1 .. SPDX-License-Identifier: GPL-2.0 1 .. SPDX-License-Identifier: GPL-2.0
2 2
3 =================================== 3 ===================================
4 Cache on Already Mounted Filesystem 4 Cache on Already Mounted Filesystem
5 =================================== 5 ===================================
6 6
7 .. Contents: 7 .. Contents:
8 8
9 (*) Overview. 9 (*) Overview.
10 10
11 (*) Requirements. 11 (*) Requirements.
12 12
13 (*) Configuration. 13 (*) Configuration.
14 14
15 (*) Starting the cache. 15 (*) Starting the cache.
16 16
17 (*) Things to avoid. 17 (*) Things to avoid.
18 18
19 (*) Cache culling. 19 (*) Cache culling.
20 20
21 (*) Cache structure. 21 (*) Cache structure.
22 22
23 (*) Security model and SELinux. 23 (*) Security model and SELinux.
24 24
25 (*) A note on security. 25 (*) A note on security.
26 26
27 (*) Statistical information. 27 (*) Statistical information.
28 28
29 (*) Debugging. 29 (*) Debugging.
30 30
31 (*) On-demand Read. 31 (*) On-demand Read.
32 32
33 33
34 Overview 34 Overview
35 ======== 35 ========
36 36
37 CacheFiles is a caching backend that's meant t 37 CacheFiles is a caching backend that's meant to use as a cache a directory on
38 an already mounted filesystem of a local type 38 an already mounted filesystem of a local type (such as Ext3).
39 39
40 CacheFiles uses a userspace daemon to do some 40 CacheFiles uses a userspace daemon to do some of the cache management - such as
41 reaping stale nodes and culling. This is call 41 reaping stale nodes and culling. This is called cachefilesd and lives in
42 /sbin. 42 /sbin.
43 43
44 The filesystem and data integrity of the cache 44 The filesystem and data integrity of the cache are only as good as those of the
45 filesystem providing the backing services. No 45 filesystem providing the backing services. Note that CacheFiles does not
46 attempt to journal anything since the journall 46 attempt to journal anything since the journalling interfaces of the various
47 filesystems are very specific in nature. 47 filesystems are very specific in nature.
48 48
49 CacheFiles creates a misc character device - " 49 CacheFiles creates a misc character device - "/dev/cachefiles" - that is used
50 to communication with the daemon. Only one th 50 to communication with the daemon. Only one thing may have this open at once,
51 and while it is open, a cache is at least part 51 and while it is open, a cache is at least partially in existence. The daemon
52 opens this and sends commands down it to contr 52 opens this and sends commands down it to control the cache.
53 53
54 CacheFiles is currently limited to a single ca 54 CacheFiles is currently limited to a single cache.
55 55
56 CacheFiles attempts to maintain at least a cer 56 CacheFiles attempts to maintain at least a certain percentage of free space on
57 the filesystem, shrinking the cache by culling 57 the filesystem, shrinking the cache by culling the objects it contains to make
58 space if necessary - see the "Cache Culling" s 58 space if necessary - see the "Cache Culling" section. This means it can be
59 placed on the same medium as a live set of dat 59 placed on the same medium as a live set of data, and will expand to make use of
60 spare space and automatically contract when th 60 spare space and automatically contract when the set of data requires more
61 space. 61 space.
62 62
63 63
64 64
65 Requirements 65 Requirements
66 ============ 66 ============
67 67
68 The use of CacheFiles and its daemon requires 68 The use of CacheFiles and its daemon requires the following features to be
69 available in the system and in the cache files 69 available in the system and in the cache filesystem:
70 70
71 - dnotify. 71 - dnotify.
72 72
73 - extended attributes (xattrs). 73 - extended attributes (xattrs).
74 74
75 - openat() and friends. 75 - openat() and friends.
76 76
77 - bmap() support on files in the files 77 - bmap() support on files in the filesystem (FIBMAP ioctl).
78 78
79 - The use of bmap() to detect a partia 79 - The use of bmap() to detect a partial page at the end of the file.
80 80
81 It is strongly recommended that the "dir_index 81 It is strongly recommended that the "dir_index" option is enabled on Ext3
82 filesystems being used as a cache. 82 filesystems being used as a cache.
83 83
84 84
85 Configuration 85 Configuration
86 ============= 86 =============
87 87
88 The cache is configured by a script in /etc/ca 88 The cache is configured by a script in /etc/cachefilesd.conf. These commands
89 set up cache ready for use. The following scr 89 set up cache ready for use. The following script commands are available:
90 90
91 brun <N>%, bcull <N>%, bstop <N>%, frun <N>%, 91 brun <N>%, bcull <N>%, bstop <N>%, frun <N>%, fcull <N>%, fstop <N>%
92 Configure the culling limits. Optiona 92 Configure the culling limits. Optional. See the section on culling
93 The defaults are 7% (run), 5% (cull) a 93 The defaults are 7% (run), 5% (cull) and 1% (stop) respectively.
94 94
95 The commands beginning with a 'b' are 95 The commands beginning with a 'b' are file space (block) limits, those
96 beginning with an 'f' are file count l 96 beginning with an 'f' are file count limits.
97 97
98 dir <path> 98 dir <path>
99 Specify the directory containing the r 99 Specify the directory containing the root of the cache. Mandatory.
100 100
101 tag <name> 101 tag <name>
102 Specify a tag to FS-Cache to use in di 102 Specify a tag to FS-Cache to use in distinguishing multiple caches.
103 Optional. The default is "CacheFiles" 103 Optional. The default is "CacheFiles".
104 104
105 debug <mask> 105 debug <mask>
106 Specify a numeric bitmask to control d 106 Specify a numeric bitmask to control debugging in the kernel module.
107 Optional. The default is zero (all of 107 Optional. The default is zero (all off). The following values can be
108 OR'd into the mask to collect various 108 OR'd into the mask to collect various information:
109 109
110 == ====================== 110 == =================================================
111 1 Turn on trace of funct 111 1 Turn on trace of function entry (_enter() macros)
112 2 Turn on trace of funct 112 2 Turn on trace of function exit (_leave() macros)
113 4 Turn on trace of inter 113 4 Turn on trace of internal debug points (_debug())
114 == ====================== 114 == =================================================
115 115
116 This mask can also be set through sysf 116 This mask can also be set through sysfs, eg::
117 117
118 echo 5 > /sys/module/cachefile 118 echo 5 > /sys/module/cachefiles/parameters/debug
119 119
120 120
121 Starting the Cache 121 Starting the Cache
122 ================== 122 ==================
123 123
124 The cache is started by running the daemon. T 124 The cache is started by running the daemon. The daemon opens the cache device,
125 configures the cache and tells it to begin cac 125 configures the cache and tells it to begin caching. At that point the cache
126 binds to fscache and the cache becomes live. 126 binds to fscache and the cache becomes live.
127 127
128 The daemon is run as follows:: 128 The daemon is run as follows::
129 129
130 /sbin/cachefilesd [-d]* [-s] [-n] [-f 130 /sbin/cachefilesd [-d]* [-s] [-n] [-f <configfile>]
131 131
132 The flags are: 132 The flags are:
133 133
134 ``-d`` 134 ``-d``
135 Increase the debugging level. This ca 135 Increase the debugging level. This can be specified multiple times and
136 is cumulative with itself. 136 is cumulative with itself.
137 137
138 ``-s`` 138 ``-s``
139 Send messages to stderr instead of sys 139 Send messages to stderr instead of syslog.
140 140
141 ``-n`` 141 ``-n``
142 Don't daemonise and go into background 142 Don't daemonise and go into background.
143 143
144 ``-f <configfile>`` 144 ``-f <configfile>``
145 Use an alternative configuration file 145 Use an alternative configuration file rather than the default one.
146 146
147 147
148 Things to Avoid 148 Things to Avoid
149 =============== 149 ===============
150 150
151 Do not mount other things within the cache as 151 Do not mount other things within the cache as this will cause problems. The
152 kernel module contains its own very cut-down p 152 kernel module contains its own very cut-down path walking facility that ignores
153 mountpoints, but the daemon can't avoid them. 153 mountpoints, but the daemon can't avoid them.
154 154
155 Do not create, rename or unlink files and dire 155 Do not create, rename or unlink files and directories in the cache while the
156 cache is active, as this may cause the state t 156 cache is active, as this may cause the state to become uncertain.
157 157
158 Renaming files in the cache might make objects 158 Renaming files in the cache might make objects appear to be other objects (the
159 filename is part of the lookup key). 159 filename is part of the lookup key).
160 160
161 Do not change or remove the extended attribute 161 Do not change or remove the extended attributes attached to cache files by the
162 cache as this will cause the cache state manag 162 cache as this will cause the cache state management to get confused.
163 163
164 Do not create files or directories in the cach 164 Do not create files or directories in the cache, lest the cache get confused or
165 serve incorrect data. 165 serve incorrect data.
166 166
167 Do not chmod files in the cache. The module c 167 Do not chmod files in the cache. The module creates things with minimal
168 permissions to prevent random users being able 168 permissions to prevent random users being able to access them directly.
169 169
170 170
171 Cache Culling 171 Cache Culling
172 ============= 172 =============
173 173
174 The cache may need culling occasionally to mak 174 The cache may need culling occasionally to make space. This involves
175 discarding objects from the cache that have be 175 discarding objects from the cache that have been used less recently than
176 anything else. Culling is based on the access 176 anything else. Culling is based on the access time of data objects. Empty
177 directories are culled if not in use. 177 directories are culled if not in use.
178 178
179 Cache culling is done on the basis of the perc 179 Cache culling is done on the basis of the percentage of blocks and the
180 percentage of files available in the underlyin 180 percentage of files available in the underlying filesystem. There are six
181 "limits": 181 "limits":
182 182
183 brun, frun 183 brun, frun
184 If the amount of free space and the numbe 184 If the amount of free space and the number of available files in the cache
185 rises above both these limits, then culli 185 rises above both these limits, then culling is turned off.
186 186
187 bcull, fcull 187 bcull, fcull
188 If the amount of available space or the n 188 If the amount of available space or the number of available files in the
189 cache falls below either of these limits, 189 cache falls below either of these limits, then culling is started.
190 190
191 bstop, fstop 191 bstop, fstop
192 If the amount of available space or the n 192 If the amount of available space or the number of available files in the
193 cache falls below either of these limits, 193 cache falls below either of these limits, then no further allocation of
194 disk space or files is permitted until cu 194 disk space or files is permitted until culling has raised things above
195 these limits again. 195 these limits again.
196 196
197 These must be configured thusly:: 197 These must be configured thusly::
198 198
199 0 <= bstop < bcull < brun < 100 199 0 <= bstop < bcull < brun < 100
200 0 <= fstop < fcull < frun < 100 200 0 <= fstop < fcull < frun < 100
201 201
202 Note that these are percentages of available s 202 Note that these are percentages of available space and available files, and do
203 _not_ appear as 100 minus the percentage displ 203 _not_ appear as 100 minus the percentage displayed by the "df" program.
204 204
205 The userspace daemon scans the cache to build 205 The userspace daemon scans the cache to build up a table of cullable objects.
206 These are then culled in least recently used o 206 These are then culled in least recently used order. A new scan of the cache is
207 started as soon as space is made in the table. 207 started as soon as space is made in the table. Objects will be skipped if
208 their atimes have changed or if the kernel mod 208 their atimes have changed or if the kernel module says it is still using them.
209 209
210 210
211 Cache Structure 211 Cache Structure
212 =============== 212 ===============
213 213
214 The CacheFiles module will create two director 214 The CacheFiles module will create two directories in the directory it was
215 given: 215 given:
216 216
217 * cache/ 217 * cache/
218 * graveyard/ 218 * graveyard/
219 219
220 The active cache objects all reside in the fir 220 The active cache objects all reside in the first directory. The CacheFiles
221 kernel module moves any retired or culled obje 221 kernel module moves any retired or culled objects that it can't simply unlink
222 to the graveyard from which the daemon will ac 222 to the graveyard from which the daemon will actually delete them.
223 223
224 The daemon uses dnotify to monitor the graveya 224 The daemon uses dnotify to monitor the graveyard directory, and will delete
225 anything that appears therein. 225 anything that appears therein.
226 226
227 227
228 The module represents index objects as directo 228 The module represents index objects as directories with the filename "I..." or
229 "J...". Note that the "cache/" directory is i 229 "J...". Note that the "cache/" directory is itself a special index.
230 230
231 Data objects are represented as files if they 231 Data objects are represented as files if they have no children, or directories
232 if they do. Their filenames all begin "D..." 232 if they do. Their filenames all begin "D..." or "E...". If represented as a
233 directory, data objects will have a file in th 233 directory, data objects will have a file in the directory called "data" that
234 actually holds the data. 234 actually holds the data.
235 235
236 Special objects are similar to data objects, e 236 Special objects are similar to data objects, except their filenames begin
237 "S..." or "T...". 237 "S..." or "T...".
238 238
239 239
240 If an object has children, then it will be rep 240 If an object has children, then it will be represented as a directory.
241 Immediately in the representative directory ar 241 Immediately in the representative directory are a collection of directories
242 named for hash values of the child object keys 242 named for hash values of the child object keys with an '@' prepended. Into
243 this directory, if possible, will be placed th 243 this directory, if possible, will be placed the representations of the child
244 objects:: 244 objects::
245 245
246 /INDEX /INDEX /INDEX 246 /INDEX /INDEX /INDEX /DATA FILES
247 /=========/==========/================ 247 /=========/==========/=================================/================
248 cache/@4a/I03nfs/@30/Ji000000000000000 248 cache/@4a/I03nfs/@30/Ji000000000000000--fHg8hi8400
249 cache/@4a/I03nfs/@30/Ji000000000000000 249 cache/@4a/I03nfs/@30/Ji000000000000000--fHg8hi8400/@75/Es0g000w...DB1ry
250 cache/@4a/I03nfs/@30/Ji000000000000000 250 cache/@4a/I03nfs/@30/Ji000000000000000--fHg8hi8400/@75/Es0g000w...N22ry
251 cache/@4a/I03nfs/@30/Ji000000000000000 251 cache/@4a/I03nfs/@30/Ji000000000000000--fHg8hi8400/@75/Es0g000w...FP1ry
252 252
253 253
254 If the key is so long that it exceeds NAME_MAX 254 If the key is so long that it exceeds NAME_MAX with the decorations added on to
255 it, then it will be cut into pieces, the first 255 it, then it will be cut into pieces, the first few of which will be used to
256 make a nest of directories, and the last one o 256 make a nest of directories, and the last one of which will be the objects
257 inside the last directory. The names of the i 257 inside the last directory. The names of the intermediate directories will have
258 '+' prepended:: 258 '+' prepended::
259 259
260 J1223/@23/+xy...z/+kl...m/Epqr 260 J1223/@23/+xy...z/+kl...m/Epqr
261 261
262 262
263 Note that keys are raw data, and not only may 263 Note that keys are raw data, and not only may they exceed NAME_MAX in size,
264 they may also contain things like '/' and NUL 264 they may also contain things like '/' and NUL characters, and so they may not
265 be suitable for turning directly into a filena 265 be suitable for turning directly into a filename.
266 266
267 To handle this, CacheFiles will use a suitably 267 To handle this, CacheFiles will use a suitably printable filename directly and
268 "base-64" encode ones that aren't directly sui 268 "base-64" encode ones that aren't directly suitable. The two versions of
269 object filenames indicate the encoding: 269 object filenames indicate the encoding:
270 270
271 =============== =============== ====== 271 =============== =============== ===============
272 OBJECT TYPE PRINTABLE ENCODE 272 OBJECT TYPE PRINTABLE ENCODED
273 =============== =============== ====== 273 =============== =============== ===============
274 Index "I..." "J..." 274 Index "I..." "J..."
275 Data "D..." "E..." 275 Data "D..." "E..."
276 Special "S..." "T..." 276 Special "S..." "T..."
277 =============== =============== ====== 277 =============== =============== ===============
278 278
279 Intermediate directories are always "@" or "+" 279 Intermediate directories are always "@" or "+" as appropriate.
280 280
281 281
282 Each object in the cache has an extended attri 282 Each object in the cache has an extended attribute label that holds the object
283 type ID (required to distinguish special objec 283 type ID (required to distinguish special objects) and the auxiliary data from
284 the netfs. The latter is used to detect stale 284 the netfs. The latter is used to detect stale objects in the cache and update
285 or retire them. 285 or retire them.
286 286
287 287
288 Note that CacheFiles will erase from the cache 288 Note that CacheFiles will erase from the cache any file it doesn't recognise or
289 any file of an incorrect type (such as a FIFO 289 any file of an incorrect type (such as a FIFO file or a device file).
290 290
291 291
292 Security Model and SELinux 292 Security Model and SELinux
293 ========================== 293 ==========================
294 294
295 CacheFiles is implemented to deal properly wit 295 CacheFiles is implemented to deal properly with the LSM security features of
296 the Linux kernel and the SELinux facility. 296 the Linux kernel and the SELinux facility.
297 297
298 One of the problems that CacheFiles faces is t 298 One of the problems that CacheFiles faces is that it is generally acting on
299 behalf of a process, and running in that proce 299 behalf of a process, and running in that process's context, and that includes a
300 security context that is not appropriate for a 300 security context that is not appropriate for accessing the cache - either
301 because the files in the cache are inaccessibl 301 because the files in the cache are inaccessible to that process, or because if
302 the process creates a file in the cache, that 302 the process creates a file in the cache, that file may be inaccessible to other
303 processes. 303 processes.
304 304
305 The way CacheFiles works is to temporarily cha 305 The way CacheFiles works is to temporarily change the security context (fsuid,
306 fsgid and actor security label) that the proce 306 fsgid and actor security label) that the process acts as - without changing the
307 security context of the process when it the ta 307 security context of the process when it the target of an operation performed by
308 some other process (so signalling and suchlike 308 some other process (so signalling and suchlike still work correctly).
309 309
310 310
311 When the CacheFiles module is asked to bind to 311 When the CacheFiles module is asked to bind to its cache, it:
312 312
313 (1) Finds the security label attached to the 313 (1) Finds the security label attached to the root cache directory and uses
314 that as the security label with which it 314 that as the security label with which it will create files. By default,
315 this is:: 315 this is::
316 316
317 cachefiles_var_t 317 cachefiles_var_t
318 318
319 (2) Finds the security label of the process w 319 (2) Finds the security label of the process which issued the bind request
320 (presumed to be the cachefilesd daemon), 320 (presumed to be the cachefilesd daemon), which by default will be::
321 321
322 cachefilesd_t 322 cachefilesd_t
323 323
324 and asks LSM to supply a security ID as w 324 and asks LSM to supply a security ID as which it should act given the
325 daemon's label. By default, this will be 325 daemon's label. By default, this will be::
326 326
327 cachefiles_kernel_t 327 cachefiles_kernel_t
328 328
329 SELinux transitions the daemon's security 329 SELinux transitions the daemon's security ID to the module's security ID
330 based on a rule of this form in the polic 330 based on a rule of this form in the policy::
331 331
332 type_transition <daemon's-ID> kernel_t 332 type_transition <daemon's-ID> kernel_t : process <module's-ID>;
333 333
334 For instance:: 334 For instance::
335 335
336 type_transition cachefilesd_t kernel_t 336 type_transition cachefilesd_t kernel_t : process cachefiles_kernel_t;
337 337
338 338
339 The module's security ID gives it permission t 339 The module's security ID gives it permission to create, move and remove files
340 and directories in the cache, to find and acce 340 and directories in the cache, to find and access directories and files in the
341 cache, to set and access extended attributes o 341 cache, to set and access extended attributes on cache objects, and to read and
342 write files in the cache. 342 write files in the cache.
343 343
344 The daemon's security ID gives it only a very 344 The daemon's security ID gives it only a very restricted set of permissions: it
345 may scan directories, stat files and erase fil 345 may scan directories, stat files and erase files and directories. It may
346 not read or write files in the cache, and so i 346 not read or write files in the cache, and so it is precluded from accessing the
347 data cached therein; nor is it permitted to cr 347 data cached therein; nor is it permitted to create new files in the cache.
348 348
349 349
350 There are policy source files available in: 350 There are policy source files available in:
351 351
352 https://people.redhat.com/~dhowells/fs 352 https://people.redhat.com/~dhowells/fscache/cachefilesd-0.8.tar.bz2
353 353
354 and later versions. In that tarball, see the 354 and later versions. In that tarball, see the files::
355 355
356 cachefilesd.te 356 cachefilesd.te
357 cachefilesd.fc 357 cachefilesd.fc
358 cachefilesd.if 358 cachefilesd.if
359 359
360 They are built and installed directly by the R 360 They are built and installed directly by the RPM.
361 361
362 If a non-RPM based system is being used, then 362 If a non-RPM based system is being used, then copy the above files to their own
363 directory and run:: 363 directory and run::
364 364
365 make -f /usr/share/selinux/devel/Makef 365 make -f /usr/share/selinux/devel/Makefile
366 semodule -i cachefilesd.pp 366 semodule -i cachefilesd.pp
367 367
368 You will need checkpolicy and selinux-policy-d 368 You will need checkpolicy and selinux-policy-devel installed prior to the
369 build. 369 build.
370 370
371 371
372 By default, the cache is located in /var/fscac 372 By default, the cache is located in /var/fscache, but if it is desirable that
373 it should be elsewhere, than either the above 373 it should be elsewhere, than either the above policy files must be altered, or
374 an auxiliary policy must be installed to label 374 an auxiliary policy must be installed to label the alternate location of the
375 cache. 375 cache.
376 376
377 For instructions on how to add an auxiliary po 377 For instructions on how to add an auxiliary policy to enable the cache to be
378 located elsewhere when SELinux is in enforcing 378 located elsewhere when SELinux is in enforcing mode, please see::
379 379
380 /usr/share/doc/cachefilesd-*/move-cach 380 /usr/share/doc/cachefilesd-*/move-cache.txt
381 381
382 When the cachefilesd rpm is installed; alterna 382 When the cachefilesd rpm is installed; alternatively, the document can be found
383 in the sources. 383 in the sources.
384 384
385 385
386 A Note on Security 386 A Note on Security
387 ================== 387 ==================
388 388
389 CacheFiles makes use of the split security in 389 CacheFiles makes use of the split security in the task_struct. It allocates
390 its own task_security structure, and redirects 390 its own task_security structure, and redirects current->cred to point to it
391 when it acts on behalf of another process, in 391 when it acts on behalf of another process, in that process's context.
392 392
393 The reason it does this is that it calls vfs_m 393 The reason it does this is that it calls vfs_mkdir() and suchlike rather than
394 bypassing security and calling inode ops direc 394 bypassing security and calling inode ops directly. Therefore the VFS and LSM
395 may deny the CacheFiles access to the cache da 395 may deny the CacheFiles access to the cache data because under some
396 circumstances the caching code is running in t 396 circumstances the caching code is running in the security context of whatever
397 process issued the original syscall on the net 397 process issued the original syscall on the netfs.
398 398
399 Furthermore, should CacheFiles create a file o 399 Furthermore, should CacheFiles create a file or directory, the security
400 parameters with that object is created (UID, G 400 parameters with that object is created (UID, GID, security label) would be
401 derived from that process that issued the syst 401 derived from that process that issued the system call, thus potentially
402 preventing other processes from accessing the 402 preventing other processes from accessing the cache - including CacheFiles's
403 cache management daemon (cachefilesd). 403 cache management daemon (cachefilesd).
404 404
405 What is required is to temporarily override th 405 What is required is to temporarily override the security of the process that
406 issued the system call. We can't, however, ju 406 issued the system call. We can't, however, just do an in-place change of the
407 security data as that affects the process as a 407 security data as that affects the process as an object, not just as a subject.
408 This means it may lose signals or ptrace event 408 This means it may lose signals or ptrace events for example, and affects what
409 the process looks like in /proc. 409 the process looks like in /proc.
410 410
411 So CacheFiles makes use of a logical split in 411 So CacheFiles makes use of a logical split in the security between the
412 objective security (task->real_cred) and the s 412 objective security (task->real_cred) and the subjective security (task->cred).
413 The objective security holds the intrinsic sec 413 The objective security holds the intrinsic security properties of a process and
414 is never overridden. This is what appears in 414 is never overridden. This is what appears in /proc, and is what is used when a
415 process is the target of an operation by some 415 process is the target of an operation by some other process (SIGKILL for
416 example). 416 example).
417 417
418 The subjective security holds the active secur 418 The subjective security holds the active security properties of a process, and
419 may be overridden. This is not seen externall 419 may be overridden. This is not seen externally, and is used when a process
420 acts upon another object, for example SIGKILLi 420 acts upon another object, for example SIGKILLing another process or opening a
421 file. 421 file.
422 422
423 LSM hooks exist that allow SELinux (or Smack o 423 LSM hooks exist that allow SELinux (or Smack or whatever) to reject a request
424 for CacheFiles to run in a context of a specif 424 for CacheFiles to run in a context of a specific security label, or to create
425 files and directories with another security la 425 files and directories with another security label.
426 426
427 427
428 Statistical Information 428 Statistical Information
429 ======================= 429 =======================
430 430
431 If FS-Cache is compiled with the following opt 431 If FS-Cache is compiled with the following option enabled::
432 432
433 CONFIG_CACHEFILES_HISTOGRAM=y 433 CONFIG_CACHEFILES_HISTOGRAM=y
434 434
435 then it will gather certain statistics and dis 435 then it will gather certain statistics and display them through a proc file.
436 436
437 /proc/fs/cachefiles/histogram 437 /proc/fs/cachefiles/histogram
438 438
439 :: 439 ::
440 440
441 cat /proc/fs/cachefiles/histogram 441 cat /proc/fs/cachefiles/histogram
442 JIFS SECS LOOKUPS MKDIRS CREATE 442 JIFS SECS LOOKUPS MKDIRS CREATES
443 ===== ===== ========= ========= ====== 443 ===== ===== ========= ========= =========
444 444
445 This shows the breakdown of the number of 445 This shows the breakdown of the number of times each amount of time
446 between 0 jiffies and HZ-1 jiffies a vari 446 between 0 jiffies and HZ-1 jiffies a variety of tasks took to run. The
447 columns are as follows: 447 columns are as follows:
448 448
449 ======= ====================== 449 ======= =======================================================
450 COLUMN TIME MEASUREMENT 450 COLUMN TIME MEASUREMENT
451 ======= ====================== 451 ======= =======================================================
452 LOOKUPS Length of time to perf 452 LOOKUPS Length of time to perform a lookup on the backing fs
453 MKDIRS Length of time to perf 453 MKDIRS Length of time to perform a mkdir on the backing fs
454 CREATES Length of time to perf 454 CREATES Length of time to perform a create on the backing fs
455 ======= ====================== 455 ======= =======================================================
456 456
457 Each row shows the number of events that 457 Each row shows the number of events that took a particular range of times.
458 Each step is 1 jiffy in size. The JIFS c 458 Each step is 1 jiffy in size. The JIFS column indicates the particular
459 jiffy range covered, and the SECS field t 459 jiffy range covered, and the SECS field the equivalent number of seconds.
460 460
461 461
462 Debugging 462 Debugging
463 ========= 463 =========
464 464
465 If CONFIG_CACHEFILES_DEBUG is enabled, the Cac 465 If CONFIG_CACHEFILES_DEBUG is enabled, the CacheFiles facility can have runtime
466 debugging enabled by adjusting the value in:: 466 debugging enabled by adjusting the value in::
467 467
468 /sys/module/cachefiles/parameters/debu 468 /sys/module/cachefiles/parameters/debug
469 469
470 This is a bitmask of debugging streams to enab 470 This is a bitmask of debugging streams to enable:
471 471
472 ======= ======= ====================== 472 ======= ======= =============================== =======================
473 BIT VALUE STREAM 473 BIT VALUE STREAM POINT
474 ======= ======= ====================== 474 ======= ======= =============================== =======================
475 0 1 General 475 0 1 General Function entry trace
476 1 2 476 1 2 Function exit trace
477 2 4 477 2 4 General
478 ======= ======= ====================== 478 ======= ======= =============================== =======================
479 479
480 The appropriate set of values should be OR'd t 480 The appropriate set of values should be OR'd together and the result written to
481 the control file. For example:: 481 the control file. For example::
482 482
483 echo $((1|4|8)) >/sys/module/cachefile 483 echo $((1|4|8)) >/sys/module/cachefiles/parameters/debug
484 484
485 will turn on all function entry debugging. 485 will turn on all function entry debugging.
486 486
487 487
488 On-demand Read 488 On-demand Read
489 ============== 489 ==============
490 490
491 When working in its original mode, CacheFiles 491 When working in its original mode, CacheFiles serves as a local cache for a
492 remote networking fs - while in on-demand read 492 remote networking fs - while in on-demand read mode, CacheFiles can boost the
493 scenario where on-demand read semantics are ne 493 scenario where on-demand read semantics are needed, e.g. container image
494 distribution. 494 distribution.
495 495
496 The essential difference between these two mod 496 The essential difference between these two modes is seen when a cache miss
497 occurs: In the original mode, the netfs will f 497 occurs: In the original mode, the netfs will fetch the data from the remote
498 server and then write it to the cache file; in 498 server and then write it to the cache file; in on-demand read mode, fetching
499 the data and writing it into the cache is dele 499 the data and writing it into the cache is delegated to a user daemon.
500 500
501 ``CONFIG_CACHEFILES_ONDEMAND`` should be enabl 501 ``CONFIG_CACHEFILES_ONDEMAND`` should be enabled to support on-demand read mode.
502 502
503 503
504 Protocol Communication 504 Protocol Communication
505 ---------------------- 505 ----------------------
506 506
507 The on-demand read mode uses a simple protocol 507 The on-demand read mode uses a simple protocol for communication between kernel
508 and user daemon. The protocol can be modeled a 508 and user daemon. The protocol can be modeled as::
509 509
510 kernel --[request]--> user daemon --[r 510 kernel --[request]--> user daemon --[reply]--> kernel
511 511
512 CacheFiles will send requests to the user daem 512 CacheFiles will send requests to the user daemon when needed. The user daemon
513 should poll the devnode ('/dev/cachefiles') to 513 should poll the devnode ('/dev/cachefiles') to check if there's a pending
514 request to be processed. A POLLIN event will 514 request to be processed. A POLLIN event will be returned when there's a pending
515 request. 515 request.
516 516
517 The user daemon then reads the devnode to fetc 517 The user daemon then reads the devnode to fetch a request to process. It should
518 be noted that each read only gets one request. 518 be noted that each read only gets one request. When it has finished processing
519 the request, the user daemon should write the 519 the request, the user daemon should write the reply to the devnode.
520 520
521 Each request starts with a message header of t 521 Each request starts with a message header of the form::
522 522
523 struct cachefiles_msg { 523 struct cachefiles_msg {
524 __u32 msg_id; 524 __u32 msg_id;
525 __u32 opcode; 525 __u32 opcode;
526 __u32 len; 526 __u32 len;
527 __u32 object_id; 527 __u32 object_id;
528 __u8 data[]; 528 __u8 data[];
529 }; 529 };
530 530
531 where: 531 where:
532 532
533 * ``msg_id`` is a unique ID identifyin 533 * ``msg_id`` is a unique ID identifying this request among all pending
534 requests. 534 requests.
535 535
536 * ``opcode`` indicates the type of thi 536 * ``opcode`` indicates the type of this request.
537 537
538 * ``object_id`` is a unique ID identif 538 * ``object_id`` is a unique ID identifying the cache file operated on.
539 539
540 * ``data`` indicates the payload of th 540 * ``data`` indicates the payload of this request.
541 541
542 * ``len`` indicates the whole length o 542 * ``len`` indicates the whole length of this request, including the
543 header and following type-specific p 543 header and following type-specific payload.
544 544
545 545
546 Turning on On-demand Mode 546 Turning on On-demand Mode
547 ------------------------- 547 -------------------------
548 548
549 An optional parameter becomes available to the 549 An optional parameter becomes available to the "bind" command::
550 550
551 bind [ondemand] 551 bind [ondemand]
552 552
553 When the "bind" command is given no argument, 553 When the "bind" command is given no argument, it defaults to the original mode.
554 When it is given the "ondemand" argument, i.e. 554 When it is given the "ondemand" argument, i.e. "bind ondemand", on-demand read
555 mode will be enabled. 555 mode will be enabled.
556 556
557 557
558 The OPEN Request 558 The OPEN Request
559 ---------------- 559 ----------------
560 560
561 When the netfs opens a cache file for the firs 561 When the netfs opens a cache file for the first time, a request with the
562 CACHEFILES_OP_OPEN opcode, a.k.a an OPEN reque 562 CACHEFILES_OP_OPEN opcode, a.k.a an OPEN request will be sent to the user
563 daemon. The payload format is of the form:: 563 daemon. The payload format is of the form::
564 564
565 struct cachefiles_open { 565 struct cachefiles_open {
566 __u32 volume_key_size; 566 __u32 volume_key_size;
567 __u32 cookie_key_size; 567 __u32 cookie_key_size;
568 __u32 fd; 568 __u32 fd;
569 __u32 flags; 569 __u32 flags;
570 __u8 data[]; 570 __u8 data[];
571 }; 571 };
572 572
573 where: 573 where:
574 574
575 * ``data`` contains the volume_key fol 575 * ``data`` contains the volume_key followed directly by the cookie_key.
576 The volume key is a NUL-terminated s 576 The volume key is a NUL-terminated string; the cookie key is binary
577 data. 577 data.
578 578
579 * ``volume_key_size`` indicates the si 579 * ``volume_key_size`` indicates the size of the volume key in bytes.
580 580
581 * ``cookie_key_size`` indicates the si 581 * ``cookie_key_size`` indicates the size of the cookie key in bytes.
582 582
583 * ``fd`` indicates an anonymous fd ref 583 * ``fd`` indicates an anonymous fd referring to the cache file, through
584 which the user daemon can perform wr 584 which the user daemon can perform write/llseek file operations on the
585 cache file. 585 cache file.
586 586
587 587
588 The user daemon can use the given (volume_key, 588 The user daemon can use the given (volume_key, cookie_key) pair to distinguish
589 the requested cache file. With the given anon 589 the requested cache file. With the given anonymous fd, the user daemon can
590 fetch the data and write it to the cache file 590 fetch the data and write it to the cache file in the background, even when
591 kernel has not triggered a cache miss yet. 591 kernel has not triggered a cache miss yet.
592 592
593 Be noted that each cache file has a unique obj 593 Be noted that each cache file has a unique object_id, while it may have multiple
594 anonymous fds. The user daemon may duplicate 594 anonymous fds. The user daemon may duplicate anonymous fds from the initial
595 anonymous fd indicated by the @fd field throug 595 anonymous fd indicated by the @fd field through dup(). Thus each object_id can
596 be mapped to multiple anonymous fds, while the 596 be mapped to multiple anonymous fds, while the usr daemon itself needs to
597 maintain the mapping. 597 maintain the mapping.
598 598
599 When implementing a user daemon, please be car 599 When implementing a user daemon, please be careful of RLIMIT_NOFILE,
600 ``/proc/sys/fs/nr_open`` and ``/proc/sys/fs/fi 600 ``/proc/sys/fs/nr_open`` and ``/proc/sys/fs/file-max``. Typically these needn't
601 be huge since they're related to the number of 601 be huge since they're related to the number of open device blobs rather than
602 open files of each individual filesystem. 602 open files of each individual filesystem.
603 603
604 The user daemon should reply the OPEN request 604 The user daemon should reply the OPEN request by issuing a "copen" (complete
605 open) command on the devnode:: 605 open) command on the devnode::
606 606
607 copen <msg_id>,<cache_size> 607 copen <msg_id>,<cache_size>
608 608
609 where: 609 where:
610 610
611 * ``msg_id`` must match the msg_id fie 611 * ``msg_id`` must match the msg_id field of the OPEN request.
612 612
613 * When >= 0, ``cache_size`` indicates 613 * When >= 0, ``cache_size`` indicates the size of the cache file;
614 when < 0, ``cache_size`` indicates a 614 when < 0, ``cache_size`` indicates any error code encountered by the
615 user daemon. 615 user daemon.
616 616
617 617
618 The CLOSE Request 618 The CLOSE Request
619 ----------------- 619 -----------------
620 620
621 When a cookie withdrawn, a CLOSE request (opco 621 When a cookie withdrawn, a CLOSE request (opcode CACHEFILES_OP_CLOSE) will be
622 sent to the user daemon. This tells the user 622 sent to the user daemon. This tells the user daemon to close all anonymous fds
623 associated with the given object_id. The CLOS 623 associated with the given object_id. The CLOSE request has no extra payload,
624 and shouldn't be replied. 624 and shouldn't be replied.
625 625
626 626
627 The READ Request 627 The READ Request
628 ---------------- 628 ----------------
629 629
630 When a cache miss is encountered in on-demand 630 When a cache miss is encountered in on-demand read mode, CacheFiles will send a
631 READ request (opcode CACHEFILES_OP_READ) to th 631 READ request (opcode CACHEFILES_OP_READ) to the user daemon. This tells the user
632 daemon to fetch the contents of the requested 632 daemon to fetch the contents of the requested file range. The payload is of the
633 form:: 633 form::
634 634
635 struct cachefiles_read { 635 struct cachefiles_read {
636 __u64 off; 636 __u64 off;
637 __u64 len; 637 __u64 len;
638 }; 638 };
639 639
640 where: 640 where:
641 641
642 * ``off`` indicates the starting offse 642 * ``off`` indicates the starting offset of the requested file range.
643 643
644 * ``len`` indicates the length of the 644 * ``len`` indicates the length of the requested file range.
645 645
646 646
647 When it receives a READ request, the user daem 647 When it receives a READ request, the user daemon should fetch the requested data
648 and write it to the cache file identified by o 648 and write it to the cache file identified by object_id.
649 649
650 When it has finished processing the READ reque 650 When it has finished processing the READ request, the user daemon should reply
651 by using the CACHEFILES_IOC_READ_COMPLETE ioct 651 by using the CACHEFILES_IOC_READ_COMPLETE ioctl on one of the anonymous fds
652 associated with the object_id given in the REA 652 associated with the object_id given in the READ request. The ioctl is of the
653 form:: 653 form::
654 654
655 ioctl(fd, CACHEFILES_IOC_READ_COMPLETE 655 ioctl(fd, CACHEFILES_IOC_READ_COMPLETE, msg_id);
656 656
657 where: 657 where:
658 658
659 * ``fd`` is one of the anonymous fds a 659 * ``fd`` is one of the anonymous fds associated with the object_id
660 given. 660 given.
661 661
662 * ``msg_id`` must match the msg_id fie 662 * ``msg_id`` must match the msg_id field of the READ request.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.