Download ppt

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
page
78
page
79
page
80
page
81
page
82
page
83
page
84
page
85
page
86
page
87
page
88
page
89
page
90
page
91
page
92
page
93
page
94
page
95
page
96
page
97
page
98
page
99
page
100
page
101
page
102
page
103
page
104
page
105
page
106
page
107
page
108
page
109
page
110
page
111
Document related concepts

Piggybacking (Internet access) wikipedia , lookup

Lag wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Files-11 wikipedia , lookup

Transcript 
Outline for Today’s Lecture
Administrative:
– Midterm questions?
Objective:
– Beginning of I/O and File Systems
File System Issues
• What is the role of files?
What is the file abstraction?
• File naming. How to find the file we want?
Sharing files. Controlling access to files.
• Performance issues - how to deal with the
bottleneck of disks?
What is the “right” way to optimize file
access?
Role of Files
• Persistence - long-lived - data for
posterity
 non-volatile storage media
 semantically meaningful (memorable)
names
What are the challenges
in delivering this functionality?
Abstractions
User
view
Addressbook, record for Duke CPS
Application
addrfile ->fid, byte range*
fid
bytes
block#
File System
device, block #
Disk Subsystem
surface, cylinder, sector
*File Abstractions
• UNIX-like files
– Sequence of bytes
– Operations: open (create), close, read, write,
seek
• Memory mapped files
– Sequence of bytes
– Mapped into address space
– Page fault mechanism does data transfer
• Named, Possibly typed
Unix File Syscalls
int fd, num, success, bufsize;
char data[bufsize]; long offset, pos;
User grp others
rwx rwx rwx
111 100 000
fd = open (filename, mode [,permissions]);
O_RDONLY
success = close (fd);
O_WRONLY
pos = lseek (fd, offset, mode);
O_RDWR
O_CREAT
num = read (fd, data, bufsize);
O_APPEND
...
num = write (fd, data, bufsize);
Relative to
beginning, current
position, end of file
UNIX File System Calls
Open files are named to
by an integer file
descriptor.
char buf[BUFSIZE];
int fd;
if ((fd = open(“../zot”, O_TRUNC | O_RDWR) == -1) {
perror(“open failed”);
exit(1);
}
while(read(0, buf, BUFSIZE)) {
if (write(fd, buf, BUFSIZE) != BUFSIZE) {
perror(“write failed”);
exit(1);
}
}
Standard descriptors (0, 1, 2)
for input, output, error
messages (stdin, stdout,
stderr).
Pathnames may be
relative to process
current directory.
Process passes status back to
parent on exit, to report
success/failure.
Process does not specify
current file offset: the
system remembers it.
Memory Mapped Files
fd = open (somefile, consistent_mode);
pa = mmap(addr, len, prot, flags, fd,
offset);
R, W, X,
none
fd + offset
pa
len
len
VAS
Shared,
Private,
Fixed,
Noreserve
Reading performed by Load instr.
Functions of Device Subsystem
In general, deal with device characteristics
• Translate block numbers (the abstraction of
device shown to file system) to physical disk
addresses.
Device specific (subject to change with upgrades
in technology) intelligent placement of blocks.
• Schedule (reorder?) disk operations
Disk Devices
What to do about Disks?
• Disk scheduling
– Idea is to reorder outstanding requests to
minimize seeks.
• Layout on disk
– Placement to minimize disk overhead
• Build a better disk (or substitute)
– Example: RAID
Avoiding the Disk -- Caching
File Buffer Cache
Proc
• Avoid the disk for as
many file operations as
possible.
• Cache acts as a filter
for the requests seen
by the disk - reads
served best.
• Delayed writeback will
avoid going to disk at all
for temp files.
Memory
File
cache
Handling Updates in the File
Cache
1. Blocks may be modified in memory once they
have been brought into the cache.
Modified blocks are dirty and must (eventually) be written
back.
2. Once a block is modified in memory, the write
back to disk may not be immediate
(synchronous).
Delayed writes absorb many small updates with one disk
write.
How long should the system hold dirty data in memory?
Asynchronous writes allow overlapping of computation and
disk update activity (write-behind).
Do the write call for block n+1 while transfer of block n is in
Linux Page Cache
• Page Cache is the disk cache for all pagebased I/O – subsumes file buffer cache.
– All page I/O flows through page cache
• pdflush daemons – writeback to disk any dirty
pages/buffers.
– When free memory falls below threshold, wakeup
daemon to reclaim free memory
• Specified number written back
• Free memory above threshold
– Periodically, to prevent old data not getting written
back, wakeup on timer expiration
• Writes all pages older than specified limit.
Disk Scheduling – Seek Opt.
Rotational Media
Track
Sector
Arm
Cylinder
Head
Platter
Access time = seek time + rotational delay + transfer time
seek time = 5-15 milliseconds to move the disk arm and settle on a cylinder
rotational delay = 8 milliseconds for full rotation at 7200 RPM: average delay = 4 ms
transfer time = 1 millisecond for an 8KB block at 8 MB/s
Disk Scheduling
• Assuming there are sufficient
outstanding requests in request queue
• Focus is on seek time - minimizing
physical movement of head.
• Simple model of seek performance
Seek Time = startup time (e.g. 3.0 ms) +
N (number of cylinders ) *
per-cylinder move (e.g. .04 ms/cyl)
“Textbook” Policies
• Generally use FCFS as
baseline for comparison
1, 3, 2, 4, 3, 5, 0
• Shortest Seek First (SSTF) FCFS
closest
SSTF
– danger of starvation
• Elevator (SCAN) - sweep in one
direction, turn around when no
requests beyond
– handle case of constant
arrivals at same position
• C-SCAN - sweep in only one
SCAN
direction, return to 0
CSCAN
– less variation in response
Sector Scheduling
Linux Disk Schedulers
• Linus Elevator
– Merging and sorting: when new request comes in
•
•
•
•
Merge with any enqueued request for adjacent sector
If any request is too old, put new request at end of queue
Sort by sector location in queue (between existing requests)
Otherwise at end
• Deadline – each request placed on 2 of 3
queues
– sector-wise – as above
– read FIFO and write FIFO – whenever expiration time
exceeded, service from here
• Anticipatory
– Hang around waiting for subsequent request just a bit
Disk Layout
Layout on Disk
• Can address both seek and rotational latency
• Cluster related things together
(e.g. an inode and its data, inodes in same
directory (ls command), data blocks of multiblock file, files in same directory)
• Sub-block allocation to reduce fragmentation
for small files
• Log-Structure File Systems
The Problem of Disk Layout
• The level of indirection in the file block maps
allows flexibility in file layout.
• “File system design is 99% block allocation.” [McVoy]
• Competing goals for block allocation:
– allocation cost
– bandwidth for high-volume transfers
– efficient directory operations
• Goal: reduce disk arm movement and seek
overhead.
• metric of merit: bandwidth utilization
UNIX Inodes
Data Block Addr
File
Attributes
3
...
3
3
...
3
1
2
Decoupling meta-data
from directory entries
2
1
2
1
2
FFS Cylinder Groups
• FFS defines cylinder groups as the unit of disk locality,
and it factors locality into allocation choices.
– typical: thousands of cylinders, dozens of groups
– Strategy: place “related” data blocks in the same cylinder group
whenever possible.
• seek latency is proportional to seek distance
– Smear large files across groups:
• Place a run of contiguous blocks in each group.
– Reserve inode blocks in each cylinder group.
• This allows inodes to be allocated close to their directory entries
and close to their data blocks (for small files).
FFS Allocation Policies
1. Allocate file inodes close to their containing
directories.
For mkdir, select a cylinder group with a more-than-average
number of free inodes.
For creat, place inode in the same group as the parent.
2. Concentrate related file data blocks in cylinder
groups.
Most files are read and written sequentially.
Place initial blocks of a file in the same group as its inode.
How should we handle directory blocks?
Place adjacent logical blocks in the same cylinder group.
Logical block n+1 goes in the same group as block n.
Switch to a different group for each indirect block.
Allocating a Block
1. Try to allocate the rotationally optimal
physical block after the previous logical block
in the file.
Skip rotdelay physical blocks between each logical block.
(rotdelay is 0 on track-caching disk controllers.)
2. If not available, find another block a nearby
rotational position in the same cylinder group
We’ll need a short seek, but we won’t wait for the rotation.
If not available, pick any other block in the cylinder group.
3. If the cylinder group is full, or we’re crossing
to a new indirect block, go find a new cylinder
group.
Pick a block at the beginning of a run of free blocks.
Clustering in FFS
• Clustering improves bandwidth utilization for large
files read and written sequentially.
• Allocate clumps/clusters/runs of blocks contiguously; read/write
the entire clump in one operation with at most one seek.
– Typical cluster sizes: 32KB to 128KB.
• FFS can allocate contiguous runs of blocks “most of
the time” on disks with sufficient free space.
– This (usually) occurs as a side effect of setting rotdelay = 0.
• Newer versions may relocate to clusters of contiguous storage
if the initial allocation did not succeed in placing them well.
– Must modify buffer cache to group buffers together and
read/write in contiguous clusters.
Effect of Clustering
Access time = seek time + rotational delay + transfer time
average seek time = 2 ms for an intra-cylinder group seek, let’s say
rotational delay = 8 milliseconds for full rotation at 7200 RPM: average
delay = 4 ms
transfer time = 1 millisecond for an 8KB block at 8 MB/s
8 KB blocks deliver about 15% of disk bandwidth.
64KB blocks/clusters deliver about 50% of disk bandwidth.
128KB blocks/clusters deliver about 70% of disk bandwidth.
Actual performance will likely be better with good
disk layout, since most seek/rotate delays to read the
next block/cluster will be “better than average”.
Disk Alternatives
Build a Better Disk?
• “Better” has typically meant density to disk
manufacturers - bigger disks are better.
• I/O Bottleneck - a speed disparity caused by
processors getting faster more quickly
• One idea is to use parallelism of multiple
disks
– Striping data across disks
– Reliability issues - introduce redundancy
RAID
Redundant Array of Inexpensive Disks
Striped Data
(RAID Levels 2 and 3)
Parity
Disk
MEMS-based Storage
Griffin, Schlosser, Ganger, Nagle
• Paper in OSDI 2000 on OS
Management
• Comparing MEMS-based storage with
disks
– Request scheduling
– Data layout
– Fault tolerance
– Power management
• Settling time after X seek
• Spring factor - non-uniform
over sled positions
• Turnaround time
Data on Media Sled
Disk Analogy
• 16 tips
• MxN = 3 x 280
• Cylinder – same x
offset
• 4 tracks of 1080 bits,
4 tips
• Each track – 12
sectors of 80 bits (8
encoded bytes)
• Logical blocks
striped across 2
sectors
Logical Blocks and LBN
• Sectors are
smaller than disk
• Multiple sectors
can be accessed
concurrently
• Bidirectional
access
Comparison
MEMS
• Positioning – X and Y
seek (0.2-0.8 ms)
• Settling time 0.2ms
• Seeks near edges take
longer due to springs,
turnarounds depend on
direction – it isn’t just
distance to be moved.
• More parts to break
• Access parallelism
Disk
• Seek (1-15 ms) and
rotational delay
• Settling time 0.5ms
• Seek times are
relatively constant
functions of distance
• Constant velocity
rotation occurring
regardless of accesses
File System
Functions of File System
• (Directory subsystem) Map filenames to fileidsopen (create) syscall. Create kernel data
structures.
Maintain naming structure (unlink, mkdir, rmdir)
• Determine layout of files and metadata on disk in
terms of blocks. Disk block allocation. Bad
blocks.
• Handle read and write system calls
• Initiate I/O operations for movement of blocks
to/from disk.
• Maintain buffer cache
File System Data Structures
System-wide
Open file table
System-wide
File descriptor table
Process
descriptor
r-w pos, mode
in-memory
copy of inode
ptr to on-disk
inode
per-process
file ptr array
r-w pos, mode
stdin
stdout
stderr
pos
pos
File data
UNIX Inodes
Data Block Addr
File
Attributes
3
...
3
3
...
3
1
2
Decoupling meta-data
from directory entries
2
1
2
1
2
File Sharing Between Parent/Child
main(int argc, char *argv[]) {
char c;
int fdrd, fdwt, fdpriv;
if ((fdrd = open(argv[1], O_RDONLY)) == -1)
exit(1);
if ((fdwt = creat([argv[2], 0666)) == -1)
exit(1);
fork();
if ((fdpriv = open([argv[3], O_RDONLY)) == -1)
exit(1);
while (TRUE) {
if (read(fdrd, &c, 1) != 1)
exit(0);
write(fdwt, &c, 1);
}
}
File System Data Structures
System-wide
Open file table
System-wide
File descriptor table
Process
descriptor
r-w pos, mode
per-process
file ptr array
r-w pos, mode
stdin
stdout
stderr
openafterfork
forked process’s
Process descriptor
in-memory
copy of inode
ptr to on-disk
inode
Sharing Open File Instances
parent
user ID
process ID
process group ID
parent PID
signal state
siblings
children
child
user ID
process ID
process group ID
parent PID
signal state
siblings
children
process
objects
shared seek
offset in shared
file table entry
shared file
(inode or vnode)
process file
descriptors
system open
file table
Goals of File Naming
• Foremost function - to find files
(e.g., in open() ),
Map file name to file object.
• To store meta-data about files.
• To allow users to choose their own file names
without undue name conflict problems.
• To allow sharing.
• Convenience: short names, groupings.
• To avoid implementation complications
Pathname Resolution
cps110
Directory node
current inode#
File
Attributes
“cps110/current/Proj/proj3”
current
Directory node File
Attributes
Proj
File
Attributes
inode#
File
Attributes
proj3
data file
Proj
Directory node
proj3 inode#
index node of wd
Linux dcache
Hash
table
cps210
dentry
Inode
object
spr04
dentry
Inode
object
Proj
dentry
Inode
object
proj1
dentry
Inode
object
Naming Structures
• Flat name space - 1 system-wide table,
– Unique naming with multiple users is hard.
Name conflicts.
– Easy sharing, need for protection
• Per-user name space
– Protection by isolation, no sharing
– Easy to avoid name conflicts
– Register identifies with directory to use to
resolve names, possibility of user-settable
(cd)
Naming Structures
Naming network
• Component names - pathnames
– Absolute pathnames - from a designated root
– Relative pathnames - from a working directory
– Each name carries how to resolve it.
• Short names to files anywhere in the network
produce cycles, but convenience in naming
things.
Full Naming Network*
A
Terry
•
•
•
•
root
Lynn
Jamie
B
d
D
E
/Jamie/lynn/project/D
/Jamie/d
/Jamie/lynn/jam/proj1/C
(relative from Terry)
A
• (relative from Jamie)
d
C
project
* not Unix
Full Naming Network*
A
Terry
•
•
•
•
root
Lynn
Jamie
B
d
D
E
/Jamie/lynn/project/D
/Jamie/d
/Jamie/lynn/jam/proj1/C
(relative from Terry)
A
• (relative from Jamie)
d
C
project
Why?
* Unix
Meta-Data
• File size
• File type
• Protection - access
control information
• History:
creation time,
last modification,
last access.
• Location of file which device
• Location of
individual blocks of
the file on disk.
• Owner of file
• Group(s) of users
associated with file
Restricting to a Hierarchy
• Problems with full naming network
– What does it mean to “delete” a file?
– Meta-data interpretation
Operations on Directories
(UNIX)
• link (oldpathname, newpathname) make entry pointing to file
• unlink (filename) remove entry pointing to file
• mknod (dirname, type, device) - used
(e.g. by mkdir utility function) to create a
directory (or named pipe, or special file)
• getdents(fd, buf, structsize) - reads dir entries
Reclaiming Storage
A
Jo
X
X
Terry
root
Series of
unlinks
XJamie
B
d
D
C
project
E
What should
be dealloc?
Reclaiming Storage
A
Jo
X
X
Terry
root
Series of
unlinks
XJamie
B
d
D
C
project
E
Reference Counting?
A
Jo
31
X
X
Terry
2
root
Series of
unlinks
XJamie
12
B
C
d
2
project
D
E
Garbage Collection
*
A
Jo
X
X
Terry
*
root
Phase 1 marking
Phase 2 collect
*
Series of
unlinks
XJamie
B
d
D
C
project
E
Restricting to a Hierarchy
• Problems with full naming network
– What does it mean to “delete” a file?
– Meta-data interpretation
• Eliminating cycles
– allows use of reference counts for
reclaiming file space
– avoids garbage collection
Given: Naming Hierarchy
(because of implementation issues)
/
bin
ls
etc
tmp
sh
project
usr
vmunix
users
packages
mount point
(volume root)
tex
emacs
leaf
A Typical Unix File Tree
Each volume is a set of directories and files; a host’s file tree
is the set of directories and files visible to processes on
a given host.
/
File trees are built by grafting
volumes from different devices
or from network servers.
bin
In Unix, the graft operation is
the privileged mount system call,
and each volume is a filesystem.
ls
etc
sh
tmp
project
packages
mount point
coveredDir
mount (coveredDir, volume)
coveredDir: directory pathname
volume: device
volume root contents become visible at pathname
coveredDir
usr
vmunix
users
A Typical Unix File Tree
Each volume is a set of directories and files; a host’s file tree
is the set of directories and files visible to processes on
a given host.
/
File trees are built by grafting
volumes from different devices
or from network servers.
bin
In Unix, the graft operation is
the privileged mount system call,
and each volume is a filesystem.
ls
etc
tmp
sh
project
packages
mount point
(volume
coveredDir
root)
mount (coveredDir, volume)
tex
/usr/project/packages/coveredDir/emacs
emacs
usr
vmunix
users
Reclaiming Convenience
• Symbolic links - indirect files
filename maps, not to file object, but to
another pathname
– allows short aliases
– slightly different semantics
• Search path rules
Unix File Naming (Hard Links)
directory A
A Unix file may have multiple names.
Each directory entry naming the
file is called a hard link.
Each inode contains a reference count
showing how many hard links name it.
directory B
0
rain: 32
wind: 18
0
hail: 48
sleet: 48
inode link
count = 2
inode 48
link system call
link (existing name, new name)
create a new name for an existing file
increment inode link count
unlink system call (“remove”)
unlink(name)
destroy directory entry
decrement inode link count
if count = 0 and file is not in active use
free blocks (recursively) and on-disk inode
Unix Symbolic (Soft) Links
• Unix files may also be named by symbolic (soft) links.
– A soft link is a file containing a pathname of some other file.
directory A
directory B
0
rain: 32
wind: 18
0
hail: 48
sleet: 67
symlink system call
symlink (existing name, new name)
allocate a new file (inode) with type symlink
initialize file contents with existing name
create directory entry for new file with new name
inode link
count = 1
../A/hail/0
inode 48
inode 67
Convenience, but not performance!
The target of the link may be
removed at any time, leaving
a dangling reference.
How should the kernel
handle recursive soft links?
Soft vs. Hard Links
What’s the difference in behavior?
Soft vs. Hard Links
What’s the difference in behavior?
/
Lynn
Terry
Jamie
Soft vs. Hard Links
What’s the difference in behavior?
/
Lynn
Terry
Jamie
X
Soft vs. Hard Links
What’s the difference in behavior?
/
Lynn
Terry
Jamie
X
After Resolving Long Pathnames
OPEN(“/usr/faculty/carla/classes/cps110/spring02/lectures/lecture13.ppt”,…)
Finally Arrive at File
• What do users seem to want from the file
abstraction?
• What do these usage patterns mean for file
structure and implementation decisions?
–
–
–
–
What operations should be optimized 1st?
How should files be structured?
Is there temporal locality in file usage?
How long do files really live?
Know your Workload!
• File usage patterns should influence design
decisions. Do things differently depending:
– How large are most files? How long-lived?
Read vs. write activity. Shared often?
– Different levels “see” a different workload.
• Feedback loop
Usage patterns
observed today
File System
design and impl
Generalizations from UNIX Workloads
• Standard Disclaimers that you can’t
generalize…but anyway…
• Most files are small (fit into one disk block)
although most bytes are transferred from
longer files.
• Most opens are for read mode, most bytes
transferred are by read operations
• Accesses tend to be sequential and 100%
More on Access Patterns
• There is significant reuse (re-opens) - most
opens go to files repeatedly opened & quickly.
Directory nodes and executables also exhibit
good temporal locality.
– Looks good for caching!
• Use of temp files is significant part of file
system activity in UNIX - very limited reuse,
short lifetimes (less than a minute).
File Structure Implementation:
Mapping File -> Block
• Contiguous
– 1 block pointer, causes fragmentation, growth is a
problem.
• Linked
– each block points to next block, directory points to
first, OK for sequential access
• Indexed
– index structure required, better for random access
into file.
UNIX Inodes
Data Block Addr
File
Attributes
3
...
3
3
...
3
1
2
Decoupling meta-data
from directory entries
2
1
2
1
2
File Allocation Table (FAT)
eof
Lecture.ppt
Pic.jpg
Notes.txt
eof
eof
Meta-Data
• File size
• File type
• Protection - access
control information
• History:
creation time,
last modification,
last access.
• Location of file which device
• Location of
individual blocks of
the file on disk.
• Owner of file
• Group(s) of users
associated with file
File Access Control
Access Control for Files
• Access control lists - detailed list
attached to file of users allowed
(denied) access, including kind of
access allowed/denied.
• UNIX RWX - owner, group, everyone
UNIX access control
• Each file carries its access control with it.
rwx rwx rwx setuid
Owner
UID
Group
GID
Everybody else
• Owner has chmod, chgrp rights
(granting, revoking)
When bit set, it
allows process
executing object
to assume UID of
owner temporarily enter owner domain
(rights amplification)
The Access Model
• Authorization problems can be represented
abstractly by of an access model.
– each row represents a subject/principal/domain
– each column represents an object
– each cell: accesses permitted for the {subject,
object} pair
• read, write, delete, execute, search, control, or any other
method
• In real systems, the access matrix is sparse
and dynamic.
• need a flexible, efficient representation
Two Representations
• ACL - Access Control Lists
– Columns of previous matrix
– Permissions attached to Objects
– ACL for file hotgossip: Terry, rw; Lynn, rw
• Capabilities
–
–
–
–
Rows of previous matrix
Permissions associated with Subject
Tickets, Namespace (what it is that one can name)
Capabilities held by Lynn: luvltr, rw; hotgossip,rw
87
Access Control Lists
• Approach: represent the access matrix by
storing its columns with the objects.
• Tag each object with an access control list (ACL) of
authorized subjects/principals.
• To authorize an access requested by S for O
– search O’s ACL for an entry matching S
– compare requested access with permitted access
– access checks are often made only at bind time
Capabilities
• Approach: represent the access matrix by
storing its rows with the subjects.
• Tag each subject with a list of capabilities for the objects
it is permitted to access.
– A capability is an unforgeable object reference,
like a pointer.
– It endows the holder with permission to operate on
the object
• e.g., permission to invoke specific methods
– Typically, capabilities may be passed from one
subject to another.
• Rights propagation and confinement problems
Dynamics of Protection
Schemes
• How to endow software modules with
appropriate privilege?
– What mechanism exists to bind principals with
subjects?
• e.g., setuid syscall, setuid bit
– What principals should a software module bind to?
• privilege of creator: but may not be sufficient to perform
the service
• privilege of owner or system: dangerous
Dynamics of Protection
Schemes
• How to revoke privileges?
• What about adding new subjects or new
objects?
• How to dynamically change the set of objects
accessible (or vulnerable) to different
processes run by the same user?
– Need-to-know principle / Principle of minimal
privilege
– How do subjects change identity to execute a
more privileged module?
• protection domain, protection domain switch (enter)
91
Domain0
luvltr
proj1
solutions
gradefile
• Processes execute in a
protection domain, initially
inherited from subject
• Goal: to be able to
change protection
TA rw rwo rxc r
domains
grp
r rwx
• Introduce a level of
indirection
Terry
• Domains become
protected objects with
rw
Lynn
operations defined on
them: owner, copy,
r
Domain0
control
hotgossip
Protection Domains
ctl
enter
rw
rw
92
Domain0
hotgossip
luvltr
proj1
solutions
gradefile
• If domain contains copy
on right to some object,
then it can transfer that
right to the object to
another domain.
• If domain is owner of
some object, it can
grant that right to the
TA rw rwo rc r
object, with or without
copy to another domain
grp
r rwo
• If domain is owner or
rc
Terry
has ctl right to a
domain, it can remove
rw
Lynn
right to object from that
domain
r
r
Domain0
• Rights propagation.
ctl
rw
rw enter
93
Distributed File Systems
• Naming
client
– Location
transparency/
independence
server
network
• Caching
– Consistency
client
• Replication
– Availability and
updates
client
server
Naming
Her local
directory tree
usr
• \\His\d\pictures\castle.jpg
m_pt
– Not location transparent - both
machine and drive embedded
in name.
• NFS mounting
for_export
B His local
A
– Remote directory mounted
over local directory in local
naming hierarching.
– /usr/m_pt/A
– No global view
dir tree
Her local
tree after
mount
usr
m_pt
A
B
A
His after
mount
B
on B
usr
m_pt
Global Name Space
Example: Andrew File System
/
afs
tmp
bin
lib
local files
shared files looks identical to
all clients
VFS: the Filesystem Switch
Sun Microsystems introduced the virtual file system
framework in 1985 to accommodate the Network File
System cleanly.
• VFS allows diverse specific file systems to coexist in a file tree,
isolating all FS-dependencies in pluggable filesystem modules.
user space
syscall layer (file, uio, etc.)
network
protocol
stack
(TCP/IP)
Virtual File System (VFS)
NFS FFS LFS *FS etc. etc.
device drivers
Other abstract interfaces in the kernel: device drivers,
file objects, executable files, memory objects.
VFS was an internal kernel restructuring
with no effect on the syscall interface.
Incorporates object-oriented concepts:
a generic procedural interface with
multiple implementations.
Vnodes
In the VFS framework, every file or directory in active
use is represented by a vnode object in kernel
memory.
free vnodes
syscall layer
Each vnode has a standard
file attributes struct.
Generic vnode points at
filesystem-specific struct
(e.g., inode, rnode), seen
only by the filesystem.
Active vnodes are referencecounted by the structures that
hold pointers to them, e.g.,
the system open file table.
Each specific file
system maintains a
hash of its resident
vnodes.
NFS
UFS
Vnode operations are
macros that vector to
filesystem-specific
procedures.
Example:Network File System
(NFS)
server
client
syscall layer
user programs
VFS
syscall layer
NFS
server
VFS
UFS
UFS
NFS
client
network
Vnode Operations and
Attributes
vnode/file attributes (vattr or fattr)
type (VREG, VDIR, VLNK, etc.)
mode (9+ bits of permissions)
nlink (hard link count)
owner user ID
owner group ID
filesystem ID
unique file ID
file size (bytes and blocks)
access time
modify time
generation number
generic operations
vop_getattr (vattr)
vop_setattr (vattr)
vhold()
vholdrele()
directories only
vop_lookup (OUT vpp, name)
vop_create (OUT vpp, name, vattr)
vop_remove (vp, name)
vop_link (vp, name)
vop_rename (vp, name, tdvp, tvp, name)
vop_mkdir (OUT vpp, name, vattr)
vop_rmdir (vp, name)
vop_readdir (uio, cookie)
vop_symlink (OUT vpp, name, vattr, contents)
vop_readlink (uio)
files only
vop_getpages (page**, count, offset)
vop_putpages (page**, count, sync, offset)
vop_fsync ()
Pathname Traversal
• When a pathname is passed as an argument to a
system call, the syscall layer must “convert it to a
vnode”.
• Pathname traversal is a sequence of vop_lookup calls
to descend the tree to the named file or directory.
open(“/tmp/zot”)
Issues:
vp = get vnode for / (rootdir)
1. crossing mount points
vp->vop_lookup(&cvp, “tmp”);
2. obtaining root vnode (or current dir)
vp = cvp;
3. finding resident vnodes in memory
vp->vop_lookup(&cvp, “zot”);
4. caching name->vnode translations
5. symbolic (soft) links
6. disk implementation of directories
7. locking/referencing to handle races
with name create and delete operations
Hints
• A valuable distributed systems design technique that
can be illustrated in naming.
• Definition: information that is not guaranteed to be
correct. If it is, it can improve performance. If not, things
will still work OK. Must be able to validate information.
• Example: Sprite prefix tables
Prefix Tables
/
/A/m_pt1 -> blue
A
m_pt1
/A/m_pt1/usr/B -> pink
usr
/A/m_pt1/usr/m_pt2 -> pink
B
m_pt2
/A/m_pt1/usr/m_pt2/stuff.below
Distributed File Systems
• Naming
client
– Location
transparency/
independence
server
network
• Caching
– Consistency
client
• Replication
– Availability and
updates
client
server
Caching was “The Answer”
Proc
• Avoid the disk for as
many file operations as
possible.
• Cache acts as a filter
for the requests seen
by the disk - reads
served best.
• Delayed writeback will
avoid going to disk at all
for temp files.
Memory
File
cache
Caching in Distributed F.S.
• Location of cache on
client - disk or memory
• Update policy
client
server
– write through
– delayed writeback
– write-on-close
• Consistency
– Client does validity check,
contacting server
– Server call-backs
network
client
client
server
File Cache Consistency
Caching is a key technique in distributed
systems.
The cache consistency problem: cached data may become
stale if cached data is updated elsewhere in the network.
Solutions:
Timestamp invalidation (NFS).
Timestamp each cache entry, and periodically query the
server: “has this file changed since time t?”; invalidate
cache if stale.
Callback invalidation (AFS).
Request notification (callback) from the server if the file
changes; invalidate cache on callback.
Leases (NQ-NFS) [Gray&Cheriton89]
Sun NFS Cache Consistency
• Server is stateless
• Requests are selfclient ti open
contained.
ti== tj ?
• Blocks are transferred
and cached in memory.
write/
• Timestamp of last known
network
mod kept with cached
close
file, compared with “true”
client
timestamp at server on
Open.
(Good for an interval)
client
• Updates delayed but
flushed before Close
ends.
tj
server
server
108
Cache Consistency for the Web
• Time-to-Live (TTL)
fields - HTTP “expires” client
header
lan
• Client polling -HTTP
“if-modified-since”
request headers
proxy
– polling frequency?
cache
possibly adaptive (e.g.
based on age of object
and assumed stability)
client
network
Web
server
109
AFS Cache Consistency
• Server keeps state of all
clients holding copies
c0
(copy set)
• Callbacks when cached
data are about to become
stale
close
• Large units (whole files or
64K portions)
c1
• Updates propagated upon
close
• Cache on local disk &
memory
{c0, c1}
callback
server
network
c2
server
• If client crashes, revalidation on recovery (lost callback possibility)
110
NQ-NFS Leases
In NQ-NFS, a client obtains a lease on the file that permits the
client’s desired read/write activity.
“A lease is a ticket permitting an activity; the lease is valid
until some expiration time.”
– A read-caching lease allows the client to cache clean data.
Guarantee: no other client is modifying the file.
– A write-caching lease allows the client to buffer modified
data for the file.
Guarantee: no other client has the file cached.
Leases may be revoked by the server if another client requests a
conflicting operation (server sends eviction notice).
Since leases expire, losing “state” of leases at server is OK.
NFS Protocol
NFS is a network protocol layered above
TCP/IP.
– Original implementations (and most today) use
UDP datagram transport for low overhead.
• Maximum IP datagram size was increased to match FS
block size, to allow send/receive of entire file blocks.
• Some newer implementations use TCP as a transport.
NFS protocol is a set of message formats and
types.
• Client issues a request message for a service operation.
• Server performs requested operation and returns a reply
message with status and (perhaps) requested data.
File Handles
Question: how does the client tell the server which
file or directory the operation applies to?
– Similarly, how does the server return the result of a lookup?
• More generally, how to pass a pointer or an object
reference as an argument/result of an RPC call?
In NFS, the reference is a file handle or fhandle, a
32-byte token/ticket whose value is determined by
the server.
– Includes all information needed to identify the
file/object on the server, and get a pointer to it
quickly.
volume ID
inode #
generation #
NFS: From Concept to
Implementation
Now that we understand the basics, how do we
make it work in a real system?
– How do we make it fast?
• Answer: caching, read-ahead, and write-behind.
– How do we make it reliable? What if a message is
dropped? What if the server crashes?
• Answer: client retransmits request until it receives a
response.
– How do we preserve file system semantics in the
presence of failures and/or sharing by multiple
clients?
• Answer: well, we don’t, at least not completely.
– What about security and access control?
Related documents
System Design Exercises part 2
System Design Exercises part 2
Part IV: Longer Answer: Use your knowledge of operating systems to
Part IV: Longer Answer: Use your knowledge of operating systems to
Chapter 2
Chapter 2
BAB 2 BASIC OPERATING SYSTEM CONCEPT
BAB 2 BASIC OPERATING SYSTEM CONCEPT
Document
Document
File concept
File concept
operating system
operating system
Q: Secondary storage – extension of main memory that provides
Q: Secondary storage – extension of main memory that provides
FILE SYSTEMS INTERFACE
FILE SYSTEMS INTERFACE
Notes - CSE Labs User Home Pages
Notes - CSE Labs User Home Pages
MS Word file
MS Word file