From owner-freebsd-arch@FreeBSD.ORG Tue Dec 21 21:17:00 2004 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E7CB716A4CE; Tue, 21 Dec 2004 21:17:00 +0000 (GMT) Received: from critter.freebsd.dk (f170.freebsd.dk [212.242.86.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id D4BA743D1D; Tue, 21 Dec 2004 21:16:57 +0000 (GMT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.13.1/8.13.1) with ESMTP id iBLLGrX1084302; Tue, 21 Dec 2004 22:16:54 +0100 (CET) (envelope-from phk@critter.freebsd.dk) To: Kirk McKusick From: "Poul-Henning Kamp" In-Reply-To: Your message of "Tue, 21 Dec 2004 12:29:00 PST." <200412212029.iBLKT05S044869@beastie.mckusick.com> Date: Tue, 21 Dec 2004 22:16:53 +0100 Message-ID: <84301.1103663813@critter.freebsd.dk> Sender: phk@critter.freebsd.dk cc: arch@freebsd.org cc: Robert Watson Subject: Re: Forcefully unmounting devfs... X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Dec 2004 21:17:01 -0000 In message <200412212029.iBLKT05S044869@beastie.mckusick.com>, Kirk McKusick wr ites: >Poul-Henning is correct. To elaborate, the operations vector for device >vnodes have historivcally been built up from a mix of specfs opertions >which deal with the mechanics of doing I/O (read, write, strategy, ioctl, >etc) and the containing filesystem (UFS, NFS) operations for naming (open, >stat, chown, chmod, rename, etc). When the containing filesystem is >forcibly unmounted, the naming operations are stripped away leaving >only the I/O operations. Thus read, write, strategy, and such continue >to work, but name related operations on the descriptor (fstat, fchown, >fchmod, etc) will fail as the underlying naming operations are gone. >I still believe that this is a reasonable approach as it lets things >like the disk continue to operate when an unmount is done. But the question in my mind is: do we really want disks/devices to continue working if we forcefully unmount a devfs instance ? Today, the main if not only use for multiple devfs instances are chroot/jail, and if I wear my jail-warden uniform for a moment, I would expect that a forceful unmount of /some/jail/dev would mean "just kill anything that prevents me from doing a normal umount of this devfs instance". Problem with that is that we get into cascading forced unmounts, which I in my jail warden outfit would love to just Do The Right Thing, but as a kernel hacker I know how many panics are just waiting for that to happen... So as I see it, we have to possible ways it can work: Either disable forceful unmount of devfs, which makes sense from KISS and many other principles, and then jail wardens will have to find other ways to clean up their jails Or make forceful unmounts kill any process which holds it busy, unmount any filesystem using a device from it and then clean up and leave. The one option I don't like is: unmount and leave all sorts of stuff in weird intermediate states from which the administrator may not be able to recover. The more I think about it, the more I lean towards the first option. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.