exporting.rst (10403B)
1:orphan: 2 3Making Filesystems Exportable 4============================= 5 6Overview 7-------- 8 9All filesystem operations require a dentry (or two) as a starting 10point. Local applications have a reference-counted hold on suitable 11dentries via open file descriptors or cwd/root. However remote 12applications that access a filesystem via a remote filesystem protocol 13such as NFS may not be able to hold such a reference, and so need a 14different way to refer to a particular dentry. As the alternative 15form of reference needs to be stable across renames, truncates, and 16server-reboot (among other things, though these tend to be the most 17problematic), there is no simple answer like 'filename'. 18 19The mechanism discussed here allows each filesystem implementation to 20specify how to generate an opaque (outside of the filesystem) byte 21string for any dentry, and how to find an appropriate dentry for any 22given opaque byte string. 23This byte string will be called a "filehandle fragment" as it 24corresponds to part of an NFS filehandle. 25 26A filesystem which supports the mapping between filehandle fragments 27and dentries will be termed "exportable". 28 29 30 31Dcache Issues 32------------- 33 34The dcache normally contains a proper prefix of any given filesystem 35tree. This means that if any filesystem object is in the dcache, then 36all of the ancestors of that filesystem object are also in the dcache. 37As normal access is by filename this prefix is created naturally and 38maintained easily (by each object maintaining a reference count on 39its parent). 40 41However when objects are included into the dcache by interpreting a 42filehandle fragment, there is no automatic creation of a path prefix 43for the object. This leads to two related but distinct features of 44the dcache that are not needed for normal filesystem access. 45 461. The dcache must sometimes contain objects that are not part of the 47 proper prefix. i.e that are not connected to the root. 482. The dcache must be prepared for a newly found (via ->lookup) directory 49 to already have a (non-connected) dentry, and must be able to move 50 that dentry into place (based on the parent and name in the 51 ->lookup). This is particularly needed for directories as 52 it is a dcache invariant that directories only have one dentry. 53 54To implement these features, the dcache has: 55 56a. A dentry flag DCACHE_DISCONNECTED which is set on 57 any dentry that might not be part of the proper prefix. 58 This is set when anonymous dentries are created, and cleared when a 59 dentry is noticed to be a child of a dentry which is in the proper 60 prefix. If the refcount on a dentry with this flag set 61 becomes zero, the dentry is immediately discarded, rather than being 62 kept in the dcache. If a dentry that is not already in the dcache 63 is repeatedly accessed by filehandle (as NFSD might do), an new dentry 64 will be a allocated for each access, and discarded at the end of 65 the access. 66 67 Note that such a dentry can acquire children, name, ancestors, etc. 68 without losing DCACHE_DISCONNECTED - that flag is only cleared when 69 subtree is successfully reconnected to root. Until then dentries 70 in such subtree are retained only as long as there are references; 71 refcount reaching zero means immediate eviction, same as for unhashed 72 dentries. That guarantees that we won't need to hunt them down upon 73 umount. 74 75b. A primitive for creation of secondary roots - d_obtain_root(inode). 76 Those do _not_ bear DCACHE_DISCONNECTED. They are placed on the 77 per-superblock list (->s_roots), so they can be located at umount 78 time for eviction purposes. 79 80c. Helper routines to allocate anonymous dentries, and to help attach 81 loose directory dentries at lookup time. They are: 82 83 d_obtain_alias(inode) will return a dentry for the given inode. 84 If the inode already has a dentry, one of those is returned. 85 86 If it doesn't, a new anonymous (IS_ROOT and 87 DCACHE_DISCONNECTED) dentry is allocated and attached. 88 89 In the case of a directory, care is taken that only one dentry 90 can ever be attached. 91 92 d_splice_alias(inode, dentry) will introduce a new dentry into the tree; 93 either the passed-in dentry or a preexisting alias for the given inode 94 (such as an anonymous one created by d_obtain_alias), if appropriate. 95 It returns NULL when the passed-in dentry is used, following the calling 96 convention of ->lookup. 97 98Filesystem Issues 99----------------- 100 101For a filesystem to be exportable it must: 102 103 1. provide the filehandle fragment routines described below. 104 2. make sure that d_splice_alias is used rather than d_add 105 when ->lookup finds an inode for a given parent and name. 106 107 If inode is NULL, d_splice_alias(inode, dentry) is equivalent to:: 108 109 d_add(dentry, inode), NULL 110 111 Similarly, d_splice_alias(ERR_PTR(err), dentry) = ERR_PTR(err) 112 113 Typically the ->lookup routine will simply end with a:: 114 115 return d_splice_alias(inode, dentry); 116 } 117 118 119 120A file system implementation declares that instances of the filesystem 121are exportable by setting the s_export_op field in the struct 122super_block. This field must point to a "struct export_operations" 123struct which has the following members: 124 125 encode_fh (optional) 126 Takes a dentry and creates a filehandle fragment which can later be used 127 to find or create a dentry for the same object. The default 128 implementation creates a filehandle fragment that encodes a 32bit inode 129 and generation number for the inode encoded, and if necessary the 130 same information for the parent. 131 132 fh_to_dentry (mandatory) 133 Given a filehandle fragment, this should find the implied object and 134 create a dentry for it (possibly with d_obtain_alias). 135 136 fh_to_parent (optional but strongly recommended) 137 Given a filehandle fragment, this should find the parent of the 138 implied object and create a dentry for it (possibly with 139 d_obtain_alias). May fail if the filehandle fragment is too small. 140 141 get_parent (optional but strongly recommended) 142 When given a dentry for a directory, this should return a dentry for 143 the parent. Quite possibly the parent dentry will have been allocated 144 by d_alloc_anon. The default get_parent function just returns an error 145 so any filehandle lookup that requires finding a parent will fail. 146 ->lookup("..") is *not* used as a default as it can leave ".." entries 147 in the dcache which are too messy to work with. 148 149 get_name (optional) 150 When given a parent dentry and a child dentry, this should find a name 151 in the directory identified by the parent dentry, which leads to the 152 object identified by the child dentry. If no get_name function is 153 supplied, a default implementation is provided which uses vfs_readdir 154 to find potential names, and matches inode numbers to find the correct 155 match. 156 157 flags 158 Some filesystems may need to be handled differently than others. The 159 export_operations struct also includes a flags field that allows the 160 filesystem to communicate such information to nfsd. See the Export 161 Operations Flags section below for more explanation. 162 163A filehandle fragment consists of an array of 1 or more 4byte words, 164together with a one byte "type". 165The decode_fh routine should not depend on the stated size that is 166passed to it. This size may be larger than the original filehandle 167generated by encode_fh, in which case it will have been padded with 168nuls. Rather, the encode_fh routine should choose a "type" which 169indicates the decode_fh how much of the filehandle is valid, and how 170it should be interpreted. 171 172Export Operations Flags 173----------------------- 174In addition to the operation vector pointers, struct export_operations also 175contains a "flags" field that allows the filesystem to communicate to nfsd 176that it may want to do things differently when dealing with it. The 177following flags are defined: 178 179 EXPORT_OP_NOWCC - disable NFSv3 WCC attributes on this filesystem 180 RFC 1813 recommends that servers always send weak cache consistency 181 (WCC) data to the client after each operation. The server should 182 atomically collect attributes about the inode, do an operation on it, 183 and then collect the attributes afterward. This allows the client to 184 skip issuing GETATTRs in some situations but means that the server 185 is calling vfs_getattr for almost all RPCs. On some filesystems 186 (particularly those that are clustered or networked) this is expensive 187 and atomicity is difficult to guarantee. This flag indicates to nfsd 188 that it should skip providing WCC attributes to the client in NFSv3 189 replies when doing operations on this filesystem. Consider enabling 190 this on filesystems that have an expensive ->getattr inode operation, 191 or when atomicity between pre and post operation attribute collection 192 is impossible to guarantee. 193 194 EXPORT_OP_NOSUBTREECHK - disallow subtree checking on this fs 195 Many NFS operations deal with filehandles, which the server must then 196 vet to ensure that they live inside of an exported tree. When the 197 export consists of an entire filesystem, this is trivial. nfsd can just 198 ensure that the filehandle live on the filesystem. When only part of a 199 filesystem is exported however, then nfsd must walk the ancestors of the 200 inode to ensure that it's within an exported subtree. This is an 201 expensive operation and not all filesystems can support it properly. 202 This flag exempts the filesystem from subtree checking and causes 203 exportfs to get back an error if it tries to enable subtree checking 204 on it. 205 206 EXPORT_OP_CLOSE_BEFORE_UNLINK - always close cached files before unlinking 207 On some exportable filesystems (such as NFS) unlinking a file that 208 is still open can cause a fair bit of extra work. For instance, 209 the NFS client will do a "sillyrename" to ensure that the file 210 sticks around while it's still open. When reexporting, that open 211 file is held by nfsd so we usually end up doing a sillyrename, and 212 then immediately deleting the sillyrenamed file just afterward when 213 the link count actually goes to zero. Sometimes this delete can race 214 with other operations (for instance an rmdir of the parent directory). 215 This flag causes nfsd to close any open files for this inode _before_ 216 calling into the vfs to do an unlink or a rename that would replace 217 an existing file.