Re: Making forced unmounts work

To: hannken%eis.cs.tu-bs.de@localhost
Subject: Re: Making forced unmounts work
From: yamt%mwd.biglobe.ne.jp@localhost (YAMAMOTO Takashi)
Date: Fri, 7 Dec 2012 06:49:08 +0000 (UTC)

hi,

> Forced unmounts will most likely panic the kernel.  The main problem is
> other threads running a vnode operation when we come to clean and
> reclaim an active vnode and therefore change its operation vector and
> destroy the file system private data without locking or synchronisation.
> 
> One solution is to to suspend the file system while it gets unmounted.
> This way all other threads running a vnode operation will wait for
> fstrans_start() to succeed.  Changing fstrans_start() to detect a now
> dead vnode it is possible to restart the vnode operation with the new
> operations vector.
> 
> In short the attached diff:
> 
> - Adds a new kernel-internal errno ERESTARTVOP and changes VCALL() to
>   restart a vnode operation once it returns ERESTARTVOP.
> 
> - Changes fstrans_start() to take an optional `hint vnode' and return
>   ERESTARTVOP if the vnode becomes dead.
> 
> - Rearranges all file system operations to call fstrans_start() before
>   accessing file system private data and check (and return) an error.
> 
> - Changes vfs_suspend() to optionally suspend a file system without
>   syncing it to disk.  This feature is used when revoking a vnode.
> 
> - Changes dounmount() to suspend a file system during the unmount.
> 
> - Keeps the `struct mp' until all (dead) vnodes disappear.
> 
> - Adds some missing operations to deadfs.
> 
> Comments or objections?

thanks for working on this.

if possible, it's better to avoid taking a rwlock for every VOPs.
IMO umount and revoke, instead every VOPs, ought to do the hard work.
have you considered to do it at upper levels like file, descriptors,
mmaps, etc?

eg.
        1. iterate all processes to mark their files revoked
        2. make long-sleepers (fifo, nfs rpcs, etc) abort
        3. wait for reference counts settle

        you may need to send IPIs as some operations are barrier-less.
        (fd_getfile/putfile)

iirc dragonflybsd implements revoke at the file or descriptor level.

YAMAMOTO Takashi

> 
> --
> J. Hannken-Illjes - hannken%eis.cs.tu-bs.de@localhost - TU Braunschweig 
> (Germany)

References:
- Making forced unmounts work
  - From: J. Hannken-Illjes

Prev by Date: Re: nfsd "serializing" patch
Next by Date: Re: nfsd "serializing" patch
Previous by Thread: Re: Making forced unmounts work
Next by Thread: Broadcast traffic on vlans leaks into the parent interface on NetBSD-5.1
Indexes:

Home | Main Index | Thread Index | Old Index