From: "H. Peter Anvin" <hpa@zytor.com> To: Mike Waychison <Michael.Waychison@Sun.COM> Cc: Michael Clark <michael@metaparadigm.com>, Ian Kent <raven@themaw.net>, autofs mailing list <autofs@linux.kernel.org>, Kernel Mailing List <linux-kernel@vger.kernel.org> Subject: Re: [autofs] [RFC] Towards a Modern Autofs Date: Fri, 09 Jan 2004 12:54:17 -0800 [thread overview] Message-ID: <3FFF14F9.6030601@zytor.com> (raw) In-Reply-To: <3FFF0EF0.90807@sun.com> Mike Waychison wrote: > > This is an interesting approach to killing off a mountpoint. However, > the problem in question is not the destruction of the mountpoints, but > rather being able to > check_activity_of_a_hierarchy_of_mountpoints/unmount_them_together > atomically. This cannot be done cleanly in userspace even when given an > interface to do the check, someone can race in before userspace > initiates the unmounts. The alternative is to have userspace detach the > hierarchy of mountpoints using the '-l' option to umount(8), but then we > may still unneccesarily unmount the filesystem will someone is in it. > I think that both HPA and I agree that this capability is needed in > order to support lazy mounting of multimounts properly. The issue > that remains is *how* to do it. > I would argue even stronger: allowing the administrator to umount directories manually is a hard requirement. This means that partial hierarchies *will* occur. Thus, relying on the hierarchy being atomically destructed in inherently broken. This means that constructing the hierarchy with direct-mount automount triggers in between the filesystems is mandatory; you get lazy mounting for free, then -- it's a userspace policy decision whether or not to release the waiting processes before the hierarchy is complete or not. Now, once you recognize that the administrator needs to be able to do umounts, expiry in userspace becomes quite trivial, since expiry is inherently probabilistic: it can simply mimic an administrator preening the trees, and if it fails, stop (or re-mount the submounts, policy decision.) Having a simple kernel-assist to avoid needless umount operations is a good thing if (and only if!) it's cheap, but it doesn't have to be foolproof. Again, the atomicity constraint that umounting a filesystem needs to destroy the mount traps above it derives from the need to cleanly deal with nonatomic destruction. > > The time required to unmount something is constant if we detach the > mountpoint using a lazy umount. > You probably don't want to do that -- you could end up with some really odd timing-related bugs if you then re-mount the filesystem. It's also unnecessary, since expiry is not a triggered event and therefore doesn't keep anything that needs to happen from happening. -hpa
WARNING: multiple messages have this Message-ID (diff)
From: "H. Peter Anvin" <hpa@zytor.com> To: Mike Waychison <Michael.Waychison@Sun.COM> Cc: Michael Clark <michael@metaparadigm.com>, autofs mailing list <autofs@linux.kernel.org>, Kernel Mailing List <linux-kernel@vger.kernel.org>, Ian Kent <raven@themaw.net> Subject: Re: [RFC] Towards a Modern Autofs Date: Fri, 09 Jan 2004 12:54:17 -0800 [thread overview] Message-ID: <3FFF14F9.6030601@zytor.com> (raw) In-Reply-To: <3FFF0EF0.90807@sun.com> Mike Waychison wrote: > > This is an interesting approach to killing off a mountpoint. However, > the problem in question is not the destruction of the mountpoints, but > rather being able to > check_activity_of_a_hierarchy_of_mountpoints/unmount_them_together > atomically. This cannot be done cleanly in userspace even when given an > interface to do the check, someone can race in before userspace > initiates the unmounts. The alternative is to have userspace detach the > hierarchy of mountpoints using the '-l' option to umount(8), but then we > may still unneccesarily unmount the filesystem will someone is in it. > I think that both HPA and I agree that this capability is needed in > order to support lazy mounting of multimounts properly. The issue > that remains is *how* to do it. > I would argue even stronger: allowing the administrator to umount directories manually is a hard requirement. This means that partial hierarchies *will* occur. Thus, relying on the hierarchy being atomically destructed in inherently broken. This means that constructing the hierarchy with direct-mount automount triggers in between the filesystems is mandatory; you get lazy mounting for free, then -- it's a userspace policy decision whether or not to release the waiting processes before the hierarchy is complete or not. Now, once you recognize that the administrator needs to be able to do umounts, expiry in userspace becomes quite trivial, since expiry is inherently probabilistic: it can simply mimic an administrator preening the trees, and if it fails, stop (or re-mount the submounts, policy decision.) Having a simple kernel-assist to avoid needless umount operations is a good thing if (and only if!) it's cheap, but it doesn't have to be foolproof. Again, the atomicity constraint that umounting a filesystem needs to destroy the mount traps above it derives from the need to cleanly deal with nonatomic destruction. > > The time required to unmount something is constant if we detach the > mountpoint using a lazy umount. > You probably don't want to do that -- you could end up with some really odd timing-related bugs if you then re-mount the filesystem. It's also unnecessary, since expiry is not a triggered event and therefore doesn't keep anything that needs to happen from happening. -hpa
next prev parent reply other threads:[~2004-01-09 20:55 UTC|newest] Thread overview: 115+ messages / expand[flat|nested] mbox.gz Atom feed top 2004-01-06 19:55 [RFC] Towards a Modern Autofs Mike Waychison 2004-01-06 19:55 ` Mike Waychison 2004-01-06 21:01 ` [autofs] " H. Peter Anvin 2004-01-06 21:01 ` H. Peter Anvin 2004-01-06 21:44 ` [autofs] " Mike Waychison 2004-01-06 21:44 ` Mike Waychison 2004-01-06 21:50 ` [autofs] " Tim Hockin 2004-01-06 21:50 ` Tim Hockin 2004-01-06 22:06 ` [autofs] " H. Peter Anvin 2004-01-06 22:06 ` H. Peter Anvin 2004-01-06 22:17 ` [autofs] " Tim Hockin [not found] ` <20040106221502.GA7398@hockin.org> 2004-01-06 22:20 ` H. Peter Anvin 2004-01-06 22:20 ` H. Peter Anvin 2004-01-07 16:19 ` [autofs] " Mike Waychison 2004-01-07 16:19 ` Mike Waychison 2004-01-07 17:55 ` [autofs] " H. Peter Anvin 2004-01-07 21:13 ` Mike Waychison 2004-01-06 22:28 ` name spaces good (was: [autofs] [RFC] Towards a Modern Autofs) Dax Kelson 2004-01-06 22:48 ` name spaces good H. Peter Anvin 2004-01-06 22:48 ` H. Peter Anvin 2004-01-07 21:14 ` [autofs] [RFC] Towards a Modern Autofs Jim Carter 2004-01-07 21:14 ` Jim Carter 2004-01-07 22:55 ` [autofs] " Mike Waychison 2004-01-07 22:55 ` Mike Waychison 2004-01-08 12:00 ` [autofs] " Ian Kent 2004-01-08 12:00 ` Ian Kent 2004-01-08 15:39 ` [autofs] " Mike Waychison 2004-01-09 18:20 ` Ian Kent 2004-01-09 18:20 ` Ian Kent 2004-01-09 20:06 ` [autofs] " Mike Waychison 2004-01-09 20:06 ` Mike Waychison 2004-01-10 5:43 ` [autofs] " Ian Kent 2004-01-12 13:07 ` Mike Waychison 2004-01-12 16:01 ` raven 2004-01-12 16:26 ` Mike Waychison 2004-01-12 22:50 ` Tim Hockin 2004-01-12 23:28 ` Mike Waychison 2004-01-13 1:30 ` Ian Kent 2004-01-13 1:30 ` Ian Kent 2004-01-12 16:28 ` [autofs] " raven 2004-01-12 16:58 ` Mike Waychison 2004-01-13 1:54 ` Ian Kent 2004-01-13 1:54 ` Ian Kent 2004-01-13 19:01 ` [autofs] " Mike Waychison 2004-01-13 19:01 ` Mike Waychison 2004-01-14 15:58 ` [autofs] " raven 2004-01-14 19:32 ` running out of mount points Greg Bradner 2004-01-19 15:48 ` Greg Bradner 2004-01-19 17:11 ` Mike Waychison 2004-01-19 19:07 ` Greg Bradner 2004-01-20 19:15 ` Jim Carter 2004-01-13 18:46 ` [autofs] [RFC] Towards a Modern Autofs Mike Waychison 2004-01-13 18:46 ` Mike Waychison 2004-01-09 20:51 ` [autofs] " Jim Carter 2004-01-09 20:51 ` Jim Carter 2004-01-10 5:56 ` [autofs] " Ian Kent 2004-01-08 17:34 ` H. Peter Anvin 2004-01-08 19:41 ` Mike Waychison 2004-01-08 23:42 ` Michael Clark 2004-01-09 20:28 ` Mike Waychison 2004-01-09 20:28 ` Mike Waychison 2004-01-09 20:54 ` H. Peter Anvin [this message] 2004-01-09 20:54 ` H. Peter Anvin 2004-01-09 21:43 ` [autofs] " Mike Waychison 2004-01-09 21:43 ` Mike Waychison 2004-01-09 18:32 ` [autofs] " Ian Kent 2004-01-09 18:32 ` Ian Kent 2004-01-09 20:52 ` [autofs] " Mike Waychison 2004-01-09 20:52 ` Mike Waychison 2004-01-10 6:05 ` [autofs] " Ian Kent 2004-01-08 12:29 ` Olivier Galibert 2004-01-08 13:20 ` Robin Rosenberg 2004-01-08 16:23 ` Mike Waychison 2004-01-08 12:35 ` Ian Kent 2004-01-08 13:08 ` Ian Kent 2004-01-08 18:20 ` Jim Carter 2004-01-08 21:01 ` H. Peter Anvin 2004-01-08 0:48 ` Ian Kent 2004-01-08 0:48 ` Ian Kent 2004-01-06 22:28 [autofs] " Ogden, Aaron A. 2004-01-06 22:41 ` Mike Fedyk 2004-01-06 22:47 ` Tim Hockin 2004-01-06 22:53 ` Paul Raines 2004-01-07 23:14 ` Jim Carter 2004-01-07 23:32 ` H. Peter Anvin 2004-01-08 12:52 ` Ian Kent 2004-01-08 12:52 ` Ian Kent 2004-01-08 18:31 ` viro 2004-01-09 18:43 ` Ian Kent 2004-01-09 19:41 ` Mike Waychison 2004-01-09 19:57 ` H. Peter Anvin 2004-01-09 21:31 ` Mike Waychison 2004-01-09 21:36 ` H. Peter Anvin 2004-01-06 23:34 Ogden, Aaron A. 2004-01-06 23:47 ` Tim Hockin [not found] <1b5GC-29h-1@gated-at.bofh.it> [not found] ` <1b6CO-3v0-15@gated-at.bofh.it> 2004-01-07 4:21 ` Andi Kleen 2004-01-07 17:50 ` H. Peter Anvin 2004-01-07 21:04 ` Mike Waychison 2004-01-07 21:11 ` Mike Fedyk 2004-01-07 23:40 ` Jesper Juhl 2004-01-07 21:24 ` Jeff Garzik 2004-01-07 23:47 ` Mike Waychison 2004-01-07 23:56 ` Jeff Garzik 2004-01-12 16:57 ` Mike Waychison 2004-01-13 7:39 ` Ian Kent 2004-01-08 19:32 trond.myklebust 2004-01-08 19:41 ` H. Peter Anvin 2004-01-08 20:08 ` trond.myklebust 2004-01-08 21:13 ` H. Peter Anvin 2004-01-08 22:20 ` J. Bruce Fields 2004-01-08 22:24 ` H. Peter Anvin 2004-01-09 20:37 ` Mike Waychison 2004-01-09 21:02 ` H. Peter Anvin 2004-01-09 21:52 ` Mike Waychison 2004-01-09 20:16 ` Mike Waychison
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=3FFF14F9.6030601@zytor.com \ --to=hpa@zytor.com \ --cc=Michael.Waychison@Sun.COM \ --cc=autofs@linux.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=michael@metaparadigm.com \ --cc=raven@themaw.net \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.