mirror of
https://github.com/edk2-porting/linux-next.git
synced 2025-01-07 13:13:57 +08:00
2f99cc6e46
* document locking * add the missing part of data structure invariants (relationship between mnt_share and mnt_slave lists in case of a peer group among slaves). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
940 lines
29 KiB
Plaintext
940 lines
29 KiB
Plaintext
Shared Subtrees
|
|
---------------
|
|
|
|
Contents:
|
|
1) Overview
|
|
2) Features
|
|
3) Setting mount states
|
|
4) Use-case
|
|
5) Detailed semantics
|
|
6) Quiz
|
|
7) FAQ
|
|
8) Implementation
|
|
|
|
|
|
1) Overview
|
|
-----------
|
|
|
|
Consider the following situation:
|
|
|
|
A process wants to clone its own namespace, but still wants to access the CD
|
|
that got mounted recently. Shared subtree semantics provide the necessary
|
|
mechanism to accomplish the above.
|
|
|
|
It provides the necessary building blocks for features like per-user-namespace
|
|
and versioned filesystem.
|
|
|
|
2) Features
|
|
-----------
|
|
|
|
Shared subtree provides four different flavors of mounts; struct vfsmount to be
|
|
precise
|
|
|
|
a. shared mount
|
|
b. slave mount
|
|
c. private mount
|
|
d. unbindable mount
|
|
|
|
|
|
2a) A shared mount can be replicated to as many mountpoints and all the
|
|
replicas continue to be exactly same.
|
|
|
|
Here is an example:
|
|
|
|
Let's say /mnt has a mount that is shared.
|
|
mount --make-shared /mnt
|
|
|
|
Note: mount(8) command now supports the --make-shared flag,
|
|
so the sample 'smount' program is no longer needed and has been
|
|
removed.
|
|
|
|
# mount --bind /mnt /tmp
|
|
The above command replicates the mount at /mnt to the mountpoint /tmp
|
|
and the contents of both the mounts remain identical.
|
|
|
|
#ls /mnt
|
|
a b c
|
|
|
|
#ls /tmp
|
|
a b c
|
|
|
|
Now let's say we mount a device at /tmp/a
|
|
# mount /dev/sd0 /tmp/a
|
|
|
|
#ls /tmp/a
|
|
t1 t2 t2
|
|
|
|
#ls /mnt/a
|
|
t1 t2 t2
|
|
|
|
Note that the mount has propagated to the mount at /mnt as well.
|
|
|
|
And the same is true even when /dev/sd0 is mounted on /mnt/a. The
|
|
contents will be visible under /tmp/a too.
|
|
|
|
|
|
2b) A slave mount is like a shared mount except that mount and umount events
|
|
only propagate towards it.
|
|
|
|
All slave mounts have a master mount which is a shared.
|
|
|
|
Here is an example:
|
|
|
|
Let's say /mnt has a mount which is shared.
|
|
# mount --make-shared /mnt
|
|
|
|
Let's bind mount /mnt to /tmp
|
|
# mount --bind /mnt /tmp
|
|
|
|
the new mount at /tmp becomes a shared mount and it is a replica of
|
|
the mount at /mnt.
|
|
|
|
Now let's make the mount at /tmp; a slave of /mnt
|
|
# mount --make-slave /tmp
|
|
|
|
let's mount /dev/sd0 on /mnt/a
|
|
# mount /dev/sd0 /mnt/a
|
|
|
|
#ls /mnt/a
|
|
t1 t2 t3
|
|
|
|
#ls /tmp/a
|
|
t1 t2 t3
|
|
|
|
Note the mount event has propagated to the mount at /tmp
|
|
|
|
However let's see what happens if we mount something on the mount at /tmp
|
|
|
|
# mount /dev/sd1 /tmp/b
|
|
|
|
#ls /tmp/b
|
|
s1 s2 s3
|
|
|
|
#ls /mnt/b
|
|
|
|
Note how the mount event has not propagated to the mount at
|
|
/mnt
|
|
|
|
|
|
2c) A private mount does not forward or receive propagation.
|
|
|
|
This is the mount we are familiar with. Its the default type.
|
|
|
|
|
|
2d) A unbindable mount is a unbindable private mount
|
|
|
|
let's say we have a mount at /mnt and we make is unbindable
|
|
|
|
# mount --make-unbindable /mnt
|
|
|
|
Let's try to bind mount this mount somewhere else.
|
|
# mount --bind /mnt /tmp
|
|
mount: wrong fs type, bad option, bad superblock on /mnt,
|
|
or too many mounted file systems
|
|
|
|
Binding a unbindable mount is a invalid operation.
|
|
|
|
|
|
3) Setting mount states
|
|
|
|
The mount command (util-linux package) can be used to set mount
|
|
states:
|
|
|
|
mount --make-shared mountpoint
|
|
mount --make-slave mountpoint
|
|
mount --make-private mountpoint
|
|
mount --make-unbindable mountpoint
|
|
|
|
|
|
4) Use cases
|
|
------------
|
|
|
|
A) A process wants to clone its own namespace, but still wants to
|
|
access the CD that got mounted recently.
|
|
|
|
Solution:
|
|
|
|
The system administrator can make the mount at /cdrom shared
|
|
mount --bind /cdrom /cdrom
|
|
mount --make-shared /cdrom
|
|
|
|
Now any process that clones off a new namespace will have a
|
|
mount at /cdrom which is a replica of the same mount in the
|
|
parent namespace.
|
|
|
|
So when a CD is inserted and mounted at /cdrom that mount gets
|
|
propagated to the other mount at /cdrom in all the other clone
|
|
namespaces.
|
|
|
|
B) A process wants its mounts invisible to any other process, but
|
|
still be able to see the other system mounts.
|
|
|
|
Solution:
|
|
|
|
To begin with, the administrator can mark the entire mount tree
|
|
as shareable.
|
|
|
|
mount --make-rshared /
|
|
|
|
A new process can clone off a new namespace. And mark some part
|
|
of its namespace as slave
|
|
|
|
mount --make-rslave /myprivatetree
|
|
|
|
Hence forth any mounts within the /myprivatetree done by the
|
|
process will not show up in any other namespace. However mounts
|
|
done in the parent namespace under /myprivatetree still shows
|
|
up in the process's namespace.
|
|
|
|
|
|
Apart from the above semantics this feature provides the
|
|
building blocks to solve the following problems:
|
|
|
|
C) Per-user namespace
|
|
|
|
The above semantics allows a way to share mounts across
|
|
namespaces. But namespaces are associated with processes. If
|
|
namespaces are made first class objects with user API to
|
|
associate/disassociate a namespace with userid, then each user
|
|
could have his/her own namespace and tailor it to his/her
|
|
requirements. Offcourse its needs support from PAM.
|
|
|
|
D) Versioned files
|
|
|
|
If the entire mount tree is visible at multiple locations, then
|
|
a underlying versioning file system can return different
|
|
version of the file depending on the path used to access that
|
|
file.
|
|
|
|
An example is:
|
|
|
|
mount --make-shared /
|
|
mount --rbind / /view/v1
|
|
mount --rbind / /view/v2
|
|
mount --rbind / /view/v3
|
|
mount --rbind / /view/v4
|
|
|
|
and if /usr has a versioning filesystem mounted, then that
|
|
mount appears at /view/v1/usr, /view/v2/usr, /view/v3/usr and
|
|
/view/v4/usr too
|
|
|
|
A user can request v3 version of the file /usr/fs/namespace.c
|
|
by accessing /view/v3/usr/fs/namespace.c . The underlying
|
|
versioning filesystem can then decipher that v3 version of the
|
|
filesystem is being requested and return the corresponding
|
|
inode.
|
|
|
|
5) Detailed semantics:
|
|
-------------------
|
|
The section below explains the detailed semantics of
|
|
bind, rbind, move, mount, umount and clone-namespace operations.
|
|
|
|
Note: the word 'vfsmount' and the noun 'mount' have been used
|
|
to mean the same thing, throughout this document.
|
|
|
|
5a) Mount states
|
|
|
|
A given mount can be in one of the following states
|
|
1) shared
|
|
2) slave
|
|
3) shared and slave
|
|
4) private
|
|
5) unbindable
|
|
|
|
A 'propagation event' is defined as event generated on a vfsmount
|
|
that leads to mount or unmount actions in other vfsmounts.
|
|
|
|
A 'peer group' is defined as a group of vfsmounts that propagate
|
|
events to each other.
|
|
|
|
(1) Shared mounts
|
|
|
|
A 'shared mount' is defined as a vfsmount that belongs to a
|
|
'peer group'.
|
|
|
|
For example:
|
|
mount --make-shared /mnt
|
|
mount --bind /mnt /tmp
|
|
|
|
The mount at /mnt and that at /tmp are both shared and belong
|
|
to the same peer group. Anything mounted or unmounted under
|
|
/mnt or /tmp reflect in all the other mounts of its peer
|
|
group.
|
|
|
|
|
|
(2) Slave mounts
|
|
|
|
A 'slave mount' is defined as a vfsmount that receives
|
|
propagation events and does not forward propagation events.
|
|
|
|
A slave mount as the name implies has a master mount from which
|
|
mount/unmount events are received. Events do not propagate from
|
|
the slave mount to the master. Only a shared mount can be made
|
|
a slave by executing the following command
|
|
|
|
mount --make-slave mount
|
|
|
|
A shared mount that is made as a slave is no more shared unless
|
|
modified to become shared.
|
|
|
|
(3) Shared and Slave
|
|
|
|
A vfsmount can be both shared as well as slave. This state
|
|
indicates that the mount is a slave of some vfsmount, and
|
|
has its own peer group too. This vfsmount receives propagation
|
|
events from its master vfsmount, and also forwards propagation
|
|
events to its 'peer group' and to its slave vfsmounts.
|
|
|
|
Strictly speaking, the vfsmount is shared having its own
|
|
peer group, and this peer-group is a slave of some other
|
|
peer group.
|
|
|
|
Only a slave vfsmount can be made as 'shared and slave' by
|
|
either executing the following command
|
|
mount --make-shared mount
|
|
or by moving the slave vfsmount under a shared vfsmount.
|
|
|
|
(4) Private mount
|
|
|
|
A 'private mount' is defined as vfsmount that does not
|
|
receive or forward any propagation events.
|
|
|
|
(5) Unbindable mount
|
|
|
|
A 'unbindable mount' is defined as vfsmount that does not
|
|
receive or forward any propagation events and cannot
|
|
be bind mounted.
|
|
|
|
|
|
State diagram:
|
|
The state diagram below explains the state transition of a mount,
|
|
in response to various commands.
|
|
------------------------------------------------------------------------
|
|
| |make-shared | make-slave | make-private |make-unbindab|
|
|
--------------|------------|--------------|--------------|-------------|
|
|
|shared |shared |*slave/private| private | unbindable |
|
|
| | | | | |
|
|
|-------------|------------|--------------|--------------|-------------|
|
|
|slave |shared | **slave | private | unbindable |
|
|
| |and slave | | | |
|
|
|-------------|------------|--------------|--------------|-------------|
|
|
|shared |shared | slave | private | unbindable |
|
|
|and slave |and slave | | | |
|
|
|-------------|------------|--------------|--------------|-------------|
|
|
|private |shared | **private | private | unbindable |
|
|
|-------------|------------|--------------|--------------|-------------|
|
|
|unbindable |shared |**unbindable | private | unbindable |
|
|
------------------------------------------------------------------------
|
|
|
|
* if the shared mount is the only mount in its peer group, making it
|
|
slave, makes it private automatically. Note that there is no master to
|
|
which it can be slaved to.
|
|
|
|
** slaving a non-shared mount has no effect on the mount.
|
|
|
|
Apart from the commands listed below, the 'move' operation also changes
|
|
the state of a mount depending on type of the destination mount. Its
|
|
explained in section 5d.
|
|
|
|
5b) Bind semantics
|
|
|
|
Consider the following command
|
|
|
|
mount --bind A/a B/b
|
|
|
|
where 'A' is the source mount, 'a' is the dentry in the mount 'A', 'B'
|
|
is the destination mount and 'b' is the dentry in the destination mount.
|
|
|
|
The outcome depends on the type of mount of 'A' and 'B'. The table
|
|
below contains quick reference.
|
|
---------------------------------------------------------------------------
|
|
| BIND MOUNT OPERATION |
|
|
|**************************************************************************
|
|
|source(A)->| shared | private | slave | unbindable |
|
|
| dest(B) | | | | |
|
|
| | | | | | |
|
|
| v | | | | |
|
|
|**************************************************************************
|
|
| shared | shared | shared | shared & slave | invalid |
|
|
| | | | | |
|
|
|non-shared| shared | private | slave | invalid |
|
|
***************************************************************************
|
|
|
|
Details:
|
|
|
|
1. 'A' is a shared mount and 'B' is a shared mount. A new mount 'C'
|
|
which is clone of 'A', is created. Its root dentry is 'a' . 'C' is
|
|
mounted on mount 'B' at dentry 'b'. Also new mount 'C1', 'C2', 'C3' ...
|
|
are created and mounted at the dentry 'b' on all mounts where 'B'
|
|
propagates to. A new propagation tree containing 'C1',..,'Cn' is
|
|
created. This propagation tree is identical to the propagation tree of
|
|
'B'. And finally the peer-group of 'C' is merged with the peer group
|
|
of 'A'.
|
|
|
|
2. 'A' is a private mount and 'B' is a shared mount. A new mount 'C'
|
|
which is clone of 'A', is created. Its root dentry is 'a'. 'C' is
|
|
mounted on mount 'B' at dentry 'b'. Also new mount 'C1', 'C2', 'C3' ...
|
|
are created and mounted at the dentry 'b' on all mounts where 'B'
|
|
propagates to. A new propagation tree is set containing all new mounts
|
|
'C', 'C1', .., 'Cn' with exactly the same configuration as the
|
|
propagation tree for 'B'.
|
|
|
|
3. 'A' is a slave mount of mount 'Z' and 'B' is a shared mount. A new
|
|
mount 'C' which is clone of 'A', is created. Its root dentry is 'a' .
|
|
'C' is mounted on mount 'B' at dentry 'b'. Also new mounts 'C1', 'C2',
|
|
'C3' ... are created and mounted at the dentry 'b' on all mounts where
|
|
'B' propagates to. A new propagation tree containing the new mounts
|
|
'C','C1',.. 'Cn' is created. This propagation tree is identical to the
|
|
propagation tree for 'B'. And finally the mount 'C' and its peer group
|
|
is made the slave of mount 'Z'. In other words, mount 'C' is in the
|
|
state 'slave and shared'.
|
|
|
|
4. 'A' is a unbindable mount and 'B' is a shared mount. This is a
|
|
invalid operation.
|
|
|
|
5. 'A' is a private mount and 'B' is a non-shared(private or slave or
|
|
unbindable) mount. A new mount 'C' which is clone of 'A', is created.
|
|
Its root dentry is 'a'. 'C' is mounted on mount 'B' at dentry 'b'.
|
|
|
|
6. 'A' is a shared mount and 'B' is a non-shared mount. A new mount 'C'
|
|
which is a clone of 'A' is created. Its root dentry is 'a'. 'C' is
|
|
mounted on mount 'B' at dentry 'b'. 'C' is made a member of the
|
|
peer-group of 'A'.
|
|
|
|
7. 'A' is a slave mount of mount 'Z' and 'B' is a non-shared mount. A
|
|
new mount 'C' which is a clone of 'A' is created. Its root dentry is
|
|
'a'. 'C' is mounted on mount 'B' at dentry 'b'. Also 'C' is set as a
|
|
slave mount of 'Z'. In other words 'A' and 'C' are both slave mounts of
|
|
'Z'. All mount/unmount events on 'Z' propagates to 'A' and 'C'. But
|
|
mount/unmount on 'A' do not propagate anywhere else. Similarly
|
|
mount/unmount on 'C' do not propagate anywhere else.
|
|
|
|
8. 'A' is a unbindable mount and 'B' is a non-shared mount. This is a
|
|
invalid operation. A unbindable mount cannot be bind mounted.
|
|
|
|
5c) Rbind semantics
|
|
|
|
rbind is same as bind. Bind replicates the specified mount. Rbind
|
|
replicates all the mounts in the tree belonging to the specified mount.
|
|
Rbind mount is bind mount applied to all the mounts in the tree.
|
|
|
|
If the source tree that is rbind has some unbindable mounts,
|
|
then the subtree under the unbindable mount is pruned in the new
|
|
location.
|
|
|
|
eg: let's say we have the following mount tree.
|
|
|
|
A
|
|
/ \
|
|
B C
|
|
/ \ / \
|
|
D E F G
|
|
|
|
Let's say all the mount except the mount C in the tree are
|
|
of a type other than unbindable.
|
|
|
|
If this tree is rbound to say Z
|
|
|
|
We will have the following tree at the new location.
|
|
|
|
Z
|
|
|
|
|
A'
|
|
/
|
|
B' Note how the tree under C is pruned
|
|
/ \ in the new location.
|
|
D' E'
|
|
|
|
|
|
|
|
5d) Move semantics
|
|
|
|
Consider the following command
|
|
|
|
mount --move A B/b
|
|
|
|
where 'A' is the source mount, 'B' is the destination mount and 'b' is
|
|
the dentry in the destination mount.
|
|
|
|
The outcome depends on the type of the mount of 'A' and 'B'. The table
|
|
below is a quick reference.
|
|
---------------------------------------------------------------------------
|
|
| MOVE MOUNT OPERATION |
|
|
|**************************************************************************
|
|
| source(A)->| shared | private | slave | unbindable |
|
|
| dest(B) | | | | |
|
|
| | | | | | |
|
|
| v | | | | |
|
|
|**************************************************************************
|
|
| shared | shared | shared |shared and slave| invalid |
|
|
| | | | | |
|
|
|non-shared| shared | private | slave | unbindable |
|
|
***************************************************************************
|
|
NOTE: moving a mount residing under a shared mount is invalid.
|
|
|
|
Details follow:
|
|
|
|
1. 'A' is a shared mount and 'B' is a shared mount. The mount 'A' is
|
|
mounted on mount 'B' at dentry 'b'. Also new mounts 'A1', 'A2'...'An'
|
|
are created and mounted at dentry 'b' on all mounts that receive
|
|
propagation from mount 'B'. A new propagation tree is created in the
|
|
exact same configuration as that of 'B'. This new propagation tree
|
|
contains all the new mounts 'A1', 'A2'... 'An'. And this new
|
|
propagation tree is appended to the already existing propagation tree
|
|
of 'A'.
|
|
|
|
2. 'A' is a private mount and 'B' is a shared mount. The mount 'A' is
|
|
mounted on mount 'B' at dentry 'b'. Also new mount 'A1', 'A2'... 'An'
|
|
are created and mounted at dentry 'b' on all mounts that receive
|
|
propagation from mount 'B'. The mount 'A' becomes a shared mount and a
|
|
propagation tree is created which is identical to that of
|
|
'B'. This new propagation tree contains all the new mounts 'A1',
|
|
'A2'... 'An'.
|
|
|
|
3. 'A' is a slave mount of mount 'Z' and 'B' is a shared mount. The
|
|
mount 'A' is mounted on mount 'B' at dentry 'b'. Also new mounts 'A1',
|
|
'A2'... 'An' are created and mounted at dentry 'b' on all mounts that
|
|
receive propagation from mount 'B'. A new propagation tree is created
|
|
in the exact same configuration as that of 'B'. This new propagation
|
|
tree contains all the new mounts 'A1', 'A2'... 'An'. And this new
|
|
propagation tree is appended to the already existing propagation tree of
|
|
'A'. Mount 'A' continues to be the slave mount of 'Z' but it also
|
|
becomes 'shared'.
|
|
|
|
4. 'A' is a unbindable mount and 'B' is a shared mount. The operation
|
|
is invalid. Because mounting anything on the shared mount 'B' can
|
|
create new mounts that get mounted on the mounts that receive
|
|
propagation from 'B'. And since the mount 'A' is unbindable, cloning
|
|
it to mount at other mountpoints is not possible.
|
|
|
|
5. 'A' is a private mount and 'B' is a non-shared(private or slave or
|
|
unbindable) mount. The mount 'A' is mounted on mount 'B' at dentry 'b'.
|
|
|
|
6. 'A' is a shared mount and 'B' is a non-shared mount. The mount 'A'
|
|
is mounted on mount 'B' at dentry 'b'. Mount 'A' continues to be a
|
|
shared mount.
|
|
|
|
7. 'A' is a slave mount of mount 'Z' and 'B' is a non-shared mount.
|
|
The mount 'A' is mounted on mount 'B' at dentry 'b'. Mount 'A'
|
|
continues to be a slave mount of mount 'Z'.
|
|
|
|
8. 'A' is a unbindable mount and 'B' is a non-shared mount. The mount
|
|
'A' is mounted on mount 'B' at dentry 'b'. Mount 'A' continues to be a
|
|
unbindable mount.
|
|
|
|
5e) Mount semantics
|
|
|
|
Consider the following command
|
|
|
|
mount device B/b
|
|
|
|
'B' is the destination mount and 'b' is the dentry in the destination
|
|
mount.
|
|
|
|
The above operation is the same as bind operation with the exception
|
|
that the source mount is always a private mount.
|
|
|
|
|
|
5f) Unmount semantics
|
|
|
|
Consider the following command
|
|
|
|
umount A
|
|
|
|
where 'A' is a mount mounted on mount 'B' at dentry 'b'.
|
|
|
|
If mount 'B' is shared, then all most-recently-mounted mounts at dentry
|
|
'b' on mounts that receive propagation from mount 'B' and does not have
|
|
sub-mounts within them are unmounted.
|
|
|
|
Example: Let's say 'B1', 'B2', 'B3' are shared mounts that propagate to
|
|
each other.
|
|
|
|
let's say 'A1', 'A2', 'A3' are first mounted at dentry 'b' on mount
|
|
'B1', 'B2' and 'B3' respectively.
|
|
|
|
let's say 'C1', 'C2', 'C3' are next mounted at the same dentry 'b' on
|
|
mount 'B1', 'B2' and 'B3' respectively.
|
|
|
|
if 'C1' is unmounted, all the mounts that are most-recently-mounted on
|
|
'B1' and on the mounts that 'B1' propagates-to are unmounted.
|
|
|
|
'B1' propagates to 'B2' and 'B3'. And the most recently mounted mount
|
|
on 'B2' at dentry 'b' is 'C2', and that of mount 'B3' is 'C3'.
|
|
|
|
So all 'C1', 'C2' and 'C3' should be unmounted.
|
|
|
|
If any of 'C2' or 'C3' has some child mounts, then that mount is not
|
|
unmounted, but all other mounts are unmounted. However if 'C1' is told
|
|
to be unmounted and 'C1' has some sub-mounts, the umount operation is
|
|
failed entirely.
|
|
|
|
5g) Clone Namespace
|
|
|
|
A cloned namespace contains all the mounts as that of the parent
|
|
namespace.
|
|
|
|
Let's say 'A' and 'B' are the corresponding mounts in the parent and the
|
|
child namespace.
|
|
|
|
If 'A' is shared, then 'B' is also shared and 'A' and 'B' propagate to
|
|
each other.
|
|
|
|
If 'A' is a slave mount of 'Z', then 'B' is also the slave mount of
|
|
'Z'.
|
|
|
|
If 'A' is a private mount, then 'B' is a private mount too.
|
|
|
|
If 'A' is unbindable mount, then 'B' is a unbindable mount too.
|
|
|
|
|
|
6) Quiz
|
|
|
|
A. What is the result of the following command sequence?
|
|
|
|
mount --bind /mnt /mnt
|
|
mount --make-shared /mnt
|
|
mount --bind /mnt /tmp
|
|
mount --move /tmp /mnt/1
|
|
|
|
what should be the contents of /mnt /mnt/1 /mnt/1/1 should be?
|
|
Should they all be identical? or should /mnt and /mnt/1 be
|
|
identical only?
|
|
|
|
|
|
B. What is the result of the following command sequence?
|
|
|
|
mount --make-rshared /
|
|
mkdir -p /v/1
|
|
mount --rbind / /v/1
|
|
|
|
what should be the content of /v/1/v/1 be?
|
|
|
|
|
|
C. What is the result of the following command sequence?
|
|
|
|
mount --bind /mnt /mnt
|
|
mount --make-shared /mnt
|
|
mkdir -p /mnt/1/2/3 /mnt/1/test
|
|
mount --bind /mnt/1 /tmp
|
|
mount --make-slave /mnt
|
|
mount --make-shared /mnt
|
|
mount --bind /mnt/1/2 /tmp1
|
|
mount --make-slave /mnt
|
|
|
|
At this point we have the first mount at /tmp and
|
|
its root dentry is 1. Let's call this mount 'A'
|
|
And then we have a second mount at /tmp1 with root
|
|
dentry 2. Let's call this mount 'B'
|
|
Next we have a third mount at /mnt with root dentry
|
|
mnt. Let's call this mount 'C'
|
|
|
|
'B' is the slave of 'A' and 'C' is a slave of 'B'
|
|
A -> B -> C
|
|
|
|
at this point if we execute the following command
|
|
|
|
mount --bind /bin /tmp/test
|
|
|
|
The mount is attempted on 'A'
|
|
|
|
will the mount propagate to 'B' and 'C' ?
|
|
|
|
what would be the contents of
|
|
/mnt/1/test be?
|
|
|
|
7) FAQ
|
|
|
|
Q1. Why is bind mount needed? How is it different from symbolic links?
|
|
symbolic links can get stale if the destination mount gets
|
|
unmounted or moved. Bind mounts continue to exist even if the
|
|
other mount is unmounted or moved.
|
|
|
|
Q2. Why can't the shared subtree be implemented using exportfs?
|
|
|
|
exportfs is a heavyweight way of accomplishing part of what
|
|
shared subtree can do. I cannot imagine a way to implement the
|
|
semantics of slave mount using exportfs?
|
|
|
|
Q3 Why is unbindable mount needed?
|
|
|
|
Let's say we want to replicate the mount tree at multiple
|
|
locations within the same subtree.
|
|
|
|
if one rbind mounts a tree within the same subtree 'n' times
|
|
the number of mounts created is an exponential function of 'n'.
|
|
Having unbindable mount can help prune the unneeded bind
|
|
mounts. Here is a example.
|
|
|
|
step 1:
|
|
let's say the root tree has just two directories with
|
|
one vfsmount.
|
|
root
|
|
/ \
|
|
tmp usr
|
|
|
|
And we want to replicate the tree at multiple
|
|
mountpoints under /root/tmp
|
|
|
|
step2:
|
|
mount --make-shared /root
|
|
|
|
mkdir -p /tmp/m1
|
|
|
|
mount --rbind /root /tmp/m1
|
|
|
|
the new tree now looks like this:
|
|
|
|
root
|
|
/ \
|
|
tmp usr
|
|
/
|
|
m1
|
|
/ \
|
|
tmp usr
|
|
/
|
|
m1
|
|
|
|
it has two vfsmounts
|
|
|
|
step3:
|
|
mkdir -p /tmp/m2
|
|
mount --rbind /root /tmp/m2
|
|
|
|
the new tree now looks like this:
|
|
|
|
root
|
|
/ \
|
|
tmp usr
|
|
/ \
|
|
m1 m2
|
|
/ \ / \
|
|
tmp usr tmp usr
|
|
/ \ /
|
|
m1 m2 m1
|
|
/ \ / \
|
|
tmp usr tmp usr
|
|
/ / \
|
|
m1 m1 m2
|
|
/ \
|
|
tmp usr
|
|
/ \
|
|
m1 m2
|
|
|
|
it has 6 vfsmounts
|
|
|
|
step 4:
|
|
mkdir -p /tmp/m3
|
|
mount --rbind /root /tmp/m3
|
|
|
|
I wont' draw the tree..but it has 24 vfsmounts
|
|
|
|
|
|
at step i the number of vfsmounts is V[i] = i*V[i-1].
|
|
This is an exponential function. And this tree has way more
|
|
mounts than what we really needed in the first place.
|
|
|
|
One could use a series of umount at each step to prune
|
|
out the unneeded mounts. But there is a better solution.
|
|
Unclonable mounts come in handy here.
|
|
|
|
step 1:
|
|
let's say the root tree has just two directories with
|
|
one vfsmount.
|
|
root
|
|
/ \
|
|
tmp usr
|
|
|
|
How do we set up the same tree at multiple locations under
|
|
/root/tmp
|
|
|
|
step2:
|
|
mount --bind /root/tmp /root/tmp
|
|
|
|
mount --make-rshared /root
|
|
mount --make-unbindable /root/tmp
|
|
|
|
mkdir -p /tmp/m1
|
|
|
|
mount --rbind /root /tmp/m1
|
|
|
|
the new tree now looks like this:
|
|
|
|
root
|
|
/ \
|
|
tmp usr
|
|
/
|
|
m1
|
|
/ \
|
|
tmp usr
|
|
|
|
step3:
|
|
mkdir -p /tmp/m2
|
|
mount --rbind /root /tmp/m2
|
|
|
|
the new tree now looks like this:
|
|
|
|
root
|
|
/ \
|
|
tmp usr
|
|
/ \
|
|
m1 m2
|
|
/ \ / \
|
|
tmp usr tmp usr
|
|
|
|
step4:
|
|
|
|
mkdir -p /tmp/m3
|
|
mount --rbind /root /tmp/m3
|
|
|
|
the new tree now looks like this:
|
|
|
|
root
|
|
/ \
|
|
tmp usr
|
|
/ \ \
|
|
m1 m2 m3
|
|
/ \ / \ / \
|
|
tmp usr tmp usr tmp usr
|
|
|
|
8) Implementation
|
|
|
|
8A) Datastructure
|
|
|
|
4 new fields are introduced to struct vfsmount
|
|
->mnt_share
|
|
->mnt_slave_list
|
|
->mnt_slave
|
|
->mnt_master
|
|
|
|
->mnt_share links together all the mount to/from which this vfsmount
|
|
send/receives propagation events.
|
|
|
|
->mnt_slave_list links all the mounts to which this vfsmount propagates
|
|
to.
|
|
|
|
->mnt_slave links together all the slaves that its master vfsmount
|
|
propagates to.
|
|
|
|
->mnt_master points to the master vfsmount from which this vfsmount
|
|
receives propagation.
|
|
|
|
->mnt_flags takes two more flags to indicate the propagation status of
|
|
the vfsmount. MNT_SHARE indicates that the vfsmount is a shared
|
|
vfsmount. MNT_UNCLONABLE indicates that the vfsmount cannot be
|
|
replicated.
|
|
|
|
All the shared vfsmounts in a peer group form a cyclic list through
|
|
->mnt_share.
|
|
|
|
All vfsmounts with the same ->mnt_master form on a cyclic list anchored
|
|
in ->mnt_master->mnt_slave_list and going through ->mnt_slave.
|
|
|
|
->mnt_master can point to arbitrary (and possibly different) members
|
|
of master peer group. To find all immediate slaves of a peer group
|
|
you need to go through _all_ ->mnt_slave_list of its members.
|
|
Conceptually it's just a single set - distribution among the
|
|
individual lists does not affect propagation or the way propagation
|
|
tree is modified by operations.
|
|
|
|
All vfsmounts in a peer group have the same ->mnt_master. If it is
|
|
non-NULL, they form a contiguous (ordered) segment of slave list.
|
|
|
|
A example propagation tree looks as shown in the figure below.
|
|
[ NOTE: Though it looks like a forest, if we consider all the shared
|
|
mounts as a conceptual entity called 'pnode', it becomes a tree]
|
|
|
|
|
|
A <--> B <--> C <---> D
|
|
/|\ /| |\
|
|
/ F G J K H I
|
|
/
|
|
E<-->K
|
|
/|\
|
|
M L N
|
|
|
|
In the above figure A,B,C and D all are shared and propagate to each
|
|
other. 'A' has got 3 slave mounts 'E' 'F' and 'G' 'C' has got 2 slave
|
|
mounts 'J' and 'K' and 'D' has got two slave mounts 'H' and 'I'.
|
|
'E' is also shared with 'K' and they propagate to each other. And
|
|
'K' has 3 slaves 'M', 'L' and 'N'
|
|
|
|
A's ->mnt_share links with the ->mnt_share of 'B' 'C' and 'D'
|
|
|
|
A's ->mnt_slave_list links with ->mnt_slave of 'E', 'K', 'F' and 'G'
|
|
|
|
E's ->mnt_share links with ->mnt_share of K
|
|
'E', 'K', 'F', 'G' have their ->mnt_master point to struct
|
|
vfsmount of 'A'
|
|
'M', 'L', 'N' have their ->mnt_master point to struct vfsmount of 'K'
|
|
K's ->mnt_slave_list links with ->mnt_slave of 'M', 'L' and 'N'
|
|
|
|
C's ->mnt_slave_list links with ->mnt_slave of 'J' and 'K'
|
|
J and K's ->mnt_master points to struct vfsmount of C
|
|
and finally D's ->mnt_slave_list links with ->mnt_slave of 'H' and 'I'
|
|
'H' and 'I' have their ->mnt_master pointing to struct vfsmount of 'D'.
|
|
|
|
|
|
NOTE: The propagation tree is orthogonal to the mount tree.
|
|
|
|
8B Locking:
|
|
|
|
->mnt_share, ->mnt_slave, ->mnt_slave_list, ->mnt_master are protected
|
|
by namespace_sem (exclusive for modifications, shared for reading).
|
|
|
|
Normally we have ->mnt_flags modifications serialized by vfsmount_lock.
|
|
There are two exceptions: do_add_mount() and clone_mnt().
|
|
The former modifies a vfsmount that has not been visible in any shared
|
|
data structures yet.
|
|
The latter holds namespace_sem and the only references to vfsmount
|
|
are in lists that can't be traversed without namespace_sem.
|
|
|
|
8C Algorithm:
|
|
|
|
The crux of the implementation resides in rbind/move operation.
|
|
|
|
The overall algorithm breaks the operation into 3 phases: (look at
|
|
attach_recursive_mnt() and propagate_mnt())
|
|
|
|
1. prepare phase.
|
|
2. commit phases.
|
|
3. abort phases.
|
|
|
|
Prepare phase:
|
|
|
|
for each mount in the source tree:
|
|
a) Create the necessary number of mount trees to
|
|
be attached to each of the mounts that receive
|
|
propagation from the destination mount.
|
|
b) Do not attach any of the trees to its destination.
|
|
However note down its ->mnt_parent and ->mnt_mountpoint
|
|
c) Link all the new mounts to form a propagation tree that
|
|
is identical to the propagation tree of the destination
|
|
mount.
|
|
|
|
If this phase is successful, there should be 'n' new
|
|
propagation trees; where 'n' is the number of mounts in the
|
|
source tree. Go to the commit phase
|
|
|
|
Also there should be 'm' new mount trees, where 'm' is
|
|
the number of mounts to which the destination mount
|
|
propagates to.
|
|
|
|
if any memory allocations fail, go to the abort phase.
|
|
|
|
Commit phase
|
|
attach each of the mount trees to their corresponding
|
|
destination mounts.
|
|
|
|
Abort phase
|
|
delete all the newly created trees.
|
|
|
|
NOTE: all the propagation related functionality resides in the file
|
|
pnode.c
|
|
|
|
|
|
------------------------------------------------------------------------
|
|
|
|
version 0.1 (created the initial document, Ram Pai linuxram@us.ibm.com)
|
|
version 0.2 (Incorporated comments from Al Viro)
|