Date: Mon, 29 Jan 2024 17:21:13 -0700 From: Warner Losh <imp@bsdimp.com> To: Olivier Certner <olce@freebsd.org> Cc: Mike Karels <mike@karels.net>, freebsd-current@freebsd.org Subject: Re: noatime on ufs2 Message-ID: <CANCZdfppuaPgM40FpF6rCdTgwjVqOXivJpinNy=69KY7yncu7Q@mail.gmail.com> In-Reply-To: <3896441.telDhacX5M@ravel> References: <ZZqmmM-6f606bLJx@int21h> <11453367.ZaXhgXhNnV@ravel> <6430CD93-B4D1-49D6-A39B-B8BCF424258F@karels.net> <3896441.telDhacX5M@ravel>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000227b2a06101ebeba
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
On Mon, Jan 29, 2024 at 2:31=E2=80=AFPM Olivier Certner <olce@freebsd.org> =
wrote:
> Hi Mike,
>
> I've re-ordered a bit your mail to group some of my comments more
> logically.
>
> > I am not sure a sysctl is a good mechanism for setting the mount defaul=
t,
> > especially if it is to be set via the kernel environment from
> > /boot/loader.conf. That's an obscure place to find file system default=
s.
>
> If the setting has to matter for the root filesystem also (I think it
> should), currently the knob should be set in '/boot/loader.conf'. But if
> "regular" filesystems (those from '/etc/fstab') have an explicit 'atime' =
or
> 'noatime', '/etc/sysctl.conf' could be enough ('/etc/rc/sysctl' is run ve=
ry
> early).
>
I strongly oppose this notion to control this from loader.conf. Root is
mounted read-only, so it doesn't matter. That's why I liked Mike's
suggestion: root isn't special.
> > It also seems undesirable to add a sysctl to control a value that the
> > kernel doesn't use.
>
> The kernel has to use it to guarantee some uniform behavior irrespective
> of the mount being performed through mount(8) or by a direct call to
> nmount(2). I think this consistency is important. Perhaps all
> auto-mounters and mount helpers always run mount(8) and never deal with
> nmount(2), I would have to check (I seem to remember that, a long time ag=
o,
> when nmount(2) was introduced as an enhancement over mount(2), the stance
> was that applications should use mount(8) and not nmount(2) directly).
> Even if there were no obvious callers of nmount(2), I would be a bit
> uncomfortable with this discrepancy in behavior.
>
I disagree. I think Mike's suggestion was better and dealt with POLA and
POLA breaking in a sane way. If the default is applied universally in user
space, then we need not change the kernel at all. We lose all the chicken
and egg problems and the non-linearness of the sysctl idea.
> > Note that the root file system is mounted specially in the kernel, but
> the
> > noatime option doesn't need to be set at first while the root is
> read-only.
> > It could be updated by mount when remounting read-write from the startu=
p
> > scripts.
>
> That's true. However, how about other filesystems mounted by rc scripts,
> such as '/tmp'? I agree that this one is not a good example, since the
> 'tmpfs' script ultimately calls 'mdmfs', which ultimately spawns a new
> process to execute mount(8). But I fear that, if we don't have the
> consistency exposed just above, we are going to need to audit other
> programs, including external ones, which is precisely what I wanted to
> avoid with a simple default that applies to everything (hence, implemente=
d
> in the kernel).
>
If it's in fstab as default, then it would be read by whatever updates
things in user space.
> > Instead, I'd like to propose that the default be
> > specified in a new entry in /etc/fstab, where it would be much more
> obvious.
> > For example, a line could be placed at the beginning like:
> >
> > # Device Mountpoint FStype Options
> > default none default noatime,...
> >
> > It could be retrieved with getfsspec("default") in the fs_mnntops field=
.
> > I wouldn't include this entry when iterating through the whole file wit=
h
> > getfsent() to avoid confusing existing programs. Then mount, and other
> > utilities such as zfs create, could check it explicitly. It should be
> > placed in /etc/fstab when it is created: by bsdinstall when it is used,
> > preferably by having the user select this explicitly, but probably with
> > noatime being the default. It would be in the pre-configured fstab use=
d
> > for VM images and SD card images. Anyone building a root file system b=
y
> > hand would have to deal with this to set a default.
>
> That could be great. And it's not necessarily in contradiction with a
> sysctl. If we have the latter, setting the default could happen through =
it
> and could be done by some startup script. Then, the only thing not cover=
ed
> is the root filesystem, but even this is fixable by parsing the default
> line from the loader itself (it already parses '/etc/fstab' after all) an=
d
> converting that specification to tunables passed to the kernel.
>
I really like Mike's idea. It obviates the need for the sysctl entirely. It
gets around the need to update loader.conf as well. It concentrates the
change in one place and
does so in a way that's not at all atime focused: It could also be
generalized so that the FSTYPE could have different settings for different
types of filesystem (maybe unique flags that some file systems don't
understand).
> > I would then have the mount program look up and apply the default for
> things
> > like mounting a file system manually. Perhaps it could have a -D optio=
n
> > to ignore defaults, e.g. for scripts that don't want to be subject to
> local
> > settings.
>
> This is a complication in the case of using sysctl knobs and the kernel
> being in charge of applying them as the defaults. It implies that mount(=
8)
> should know some fixed old defaults, irrespective of the sysctl values. =
As
> evoked in another mail, I think the choice of defaults is really an
> administrative matter. If some scripts really need 'atime' to work, I
> would think that the administrator should not change the default to
> 'noatime', else make sure these scripts explicitly pass 'atime' (or use a
> line in '/etc/fstab' that specifies 'atime'). Doing the latter seems to =
be
> exactly the same effort as having the same scripts start to use '-D'
> (whether by configuration or direct modification).
>
I don't like this, because it is atime focused. atime is a trivial little
optimization that really isn't worth the effort for the vast majority of
things. However, it would be nice to have some way to specify another layer
of defaults, like we do for rc variables, loader variables, etc. mount is
currently missing that generality. One could also put it in
/etc/defaults/fstab too and not break POLA since that's the pattern we use
elsewhere.
> > It would be plausible to set the default(s) in rc.conf instead, althoug=
h
> > that is more convenient for shell scripts than C programs. It would be
> > possible to read output from something like "sysrc filesystem_defaults"=
.
> > It would also not be as obvious when setting or checking file system
> > configuration.
>
> The non-obvious remark seems to be an argument in favor of having the
> defaults in '/etc/fstab'.
>
> > btw, I think there is consensus that noatime is the most useful setting
> for
> > most systems and users. However, I don't think there is consensus that
> the
> > default should be changed for things like mount with no options. I thi=
nk
> > that putting a default somewhere fairly obvious could make it more
> palatable
> > (less POLA violation). Opinions may vary, though.
>
> To be clear, when you say mounting without options, there are two cases
> with mount(8):
> - Either a single argument referencing some line in '/etc/fstab', which
> could well specify an explicit 'noatime' or 'atime', in which case of
> course it should apply, not the global default. If the fstab line doesn'=
t
> specify either one, should the global default apply? For consistency and
> simplicity, I think it should.
> - A device and a mount point, in which case I don't see why the default
> shouldn't apply.
>
> If the default is controlled by a sysctl, it's an administrator setting,
> and only an opt-in one as long as we don't change the sysctl's default
> value. Simplicity and consistency are key to make this mechanism useful.
> Administrators should not be put in a position where which options are
> going to be applied is not obvious to them. Once they have set the sysct=
l,
> not always obeying it is what I would think is the real POLA violation.
> What would be the reasons to depart from this scheme?
>
I don't think the case for sysctl has been made. It's a big, inelegant
hammer that can be solved more elegantly like Mike suggested. And it can be
used for more than just atime: it can be used for any option or set of
options you want. It's agnostic to why you want to do it. It follows the
'tools not rules' philosophy the project has had for decades.
Anyway, I've said my piece. I agree with Mike that there's consensus for
this from the installer, and after that consensus falls away. Mike's idea
is one that I can get behind since it elegantly solves the general problem.
Warner
> Thanks and regards.
>
> --
> Olivier Certner
--000000000000227b2a06101ebeba
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jan 29, 2024 at 2:31=E2=80=AF=
PM Olivier Certner <<a href=3D"mailto:olce@freebsd.org">olce@freebsd.org=
</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:=
0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">=
Hi Mike,<br>
<br>
I've re-ordered a bit your mail to group some of my comments more logic=
ally.<br>
<br>
> I am not sure a sysctl is a good mechanism for setting the mount defau=
lt,<br>
> especially if it is to be set via the kernel environment from<br>
> /boot/loader.conf.=C2=A0 That's an obscure place to find file syst=
em defaults.<br>
<br>
If the setting has to matter for the root filesystem also (I think it shoul=
d), currently the knob should be set in '/boot/loader.conf'.=C2=A0 =
But if "regular" filesystems (those from '/etc/fstab') ha=
ve an explicit 'atime' or 'noatime', '/etc/sysctl.conf&=
#39; could be enough ('/etc/rc/sysctl' is run very early).<br></blo=
ckquote><div><br></div><div>I strongly oppose this notion to control this f=
rom loader.conf. Root is mounted read-only, so it doesn't matter. That&=
#39;s why I liked Mike's suggestion: root isn't special.</div><div>=
=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0=
.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
> It also seems undesirable to add a sysctl to control a value that the<=
br>
> kernel doesn't use.<br>
<br>
The kernel has to use it to guarantee some uniform behavior irrespective of=
the mount being performed through mount(8) or by a direct call to nmount(2=
).=C2=A0 I think this consistency is important.=C2=A0 Perhaps all auto-moun=
ters and mount helpers always run mount(8) and never deal with nmount(2), I=
would have to check (I seem to remember that, a long time ago, when nmount=
(2) was introduced as an enhancement over mount(2), the stance was that app=
lications should use mount(8) and not nmount(2) directly).=C2=A0 Even if th=
ere were no obvious callers of nmount(2), I would be a bit uncomfortable wi=
th this discrepancy in behavior.<br></blockquote><div><br></div><div>I disa=
gree. I think Mike's suggestion was better and dealt with POLA and POLA=
breaking in a sane way. If the default is applied universally in user spac=
e, then we need not change the kernel at all. We lose all the chicken and e=
gg problems and the non-linearness of the sysctl idea.</div><div>=C2=A0</di=
v><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;borde=
r-left:1px solid rgb(204,204,204);padding-left:1ex">
> Note that the root file system is mounted specially in the kernel, but=
the<br>
> noatime option doesn't need to be set at first while the root is r=
ead-only.<br>
> It could be updated by mount when remounting read-write from the start=
up<br>
> scripts.<br>
<br>
That's true.=C2=A0 However, how about other filesystems mounted by rc s=
cripts, such as '/tmp'?=C2=A0 I agree that this one is not a good e=
xample, since the 'tmpfs' script ultimately calls 'mdmfs', =
which ultimately spawns a new process to execute mount(8).=C2=A0 But I fear=
that, if we don't have the consistency exposed just above, we are goin=
g to need to audit other programs, including external ones, which is precis=
ely what I wanted to avoid with a simple default that applies to everything=
(hence, implemented in the kernel).<br></blockquote><div><br></div><div>If=
it's in fstab as default, then it would be read by whatever updates th=
ings in user space.</div><div>=C2=A0</div><blockquote class=3D"gmail_quote"=
style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);p=
adding-left:1ex">
> Instead, I'd like to propose that the default be<br>
> specified in a new entry in /etc/fstab, where it would be much more ob=
vious.<br>
> For example, a line could be placed at the beginning like:<br>
> <br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0# Device=C2=A0 =C2=A0 =C2=A0 =C2=A0 Mountpoi=
nt=C2=A0 =C2=A0 =C2=A0 FStype=C2=A0 Options<br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0default=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0non=
e=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 default noatime,...<br>
> <br>
> It could be retrieved with getfsspec("default") in the fs_mn=
ntops field.<br>
> I wouldn't include this entry when iterating through the whole fil=
e with<br>
> getfsent() to avoid confusing existing programs.=C2=A0 Then mount, and=
other<br>
> utilities such as zfs create, could check it explicitly.=C2=A0 It shou=
ld be<br>
> placed in /etc/fstab when it is created: by bsdinstall when it is used=
,<br>
> preferably by having the user select this explicitly, but probably wit=
h<br>
> noatime being the default.=C2=A0 It would be in the pre-configured fst=
ab used<br>
> for VM images and SD card images.=C2=A0 Anyone building a root file sy=
stem by<br>
> hand would have to deal with this to set a default.<br>
<br>
That could be great.=C2=A0 And it's not necessarily in contradiction wi=
th a sysctl.=C2=A0 If we have the latter, setting the default could happen =
through it and could be done by some startup script.=C2=A0 Then, the only t=
hing not covered is the root filesystem, but even this is fixable by parsin=
g the default line from the loader itself (it already parses '/etc/fsta=
b' after all) and converting that specification to tunables passed to t=
he kernel.<br></blockquote><div><br></div><div>I really like Mike's ide=
a. It obviates the need for the sysctl entirely. It gets around the need to=
update loader.conf as well. It concentrates the change in one place and</d=
iv><div>does so in a way that's not at all atime=C2=A0focused:=C2=A0 It=
could also be generalized so that the FSTYPE could have different settings=
for different types of filesystem (maybe unique flags that some file syste=
ms=C2=A0don't understand).</div><div><br></div><div>=C2=A0</div><blockq=
uote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1p=
x solid rgb(204,204,204);padding-left:1ex">
> I would then have the mount program look up and apply the default for =
things<br>
> like mounting a file system manually.=C2=A0 Perhaps it could have a -D=
option<br>
> to ignore defaults, e.g. for scripts that don't want to be subject=
to local<br>
> settings.<br>
<br>
This is a complication in the case of using sysctl knobs and the kernel bei=
ng in charge of applying them as the defaults.=C2=A0 It implies that mount(=
8) should know some fixed old defaults, irrespective of the sysctl values.=
=C2=A0 As evoked in another mail, I think the choice of defaults is really =
an administrative matter.=C2=A0 If some scripts really need 'atime'=
to work, I would think that the administrator should not change the defaul=
t to 'noatime', else make sure these scripts explicitly pass 'a=
time' (or use a line in '/etc/fstab' that specifies 'atime&=
#39;).=C2=A0 Doing the latter seems to be exactly the same effort as having=
the same scripts start to use '-D' (whether by configuration or di=
rect modification).<br></blockquote><div><br></div><div>I don't like th=
is, because it is atime focused. atime is a trivial little optimization tha=
t really=C2=A0isn't worth the effort for the vast majority of things. H=
owever, it would be nice to have some way to specify another layer of defau=
lts, like we do for rc variables, loader variables, etc. mount is currently=
missing that generality. One could also put it in /etc/defaults/fstab too =
and not break POLA since that's the pattern we use elsewhere.</div><div=
>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px =
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
> It would be plausible to set the default(s) in rc.conf instead, althou=
gh<br>
> that is more convenient for shell scripts than C programs. It would be=
<br>
> possible to read output from something like "sysrc filesystem_def=
aults".<br>
> It would also not be as obvious when setting or checking file system<b=
r>
> configuration.<br>
<br>
The non-obvious remark seems to be an argument in favor of having the defau=
lts in '/etc/fstab'.<br>
<br>
> btw, I think there is consensus that noatime is the most useful settin=
g for<br>
> most systems and users.=C2=A0 However, I don't think there is cons=
ensus that the<br>
> default should be changed for things like mount with no options.=C2=A0=
I think<br>
> that putting a default somewhere fairly obvious could make it more pal=
atable<br>
> (less POLA violation).=C2=A0 Opinions may vary, though.<br>
<br>
To be clear, when you say mounting without options, there are two cases wit=
h mount(8):<br>
- Either a single argument referencing some line in '/etc/fstab', w=
hich could well specify an explicit 'noatime' or 'atime', i=
n which case of course it should apply, not the global default.=C2=A0 If th=
e fstab line doesn't specify either one, should the global default appl=
y?=C2=A0 For consistency and simplicity, I think it should.<br>
- A device and a mount point, in which case I don't see why the default=
shouldn't apply.<br>
<br>
If the default is controlled by a sysctl, it's an administrator setting=
, and only an opt-in one as long as we don't change the sysctl's de=
fault value.=C2=A0 Simplicity and consistency are key to make this mechanis=
m useful.=C2=A0 Administrators should not be put in a position where which =
options are going to be applied is not obvious to them.=C2=A0 Once they hav=
e set the sysctl, not always obeying it is what I would think is the real P=
OLA violation.=C2=A0 What would be the reasons to depart from this scheme?<=
br></blockquote><div><br></div><div>I don't think the case for sysctl h=
as been made. It's a big, inelegant hammer that can be solved more eleg=
antly like Mike suggested. And it can be used for more than just atime: it =
can be used for any option or set of options you want. It's agnostic to=
why you want to do it. It follows the 'tools not rules' philosophy=
=C2=A0the project has had for decades.</div><div><br></div><div>Anyway, I&#=
39;ve said my piece. I agree with Mike that there's consensus for this =
from the installer, and after that consensus falls away. Mike's idea is=
one that I can get behind since it elegantly solves the general problem.</=
div><div><br></div><div>Warner</div><div>=C2=A0</div><blockquote class=3D"g=
mail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204=
,204,204);padding-left:1ex">
Thanks and regards.<br>
<br>
-- <br>
Olivier Certner</blockquote></div></div>
--000000000000227b2a06101ebeba--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfppuaPgM40FpF6rCdTgwjVqOXivJpinNy=69KY7yncu7Q>