You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
882 lines
36 KiB
882 lines
36 KiB
|
|
Overview of the Linux Virtual File System
|
|
|
|
Original author: Richard Gooch <rgooch@atnf.csiro.au>
|
|
|
|
Last updated on August 25, 2005
|
|
|
|
Copyright (C) 1999 Richard Gooch
|
|
Copyright (C) 2005 Pekka Enberg
|
|
|
|
This file is released under the GPLv2.
|
|
|
|
|
|
What is it?
|
|
===========
|
|
|
|
The Virtual File System (otherwise known as the Virtual Filesystem
|
|
Switch) is the software layer in the kernel that provides the
|
|
filesystem interface to userspace programs. It also provides an
|
|
abstraction within the kernel which allows different filesystem
|
|
implementations to coexist.
|
|
|
|
|
|
A Quick Look At How It Works
|
|
============================
|
|
|
|
In this section I'll briefly describe how things work, before
|
|
launching into the details. I'll start with describing what happens
|
|
when user programs open and manipulate files, and then look from the
|
|
other view which is how a filesystem is supported and subsequently
|
|
mounted.
|
|
|
|
|
|
Opening a File
|
|
--------------
|
|
|
|
The VFS implements the open(2), stat(2), chmod(2) and similar system
|
|
calls. The pathname argument is used by the VFS to search through the
|
|
directory entry cache (dentry cache or "dcache"). This provides a very
|
|
fast look-up mechanism to translate a pathname (filename) into a
|
|
specific dentry.
|
|
|
|
An individual dentry usually has a pointer to an inode. Inodes are the
|
|
things that live on disc drives, and can be regular files (you know:
|
|
those things that you write data into), directories, FIFOs and other
|
|
beasts. Dentries live in RAM and are never saved to disc: they exist
|
|
only for performance. Inodes live on disc and are copied into memory
|
|
when required. Later any changes are written back to disc. The inode
|
|
that lives in RAM is a VFS inode, and it is this which the dentry
|
|
points to. A single inode can be pointed to by multiple dentries
|
|
(think about hardlinks).
|
|
|
|
The dcache is meant to be a view into your entire filespace. Unlike
|
|
Linus, most of us losers can't fit enough dentries into RAM to cover
|
|
all of our filespace, so the dcache has bits missing. In order to
|
|
resolve your pathname into a dentry, the VFS may have to resort to
|
|
creating dentries along the way, and then loading the inode. This is
|
|
done by looking up the inode.
|
|
|
|
To look up an inode (usually read from disc) requires that the VFS
|
|
calls the lookup() method of the parent directory inode. This method
|
|
is installed by the specific filesystem implementation that the inode
|
|
lives in. There will be more on this later.
|
|
|
|
Once the VFS has the required dentry (and hence the inode), we can do
|
|
all those boring things like open(2) the file, or stat(2) it to peek
|
|
at the inode data. The stat(2) operation is fairly simple: once the
|
|
VFS has the dentry, it peeks at the inode data and passes some of it
|
|
back to userspace.
|
|
|
|
Opening a file requires another operation: allocation of a file
|
|
structure (this is the kernel-side implementation of file
|
|
descriptors). The freshly allocated file structure is initialized with
|
|
a pointer to the dentry and a set of file operation member functions.
|
|
These are taken from the inode data. The open() file method is then
|
|
called so the specific filesystem implementation can do it's work. You
|
|
can see that this is another switch performed by the VFS.
|
|
|
|
The file structure is placed into the file descriptor table for the
|
|
process.
|
|
|
|
Reading, writing and closing files (and other assorted VFS operations)
|
|
is done by using the userspace file descriptor to grab the appropriate
|
|
file structure, and then calling the required file structure method
|
|
function to do whatever is required.
|
|
|
|
For as long as the file is open, it keeps the dentry "open" (in use),
|
|
which in turn means that the VFS inode is still in use.
|
|
|
|
All VFS system calls (i.e. open(2), stat(2), read(2), write(2),
|
|
chmod(2) and so on) are called from a process context. You should
|
|
assume that these calls are made without any kernel locks being
|
|
held. This means that the processes may be executing the same piece of
|
|
filesystem or driver code at the same time, on different
|
|
processors. You should ensure that access to shared resources is
|
|
protected by appropriate locks.
|
|
|
|
|
|
Registering and Mounting a Filesystem
|
|
-------------------------------------
|
|
|
|
If you want to support a new kind of filesystem in the kernel, all you
|
|
need to do is call register_filesystem(). You pass a structure
|
|
describing the filesystem implementation (struct file_system_type)
|
|
which is then added to an internal table of supported filesystems. You
|
|
can do:
|
|
|
|
% cat /proc/filesystems
|
|
|
|
to see what filesystems are currently available on your system.
|
|
|
|
When a request is made to mount a block device onto a directory in
|
|
your filespace the VFS will call the appropriate method for the
|
|
specific filesystem. The dentry for the mount point will then be
|
|
updated to point to the root inode for the new filesystem.
|
|
|
|
It's now time to look at things in more detail.
|
|
|
|
|
|
struct file_system_type
|
|
=======================
|
|
|
|
This describes the filesystem. As of kernel 2.6.13, the following
|
|
members are defined:
|
|
|
|
struct file_system_type {
|
|
const char *name;
|
|
int fs_flags;
|
|
struct super_block *(*get_sb) (struct file_system_type *, int,
|
|
const char *, void *);
|
|
void (*kill_sb) (struct super_block *);
|
|
struct module *owner;
|
|
struct file_system_type * next;
|
|
struct list_head fs_supers;
|
|
};
|
|
|
|
name: the name of the filesystem type, such as "ext2", "iso9660",
|
|
"msdos" and so on
|
|
|
|
fs_flags: various flags (i.e. FS_REQUIRES_DEV, FS_NO_DCACHE, etc.)
|
|
|
|
get_sb: the method to call when a new instance of this
|
|
filesystem should be mounted
|
|
|
|
kill_sb: the method to call when an instance of this filesystem
|
|
should be unmounted
|
|
|
|
owner: for internal VFS use: you should initialize this to THIS_MODULE in
|
|
most cases.
|
|
|
|
next: for internal VFS use: you should initialize this to NULL
|
|
|
|
The get_sb() method has the following arguments:
|
|
|
|
struct super_block *sb: the superblock structure. This is partially
|
|
initialized by the VFS and the rest must be initialized by the
|
|
get_sb() method
|
|
|
|
int flags: mount flags
|
|
|
|
const char *dev_name: the device name we are mounting.
|
|
|
|
void *data: arbitrary mount options, usually comes as an ASCII
|
|
string
|
|
|
|
int silent: whether or not to be silent on error
|
|
|
|
The get_sb() method must determine if the block device specified
|
|
in the superblock contains a filesystem of the type the method
|
|
supports. On success the method returns the superblock pointer, on
|
|
failure it returns NULL.
|
|
|
|
The most interesting member of the superblock structure that the
|
|
get_sb() method fills in is the "s_op" field. This is a pointer to
|
|
a "struct super_operations" which describes the next level of the
|
|
filesystem implementation.
|
|
|
|
Usually, a filesystem uses generic one of the generic get_sb()
|
|
implementations and provides a fill_super() method instead. The
|
|
generic methods are:
|
|
|
|
get_sb_bdev: mount a filesystem residing on a block device
|
|
|
|
get_sb_nodev: mount a filesystem that is not backed by a device
|
|
|
|
get_sb_single: mount a filesystem which shares the instance between
|
|
all mounts
|
|
|
|
A fill_super() method implementation has the following arguments:
|
|
|
|
struct super_block *sb: the superblock structure. The method fill_super()
|
|
must initialize this properly.
|
|
|
|
void *data: arbitrary mount options, usually comes as an ASCII
|
|
string
|
|
|
|
int silent: whether or not to be silent on error
|
|
|
|
|
|
struct super_operations
|
|
=======================
|
|
|
|
This describes how the VFS can manipulate the superblock of your
|
|
filesystem. As of kernel 2.6.13, the following members are defined:
|
|
|
|
struct super_operations {
|
|
struct inode *(*alloc_inode)(struct super_block *sb);
|
|
void (*destroy_inode)(struct inode *);
|
|
|
|
void (*read_inode) (struct inode *);
|
|
|
|
void (*dirty_inode) (struct inode *);
|
|
int (*write_inode) (struct inode *, int);
|
|
void (*put_inode) (struct inode *);
|
|
void (*drop_inode) (struct inode *);
|
|
void (*delete_inode) (struct inode *);
|
|
void (*put_super) (struct super_block *);
|
|
void (*write_super) (struct super_block *);
|
|
int (*sync_fs)(struct super_block *sb, int wait);
|
|
void (*write_super_lockfs) (struct super_block *);
|
|
void (*unlockfs) (struct super_block *);
|
|
int (*statfs) (struct super_block *, struct kstatfs *);
|
|
int (*remount_fs) (struct super_block *, int *, char *);
|
|
void (*clear_inode) (struct inode *);
|
|
void (*umount_begin) (struct super_block *);
|
|
|
|
void (*sync_inodes) (struct super_block *sb,
|
|
struct writeback_control *wbc);
|
|
int (*show_options)(struct seq_file *, struct vfsmount *);
|
|
|
|
ssize_t (*quota_read)(struct super_block *, int, char *, size_t, loff_t);
|
|
ssize_t (*quota_write)(struct super_block *, int, const char *, size_t, loff_t);
|
|
};
|
|
|
|
All methods are called without any locks being held, unless otherwise
|
|
noted. This means that most methods can block safely. All methods are
|
|
only called from a process context (i.e. not from an interrupt handler
|
|
or bottom half).
|
|
|
|
alloc_inode: this method is called by inode_alloc() to allocate memory
|
|
for struct inode and initialize it.
|
|
|
|
destroy_inode: this method is called by destroy_inode() to release
|
|
resources allocated for struct inode.
|
|
|
|
read_inode: this method is called to read a specific inode from the
|
|
mounted filesystem. The i_ino member in the struct inode is
|
|
initialized by the VFS to indicate which inode to read. Other
|
|
members are filled in by this method.
|
|
|
|
You can set this to NULL and use iget5_locked() instead of iget()
|
|
to read inodes. This is necessary for filesystems for which the
|
|
inode number is not sufficient to identify an inode.
|
|
|
|
dirty_inode: this method is called by the VFS to mark an inode dirty.
|
|
|
|
write_inode: this method is called when the VFS needs to write an
|
|
inode to disc. The second parameter indicates whether the write
|
|
should be synchronous or not, not all filesystems check this flag.
|
|
|
|
put_inode: called when the VFS inode is removed from the inode
|
|
cache.
|
|
|
|
drop_inode: called when the last access to the inode is dropped,
|
|
with the inode_lock spinlock held.
|
|
|
|
This method should be either NULL (normal UNIX filesystem
|
|
semantics) or "generic_delete_inode" (for filesystems that do not
|
|
want to cache inodes - causing "delete_inode" to always be
|
|
called regardless of the value of i_nlink)
|
|
|
|
The "generic_delete_inode()" behavior is equivalent to the
|
|
old practice of using "force_delete" in the put_inode() case,
|
|
but does not have the races that the "force_delete()" approach
|
|
had.
|
|
|
|
delete_inode: called when the VFS wants to delete an inode
|
|
|
|
put_super: called when the VFS wishes to free the superblock
|
|
(i.e. unmount). This is called with the superblock lock held
|
|
|
|
write_super: called when the VFS superblock needs to be written to
|
|
disc. This method is optional
|
|
|
|
sync_fs: called when VFS is writing out all dirty data associated with
|
|
a superblock. The second parameter indicates whether the method
|
|
should wait until the write out has been completed. Optional.
|
|
|
|
write_super_lockfs: called when VFS is locking a filesystem and forcing
|
|
it into a consistent state. This function is currently used by the
|
|
Logical Volume Manager (LVM).
|
|
|
|
unlockfs: called when VFS is unlocking a filesystem and making it writable
|
|
again.
|
|
|
|
statfs: called when the VFS needs to get filesystem statistics. This
|
|
is called with the kernel lock held
|
|
|
|
remount_fs: called when the filesystem is remounted. This is called
|
|
with the kernel lock held
|
|
|
|
clear_inode: called then the VFS clears the inode. Optional
|
|
|
|
umount_begin: called when the VFS is unmounting a filesystem.
|
|
|
|
sync_inodes: called when the VFS is writing out dirty data associated with
|
|
a superblock.
|
|
|
|
show_options: called by the VFS to show mount options for /proc/<pid>/mounts.
|
|
|
|
quota_read: called by the VFS to read from filesystem quota file.
|
|
|
|
quota_write: called by the VFS to write to filesystem quota file.
|
|
|
|
The read_inode() method is responsible for filling in the "i_op"
|
|
field. This is a pointer to a "struct inode_operations" which
|
|
describes the methods that can be performed on individual inodes.
|
|
|
|
|
|
struct inode_operations
|
|
=======================
|
|
|
|
This describes how the VFS can manipulate an inode in your
|
|
filesystem. As of kernel 2.6.13, the following members are defined:
|
|
|
|
struct inode_operations {
|
|
int (*create) (struct inode *,struct dentry *,int, struct nameidata *);
|
|
struct dentry * (*lookup) (struct inode *,struct dentry *, struct nameidata *);
|
|
int (*link) (struct dentry *,struct inode *,struct dentry *);
|
|
int (*unlink) (struct inode *,struct dentry *);
|
|
int (*symlink) (struct inode *,struct dentry *,const char *);
|
|
int (*mkdir) (struct inode *,struct dentry *,int);
|
|
int (*rmdir) (struct inode *,struct dentry *);
|
|
int (*mknod) (struct inode *,struct dentry *,int,dev_t);
|
|
int (*rename) (struct inode *, struct dentry *,
|
|
struct inode *, struct dentry *);
|
|
int (*readlink) (struct dentry *, char __user *,int);
|
|
void * (*follow_link) (struct dentry *, struct nameidata *);
|
|
void (*put_link) (struct dentry *, struct nameidata *, void *);
|
|
void (*truncate) (struct inode *);
|
|
int (*permission) (struct inode *, int, struct nameidata *);
|
|
int (*setattr) (struct dentry *, struct iattr *);
|
|
int (*getattr) (struct vfsmount *mnt, struct dentry *, struct kstat *);
|
|
int (*setxattr) (struct dentry *, const char *,const void *,size_t,int);
|
|
ssize_t (*getxattr) (struct dentry *, const char *, void *, size_t);
|
|
ssize_t (*listxattr) (struct dentry *, char *, size_t);
|
|
int (*removexattr) (struct dentry *, const char *);
|
|
};
|
|
|
|
Again, all methods are called without any locks being held, unless
|
|
otherwise noted.
|
|
|
|
create: called by the open(2) and creat(2) system calls. Only
|
|
required if you want to support regular files. The dentry you
|
|
get should not have an inode (i.e. it should be a negative
|
|
dentry). Here you will probably call d_instantiate() with the
|
|
dentry and the newly created inode
|
|
|
|
lookup: called when the VFS needs to look up an inode in a parent
|
|
directory. The name to look for is found in the dentry. This
|
|
method must call d_add() to insert the found inode into the
|
|
dentry. The "i_count" field in the inode structure should be
|
|
incremented. If the named inode does not exist a NULL inode
|
|
should be inserted into the dentry (this is called a negative
|
|
dentry). Returning an error code from this routine must only
|
|
be done on a real error, otherwise creating inodes with system
|
|
calls like create(2), mknod(2), mkdir(2) and so on will fail.
|
|
If you wish to overload the dentry methods then you should
|
|
initialise the "d_dop" field in the dentry; this is a pointer
|
|
to a struct "dentry_operations".
|
|
This method is called with the directory inode semaphore held
|
|
|
|
link: called by the link(2) system call. Only required if you want
|
|
to support hard links. You will probably need to call
|
|
d_instantiate() just as you would in the create() method
|
|
|
|
unlink: called by the unlink(2) system call. Only required if you
|
|
want to support deleting inodes
|
|
|
|
symlink: called by the symlink(2) system call. Only required if you
|
|
want to support symlinks. You will probably need to call
|
|
d_instantiate() just as you would in the create() method
|
|
|
|
mkdir: called by the mkdir(2) system call. Only required if you want
|
|
to support creating subdirectories. You will probably need to
|
|
call d_instantiate() just as you would in the create() method
|
|
|
|
rmdir: called by the rmdir(2) system call. Only required if you want
|
|
to support deleting subdirectories
|
|
|
|
mknod: called by the mknod(2) system call to create a device (char,
|
|
block) inode or a named pipe (FIFO) or socket. Only required
|
|
if you want to support creating these types of inodes. You
|
|
will probably need to call d_instantiate() just as you would
|
|
in the create() method
|
|
|
|
readlink: called by the readlink(2) system call. Only required if
|
|
you want to support reading symbolic links
|
|
|
|
follow_link: called by the VFS to follow a symbolic link to the
|
|
inode it points to. Only required if you want to support
|
|
symbolic links. This function returns a void pointer cookie
|
|
that is passed to put_link().
|
|
|
|
put_link: called by the VFS to release resources allocated by
|
|
follow_link(). The cookie returned by follow_link() is passed to
|
|
to this function as the last parameter. It is used by filesystems
|
|
such as NFS where page cache is not stable (i.e. page that was
|
|
installed when the symbolic link walk started might not be in the
|
|
page cache at the end of the walk).
|
|
|
|
truncate: called by the VFS to change the size of a file. The i_size
|
|
field of the inode is set to the desired size by the VFS before
|
|
this function is called. This function is called by the truncate(2)
|
|
system call and related functionality.
|
|
|
|
permission: called by the VFS to check for access rights on a POSIX-like
|
|
filesystem.
|
|
|
|
setattr: called by the VFS to set attributes for a file. This function is
|
|
called by chmod(2) and related system calls.
|
|
|
|
getattr: called by the VFS to get attributes of a file. This function is
|
|
called by stat(2) and related system calls.
|
|
|
|
setxattr: called by the VFS to set an extended attribute for a file.
|
|
Extended attribute is a name:value pair associated with an inode. This
|
|
function is called by setxattr(2) system call.
|
|
|
|
getxattr: called by the VFS to retrieve the value of an extended attribute
|
|
name. This function is called by getxattr(2) function call.
|
|
|
|
listxattr: called by the VFS to list all extended attributes for a given
|
|
file. This function is called by listxattr(2) system call.
|
|
|
|
removexattr: called by the VFS to remove an extended attribute from a file.
|
|
This function is called by removexattr(2) system call.
|
|
|
|
|
|
struct address_space_operations
|
|
===============================
|
|
|
|
This describes how the VFS can manipulate mapping of a file to page cache in
|
|
your filesystem. As of kernel 2.6.13, the following members are defined:
|
|
|
|
struct address_space_operations {
|
|
int (*writepage)(struct page *page, struct writeback_control *wbc);
|
|
int (*readpage)(struct file *, struct page *);
|
|
int (*sync_page)(struct page *);
|
|
int (*writepages)(struct address_space *, struct writeback_control *);
|
|
int (*set_page_dirty)(struct page *page);
|
|
int (*readpages)(struct file *filp, struct address_space *mapping,
|
|
struct list_head *pages, unsigned nr_pages);
|
|
int (*prepare_write)(struct file *, struct page *, unsigned, unsigned);
|
|
int (*commit_write)(struct file *, struct page *, unsigned, unsigned);
|
|
sector_t (*bmap)(struct address_space *, sector_t);
|
|
int (*invalidatepage) (struct page *, unsigned long);
|
|
int (*releasepage) (struct page *, int);
|
|
ssize_t (*direct_IO)(int, struct kiocb *, const struct iovec *iov,
|
|
loff_t offset, unsigned long nr_segs);
|
|
struct page* (*get_xip_page)(struct address_space *, sector_t,
|
|
int);
|
|
};
|
|
|
|
writepage: called by the VM write a dirty page to backing store.
|
|
|
|
readpage: called by the VM to read a page from backing store.
|
|
|
|
sync_page: called by the VM to notify the backing store to perform all
|
|
queued I/O operations for a page. I/O operations for other pages
|
|
associated with this address_space object may also be performed.
|
|
|
|
writepages: called by the VM to write out pages associated with the
|
|
address_space object.
|
|
|
|
set_page_dirty: called by the VM to set a page dirty.
|
|
|
|
readpages: called by the VM to read pages associated with the address_space
|
|
object.
|
|
|
|
prepare_write: called by the generic write path in VM to set up a write
|
|
request for a page.
|
|
|
|
commit_write: called by the generic write path in VM to write page to
|
|
its backing store.
|
|
|
|
bmap: called by the VFS to map a logical block offset within object to
|
|
physical block number. This method is use by for the legacy FIBMAP
|
|
ioctl. Other uses are discouraged.
|
|
|
|
invalidatepage: called by the VM on truncate to disassociate a page from its
|
|
address_space mapping.
|
|
|
|
releasepage: called by the VFS to release filesystem specific metadata from
|
|
a page.
|
|
|
|
direct_IO: called by the VM for direct I/O writes and reads.
|
|
|
|
get_xip_page: called by the VM to translate a block number to a page.
|
|
The page is valid until the corresponding filesystem is unmounted.
|
|
Filesystems that want to use execute-in-place (XIP) need to implement
|
|
it. An example implementation can be found in fs/ext2/xip.c.
|
|
|
|
|
|
struct file_operations
|
|
======================
|
|
|
|
This describes how the VFS can manipulate an open file. As of kernel
|
|
2.6.13, the following members are defined:
|
|
|
|
struct file_operations {
|
|
loff_t (*llseek) (struct file *, loff_t, int);
|
|
ssize_t (*read) (struct file *, char __user *, size_t, loff_t *);
|
|
ssize_t (*aio_read) (struct kiocb *, char __user *, size_t, loff_t);
|
|
ssize_t (*write) (struct file *, const char __user *, size_t, loff_t *);
|
|
ssize_t (*aio_write) (struct kiocb *, const char __user *, size_t, loff_t);
|
|
int (*readdir) (struct file *, void *, filldir_t);
|
|
unsigned int (*poll) (struct file *, struct poll_table_struct *);
|
|
int (*ioctl) (struct inode *, struct file *, unsigned int, unsigned long);
|
|
long (*unlocked_ioctl) (struct file *, unsigned int, unsigned long);
|
|
long (*compat_ioctl) (struct file *, unsigned int, unsigned long);
|
|
int (*mmap) (struct file *, struct vm_area_struct *);
|
|
int (*open) (struct inode *, struct file *);
|
|
int (*flush) (struct file *);
|
|
int (*release) (struct inode *, struct file *);
|
|
int (*fsync) (struct file *, struct dentry *, int datasync);
|
|
int (*aio_fsync) (struct kiocb *, int datasync);
|
|
int (*fasync) (int, struct file *, int);
|
|
int (*lock) (struct file *, int, struct file_lock *);
|
|
ssize_t (*readv) (struct file *, const struct iovec *, unsigned long, loff_t *);
|
|
ssize_t (*writev) (struct file *, const struct iovec *, unsigned long, loff_t *);
|
|
ssize_t (*sendfile) (struct file *, loff_t *, size_t, read_actor_t, void *);
|
|
ssize_t (*sendpage) (struct file *, struct page *, int, size_t, loff_t *, int);
|
|
unsigned long (*get_unmapped_area)(struct file *, unsigned long, unsigned long, unsigned long, unsigned long);
|
|
int (*check_flags)(int);
|
|
int (*dir_notify)(struct file *filp, unsigned long arg);
|
|
int (*flock) (struct file *, int, struct file_lock *);
|
|
};
|
|
|
|
Again, all methods are called without any locks being held, unless
|
|
otherwise noted.
|
|
|
|
llseek: called when the VFS needs to move the file position index
|
|
|
|
read: called by read(2) and related system calls
|
|
|
|
aio_read: called by io_submit(2) and other asynchronous I/O operations
|
|
|
|
write: called by write(2) and related system calls
|
|
|
|
aio_write: called by io_submit(2) and other asynchronous I/O operations
|
|
|
|
readdir: called when the VFS needs to read the directory contents
|
|
|
|
poll: called by the VFS when a process wants to check if there is
|
|
activity on this file and (optionally) go to sleep until there
|
|
is activity. Called by the select(2) and poll(2) system calls
|
|
|
|
ioctl: called by the ioctl(2) system call
|
|
|
|
unlocked_ioctl: called by the ioctl(2) system call. Filesystems that do not
|
|
require the BKL should use this method instead of the ioctl() above.
|
|
|
|
compat_ioctl: called by the ioctl(2) system call when 32 bit system calls
|
|
are used on 64 bit kernels.
|
|
|
|
mmap: called by the mmap(2) system call
|
|
|
|
open: called by the VFS when an inode should be opened. When the VFS
|
|
opens a file, it creates a new "struct file". It then calls the
|
|
open method for the newly allocated file structure. You might
|
|
think that the open method really belongs in
|
|
"struct inode_operations", and you may be right. I think it's
|
|
done the way it is because it makes filesystems simpler to
|
|
implement. The open() method is a good place to initialize the
|
|
"private_data" member in the file structure if you want to point
|
|
to a device structure
|
|
|
|
flush: called by the close(2) system call to flush a file
|
|
|
|
release: called when the last reference to an open file is closed
|
|
|
|
fsync: called by the fsync(2) system call
|
|
|
|
fasync: called by the fcntl(2) system call when asynchronous
|
|
(non-blocking) mode is enabled for a file
|
|
|
|
lock: called by the fcntl(2) system call for F_GETLK, F_SETLK, and F_SETLKW
|
|
commands
|
|
|
|
readv: called by the readv(2) system call
|
|
|
|
writev: called by the writev(2) system call
|
|
|
|
sendfile: called by the sendfile(2) system call
|
|
|
|
get_unmapped_area: called by the mmap(2) system call
|
|
|
|
check_flags: called by the fcntl(2) system call for F_SETFL command
|
|
|
|
dir_notify: called by the fcntl(2) system call for F_NOTIFY command
|
|
|
|
flock: called by the flock(2) system call
|
|
|
|
Note that the file operations are implemented by the specific
|
|
filesystem in which the inode resides. When opening a device node
|
|
(character or block special) most filesystems will call special
|
|
support routines in the VFS which will locate the required device
|
|
driver information. These support routines replace the filesystem file
|
|
operations with those for the device driver, and then proceed to call
|
|
the new open() method for the file. This is how opening a device file
|
|
in the filesystem eventually ends up calling the device driver open()
|
|
method.
|
|
|
|
|
|
Directory Entry Cache (dcache)
|
|
==============================
|
|
|
|
|
|
struct dentry_operations
|
|
------------------------
|
|
|
|
This describes how a filesystem can overload the standard dentry
|
|
operations. Dentries and the dcache are the domain of the VFS and the
|
|
individual filesystem implementations. Device drivers have no business
|
|
here. These methods may be set to NULL, as they are either optional or
|
|
the VFS uses a default. As of kernel 2.6.13, the following members are
|
|
defined:
|
|
|
|
struct dentry_operations {
|
|
int (*d_revalidate)(struct dentry *, struct nameidata *);
|
|
int (*d_hash) (struct dentry *, struct qstr *);
|
|
int (*d_compare) (struct dentry *, struct qstr *, struct qstr *);
|
|
int (*d_delete)(struct dentry *);
|
|
void (*d_release)(struct dentry *);
|
|
void (*d_iput)(struct dentry *, struct inode *);
|
|
};
|
|
|
|
d_revalidate: called when the VFS needs to revalidate a dentry. This
|
|
is called whenever a name look-up finds a dentry in the
|
|
dcache. Most filesystems leave this as NULL, because all their
|
|
dentries in the dcache are valid
|
|
|
|
d_hash: called when the VFS adds a dentry to the hash table
|
|
|
|
d_compare: called when a dentry should be compared with another
|
|
|
|
d_delete: called when the last reference to a dentry is
|
|
deleted. This means no-one is using the dentry, however it is
|
|
still valid and in the dcache
|
|
|
|
d_release: called when a dentry is really deallocated
|
|
|
|
d_iput: called when a dentry loses its inode (just prior to its
|
|
being deallocated). The default when this is NULL is that the
|
|
VFS calls iput(). If you define this method, you must call
|
|
iput() yourself
|
|
|
|
Each dentry has a pointer to its parent dentry, as well as a hash list
|
|
of child dentries. Child dentries are basically like files in a
|
|
directory.
|
|
|
|
|
|
Directory Entry Cache APIs
|
|
--------------------------
|
|
|
|
There are a number of functions defined which permit a filesystem to
|
|
manipulate dentries:
|
|
|
|
dget: open a new handle for an existing dentry (this just increments
|
|
the usage count)
|
|
|
|
dput: close a handle for a dentry (decrements the usage count). If
|
|
the usage count drops to 0, the "d_delete" method is called
|
|
and the dentry is placed on the unused list if the dentry is
|
|
still in its parents hash list. Putting the dentry on the
|
|
unused list just means that if the system needs some RAM, it
|
|
goes through the unused list of dentries and deallocates them.
|
|
If the dentry has already been unhashed and the usage count
|
|
drops to 0, in this case the dentry is deallocated after the
|
|
"d_delete" method is called
|
|
|
|
d_drop: this unhashes a dentry from its parents hash list. A
|
|
subsequent call to dput() will deallocate the dentry if its
|
|
usage count drops to 0
|
|
|
|
d_delete: delete a dentry. If there are no other open references to
|
|
the dentry then the dentry is turned into a negative dentry
|
|
(the d_iput() method is called). If there are other
|
|
references, then d_drop() is called instead
|
|
|
|
d_add: add a dentry to its parents hash list and then calls
|
|
d_instantiate()
|
|
|
|
d_instantiate: add a dentry to the alias hash list for the inode and
|
|
updates the "d_inode" member. The "i_count" member in the
|
|
inode structure should be set/incremented. If the inode
|
|
pointer is NULL, the dentry is called a "negative
|
|
dentry". This function is commonly called when an inode is
|
|
created for an existing negative dentry
|
|
|
|
d_lookup: look up a dentry given its parent and path name component
|
|
It looks up the child of that given name from the dcache
|
|
hash table. If it is found, the reference count is incremented
|
|
and the dentry is returned. The caller must use d_put()
|
|
to free the dentry when it finishes using it.
|
|
|
|
|
|
RCU-based dcache locking model
|
|
------------------------------
|
|
|
|
On many workloads, the most common operation on dcache is
|
|
to look up a dentry, given a parent dentry and the name
|
|
of the child. Typically, for every open(), stat() etc.,
|
|
the dentry corresponding to the pathname will be looked
|
|
up by walking the tree starting with the first component
|
|
of the pathname and using that dentry along with the next
|
|
component to look up the next level and so on. Since it
|
|
is a frequent operation for workloads like multiuser
|
|
environments and web servers, it is important to optimize
|
|
this path.
|
|
|
|
Prior to 2.5.10, dcache_lock was acquired in d_lookup and thus
|
|
in every component during path look-up. Since 2.5.10 onwards,
|
|
fast-walk algorithm changed this by holding the dcache_lock
|
|
at the beginning and walking as many cached path component
|
|
dentries as possible. This significantly decreases the number
|
|
of acquisition of dcache_lock. However it also increases the
|
|
lock hold time significantly and affects performance in large
|
|
SMP machines. Since 2.5.62 kernel, dcache has been using
|
|
a new locking model that uses RCU to make dcache look-up
|
|
lock-free.
|
|
|
|
The current dcache locking model is not very different from the existing
|
|
dcache locking model. Prior to 2.5.62 kernel, dcache_lock
|
|
protected the hash chain, d_child, d_alias, d_lru lists as well
|
|
as d_inode and several other things like mount look-up. RCU-based
|
|
changes affect only the way the hash chain is protected. For everything
|
|
else the dcache_lock must be taken for both traversing as well as
|
|
updating. The hash chain updates too take the dcache_lock.
|
|
The significant change is the way d_lookup traverses the hash chain,
|
|
it doesn't acquire the dcache_lock for this and rely on RCU to
|
|
ensure that the dentry has not been *freed*.
|
|
|
|
|
|
Dcache locking details
|
|
----------------------
|
|
|
|
For many multi-user workloads, open() and stat() on files are
|
|
very frequently occurring operations. Both involve walking
|
|
of path names to find the dentry corresponding to the
|
|
concerned file. In 2.4 kernel, dcache_lock was held
|
|
during look-up of each path component. Contention and
|
|
cache-line bouncing of this global lock caused significant
|
|
scalability problems. With the introduction of RCU
|
|
in Linux kernel, this was worked around by making
|
|
the look-up of path components during path walking lock-free.
|
|
|
|
|
|
Safe lock-free look-up of dcache hash table
|
|
===========================================
|
|
|
|
Dcache is a complex data structure with the hash table entries
|
|
also linked together in other lists. In 2.4 kernel, dcache_lock
|
|
protected all the lists. We applied RCU only on hash chain
|
|
walking. The rest of the lists are still protected by dcache_lock.
|
|
Some of the important changes are :
|
|
|
|
1. The deletion from hash chain is done using hlist_del_rcu() macro which
|
|
doesn't initialize next pointer of the deleted dentry and this
|
|
allows us to walk safely lock-free while a deletion is happening.
|
|
|
|
2. Insertion of a dentry into the hash table is done using
|
|
hlist_add_head_rcu() which take care of ordering the writes -
|
|
the writes to the dentry must be visible before the dentry
|
|
is inserted. This works in conjunction with hlist_for_each_rcu()
|
|
while walking the hash chain. The only requirement is that
|
|
all initialization to the dentry must be done before hlist_add_head_rcu()
|
|
since we don't have dcache_lock protection while traversing
|
|
the hash chain. This isn't different from the existing code.
|
|
|
|
3. The dentry looked up without holding dcache_lock by cannot be
|
|
returned for walking if it is unhashed. It then may have a NULL
|
|
d_inode or other bogosity since RCU doesn't protect the other
|
|
fields in the dentry. We therefore use a flag DCACHE_UNHASHED to
|
|
indicate unhashed dentries and use this in conjunction with a
|
|
per-dentry lock (d_lock). Once looked up without the dcache_lock,
|
|
we acquire the per-dentry lock (d_lock) and check if the
|
|
dentry is unhashed. If so, the look-up is failed. If not, the
|
|
reference count of the dentry is increased and the dentry is returned.
|
|
|
|
4. Once a dentry is looked up, it must be ensured during the path
|
|
walk for that component it doesn't go away. In pre-2.5.10 code,
|
|
this was done holding a reference to the dentry. dcache_rcu does
|
|
the same. In some sense, dcache_rcu path walking looks like
|
|
the pre-2.5.10 version.
|
|
|
|
5. All dentry hash chain updates must take the dcache_lock as well as
|
|
the per-dentry lock in that order. dput() does this to ensure
|
|
that a dentry that has just been looked up in another CPU
|
|
doesn't get deleted before dget() can be done on it.
|
|
|
|
6. There are several ways to do reference counting of RCU protected
|
|
objects. One such example is in ipv4 route cache where
|
|
deferred freeing (using call_rcu()) is done as soon as
|
|
the reference count goes to zero. This cannot be done in
|
|
the case of dentries because tearing down of dentries
|
|
require blocking (dentry_iput()) which isn't supported from
|
|
RCU callbacks. Instead, tearing down of dentries happen
|
|
synchronously in dput(), but actual freeing happens later
|
|
when RCU grace period is over. This allows safe lock-free
|
|
walking of the hash chains, but a matched dentry may have
|
|
been partially torn down. The checking of DCACHE_UNHASHED
|
|
flag with d_lock held detects such dentries and prevents
|
|
them from being returned from look-up.
|
|
|
|
|
|
Maintaining POSIX rename semantics
|
|
==================================
|
|
|
|
Since look-up of dentries is lock-free, it can race against
|
|
a concurrent rename operation. For example, during rename
|
|
of file A to B, look-up of either A or B must succeed.
|
|
So, if look-up of B happens after A has been removed from the
|
|
hash chain but not added to the new hash chain, it may fail.
|
|
Also, a comparison while the name is being written concurrently
|
|
by a rename may result in false positive matches violating
|
|
rename semantics. Issues related to race with rename are
|
|
handled as described below :
|
|
|
|
1. Look-up can be done in two ways - d_lookup() which is safe
|
|
from simultaneous renames and __d_lookup() which is not.
|
|
If __d_lookup() fails, it must be followed up by a d_lookup()
|
|
to correctly determine whether a dentry is in the hash table
|
|
or not. d_lookup() protects look-ups using a sequence
|
|
lock (rename_lock).
|
|
|
|
2. The name associated with a dentry (d_name) may be changed if
|
|
a rename is allowed to happen simultaneously. To avoid memcmp()
|
|
in __d_lookup() go out of bounds due to a rename and false
|
|
positive comparison, the name comparison is done while holding the
|
|
per-dentry lock. This prevents concurrent renames during this
|
|
operation.
|
|
|
|
3. Hash table walking during look-up may move to a different bucket as
|
|
the current dentry is moved to a different bucket due to rename.
|
|
But we use hlists in dcache hash table and they are null-terminated.
|
|
So, even if a dentry moves to a different bucket, hash chain
|
|
walk will terminate. [with a list_head list, it may not since
|
|
termination is when the list_head in the original bucket is reached].
|
|
Since we redo the d_parent check and compare name while holding
|
|
d_lock, lock-free look-up will not race against d_move().
|
|
|
|
4. There can be a theoretical race when a dentry keeps coming back
|
|
to original bucket due to double moves. Due to this look-up may
|
|
consider that it has never moved and can end up in a infinite loop.
|
|
But this is not any worse that theoretical livelocks we already
|
|
have in the kernel.
|
|
|
|
|
|
Important guidelines for filesystem developers related to dcache_rcu
|
|
====================================================================
|
|
|
|
1. Existing dcache interfaces (pre-2.5.62) exported to filesystem
|
|
don't change. Only dcache internal implementation changes. However
|
|
filesystems *must not* delete from the dentry hash chains directly
|
|
using the list macros like allowed earlier. They must use dcache
|
|
APIs like d_drop() or __d_drop() depending on the situation.
|
|
|
|
2. d_flags is now protected by a per-dentry lock (d_lock). All
|
|
access to d_flags must be protected by it.
|
|
|
|
3. For a hashed dentry, checking of d_count needs to be protected
|
|
by d_lock.
|
|
|
|
|
|
Papers and other documentation on dcache locking
|
|
================================================
|
|
|
|
1. Scaling dcache with RCU (http://linuxjournal.com/article.php?sid=7124).
|
|
|
|
2. http://lse.sourceforge.net/locking/dcache/dcache.html
|
|
|