vfs: add the concept of vnode state transitions
ClosedPublic
Actions

Authored by mjg on Dec 20 2022, 1:35 PM.

Details

Reviewers

Commits

rG829f0bcb5fe2: vfs: add the concept of vnode state transitions
rGed1bb254101e: mntfs: change mntfs_allocvp API to relock on its own
rG94267fc90774: vfs: use designated initializers for the typename array

Summary

commit 7484877bdb34db97bc684ab26e9fc606f5b1f0b7
Author: Mateusz Guzik <mjg@FreeBSD.org>
Date: Mon Dec 19 13:00:30 2022 +0000

vfs: add the concept of vnode state transitions

To quote from a comment above vput_final:
<quote>
* XXX Some filesystems pass in an exclusively locked vnode and strongly depend
* on the lock being held all the way until VOP_INACTIVE. This in particular
* happens with UFS which adds half-constructed vnodes to the hash, where they
* can be found by other code.
</quote>

As is there is no mechanism which allows filesystems to denote that a
vnode is fully initialized, consequently problems like the above are
only found the hard way(tm).

Add rudimentary support for state transitions, which in particular allow
to assert the vnode is not legally unlocked until its fate is decided
(either construction finishes or vgone is called to abort it).

The new field lands in a 1-byte hole, thus it does not grow the struct.

Reviewed by:
Differential Revision:

commit 05108b1829e98572488a45b2e8352eb81204caaa
Author: Mateusz Guzik <mjg@FreeBSD.org>
Date: Mon Dec 19 14:42:04 2022 +0000

mntfs: change mntfs_allocvp API to relock on its own

Reviewed by:
Differential Revision:

commit bf20666b84a806f964058be04fdbb9b8b62bf646
Author: Mateusz Guzik <mjg@FreeBSD.org>
Date: Thu Dec 22 13:37:17 2022 +0000

vfs: use designated initializers for the typename array

While here prefix with v for better consistency with the vnode stuff.

Reviewed by:
Differential Revision:

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

mjg created this revision.Dec 20 2022, 1:35 PM

Herald added subscribers: asomers, delphij. · View Herald TranscriptDec 20 2022, 1:35 PM

mjg requested review of this revision.Dec 20 2022, 1:35 PM

mjg updated this revision to Diff 114319.

mjg edited the summary of this revision. (Show Details)

mjg edited the summary of this revision. (Show Details)Dec 20 2022, 1:39 PM

kib added inline comments.Dec 21 2022, 10:08 PM

sys/kern/vfs_subr.c
4014	Should we assert that the state is CONSTRUCTED or DESTROYING there, regardless of the later vn_set_state()?
4163
4164	Please use designated initializers. If you worry about consistency, change typename init in a prep commit.

mjg updated this revision to Diff 114405.Dec 22 2022, 1:51 PM

mjg edited the summary of this revision. (Show Details)

mjg marked 2 inline comments as done.

I wished we have a way to make an assert that specific region of code does not drop and reacquire a specific lock. It is often useful when it is impossible to completely trace all calls from the top layer, to ensure that the protected state is still consistent. One example of (complicated) use of this feature is the ffs_lock()/ffs_unlock()/ffs_unlock_tracker(), where it asserts that the directory lookup state is still under the same lock ownership.

Your vnode state tracking is very similar, and in some cases does just that.