On Fri, Jul 30, 2021 at 11:48:15AM -0400, Josef Bacik wrote: > On 7/30/21 11:17 AM, J. Bruce Fields wrote: > > On Fri, Jul 30, 2021 at 02:23:44PM +0800, Qu Wenruo wrote: > > > OK, forgot it's an opt-in feature, then it's less an impact. > > > > > > But it can still sometimes be problematic. > > > > > > E.g. if the user want to put some git code into one subvolume, while > > > export another subvolume through NFS. > > > > > > Then the user has to opt-in, affecting the git subvolume to lose the > > > ability to determine subvolume boundary, right? > > > > Totally naive question: is it be possible to treat different subvolumes > > differently, and give the user some choice at subvolume creation time > > how this new boundary should behave? > > > > It seems like there are some conflicting priorities that can only be > > resolved by someone who knows the intended use case. > > > > This is the crux of the problem. We have no real interfaces or anything to > deal with this sort of paradigm. We do the st_dev thing because that's the > most common way that tools like find or rsync use to determine they've > wandered into a "different" volume. This exists specifically because of > usescases like Zygo's, where he's taking thousands of snapshots and manually > excluding them from find/rsync is just not reasonable. > > We have no good way to give the user information about what's going on, we > just have these old shitty interfaces. I asked our guys about filling up > /proc/self/mountinfo with our subvolumes and they had a heart attack because > we have around 2-4k subvolumes on machines, and with monitoring stuff in > place we regularly read /proc/self/mountinfo to determine what's mounted and > such. > > And then there's NFS which needs to know that it's walked into a new inode space. NFS somehow works surprisingly well without knowing that. I didn't know there was a problem with NFS, despite exporting thousands of btrfs subvols from a single export point for 7 years. Maybe I have some non-default setting in /etc/exports which works around the problems, or maybe I got lucky, and all my use cases are weirdly specific and evade all the bugs by accident? > This is all super shitty, and mostly exists because we don't have a good way > to expose to the user wtf is going on. > > Personally I would be ok with simply disallowing NFS to wander into > subvolumes from an exported fs. If you want to export subvolumes then > export them individually, otherwise if you walk into a subvolume from NFS > you simply get an empty directory. As a present exporter of thousands of btrfs subvols over NFS from single export points, I'm not a fan of this idea. > This doesn't solve the mountinfo problem where a user may want to figure out > which subvol they're in, but this is where I think we could address the > issue with better interfaces. Or perhaps Neil's idea to have a common major > number with a different minor number for every subvol. It's not hard to figure out what subvol you're in. There's an ioctl which tells the subvol ID, and another that tells the name. The problem is that it's btrfs-specific, and no existing software knows how and when to use it (and also it's privileged, but that's easy to fix compared to the other issues). > Either way this isn't as simple as shoehorning it into automount and being > done with it, we need to take a step back and think about how should this > actually look, taking into account we've got 12 years of having Btrfs > deployed with existing usecases that expect a certain behavior. Thanks, I think if we got into a time machine, went back 12 years, changed the btrfs behavior, and then returned to the present, in the alternate history, we would all be here today talking about how mountinfo doesn't scale up to what btrfs throws at it, and can btrfs opt out of it somehow. Maybe we could have a system call for mount point discovery? Right now, the kernel throws a trail of breadcrumbs into /proc/self/mountinfo, and users use userspace libraries to translate that text blob into actionable information. We could solve problems with scalability and visibility in mountinfo if we only had to provide the information in the context of a single inode (i.e. the inode's parent or child mount points accessible to the caller). So you'd have a call for "get paths for all the mount points below inode X" and another for "get paths for all mount points above inode X", and calls that tell you details about mount points (like what they're mounted on, which filesystem they are part of, what the mount flags are, etc). > Josef