facebook/sapling
1
1
Fork 0
mirror of https://github.com/facebook/sapling.git synced 2024-10-10 16:57:49 +03:00
Code Issues Projects Releases Wiki Activity
11bc6db291
sapling/eden/fs/fuse/FuseChannel.h

598 lines
20 KiB
C
Raw Normal View History

re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
/*
update license headers in C++ files Summary: Update the copyright & license headers in C++ files to reflect the relicensing to GPLv2 Reviewed By: wez Differential Revision: D15487078 fbshipit-source-id: 19f24c933a64ecad0d3a692d0f8d2a38b4194b1d
2019-06-20 02:58:25 +03:00
* Copyright (c) Facebook, Inc. and its affiliates.
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
*
update license headers in C++ files Summary: Update the copyright & license headers in C++ files to reflect the relicensing to GPLv2 Reviewed By: wez Differential Revision: D15487078 fbshipit-source-id: 19f24c933a64ecad0d3a692d0f8d2a38b4194b1d
2019-06-20 02:58:25 +03:00
* This software may be used and distributed according to the terms of the
* GNU General Public License version 2.
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
*/
#pragma once
Record backing store imports with RequestData Summary: Uses the existing RequestData class to make calls to static functions to set and get the `didImportFromBackingStore` flag. Reviewed By: simpkins Differential Revision: D16461868 fbshipit-source-id: e3ed39249f5dd1a842ad06a204b5933014b12f7f
2019-08-01 23:34:28 +03:00
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
#include <folly/File.h>
Add command to chown a mount Summary: Sandcastle has several cases where we chown the entire repository which performs terribly on Eden. As a workaround we have a command to do this in eden without loading all the files. Reviewed By: chadaustin Differential Revision: D12857956 fbshipit-source-id: 36cebcc710fbcf4e1eb265df901513cf50a227b9
2018-11-07 19:56:49 +03:00
#include <folly/Range.h>
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
#include <folly/Synchronized.h>
FuseChannel switch dispatcher -> map Summary: Use a map to lookup the handler for a given opcode. While we're in here, let's reduce some more boiler plate by factoring out the code that preps the request and associates it with the stats histogram by moving that into the opcode map. Reviewed By: chadaustin Differential Revision: D6578934 fbshipit-source-id: 9e3f73beb9dc5597f095e81ef21adf1549420e9d
2018-01-03 03:25:05 +03:00
#include <folly/futures/Future.h>
move fuse thread pool to FuseChannel Summary: Now that we have full control over the fuse session, moving the threads here makes a lot of sense and makes things easier from an overall state management perspective. FuseChannel now provides a future that make it easier for EdenMount to wait until all the threads and outstanding requests have completed. There is also a future to determine when the first of the threads has exited which is used to detect an error condition. We could go a bit further with this and have the error condition propagate out from our dispatcher, but that's a bit further away from my goal of making the graceful restart stuff work. I've removed the request counting stuff from Dispatcher as we can now use the definitive signals from FuseChannel in its place. Reviewed By: chadaustin Differential Revision: D6580247 fbshipit-source-id: 6bcc3b8b531d59a3fdd0ca6fd09410ad64f8221a
2018-01-03 20:26:45 +03:00
#include <folly/futures/Promise.h>
debug logging (once) when ENODEV is received from the fuse device Summary: To determine the precise behavior of unmounting an Eden mount with MNT_FORCE, I needed to see whether ENODEV was being returned from the FUSE socket. This helps us clarify the documentation in libfuse https://github.com/libfuse/libfuse/issues/333 Reviewed By: strager Differential Revision: D13630289 fbshipit-source-id: 90e6f0afc927c042a24cd6c82deac644c15ed066
2019-01-12 02:08:35 +03:00
#include <folly/synchronization/CallOnce.h>
remove dep on libfuse Summary: This serves a few purposes: 1. We can avoid some conditional code inside eden if we know that we have a specific fuse_kernel.h header implementation. 2. We don't have to figure out a way to propagate the kernel capabilities through the graceful restart process. 3. libfuse3 removed the channel/session hooks that we've been using thus far to interject ourselves for mounting and graceful restarting, so we were already effectively the walking dead here. 4. We're now able to take advtange of the latest aspects of the fuse kernel interface without being tied to the implementation of libfuse2 or libfuse3. We're interested in the readdirplus functionality and will look at enabling that in a future diff. This may make some things slightly harder for the more immediate macOS port but I belive that we're in a much better place overall. This diff is relatively mechanical and sadly is (unavoidably) large. The main aspects of this diff are: 1. The `fuse_ino_t` type was provided by libfuse so we needed to replace it with our own definition. This has decent penetration throughout the codebase. 2. The confusing `fuse_file_info` type that was multi-purpose and had fields that were sometimes *in* parameters and sometimes *out* parameters has been removed and replaced with a simpler *flags* parameter that corresponds to the `open(2)` flags parameter. The *out* portions are subsumed by existing file handle metadata methods. 3. The fuse parameters returned from variations of the `LOOKUP` opcode now return the fuse kernel type for this directly. I suspect that we may need to introduce a compatibility type when we revisit the macOS port, but this at least makes this diff slightly simpler. You'll notice that some field and symbol name prefixes vary as a result of this. 4. Similarly for `setattr`, libfuse separated the kernel data into two parameters that were a little awkward to use; we're now just passing the kernel data through and this, IMO, makes the interface slightly more understandable. 5. The bulk of the code from `Dispatcher.cpp` that shimmed the libfuse callbacks into the C++ virtual methods has been removed and replaced by a `switch` statement based dispatcher in `FuseChannel`. I'm not married to this being `switch` based and may revise this to be driven by an `unordered_map` of opcode -> dispatcher method defined in `FuseChannel`. Regardless, `Dispatcher.cpp` is now much slimmer and should be easier to replace by rolling it together into `EdenDispatcher.cpp` in the future should we desire to do so. 6. This diff disables dispatching `poll` and `ioctl` calls. We didn't make use of them and their interfaces are a bit fiddly. 7. `INTERRUPT` is also disabled here. I will re-enable it in a follow-up diff where I can also revise how we track outstanding requests for graceful shutdown. 8. I've imported `fuse_kernel.h` from libfuse. This is included under the permissive 2-clause BSD license that it allows for exactly this integration purpose. Reviewed By: simpkins Differential Revision: D6576472 fbshipit-source-id: 7cb088af5e06fe27bf22a1bed295c18c17d8006c
2018-01-03 03:25:03 +03:00
#include <stdlib.h>
#include <sys/uio.h>
send FUSE invalidation requests in a separate thread Summary: Update FuseChannel to send all invalidation requests in a separate thread. This eliminates a deadlock that could previously occur during checkout operations. The invalidation requests would block until they could acquire the kernel's inode lock on the inode in question. However, the inode lock may already be held by another thread attempting to perform an unlink() or rename() call. These FUSE unlink or rename operations would be blocked waiting on Eden's mount point rename lock, which was acquired by the checkout operation. Checkout operations now let the invalidations complete asynchronously, but we wait for all invalidation operations to complete before indicating to our caller that the checkout has succeeded. Reviewed By: chadaustin, wez Differential Revision: D7404971 fbshipit-source-id: 6fa20c00d054e210eb0258d247d083010557f210
2018-03-27 21:12:59 +03:00
#include <condition_variable>
#include <iosfwd>
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
#include <memory>
folly::Optional -> std::optional Summary: Eden's on C++17 so fully cross the rubicon! Reviewed By: strager Differential Revision: D10498098 fbshipit-source-id: 33a885614d627399645b70a54092c1badd795fbe
2018-10-24 04:48:38 +03:00
#include <optional>
Create exception type for FUSE unmount-during-init Summary: FuseChannel::initialize throws runtime_error when the FUSE connection is interrupted. I want EdenMount::startFuse to handle unexpected-unmount errors from FuseChannel::initialize, but catching runtime_error would catch unrelated errors too. When the FUSE connection is interrupted during initialization, make FuseChannel throw FuseDeviceUnmountedDuringInitialization instead of runtime_error. Reviewed By: chadaustin Differential Revision: D14077848 fbshipit-source-id: ed7b7d370a83ed1a9c36a443d8bb06ba940dc032
2019-03-12 06:45:20 +03:00
#include <stdexcept>
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
#include <thread>
re-enable FUSE_INTERRUPT support Summary: I'm mostly interested in this as the definitive way to know how many outstanding fuse requests there are, which is important for synchronization for graceful restart. An important part of this diff is to use of the `RequestContextScopeGuard`. Previously, `RequestData::create` would implicitly create a new `folly::RequestContext` and associate it with the current thread each time a new request was processed on the fuse worker thread. Critically, it would never take any action to remove that association. What that meant was that during shutdown some number of fuse worker threads were extending the lifetime of some fuse requests and that leads either to an use-after-free (as is the case in this diff stack up until this diff), or with the stronger synchronization that we desire in graceful restarts, a deadlock. Reviewed By: chadaustin Differential Revision: D6578933 fbshipit-source-id: f82f75e75a398d1f6beacb9466060e7bd99adbc1
2018-01-03 03:25:07 +03:00
#include <unordered_map>
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
#include <vector>
remove dep on libfuse Summary: This serves a few purposes: 1. We can avoid some conditional code inside eden if we know that we have a specific fuse_kernel.h header implementation. 2. We don't have to figure out a way to propagate the kernel capabilities through the graceful restart process. 3. libfuse3 removed the channel/session hooks that we've been using thus far to interject ourselves for mounting and graceful restarting, so we were already effectively the walking dead here. 4. We're now able to take advtange of the latest aspects of the fuse kernel interface without being tied to the implementation of libfuse2 or libfuse3. We're interested in the readdirplus functionality and will look at enabling that in a future diff. This may make some things slightly harder for the more immediate macOS port but I belive that we're in a much better place overall. This diff is relatively mechanical and sadly is (unavoidably) large. The main aspects of this diff are: 1. The `fuse_ino_t` type was provided by libfuse so we needed to replace it with our own definition. This has decent penetration throughout the codebase. 2. The confusing `fuse_file_info` type that was multi-purpose and had fields that were sometimes *in* parameters and sometimes *out* parameters has been removed and replaced with a simpler *flags* parameter that corresponds to the `open(2)` flags parameter. The *out* portions are subsumed by existing file handle metadata methods. 3. The fuse parameters returned from variations of the `LOOKUP` opcode now return the fuse kernel type for this directly. I suspect that we may need to introduce a compatibility type when we revisit the macOS port, but this at least makes this diff slightly simpler. You'll notice that some field and symbol name prefixes vary as a result of this. 4. Similarly for `setattr`, libfuse separated the kernel data into two parameters that were a little awkward to use; we're now just passing the kernel data through and this, IMO, makes the interface slightly more understandable. 5. The bulk of the code from `Dispatcher.cpp` that shimmed the libfuse callbacks into the C++ virtual methods has been removed and replaced by a `switch` statement based dispatcher in `FuseChannel`. I'm not married to this being `switch` based and may revise this to be driven by an `unordered_map` of opcode -> dispatcher method defined in `FuseChannel`. Regardless, `Dispatcher.cpp` is now much slimmer and should be easier to replace by rolling it together into `EdenDispatcher.cpp` in the future should we desire to do so. 6. This diff disables dispatching `poll` and `ioctl` calls. We didn't make use of them and their interfaces are a bit fiddly. 7. `INTERRUPT` is also disabled here. I will re-enable it in a follow-up diff where I can also revise how we track outstanding requests for graceful shutdown. 8. I've imported `fuse_kernel.h` from libfuse. This is included under the permissive 2-clause BSD license that it allows for exactly this integration purpose. Reviewed By: simpkins Differential Revision: D6576472 fbshipit-source-id: 7cb088af5e06fe27bf22a1bed295c18c17d8006c
2018-01-03 03:25:03 +03:00
#include "eden/fs/fuse/FuseTypes.h"
split InodeNumber into its own file Summary: It's common for code to use InodeNumber without needing to include the main FUSE headers or vice versa. Split them into two separate headers. Reviewed By: strager Differential Revision: D13979868 fbshipit-source-id: c5eeb6a3697bb538729a403434dc4f0f7408cda0
2019-02-09 01:57:33 +03:00
#include "eden/fs/fuse/InodeNumber.h"
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
#include "eden/fs/utils/PathFuncs.h"
count FUSE accesses by process ID Summary: Begin tracking pids passed into FUSE in the ProcessAccessLog. Reviewed By: strager Differential Revision: D9595795 fbshipit-source-id: 02e5fefebcd0de860274409ba6258f14fa050b55
2018-09-10 23:42:11 +03:00
#include "eden/fs/utils/ProcessAccessLog.h"
move fuse thread pool to FuseChannel Summary: Now that we have full control over the fuse session, moving the threads here makes a lot of sense and makes things easier from an overall state management perspective. FuseChannel now provides a future that make it easier for EdenMount to wait until all the threads and outstanding requests have completed. There is also a future to determine when the first of the threads has exited which is used to detect an error condition. We could go a bit further with this and have the error condition propagate out from our dispatcher, but that's a bit further away from my goal of making the graceful restart stuff work. I've removed the request counting stuff from Dispatcher as we can now use the definitive signals from FuseChannel in its place. Reviewed By: chadaustin Differential Revision: D6580247 fbshipit-source-id: 6bcc3b8b531d59a3fdd0ca6fd09410ad64f8221a
2018-01-03 20:26:45 +03:00
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
namespace folly {
class RequestContext;
send FUSE invalidation requests in a separate thread Summary: Update FuseChannel to send all invalidation requests in a separate thread. This eliminates a deadlock that could previously occur during checkout operations. The invalidation requests would block until they could acquire the kernel's inode lock on the inode in question. However, the inode lock may already be held by another thread attempting to perform an unlink() or rename() call. These FUSE unlink or rename operations would be blocked waiting on Eden's mount point rename lock, which was acquired by the checkout operation. Checkout operations now let the invalidations complete asynchronously, but we wait for all invalidation operations to complete before indicating to our caller that the checkout has succeeded. Reviewed By: chadaustin, wez Differential Revision: D7404971 fbshipit-source-id: 6fa20c00d054e210eb0258d247d083010557f210
2018-03-27 21:12:59 +03:00
struct Unit;
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
} // namespace folly
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
namespace facebook {
namespace eden {
class Dispatcher;
class FuseChannel {
public:
update FuseChannel to record the reason why we stopped Summary: Update the FuseChannel code to keep track of why it is stopping, and to return this data in the session complete future. This is mainly just available for diagnostic reasons, and at the moment nothing is using this outside of the unit tests. Reviewed By: wez Differential Revision: D7253573 fbshipit-source-id: 0c7e5b8bd9c3c1de3788918c2257c06d4fe0a90c
2018-03-14 04:25:47 +03:00
enum class StopReason {
RUNNING, // not stopped
INIT_FAILED,
UNMOUNTED,
TAKEOVER,
DESTRUCTOR,
FUSE_READ_ERROR,
FUSE_WRITE_ERROR,
FUSE_TRUNCATED_REQUEST,
WORKER_EXCEPTION,
};
have FuseChannel return its FD in the completion future Summary: Remove the `FuseChannel::stealFuseDevice()` method, and instead change the session completion future to return the FUSE device FD if it is still valid. This ensures we only extract the FUSE device when it is still valid: if an unmount event is being processed by a FUSE worker thread simultaneously with a call to `FuseChannel::takeoverStop()` the session completion future will return an empty `folly::File` since the FUSE device has been shut down. This also helps clarify the synchronization semantics around modification to the `fuseDevice_` member variable. Reviewed By: wez Differential Revision: D7300847 fbshipit-source-id: 02ced8fc9d24e7cd526d911782949d0bfbf0e5a7
2018-03-17 03:30:49 +03:00
struct StopData {
/**
* The reason why the FUSE channel was stopped.
*
* If multiple events occurred that triggered shutdown, only one will be
* reported here. (e.g., If a takeover was initiated and one of the worker
* threads saw that the device was unmounted before it stopped.)
*/
StopReason reason{StopReason::RUNNING};
/**
* The FUSE device for communicating with the kernel, if it is still valid
* to use.
*
* This will be a closed File object if the FUSE device is no longer valid
* (e.g., if it has been unmounted or if an error occurred on the FUSE
* device).
*/
folly::File fuseDevice;
/**
* The FUSE connection settings negotiated on the FUSE device.
*
* This will have valid data only when fuseDevice is also valid.
* This can be passed to initializeFromTakeover() to start a new
* FuseChannel object that uses this FuseDevice.
*/
fuse_init_out fuseSettings = {};
};
using StopFuture = folly::SemiFuture<StopData>;
update FuseChannel to record the reason why we stopped Summary: Update the FuseChannel code to keep track of why it is stopping, and to return this data in the session complete future. This is mainly just available for diagnostic reasons, and at the moment nothing is using this outside of the unit tests. Reviewed By: wez Differential Revision: D7253573 fbshipit-source-id: 0c7e5b8bd9c3c1de3788918c2257c06d4fe0a90c
2018-03-14 04:25:47 +03:00
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
/**
* Construct the fuse channel and session structures that are
* required by libfuse to communicate with the kernel using
* a pre-existing fuseDevice descriptor. The descriptor may
* have been obtained via privilegedFuseMount() or may have
* been passed to us as part of a graceful restart procedure.
clean up fuse init processing Summary: This diff moves the mount-time initialization handling out of the main loop. This rationale for this is: * We don't (and shouldn't!) need to process FUSE_INIT for takeover processing, and this structure allows us to make stronger assertions about our state. * we can avoid spinning up multiple threads in the (rare!) case that the FUSE_INIT fails * It is now a little harder for exceptions during initialization to escape our notice. In rearranging this stuff, I found a race condition in the worker thread shutdown; we could erroneously emit a completion event before all of the threads had been torn down and this resulted in sporadic integration test failures hitting the assertion for the number of joined threads in the destructor. Reviewed By: simpkins Differential Revision: D6766330 fbshipit-source-id: 32afb5a7c739c75aebfdb0a8f896eec5f41ad33f
2018-02-01 01:37:01 +03:00
*
* The caller is expected to follow up with a call to the
* initialize() method to perform the handshake with the
* kernel and set up the thread pool.
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
*/
move fuse thread pool to FuseChannel Summary: Now that we have full control over the fuse session, moving the threads here makes a lot of sense and makes things easier from an overall state management perspective. FuseChannel now provides a future that make it easier for EdenMount to wait until all the threads and outstanding requests have completed. There is also a future to determine when the first of the threads has exited which is used to detect an error condition. We could go a bit further with this and have the error condition propagate out from our dispatcher, but that's a bit further away from my goal of making the graceful restart stuff work. I've removed the request counting stuff from Dispatcher as we can now use the definitive signals from FuseChannel in its place. Reviewed By: chadaustin Differential Revision: D6580247 fbshipit-source-id: 6bcc3b8b531d59a3fdd0ca6fd09410ad64f8221a
2018-01-03 20:26:45 +03:00
FuseChannel(
folly::File&& fuseDevice,
AbsolutePathPiece mountPath,
size_t numThreads,
count FUSE accesses by process ID Summary: Begin tracking pids passed into FUSE in the ProcessAccessLog. Reviewed By: strager Differential Revision: D9595795 fbshipit-source-id: 02e5fefebcd0de860274409ba6258f14fa050b55
2018-09-10 23:42:11 +03:00
Dispatcher* const dispatcher,
std::shared_ptr<ProcessNameCache> processNameCache);
clean up fuse init processing Summary: This diff moves the mount-time initialization handling out of the main loop. This rationale for this is: * We don't (and shouldn't!) need to process FUSE_INIT for takeover processing, and this structure allows us to make stronger assertions about our state. * we can avoid spinning up multiple threads in the (rare!) case that the FUSE_INIT fails * It is now a little harder for exceptions during initialization to escape our notice. In rearranging this stuff, I found a race condition in the worker thread shutdown; we could erroneously emit a completion event before all of the threads had been torn down and this resulted in sporadic integration test failures hitting the assertion for the number of joined threads in the destructor. Reviewed By: simpkins Differential Revision: D6766330 fbshipit-source-id: 32afb5a7c739c75aebfdb0a8f896eec5f41ad33f
2018-02-01 01:37:01 +03:00
join FuseChannel threads in the destructor Summary: Update FuseChannel to only join its worker threads in its destructor, rather scheduling a function in the main EventBase thread to join each thread as soon as it completes. This makes FuseChannel a bit easier to use: the destructor can now be called at any point in time (as long as it is not called inside one of the worker threads themselves). If it is called while the FuseChannel is still running this will automatically stop the worker threads. Reviewed By: wez Differential Revision: D7224369 fbshipit-source-id: 4de0e7c0c677e870fd629eaaaa5ab40d134ee870
2018-03-12 21:43:28 +03:00
/**
* Destroy the FuseChannel.
*
prevent FuseChannel from being destroyed with outstanding requests Summary: The FuseChannel destructor previously could be invoked while there are still outstanding requests, which would cause problems when responses were generated for these requests. This makes the FuseChannel destructor private, requiring users to always allocate FuseChannel objects on the heap and destroy them using a destroy() method. The destroy() method still blocks waiting for the FUSE worker threads to exit, but if there are still outstanding FUSE requests it defers the deletion of the FuseChannel until they are complete. The EdenMount class currently couldn't ever destroy FuseChannel objects with outstanding requests, since it waits for the completion future to fire before invoking the destructor. Fixing this behavior is mostly for correctness of the FuseChannel API and for the benefit of our unit tests. Reviewed By: chadaustin Differential Revision: D7297829 fbshipit-source-id: 643d1332be84a1f25ee30ba2a2ea3515806f00ef
2018-03-16 22:07:59 +03:00
* If the FUSE worker threads are still running, the destroy() will stop
join FuseChannel threads in the destructor Summary: Update FuseChannel to only join its worker threads in its destructor, rather scheduling a function in the main EventBase thread to join each thread as soon as it completes. This makes FuseChannel a bit easier to use: the destructor can now be called at any point in time (as long as it is not called inside one of the worker threads themselves). If it is called while the FuseChannel is still running this will automatically stop the worker threads. Reviewed By: wez Differential Revision: D7224369 fbshipit-source-id: 4de0e7c0c677e870fd629eaaaa5ab40d134ee870
2018-03-12 21:43:28 +03:00
* them and wait for them to exit.
*
prevent FuseChannel from being destroyed with outstanding requests Summary: The FuseChannel destructor previously could be invoked while there are still outstanding requests, which would cause problems when responses were generated for these requests. This makes the FuseChannel destructor private, requiring users to always allocate FuseChannel objects on the heap and destroy them using a destroy() method. The destroy() method still blocks waiting for the FUSE worker threads to exit, but if there are still outstanding FUSE requests it defers the deletion of the FuseChannel until they are complete. The EdenMount class currently couldn't ever destroy FuseChannel objects with outstanding requests, since it waits for the completion future to fire before invoking the destructor. Fixing this behavior is mostly for correctness of the FuseChannel API and for the benefit of our unit tests. Reviewed By: chadaustin Differential Revision: D7297829 fbshipit-source-id: 643d1332be84a1f25ee30ba2a2ea3515806f00ef
2018-03-16 22:07:59 +03:00
* destroy() must not be invoked from inside one of the worker threads. For
* instance, do not invoke the destructor from inside a Dispatcher callback.
*
* The FuseChannel object itself may not have been immediately deleted by the
* time that destroy() returns. destroy() will wait for all outstanding FUSE
* requests to complete before it deletes the object. However, it may return
* before this happens if some FUSE requests are still pending and will
* complete in a non-FUSE-worker thread.
join FuseChannel threads in the destructor Summary: Update FuseChannel to only join its worker threads in its destructor, rather scheduling a function in the main EventBase thread to join each thread as soon as it completes. This makes FuseChannel a bit easier to use: the destructor can now be called at any point in time (as long as it is not called inside one of the worker threads themselves). If it is called while the FuseChannel is still running this will automatically stop the worker threads. Reviewed By: wez Differential Revision: D7224369 fbshipit-source-id: 4de0e7c0c677e870fd629eaaaa5ab40d134ee870
2018-03-12 21:43:28 +03:00
*/
prevent FuseChannel from being destroyed with outstanding requests Summary: The FuseChannel destructor previously could be invoked while there are still outstanding requests, which would cause problems when responses were generated for these requests. This makes the FuseChannel destructor private, requiring users to always allocate FuseChannel objects on the heap and destroy them using a destroy() method. The destroy() method still blocks waiting for the FUSE worker threads to exit, but if there are still outstanding FUSE requests it defers the deletion of the FuseChannel until they are complete. The EdenMount class currently couldn't ever destroy FuseChannel objects with outstanding requests, since it waits for the completion future to fire before invoking the destructor. Fixing this behavior is mostly for correctness of the FuseChannel API and for the benefit of our unit tests. Reviewed By: chadaustin Differential Revision: D7297829 fbshipit-source-id: 643d1332be84a1f25ee30ba2a2ea3515806f00ef
2018-03-16 22:07:59 +03:00
void destroy();
join FuseChannel threads in the destructor Summary: Update FuseChannel to only join its worker threads in its destructor, rather scheduling a function in the main EventBase thread to join each thread as soon as it completes. This makes FuseChannel a bit easier to use: the destructor can now be called at any point in time (as long as it is not called inside one of the worker threads themselves). If it is called while the FuseChannel is still running this will automatically stop the worker threads. Reviewed By: wez Differential Revision: D7224369 fbshipit-source-id: 4de0e7c0c677e870fd629eaaaa5ab40d134ee870
2018-03-12 21:43:28 +03:00
clean up fuse init processing Summary: This diff moves the mount-time initialization handling out of the main loop. This rationale for this is: * We don't (and shouldn't!) need to process FUSE_INIT for takeover processing, and this structure allows us to make stronger assertions about our state. * we can avoid spinning up multiple threads in the (rare!) case that the FUSE_INIT fails * It is now a little harder for exceptions during initialization to escape our notice. In rearranging this stuff, I found a race condition in the worker thread shutdown; we could erroneously emit a completion event before all of the threads had been torn down and this resulted in sporadic integration test failures hitting the assertion for the number of joined threads in the destructor. Reviewed By: simpkins Differential Revision: D6766330 fbshipit-source-id: 32afb5a7c739c75aebfdb0a8f896eec5f41ad33f
2018-02-01 01:37:01 +03:00
/**
* Initialize the FuseChannel; until this completes successfully,
* FUSE requests will not be serviced.
*
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
* This will first start one worker thread to wait for the INIT request from
* the kernel and validate that we are compatible. Once we have successfully
* completed the INIT negotiation with the kernel we will start the remaining
* FUSE worker threads and indicate success via the returned Future object.
clean up fuse init processing Summary: This diff moves the mount-time initialization handling out of the main loop. This rationale for this is: * We don't (and shouldn't!) need to process FUSE_INIT for takeover processing, and this structure allows us to make stronger assertions about our state. * we can avoid spinning up multiple threads in the (rare!) case that the FUSE_INIT fails * It is now a little harder for exceptions during initialization to escape our notice. In rearranging this stuff, I found a race condition in the worker thread shutdown; we could erroneously emit a completion event before all of the threads had been torn down and this resulted in sporadic integration test failures hitting the assertion for the number of joined threads in the destructor. Reviewed By: simpkins Differential Revision: D6766330 fbshipit-source-id: 32afb5a7c739c75aebfdb0a8f896eec5f41ad33f
2018-02-01 01:37:01 +03:00
*
update FuseChannel::initialize() to return the completion future Summary: Remove the `FuseChannel::getSessionCompleteFuture()` method and instead have `initialize()` and `initializeFromTakeover()` return the `Future` that can be used to wait on session completion. This makes it explicit from an API perspective that this session completion future will only be invoked if initialization is successful. It also eliminates the possibility of anyone calling getSessionCompleteFuture() more than once. I also changed the session completion future to use a folly::SemiFuture rather than a folly::Future, to make it explicit that callers generally should not execute their callback inline in the same thread where the SemiFuture is fulfilled. Reviewed By: chadaustin Differential Revision: D7297835 fbshipit-source-id: 3a1157951f0738f1692833ed5e875c3e9c6d6d69
2018-03-16 22:07:49 +03:00
* Returns a folly::Future that will become ready once the mount point has
* been initialized and is ready for I/O. This Future will complete inside
* one of the FUSE worker threads.
*
* The initialization Future will return a new StopFuture object that will
* be fulfilled when the FuseChannel has stopped. This StopFuture can be
* used to detect if the FuseChannel has been unmounted or stopped because of
* an error or any other reason. The StopFuture may be fulfilled inside one
* of the FUSE worker threads that is in the process of shutting down.
* Callers should normally use via() to perform any additional work in
* another executor thread.
clean up fuse init processing Summary: This diff moves the mount-time initialization handling out of the main loop. This rationale for this is: * We don't (and shouldn't!) need to process FUSE_INIT for takeover processing, and this structure allows us to make stronger assertions about our state. * we can avoid spinning up multiple threads in the (rare!) case that the FUSE_INIT fails * It is now a little harder for exceptions during initialization to escape our notice. In rearranging this stuff, I found a race condition in the worker thread shutdown; we could erroneously emit a completion event before all of the threads had been torn down and this resulted in sporadic integration test failures hitting the assertion for the number of joined threads in the destructor. Reviewed By: simpkins Differential Revision: D6766330 fbshipit-source-id: 32afb5a7c739c75aebfdb0a8f896eec5f41ad33f
2018-02-01 01:37:01 +03:00
*/
update FuseChannel::initialize() to return the completion future Summary: Remove the `FuseChannel::getSessionCompleteFuture()` method and instead have `initialize()` and `initializeFromTakeover()` return the `Future` that can be used to wait on session completion. This makes it explicit from an API perspective that this session completion future will only be invoked if initialization is successful. It also eliminates the possibility of anyone calling getSessionCompleteFuture() more than once. I also changed the session completion future to use a folly::SemiFuture rather than a folly::Future, to make it explicit that callers generally should not execute their callback inline in the same thread where the SemiFuture is fulfilled. Reviewed By: chadaustin Differential Revision: D7297835 fbshipit-source-id: 3a1157951f0738f1692833ed5e875c3e9c6d6d69
2018-03-16 22:07:49 +03:00
FOLLY_NODISCARD folly::Future<StopFuture> initialize();
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
split up FUSE initialization for fresh start vs takeover Summary: Split up the FuseChannel and EdenMount APIs for starting a brand new FUSE channel vs taking over an existing channel. These operations are somewhat different as initializing a new FUSE channel requires performing a negotiation with the kernel that will not complete immediately. Therefore these APIs return a Future object. Taking over an existing FUSE channel is always an immediate operation, and therefor does not need to return a Future object. Reviewed By: chadaustin Differential Revision: D7241997 fbshipit-source-id: 22780f2df76b2d554ab2a4043b6425fa7a4e9c94
2018-03-13 07:24:09 +03:00
/**
* Initialize the FuseChannel when taking over an existing FuseDevice.
*
* This is used when performing a graceful restart of Eden, where we are
* taking over a FUSE connection that was already initialized by a previous
* process.
*
* The connInfo parameter specifies the connection data that was already
* negotiated by the previous owner of the FuseDevice.
*
* This function will immediately set up the thread pool used to service
* incoming fuse requests.
update FuseChannel::initialize() to return the completion future Summary: Remove the `FuseChannel::getSessionCompleteFuture()` method and instead have `initialize()` and `initializeFromTakeover()` return the `Future` that can be used to wait on session completion. This makes it explicit from an API perspective that this session completion future will only be invoked if initialization is successful. It also eliminates the possibility of anyone calling getSessionCompleteFuture() more than once. I also changed the session completion future to use a folly::SemiFuture rather than a folly::Future, to make it explicit that callers generally should not execute their callback inline in the same thread where the SemiFuture is fulfilled. Reviewed By: chadaustin Differential Revision: D7297835 fbshipit-source-id: 3a1157951f0738f1692833ed5e875c3e9c6d6d69
2018-03-16 22:07:49 +03:00
*
* Returns a StopFuture that will be fulfilled when the FuseChannel has
* stopped. This future can be used to detect if the FuseChannel has been
* unmounted or stopped because of an error or any other reason.
split up FUSE initialization for fresh start vs takeover Summary: Split up the FuseChannel and EdenMount APIs for starting a brand new FUSE channel vs taking over an existing channel. These operations are somewhat different as initializing a new FUSE channel requires performing a negotiation with the kernel that will not complete immediately. Therefore these APIs return a Future object. Taking over an existing FUSE channel is always an immediate operation, and therefor does not need to return a Future object. Reviewed By: chadaustin Differential Revision: D7241997 fbshipit-source-id: 22780f2df76b2d554ab2a4043b6425fa7a4e9c94
2018-03-13 07:24:09 +03:00
*/
update FuseChannel::initialize() to return the completion future Summary: Remove the `FuseChannel::getSessionCompleteFuture()` method and instead have `initialize()` and `initializeFromTakeover()` return the `Future` that can be used to wait on session completion. This makes it explicit from an API perspective that this session completion future will only be invoked if initialization is successful. It also eliminates the possibility of anyone calling getSessionCompleteFuture() more than once. I also changed the session completion future to use a folly::SemiFuture rather than a folly::Future, to make it explicit that callers generally should not execute their callback inline in the same thread where the SemiFuture is fulfilled. Reviewed By: chadaustin Differential Revision: D7297835 fbshipit-source-id: 3a1157951f0738f1692833ed5e875c3e9c6d6d69
2018-03-16 22:07:49 +03:00
StopFuture initializeFromTakeover(fuse_init_out connInfo);
split up FUSE initialization for fresh start vs takeover Summary: Split up the FuseChannel and EdenMount APIs for starting a brand new FUSE channel vs taking over an existing channel. These operations are somewhat different as initializing a new FUSE channel requires performing a negotiation with the kernel that will not complete immediately. Therefore these APIs return a Future object. Taking over an existing FUSE channel is always an immediate operation, and therefor does not need to return a Future object. Reviewed By: chadaustin Differential Revision: D7241997 fbshipit-source-id: 22780f2df76b2d554ab2a4043b6425fa7a4e9c94
2018-03-13 07:24:09 +03:00
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
// Forbidden copy constructor and assignment operator
FuseChannel(FuseChannel const&) = delete;
FuseChannel& operator=(FuseChannel const&) = delete;
/**
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
* Request that the FuseChannel stop processing new requests, and prepare
* to hand over the FuseDevice to another process.
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
*/
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
void takeoverStop() {
update FuseChannel to record the reason why we stopped Summary: Update the FuseChannel code to keep track of why it is stopping, and to return this data in the session complete future. This is mainly just available for diagnostic reasons, and at the moment nothing is using this outside of the unit tests. Reviewed By: wez Differential Revision: D7253573 fbshipit-source-id: 0c7e5b8bd9c3c1de3788918c2257c06d4fe0a90c
2018-03-14 04:25:47 +03:00
requestSessionExit(StopReason::TAKEOVER);
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
}
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
/**
send FUSE invalidation requests in a separate thread Summary: Update FuseChannel to send all invalidation requests in a separate thread. This eliminates a deadlock that could previously occur during checkout operations. The invalidation requests would block until they could acquire the kernel's inode lock on the inode in question. However, the inode lock may already be held by another thread attempting to perform an unlink() or rename() call. These FUSE unlink or rename operations would be blocked waiting on Eden's mount point rename lock, which was acquired by the checkout operation. Checkout operations now let the invalidations complete asynchronously, but we wait for all invalidation operations to complete before indicating to our caller that the checkout has succeeded. Reviewed By: chadaustin, wez Differential Revision: D7404971 fbshipit-source-id: 6fa20c00d054e210eb0258d247d083010557f210
2018-03-27 21:12:59 +03:00
* Request that the kernel invalidate its cached data for the specified
* inode.
*
* This operation is performed asynchronously. flushInvalidations() can be
* called if you need to determine when this operation has completed.
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
*
* @param ino the inode number
* @param off the offset in the inode where to start invalidating
* or negative to invalidate attributes only
* @param len the amount of cache to invalidate or 0 for all
*/
send FUSE invalidation requests in a separate thread Summary: Update FuseChannel to send all invalidation requests in a separate thread. This eliminates a deadlock that could previously occur during checkout operations. The invalidation requests would block until they could acquire the kernel's inode lock on the inode in question. However, the inode lock may already be held by another thread attempting to perform an unlink() or rename() call. These FUSE unlink or rename operations would be blocked waiting on Eden's mount point rename lock, which was acquired by the checkout operation. Checkout operations now let the invalidations complete asynchronously, but we wait for all invalidation operations to complete before indicating to our caller that the checkout has succeeded. Reviewed By: chadaustin, wez Differential Revision: D7404971 fbshipit-source-id: 6fa20c00d054e210eb0258d247d083010557f210
2018-03-27 21:12:59 +03:00
void invalidateInode(InodeNumber ino, int64_t off, int64_t len);
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
/**
send FUSE invalidation requests in a separate thread Summary: Update FuseChannel to send all invalidation requests in a separate thread. This eliminates a deadlock that could previously occur during checkout operations. The invalidation requests would block until they could acquire the kernel's inode lock on the inode in question. However, the inode lock may already be held by another thread attempting to perform an unlink() or rename() call. These FUSE unlink or rename operations would be blocked waiting on Eden's mount point rename lock, which was acquired by the checkout operation. Checkout operations now let the invalidations complete asynchronously, but we wait for all invalidation operations to complete before indicating to our caller that the checkout has succeeded. Reviewed By: chadaustin, wez Differential Revision: D7404971 fbshipit-source-id: 6fa20c00d054e210eb0258d247d083010557f210
2018-03-27 21:12:59 +03:00
* Request that the kernel invalidate its cached data for the specified
* directory entry.
*
* This operation is performed asynchronously. flushInvalidations() can be
* called if you need to determine when this operation has completed.
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
*
* @param parent inode number
* @param name file name
*/
remove the fusell namespace Summary: Move everything in the `facebook::eden::fusell` namespace to `facebook::eden` Reviewed By: chadaustin Differential Revision: D7314458 fbshipit-source-id: db56d3e5fb898235e1376ac76077cf780d9b4698
2018-03-20 03:01:15 +03:00
void invalidateEntry(InodeNumber parent, PathComponentPiece name);
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
Add command to chown a mount Summary: Sandcastle has several cases where we chown the entire repository which performs terribly on Eden. As a workaround we have a command to do this in eden without loading all the files. Reviewed By: chadaustin Differential Revision: D12857956 fbshipit-source-id: 36cebcc710fbcf4e1eb265df901513cf50a227b9
2018-11-07 19:56:49 +03:00
/*
* Request that the kernel invalidate its cached data for the specified
* inodes.
*
* This operation is performed asynchronously. flushInvalidations() can be
* called if you need to determine when this operation has completed.
*
* @param range a range of inodes
*/
void invalidateInodes(folly::Range<InodeNumber*> range);
send FUSE invalidation requests in a separate thread Summary: Update FuseChannel to send all invalidation requests in a separate thread. This eliminates a deadlock that could previously occur during checkout operations. The invalidation requests would block until they could acquire the kernel's inode lock on the inode in question. However, the inode lock may already be held by another thread attempting to perform an unlink() or rename() call. These FUSE unlink or rename operations would be blocked waiting on Eden's mount point rename lock, which was acquired by the checkout operation. Checkout operations now let the invalidations complete asynchronously, but we wait for all invalidation operations to complete before indicating to our caller that the checkout has succeeded. Reviewed By: chadaustin, wez Differential Revision: D7404971 fbshipit-source-id: 6fa20c00d054e210eb0258d247d083010557f210
2018-03-27 21:12:59 +03:00
/**
* Wait for all currently scheduled invalidateInode() and invalidateEntry()
* operations to complete.
*
* The returned Future will complete once all invalidation operations
* scheduled before this flushInvalidations() call have finished. This
* future will normally be completed in the FuseChannel's invalidation
* thread.
*/
FOLLY_NODISCARD folly::Future<folly::Unit> flushInvalidations();
remove dep on libfuse Summary: This serves a few purposes: 1. We can avoid some conditional code inside eden if we know that we have a specific fuse_kernel.h header implementation. 2. We don't have to figure out a way to propagate the kernel capabilities through the graceful restart process. 3. libfuse3 removed the channel/session hooks that we've been using thus far to interject ourselves for mounting and graceful restarting, so we were already effectively the walking dead here. 4. We're now able to take advtange of the latest aspects of the fuse kernel interface without being tied to the implementation of libfuse2 or libfuse3. We're interested in the readdirplus functionality and will look at enabling that in a future diff. This may make some things slightly harder for the more immediate macOS port but I belive that we're in a much better place overall. This diff is relatively mechanical and sadly is (unavoidably) large. The main aspects of this diff are: 1. The `fuse_ino_t` type was provided by libfuse so we needed to replace it with our own definition. This has decent penetration throughout the codebase. 2. The confusing `fuse_file_info` type that was multi-purpose and had fields that were sometimes *in* parameters and sometimes *out* parameters has been removed and replaced with a simpler *flags* parameter that corresponds to the `open(2)` flags parameter. The *out* portions are subsumed by existing file handle metadata methods. 3. The fuse parameters returned from variations of the `LOOKUP` opcode now return the fuse kernel type for this directly. I suspect that we may need to introduce a compatibility type when we revisit the macOS port, but this at least makes this diff slightly simpler. You'll notice that some field and symbol name prefixes vary as a result of this. 4. Similarly for `setattr`, libfuse separated the kernel data into two parameters that were a little awkward to use; we're now just passing the kernel data through and this, IMO, makes the interface slightly more understandable. 5. The bulk of the code from `Dispatcher.cpp` that shimmed the libfuse callbacks into the C++ virtual methods has been removed and replaced by a `switch` statement based dispatcher in `FuseChannel`. I'm not married to this being `switch` based and may revise this to be driven by an `unordered_map` of opcode -> dispatcher method defined in `FuseChannel`. Regardless, `Dispatcher.cpp` is now much slimmer and should be easier to replace by rolling it together into `EdenDispatcher.cpp` in the future should we desire to do so. 6. This diff disables dispatching `poll` and `ioctl` calls. We didn't make use of them and their interfaces are a bit fiddly. 7. `INTERRUPT` is also disabled here. I will re-enable it in a follow-up diff where I can also revise how we track outstanding requests for graceful shutdown. 8. I've imported `fuse_kernel.h` from libfuse. This is included under the permissive 2-clause BSD license that it allows for exactly this integration purpose. Reviewed By: simpkins Differential Revision: D6576472 fbshipit-source-id: 7cb088af5e06fe27bf22a1bed295c18c17d8006c
2018-01-03 03:25:03 +03:00
/**
* Sends a reply to a kernel request that consists only of the error
* status (no additional payload).
* `err` may be 0 (indicating success) or a positive errno value.
*
* throws system_error if the write fails. Writes can fail if the
* data we send to the kernel is invalid.
*/
void replyError(const fuse_in_header& request, int err);
/**
* Sends a raw data packet to the kernel.
* The data may be scattered across a number of discrete buffers;
* this method uses writev to send them to the kernel as a single unit.
* The kernel, and thus this method, assumes that the start of this data
* is a fuse_out_header instance. This method will sum the iovec lengths
* to compute the correct value to store into fuse_out_header::len.
*
* throws system_error if the write fails. Writes can fail if the
* data we send to the kernel is invalid.
*/
void sendRawReply(const iovec iov[], size_t count) const;
/**
* Sends a range of contiguous bytes as a reply to the kernel.
* request holds the context of the request to which we are replying.
* `bytes` is the payload to send in addition to the successful status
* header generated by this method.
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
*
remove dep on libfuse Summary: This serves a few purposes: 1. We can avoid some conditional code inside eden if we know that we have a specific fuse_kernel.h header implementation. 2. We don't have to figure out a way to propagate the kernel capabilities through the graceful restart process. 3. libfuse3 removed the channel/session hooks that we've been using thus far to interject ourselves for mounting and graceful restarting, so we were already effectively the walking dead here. 4. We're now able to take advtange of the latest aspects of the fuse kernel interface without being tied to the implementation of libfuse2 or libfuse3. We're interested in the readdirplus functionality and will look at enabling that in a future diff. This may make some things slightly harder for the more immediate macOS port but I belive that we're in a much better place overall. This diff is relatively mechanical and sadly is (unavoidably) large. The main aspects of this diff are: 1. The `fuse_ino_t` type was provided by libfuse so we needed to replace it with our own definition. This has decent penetration throughout the codebase. 2. The confusing `fuse_file_info` type that was multi-purpose and had fields that were sometimes *in* parameters and sometimes *out* parameters has been removed and replaced with a simpler *flags* parameter that corresponds to the `open(2)` flags parameter. The *out* portions are subsumed by existing file handle metadata methods. 3. The fuse parameters returned from variations of the `LOOKUP` opcode now return the fuse kernel type for this directly. I suspect that we may need to introduce a compatibility type when we revisit the macOS port, but this at least makes this diff slightly simpler. You'll notice that some field and symbol name prefixes vary as a result of this. 4. Similarly for `setattr`, libfuse separated the kernel data into two parameters that were a little awkward to use; we're now just passing the kernel data through and this, IMO, makes the interface slightly more understandable. 5. The bulk of the code from `Dispatcher.cpp` that shimmed the libfuse callbacks into the C++ virtual methods has been removed and replaced by a `switch` statement based dispatcher in `FuseChannel`. I'm not married to this being `switch` based and may revise this to be driven by an `unordered_map` of opcode -> dispatcher method defined in `FuseChannel`. Regardless, `Dispatcher.cpp` is now much slimmer and should be easier to replace by rolling it together into `EdenDispatcher.cpp` in the future should we desire to do so. 6. This diff disables dispatching `poll` and `ioctl` calls. We didn't make use of them and their interfaces are a bit fiddly. 7. `INTERRUPT` is also disabled here. I will re-enable it in a follow-up diff where I can also revise how we track outstanding requests for graceful shutdown. 8. I've imported `fuse_kernel.h` from libfuse. This is included under the permissive 2-clause BSD license that it allows for exactly this integration purpose. Reviewed By: simpkins Differential Revision: D6576472 fbshipit-source-id: 7cb088af5e06fe27bf22a1bed295c18c17d8006c
2018-01-03 03:25:03 +03:00
* throws system_error if the write fails. Writes can fail if the
* data we send to the kernel is invalid.
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
*/
remove dep on libfuse Summary: This serves a few purposes: 1. We can avoid some conditional code inside eden if we know that we have a specific fuse_kernel.h header implementation. 2. We don't have to figure out a way to propagate the kernel capabilities through the graceful restart process. 3. libfuse3 removed the channel/session hooks that we've been using thus far to interject ourselves for mounting and graceful restarting, so we were already effectively the walking dead here. 4. We're now able to take advtange of the latest aspects of the fuse kernel interface without being tied to the implementation of libfuse2 or libfuse3. We're interested in the readdirplus functionality and will look at enabling that in a future diff. This may make some things slightly harder for the more immediate macOS port but I belive that we're in a much better place overall. This diff is relatively mechanical and sadly is (unavoidably) large. The main aspects of this diff are: 1. The `fuse_ino_t` type was provided by libfuse so we needed to replace it with our own definition. This has decent penetration throughout the codebase. 2. The confusing `fuse_file_info` type that was multi-purpose and had fields that were sometimes *in* parameters and sometimes *out* parameters has been removed and replaced with a simpler *flags* parameter that corresponds to the `open(2)` flags parameter. The *out* portions are subsumed by existing file handle metadata methods. 3. The fuse parameters returned from variations of the `LOOKUP` opcode now return the fuse kernel type for this directly. I suspect that we may need to introduce a compatibility type when we revisit the macOS port, but this at least makes this diff slightly simpler. You'll notice that some field and symbol name prefixes vary as a result of this. 4. Similarly for `setattr`, libfuse separated the kernel data into two parameters that were a little awkward to use; we're now just passing the kernel data through and this, IMO, makes the interface slightly more understandable. 5. The bulk of the code from `Dispatcher.cpp` that shimmed the libfuse callbacks into the C++ virtual methods has been removed and replaced by a `switch` statement based dispatcher in `FuseChannel`. I'm not married to this being `switch` based and may revise this to be driven by an `unordered_map` of opcode -> dispatcher method defined in `FuseChannel`. Regardless, `Dispatcher.cpp` is now much slimmer and should be easier to replace by rolling it together into `EdenDispatcher.cpp` in the future should we desire to do so. 6. This diff disables dispatching `poll` and `ioctl` calls. We didn't make use of them and their interfaces are a bit fiddly. 7. `INTERRUPT` is also disabled here. I will re-enable it in a follow-up diff where I can also revise how we track outstanding requests for graceful shutdown. 8. I've imported `fuse_kernel.h` from libfuse. This is included under the permissive 2-clause BSD license that it allows for exactly this integration purpose. Reviewed By: simpkins Differential Revision: D6576472 fbshipit-source-id: 7cb088af5e06fe27bf22a1bed295c18c17d8006c
2018-01-03 03:25:03 +03:00
void sendReply(const fuse_in_header& request, folly::ByteRange bytes) const;
/**
* Sends a reply to a kernel request, consisting of multiple parts.
* The `vec` parameter holds an array of payload components and is moved
* in to this method which then prepends a fuse_out_header and passes
* control along to sendRawReply().
*
* throws system_error if the write fails. Writes can fail if the
* data we send to the kernel is invalid.
*/
void sendReply(const fuse_in_header& request, folly::fbvector<iovec>&& vec)
const;
/**
* Sends a reply to the kernel.
* The payload parameter is typically a fuse_out_XXX struct as defined
* in the appropriate fuse_kernel_XXX.h header file.
*
* throws system_error if the write fails. Writes can fail if the
* data we send to the kernel is invalid.
*/
template <typename T>
void sendReply(const fuse_in_header& request, const T& payload) const {
sendReply(
request,
folly::ByteRange{reinterpret_cast<const uint8_t*>(&payload),
sizeof(T)});
}
Added thrift request to report outstanding FUSE calls Summary: Added a thrift call to return the outstanding FUSE requests. Cli will call the thrift and print the output. Added a unit test to test getOutstandingRequests(). Reviewed By: simpkins Differential Revision: D7314584 fbshipit-source-id: 420790405babdb734f598e19719b487096ec53ca
2018-03-20 20:18:29 +03:00
/**
* Function to get outstanding fuse requests.
*/
std::vector<fuse_in_header> getOutstandingRequests();
expose FUSE accesses over Thrift Summary: Add a Thrift API for reading the pid access logs from each EdenMount/FuseChannel. Used in a future diff. Reviewed By: strager Differential Revision: D9477867 fbshipit-source-id: 0897a915ca654bca952aecc123ea40105830a75b
2018-09-10 23:42:12 +03:00
ProcessAccessLog& getProcessAccessLog() {
return processAccessLog_;
}
make all of the FuseChannel handler methods private Summary: Only the FuseChannel code should invoke the handler methods. This makes them all private. This did require making handlerMap be a private static member variable of FuseChannel so that it can access these methods during its initialization. Reviewed By: wez Differential Revision: D7126002 fbshipit-source-id: 28c421173cb6cf8b7a8e1ca085ad78ec9ea76b8f
2018-03-10 03:24:40 +03:00
private:
struct HandlerEntry;
using HandlerMap = std::unordered_map<uint32_t, HandlerEntry>;
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
/**
* All of our mutable state that may be accessed from the worker threads,
* and therefore requires synchronization.
*/
struct State {
eden: remove fuse request interrupt code, track requests by internal id Summary: This is really a continuation of D13479516; the issue is that the osxfuse kernel module is very eager to recycle `unique` request id values, recycling them before our code has had a chance to update internal state. This diff re-keys the requests map so that we generate our own sequence of identifiers to use as the key rather than the fuse protocol `unique` value. Because we cannot reliably track by `unique` value we also cannot reliably implement interrupt support. We've never really tested interrupt support, and it relies on functionality in folly futures that hasn't really been tested or proven either, so I've removed that functionality as part of this diff. That allows simplifying some code in RequestData and FuseChannel; we're now able to simply tack an `.ensure` on the end of the future chain to ensure that we remove the entry from the map once the future is resolved, successfully or otherwise. Reviewed By: chadaustin Differential Revision: D13679964 fbshipit-source-id: c1081a868c4061de2a725589ec1614959a8e9316
2019-01-17 01:17:09 +03:00
uint64_t nextRequestId{1};
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
std::unordered_map<uint64_t, std::weak_ptr<folly::RequestContext>> requests;
std::vector<std::thread> workerThreads;
/*
* We track the number of stopped threads, to know when we are done and can
* signal sessionCompletePromise_. We only want to signal
* sessionCompletePromise_ after initialization is successful and then all
* threads have stopped.
*
* If an error occurs during initialization we may have started some but
* not all of the worker threads. We do not want to signal
* sessionCompletePromise_ in this case--we will return the error from
* initialize() or takeoverInitialize() instead.
*/
size_t stoppedThreads{0};
prevent FuseChannel from being destroyed with outstanding requests Summary: The FuseChannel destructor previously could be invoked while there are still outstanding requests, which would cause problems when responses were generated for these requests. This makes the FuseChannel destructor private, requiring users to always allocate FuseChannel objects on the heap and destroy them using a destroy() method. The destroy() method still blocks waiting for the FUSE worker threads to exit, but if there are still outstanding FUSE requests it defers the deletion of the FuseChannel until they are complete. The EdenMount class currently couldn't ever destroy FuseChannel objects with outstanding requests, since it waits for the completion future to fire before invoking the destructor. Fixing this behavior is mostly for correctness of the FuseChannel API and for the benefit of our unit tests. Reviewed By: chadaustin Differential Revision: D7297829 fbshipit-source-id: 643d1332be84a1f25ee30ba2a2ea3515806f00ef
2018-03-16 22:07:59 +03:00
/**
* If destroyPending is true, the FuseChannel object should be
* automatically destroyed when the last outstanding request finishes.
*/
bool destroyPending{false};
have FuseChannel return its FD in the completion future Summary: Remove the `FuseChannel::stealFuseDevice()` method, and instead change the session completion future to return the FUSE device FD if it is still valid. This ensures we only extract the FUSE device when it is still valid: if an unmount event is being processed by a FUSE worker thread simultaneously with a call to `FuseChannel::takeoverStop()` the session completion future will return an empty `folly::File` since the FUSE device has been shut down. This also helps clarify the synchronization semantics around modification to the `fuseDevice_` member variable. Reviewed By: wez Differential Revision: D7300847 fbshipit-source-id: 02ced8fc9d24e7cd526d911782949d0bfbf0e5a7
2018-03-17 03:30:49 +03:00
/**
* If the FuseChannel is stopped or stopping, the reason why it is
* stopping. This is set to RUNNING while the FuseDevice is initializing
* or running.
*/
StopReason stopReason{StopReason::RUNNING};
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
};
send FUSE invalidation requests in a separate thread Summary: Update FuseChannel to send all invalidation requests in a separate thread. This eliminates a deadlock that could previously occur during checkout operations. The invalidation requests would block until they could acquire the kernel's inode lock on the inode in question. However, the inode lock may already be held by another thread attempting to perform an unlink() or rename() call. These FUSE unlink or rename operations would be blocked waiting on Eden's mount point rename lock, which was acquired by the checkout operation. Checkout operations now let the invalidations complete asynchronously, but we wait for all invalidation operations to complete before indicating to our caller that the checkout has succeeded. Reviewed By: chadaustin, wez Differential Revision: D7404971 fbshipit-source-id: 6fa20c00d054e210eb0258d247d083010557f210
2018-03-27 21:12:59 +03:00
struct DataRange {
DataRange(int64_t offset, int64_t length);
int64_t offset;
int64_t length;
};
enum class InvalidationType : uint32_t {
INODE,
DIR_ENTRY,
FLUSH,
};
struct InvalidationEntry {
InvalidationEntry(InodeNumber inode, int64_t offset, int64_t length);
InvalidationEntry(InodeNumber inode, PathComponentPiece name);
explicit InvalidationEntry(folly::Promise<folly::Unit> promise);
declare the FuseChannel::InvalidationEntry move constructor noexcept Summary: Add a noexcept specifier to InvalidationEntry's move constructor. Reviewed By: chadaustin Differential Revision: D7417324 fbshipit-source-id: c1a9704a61b7a6ce59a7e9dde623f2ef020a7506
2018-03-31 00:58:47 +03:00
InvalidationEntry(InvalidationEntry&& other) noexcept;
send FUSE invalidation requests in a separate thread Summary: Update FuseChannel to send all invalidation requests in a separate thread. This eliminates a deadlock that could previously occur during checkout operations. The invalidation requests would block until they could acquire the kernel's inode lock on the inode in question. However, the inode lock may already be held by another thread attempting to perform an unlink() or rename() call. These FUSE unlink or rename operations would be blocked waiting on Eden's mount point rename lock, which was acquired by the checkout operation. Checkout operations now let the invalidations complete asynchronously, but we wait for all invalidation operations to complete before indicating to our caller that the checkout has succeeded. Reviewed By: chadaustin, wez Differential Revision: D7404971 fbshipit-source-id: 6fa20c00d054e210eb0258d247d083010557f210
2018-03-27 21:12:59 +03:00
~InvalidationEntry();
InvalidationType type;
InodeNumber inode;
union {
PathComponent name;
DataRange range;
folly::Promise<folly::Unit> promise;
};
};
struct InvalidationQueue {
std::vector<InvalidationEntry> queue;
bool stop{false};
};
friend std::ostream& operator<<(
std::ostream& os,
const InvalidationEntry& entry);
prevent FuseChannel from being destroyed with outstanding requests Summary: The FuseChannel destructor previously could be invoked while there are still outstanding requests, which would cause problems when responses were generated for these requests. This makes the FuseChannel destructor private, requiring users to always allocate FuseChannel objects on the heap and destroy them using a destroy() method. The destroy() method still blocks waiting for the FUSE worker threads to exit, but if there are still outstanding FUSE requests it defers the deletion of the FuseChannel until they are complete. The EdenMount class currently couldn't ever destroy FuseChannel objects with outstanding requests, since it waits for the completion future to fire before invoking the destructor. Fixing this behavior is mostly for correctness of the FuseChannel API and for the benefit of our unit tests. Reviewed By: chadaustin Differential Revision: D7297829 fbshipit-source-id: 643d1332be84a1f25ee30ba2a2ea3515806f00ef
2018-03-16 22:07:59 +03:00
/**
* Private destructor.
*
* FuseChannel objects must always be allocated on the heap, and destroyed by
* calling FuseChannel::destroy(). Users are not allowed to destroy
* FuseChannel objects directly.
*
* FuseChannel::destroy() will delete the FuseChannel once all outstanding
* requests have completed.
*/
~FuseChannel();
make all of the FuseChannel handler methods private Summary: Only the FuseChannel code should invoke the handler methods. This makes them all private. This did require making handlerMap be a private static member variable of FuseChannel so that it can access these methods during its initialization. Reviewed By: wez Differential Revision: D7126002 fbshipit-source-id: 28c421173cb6cf8b7a8e1ca085ad78ec9ea76b8f
2018-03-10 03:24:40 +03:00
Count FUSE reads/writes Summary: Display FUSE calls, reads, and writes {F167451325} Reviewed By: chadaustin Differential Revision: D16214570 fbshipit-source-id: ce1b3533d7260fb304c7efdaef8567a83d3dcd4a
2019-07-26 20:03:50 +03:00
bool isReadOperation(FuseOpcode opcode);
bool isWriteOperation(FuseOpcode opcode);
FuseChannel switch dispatcher -> map Summary: Use a map to lookup the handler for a given opcode. While we're in here, let's reduce some more boiler plate by factoring out the code that preps the request and associates it with the stats histogram by moving that into the opcode map. Reviewed By: chadaustin Differential Revision: D6578934 fbshipit-source-id: 9e3f73beb9dc5597f095e81ef21adf1549420e9d
2018-01-03 03:25:05 +03:00
folly::Future<folly::Unit> fuseRead(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseWrite(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseLookup(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseForget(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseGetAttr(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseSetAttr(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseReadLink(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseSymlink(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseMknod(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseMkdir(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseUnlink(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseRmdir(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseRename(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseLink(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseOpen(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseStatFs(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseRelease(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseFsync(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseSetXAttr(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseGetXAttr(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseListXAttr(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseRemoveXAttr(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseFlush(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseOpenDir(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseReadDir(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseReleaseDir(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseFsyncDir(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseAccess(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseCreate(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseBmap(
const fuse_in_header* header,
const uint8_t* arg);
folly::Future<folly::Unit> fuseBatchForget(
const fuse_in_header* header,
const uint8_t* arg);
fix hangs in FuseChannel shutdown Summary: The FuseChannel unit tests would sometimes hang because a worker thread would still be stuck in a blocking read() call. The issue appears to be that the kernel would often automatically restart the interrupted read(), so the worker would never wake up. This switches the code from using SIGPIPE to wake up, and instead uses SIGUSR2, and installs a handler for SIGUSR2 with the SA_RESTART flag unset. It's possible that this was an issue only for the unit tests, where the FUSE device is a socket. I'm not sure if the kernel would automatically restart read operations on a real FUSE device. There are still theoretically some race conditions here, since `requestSessionExit()` could be called right after a worker thread checks `(runState_` and before it enters the blocking `read()` call. Fixing that would likely require switching to something like `folly::EventBase` or manually using epoll. Fortunately I haven't seen that be an issue in practice so far. Reviewed By: chadaustin, wez Differential Revision: D7282002 fbshipit-source-id: 99d29de13a7858dd25f258fdc94d8f8c71ee84d9
2018-03-15 23:33:55 +03:00
void setThreadSigmask();
handle exceptions from FuseChannel::processSession() Summary: Catch exceptions thrown by FuseChannel::processSession() and terminate the FuseChannel if any errors occur. Also explicitly mark `fuseWorkerThread()` and `initWorkerThread()` as `noexcept` so we will crash with useful exception backtraces if an unhandled exception does ever attempt to propagate out of these functions. (Prior to gcc 8.x, `std::thread()` ends up swallowing the exception backtrace information if a thread function throws an exception.) Reviewed By: chadaustin Differential Revision: D7243909 fbshipit-source-id: fbe7173a2167532d7e42901f810c17bb173d8d63
2018-03-13 22:52:50 +03:00
void initWorkerThread() noexcept;
void fuseWorkerThread() noexcept;
send FUSE invalidation requests in a separate thread Summary: Update FuseChannel to send all invalidation requests in a separate thread. This eliminates a deadlock that could previously occur during checkout operations. The invalidation requests would block until they could acquire the kernel's inode lock on the inode in question. However, the inode lock may already be held by another thread attempting to perform an unlink() or rename() call. These FUSE unlink or rename operations would be blocked waiting on Eden's mount point rename lock, which was acquired by the checkout operation. Checkout operations now let the invalidations complete asynchronously, but we wait for all invalidation operations to complete before indicating to our caller that the checkout has succeeded. Reviewed By: chadaustin, wez Differential Revision: D7404971 fbshipit-source-id: 6fa20c00d054e210eb0258d247d083010557f210
2018-03-27 21:12:59 +03:00
void invalidationThread() noexcept;
void stopInvalidationThread();
void sendInvalidation(InvalidationEntry& entry);
void sendInvalidateInode(InodeNumber ino, int64_t off, int64_t len);
void sendInvalidateEntry(InodeNumber parent, PathComponentPiece name);
clean up fuse init processing Summary: This diff moves the mount-time initialization handling out of the main loop. This rationale for this is: * We don't (and shouldn't!) need to process FUSE_INIT for takeover processing, and this structure allows us to make stronger assertions about our state. * we can avoid spinning up multiple threads in the (rare!) case that the FUSE_INIT fails * It is now a little harder for exceptions during initialization to escape our notice. In rearranging this stuff, I found a race condition in the worker thread shutdown; we could erroneously emit a completion event before all of the threads had been torn down and this resulted in sporadic integration test failures hitting the assertion for the number of joined threads in the destructor. Reviewed By: simpkins Differential Revision: D6766330 fbshipit-source-id: 32afb5a7c739c75aebfdb0a8f896eec5f41ad33f
2018-02-01 01:37:01 +03:00
void readInitPacket();
void startWorkerThreads();
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
have FuseChannel return its FD in the completion future Summary: Remove the `FuseChannel::stealFuseDevice()` method, and instead change the session completion future to return the FUSE device FD if it is still valid. This ensures we only extract the FUSE device when it is still valid: if an unmount event is being processed by a FUSE worker thread simultaneously with a call to `FuseChannel::takeoverStop()` the session completion future will return an empty `folly::File` since the FUSE device has been shut down. This also helps clarify the synchronization semantics around modification to the `fuseDevice_` member variable. Reviewed By: wez Differential Revision: D7300847 fbshipit-source-id: 02ced8fc9d24e7cd526d911782949d0bfbf0e5a7
2018-03-17 03:30:49 +03:00
/**
* sessionComplete() will fulfill the sessionCompletePromise_.
*
* Beware: calling sessionComplete() should be the very last statement in any
* method that calls it. It may destroy the FuseChannel object before it
* returns.
*/
void sessionComplete(folly::Synchronized<State>::LockedPtr state);
static bool isFuseDeviceValid(StopReason reason) {
// The FuseDevice may still be used if the FuseChannel was stopped due to a
// takeover request or because the FuseChannel object was destroyed without
// ever being unmounted. It is also still valid if the FuseChannel is
// still running.
//
// In all other cases the FuseDevice should no longer be used.
return (
reason == StopReason::RUNNING || reason == StopReason::TAKEOVER ||
reason == StopReason::DESTRUCTOR);
}
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
/**
* Dispatches fuse requests until the session is torn down.
* This function blocks until the fuse session is stopped.
* The intent is that this is called from each of the
* fuse worker threads provided by the MountPoint.
*/
void processSession();
/**
* Requests that the worker threads terminate their processing loop.
*/
update FuseChannel to record the reason why we stopped Summary: Update the FuseChannel code to keep track of why it is stopping, and to return this data in the session complete future. This is mainly just available for diagnostic reasons, and at the moment nothing is using this outside of the unit tests. Reviewed By: wez Differential Revision: D7253573 fbshipit-source-id: 0c7e5b8bd9c3c1de3788918c2257c06d4fe0a90c
2018-03-14 04:25:47 +03:00
void requestSessionExit(StopReason reason);
void requestSessionExit(
const folly::Synchronized<State>::LockedPtr& state,
StopReason reason);
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
/*
* Constant state that does not change for the lifetime of the FuseChannel
*/
const size_t bufferSize_{0};
const size_t numThreads_;
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
Dispatcher* const dispatcher_{nullptr};
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
const AbsolutePath mountPath_;
/*
* connInfo_ is modified during the initialization process,
* but constant once initialization is complete.
*/
folly::Optional -> std::optional Summary: Eden's on C++17 so fully cross the rubicon! Reviewed By: strager Differential Revision: D10498098 fbshipit-source-id: 33a885614d627399645b70a54092c1badd795fbe
2018-10-24 04:48:38 +03:00
std::optional<fuse_init_out> connInfo_;
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
/*
have FuseChannel return its FD in the completion future Summary: Remove the `FuseChannel::stealFuseDevice()` method, and instead change the session completion future to return the FUSE device FD if it is still valid. This ensures we only extract the FUSE device when it is still valid: if an unmount event is being processed by a FUSE worker thread simultaneously with a call to `FuseChannel::takeoverStop()` the session completion future will return an empty `folly::File` since the FUSE device has been shut down. This also helps clarify the synchronization semantics around modification to the `fuseDevice_` member variable. Reviewed By: wez Differential Revision: D7300847 fbshipit-source-id: 02ced8fc9d24e7cd526d911782949d0bfbf0e5a7
2018-03-17 03:30:49 +03:00
* fuseDevice_ is constant while the worker threads are running.
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
*
have FuseChannel return its FD in the completion future Summary: Remove the `FuseChannel::stealFuseDevice()` method, and instead change the session completion future to return the FUSE device FD if it is still valid. This ensures we only extract the FUSE device when it is still valid: if an unmount event is being processed by a FUSE worker thread simultaneously with a call to `FuseChannel::takeoverStop()` the session completion future will return an empty `folly::File` since the FUSE device has been shut down. This also helps clarify the synchronization semantics around modification to the `fuseDevice_` member variable. Reviewed By: wez Differential Revision: D7300847 fbshipit-source-id: 02ced8fc9d24e7cd526d911782949d0bfbf0e5a7
2018-03-17 03:30:49 +03:00
* This is constant for most of the lifetime of the FuseChannel object.
* It can be modified during shutdown so that it can be returned as part of
* the StopData. However, there is guaranteed to be external synchronization
* around this event:
* - If the stop can occur as the last FUSE worker thread shuts down.
* No other FUSE worker threads can access fuseDevice_ after this point,
* and the FuseChannel destructor will join the threads before destryoing
* fuseDevice_.
* - If the stop can occur as when the last outstanding FUSE request
* completes, after all FUSE worker threads have stopped. In this case no
* other threads are accessing the FuseChannel and it will be immediately
* destroyed in the same thread that creates the StopData object.
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
*/
folly::File fuseDevice_;
/*
* Mutable state that is accessed from the worker threads.
* All of this state uses locking or other synchronization.
*/
have FuseChannel return its FD in the completion future Summary: Remove the `FuseChannel::stealFuseDevice()` method, and instead change the session completion future to return the FUSE device FD if it is still valid. This ensures we only extract the FUSE device when it is still valid: if an unmount event is being processed by a FUSE worker thread simultaneously with a call to `FuseChannel::takeoverStop()` the session completion future will return an empty `folly::File` since the FUSE device has been shut down. This also helps clarify the synchronization semantics around modification to the `fuseDevice_` member variable. Reviewed By: wez Differential Revision: D7300847 fbshipit-source-id: 02ced8fc9d24e7cd526d911782949d0bfbf0e5a7
2018-03-17 03:30:49 +03:00
std::atomic<bool> stop_{false};
debug logging (once) when ENODEV is received from the fuse device Summary: To determine the precise behavior of unmounting an Eden mount with MNT_FORCE, I needed to see whether ENODEV was being returned from the FUSE socket. This helps us clarify the documentation in libfuse https://github.com/libfuse/libfuse/issues/333 Reviewed By: strager Differential Revision: D13630289 fbshipit-source-id: 90e6f0afc927c042a24cd6c82deac644c15ed066
2019-01-12 02:08:35 +03:00
folly::once_flag unmountLogFlag_;
restructure FuseChannel initialization and synchronization Summary: - Update FuseChannel::initializate() to not require an Executor. Rather than performing initialization using the supplied Executor, it simply starts one worker thread first and performs initialization there. - Change the API semantics slightly so that the session complete future is invoked only if initialization succeeds. Previously the session complete future could be invoked if initialization failed as well. - Replace the activeThreads counter with a stoppedThreads counter to determine when the session complete future should be invoked. The previous activeThreads behavior was somewhat racy, since the activeThreads counter was incremented inside each worker thread, but most places that checked it did not wait to ensure that all worker threads had successfully incremented it yet. Reviewed By: chadaustin Differential Revision: D7243910 fbshipit-source-id: 93b3465509bd9bf6fa90ea097e70dac3193172f9
2018-03-13 22:52:48 +03:00
folly::Synchronized<State> state_;
have FuseChannel return its FD in the completion future Summary: Remove the `FuseChannel::stealFuseDevice()` method, and instead change the session completion future to return the FUSE device FD if it is still valid. This ensures we only extract the FUSE device when it is still valid: if an unmount event is being processed by a FUSE worker thread simultaneously with a call to `FuseChannel::takeoverStop()` the session completion future will return an empty `folly::File` since the FUSE device has been shut down. This also helps clarify the synchronization semantics around modification to the `fuseDevice_` member variable. Reviewed By: wez Differential Revision: D7300847 fbshipit-source-id: 02ced8fc9d24e7cd526d911782949d0bfbf0e5a7
2018-03-17 03:30:49 +03:00
folly::Promise<StopFuture> initPromise_;
folly::Promise<StopData> sessionCompletePromise_;
only log unsupported opcodes once Summary: eden doesn't support ioctl which was spamming "unhandled fuse opcode 39" into the log. Only log each unhandled opcode once. Reviewed By: wez Differential Revision: D6663175 fbshipit-source-id: c1bea671c8fb720ae0ac234c4f187251930a8bee
2018-01-05 21:18:53 +03:00
// To prevent logging unsupported opcodes twice.
print unhandled's opcode name if known Summary: Title says it all. Uses a switch statement so the compiler might warn if a header's opcode isn't handled. Reviewed By: wez Differential Revision: D6664378 fbshipit-source-id: 51986c423c943bf3b51cbd342ea4bdedb5fe1188
2018-01-05 21:18:55 +03:00
folly::Synchronized<std::unordered_set<FuseOpcode>> unhandledOpcodes_;
prevent FuseChannel from being destroyed with outstanding requests Summary: The FuseChannel destructor previously could be invoked while there are still outstanding requests, which would cause problems when responses were generated for these requests. This makes the FuseChannel destructor private, requiring users to always allocate FuseChannel objects on the heap and destroy them using a destroy() method. The destroy() method still blocks waiting for the FUSE worker threads to exit, but if there are still outstanding FUSE requests it defers the deletion of the FuseChannel until they are complete. The EdenMount class currently couldn't ever destroy FuseChannel objects with outstanding requests, since it waits for the completion future to fire before invoking the destructor. Fixing this behavior is mostly for correctness of the FuseChannel API and for the benefit of our unit tests. Reviewed By: chadaustin Differential Revision: D7297829 fbshipit-source-id: 643d1332be84a1f25ee30ba2a2ea3515806f00ef
2018-03-16 22:07:59 +03:00
send FUSE invalidation requests in a separate thread Summary: Update FuseChannel to send all invalidation requests in a separate thread. This eliminates a deadlock that could previously occur during checkout operations. The invalidation requests would block until they could acquire the kernel's inode lock on the inode in question. However, the inode lock may already be held by another thread attempting to perform an unlink() or rename() call. These FUSE unlink or rename operations would be blocked waiting on Eden's mount point rename lock, which was acquired by the checkout operation. Checkout operations now let the invalidations complete asynchronously, but we wait for all invalidation operations to complete before indicating to our caller that the checkout has succeeded. Reviewed By: chadaustin, wez Differential Revision: D7404971 fbshipit-source-id: 6fa20c00d054e210eb0258d247d083010557f210
2018-03-27 21:12:59 +03:00
// State for sending inode invalidation requests to the kernel
// These are processed in their own dedicated thread.
folly::Synchronized<InvalidationQueue, std::mutex> invalidationQueue_;
std::condition_variable invalidationCV_;
std::thread invalidationThread_;
count FUSE accesses by process ID Summary: Begin tracking pids passed into FUSE in the ProcessAccessLog. Reviewed By: strager Differential Revision: D9595795 fbshipit-source-id: 02e5fefebcd0de860274409ba6258f14fa050b55
2018-09-10 23:42:11 +03:00
ProcessAccessLog processAccessLog_;
prevent FuseChannel from being destroyed with outstanding requests Summary: The FuseChannel destructor previously could be invoked while there are still outstanding requests, which would cause problems when responses were generated for these requests. This makes the FuseChannel destructor private, requiring users to always allocate FuseChannel objects on the heap and destroy them using a destroy() method. The destroy() method still blocks waiting for the FUSE worker threads to exit, but if there are still outstanding FUSE requests it defers the deletion of the FuseChannel until they are complete. The EdenMount class currently couldn't ever destroy FuseChannel objects with outstanding requests, since it waits for the completion future to fire before invoking the destructor. Fixing this behavior is mostly for correctness of the FuseChannel API and for the benefit of our unit tests. Reviewed By: chadaustin Differential Revision: D7297829 fbshipit-source-id: 643d1332be84a1f25ee30ba2a2ea3515806f00ef
2018-03-16 22:07:59 +03:00
static const HandlerMap handlerMap_;
};
/**
* FuseChannelDeleter acts as a deleter argument for std::shared_ptr or
* std::unique_ptr.
*/
class FuseChannelDeleter {
public:
void operator()(FuseChannel* channel) {
channel->destroy();
}
re-organize the fuse Channel and Session code Summary: The higher level goal is to make it easier to deal with the graceful restart scenario. This diff removes the SessionDeleter class and effectively renames the Channel class to FuseChannel. The FuseChannel represents the channel to the kernel; it can be constructed from a fuse device descriptor that has been obtained either from the privhelper at mount time, or from the graceful restart procedure. Importantly for graceful restart, it is possible to move the fuse device descriptor out of the FuseChannel so that it can be transferred to a new eden process. The graceful restart procedure requires a bit more control over the lifecycle of the fuse event loop so this diff also takes over managing the thread pool for the worker threads. The threads are owned by the MountPoint class which continues to be responsible for starting and stopping the fuse session and notifying EdenServer when it has finished. A nice side effect of this change is that we can remove a couple of inelegant aspects of the integration; the stack size env var stuff and the redundant extra thread to wait for the loop to finish. I opted to expose the dispatcher ops struct via an `extern` to simplify the code in the MountPoint class and avoid adding special interfaces for passing the ops around; they're constant anyway so this doesn't feel especially egregious. Reviewed By: bolinfest Differential Revision: D5751521 fbshipit-source-id: 5ba4fff48f3efb31a809adfc7787555711f649c9
2017-09-09 05:15:17 +03:00
};
remove the fusell namespace Summary: Move everything in the `facebook::eden::fusell` namespace to `facebook::eden` Reviewed By: chadaustin Differential Revision: D7314458 fbshipit-source-id: db56d3e5fb898235e1376ac76077cf780d9b4698
2018-03-20 03:01:15 +03:00
Create exception type for FUSE unmount-during-init Summary: FuseChannel::initialize throws runtime_error when the FUSE connection is interrupted. I want EdenMount::startFuse to handle unexpected-unmount errors from FuseChannel::initialize, but catching runtime_error would catch unrelated errors too. When the FUSE connection is interrupted during initialization, make FuseChannel throw FuseDeviceUnmountedDuringInitialization instead of runtime_error. Reviewed By: chadaustin Differential Revision: D14077848 fbshipit-source-id: ed7b7d370a83ed1a9c36a443d8bb06ba940dc032
2019-03-12 06:45:20 +03:00
class FuseDeviceUnmountedDuringInitialization : public std::runtime_error {
public:
explicit FuseDeviceUnmountedDuringInitialization(AbsolutePathPiece mountPath);
};
run clang-format across all C++ files Summary: Per discussion with bolinfest, this brings Eden in line with clang-format. This diff was generated with `find . \( -iname '*.cpp' -o -iname '*.h' \) -exec bash -c "yes | arc lint {}" \;` Reviewed By: bolinfest Differential Revision: D6232695 fbshipit-source-id: d54942bf1c69b5b0dcd4df629f1f2d5538c9e28c
2017-11-04 01:58:04 +03:00
} // namespace eden
} // namespace facebook
Reference in New Issue Copy Permalink