OSCL-LXR linux-6.0.1/​Documentation/​filesystems/​autofs-mount-control.rst	Source navigation Diff markup Identifier search General search
	Version: linux-6.0.1 spark-3.0.0 hadoop-3.2.0-src hadoop-3.3.0-src spark-2.4.7 linux-4.15.13 hadoop-2.7.4-src Revert   Change

 .. SPDX-License-Identifier: GPL-2.0
 
 ====================================================================
 Miscellaneous Device control operations for the autofs kernel module
 ====================================================================
 
 The problem
 ===========
 
 There is a problem with active restarts in autofs (that is to say
 restarting autofs when there are busy mounts).
 
 During normal operation autofs uses a file descriptor opened on the
 directory that is being managed in order to be able to issue control
 operations. Using a file descriptor gives ioctl operations access to
 autofs specific information stored in the super block. The operations
 are things such as setting an autofs mount catatonic, setting the
 expire timeout and requesting expire checks. As is explained below,
 certain types of autofs triggered mounts can end up covering an autofs
 mount itself which prevents us being able to use open(2) to obtain a
 file descriptor for these operations if we don't already have one open.
 
 Currently autofs uses "umount -l" (lazy umount) to clear active mounts
 at restart. While using lazy umount works for most cases, anything that
 needs to walk back up the mount tree to construct a path, such as
 getcwd(2) and the proc file system /proc/<pid>/cwd, no longer works
 because the point from which the path is constructed has been detached
 from the mount tree.
 
 The actual problem with autofs is that it can't reconnect to existing
 mounts. Immediately one thinks of just adding the ability to remount
 autofs file systems would solve it, but alas, that can't work. This is
 because autofs direct mounts and the implementation of "on demand mount
 and expire" of nested mount trees have the file system mounted directly
 on top of the mount trigger directory dentry.
 
 For example, there are two types of automount maps, direct (in the kernel
 module source you will see a third type called an offset, which is just
 a direct mount in disguise) and indirect.
 
 Here is a master map with direct and indirect map entries::
 
     /-      /etc/auto.direct
     /test   /etc/auto.indirect
 
 and the corresponding map files::
 
     /etc/auto.direct:
 
     /automount/dparse/g6  budgie:/autofs/export1
     /automount/dparse/g1  shark:/autofs/export1
     and so on.
 
 /etc/auto.indirect::
 
     g1    shark:/autofs/export1
     g6    budgie:/autofs/export1
     and so on.
 
 For the above indirect map an autofs file system is mounted on /test and
 mounts are triggered for each sub-directory key by the inode lookup
 operation. So we see a mount of shark:/autofs/export1 on /test/g1, for
 example.
 
 The way that direct mounts are handled is by making an autofs mount on
 each full path, such as /automount/dparse/g1, and using it as a mount
 trigger. So when we walk on the path we mount shark:/autofs/export1 "on
 top of this mount point". Since these are always directories we can
 use the follow_link inode operation to trigger the mount.
 
 But, each entry in direct and indirect maps can have offsets (making
 them multi-mount map entries).
 
 For example, an indirect mount map entry could also be::
 
     g1  \
     /        shark:/autofs/export5/testing/test \
     /s1      shark:/autofs/export/testing/test/s1 \
     /s2      shark:/autofs/export5/testing/test/s2 \
     /s1/ss1  shark:/autofs/export1 \
     /s2/ss2  shark:/autofs/export2
 
 and a similarly a direct mount map entry could also be::
 
     /automount/dparse/g1 \
         /       shark:/autofs/export5/testing/test \
         /s1     shark:/autofs/export/testing/test/s1 \
         /s2     shark:/autofs/export5/testing/test/s2 \
         /s1/ss1 shark:/autofs/export2 \
         /s2/ss2 shark:/autofs/export2
 
 One of the issues with version 4 of autofs was that, when mounting an
 entry with a large number of offsets, possibly with nesting, we needed
 to mount and umount all of the offsets as a single unit. Not really a
 problem, except for people with a large number of offsets in map entries.
 This mechanism is used for the well known "hosts" map and we have seen
 cases (in 2.4) where the available number of mounts are exhausted or
 where the number of privileged ports available is exhausted.
 
 In version 5 we mount only as we go down the tree of offsets and
 similarly for expiring them which resolves the above problem. There is
 somewhat more detail to the implementation but it isn't needed for the
 sake of the problem explanation. The one important detail is that these
 offsets are implemented using the same mechanism as the direct mounts
 above and so the mount points can be covered by a mount.
 
 The current autofs implementation uses an ioctl file descriptor opened
 on the mount point for control operations. The references held by the
 descriptor are accounted for in checks made to determine if a mount is
 in use and is also used to access autofs file system information held
 in the mount super block. So the use of a file handle needs to be
 retained.
 
 
 The Solution
 ============
 
 To be able to restart autofs leaving existing direct, indirect and
 offset mounts in place we need to be able to obtain a file handle
 for these potentially covered autofs mount points. Rather than just
 implement an isolated operation it was decided to re-implement the
 existing ioctl interface and add new operations to provide this
 functionality.
 
 In addition, to be able to reconstruct a mount tree that has busy mounts,
 the uid and gid of the last user that triggered the mount needs to be
 available because these can be used as macro substitution variables in
 autofs maps. They are recorded at mount request time and an operation
 has been added to retrieve them.
 
 Since we're re-implementing the control interface, a couple of other
 problems with the existing interface have been addressed. First, when
 a mount or expire operation completes a status is returned to the
 kernel by either a "send ready" or a "send fail" operation. The
 "send fail" operation of the ioctl interface could only ever send
 ENOENT so the re-implementation allows user space to send an actual
 status. Another expensive operation in user space, for those using
 very large maps, is discovering if a mount is present. Usually this
 involves scanning /proc/mounts and since it needs to be done quite
 often it can introduce significant overhead when there are many entries
 in the mount table. An operation to lookup the mount status of a mount
 point dentry (covered or not) has also been added.
 
 Current kernel development policy recommends avoiding the use of the
 ioctl mechanism in favor of systems such as Netlink. An implementation
 using this system was attempted to evaluate its suitability and it was
 found to be inadequate, in this case. The Generic Netlink system was
 used for this as raw Netlink would lead to a significant increase in
 complexity. There's no question that the Generic Netlink system is an
 elegant solution for common case ioctl functions but it's not a complete
 replacement probably because its primary purpose in life is to be a
 message bus implementation rather than specifically an ioctl replacement.
 While it would be possible to work around this there is one concern
 that lead to the decision to not use it. This is that the autofs
 expire in the daemon has become far to complex because umount
 candidates are enumerated, almost for no other reason than to "count"
 the number of times to call the expire ioctl. This involves scanning
 the mount table which has proved to be a big overhead for users with
 large maps. The best way to improve this is try and get back to the
 way the expire was done long ago. That is, when an expire request is
 issued for a mount (file handle) we should continually call back to
 the daemon until we can't umount any more mounts, then return the
 appropriate status to the daemon. At the moment we just expire one
 mount at a time. A Generic Netlink implementation would exclude this
 possibility for future development due to the requirements of the
 message bus architecture.
 
 
 autofs Miscellaneous Device mount control interface
 ====================================================
 
 The control interface is opening a device node, typically /dev/autofs.
 
 All the ioctls use a common structure to pass the needed parameter
 information and return operation results::
 
     struct autofs_dev_ioctl {
             __u32 ver_major;
             __u32 ver_minor;
             __u32 size;             /* total size of data passed in
                                     * including this struct */
             __s32 ioctlfd;          /* automount command fd */
 
             /* Command parameters */
             union {
                     struct args_protover                protover;
                     struct args_protosubver             protosubver;
                     struct args_openmount               openmount;
                     struct args_ready           ready;
                     struct args_fail            fail;
                     struct args_setpipefd               setpipefd;
                     struct args_timeout         timeout;
                     struct args_requester               requester;
                     struct args_expire          expire;
                     struct args_askumount               askumount;
                     struct args_ismountpoint    ismountpoint;
             };
 
             char path[0];
     };
 
 The ioctlfd field is a mount point file descriptor of an autofs mount
 point. It is returned by the open call and is used by all calls except
 the check for whether a given path is a mount point, where it may
 optionally be used to check a specific mount corresponding to a given
 mount point file descriptor, and when requesting the uid and gid of the
 last successful mount on a directory within the autofs file system.
 
 The union is used to communicate parameters and results of calls made
 as described below.
 
 The path field is used to pass a path where it is needed and the size field
 is used account for the increased structure length when translating the
 structure sent from user space.
 
 This structure can be initialized before setting specific fields by using
 the void function call init_autofs_dev_ioctl(``struct autofs_dev_ioctl *``).
 
 All of the ioctls perform a copy of this structure from user space to
 kernel space and return -EINVAL if the size parameter is smaller than
 the structure size itself, -ENOMEM if the kernel memory allocation fails
 or -EFAULT if the copy itself fails. Other checks include a version check
 of the compiled in user space version against the module version and a
 mismatch results in a -EINVAL return. If the size field is greater than
 the structure size then a path is assumed to be present and is checked to
 ensure it begins with a "/" and is NULL terminated, otherwise -EINVAL is
 returned. Following these checks, for all ioctl commands except
 AUTOFS_DEV_IOCTL_VERSION_CMD, AUTOFS_DEV_IOCTL_OPENMOUNT_CMD and
 AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD the ioctlfd is validated and if it is
 not a valid descriptor or doesn't correspond to an autofs mount point
 an error of -EBADF, -ENOTTY or -EINVAL (not an autofs descriptor) is
 returned.
 
 
 The ioctls
 ==========
 
 An example of an implementation which uses this interface can be seen
 in autofs version 5.0.4 and later in file lib/dev-ioctl-lib.c of the
 distribution tar available for download from kernel.org in directory
 /pub/linux/daemons/autofs/v5.
 
 The device node ioctl operations implemented by this interface are:
 
 
 AUTOFS_DEV_IOCTL_VERSION
 ------------------------
 
 Get the major and minor version of the autofs device ioctl kernel module
 implementation. It requires an initialized struct autofs_dev_ioctl as an
 input parameter and sets the version information in the passed in structure.
 It returns 0 on success or the error -EINVAL if a version mismatch is
 detected.
 
 
 AUTOFS_DEV_IOCTL_PROTOVER_CMD and AUTOFS_DEV_IOCTL_PROTOSUBVER_CMD
 ------------------------------------------------------------------
 
 Get the major and minor version of the autofs protocol version understood
 by loaded module. This call requires an initialized struct autofs_dev_ioctl
 with the ioctlfd field set to a valid autofs mount point descriptor
 and sets the requested version number in version field of struct args_protover
 or sub_version field of struct args_protosubver. These commands return
 0 on success or one of the negative error codes if validation fails.
 
 
 AUTOFS_DEV_IOCTL_OPENMOUNT and AUTOFS_DEV_IOCTL_CLOSEMOUNT
 ----------------------------------------------------------
 
 Obtain and release a file descriptor for an autofs managed mount point
 path. The open call requires an initialized struct autofs_dev_ioctl with
 the path field set and the size field adjusted appropriately as well
 as the devid field of struct args_openmount set to the device number of
 the autofs mount. The device number can be obtained from the mount options
 shown in /proc/mounts. The close call requires an initialized struct
 autofs_dev_ioct with the ioctlfd field set to the descriptor obtained
 from the open call. The release of the file descriptor can also be done
 with close(2) so any open descriptors will also be closed at process exit.
 The close call is included in the implemented operations largely for
 completeness and to provide for a consistent user space implementation.
 
 
 AUTOFS_DEV_IOCTL_READY_CMD and AUTOFS_DEV_IOCTL_FAIL_CMD
 --------------------------------------------------------
 
 Return mount and expire result status from user space to the kernel.
 Both of these calls require an initialized struct autofs_dev_ioctl
 with the ioctlfd field set to the descriptor obtained from the open
 call and the token field of struct args_ready or struct args_fail set
 to the wait queue token number, received by user space in the foregoing
 mount or expire request. The status field of struct args_fail is set to
 the errno of the operation. It is set to 0 on success.
 
 
 AUTOFS_DEV_IOCTL_SETPIPEFD_CMD
 ------------------------------
 
 Set the pipe file descriptor used for kernel communication to the daemon.
 Normally this is set at mount time using an option but when reconnecting
 to a existing mount we need to use this to tell the autofs mount about
 the new kernel pipe descriptor. In order to protect mounts against
 incorrectly setting the pipe descriptor we also require that the autofs
 mount be catatonic (see next call).
 
 The call requires an initialized struct autofs_dev_ioctl with the
 ioctlfd field set to the descriptor obtained from the open call and
 the pipefd field of struct args_setpipefd set to descriptor of the pipe.
 On success the call also sets the process group id used to identify the
 controlling process (eg. the owning automount(8) daemon) to the process
 group of the caller.
 
 
 AUTOFS_DEV_IOCTL_CATATONIC_CMD
 ------------------------------
 
 Make the autofs mount point catatonic. The autofs mount will no longer
 issue mount requests, the kernel communication pipe descriptor is released
 and any remaining waits in the queue released.
 
 The call requires an initialized struct autofs_dev_ioctl with the
 ioctlfd field set to the descriptor obtained from the open call.
 
 
 AUTOFS_DEV_IOCTL_TIMEOUT_CMD
 ----------------------------
 
 Set the expire timeout for mounts within an autofs mount point.
 
 The call requires an initialized struct autofs_dev_ioctl with the
 ioctlfd field set to the descriptor obtained from the open call.
 
 
 AUTOFS_DEV_IOCTL_REQUESTER_CMD
 ------------------------------
 
 Return the uid and gid of the last process to successfully trigger a the
 mount on the given path dentry.
 
 The call requires an initialized struct autofs_dev_ioctl with the path
 field set to the mount point in question and the size field adjusted
 appropriately. Upon return the uid field of struct args_requester contains
 the uid and gid field the gid.
 
 When reconstructing an autofs mount tree with active mounts we need to
 re-connect to mounts that may have used the original process uid and
 gid (or string variations of them) for mount lookups within the map entry.
 This call provides the ability to obtain this uid and gid so they may be
 used by user space for the mount map lookups.
 
 
 AUTOFS_DEV_IOCTL_EXPIRE_CMD
 ---------------------------
 
 Issue an expire request to the kernel for an autofs mount. Typically
 this ioctl is called until no further expire candidates are found.
 
 The call requires an initialized struct autofs_dev_ioctl with the
 ioctlfd field set to the descriptor obtained from the open call. In
 addition an immediate expire that's independent of the mount timeout,
 and a forced expire that's independent of whether the mount is busy,
 can be requested by setting the how field of struct args_expire to
 AUTOFS_EXP_IMMEDIATE or AUTOFS_EXP_FORCED, respectively . If no
 expire candidates can be found the ioctl returns -1 with errno set to
 EAGAIN.
 
 This call causes the kernel module to check the mount corresponding
 to the given ioctlfd for mounts that can be expired, issues an expire
 request back to the daemon and waits for completion.
 
 AUTOFS_DEV_IOCTL_ASKUMOUNT_CMD
 ------------------------------
 
 Checks if an autofs mount point is in use.
 
 The call requires an initialized struct autofs_dev_ioctl with the
 ioctlfd field set to the descriptor obtained from the open call and
 it returns the result in the may_umount field of struct args_askumount,
 1 for busy and 0 otherwise.
 
 
 AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD
 ---------------------------------
 
 Check if the given path is a mountpoint.
 
 The call requires an initialized struct autofs_dev_ioctl. There are two
 possible variations. Both use the path field set to the path of the mount
 point to check and the size field adjusted appropriately. One uses the
 ioctlfd field to identify a specific mount point to check while the other
 variation uses the path and optionally in.type field of struct args_ismountpoint
 set to an autofs mount type. The call returns 1 if this is a mount point
 and sets out.devid field to the device number of the mount and out.magic
 field to the relevant super block magic number (described below) or 0 if
 it isn't a mountpoint. In both cases the device number (as returned
 by new_encode_dev()) is returned in out.devid field.
 
 If supplied with a file descriptor we're looking for a specific mount,
 not necessarily at the top of the mounted stack. In this case the path
 the descriptor corresponds to is considered a mountpoint if it is itself
 a mountpoint or contains a mount, such as a multi-mount without a root
 mount. In this case we return 1 if the descriptor corresponds to a mount
 point and also returns the super magic of the covering mount if there
 is one or 0 if it isn't a mountpoint.
 
 If a path is supplied (and the ioctlfd field is set to -1) then the path
 is looked up and is checked to see if it is the root of a mount. If a
 type is also given we are looking for a particular autofs mount and if
 a match isn't found a fail is returned. If the located path is the
 root of a mount 1 is returned along with the super magic of the mount
 or 0 otherwise.

This page was automatically generated by the 2.1.0 LXR engine. The LXR team