From: "H. Peter Anvin" <hpa@zytor.com>
To: Mike Waychison <Michael.Waychison@Sun.COM>
Cc: Michael Clark <michael@metaparadigm.com>,
Ian Kent <raven@themaw.net>,
autofs mailing list <autofs@linux.kernel.org>,
Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [autofs] [RFC] Towards a Modern Autofs
Date: Fri, 09 Jan 2004 12:54:17 -0800 [thread overview]
Message-ID: <3FFF14F9.6030601@zytor.com> (raw)
In-Reply-To: <3FFF0EF0.90807@sun.com>
Mike Waychison wrote:
>
> This is an interesting approach to killing off a mountpoint. However,
> the problem in question is not the destruction of the mountpoints, but
> rather being able to
> check_activity_of_a_hierarchy_of_mountpoints/unmount_them_together
> atomically. This cannot be done cleanly in userspace even when given an
> interface to do the check, someone can race in before userspace
> initiates the unmounts. The alternative is to have userspace detach the
> hierarchy of mountpoints using the '-l' option to umount(8), but then we
> may still unneccesarily unmount the filesystem will someone is in it.
> I think that both HPA and I agree that this capability is needed in
> order to support lazy mounting of multimounts properly. The issue
> that remains is *how* to do it.
>
I would argue even stronger: allowing the administrator to umount
directories manually is a hard requirement. This means that partial
hierarchies *will* occur. Thus, relying on the hierarchy being
atomically destructed in inherently broken.
This means that constructing the hierarchy with direct-mount automount
triggers in between the filesystems is mandatory; you get lazy mounting
for free, then -- it's a userspace policy decision whether or not to
release the waiting processes before the hierarchy is complete or not.
Now, once you recognize that the administrator needs to be able to do
umounts, expiry in userspace becomes quite trivial, since expiry is
inherently probabilistic: it can simply mimic an administrator preening
the trees, and if it fails, stop (or re-mount the submounts, policy
decision.) Having a simple kernel-assist to avoid needless umount
operations is a good thing if (and only if!) it's cheap, but it doesn't
have to be foolproof.
Again, the atomicity constraint that umounting a filesystem needs to
destroy the mount traps above it derives from the need to cleanly deal
with nonatomic destruction.
>
> The time required to unmount something is constant if we detach the
> mountpoint using a lazy umount.
>
You probably don't want to do that -- you could end up with some really
odd timing-related bugs if you then re-mount the filesystem. It's also
unnecessary, since expiry is not a triggered event and therefore doesn't
keep anything that needs to happen from happening.
-hpa
WARNING: multiple messages have this Message-ID (diff)
From: "H. Peter Anvin" <hpa@zytor.com>
To: Mike Waychison <Michael.Waychison@Sun.COM>
Cc: Michael Clark <michael@metaparadigm.com>,
autofs mailing list <autofs@linux.kernel.org>,
Kernel Mailing List <linux-kernel@vger.kernel.org>,
Ian Kent <raven@themaw.net>
Subject: Re: [RFC] Towards a Modern Autofs
Date: Fri, 09 Jan 2004 12:54:17 -0800 [thread overview]
Message-ID: <3FFF14F9.6030601@zytor.com> (raw)
In-Reply-To: <3FFF0EF0.90807@sun.com>
Mike Waychison wrote:
>
> This is an interesting approach to killing off a mountpoint. However,
> the problem in question is not the destruction of the mountpoints, but
> rather being able to
> check_activity_of_a_hierarchy_of_mountpoints/unmount_them_together
> atomically. This cannot be done cleanly in userspace even when given an
> interface to do the check, someone can race in before userspace
> initiates the unmounts. The alternative is to have userspace detach the
> hierarchy of mountpoints using the '-l' option to umount(8), but then we
> may still unneccesarily unmount the filesystem will someone is in it.
> I think that both HPA and I agree that this capability is needed in
> order to support lazy mounting of multimounts properly. The issue
> that remains is *how* to do it.
>
I would argue even stronger: allowing the administrator to umount
directories manually is a hard requirement. This means that partial
hierarchies *will* occur. Thus, relying on the hierarchy being
atomically destructed in inherently broken.
This means that constructing the hierarchy with direct-mount automount
triggers in between the filesystems is mandatory; you get lazy mounting
for free, then -- it's a userspace policy decision whether or not to
release the waiting processes before the hierarchy is complete or not.
Now, once you recognize that the administrator needs to be able to do
umounts, expiry in userspace becomes quite trivial, since expiry is
inherently probabilistic: it can simply mimic an administrator preening
the trees, and if it fails, stop (or re-mount the submounts, policy
decision.) Having a simple kernel-assist to avoid needless umount
operations is a good thing if (and only if!) it's cheap, but it doesn't
have to be foolproof.
Again, the atomicity constraint that umounting a filesystem needs to
destroy the mount traps above it derives from the need to cleanly deal
with nonatomic destruction.
>
> The time required to unmount something is constant if we detach the
> mountpoint using a lazy umount.
>
You probably don't want to do that -- you could end up with some really
odd timing-related bugs if you then re-mount the filesystem. It's also
unnecessary, since expiry is not a triggered event and therefore doesn't
keep anything that needs to happen from happening.
-hpa
next prev parent reply other threads:[~2004-01-09 20:55 UTC|newest]
Thread overview: 115+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-06 19:55 [RFC] Towards a Modern Autofs Mike Waychison
2004-01-06 19:55 ` Mike Waychison
2004-01-06 21:01 ` [autofs] " H. Peter Anvin
2004-01-06 21:01 ` H. Peter Anvin
2004-01-06 21:44 ` [autofs] " Mike Waychison
2004-01-06 21:44 ` Mike Waychison
2004-01-06 21:50 ` [autofs] " Tim Hockin
2004-01-06 21:50 ` Tim Hockin
2004-01-06 22:06 ` [autofs] " H. Peter Anvin
2004-01-06 22:06 ` H. Peter Anvin
2004-01-06 22:17 ` [autofs] " Tim Hockin
[not found] ` <20040106221502.GA7398@hockin.org>
2004-01-06 22:20 ` H. Peter Anvin
2004-01-06 22:20 ` H. Peter Anvin
2004-01-07 16:19 ` [autofs] " Mike Waychison
2004-01-07 16:19 ` Mike Waychison
2004-01-07 17:55 ` [autofs] " H. Peter Anvin
2004-01-07 21:13 ` Mike Waychison
2004-01-06 22:28 ` name spaces good (was: [autofs] [RFC] Towards a Modern Autofs) Dax Kelson
2004-01-06 22:48 ` name spaces good H. Peter Anvin
2004-01-06 22:48 ` H. Peter Anvin
2004-01-07 21:14 ` [autofs] [RFC] Towards a Modern Autofs Jim Carter
2004-01-07 21:14 ` Jim Carter
2004-01-07 22:55 ` [autofs] " Mike Waychison
2004-01-07 22:55 ` Mike Waychison
2004-01-08 12:00 ` [autofs] " Ian Kent
2004-01-08 12:00 ` Ian Kent
2004-01-08 15:39 ` [autofs] " Mike Waychison
2004-01-09 18:20 ` Ian Kent
2004-01-09 18:20 ` Ian Kent
2004-01-09 20:06 ` [autofs] " Mike Waychison
2004-01-09 20:06 ` Mike Waychison
2004-01-10 5:43 ` [autofs] " Ian Kent
2004-01-12 13:07 ` Mike Waychison
2004-01-12 16:01 ` raven
2004-01-12 16:26 ` Mike Waychison
2004-01-12 22:50 ` Tim Hockin
2004-01-12 23:28 ` Mike Waychison
2004-01-13 1:30 ` Ian Kent
2004-01-13 1:30 ` Ian Kent
2004-01-12 16:28 ` [autofs] " raven
2004-01-12 16:58 ` Mike Waychison
2004-01-13 1:54 ` Ian Kent
2004-01-13 1:54 ` Ian Kent
2004-01-13 19:01 ` [autofs] " Mike Waychison
2004-01-13 19:01 ` Mike Waychison
2004-01-14 15:58 ` [autofs] " raven
2004-01-14 19:32 ` running out of mount points Greg Bradner
2004-01-19 15:48 ` Greg Bradner
2004-01-19 17:11 ` Mike Waychison
2004-01-19 19:07 ` Greg Bradner
2004-01-20 19:15 ` Jim Carter
2004-01-13 18:46 ` [autofs] [RFC] Towards a Modern Autofs Mike Waychison
2004-01-13 18:46 ` Mike Waychison
2004-01-09 20:51 ` [autofs] " Jim Carter
2004-01-09 20:51 ` Jim Carter
2004-01-10 5:56 ` [autofs] " Ian Kent
2004-01-08 17:34 ` H. Peter Anvin
2004-01-08 19:41 ` Mike Waychison
2004-01-08 23:42 ` Michael Clark
2004-01-09 20:28 ` Mike Waychison
2004-01-09 20:28 ` Mike Waychison
2004-01-09 20:54 ` H. Peter Anvin [this message]
2004-01-09 20:54 ` H. Peter Anvin
2004-01-09 21:43 ` [autofs] " Mike Waychison
2004-01-09 21:43 ` Mike Waychison
2004-01-09 18:32 ` [autofs] " Ian Kent
2004-01-09 18:32 ` Ian Kent
2004-01-09 20:52 ` [autofs] " Mike Waychison
2004-01-09 20:52 ` Mike Waychison
2004-01-10 6:05 ` [autofs] " Ian Kent
2004-01-08 12:29 ` Olivier Galibert
2004-01-08 13:20 ` Robin Rosenberg
2004-01-08 16:23 ` Mike Waychison
2004-01-08 12:35 ` Ian Kent
2004-01-08 13:08 ` Ian Kent
2004-01-08 18:20 ` Jim Carter
2004-01-08 21:01 ` H. Peter Anvin
2004-01-08 0:48 ` Ian Kent
2004-01-08 0:48 ` Ian Kent
2004-01-06 22:28 [autofs] " Ogden, Aaron A.
2004-01-06 22:41 ` Mike Fedyk
2004-01-06 22:47 ` Tim Hockin
2004-01-06 22:53 ` Paul Raines
2004-01-07 23:14 ` Jim Carter
2004-01-07 23:32 ` H. Peter Anvin
2004-01-08 12:52 ` Ian Kent
2004-01-08 12:52 ` Ian Kent
2004-01-08 18:31 ` viro
2004-01-09 18:43 ` Ian Kent
2004-01-09 19:41 ` Mike Waychison
2004-01-09 19:57 ` H. Peter Anvin
2004-01-09 21:31 ` Mike Waychison
2004-01-09 21:36 ` H. Peter Anvin
2004-01-06 23:34 Ogden, Aaron A.
2004-01-06 23:47 ` Tim Hockin
[not found] <1b5GC-29h-1@gated-at.bofh.it>
[not found] ` <1b6CO-3v0-15@gated-at.bofh.it>
2004-01-07 4:21 ` Andi Kleen
2004-01-07 17:50 ` H. Peter Anvin
2004-01-07 21:04 ` Mike Waychison
2004-01-07 21:11 ` Mike Fedyk
2004-01-07 23:40 ` Jesper Juhl
2004-01-07 21:24 ` Jeff Garzik
2004-01-07 23:47 ` Mike Waychison
2004-01-07 23:56 ` Jeff Garzik
2004-01-12 16:57 ` Mike Waychison
2004-01-13 7:39 ` Ian Kent
2004-01-08 19:32 trond.myklebust
2004-01-08 19:41 ` H. Peter Anvin
2004-01-08 20:08 ` trond.myklebust
2004-01-08 21:13 ` H. Peter Anvin
2004-01-08 22:20 ` J. Bruce Fields
2004-01-08 22:24 ` H. Peter Anvin
2004-01-09 20:37 ` Mike Waychison
2004-01-09 21:02 ` H. Peter Anvin
2004-01-09 21:52 ` Mike Waychison
2004-01-09 20:16 ` Mike Waychison
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3FFF14F9.6030601@zytor.com \
--to=hpa@zytor.com \
--cc=Michael.Waychison@Sun.COM \
--cc=autofs@linux.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael@metaparadigm.com \
--cc=raven@themaw.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.