fuse: feasible to distinguish between umount and abort?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

fuse: feasible to distinguish between umount and abort?

Nikolaus Rath
Hello,

Currently, both a call to umount(2) and writing "1" to
/sys/fs/fuse/connections/NNN/abort will put the /dev/fuse fd into the
same state: reading from it returns ENODEV, and polling on it returns
POLLERR.

This causes problems for filesystems that want to ensure that the
mountpoint is free when they exit. If accessing the device fd gives the
above errors, they have to do an additional check to determine if they
still need to unmount the mountpoint. This is difficult to do without
race conditions (think of someone unmounting and immediately re-starting
a new filesystem instance).

Would it be possible to change the behavior of the /dev/fuse fd so that
userspace can distinguish between a regular umount and use of the
/sys/fs/fuse abort)?


Best,
-Nikolaus

--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

             »Time flies like an arrow, fruit flies like a Banana.«

------------------------------------------------------------------------------
--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: fuse: feasible to distinguish between umount and abort?

Miklos Szeredi
On Thu, Nov 24, 2016 at 12:11 AM, Nikolaus Rath <[hidden email]> wrote:

> Hello,
>
> Currently, both a call to umount(2) and writing "1" to
> /sys/fs/fuse/connections/NNN/abort will put the /dev/fuse fd into the
> same state: reading from it returns ENODEV, and polling on it returns
> POLLERR.
>
> This causes problems for filesystems that want to ensure that the
> mountpoint is free when they exit. If accessing the device fd gives the
> above errors, they have to do an additional check to determine if they
> still need to unmount the mountpoint. This is difficult to do without
> race conditions (think of someone unmounting and immediately re-starting
> a new filesystem instance).
>
> Would it be possible to change the behavior of the /dev/fuse fd so that
> userspace can distinguish between a regular umount and use of the
> /sys/fs/fuse abort)?

Yes.  My proposal would be for the kernel to send FUSE_DESTROY
asynchronously and only return ENODEV once that request was read by
userspace.  Currently FUSE_DESTROY is sent synchronously for fuseblk
mounts, but not for plain fuse mounts.

Please file a bug somewhere.  I don't mind if kernel bugs are also
kept at the github project as long as they can easily be found.

Thanks,
Miklos

------------------------------------------------------------------------------
--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: fuse: feasible to distinguish between umount and abort?

Stef Bon-2
2016-11-24 10:10 GMT+01:00 Miklos Szeredi <[hidden email]>:

> On Thu, Nov 24, 2016 at 12:11 AM, Nikolaus Rath <[hidden email]> wrote:
>> Hello,
>>
>> Currently, both a call to umount(2) and writing "1" to
>> /sys/fs/fuse/connections/NNN/abort will put the /dev/fuse fd into the
>> same state: reading from it returns ENODEV, and polling on it returns
>> POLLERR.
>>
>> This causes problems for filesystems that want to ensure that the
>> mountpoint is free when they exit. If accessing the device fd gives the
>> above errors, they have to do an additional check to determine if they
>> still need to unmount the mountpoint. This is difficult to do without
>> race conditions (think of someone unmounting and immediately re-starting
>> a new filesystem instance).

A filesystem should check the mountpouint is already mounted when
starting right? So when it's mounted already do not start and return a
proper return value.

I'm currently working with the order of unmounting. When the userspace
filesystem detects the VFS has disconnected the
filedescriptor (event occurs but reading from it gives zero size when
using recv). This happens when terminating with kill. I do not know
this also happens
when aborting. I must say with my filesystems I've got the fd added to
epoll which watches it constantly, and when doing so it reports the
event when the VFS closes the fd.

What is the right order for the userspace daemon in this case?
I think the userspace daemon has to test the mountpoint is still mounted
and umount if it is?

Stef

------------------------------------------------------------------------------
--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: fuse: feasible to distinguish between umount and abort?

Nikolaus Rath
In reply to this post by Miklos Szeredi
On Nov 24 2016, Miklos Szeredi <[hidden email]> wrote:

> On Thu, Nov 24, 2016 at 12:11 AM, Nikolaus Rath <[hidden email]> wrote:
>> Hello,
>>
>> Currently, both a call to umount(2) and writing "1" to
>> /sys/fs/fuse/connections/NNN/abort will put the /dev/fuse fd into the
>> same state: reading from it returns ENODEV, and polling on it returns
>> POLLERR.
>>
>> This causes problems for filesystems that want to ensure that the
>> mountpoint is free when they exit. If accessing the device fd gives the
>> above errors, they have to do an additional check to determine if they
>> still need to unmount the mountpoint. This is difficult to do without
>> race conditions (think of someone unmounting and immediately re-starting
>> a new filesystem instance).
>>
>> Would it be possible to change the behavior of the /dev/fuse fd so that
>> userspace can distinguish between a regular umount and use of the
>> /sys/fs/fuse abort)?
>
> Yes.  My proposal would be for the kernel to send FUSE_DESTROY
> asynchronously and only return ENODEV once that request was read by
> userspace.  Currently FUSE_DESTROY is sent synchronously for fuseblk
> mounts, but not for plain fuse mounts.

I trust that this is a good plan, but from the description I can't quite
tell how the filesystem would make the distinction between umount/abort
based on this. Would FUSE_DESTROY be send only for unmount, but not for
abort?


> Please file a bug somewhere.  I don't mind if kernel bugs are also
> kept at the github project as long as they can easily be found.

Already done at https://github.com/libfuse/libfuse/issues/122.


Thanks!
-Nikolaus

--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

             »Time flies like an arrow, fruit flies like a Banana.«

------------------------------------------------------------------------------
--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: fuse: feasible to distinguish between umount and abort?

Miklos Szeredi
On Fri, Nov 25, 2016 at 1:33 AM, Nikolaus Rath <[hidden email]> wrote:

> On Nov 24 2016, Miklos Szeredi <[hidden email]> wrote:
>> On Thu, Nov 24, 2016 at 12:11 AM, Nikolaus Rath <[hidden email]> wrote:
>>> Hello,
>>>
>>> Currently, both a call to umount(2) and writing "1" to
>>> /sys/fs/fuse/connections/NNN/abort will put the /dev/fuse fd into the
>>> same state: reading from it returns ENODEV, and polling on it returns
>>> POLLERR.
>>>
>>> This causes problems for filesystems that want to ensure that the
>>> mountpoint is free when they exit. If accessing the device fd gives the
>>> above errors, they have to do an additional check to determine if they
>>> still need to unmount the mountpoint. This is difficult to do without
>>> race conditions (think of someone unmounting and immediately re-starting
>>> a new filesystem instance).
>>>
>>> Would it be possible to change the behavior of the /dev/fuse fd so that
>>> userspace can distinguish between a regular umount and use of the
>>> /sys/fs/fuse abort)?
>>
>> Yes.  My proposal would be for the kernel to send FUSE_DESTROY
>> asynchronously and only return ENODEV once that request was read by
>> userspace.  Currently FUSE_DESTROY is sent synchronously for fuseblk
>> mounts, but not for plain fuse mounts.
>
> I trust that this is a good plan, but from the description I can't quite
> tell how the filesystem would make the distinction between umount/abort
> based on this. Would FUSE_DESTROY be send only for unmount, but not for
> abort?

Right.  The userspace implementation would need to be careful to
process the DESTROY message before ENODEV received in a different
thread.   Maybe instead userspace and kernel should negotiate in INIT
whether userspace wants a DESTROY or not.  If it does, then on umount
kernel sends DESTROY and does not return ENODEV.  If userspace does
not want DESTROY then it falls back to the old way of returning
ENODEV.  And on abort it would do that as well, regardless of the
negotiated DESTROY request.

>> Please file a bug somewhere.  I don't mind if kernel bugs are also
>> kept at the github project as long as they can easily be found.
>
> Already done at https://github.com/libfuse/libfuse/issues/122.

Great.

Thanks,
Miklos

------------------------------------------------------------------------------
--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: fuse: feasible to distinguish between umount and abort?

Nikolaus Rath
On Nov 29 2016, Miklos Szeredi <[hidden email]> wrote:

> On Fri, Nov 25, 2016 at 1:33 AM, Nikolaus Rath <[hidden email]> wrote:
>> On Nov 24 2016, Miklos Szeredi <[hidden email]> wrote:
>>> On Thu, Nov 24, 2016 at 12:11 AM, Nikolaus Rath <[hidden email]> wrote:
>>>> Hello,
>>>>
>>>> Currently, both a call to umount(2) and writing "1" to
>>>> /sys/fs/fuse/connections/NNN/abort will put the /dev/fuse fd into the
>>>> same state: reading from it returns ENODEV, and polling on it returns
>>>> POLLERR.
>>>>
>>>> This causes problems for filesystems that want to ensure that the
>>>> mountpoint is free when they exit. If accessing the device fd gives the
>>>> above errors, they have to do an additional check to determine if they
>>>> still need to unmount the mountpoint. This is difficult to do without
>>>> race conditions (think of someone unmounting and immediately re-starting
>>>> a new filesystem instance).
>>>>
>>>> Would it be possible to change the behavior of the /dev/fuse fd so that
>>>> userspace can distinguish between a regular umount and use of the
>>>> /sys/fs/fuse abort)?
>>>
>>> Yes.  My proposal would be for the kernel to send FUSE_DESTROY
>>> asynchronously and only return ENODEV once that request was read by
>>> userspace.  Currently FUSE_DESTROY is sent synchronously for fuseblk
>>> mounts, but not for plain fuse mounts.
>>
>> I trust that this is a good plan, but from the description I can't quite
>> tell how the filesystem would make the distinction between umount/abort
>> based on this. Would FUSE_DESTROY be send only for unmount, but not for
>> abort?
>
> Right.  The userspace implementation would need to be careful to
> process the DESTROY message before ENODEV received in a different
> thread.   Maybe instead userspace and kernel should negotiate in INIT
> whether userspace wants a DESTROY or not.  If it does, then on umount
> kernel sends DESTROY and does not return ENODEV.  If userspace does
> not want DESTROY then it falls back to the old way of returning
> ENODEV.  And on abort it would do that as well, regardless of the
> negotiated DESTROY request.

That sounds great to me. Would you have to implement this, or should I
try to give it a shot? In the latter case, could you give me a hint
where the entry points for the umount and abort code paths are (in the
kernel code)?


Best,
-Nikolaus

--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

             »Time flies like an arrow, fruit flies like a Banana.«

------------------------------------------------------------------------------
--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel