From: Christian Brauner <brauner@kernel.org>
To: Jan Kara <jack@suse.cz>
Cc: Zdenek Kabelac <zkabelac@redhat.com>,
Mikulas Patocka <mpatocka@redhat.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
dm-devel@redhat.com, Christoph Hellwig <hch@lst.de>,
"Darrick J. Wong" <djwong@kernel.org>
Subject: Re: [PATCH] fix writing to the filesystem after unmount
Date: Fri, 8 Sep 2023 14:02:38 +0200 [thread overview]
Message-ID: <20230908-verflachen-neudefinition-4da649d673a9@brauner> (raw)
In-Reply-To: <20230908102014.xgtcf5wth2l2cwup@quack3>
> Well, currently you click some "Eject / safely remove / whatever" button
> and then you get a "wait" dialog until everything is done after which
> you're told the stick is safe to remove. What I imagine is that the "wait"
> dialog needs to be there while there are any (or exclusive at minimum) openers
> of the device. Not until umount(2) syscall has returned. And yes, the
Agreed. umount(2) doesn't give guarantees about a filesystem being
really gone once it has returned. And it really shouldn't. There's too
many cases where that doesn't work and it's not a commitment we should
make.
And there are ways to wait until superblock shutdown that I've mentioned
before in other places where it somehow really matters. inotify's
IN_UMOUNT will notify about superblock shutdown. IOW, when it really
hits generic_shutdown_super() which can only be hit after unfreezing as
that requires active references.
So this really can be used to wait for a filesystem to go away across
all namespaces, and across filesytem freezing and it's available to
unprivileged users. Simple example:
# shell 1
sudo mount -t xfs /dev/sda /mnt
sudo mount --bind /mnt /opt
inotifywait -e unmount /mnt
#shell 2
sudo umount /opt # nothing happens in shell 1
sudo umount /mnt # shell 1 gets woken
> corner-cases. So does the current behavior, I agree, but improving
> situation for one usecase while breaking another usecase isn't really a way
> forward...
Agreed.
> Well, the filesystem (struct superblock to be exact) is invisible in
> /proc/mounts (or whatever), that is true. But it is still very much
> associated with that block device and if you do 'mount <device>
> <mntpoint>', you'll get it back. But yes, the filesystem will not go away
And now we at least have an api to detect that case and refuse to reuse
the superblock.
> until all references to it are dropped and you cannot easily find who holds
> those references and how to get rid of them.
Namespaces make this even messier. You have no easy way of knowing
whether the filesystem isn't pinned somewhere else through an explicit
bind-mount or when it was copied during mount namespace creation.
next prev parent reply other threads:[~2023-09-08 12:02 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-06 13:26 [PATCH] fix writing to the filesystem after unmount Mikulas Patocka
2023-09-06 14:27 ` Christian Brauner
2023-09-06 15:03 ` Mikulas Patocka
2023-09-06 15:33 ` Christian Brauner
2023-09-06 15:58 ` Christian Brauner
2023-09-06 16:01 ` Mikulas Patocka
2023-09-06 16:19 ` Christian Brauner
2023-09-06 16:52 ` Mikulas Patocka
2023-09-07 9:44 ` Jan Kara
2023-09-07 10:43 ` Christian Brauner
2023-09-07 12:04 ` Mikulas Patocka
2023-09-08 7:32 ` Jan Kara
2023-09-08 9:29 ` Zdenek Kabelac
2023-09-08 10:20 ` Jan Kara
2023-09-08 12:02 ` Christian Brauner [this message]
2023-09-08 16:49 ` John Stoffel
2023-09-09 11:21 ` Christoph Hellwig
[not found] ` <15c62097-d58f-4e66-bdf5-e0edb1306b2f@redhat.com>
2023-09-08 11:32 ` Christian Brauner
2023-09-08 12:07 ` Zdenek Kabelac
2023-09-08 12:34 ` Christian Brauner
2023-09-12 9:10 ` Jan Kara
2023-09-08 12:01 ` Pavel Machek
2023-09-08 11:59 ` Pavel Machek
2023-09-06 17:10 ` Al Viro
2023-09-06 17:08 ` Al Viro
2023-09-06 15:22 ` Darrick J. Wong
2023-09-06 15:38 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230908-verflachen-neudefinition-4da649d673a9@brauner \
--to=brauner@kernel.org \
--cc=djwong@kernel.org \
--cc=dm-devel@redhat.com \
--cc=hch@lst.de \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=viro@zeniv.linux.org.uk \
--cc=zkabelac@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).