
(i.e. page that was installed when the symbolic link walk
started might not be in the page cache at the end of the
walk).
fs: introduce new truncate sequence
Introduce a new truncate calling sequence into fs/mm subsystems. Rather than
setattr > vmtruncate > truncate, have filesystems call their truncate sequence
from ->setattr if filesystem specific operations are required. vmtruncate is
deprecated, and truncate_pagecache and inode_newsize_ok helpers introduced
previously should be used.
simple_setattr is introduced for simple in-ram filesystems to implement
the new truncate sequence. Eventually all filesystems should be converted
to implement a setattr, and the default code in notify_change should go
away.
simple_setsize is also introduced to perform just the ATTR_SIZE portion
of simple_setattr (ie. changing i_size and trimming pagecache).
To implement the new truncate sequence:
- filesystem specific manipulations (eg freeing blocks) must be done in
the setattr method rather than ->truncate.
- vmtruncate can not be used by core code to trim blocks past i_size in
the event of write failure after allocation, so this must be performed
in the fs code.
- convert usage of helpers block_write_begin, nobh_write_begin,
cont_write_begin, and *blockdev_direct_IO* to use _newtrunc postfixed
variants. These avoid calling vmtruncate to trim blocks (see previous).
- inode_setattr should not be used. generic_setattr is a new function
to be used to copy simple attributes into the generic inode.
- make use of the better opportunity to handle errors with the new sequence.
Big problem with the previous calling sequence: the filesystem is not called
until i_size has already changed. This means it is not allowed to fail the
call, and also it does not know what the previous i_size was. Also, generic
code calling vmtruncate to truncate allocated blocks in case of error had
no good way to return a meaningful error (or, for example, atomically handle
block deallocation).
Cc: Christoph Hellwig <hch@lst.de>
Acked-by: Jan Kara <jack@suse.cz>
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2010-05-27 01:05:33 +10:00
truncate: Deprecated. This will not be called if ->setsize is defined.
Called by the VFS to change the size of a file. The
2005-11-07 01:01:08 -08:00
i_size field of the inode is set to the desired size by the
VFS before this method is called. This method is called by
the truncate(2) system call and related functionality.
2005-09-09 13:10:19 -07:00
fs: introduce new truncate sequence
Introduce a new truncate calling sequence into fs/mm subsystems. Rather than
setattr > vmtruncate > truncate, have filesystems call their truncate sequence
from ->setattr if filesystem specific operations are required. vmtruncate is
deprecated, and truncate_pagecache and inode_newsize_ok helpers introduced
previously should be used.
simple_setattr is introduced for simple in-ram filesystems to implement
the new truncate sequence. Eventually all filesystems should be converted
to implement a setattr, and the default code in notify_change should go
away.
simple_setsize is also introduced to perform just the ATTR_SIZE portion
of simple_setattr (ie. changing i_size and trimming pagecache).
To implement the new truncate sequence:
- filesystem specific manipulations (eg freeing blocks) must be done in
the setattr method rather than ->truncate.
- vmtruncate can not be used by core code to trim blocks past i_size in
the event of write failure after allocation, so this must be performed
in the fs code.
- convert usage of helpers block_write_begin, nobh_write_begin,
cont_write_begin, and *blockdev_direct_IO* to use _newtrunc postfixed
variants. These avoid calling vmtruncate to trim blocks (see previous).
- inode_setattr should not be used. generic_setattr is a new function
to be used to copy simple attributes into the generic inode.
- make use of the better opportunity to handle errors with the new sequence.
Big problem with the previous calling sequence: the filesystem is not called
until i_size has already changed. This means it is not allowed to fail the
call, and also it does not know what the previous i_size was. Also, generic
code calling vmtruncate to truncate allocated blocks in case of error had
no good way to return a meaningful error (or, for example, atomically handle
block deallocation).
Cc: Christoph Hellwig <hch@lst.de>
Acked-by: Jan Kara <jack@suse.cz>
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2010-05-27 01:05:33 +10:00
Note: ->truncate and vmtruncate are deprecated. Do not add new
instances/calls of these. Filesystems should be converted to do their
truncate sequence via ->setattr().
2005-09-09 13:10:19 -07:00
permission: called by the VFS to check for access rights on a POSIX-like
filesystem.
2011-01-14 02:26:53 +00:00
May be called in rcu-walk mode (flags & IPERM_FLAG_RCU). If in rcu-walk
mode, the filesystem must check the permission without blocking or
2011-01-07 17:49:58 +11:00
storing to the inode.
If a situation is encountered that rcu-walk cannot handle, return
-ECHILD and it will be called again in ref-walk mode.
2005-11-07 01:01:08 -08:00
setattr: called by the VFS to set attributes for a file. This method
is called by chmod(2) and related system calls.
2005-09-09 13:10:19 -07:00
2005-11-07 01:01:08 -08:00
getattr: called by the VFS to get attributes of a file. This method
is called by stat(2) and related system calls.
2005-09-09 13:10:19 -07:00
setxattr: called by the VFS to set an extended attribute for a file.
2005-11-07 01:01:08 -08:00
Extended attribute is a name:value pair associated with an
inode. This method is called by setxattr(2) system call.
getxattr: called by the VFS to retrieve the value of an extended
attribute name. This method is called by getxattr(2) function
call.
listxattr: called by the VFS to list all extended attributes for a
given file. This method is called by listxattr(2) system call.
2005-09-09 13:10:19 -07:00
2005-11-07 01:01:08 -08:00
removexattr: called by the VFS to remove an extended attribute from
a file. This method is called by removexattr(2) system call.
2005-09-09 13:10:19 -07:00
2007-07-15 23:41:43 -07:00
truncate_range: a method provided by the underlying filesystem to truncate a
range of blocks , i.e. punch a hole somewhere in a file.
2005-09-09 13:10:19 -07:00
2005-11-07 01:01:08 -08:00
The Address Space Object
========================
2006-03-25 03:07:56 -08:00
The address space object is used to group and manage pages in the page
cache. It can be used to keep track of the pages in a file (or
anything else) and also track the mapping of sections of the file into
process address spaces.
There are a number of distinct yet related services that an
address-space can provide. These include communicating memory
pressure, page lookup by address, and keeping track of pages tagged as
Dirty or Writeback.
2006-03-25 03:08:29 -08:00
The first can be used independently to the others. The VM can try to
2006-03-25 03:07:56 -08:00
either write dirty pages in order to clean them, or release clean
pages in order to reuse them. To do this it can call the ->writepage
method on dirty pages, and ->releasepage on clean pages with
PagePrivate set. Clean pages without PagePrivate and with no external
references will be released without notice being given to the
address_space.
2006-03-25 03:08:29 -08:00
To achieve this functionality, pages need to be placed on an LRU with
2006-03-25 03:07:56 -08:00
lru_cache_add and mark_page_active needs to be called whenever the
page is used.
Pages are normally kept in a radix tree index by ->index. This tree
maintains information about the PG_Dirty and PG_Writeback status of
each page, so that pages with either of these flags can be found
quickly.
The Dirty tag is primarily used by mpage_writepages - the default
->writepages method. It uses the tag to find dirty pages to call
->writepage on. If mpage_writepages is not used (i.e. the address
2006-03-25 03:08:29 -08:00
provides its own ->writepages) , the PAGECACHE_TAG_DIRTY tag is
2006-03-25 03:07:56 -08:00
almost unused. write_inode_now and sync_inode do use it (through
__sync_single_inode) to check if ->writepages has been successful in
writing out the whole address_space.
The Writeback tag is used by filemap*wait* and sync_page* functions,
2009-09-30 22:16:33 +02:00
via filemap_fdatawait_range, to wait for all writeback to
2006-03-25 03:07:56 -08:00
complete. While waiting ->sync_page (if defined) will be called on
2006-03-25 03:08:29 -08:00
each page that is found to require writeback.
2006-03-25 03:07:56 -08:00
An address_space handler may attach extra information to a page,
typically using the 'private' field in the 'struct page'. If such
information is attached, the PG_Private flag should be set. This will
2006-03-25 03:08:29 -08:00
cause various VM routines to make extra calls into the address_space
2006-03-25 03:07:56 -08:00
handler to deal with that data.
An address space acts as an intermediate between storage and
application. Data is read into the address space a whole page at a
time, and provided to the application either by copying of the page,
or by memory-mapping the page.
Data is written into the address space by the application, and then
written-back to storage typically in whole pages, however the
2006-03-25 03:08:29 -08:00
address_space has finer control of write sizes.
2006-03-25 03:07:56 -08:00
The read process essentially only requires 'readpage'. The write
2008-10-29 14:00:55 -07:00
process is more complicated and uses write_begin/write_end or
2006-03-25 03:07:56 -08:00
set_page_dirty to write data into the address_space, and writepage,
sync_page, and writepages to writeback data to storage.
Adding and removing pages to/from an address_space is protected by the
inode's i_mutex.
When data is written to a page, the PG_Dirty flag should be set. It
typically remains set until writepage asks for it to be written. This
should clear PG_Dirty and set PG_Writeback. It can be actually
written at any point after PG_Dirty is clear. Once it is known to be
safe, PG_Writeback is cleared.
Writeback makes use of a writeback_control structure...
2005-09-09 13:10:19 -07:00
struct address_space_operations
2005-11-07 01:01:08 -08:00
-------------------------------
2005-09-09 13:10:19 -07:00
This describes how the VFS can manipulate mapping of a file to page cache in
2007-07-15 23:41:43 -07:00
your filesystem. As of kernel 2.6.22, the following members are defined:
2005-09-09 13:10:19 -07:00
struct address_space_operations {
int (*writepage)(struct page *page, struct writeback_control *wbc);
int (*readpage)(struct file *, struct page *);
int (*sync_page)(struct page *);
int (*writepages)(struct address_space *, struct writeback_control *);
int (*set_page_dirty)(struct page *page);
int (*readpages)(struct file *filp, struct address_space *mapping,
struct list_head *pages, unsigned nr_pages);
2007-10-16 01:25:01 -07:00
int (*write_begin)(struct file *, struct address_space *mapping,
loff_t pos, unsigned len, unsigned flags,
struct page **pagep, void **fsdata);
int (*write_end)(struct file *, struct address_space *mapping,
loff_t pos, unsigned len, unsigned copied,
struct page *page, void *fsdata);
2005-09-09 13:10:19 -07:00
sector_t (*bmap)(struct address_space *, sector_t);
int (*invalidatepage) (struct page *, unsigned long);
int (*releasepage) (struct page *, int);
2010-12-01 13:35:19 -05:00
void (*freepage)(struct page *);
2005-09-09 13:10:19 -07:00
ssize_t (*direct_IO)(int, struct kiocb *, const struct iovec *iov,
loff_t offset, unsigned long nr_segs);
struct page* (*get_xip_page)(struct address_space *, sector_t,
int);
2006-03-25 03:07:56 -08:00
/* migrate the contents of a page to the specified target */
int (*migratepage) (struct page *, struct page *);
2007-07-15 23:41:43 -07:00
int (*launder_page) (struct page *);
2009-09-16 11:50:13 +02:00
int (*error_remove_page) (struct mapping *mapping, struct page *page);
2005-09-09 13:10:19 -07:00
};
2006-03-25 03:07:56 -08:00
writepage: called by the VM to write a dirty page to backing store.
2006-03-25 03:08:29 -08:00
This may happen for data integrity reasons (i.e. 'sync'), or
2006-03-25 03:07:56 -08:00
to free up memory (flush). The difference can be seen in
wbc->sync_mode.
The PG_Dirty flag has been cleared and PageLocked is true.
writepage should start writeout, should set PG_Writeback,
and should make sure the page is unlocked, either synchronously
or asynchronously when the write operation completes.
If wbc->sync_mode is WB_SYNC_NONE, ->writepage doesn't have to
2006-03-25 03:08:29 -08:00
try too hard if there are problems, and may choose to write out
other pages from the mapping if that is easier (e.g. due to
internal dependencies). If it chooses not to start writeout, it
should return AOP_WRITEPAGE_ACTIVATE so that the VM will not keep
2006-03-25 03:07:56 -08:00
calling ->writepage on that page.
See the file "Locking" for more details.
2005-09-09 13:10:19 -07:00
readpage: called by the VM to read a page from backing store.
2006-03-25 03:07:56 -08:00
The page will be Locked when readpage is called, and should be
unlocked and marked uptodate once the read completes.
If ->readpage discovers that it needs to unlock the page for
some reason, it can do so, and then return AOP_TRUNCATED_PAGE.
2006-03-25 03:08:29 -08:00
In this case, the page will be relocated, relocked and if
2006-03-25 03:07:56 -08:00
that all succeeds, ->readpage will be called again.
2005-09-09 13:10:19 -07:00
sync_page: called by the VM to notify the backing store to perform all
queued I/O operations for a page. I/O operations for other pages
associated with this address_space object may also be performed.
2006-03-25 03:07:56 -08:00
This function is optional and is called only for pages with
PG_Writeback set while waiting for the writeback to complete.
2005-09-09 13:10:19 -07:00
writepages: called by the VM to write out pages associated with the
2006-03-25 03:08:29 -08:00
address_space object. If wbc->sync_mode is WBC_SYNC_ALL, then
the writeback_control will specify a range of pages that must be
written out. If it is WBC_SYNC_NONE, then a nr_to_write is given
2006-03-25 03:07:56 -08:00
and that many pages should be written if possible.
If no ->writepages is given, then mpage_writepages is used
2006-03-25 03:08:29 -08:00
instead. This will choose pages from the address space that are
2006-03-25 03:07:56 -08:00
tagged as DIRTY and will pass them to ->writepage.
2005-09-09 13:10:19 -07:00
set_page_dirty: called by the VM to set a page dirty.
2006-03-25 03:07:56 -08:00
This is particularly needed if an address space attaches
private data to a page, and that data needs to be updated when
a page is dirtied. This is called, for example, when a memory
mapped page gets modified.
If defined, it should set the PageDirty flag, and the
PAGECACHE_TAG_DIRTY tag in the radix tree.
2005-09-09 13:10:19 -07:00
readpages: called by the VM to read pages associated with the address_space
2006-03-25 03:07:56 -08:00
object. This is essentially just a vector version of
readpage. Instead of just one page, several pages are
requested.
2006-03-25 03:08:29 -08:00
readpages is only used for read-ahead, so read errors are
2006-03-25 03:07:56 -08:00
ignored. If anything goes wrong, feel free to give up.
2005-04-16 15:20:36 -07:00
2008-10-29 14:00:55 -07:00
write_begin:
2007-10-16 01:25:01 -07:00
Called by the generic buffered write code to ask the filesystem to
prepare to write len bytes at the given offset in the file. The
address_space should check that the write will be able to complete,
by allocating space if necessary and doing any other internal
housekeeping. If the write will update parts of any basic-blocks on
storage, then those blocks should be pre-read (if they haven't been
read already) so that the updated blocks can be written out properly.
The filesystem must return the locked pagecache page for the specified
offset, in *pagep, for the caller to write into.
2008-10-29 14:00:55 -07:00
It must be able to cope with short writes (where the length passed to
write_begin is greater than the number of bytes copied into the page).
2007-10-16 01:25:01 -07:00
flags is a field for AOP_FLAG_xxx flags, described in
include/linux/fs.h.
A void * may be returned in fsdata, which then gets passed into
write_end.
Returns 0 on success; < 0 on failure (which is the error code), in
which case write_end is not called.
write_end: After a successful write_begin, and data copy, write_end must
be called. len is the original len passed to write_begin, and copied
is the amount that was able to be copied (copied == len is always true
if write_begin was called with the AOP_FLAG_UNINTERRUPTIBLE flag).
The filesystem must take care of unlocking the page and releasing it
refcount, and updating i_size.
Returns < 0 on failure, otherwise the number of bytes (<= 'copied')
that were able to be copied into pagecache.
2005-09-09 13:10:19 -07:00
bmap: called by the VFS to map a logical block offset within object to
2006-03-25 03:08:29 -08:00
physical block number. This method is used by the FIBMAP
2006-03-25 03:07:56 -08:00
ioctl and for working with swap-files. To be able to swap to
2006-03-25 03:08:29 -08:00
a file, the file must have a stable mapping to a block
2006-03-25 03:07:56 -08:00
device. The swap system does not go through the filesystem
but instead uses bmap to find out where the blocks in the file
are and uses those addresses directly.
invalidatepage: If a page has PagePrivate set, then invalidatepage
will be called when part or all of the page is to be removed
2006-03-25 03:08:29 -08:00
from the address space. This generally corresponds to either a
2006-03-25 03:07:56 -08:00
truncation or a complete invalidation of the address space
(in the latter case 'offset' will always be 0).
Any private data associated with the page should be updated
to reflect this truncation. If offset is 0, then
the private data should be released, because the page
must be able to be completely discarded. This may be done by
calling the ->releasepage function, but in this case the
release MUST succeed.
releasepage: releasepage is called on PagePrivate pages to indicate
that the page should be freed if possible. ->releasepage
should remove any private data from the page and clear the
2010-12-02 14:31:19 -08:00
PagePrivate flag. If releasepage() fails for some reason, it must
indicate failure with a 0 return value.
releasepage() is used in two distinct though related cases. The
first is when the VM finds a clean page with no active users and
2006-03-25 03:07:56 -08:00
wants to make it a free page. If ->releasepage succeeds, the
page will be removed from the address_space and become free.
2007-10-20 02:35:36 +02:00
The second case is when a request has been made to invalidate
2006-03-25 03:07:56 -08:00
some or all pages in an address_space. This can happen
through the fadvice(POSIX_FADV_DONTNEED) system call or by the
filesystem explicitly requesting it as nfs and 9fs do (when
they believe the cache may be out of date with storage) by
calling invalidate_inode_pages2().
If the filesystem makes such a call, and needs to be certain
2006-03-25 03:08:29 -08:00
that all pages are invalidated, then its releasepage will
2006-03-25 03:07:56 -08:00
need to ensure this. Possibly it can clear the PageUptodate
bit if it cannot free private data yet.
2010-12-01 13:35:19 -05:00
freepage: freepage is called once the page is no longer visible in
the page cache in order to allow the cleanup of any private
data. Since it may be called by the memory reclaimer, it
should not assume that the original address_space mapping still
exists, and it should not block.
2006-03-25 03:07:56 -08:00
direct_IO: called by the generic read/write routines to perform
direct_IO - that is IO requests which bypass the page cache
2006-03-25 03:08:29 -08:00
and transfer data directly between the storage and the
2006-03-25 03:07:56 -08:00
application's address space.
2005-09-09 13:10:19 -07:00
get_xip_page: called by the VM to translate a block number to a page.
The page is valid until the corresponding filesystem is unmounted.
Filesystems that want to use execute-in-place (XIP) need to implement
it. An example implementation can be found in fs/ext2/xip.c.
2006-03-25 03:07:56 -08:00
migrate_page: This is used to compact the physical memory usage.
If the VM wants to relocate a page (maybe off a memory card
that is signalling imminent failure) it will pass a new page
and an old page to this function. migrate_page should
transfer any private data across and update any references
that it has to the page.
2005-09-09 13:10:19 -07:00
2007-07-15 23:41:43 -07:00
launder_page: Called before freeing a page - it writes back the dirty page. To
prevent redirtying the page, it is kept locked during the whole
operation.
2009-09-16 11:50:13 +02:00
error_remove_page: normally set to generic_error_remove_page if truncation
is ok for this address space. Used for memory failure handling.
Setting this implies you deal with pages going away under you,
unless you have them locked or reference counts increased.
2005-11-07 01:01:08 -08:00
The File Object
===============
A file object represents a file opened by a process.
2005-09-09 13:10:19 -07:00
struct file_operations
2005-11-07 01:01:08 -08:00
----------------------
2005-04-16 15:20:36 -07:00
This describes how the VFS can manipulate an open file. As of kernel
2007-07-15 23:41:43 -07:00
2.6.22, the following members are defined:
2005-04-16 15:20:36 -07:00
struct file_operations {
2007-07-15 23:41:43 -07:00
struct module *owner;
2005-04-16 15:20:36 -07:00
loff_t (*llseek) (struct file *, loff_t, int);
2005-09-09 13:10:19 -07:00
ssize_t (*read) (struct file *, char __user *, size_t, loff_t *);
ssize_t (*write) (struct file *, const char __user *, size_t, loff_t *);
2006-09-30 23:28:46 -07:00
ssize_t (*aio_read) (struct kiocb *, const struct iovec *, unsigned long, loff_t);
ssize_t (*aio_write) (struct kiocb *, const struct iovec *, unsigned long, loff_t);
2005-04-16 15:20:36 -07:00
int (*readdir) (struct file *, void *, filldir_t);
unsigned int (*poll) (struct file *, struct poll_table_struct *);
2005-09-09 13:10:19 -07:00
long (*unlocked_ioctl) (struct file *, unsigned int, unsigned long);
long (*compat_ioctl) (struct file *, unsigned int, unsigned long);
2005-04-16 15:20:36 -07:00
int (*mmap) (struct file *, struct vm_area_struct *);
int (*open) (struct inode *, struct file *);
2005-09-09 13:10:19 -07:00
int (*flush) (struct file *);
2005-04-16 15:20:36 -07:00
int (*release) (struct inode *, struct file *);
2010-05-26 17:53:25 +02:00
int (*fsync) (struct file *, int datasync);
2005-09-09 13:10:19 -07:00
int (*aio_fsync) (struct kiocb *, int datasync);
int (*fasync) (int, struct file *, int);
2005-04-16 15:20:36 -07:00
int (*lock) (struct file *, int, struct file_lock *);
2005-09-09 13:10:19 -07:00
ssize_t (*readv) (struct file *, const struct iovec *, unsigned long, loff_t *);
ssize_t (*writev) (struct file *, const struct iovec *, unsigned long, loff_t *);
ssize_t (*sendfile) (struct file *, loff_t *, size_t, read_actor_t, void *);
ssize_t (*sendpage) (struct file *, struct page *, int, size_t, loff_t *, int);
unsigned long (*get_unmapped_area)(struct file *, unsigned long, unsigned long, unsigned long, unsigned long);
int (*check_flags)(int);
int (*flock) (struct file *, int, struct file_lock *);
2007-07-15 23:41:43 -07:00
ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, size_t, unsigned int);
ssize_t (*splice_read)(struct file *, struct pipe_inode_info *, size_t, unsigned int);
2005-04-16 15:20:36 -07:00
};
Again, all methods are called without any locks being held, unless
otherwise noted.
llseek: called when the VFS needs to move the file position index
read: called by read(2) and related system calls
2005-09-09 13:10:19 -07:00
aio_read: called by io_submit(2) and other asynchronous I/O operations
2005-04-16 15:20:36 -07:00
write: called by write(2) and related system calls
2005-09-09 13:10:19 -07:00
aio_write: called by io_submit(2) and other asynchronous I/O operations
2005-04-16 15:20:36 -07:00
readdir: called when the VFS needs to read the directory contents
poll: called by the VFS when a process wants to check if there is
activity on this file and (optionally) go to sleep until there
is activity. Called by the select(2) and poll(2) system calls
2010-07-04 00:15:10 +02:00
unlocked_ioctl: called by the ioctl(2) system call.
2005-09-09 13:10:19 -07:00
compat_ioctl: called by the ioctl(2) system call when 32 bit system calls
are used on 64 bit kernels.
2005-04-16 15:20:36 -07:00
mmap: called by the mmap(2) system call
open: called by the VFS when an inode should be opened. When the VFS
2005-09-09 13:10:19 -07:00
opens a file, it creates a new "struct file". It then calls the
open method for the newly allocated file structure. You might
think that the open method really belongs in
"struct inode_operations", and you may be right. I think it's
done the way it is because it makes filesystems simpler to
implement. The open() method is a good place to initialize the
"private_data" member in the file structure if you want to point
to a device structure
flush: called by the close(2) system call to flush a file
2005-04-16 15:20:36 -07:00
release: called when the last reference to an open file is closed
fsync: called by the fsync(2) system call
fasync: called by the fcntl(2) system call when asynchronous
(non-blocking) mode is enabled for a file
2005-09-09 13:10:19 -07:00
lock: called by the fcntl(2) system call for F_GETLK, F_SETLK, and F_SETLKW
commands
readv: called by the readv(2) system call
writev: called by the writev(2) system call
sendfile: called by the sendfile(2) system call
get_unmapped_area: called by the mmap(2) system call
check_flags: called by the fcntl(2) system call for F_SETFL command
flock: called by the flock(2) system call
2006-04-11 14:21:59 +02:00
splice_write: called by the VFS to splice data from a pipe to a file. This
method is used by the splice(2) system call
splice_read: called by the VFS to splice data from file to a pipe. This
method is used by the splice(2) system call
2005-04-16 15:20:36 -07:00
Note that the file operations are implemented by the specific
filesystem in which the inode resides. When opening a device node
(character or block special) most filesystems will call special
support routines in the VFS which will locate the required device
driver information. These support routines replace the filesystem file
operations with those for the device driver, and then proceed to call
the new open() method for the file. This is how opening a device file
in the filesystem eventually ends up calling the device driver open()
2005-09-09 13:10:19 -07:00
method.
2005-04-16 15:20:36 -07:00
2005-09-09 13:10:19 -07:00
Directory Entry Cache (dcache)
==============================
2005-04-16 15:20:36 -07:00
struct dentry_operations
2005-09-09 13:10:19 -07:00
------------------------
2005-04-16 15:20:36 -07:00
This describes how a filesystem can overload the standard dentry
operations. Dentries and the dcache are the domain of the VFS and the
individual filesystem implementations. Device drivers have no business
here. These methods may be set to NULL, as they are either optional or
2007-05-08 00:26:18 -07:00
the VFS uses a default. As of kernel 2.6.22, the following members are
2005-04-16 15:20:36 -07:00
defined:
struct dentry_operations {
2005-09-09 13:10:19 -07:00
int (*d_revalidate)(struct dentry *, struct nameidata *);
2011-01-07 17:49:28 +11:00
int (*d_hash)(const struct dentry *, const struct inode *,
struct qstr *);
2011-01-07 17:49:27 +11:00
int (*d_compare)(const struct dentry *, const struct inode *,
const struct dentry *, const struct inode *,
unsigned int, const char *, const struct qstr *);
2011-01-07 17:49:23 +11:00
int (*d_delete)(const struct dentry *);
2005-04-16 15:20:36 -07:00
void (*d_release)(struct dentry *);
void (*d_iput)(struct dentry *, struct inode *);
2007-05-08 00:26:18 -07:00
char *(*d_dname)(struct dentry *, char *, int);
Add a dentry op to handle automounting rather than abusing follow_link()
Add a dentry op (d_automount) to handle automounting directories rather than
abusing the follow_link() inode operation. The operation is keyed off a new
dentry flag (DCACHE_NEED_AUTOMOUNT).
This also makes it easier to add an AT_ flag to suppress terminal segment
automount during pathwalk and removes the need for the kludge code in the
pathwalk algorithm to handle directories with follow_link() semantics.
The ->d_automount() dentry operation:
struct vfsmount *(*d_automount)(struct path *mountpoint);
takes a pointer to the directory to be mounted upon, which is expected to
provide sufficient data to determine what should be mounted. If successful, it
should return the vfsmount struct it creates (which it should also have added
to the namespace using do_add_mount() or similar). If there's a collision with
another automount attempt, NULL should be returned. If the directory specified
by the parameter should be used directly rather than being mounted upon,
-EISDIR should be returned. In any other case, an error code should be
returned.
The ->d_automount() operation is called with no locks held and may sleep. At
this point the pathwalk algorithm will be in ref-walk mode.
Within fs/namei.c itself, a new pathwalk subroutine (follow_automount()) is
added to handle mountpoints. It will return -EREMOTE if the automount flag was
set, but no d_automount() op was supplied, -ELOOP if we've encountered too many
symlinks or mountpoints, -EISDIR if the walk point should be used without
mounting and 0 if successful. The path will be updated to point to the mounted
filesystem if a successful automount took place.
__follow_mount() is replaced by follow_managed() which is more generic
(especially with the patch that adds ->d_manage()). This handles transits from
directories during pathwalk, including automounting and skipping over
mountpoints (and holding processes with the next patch).
__follow_mount_rcu() will jump out of RCU-walk mode if it encounters an
automount point with nothing mounted on it.
follow_dotdot*() does not handle automounts as you don't want to trigger them
whilst following "..".
I've also extracted the mount/don't-mount logic from autofs4 and included it
here. It makes the mount go ahead anyway if someone calls open() or creat(),
tries to traverse the directory, tries to chdir/chroot/etc. into the directory,
or sticks a '/' on the end of the pathname. If they do a stat(), however,
they'll only trigger the automount if they didn't also say O_NOFOLLOW.
I've also added an inode flag (S_AUTOMOUNT) so that filesystems can mark their
inodes as automount points. This flag is automatically propagated to the
dentry as DCACHE_NEED_AUTOMOUNT by __d_instantiate(). This saves NFS and could
save AFS a private flag bit apiece, but is not strictly necessary. It would be
preferable to do the propagation in d_set_d_op(), but that doesn't normally
have access to the inode.
[AV: fixed breakage in case if __follow_mount_rcu() fails and nameidata_drop_rcu()
succeeds in RCU case of do_lookup(); we need to fall through to non-RCU case after
that, rather than just returning with ungrabbed *path]
Signed-off-by: David Howells <dhowells@redhat.com>
Was-Acked-by: Ian Kent <raven@themaw.net>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-01-14 18:45:21 +00:00
struct vfsmount *(*d_automount)(struct path *);
2011-01-14 18:46:51 +00:00
int (*d_manage)(struct dentry *, bool, bool);
2005-04-16 15:20:36 -07:00
};
d_revalidate: called when the VFS needs to revalidate a dentry. This
is called whenever a name look-up finds a dentry in the
dcache. Most filesystems leave this as NULL, because all their
dentries in the dcache are valid
2011-01-07 17:49:57 +11:00
d_revalidate may be called in rcu-walk mode (nd->flags & LOOKUP_RCU).
If in rcu-walk mode, the filesystem must revalidate the dentry without
blocking or storing to the dentry, d_parent and d_inode should not be
used without care (because they can go NULL), instead nd->inode should
be used.
If a situation is encountered that rcu-walk cannot handle, return
-ECHILD and it will be called again in ref-walk mode.
2011-01-07 17:49:27 +11:00
d_hash: called when the VFS adds a dentry to the hash table. The first
dentry passed to d_hash is the parent directory that the name is
2011-01-07 17:49:28 +11:00
to be hashed into. The inode is the dentry's inode.
Same locking and synchronisation rules as d_compare regarding
what is safe to dereference etc.
2005-04-16 15:20:36 -07:00
2011-01-07 17:49:27 +11:00
d_compare: called to compare a dentry name with a given name. The first
dentry is the parent of the dentry to be compared, the second is
the parent's inode, then the dentry and inode (may be NULL) of the
child dentry. len and name string are properties of the dentry to be
compared. qstr is the name to compare it with.
Must be constant and idempotent, and should not take locks if
possible, and should not or store into the dentry or inodes.
Should not dereference pointers outside the dentry or inodes without
lots of care (eg. d_parent, d_inode, d_name should not be used).
However, our vfsmount is pinned, and RCU held, so the dentries and
inodes won't disappear, neither will our sb or filesystem module.
->i_sb and ->d_sb may be used.
It is a tricky calling convention because it needs to be called under
"rcu-walk", ie. without any locks or references on things.
2005-04-16 15:20:36 -07:00
2011-01-07 17:49:23 +11:00
d_delete: called when the last reference to a dentry is dropped and the
dcache is deciding whether or not to cache it. Return 1 to delete
immediately, or 0 to cache the dentry. Default is NULL which means to
always cache a reachable dentry. d_delete must be constant and
idempotent.
2005-04-16 15:20:36 -07:00
d_release: called when a dentry is really deallocated
d_iput: called when a dentry loses its inode (just prior to its
being deallocated). The default when this is NULL is that the
VFS calls iput(). If you define this method, you must call
iput() yourself
2007-05-08 00:26:18 -07:00
d_dname: called when the pathname of a dentry should be generated.
2008-07-25 19:45:33 -07:00
Useful for some pseudo filesystems (sockfs, pipefs, ...) to delay
2007-05-08 00:26:18 -07:00
pathname generation. (Instead of doing it when dentry is created,
2008-07-25 19:45:33 -07:00
it's done only when the path is needed.). Real filesystems probably
2007-05-08 00:26:18 -07:00
dont want to use it, because their dentries are present in global
dcache hash, so their hash should be an invariant. As no lock is
held, d_dname() should not try to modify the dentry itself, unless
appropriate SMP safety is used. CAUTION : d_path() logic is quite
tricky. The correct way to return for example "Hello" is to put it
at the end of the buffer, and returns a pointer to the first char.
dynamic_dname() helper function is provided to take care of this.
Add a dentry op to handle automounting rather than abusing follow_link()
Add a dentry op (d_automount) to handle automounting directories rather than
abusing the follow_link() inode operation. The operation is keyed off a new
dentry flag (DCACHE_NEED_AUTOMOUNT).
This also makes it easier to add an AT_ flag to suppress terminal segment
automount during pathwalk and removes the need for the kludge code in the
pathwalk algorithm to handle directories with follow_link() semantics.
The ->d_automount() dentry operation:
struct vfsmount *(*d_automount)(struct path *mountpoint);
takes a pointer to the directory to be mounted upon, which is expected to
provide sufficient data to determine what should be mounted. If successful, it
should return the vfsmount struct it creates (which it should also have added
to the namespace using do_add_mount() or similar). If there's a collision with
another automount attempt, NULL should be returned. If the directory specified
by the parameter should be used directly rather than being mounted upon,
-EISDIR should be returned. In any other case, an error code should be
returned.
The ->d_automount() operation is called with no locks held and may sleep. At
this point the pathwalk algorithm will be in ref-walk mode.
Within fs/namei.c itself, a new pathwalk subroutine (follow_automount()) is
added to handle mountpoints. It will return -EREMOTE if the automount flag was
set, but no d_automount() op was supplied, -ELOOP if we've encountered too many
symlinks or mountpoints, -EISDIR if the walk point should be used without
mounting and 0 if successful. The path will be updated to point to the mounted
filesystem if a successful automount took place.
__follow_mount() is replaced by follow_managed() which is more generic
(especially with the patch that adds ->d_manage()). This handles transits from
directories during pathwalk, including automounting and skipping over
mountpoints (and holding processes with the next patch).
__follow_mount_rcu() will jump out of RCU-walk mode if it encounters an
automount point with nothing mounted on it.
follow_dotdot*() does not handle automounts as you don't want to trigger them
whilst following "..".
I've also extracted the mount/don't-mount logic from autofs4 and included it
here. It makes the mount go ahead anyway if someone calls open() or creat(),
tries to traverse the directory, tries to chdir/chroot/etc. into the directory,
or sticks a '/' on the end of the pathname. If they do a stat(), however,
they'll only trigger the automount if they didn't also say O_NOFOLLOW.
I've also added an inode flag (S_AUTOMOUNT) so that filesystems can mark their
inodes as automount points. This flag is automatically propagated to the
dentry as DCACHE_NEED_AUTOMOUNT by __d_instantiate(). This saves NFS and could
save AFS a private flag bit apiece, but is not strictly necessary. It would be
preferable to do the propagation in d_set_d_op(), but that doesn't normally
have access to the inode.
[AV: fixed breakage in case if __follow_mount_rcu() fails and nameidata_drop_rcu()
succeeds in RCU case of do_lookup(); we need to fall through to non-RCU case after
that, rather than just returning with ungrabbed *path]
Signed-off-by: David Howells <dhowells@redhat.com>
Was-Acked-by: Ian Kent <raven@themaw.net>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-01-14 18:45:21 +00:00
d_automount: called when an automount dentry is to be traversed (optional).
2011-01-14 19:10:03 +00:00
This should create a new VFS mount record and return the record to the
caller. The caller is supplied with a path parameter giving the
automount directory to describe the automount target and the parent
VFS mount record to provide inheritable mount parameters. NULL should
be returned if someone else managed to make the automount first. If
the vfsmount creation failed, then an error code should be returned.
If -EISDIR is returned, then the directory will be treated as an
ordinary directory and returned to pathwalk to continue walking.
If a vfsmount is returned, the caller will attempt to mount it on the
mountpoint and will remove the vfsmount from its expiration list in
the case of failure. The vfsmount should be returned with 2 refs on
it to prevent automatic expiration - the caller will clean up the
additional ref.
Add a dentry op to handle automounting rather than abusing follow_link()
Add a dentry op (d_automount) to handle automounting directories rather than
abusing the follow_link() inode operation. The operation is keyed off a new
dentry flag (DCACHE_NEED_AUTOMOUNT).
This also makes it easier to add an AT_ flag to suppress terminal segment
automount during pathwalk and removes the need for the kludge code in the
pathwalk algorithm to handle directories with follow_link() semantics.
The ->d_automount() dentry operation:
struct vfsmount *(*d_automount)(struct path *mountpoint);
takes a pointer to the directory to be mounted upon, which is expected to
provide sufficient data to determine what should be mounted. If successful, it
should return the vfsmount struct it creates (which it should also have added
to the namespace using do_add_mount() or similar). If there's a collision with
another automount attempt, NULL should be returned. If the directory specified
by the parameter should be used directly rather than being mounted upon,
-EISDIR should be returned. In any other case, an error code should be
returned.
The ->d_automount() operation is called with no locks held and may sleep. At
this point the pathwalk algorithm will be in ref-walk mode.
Within fs/namei.c itself, a new pathwalk subroutine (follow_automount()) is
added to handle mountpoints. It will return -EREMOTE if the automount flag was
set, but no d_automount() op was supplied, -ELOOP if we've encountered too many
symlinks or mountpoints, -EISDIR if the walk point should be used without
mounting and 0 if successful. The path will be updated to point to the mounted
filesystem if a successful automount took place.
__follow_mount() is replaced by follow_managed() which is more generic
(especially with the patch that adds ->d_manage()). This handles transits from
directories during pathwalk, including automounting and skipping over
mountpoints (and holding processes with the next patch).
__follow_mount_rcu() will jump out of RCU-walk mode if it encounters an
automount point with nothing mounted on it.
follow_dotdot*() does not handle automounts as you don't want to trigger them
whilst following "..".
I've also extracted the mount/don't-mount logic from autofs4 and included it
here. It makes the mount go ahead anyway if someone calls open() or creat(),
tries to traverse the directory, tries to chdir/chroot/etc. into the directory,
or sticks a '/' on the end of the pathname. If they do a stat(), however,
they'll only trigger the automount if they didn't also say O_NOFOLLOW.
I've also added an inode flag (S_AUTOMOUNT) so that filesystems can mark their
inodes as automount points. This flag is automatically propagated to the
dentry as DCACHE_NEED_AUTOMOUNT by __d_instantiate(). This saves NFS and could
save AFS a private flag bit apiece, but is not strictly necessary. It would be
preferable to do the propagation in d_set_d_op(), but that doesn't normally
have access to the inode.
[AV: fixed breakage in case if __follow_mount_rcu() fails and nameidata_drop_rcu()
succeeds in RCU case of do_lookup(); we need to fall through to non-RCU case after
that, rather than just returning with ungrabbed *path]
Signed-off-by: David Howells <dhowells@redhat.com>
Was-Acked-by: Ian Kent <raven@themaw.net>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-01-14 18:45:21 +00:00
This function is only used if DCACHE_NEED_AUTOMOUNT is set on the
dentry. This is set by __d_instantiate() if S_AUTOMOUNT is set on the
inode being added.
Add a dentry op to allow processes to be held during pathwalk transit
Add a dentry op (d_manage) to permit a filesystem to hold a process and make it
sleep when it tries to transit away from one of that filesystem's directories
during a pathwalk. The operation is keyed off a new dentry flag
(DCACHE_MANAGE_TRANSIT).
The filesystem is allowed to be selective about which processes it holds and
which it permits to continue on or prohibits from transiting from each flagged
directory. This will allow autofs to hold up client processes whilst letting
its userspace daemon through to maintain the directory or the stuff behind it
or mounted upon it.
The ->d_manage() dentry operation:
int (*d_manage)(struct path *path, bool mounting_here);
takes a pointer to the directory about to be transited away from and a flag
indicating whether the transit is undertaken by do_add_mount() or
do_move_mount() skipping through a pile of filesystems mounted on a mountpoint.
It should return 0 if successful and to let the process continue on its way;
-EISDIR to prohibit the caller from skipping to overmounted filesystems or
automounting, and to use this directory; or some other error code to return to
the user.
->d_manage() is called with namespace_sem writelocked if mounting_here is true
and no other locks held, so it may sleep. However, if mounting_here is true,
it may not initiate or wait for a mount or unmount upon the parameter
directory, even if the act is actually performed by userspace.
Within fs/namei.c, follow_managed() is extended to check with d_manage() first
on each managed directory, before transiting away from it or attempting to
automount upon it.
follow_down() is renamed follow_down_one() and should only be used where the
filesystem deliberately intends to avoid management steps (e.g. autofs).
A new follow_down() is added that incorporates the loop done by all other
callers of follow_down() (do_add/move_mount(), autofs and NFSD; whilst AFS, NFS
and CIFS do use it, their use is removed by converting them to use
d_automount()). The new follow_down() calls d_manage() as appropriate. It
also takes an extra parameter to indicate if it is being called from mount code
(with namespace_sem writelocked) which it passes to d_manage(). follow_down()
ignores automount points so that it can be used to mount on them.
__follow_mount_rcu() is made to abort rcu-walk mode if it hits a directory with
DCACHE_MANAGE_TRANSIT set on the basis that we're probably going to have to
sleep. It would be possible to enter d_manage() in rcu-walk mode too, and have
that determine whether to abort or not itself. That would allow the autofs
daemon to continue on in rcu-walk mode.
Note that DCACHE_MANAGE_TRANSIT on a directory should be cleared when it isn't
required as every tranist from that directory will cause d_manage() to be
invoked. It can always be set again when necessary.
==========================
WHAT THIS MEANS FOR AUTOFS
==========================
Autofs currently uses the lookup() inode op and the d_revalidate() dentry op to
trigger the automounting of indirect mounts, and both of these can be called
with i_mutex held.
autofs knows that the i_mutex will be held by the caller in lookup(), and so
can drop it before invoking the daemon - but this isn't so for d_revalidate(),
since the lock is only held on _some_ of the code paths that call it. This
means that autofs can't risk dropping i_mutex from its d_revalidate() function
before it calls the daemon.
The bug could manifest itself as, for example, a process that's trying to
validate an automount dentry that gets made to wait because that dentry is
expired and needs cleaning up:
mkdir S ffffffff8014e05a 0 32580 24956
Call Trace:
[<ffffffff885371fd>] :autofs4:autofs4_wait+0x674/0x897
[<ffffffff80127f7d>] avc_has_perm+0x46/0x58
[<ffffffff8009fdcf>] autoremove_wake_function+0x0/0x2e
[<ffffffff88537be6>] :autofs4:autofs4_expire_wait+0x41/0x6b
[<ffffffff88535cfc>] :autofs4:autofs4_revalidate+0x91/0x149
[<ffffffff80036d96>] __lookup_hash+0xa0/0x12f
[<ffffffff80057a2f>] lookup_create+0x46/0x80
[<ffffffff800e6e31>] sys_mkdirat+0x56/0xe4
versus the automount daemon which wants to remove that dentry, but can't
because the normal process is holding the i_mutex lock:
automount D ffffffff8014e05a 0 32581 1 32561
Call Trace:
[<ffffffff80063c3f>] __mutex_lock_slowpath+0x60/0x9b
[<ffffffff8000ccf1>] do_path_lookup+0x2ca/0x2f1
[<ffffffff80063c89>] .text.lock.mutex+0xf/0x14
[<ffffffff800e6d55>] do_rmdir+0x77/0xde
[<ffffffff8005d229>] tracesys+0x71/0xe0
[<ffffffff8005d28d>] tracesys+0xd5/0xe0
which means that the system is deadlocked.
This patch allows autofs to hold up normal processes whilst the daemon goes
ahead and does things to the dentry tree behind the automouter point without
risking a deadlock as almost no locks are held in d_manage() and none in
d_automount().
Signed-off-by: David Howells <dhowells@redhat.com>
Was-Acked-by: Ian Kent <raven@themaw.net>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-01-14 18:45:26 +00:00
d_manage: called to allow the filesystem to manage the transition from a
dentry (optional). This allows autofs, for example, to hold up clients
waiting to explore behind a 'mountpoint' whilst letting the daemon go
past and construct the subtree there. 0 should be returned to let the
calling process continue. -EISDIR can be returned to tell pathwalk to
use this directory as an ordinary directory and to ignore anything
mounted on it and not to check the automount flag. Any other error
code will abort pathwalk completely.
If the 'mounting_here' parameter is true, then namespace_sem is being
held by the caller and the function should not initiate any mounts or
unmounts that it will then wait for.
2011-01-14 18:46:51 +00:00
If the 'rcu_walk' parameter is true, then the caller is doing a
pathwalk in RCU-walk mode. Sleeping is not permitted in this mode,
and the caller can be asked to leave it and call again by returing
-ECHILD.
Add a dentry op to allow processes to be held during pathwalk transit
Add a dentry op (d_manage) to permit a filesystem to hold a process and make it
sleep when it tries to transit away from one of that filesystem's directories
during a pathwalk. The operation is keyed off a new dentry flag
(DCACHE_MANAGE_TRANSIT).
The filesystem is allowed to be selective about which processes it holds and
which it permits to continue on or prohibits from transiting from each flagged
directory. This will allow autofs to hold up client processes whilst letting
its userspace daemon through to maintain the directory or the stuff behind it
or mounted upon it.
The ->d_manage() dentry operation:
int (*d_manage)(struct path *path, bool mounting_here);
takes a pointer to the directory about to be transited away from and a flag
indicating whether the transit is undertaken by do_add_mount() or
do_move_mount() skipping through a pile of filesystems mounted on a mountpoint.
It should return 0 if successful and to let the process continue on its way;
-EISDIR to prohibit the caller from skipping to overmounted filesystems or
automounting, and to use this directory; or some other error code to return to
the user.
->d_manage() is called with namespace_sem writelocked if mounting_here is true
and no other locks held, so it may sleep. However, if mounting_here is true,
it may not initiate or wait for a mount or unmount upon the parameter
directory, even if the act is actually performed by userspace.
Within fs/namei.c, follow_managed() is extended to check with d_manage() first
on each managed directory, before transiting away from it or attempting to
automount upon it.
follow_down() is renamed follow_down_one() and should only be used where the
filesystem deliberately intends to avoid management steps (e.g. autofs).
A new follow_down() is added that incorporates the loop done by all other
callers of follow_down() (do_add/move_mount(), autofs and NFSD; whilst AFS, NFS
and CIFS do use it, their use is removed by converting them to use
d_automount()). The new follow_down() calls d_manage() as appropriate. It
also takes an extra parameter to indicate if it is being called from mount code
(with namespace_sem writelocked) which it passes to d_manage(). follow_down()
ignores automount points so that it can be used to mount on them.
__follow_mount_rcu() is made to abort rcu-walk mode if it hits a directory with
DCACHE_MANAGE_TRANSIT set on the basis that we're probably going to have to
sleep. It would be possible to enter d_manage() in rcu-walk mode too, and have
that determine whether to abort or not itself. That would allow the autofs
daemon to continue on in rcu-walk mode.
Note that DCACHE_MANAGE_TRANSIT on a directory should be cleared when it isn't
required as every tranist from that directory will cause d_manage() to be
invoked. It can always be set again when necessary.
==========================
WHAT THIS MEANS FOR AUTOFS
==========================
Autofs currently uses the lookup() inode op and the d_revalidate() dentry op to
trigger the automounting of indirect mounts, and both of these can be called
with i_mutex held.
autofs knows that the i_mutex will be held by the caller in lookup(), and so
can drop it before invoking the daemon - but this isn't so for d_revalidate(),
since the lock is only held on _some_ of the code paths that call it. This
means that autofs can't risk dropping i_mutex from its d_revalidate() function
before it calls the daemon.
The bug could manifest itself as, for example, a process that's trying to
validate an automount dentry that gets made to wait because that dentry is
expired and needs cleaning up:
mkdir S ffffffff8014e05a 0 32580 24956
Call Trace:
[<ffffffff885371fd>] :autofs4:autofs4_wait+0x674/0x897
[<ffffffff80127f7d>] avc_has_perm+0x46/0x58
[<ffffffff8009fdcf>] autoremove_wake_function+0x0/0x2e
[<ffffffff88537be6>] :autofs4:autofs4_expire_wait+0x41/0x6b
[<ffffffff88535cfc>] :autofs4:autofs4_revalidate+0x91/0x149
[<ffffffff80036d96>] __lookup_hash+0xa0/0x12f
[<ffffffff80057a2f>] lookup_create+0x46/0x80
[<ffffffff800e6e31>] sys_mkdirat+0x56/0xe4
versus the automount daemon which wants to remove that dentry, but can't
because the normal process is holding the i_mutex lock:
automount D ffffffff8014e05a 0 32581 1 32561
Call Trace:
[<ffffffff80063c3f>] __mutex_lock_slowpath+0x60/0x9b
[<ffffffff8000ccf1>] do_path_lookup+0x2ca/0x2f1
[<ffffffff80063c89>] .text.lock.mutex+0xf/0x14
[<ffffffff800e6d55>] do_rmdir+0x77/0xde
[<ffffffff8005d229>] tracesys+0x71/0xe0
[<ffffffff8005d28d>] tracesys+0xd5/0xe0
which means that the system is deadlocked.
This patch allows autofs to hold up normal processes whilst the daemon goes
ahead and does things to the dentry tree behind the automouter point without
risking a deadlock as almost no locks are held in d_manage() and none in
d_automount().
Signed-off-by: David Howells <dhowells@redhat.com>
Was-Acked-by: Ian Kent <raven@themaw.net>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-01-14 18:45:26 +00:00
This function is only used if DCACHE_MANAGE_TRANSIT is set on the
dentry being transited from.
2007-05-08 00:26:18 -07:00
Example :
static char *pipefs_dname(struct dentry *dent, char *buffer, int buflen)
{
return dynamic_dname(dentry, buffer, buflen, "pipe:[%lu]",
dentry->d_inode->i_ino);
}
2005-04-16 15:20:36 -07:00
Each dentry has a pointer to its parent dentry, as well as a hash list
of child dentries. Child dentries are basically like files in a
directory.
2005-09-09 13:10:19 -07:00
2005-11-07 01:01:08 -08:00
Directory Entry Cache API
2005-04-16 15:20:36 -07:00
--------------------------
There are a number of functions defined which permit a filesystem to
manipulate dentries:
dget: open a new handle for an existing dentry (this just increments
the usage count)
dput: close a handle for a dentry (decrements the usage count). If
2011-01-07 17:49:23 +11:00
the usage count drops to 0, and the dentry is still in its
parent's hash, the "d_delete" method is called to check whether
it should be cached. If it should not be cached, or if the dentry
is not hashed, it is deleted. Otherwise cached dentries are put
into an LRU list to be reclaimed on memory shortage.
2005-04-16 15:20:36 -07:00
d_drop: this unhashes a dentry from its parents hash list. A
2005-09-09 13:10:19 -07:00
subsequent call to dput() will deallocate the dentry if its
2005-04-16 15:20:36 -07:00
usage count drops to 0
d_delete: delete a dentry. If there are no other open references to
the dentry then the dentry is turned into a negative dentry
(the d_iput() method is called). If there are other
references, then d_drop() is called instead
d_add: add a dentry to its parents hash list and then calls
d_instantiate()
d_instantiate: add a dentry to the alias hash list for the inode and
updates the "d_inode" member. The "i_count" member in the
inode structure should be set/incremented. If the inode
pointer is NULL, the dentry is called a "negative
dentry". This function is commonly called when an inode is
created for an existing negative dentry
d_lookup: look up a dentry given its parent and path name component
It looks up the child of that given name from the dcache
hash table. If it is found, the reference count is incremented
2008-12-01 14:34:58 -08:00
and the dentry is returned. The caller must use dput()
2005-04-16 15:20:36 -07:00
to free the dentry when it finishes using it.
2005-11-07 01:01:09 -08:00
For further information on dentry locking, please refer to the document
Documentation/filesystems/dentry-locking.txt.
2005-11-07 01:01:08 -08:00
mount options: add documentation
This series addresses the problem of showing mount options in
/proc/mounts.
Several filesystems which use mount options, have not implemented a
.show_options superblock operation. Several others have implemented
this callback, but have not kept it fully up to date with the parsed
options.
Q: Why do we need correct option showing in /proc/mounts?
A: We want /proc/mounts to fully replace /etc/mtab. The reasons for
this are:
- unprivileged mounters won't be able to update /etc/mtab
- /etc/mtab doesn't work with private mount namespaces
- /etc/mtab can become out-of-sync with reality
Q: Can't this be done, so that filesystems need not bother with
implementing a .show_mounts callback, and keeping it up to date?
A: Only in some cases. Certain filesystems allow modification of a
subset of options in their remount_fs method. It is not possible
to take this into account without knowing exactly how the
filesystem handles options.
For the simple case (no remount or remount resets all options) the
patchset introduces two helpers:
generic_show_options()
save_mount_options()
These can also be used to emulate the old /etc/mtab behavior, until
proper support is added. Even if this is not 100% correct, it's still
better than showing no options at all.
The following patches fix up most in-tree filesystems, some have been
compile tested only, some have been reviewed and acked by the
maintainer.
Table displaying status of all in-kernel filesystems:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
legend:
none - fs has options, but doesn't define ->show_options()
some - fs defines ->show_options(), but some only options are shown
good - fs shows all options
noopt - fs does not have options
patch - a patch will be posted
merged - a patch has been merged by subsystem maintainer
9p good
adfs patch
affs patch
afs patch
autofs patch
autofs4 patch
befs patch
bfs noopt
cifs some
coda noopt
configfs noopt
cramfs noopt
debugfs noopt
devpts patch
ecryptfs good
efs noopt
ext2 patch
ext3 good
ext4 merged
fat patch
freevxfs noopt
fuse patch
fusectl noopt
gfs2 good
gfs2meta noopt
hfs good
hfsplus good
hostfs patch
hpfs patch
hppfs noopt
hugetlbfs patch
isofs patch
jffs2 noopt
jfs merged
minix noopt
msdos ->fat
ncpfs patch
nfs some
nfsd noopt
ntfs good
ocfs2 good
ocfs2/dlmfs noopt
openpromfs noopt
proc noopt
qnx4 noopt
ramfs noopt
reiserfs patch
romfs noopt
smbfs good
sysfs noopt
sysv noopt
udf patch
ufs good
vfat ->fat
xfs good
mm/shmem.c patch
drivers/oprofile/oprofilefs.c noopt
drivers/infiniband/hw/ipath/ipath_fs.c noopt
drivers/misc/ibmasm/ibmasmfs.c noopt
drivers/usb/core (usbfs) merged
drivers/usb/gadget (gadgetfs) noopt
drivers/isdn/capi/capifs.c patch
kernel/cpuset.c noopt
fs/binfmt_misc.c noopt
net/sunrpc/rpc_pipe.c noopt
arch/powerpc/platforms/cell/spufs patch
arch/s390/hypfs good
ipc/mqueue.c noopt
security (securityfs) noopt
security/selinux/selinuxfs.c noopt
kernel/cgroup.c good
security/smack/smackfs.c noopt
in -mm:
reiser4 some
unionfs good
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This patch:
Document the rules for handling mount options in the .show_options
super operation.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08 04:21:34 -08:00
Mount Options
=============
Parsing options
---------------
On mount and remount the filesystem is passed a string containing a
comma separated list of mount options. The options can have either of
these forms:
option
option=value
The <linux/parser.h> header defines an API that helps parse these
options. There are plenty of examples on how to use it in existing
filesystems.
Showing options
---------------
If a filesystem accepts mount options, it must define show_options()
to show all the currently active options. The rules are:
- options MUST be shown which are not default or their values differ
from the default
- options MAY be shown which are enabled by default or have their
default value
Options used only internally between a mount helper and the kernel
(such as file descriptors), or which only have an effect during the
mounting (such as ones controlling the creation of a journal) are exempt
from the above rules.
The underlying reason for the above rules is to make sure, that a
mount can be accurately replicated (e.g. umounting and mounting again)
based on the information found in /proc/mounts.
A simple method of saving options at mount/remount time and showing
them is provided with the save_mount_options() and
generic_show_options() helper functions. Please note, that using
these may have drawbacks. For more info see header comments for these
functions in fs/namespace.c.
2005-11-07 01:01:08 -08:00
Resources
=========
(Note some of these resources are not up-to-date with the latest kernel
version.)
Creating Linux virtual filesystems. 2002
<http://lwn.net/Articles/13325/>
The Linux Virtual File-system Layer by Neil Brown. 1999
<http://www.cse.unsw.edu.au/~neilb/oss/linux-commentary/vfs.html>
A tour of the Linux VFS by Michael K. Johnson. 1996
<http://www.tldp.org/LDP/khg/HyperNews/get/fs/vfstour.html>
A small trail through the Linux kernel by Andries Brouwer. 2001
<http://www.win.tue.nl/~aeb/linux/vfs/trail.html>