Re: [autofs] [RFC] Towards a Modern Autofs

From: H. Peter Anvin
Date: Wed Jan 07 2004 - 18:34:53 EST

Next message: Greg KH: "Re: removable media revalidation - udev vs. devfs or static /dev"
Previous message: Jesper Juhl: "Re: [PATCH][RFC] variable size and signedness issues in ldt.c -potential problem?"
In reply to: Jim Carter: "RE: [autofs] [RFC] Towards a Modern Autofs"
Next in thread: Ogden, Aaron A.: "RE: [autofs] [RFC] Towards a Modern Autofs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jim Carter wrote:
>
> To my mind the ideal design goes something like this:
>
> 1. you can mount a synthetic autofs filesystem on lots of directories,
> including subdirs of other autofs filesystems.
>
> 2. Whenever anything tries to access one of those directories (for a
> direct map) or one of its subdirs whether visible or not (indirect map), if
> nothing is mounted on it [and it hasn't been told by a special flag that
> it's non-mountable, see the /home/user/server{A,B} example], the autofs
> kernel module runs a script in user space (in the namespace context of the
> originally requesting process). Upon exit, if something is now mounted on
> the subdir, fine. Otherwise, ENOENT. The module is not required to know
> anything about autofs maps that the userspace helper may or may not
> consult.
>
> 3. Periodically the module should check if mounted filesystems are
> potentially unmountable (this seems to be inexpensive), and if so it should
> run the userspace helper to unmount them. If the unmount fails, the helper
> (not the kernel) should try to distinguish a race condition from a dead NFS
> server, and whether the mount will be viable once the server comes back. If
> not, it should be more aggressive than the present daemon in unmounting. At
> present the module carefully keeps up-to-date a last_used field and a
> timeout potentially different for each mount, but it's probably sufficient
> to merely poll all the mount points periodically all at once, perhaps with
> a one-time exemption when something is first mounted.
>
> And that's *all* the complexity that should be in the kernel. That's quite
> complex enough in my opinion. If the userspace helper needs state, it can
> lock and read/write a file. I don't really see the need for the autofs
> system to have state beyond "it's mounted".
>

What you've described above is more or less the autofs v3 design. There
are reasons why you really want to have a simple-minded timeout in the
kernel, mostly because attempting umount is more expensive than it
should be on some filesystems. It only needs to be statistically
accurate, though, and thus it does not introduce a race.

Once you have to deal with mount trees (multiple filesystems on the same
mount point which you want to have appear to userspace as a unit),
things get significantly more complex, unfortunately. Mounting is not a
problem, since the nonprivileged processes are simply held, but
umounting is, since in order to make sure there are no race conditions
userspace needs to be locked out from filesystem "a" while umounting
filesystem "a/b", *or* the equivalent of a direct mount autofs point has
to be imposed on node "a/b" of filesystem "a" which can be atomically
deleted together with the umounting of filesystem "a".

These are the mount traps Al Viro has been architecting.

-hpa

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: removable media revalidation - udev vs. devfs or static /dev"
Previous message: Jesper Juhl: "Re: [PATCH][RFC] variable size and signedness issues in ldt.c -potential problem?"
In reply to: Jim Carter: "RE: [autofs] [RFC] Towards a Modern Autofs"
Next in thread: Ogden, Aaron A.: "RE: [autofs] [RFC] Towards a Modern Autofs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]