1
2Making Filesystems Exportable
3=============================
4
5Overview
6--------
7
8All filesystem operations require a dentry (or two) as a starting
9point.  Local applications have a reference-counted hold on suitable
10dentries via open file descriptors or cwd/root.  However remote
11applications that access a filesystem via a remote filesystem protocol
12such as NFS may not be able to hold such a reference, and so need a
13different way to refer to a particular dentry.  As the alternative
14form of reference needs to be stable across renames, truncates, and
15server-reboot (among other things, though these tend to be the most
16problematic), there is no simple answer like 'filename'.
17
18The mechanism discussed here allows each filesystem implementation to
19specify how to generate an opaque (outside of the filesystem) byte
20string for any dentry, and how to find an appropriate dentry for any
21given opaque byte string.
22This byte string will be called a "filehandle fragment" as it
23corresponds to part of an NFS filehandle.
24
25A filesystem which supports the mapping between filehandle fragments
26and dentries will be termed "exportable".
27
28
29
30Dcache Issues
31-------------
32
33The dcache normally contains a proper prefix of any given filesystem
34tree.  This means that if any filesystem object is in the dcache, then
35all of the ancestors of that filesystem object are also in the dcache.
36As normal access is by filename this prefix is created naturally and
37maintained easily (by each object maintaining a reference count on
38its parent).
39
40However when objects are included into the dcache by interpreting a
41filehandle fragment, there is no automatic creation of a path prefix
42for the object.  This leads to two related but distinct features of
43the dcache that are not needed for normal filesystem access.
44
451/ The dcache must sometimes contain objects that are not part of the
46   proper prefix. i.e that are not connected to the root.
472/ The dcache must be prepared for a newly found (via ->lookup) directory
48   to already have a (non-connected) dentry, and must be able to move
49   that dentry into place (based on the parent and name in the
50   ->lookup).   This is particularly needed for directories as
51   it is a dcache invariant that directories only have one dentry.
52
53To implement these features, the dcache has:
54
55a/ A dentry flag DCACHE_DISCONNECTED which is set on
56   any dentry that might not be part of the proper prefix.
57   This is set when anonymous dentries are created, and cleared when a
58   dentry is noticed to be a child of a dentry which is in the proper
59   prefix.  If the refcount on a dentry with this flag set
60   becomes zero, the dentry is immediately discarded, rather than being
61   kept in the dcache.  If a dentry that is not already in the dcache
62   is repeatedly accessed by filehandle (as NFSD might do), an new dentry
63   will be a allocated for each access, and discarded at the end of
64   the access.
65
66   Note that such a dentry can acquire children, name, ancestors, etc.
67   without losing DCACHE_DISCONNECTED - that flag is only cleared when
68   subtree is successfully reconnected to root.  Until then dentries
69   in such subtree are retained only as long as there are references;
70   refcount reaching zero means immediate eviction, same as for unhashed
71   dentries.  That guarantees that we won't need to hunt them down upon
72   umount.
73
74b/ A primitive for creation of secondary roots - d_obtain_root(inode).
75   Those do _not_ bear DCACHE_DISCONNECTED.  They are placed on the
76   per-superblock list (->s_roots), so they can be located at umount
77   time for eviction purposes.
78
79c/ Helper routines to allocate anonymous dentries, and to help attach
80   loose directory dentries at lookup time. They are:
81    d_obtain_alias(inode) will return a dentry for the given inode.
82      If the inode already has a dentry, one of those is returned.
83      If it doesn't, a new anonymous (IS_ROOT and
84        DCACHE_DISCONNECTED) dentry is allocated and attached.
85      In the case of a directory, care is taken that only one dentry
86      can ever be attached.
87    d_splice_alias(inode, dentry) will introduce a new dentry into the tree;
88      either the passed-in dentry or a preexisting alias for the given inode
89      (such as an anonymous one created by d_obtain_alias), if appropriate.
90      It returns NULL when the passed-in dentry is used, following the calling
91      convention of ->lookup.
92
93Filesystem Issues
94-----------------
95
96For a filesystem to be exportable it must:
97
98   1/ provide the filehandle fragment routines described below.
99   2/ make sure that d_splice_alias is used rather than d_add
100      when ->lookup finds an inode for a given parent and name.
101
102      If inode is NULL, d_splice_alias(inode, dentry) is equivalent to
103
104		d_add(dentry, inode), NULL
105
106      Similarly, d_splice_alias(ERR_PTR(err), dentry) = ERR_PTR(err)
107
108      Typically the ->lookup routine will simply end with a:
109
110		return d_splice_alias(inode, dentry);
111	}
112
113
114
115  A file system implementation declares that instances of the filesystem
116are exportable by setting the s_export_op field in the struct
117super_block.  This field must point to a "struct export_operations"
118struct which has the following members:
119
120 encode_fh  (optional)
121    Takes a dentry and creates a filehandle fragment which can later be used
122    to find or create a dentry for the same object.  The default
123    implementation creates a filehandle fragment that encodes a 32bit inode
124    and generation number for the inode encoded, and if necessary the
125    same information for the parent.
126
127  fh_to_dentry (mandatory)
128    Given a filehandle fragment, this should find the implied object and
129    create a dentry for it (possibly with d_obtain_alias).
130
131  fh_to_parent (optional but strongly recommended)
132    Given a filehandle fragment, this should find the parent of the
133    implied object and create a dentry for it (possibly with
134    d_obtain_alias).  May fail if the filehandle fragment is too small.
135
136  get_parent (optional but strongly recommended)
137    When given a dentry for a directory, this should return  a dentry for
138    the parent.  Quite possibly the parent dentry will have been allocated
139    by d_alloc_anon.  The default get_parent function just returns an error
140    so any filehandle lookup that requires finding a parent will fail.
141    ->lookup("..") is *not* used as a default as it can leave ".." entries
142    in the dcache which are too messy to work with.
143
144  get_name (optional)
145    When given a parent dentry and a child dentry, this should find a name
146    in the directory identified by the parent dentry, which leads to the
147    object identified by the child dentry.  If no get_name function is
148    supplied, a default implementation is provided which uses vfs_readdir
149    to find potential names, and matches inode numbers to find the correct
150    match.
151
152
153A filehandle fragment consists of an array of 1 or more 4byte words,
154together with a one byte "type".
155The decode_fh routine should not depend on the stated size that is
156passed to it.  This size may be larger than the original filehandle
157generated by encode_fh, in which case it will have been padded with
158nuls.  Rather, the encode_fh routine should choose a "type" which
159indicates the decode_fh how much of the filehandle is valid, and how
160it should be interpreted.
161