It is currently not possible to reliably and automatically
unmount an NFS filesystem. If the server is not available, the
umount command will hang.
The hang can be avoided by using "-l" or "-f", but neither
of these are appropriate for automatic use such as by an
automounter (e.g automountd or systemd).
"-l" will unmount even if the filesystem is in use, which
an automounter generally doesn't want. If the filesystem
is in use, then the umount should fail.
"-f" can cause the filesystem to abort pending transactions
which might break filesystem semantics. This can be useful
in the hands of a sysadmin, but not when used by an
automatic tool.
umount has another option, "-c" aka "--no-canonicalize"
which avoids some "stat" calls.
Currently this doesn't avoid all calls to
canonicalize_path()
as
mnt_context_prepare_umount() ->
lookup_umount_fs() ->
mnt_context_find_umount_fs() ->
mnt_context_get_mtab_for_target() ->
mnt_resolve_path() ->
canonicalize_path_and_cache() ->
canonicalize_path()
leads to that function being called.
The "-c" option could be taken to mean "I know what I'm
doing, this really is the path to a mount point, I just want
you to unmount it". Given that, it seems suitable to
extend this to avoid all 'stat' calls on the mountpoint.
It is already appropriate for any automount program to pass
"-c" to "umount", so they can be changed to do so at any
time.
With the patch below, "-c" will result in the mountpoint
never being "stat"ed, so umount won't hang on an
inaccessible server.
This isn't quite sufficient, for NFS at least, as the usage
of libmount in umount.nfs still calls 'stat' on the mount
point.
"-c" isn't passed to the umount helper, but it is reasonable
for such helpers to assume "-c" because "umount" will have
canonicalized the path when that is appropriate.
So, this patch treats "-c" much like "-l" and "-f" when
deciding whether it is safe to 'stat' the path.
Signed-off-by: NeilBrown <[email protected]>
---
libmount/src/context_umount.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libmount/src/context_umount.c b/libmount/src/context_umount.c
index e663a703cca0..693891def0e1 100644
--- a/libmount/src/context_umount.c
+++ b/libmount/src/context_umount.c
@@ -77,6 +77,7 @@ int mnt_context_find_umount_fs(struct libmnt_context *cxt,
* it's usable only for canonicalized stuff (e.g. kernel mountinfo).
*/
if (!mnt_context_mtab_writable(cxt) && *tgt == '/' &&
+ !mnt_context_is_nocanonicalize(cxt) &&
!mnt_context_is_force(cxt) && !mnt_context_is_lazy(cxt))
rc = mnt_context_get_mtab_for_target(cxt, &mtab, tgt);
else
@@ -245,6 +246,7 @@ static int lookup_umount_fs(struct libmnt_context *cxt)
&& !mnt_context_mtab_writable(cxt)
&& !mnt_context_is_force(cxt)
&& !mnt_context_is_lazy(cxt)
+ && !mnt_context_is_nocanonicalize(cxt)
&& !mnt_context_is_loopdel(cxt)
&& mnt_stat_mountpoint(tgt, &st) == 0 && S_ISDIR(st.st_mode)
&& !has_utab_entry(cxt, tgt)) {
--
2.12.2
On 06/04/2017 10:38 PM, NeilBrown wrote:
>
> /usr/bin/umount will always pass a canonical name
> to umount.nfs, so it is safe to disable canonicalization.
>
> When umounting an NFS filesystem, it is generally safest to
> not "stat" the mountpoint at all as that can block
> indefinitely. umount() will not block, but lstat() etc can.
> By disabling canonicalization in libmount, we discourage it
> from ever calling 'stat' family operations, and thus reduce
> the chance of a hang.
>
> Note that to be fully effective, this requires changes to
> util-linux which have not yet been accepted.
> When both that change and this are in effect, automounters
> can use "umount -c $PATH" to safely unmount a filesystem
> without blocking.
>
> Signed-off-by: NeilBrown <[email protected]>
Committed...
steved.
> ---
> utils/mount/mount_libmount.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/utils/mount/mount_libmount.c b/utils/mount/mount_libmount.c
> index 1f01f7f7a4e7..2d4065759a6c 100644
> --- a/utils/mount/mount_libmount.c
> +++ b/utils/mount/mount_libmount.c
> @@ -188,6 +188,7 @@ static int umount_main(struct libmnt_context *cxt, int argc, char **argv)
> };
>
> mnt_context_init_helper(cxt, MNT_ACT_UMOUNT, 0);
> + mnt_context_disable_canonicalize(cxt, 1);
>
> while ((c = getopt_long (argc, argv, "fvnrlh", longopts, NULL)) != -1) {
>
>
/usr/bin/umount will always pass a canonical name
to umount.nfs, so it is safe to disable canonicalization.
When umounting an NFS filesystem, it is generally safest to
not "stat" the mountpoint at all as that can block
indefinitely. umount() will not block, but lstat() etc can.
By disabling canonicalization in libmount, we discourage it
from ever calling 'stat' family operations, and thus reduce
the chance of a hang.
Note that to be fully effective, this requires changes to
util-linux which have not yet been accepted.
When both that change and this are in effect, automounters
can use "umount -c $PATH" to safely unmount a filesystem
without blocking.
Signed-off-by: NeilBrown <[email protected]>
---
utils/mount/mount_libmount.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/utils/mount/mount_libmount.c b/utils/mount/mount_libmount.c
index 1f01f7f7a4e7..2d4065759a6c 100644
--- a/utils/mount/mount_libmount.c
+++ b/utils/mount/mount_libmount.c
@@ -188,6 +188,7 @@ static int umount_main(struct libmnt_context *cxt, int argc, char **argv)
};
mnt_context_init_helper(cxt, MNT_ACT_UMOUNT, 0);
+ mnt_context_disable_canonicalize(cxt, 1);
while ((c = getopt_long (argc, argv, "fvnrlh", longopts, NULL)) != -1) {
--
2.12.2
On Mon, Jun 05, 2017 at 12:32:58PM +1000, NeilBrown wrote:
> So, this patch treats "-c" much like "-l" and "-f" when
> deciding whether it is safe to 'stat' the path.
Ah, definitely good idea. Applied, thanks.
Karel
--
Karel Zak <[email protected]>
http://karelzak.blogspot.com