From: Christian Brauner <brauner@kernel.org>
To: "Darrick J. Wong" <djwong@kernel.org>
Cc: Luis Henriques <luis@igalia.com>,
Miklos Szeredi <miklos@szeredi.hu>,
Bernd Schubert <bschubert@ddn.com>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC] Another take at restarting FUSE servers
Date: Mon, 4 Aug 2025 10:45:44 +0200 [thread overview]
Message-ID: <20250804-lesezeichen-kugel-7a8b7053d236@brauner> (raw)
In-Reply-To: <20250731172946.GK2672070@frogsfrogsfrogs>
On Thu, Jul 31, 2025 at 10:29:46AM -0700, Darrick J. Wong wrote:
> On Thu, Jul 31, 2025 at 01:33:09PM +0200, Christian Brauner wrote:
> > On Wed, Jul 30, 2025 at 03:04:00PM +0100, Luis Henriques wrote:
> > > Hi Darrick,
> > >
> > > On Tue, Jul 29 2025, Darrick J. Wong wrote:
> > >
> > > > On Tue, Jul 29, 2025 at 02:56:02PM +0100, Luis Henriques wrote:
> > > >> Hi!
> > > >>
> > > >> I know this has been discussed several times in several places, and the
> > > >> recent(ish) addition of NOTIFY_RESEND is an important step towards being
> > > >> able to restart a user-space FUSE server.
> > > >>
> > > >> While looking at how to restart a server that uses the libfuse lowlevel
> > > >> API, I've created an RFC pull request [1] to understand whether adding
> > > >> support for this operation would be something acceptable in the project.
> > > >
> > > > Just speaking for fuse2fs here -- that would be kinda nifty if libfuse
> > > > could restart itself. It's unclear if doing so will actually enable us
> > > > to clear the condition that caused the failure in the first place, but I
> > > > suppose fuse2fs /does/ have e2fsck -fy at hand. So maybe restarts
> > > > aren't totally crazy.
> > >
> > > Maybe my PR lacks a bit of ambition -- it's goal wasn't to have libfuse do
> > > the restart itself. Instead, it simply adds some visibility into the
> > > opaque data structures so that a FUSE server could re-initialise a session
> > > without having to go through a full remount.
> > >
> > > But sure, there are other things that could be added to the library as
> > > well. For example, in my current experiments, the FUSE server needs start
> > > some sort of "file descriptor server" to keep the fd alive for the
> > > restart. This daemon could be optionally provided in libfuse itself,
> > > which could also be used to store all sorts of blobs needed by the file
> > > system after recovery is done.
> >
> > Fwiw, for most use-cases you really just want to use systemd's file
> > descriptor store to persist the /dev/fuse connection:
> > https://systemd.io/FILE_DESCRIPTOR_STORE/
>
> Very nice! This is exactly what I was looking for to handle the initial
> setup, so I'm glad I don't have to go design a protocol around that.
>
> > >
> > > >> The PR doesn't do anything sophisticated, it simply hacks into the opaque
> > > >> libfuse data structures so that a server could set some of the sessions'
> > > >> fields.
> > > >>
> > > >> So, a FUSE server simply has to save the /dev/fuse file descriptor and
> > > >> pass it to libfuse while recovering, after a restart or a crash. The
> > > >> mentioned NOTIFY_RESEND should be used so that no requests are lost, of
> > > >> course. And there are probably other data structures that user-space file
> > > >> systems will have to keep track as well, so that everything can be
> > > >> restored. (The parameters set in the INIT phase, for example.)
> > > >
> > > > Yeah, I don't know how that would work in practice. Would the kernel
> > > > send back the old connection flags and whatnot via some sort of
> > > > FUSE_REINIT request, and the fuse server can either decide that it will
> > > > try to recover, or just bail out?
> > >
> > > That would be an option. But my current idea would be that the server
> > > would need to store those somewhere and simply assume they are still OK
> >
> > The fdstore currently allows to associate a name with a file descriptor
> > in the fdstore. That name would allow you to associate the options with
> > the fuse connection. However, I would not rule it out that additional
> > metadata could be attached to file descriptors in the fdstore if that's
> > something that's needed.
>
> Names are useful, I'd at least want "fusedev", "fsopen", and "device".
>
> If someone passed "journal_dev=/dev/sdaX" to fuse2fs then I'd want it to
> be able to tell mountfsd "Hey, can you also open /dev/sdaX and put it in
> the store as 'journal_dev'?" Then it just has to wait until the fd shows
> up, and it can continue with the mount process.
>
> Though the "device" argument needn't be a path, so to be fully general
> mountfsd and the fuse server would have to handshake that as well.
Fwiw, to attach arbitrary metadata to a file descriptor the easiest
thing to do would be to stash both a (fuse server) file descriptor and
then also a memfd via memfd_create() that e.g., can contain all the
server options that you want to store.
next prev parent reply other threads:[~2025-08-04 8:45 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-29 13:56 [RFC] Another take at restarting FUSE servers Luis Henriques
2025-07-29 23:38 ` Darrick J. Wong
2025-07-30 14:04 ` Luis Henriques
2025-07-31 11:33 ` Christian Brauner
2025-07-31 12:23 ` Luis Henriques
2025-07-31 17:29 ` Darrick J. Wong
2025-08-04 8:45 ` Christian Brauner [this message]
2025-08-12 19:28 ` Darrick J. Wong
2025-07-31 13:04 ` Theodore Ts'o
2025-07-31 17:38 ` Darrick J. Wong
2025-08-01 10:15 ` Luis Henriques
2025-08-11 15:43 ` Darrick J. Wong
2025-08-13 13:14 ` Luis Henriques
2025-09-12 10:31 ` Bernd Schubert
2025-09-12 11:41 ` Amir Goldstein
2025-09-12 12:29 ` Bernd Schubert
2025-09-12 14:58 ` Darrick J. Wong
2025-09-12 15:20 ` Bernd Schubert
2025-09-15 4:43 ` Darrick J. Wong
2025-09-15 7:07 ` Amir Goldstein
2025-09-15 8:27 ` Bernd Schubert
2025-09-15 8:41 ` Amir Goldstein
2025-09-16 2:53 ` Darrick J. Wong
2025-09-16 7:59 ` Amir Goldstein
2025-09-18 17:50 ` Darrick J. Wong
2025-11-04 11:40 ` Luis Henriques
2025-11-04 13:10 ` Amir Goldstein
2025-11-04 14:52 ` Luis Henriques
2025-11-05 10:21 ` Amir Goldstein
2025-11-05 11:50 ` Luis Henriques
2025-11-05 15:30 ` Amir Goldstein
2025-11-05 21:38 ` Darrick J. Wong
2025-11-05 21:46 ` Bernd Schubert
2025-11-05 22:06 ` Bernd Schubert
2025-11-05 22:24 ` Bernd Schubert
2025-11-05 22:42 ` Darrick J. Wong
2025-11-05 22:48 ` Bernd Schubert
2025-11-06 0:21 ` Darrick J. Wong
2025-11-06 10:13 ` Amir Goldstein
2025-11-06 15:12 ` Luis Henriques
2025-11-06 15:58 ` Luis Henriques
2025-11-06 15:49 ` Darrick J. Wong
2025-11-06 16:08 ` Stef Bon
2025-11-07 9:25 ` Luis Henriques
2025-11-10 8:20 ` Stef Bon
2025-11-06 16:11 ` Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250804-lesezeichen-kugel-7a8b7053d236@brauner \
--to=brauner@kernel.org \
--cc=bschubert@ddn.com \
--cc=djwong@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luis@igalia.com \
--cc=miklos@szeredi.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).