On Wed, Dec 29, 2021 at 6:39 AM 김혜인 <hyein.kim@xxxxxxxxxx> wrote:
>
>
> Hello.
>
> I'd like to ask you about 'fanotify', a 'monitoring file system events'.
>
> I am using the 'fanotify_init' option below, and I used "fanotify" in Ubuntu OS, where many file events occur.
>
Which kernel version?
> But the 'sy' value of the top command is almost 100 and OS Hang has occurred.
>
That is probably due to inefficient event merging.
If you are going to use FAN_UNLIMITED_QUEUE and have a workload with
large event bursts
you are going to need kernel >= v5.13 with commit
94e00d28a680 ("fsnotify: use hash table for faster events merge")
Or at least one of the stable kernels (e.g. >= v5.10.67) with backported commit
"fanotify: limit number of event merge attempts"
> So, I deleted the 'FAN_UNLIMITED_QUEUE' option and monitored it again, and the OS was operating normally.
>
> fanotify_init(FAN_CLASS_CONTENT | FAN_CLOEXEC | FAN_NONBLOCK | FAN_UNLIMITED_MARKS | FAN_UNLIMITED_QUEUE, O_CLOEXEC | O_RDONLY | O_LARGEFILE)
>
Just to be sure, are you using permission events?
Otherwise, why are you using the class FAN_CLASS_CONTENT?
Is it for priority?
Please specify the fanotify_mark() arguments you used for the filesystem mark.
>
> Exception processing was performed using the option below in 'fanotify_mark' to exclude monitoring targets,
> and even if the directory was exceptionally processed, all events in those sub-files were delivered.
>
> fanotify_mark(fd, FAN_MARK_ADD | FAN_MARK_IGNORED_MASK | FAN_MARK_IGNORED_SURV_MODIFY, FAN_CLOSE_WRITE | FAN_OPEN, AT_FDCWD, path)
>
>
> I would like to ask you if there is a way to ignore all sub-events when the designated directory is 'ignore mark'.
>
If you want the ignored mask to apply to events on children of the
directory you should add
FAN_EVENT_ON_CHILD to the mask.
And make sure that you are running with kernel >= v5.8 with commit 2f02fd3fa13e
("fanotify: fix ignore mask logic for events on child and on dir")
There may have been some other fix commits after this one.
Thanks,
Amir.
