1.. SPDX-License-Identifier: GPL-2.0
2
3===========================
4Coda Kernel-Venus Interface
5===========================
6
7.. Note::
8
9   This is one of the technical documents describing a component of
10   Coda -- this document describes the client kernel-Venus interface.
11
12For more information:
13
14  http://www.coda.cs.cmu.edu
15
16For user level software needed to run Coda:
17
18  ftp://ftp.coda.cs.cmu.edu
19
20To run Coda you need to get a user level cache manager for the client,
21named Venus, as well as tools to manipulate ACLs, to log in, etc.  The
22client needs to have the Coda filesystem selected in the kernel
23configuration.
24
25The server needs a user level server and at present does not depend on
26kernel support.
27
28  The Venus kernel interface
29
30  Peter J. Braam
31
32  v1.0, Nov 9, 1997
33
34  This document describes the communication between Venus and kernel
35  level filesystem code needed for the operation of the Coda file sys-
36  tem.  This document version is meant to describe the current interface
37  (version 1.0) as well as improvements we envisage.
38
39.. Table of Contents
40
41  1. Introduction
42
43  2. Servicing Coda filesystem calls
44
45  3. The message layer
46
47     3.1 Implementation details
48
49  4. The interface at the call level
50
51     4.1 Data structures shared by the kernel and Venus
52     4.2 The pioctl interface
53     4.3 root
54     4.4 lookup
55     4.5 getattr
56     4.6 setattr
57     4.7 access
58     4.8 create
59     4.9 mkdir
60     4.10 link
61     4.11 symlink
62     4.12 remove
63     4.13 rmdir
64     4.14 readlink
65     4.15 open
66     4.16 close
67     4.17 ioctl
68     4.18 rename
69     4.19 readdir
70     4.20 vget
71     4.21 fsync
72     4.22 inactive
73     4.23 rdwr
74     4.24 odymount
75     4.25 ody_lookup
76     4.26 ody_expand
77     4.27 prefetch
78     4.28 signal
79
80  5. The minicache and downcalls
81
82     5.1 INVALIDATE
83     5.2 FLUSH
84     5.3 PURGEUSER
85     5.4 ZAPFILE
86     5.5 ZAPDIR
87     5.6 ZAPVNODE
88     5.7 PURGEFID
89     5.8 REPLACE
90
91  6. Initialization and cleanup
92
93     6.1 Requirements
94
951. Introduction
96===============
97
98  A key component in the Coda Distributed File System is the cache
99  manager, Venus.
100
101  When processes on a Coda enabled system access files in the Coda
102  filesystem, requests are directed at the filesystem layer in the
103  operating system. The operating system will communicate with Venus to
104  service the request for the process.  Venus manages a persistent
105  client cache and makes remote procedure calls to Coda file servers and
106  related servers (such as authentication servers) to service these
107  requests it receives from the operating system.  When Venus has
108  serviced a request it replies to the operating system with appropriate
109  return codes, and other data related to the request.  Optionally the
110  kernel support for Coda may maintain a minicache of recently processed
111  requests to limit the number of interactions with Venus.  Venus
112  possesses the facility to inform the kernel when elements from its
113  minicache are no longer valid.
114
115  This document describes precisely this communication between the
116  kernel and Venus.  The definitions of so called upcalls and downcalls
117  will be given with the format of the data they handle. We shall also
118  describe the semantic invariants resulting from the calls.
119
120  Historically Coda was implemented in a BSD file system in Mach 2.6.
121  The interface between the kernel and Venus is very similar to the BSD
122  VFS interface.  Similar functionality is provided, and the format of
123  the parameters and returned data is very similar to the BSD VFS.  This
124  leads to an almost natural environment for implementing a kernel-level
125  filesystem driver for Coda in a BSD system.  However, other operating
126  systems such as Linux and Windows 95 and NT have virtual filesystem
127  with different interfaces.
128
129  To implement Coda on these systems some reverse engineering of the
130  Venus/Kernel protocol is necessary.  Also it came to light that other
131  systems could profit significantly from certain small optimizations
132  and modifications to the protocol. To facilitate this work as well as
133  to make future ports easier, communication between Venus and the
134  kernel should be documented in great detail.  This is the aim of this
135  document.
136
1372.  Servicing Coda filesystem calls
138===================================
139
140  The service of a request for a Coda file system service originates in
141  a process P which accessing a Coda file. It makes a system call which
142  traps to the OS kernel. Examples of such calls trapping to the kernel
143  are ``read``, ``write``, ``open``, ``close``, ``create``, ``mkdir``,
144  ``rmdir``, ``chmod`` in a Unix ontext.  Similar calls exist in the Win32
145  environment, and are named ``CreateFile``.
146
147  Generally the operating system handles the request in a virtual
148  filesystem (VFS) layer, which is named I/O Manager in NT and IFS
149  manager in Windows 95.  The VFS is responsible for partial processing
150  of the request and for locating the specific filesystem(s) which will
151  service parts of the request.  Usually the information in the path
152  assists in locating the correct FS drivers.  Sometimes after extensive
153  pre-processing, the VFS starts invoking exported routines in the FS
154  driver.  This is the point where the FS specific processing of the
155  request starts, and here the Coda specific kernel code comes into
156  play.
157
158  The FS layer for Coda must expose and implement several interfaces.
159  First and foremost the VFS must be able to make all necessary calls to
160  the Coda FS layer, so the Coda FS driver must expose the VFS interface
161  as applicable in the operating system. These differ very significantly
162  among operating systems, but share features such as facilities to
163  read/write and create and remove objects.  The Coda FS layer services
164  such VFS requests by invoking one or more well defined services
165  offered by the cache manager Venus.  When the replies from Venus have
166  come back to the FS driver, servicing of the VFS call continues and
167  finishes with a reply to the kernel's VFS. Finally the VFS layer
168  returns to the process.
169
170  As a result of this design a basic interface exposed by the FS driver
171  must allow Venus to manage message traffic.  In particular Venus must
172  be able to retrieve and place messages and to be notified of the
173  arrival of a new message. The notification must be through a mechanism
174  which does not block Venus since Venus must attend to other tasks even
175  when no messages are waiting or being processed.
176
177  **Interfaces of the Coda FS Driver**
178
179  Furthermore the FS layer provides for a special path of communication
180  between a user process and Venus, called the pioctl interface. The
181  pioctl interface is used for Coda specific services, such as
182  requesting detailed information about the persistent cache managed by
183  Venus. Here the involvement of the kernel is minimal.  It identifies
184  the calling process and passes the information on to Venus.  When
185  Venus replies the response is passed back to the caller in unmodified
186  form.
187
188  Finally Venus allows the kernel FS driver to cache the results from
189  certain services.  This is done to avoid excessive context switches
190  and results in an efficient system.  However, Venus may acquire
191  information, for example from the network which implies that cached
192  information must be flushed or replaced. Venus then makes a downcall
193  to the Coda FS layer to request flushes or updates in the cache.  The
194  kernel FS driver handles such requests synchronously.
195
196  Among these interfaces the VFS interface and the facility to place,
197  receive and be notified of messages are platform specific.  We will
198  not go into the calls exported to the VFS layer but we will state the
199  requirements of the message exchange mechanism.
200
201
2023.  The message layer
203=====================
204
205  At the lowest level the communication between Venus and the FS driver
206  proceeds through messages.  The synchronization between processes
207  requesting Coda file service and Venus relies on blocking and waking
208  up processes.  The Coda FS driver processes VFS- and pioctl-requests
209  on behalf of a process P, creates messages for Venus, awaits replies
210  and finally returns to the caller.  The implementation of the exchange
211  of messages is platform specific, but the semantics have (so far)
212  appeared to be generally applicable.  Data buffers are created by the
213  FS Driver in kernel memory on behalf of P and copied to user memory in
214  Venus.
215
216  The FS Driver while servicing P makes upcalls to Venus.  Such an
217  upcall is dispatched to Venus by creating a message structure.  The
218  structure contains the identification of P, the message sequence
219  number, the size of the request and a pointer to the data in kernel
220  memory for the request.  Since the data buffer is re-used to hold the
221  reply from Venus, there is a field for the size of the reply.  A flags
222  field is used in the message to precisely record the status of the
223  message.  Additional platform dependent structures involve pointers to
224  determine the position of the message on queues and pointers to
225  synchronization objects.  In the upcall routine the message structure
226  is filled in, flags are set to 0, and it is placed on the *pending*
227  queue.  The routine calling upcall is responsible for allocating the
228  data buffer; its structure will be described in the next section.
229
230  A facility must exist to notify Venus that the message has been
231  created, and implemented using available synchronization objects in
232  the OS. This notification is done in the upcall context of the process
233  P. When the message is on the pending queue, process P cannot proceed
234  in upcall.  The (kernel mode) processing of P in the filesystem
235  request routine must be suspended until Venus has replied.  Therefore
236  the calling thread in P is blocked in upcall.  A pointer in the
237  message structure will locate the synchronization object on which P is
238  sleeping.
239
240  Venus detects the notification that a message has arrived, and the FS
241  driver allow Venus to retrieve the message with a getmsg_from_kernel
242  call. This action finishes in the kernel by putting the message on the
243  queue of processing messages and setting flags to READ.  Venus is
244  passed the contents of the data buffer. The getmsg_from_kernel call
245  now returns and Venus processes the request.
246
247  At some later point the FS driver receives a message from Venus,
248  namely when Venus calls sendmsg_to_kernel.  At this moment the Coda FS
249  driver looks at the contents of the message and decides if:
250
251
252  *  the message is a reply for a suspended thread P.  If so it removes
253     the message from the processing queue and marks the message as
254     WRITTEN.  Finally, the FS driver unblocks P (still in the kernel
255     mode context of Venus) and the sendmsg_to_kernel call returns to
256     Venus.  The process P will be scheduled at some point and continues
257     processing its upcall with the data buffer replaced with the reply
258     from Venus.
259
260  *  The message is a ``downcall``.  A downcall is a request from Venus to
261     the FS Driver. The FS driver processes the request immediately
262     (usually a cache eviction or replacement) and when it finishes
263     sendmsg_to_kernel returns.
264
265  Now P awakes and continues processing upcall.  There are some
266  subtleties to take account of. First P will determine if it was woken
267  up in upcall by a signal from some other source (for example an
268  attempt to terminate P) or as is normally the case by Venus in its
269  sendmsg_to_kernel call.  In the normal case, the upcall routine will
270  deallocate the message structure and return.  The FS routine can proceed
271  with its processing.
272
273
274  **Sleeping and IPC arrangements**
275
276  In case P is woken up by a signal and not by Venus, it will first look
277  at the flags field.  If the message is not yet READ, the process P can
278  handle its signal without notifying Venus.  If Venus has READ, and
279  the request should not be processed, P can send Venus a signal message
280  to indicate that it should disregard the previous message.  Such
281  signals are put in the queue at the head, and read first by Venus.  If
282  the message is already marked as WRITTEN it is too late to stop the
283  processing.  The VFS routine will now continue.  (-- If a VFS request
284  involves more than one upcall, this can lead to complicated state, an
285  extra field "handle_signals" could be added in the message structure
286  to indicate points of no return have been passed.--)
287
288
289
2903.1.  Implementation details
291----------------------------
292
293  The Unix implementation of this mechanism has been through the
294  implementation of a character device associated with Coda.  Venus
295  retrieves messages by doing a read on the device, replies are sent
296  with a write and notification is through the select system call on the
297  file descriptor for the device.  The process P is kept waiting on an
298  interruptible wait queue object.
299
300  In Windows NT and the DPMI Windows 95 implementation a DeviceIoControl
301  call is used.  The DeviceIoControl call is designed to copy buffers
302  from user memory to kernel memory with OPCODES. The sendmsg_to_kernel
303  is issued as a synchronous call, while the getmsg_from_kernel call is
304  asynchronous.  Windows EventObjects are used for notification of
305  message arrival.  The process P is kept waiting on a KernelEvent
306  object in NT and a semaphore in Windows 95.
307
308
3094.  The interface at the call level
310===================================
311
312
313  This section describes the upcalls a Coda FS driver can make to Venus.
314  Each of these upcalls make use of two structures: inputArgs and
315  outputArgs.   In pseudo BNF form the structures take the following
316  form::
317
318
319	struct inputArgs {
320	    u_long opcode;
321	    u_long unique;     /* Keep multiple outstanding msgs distinct */
322	    u_short pid;                 /* Common to all */
323	    u_short pgid;                /* Common to all */
324	    struct CodaCred cred;        /* Common to all */
325
326	    <union "in" of call dependent parts of inputArgs>
327	};
328
329	struct outputArgs {
330	    u_long opcode;
331	    u_long unique;       /* Keep multiple outstanding msgs distinct */
332	    u_long result;
333
334	    <union "out" of call dependent parts of inputArgs>
335	};
336
337
338
339  Before going on let us elucidate the role of the various fields. The
340  inputArgs start with the opcode which defines the type of service
341  requested from Venus. There are approximately 30 upcalls at present
342  which we will discuss.   The unique field labels the inputArg with a
343  unique number which will identify the message uniquely.  A process and
344  process group id are passed.  Finally the credentials of the caller
345  are included.
346
347  Before delving into the specific calls we need to discuss a variety of
348  data structures shared by the kernel and Venus.
349
350
351
352
3534.1.  Data structures shared by the kernel and Venus
354----------------------------------------------------
355
356
357  The CodaCred structure defines a variety of user and group ids as
358  they are set for the calling process. The vuid_t and vgid_t are 32 bit
359  unsigned integers.  It also defines group membership in an array.  On
360  Unix the CodaCred has proven sufficient to implement good security
361  semantics for Coda but the structure may have to undergo modification
362  for the Windows environment when these mature::
363
364	struct CodaCred {
365	    vuid_t cr_uid, cr_euid, cr_suid, cr_fsuid; /* Real, effective, set, fs uid */
366	    vgid_t cr_gid, cr_egid, cr_sgid, cr_fsgid; /* same for groups */
367	    vgid_t cr_groups[NGROUPS];        /* Group membership for caller */
368	};
369
370
371  .. Note::
372
373     It is questionable if we need CodaCreds in Venus. Finally Venus
374     doesn't know about groups, although it does create files with the
375     default uid/gid.  Perhaps the list of group membership is superfluous.
376
377
378  The next item is the fundamental identifier used to identify Coda
379  files, the ViceFid.  A fid of a file uniquely defines a file or
380  directory in the Coda filesystem within a cell [1]_::
381
382	typedef struct ViceFid {
383	    VolumeId Volume;
384	    VnodeId Vnode;
385	    Unique_t Unique;
386	} ViceFid;
387
388  .. [1] A cell is agroup of Coda servers acting under the aegis of a single
389	 system control machine or SCM. See the Coda Administration manual
390	 for a detailed description of the role of the SCM.
391
392  Each of the constituent fields: VolumeId, VnodeId and Unique_t are
393  unsigned 32 bit integers.  We envisage that a further field will need
394  to be prefixed to identify the Coda cell; this will probably take the
395  form of a Ipv6 size IP address naming the Coda cell through DNS.
396
397  The next important structure shared between Venus and the kernel is
398  the attributes of the file.  The following structure is used to
399  exchange information.  It has room for future extensions such as
400  support for device files (currently not present in Coda)::
401
402
403	struct coda_timespec {
404		int64_t         tv_sec;         /* seconds */
405		long            tv_nsec;        /* nanoseconds */
406	};
407
408	struct coda_vattr {
409		enum coda_vtype va_type;        /* vnode type (for create) */
410		u_short         va_mode;        /* files access mode and type */
411		short           va_nlink;       /* number of references to file */
412		vuid_t          va_uid;         /* owner user id */
413		vgid_t          va_gid;         /* owner group id */
414		long            va_fsid;        /* file system id (dev for now) */
415		long            va_fileid;      /* file id */
416		u_quad_t        va_size;        /* file size in bytes */
417		long            va_blocksize;   /* blocksize preferred for i/o */
418		struct coda_timespec va_atime;  /* time of last access */
419		struct coda_timespec va_mtime;  /* time of last modification */
420		struct coda_timespec va_ctime;  /* time file changed */
421		u_long          va_gen;         /* generation number of file */
422		u_long          va_flags;       /* flags defined for file */
423		dev_t           va_rdev;        /* device special file represents */
424		u_quad_t        va_bytes;       /* bytes of disk space held by file */
425		u_quad_t        va_filerev;     /* file modification number */
426		u_int           va_vaflags;     /* operations flags, see below */
427		long            va_spare;       /* remain quad aligned */
428	};
429
430
4314.2.  The pioctl interface
432--------------------------
433
434
435  Coda specific requests can be made by application through the pioctl
436  interface. The pioctl is implemented as an ordinary ioctl on a
437  fictitious file /coda/.CONTROL.  The pioctl call opens this file, gets
438  a file handle and makes the ioctl call. Finally it closes the file.
439
440  The kernel involvement in this is limited to providing the facility to
441  open and close and pass the ioctl message and to verify that a path in
442  the pioctl data buffers is a file in a Coda filesystem.
443
444  The kernel is handed a data packet of the form::
445
446	struct {
447	    const char *path;
448	    struct ViceIoctl vidata;
449	    int follow;
450	} data;
451
452
453
454  where::
455
456
457	struct ViceIoctl {
458		caddr_t in, out;        /* Data to be transferred in, or out */
459		short in_size;          /* Size of input buffer <= 2K */
460		short out_size;         /* Maximum size of output buffer, <= 2K */
461	};
462
463
464
465  The path must be a Coda file, otherwise the ioctl upcall will not be
466  made.
467
468  .. Note:: The data structures and code are a mess.  We need to clean this up.
469
470
471**We now proceed to document the individual calls**:
472
473
4744.3.  root
475----------
476
477
478  Arguments
479     in
480
481	empty
482
483     out::
484
485		struct cfs_root_out {
486		    ViceFid VFid;
487		} cfs_root;
488
489
490
491  Description
492    This call is made to Venus during the initialization of
493    the Coda filesystem. If the result is zero, the cfs_root structure
494    contains the ViceFid of the root of the Coda filesystem. If a non-zero
495    result is generated, its value is a platform dependent error code
496    indicating the difficulty Venus encountered in locating the root of
497    the Coda filesystem.
498
4994.4.  lookup
500------------
501
502
503  Summary
504    Find the ViceFid and type of an object in a directory if it exists.
505
506  Arguments
507     in::
508
509		struct  cfs_lookup_in {
510		    ViceFid     VFid;
511		    char        *name;          /* Place holder for data. */
512		} cfs_lookup;
513
514
515
516     out::
517
518		struct cfs_lookup_out {
519		    ViceFid VFid;
520		    int vtype;
521		} cfs_lookup;
522
523
524
525  Description
526    This call is made to determine the ViceFid and filetype of
527    a directory entry.  The directory entry requested carries name name
528    and Venus will search the directory identified by cfs_lookup_in.VFid.
529    The result may indicate that the name does not exist, or that
530    difficulty was encountered in finding it (e.g. due to disconnection).
531    If the result is zero, the field cfs_lookup_out.VFid contains the
532    targets ViceFid and cfs_lookup_out.vtype the coda_vtype giving the
533    type of object the name designates.
534
535  The name of the object is an 8 bit character string of maximum length
536  CFS_MAXNAMLEN, currently set to 256 (including a 0 terminator.)
537
538  It is extremely important to realize that Venus bitwise ors the field
539  cfs_lookup.vtype with CFS_NOCACHE to indicate that the object should
540  not be put in the kernel name cache.
541
542  .. Note::
543
544     The type of the vtype is currently wrong.  It should be
545     coda_vtype. Linux does not take note of CFS_NOCACHE.  It should.
546
547
5484.5.  getattr
549-------------
550
551
552  Summary Get the attributes of a file.
553
554  Arguments
555     in::
556
557		struct cfs_getattr_in {
558		    ViceFid VFid;
559		    struct coda_vattr attr; /* XXXXX */
560		} cfs_getattr;
561
562
563
564     out::
565
566		struct cfs_getattr_out {
567		    struct coda_vattr attr;
568		} cfs_getattr;
569
570
571
572  Description
573    This call returns the attributes of the file identified by fid.
574
575  Errors
576    Errors can occur if the object with fid does not exist, is
577    unaccessible or if the caller does not have permission to fetch
578    attributes.
579
580  .. Note::
581
582     Many kernel FS drivers (Linux, NT and Windows 95) need to acquire
583     the attributes as well as the Fid for the instantiation of an internal
584     "inode" or "FileHandle".  A significant improvement in performance on
585     such systems could be made by combining the lookup and getattr calls
586     both at the Venus/kernel interaction level and at the RPC level.
587
588  The vattr structure included in the input arguments is superfluous and
589  should be removed.
590
591
5924.6.  setattr
593-------------
594
595
596  Summary
597    Set the attributes of a file.
598
599  Arguments
600     in::
601
602		struct cfs_setattr_in {
603		    ViceFid VFid;
604		    struct coda_vattr attr;
605		} cfs_setattr;
606
607
608
609
610     out
611
612	empty
613
614  Description
615    The structure attr is filled with attributes to be changed
616    in BSD style.  Attributes not to be changed are set to -1, apart from
617    vtype which is set to VNON. Other are set to the value to be assigned.
618    The only attributes which the FS driver may request to change are the
619    mode, owner, groupid, atime, mtime and ctime.  The return value
620    indicates success or failure.
621
622  Errors
623    A variety of errors can occur.  The object may not exist, may
624    be inaccessible, or permission may not be granted by Venus.
625
626
6274.7.  access
628------------
629
630
631  Arguments
632     in::
633
634		struct cfs_access_in {
635		    ViceFid     VFid;
636		    int flags;
637		} cfs_access;
638
639
640
641     out
642
643	empty
644
645  Description
646    Verify if access to the object identified by VFid for
647    operations described by flags is permitted.  The result indicates if
648    access will be granted.  It is important to remember that Coda uses
649    ACLs to enforce protection and that ultimately the servers, not the
650    clients enforce the security of the system.  The result of this call
651    will depend on whether a token is held by the user.
652
653  Errors
654    The object may not exist, or the ACL describing the protection
655    may not be accessible.
656
657
6584.8.  create
659------------
660
661
662  Summary
663    Invoked to create a file
664
665  Arguments
666     in::
667
668		struct cfs_create_in {
669		    ViceFid VFid;
670		    struct coda_vattr attr;
671		    int excl;
672		    int mode;
673		    char        *name;          /* Place holder for data. */
674		} cfs_create;
675
676
677
678
679     out::
680
681		struct cfs_create_out {
682		    ViceFid VFid;
683		    struct coda_vattr attr;
684		} cfs_create;
685
686
687
688  Description
689    This upcall is invoked to request creation of a file.
690    The file will be created in the directory identified by VFid, its name
691    will be name, and the mode will be mode.  If excl is set an error will
692    be returned if the file already exists.  If the size field in attr is
693    set to zero the file will be truncated.  The uid and gid of the file
694    are set by converting the CodaCred to a uid using a macro CRTOUID
695    (this macro is platform dependent).  Upon success the VFid and
696    attributes of the file are returned.  The Coda FS Driver will normally
697    instantiate a vnode, inode or file handle at kernel level for the new
698    object.
699
700
701  Errors
702    A variety of errors can occur. Permissions may be insufficient.
703    If the object exists and is not a file the error EISDIR is returned
704    under Unix.
705
706  .. Note::
707
708     The packing of parameters is very inefficient and appears to
709     indicate confusion between the system call creat and the VFS operation
710     create. The VFS operation create is only called to create new objects.
711     This create call differs from the Unix one in that it is not invoked
712     to return a file descriptor. The truncate and exclusive options,
713     together with the mode, could simply be part of the mode as it is
714     under Unix.  There should be no flags argument; this is used in open
715     (2) to return a file descriptor for READ or WRITE mode.
716
717  The attributes of the directory should be returned too, since the size
718  and mtime changed.
719
720
7214.9.  mkdir
722-----------
723
724
725  Summary
726    Create a new directory.
727
728  Arguments
729     in::
730
731		struct cfs_mkdir_in {
732		    ViceFid     VFid;
733		    struct coda_vattr attr;
734		    char        *name;          /* Place holder for data. */
735		} cfs_mkdir;
736
737
738
739     out::
740
741		struct cfs_mkdir_out {
742		    ViceFid VFid;
743		    struct coda_vattr attr;
744		} cfs_mkdir;
745
746
747
748
749  Description
750    This call is similar to create but creates a directory.
751    Only the mode field in the input parameters is used for creation.
752    Upon successful creation, the attr returned contains the attributes of
753    the new directory.
754
755  Errors
756    As for create.
757
758  .. Note::
759
760     The input parameter should be changed to mode instead of
761     attributes.
762
763  The attributes of the parent should be returned since the size and
764  mtime changes.
765
766
7674.10.  link
768-----------
769
770
771  Summary
772    Create a link to an existing file.
773
774  Arguments
775     in::
776
777		struct cfs_link_in {
778		    ViceFid sourceFid;          /* cnode to link *to* */
779		    ViceFid destFid;            /* Directory in which to place link */
780		    char        *tname;         /* Place holder for data. */
781		} cfs_link;
782
783
784
785     out
786
787	empty
788
789  Description
790    This call creates a link to the sourceFid in the directory
791    identified by destFid with name tname.  The source must reside in the
792    target's parent, i.e. the source must be have parent destFid, i.e. Coda
793    does not support cross directory hard links.  Only the return value is
794    relevant.  It indicates success or the type of failure.
795
796  Errors
797    The usual errors can occur.
798
799
8004.11.  symlink
801--------------
802
803
804  Summary
805    create a symbolic link
806
807  Arguments
808     in::
809
810		struct cfs_symlink_in {
811		    ViceFid     VFid;          /* Directory to put symlink in */
812		    char        *srcname;
813		    struct coda_vattr attr;
814		    char        *tname;
815		} cfs_symlink;
816
817
818
819     out
820
821	none
822
823  Description
824    Create a symbolic link. The link is to be placed in the
825    directory identified by VFid and named tname.  It should point to the
826    pathname srcname.  The attributes of the newly created object are to
827    be set to attr.
828
829  .. Note::
830
831     The attributes of the target directory should be returned since
832     its size changed.
833
834
8354.12.  remove
836-------------
837
838
839  Summary
840    Remove a file
841
842  Arguments
843     in::
844
845		struct cfs_remove_in {
846		    ViceFid     VFid;
847		    char        *name;          /* Place holder for data. */
848		} cfs_remove;
849
850
851
852     out
853
854	none
855
856  Description
857    Remove file named cfs_remove_in.name in directory
858    identified by   VFid.
859
860
861  .. Note::
862
863     The attributes of the directory should be returned since its
864     mtime and size may change.
865
866
8674.13.  rmdir
868------------
869
870
871  Summary
872    Remove a directory
873
874  Arguments
875     in::
876
877		struct cfs_rmdir_in {
878		    ViceFid     VFid;
879		    char        *name;          /* Place holder for data. */
880		} cfs_rmdir;
881
882
883
884     out
885
886	none
887
888  Description
889    Remove the directory with name name from the directory
890    identified by VFid.
891
892  .. Note:: The attributes of the parent directory should be returned since
893	    its mtime and size may change.
894
895
8964.14.  readlink
897---------------
898
899
900  Summary
901    Read the value of a symbolic link.
902
903  Arguments
904     in::
905
906		struct cfs_readlink_in {
907		    ViceFid VFid;
908		} cfs_readlink;
909
910
911
912     out::
913
914		struct cfs_readlink_out {
915		    int count;
916		    caddr_t     data;           /* Place holder for data. */
917		} cfs_readlink;
918
919
920
921  Description
922    This routine reads the contents of symbolic link
923    identified by VFid into the buffer data.  The buffer data must be able
924    to hold any name up to CFS_MAXNAMLEN (PATH or NAM??).
925
926  Errors
927    No unusual errors.
928
929
9304.15.  open
931-----------
932
933
934  Summary
935    Open a file.
936
937  Arguments
938     in::
939
940		struct cfs_open_in {
941		    ViceFid     VFid;
942		    int flags;
943		} cfs_open;
944
945
946
947     out::
948
949		struct cfs_open_out {
950		    dev_t       dev;
951		    ino_t       inode;
952		} cfs_open;
953
954
955
956  Description
957    This request asks Venus to place the file identified by
958    VFid in its cache and to note that the calling process wishes to open
959    it with flags as in open(2).  The return value to the kernel differs
960    for Unix and Windows systems.  For Unix systems the Coda FS Driver is
961    informed of the device and inode number of the container file in the
962    fields dev and inode.  For Windows the path of the container file is
963    returned to the kernel.
964
965
966  .. Note::
967
968     Currently the cfs_open_out structure is not properly adapted to
969     deal with the Windows case.  It might be best to implement two
970     upcalls, one to open aiming at a container file name, the other at a
971     container file inode.
972
973
9744.16.  close
975------------
976
977
978  Summary
979    Close a file, update it on the servers.
980
981  Arguments
982     in::
983
984		struct cfs_close_in {
985		    ViceFid     VFid;
986		    int flags;
987		} cfs_close;
988
989
990
991     out
992
993	none
994
995  Description
996    Close the file identified by VFid.
997
998  .. Note::
999
1000     The flags argument is bogus and not used.  However, Venus' code
1001     has room to deal with an execp input field, probably this field should
1002     be used to inform Venus that the file was closed but is still memory
1003     mapped for execution.  There are comments about fetching versus not
1004     fetching the data in Venus vproc_vfscalls.  This seems silly.  If a
1005     file is being closed, the data in the container file is to be the new
1006     data.  Here again the execp flag might be in play to create confusion:
1007     currently Venus might think a file can be flushed from the cache when
1008     it is still memory mapped.  This needs to be understood.
1009
1010
10114.17.  ioctl
1012------------
1013
1014
1015  Summary
1016    Do an ioctl on a file. This includes the pioctl interface.
1017
1018  Arguments
1019     in::
1020
1021		struct cfs_ioctl_in {
1022		    ViceFid VFid;
1023		    int cmd;
1024		    int len;
1025		    int rwflag;
1026		    char *data;                 /* Place holder for data. */
1027		} cfs_ioctl;
1028
1029
1030
1031     out::
1032
1033
1034		struct cfs_ioctl_out {
1035		    int len;
1036		    caddr_t     data;           /* Place holder for data. */
1037		} cfs_ioctl;
1038
1039
1040
1041  Description
1042    Do an ioctl operation on a file.  The command, len and
1043    data arguments are filled as usual.  flags is not used by Venus.
1044
1045  .. Note::
1046
1047     Another bogus parameter.  flags is not used.  What is the
1048     business about PREFETCHING in the Venus code?
1049
1050
1051
10524.18.  rename
1053-------------
1054
1055
1056  Summary
1057    Rename a fid.
1058
1059  Arguments
1060     in::
1061
1062		struct cfs_rename_in {
1063		    ViceFid     sourceFid;
1064		    char        *srcname;
1065		    ViceFid destFid;
1066		    char        *destname;
1067		} cfs_rename;
1068
1069
1070
1071     out
1072
1073	none
1074
1075  Description
1076    Rename the object with name srcname in directory
1077    sourceFid to destname in destFid.   It is important that the names
1078    srcname and destname are 0 terminated strings.  Strings in Unix
1079    kernels are not always null terminated.
1080
1081
10824.19.  readdir
1083--------------
1084
1085
1086  Summary
1087    Read directory entries.
1088
1089  Arguments
1090     in::
1091
1092		struct cfs_readdir_in {
1093		    ViceFid     VFid;
1094		    int count;
1095		    int offset;
1096		} cfs_readdir;
1097
1098
1099
1100
1101     out::
1102
1103		struct cfs_readdir_out {
1104		    int size;
1105		    caddr_t     data;           /* Place holder for data. */
1106		} cfs_readdir;
1107
1108
1109
1110  Description
1111    Read directory entries from VFid starting at offset and
1112    read at most count bytes.  Returns the data in data and returns
1113    the size in size.
1114
1115
1116  .. Note::
1117
1118     This call is not used.  Readdir operations exploit container
1119     files.  We will re-evaluate this during the directory revamp which is
1120     about to take place.
1121
1122
11234.20.  vget
1124-----------
1125
1126
1127  Summary
1128    instructs Venus to do an FSDB->Get.
1129
1130  Arguments
1131     in::
1132
1133		struct cfs_vget_in {
1134		    ViceFid VFid;
1135		} cfs_vget;
1136
1137
1138
1139     out::
1140
1141		struct cfs_vget_out {
1142		    ViceFid VFid;
1143		    int vtype;
1144		} cfs_vget;
1145
1146
1147
1148  Description
1149    This upcall asks Venus to do a get operation on an fsobj
1150    labelled by VFid.
1151
1152  .. Note::
1153
1154     This operation is not used.  However, it is extremely useful
1155     since it can be used to deal with read/write memory mapped files.
1156     These can be "pinned" in the Venus cache using vget and released with
1157     inactive.
1158
1159
11604.21.  fsync
1161------------
1162
1163
1164  Summary
1165    Tell Venus to update the RVM attributes of a file.
1166
1167  Arguments
1168     in::
1169
1170		struct cfs_fsync_in {
1171		    ViceFid VFid;
1172		} cfs_fsync;
1173
1174
1175
1176     out
1177
1178	none
1179
1180  Description
1181    Ask Venus to update RVM attributes of object VFid. This
1182    should be called as part of kernel level fsync type calls.  The
1183    result indicates if the syncing was successful.
1184
1185  .. Note:: Linux does not implement this call. It should.
1186
1187
11884.22.  inactive
1189---------------
1190
1191
1192  Summary
1193    Tell Venus a vnode is no longer in use.
1194
1195  Arguments
1196     in::
1197
1198		struct cfs_inactive_in {
1199		    ViceFid VFid;
1200		} cfs_inactive;
1201
1202
1203
1204     out
1205
1206	none
1207
1208  Description
1209    This operation returns EOPNOTSUPP.
1210
1211  .. Note:: This should perhaps be removed.
1212
1213
12144.23.  rdwr
1215-----------
1216
1217
1218  Summary
1219    Read or write from a file
1220
1221  Arguments
1222     in::
1223
1224		struct cfs_rdwr_in {
1225		    ViceFid     VFid;
1226		    int rwflag;
1227		    int count;
1228		    int offset;
1229		    int ioflag;
1230		    caddr_t     data;           /* Place holder for data. */
1231		} cfs_rdwr;
1232
1233
1234
1235
1236     out::
1237
1238		struct cfs_rdwr_out {
1239		    int rwflag;
1240		    int count;
1241		    caddr_t     data;   /* Place holder for data. */
1242		} cfs_rdwr;
1243
1244
1245
1246  Description
1247    This upcall asks Venus to read or write from a file.
1248
1249
1250  .. Note::
1251
1252    It should be removed since it is against the Coda philosophy that
1253    read/write operations never reach Venus.  I have been told the
1254    operation does not work.  It is not currently used.
1255
1256
1257
12584.24.  odymount
1259---------------
1260
1261
1262  Summary
1263    Allows mounting multiple Coda "filesystems" on one Unix mount point.
1264
1265  Arguments
1266     in::
1267
1268		struct ody_mount_in {
1269		    char        *name;          /* Place holder for data. */
1270		} ody_mount;
1271
1272
1273
1274     out::
1275
1276		struct ody_mount_out {
1277		    ViceFid VFid;
1278		} ody_mount;
1279
1280
1281
1282  Description
1283    Asks Venus to return the rootfid of a Coda system named
1284    name.  The fid is returned in VFid.
1285
1286  .. Note::
1287
1288     This call was used by David for dynamic sets.  It should be
1289     removed since it causes a jungle of pointers in the VFS mounting area.
1290     It is not used by Coda proper.  Call is not implemented by Venus.
1291
1292
12934.25.  ody_lookup
1294-----------------
1295
1296
1297  Summary
1298    Looks up something.
1299
1300  Arguments
1301     in
1302
1303	irrelevant
1304
1305
1306     out
1307
1308	irrelevant
1309
1310
1311  .. Note:: Gut it. Call is not implemented by Venus.
1312
1313
13144.26.  ody_expand
1315-----------------
1316
1317
1318  Summary
1319    expands something in a dynamic set.
1320
1321  Arguments
1322     in
1323
1324	irrelevant
1325
1326     out
1327
1328	irrelevant
1329
1330  .. Note:: Gut it. Call is not implemented by Venus.
1331
1332
13334.27.  prefetch
1334---------------
1335
1336
1337  Summary
1338    Prefetch a dynamic set.
1339
1340  Arguments
1341
1342     in
1343
1344	Not documented.
1345
1346     out
1347
1348	Not documented.
1349
1350  Description
1351    Venus worker.cc has support for this call, although it is
1352    noted that it doesn't work.  Not surprising, since the kernel does not
1353    have support for it. (ODY_PREFETCH is not a defined operation).
1354
1355
1356  .. Note:: Gut it. It isn't working and isn't used by Coda.
1357
1358
1359
13604.28.  signal
1361-------------
1362
1363
1364  Summary
1365    Send Venus a signal about an upcall.
1366
1367  Arguments
1368     in
1369
1370	none
1371
1372     out
1373
1374	not applicable.
1375
1376  Description
1377    This is an out-of-band upcall to Venus to inform Venus
1378    that the calling process received a signal after Venus read the
1379    message from the input queue.  Venus is supposed to clean up the
1380    operation.
1381
1382  Errors
1383    No reply is given.
1384
1385  .. Note::
1386
1387     We need to better understand what Venus needs to clean up and if
1388     it is doing this correctly.  Also we need to handle multiple upcall
1389     per system call situations correctly.  It would be important to know
1390     what state changes in Venus take place after an upcall for which the
1391     kernel is responsible for notifying Venus to clean up (e.g. open
1392     definitely is such a state change, but many others are maybe not).
1393
1394
13955.  The minicache and downcalls
1396===============================
1397
1398
1399  The Coda FS Driver can cache results of lookup and access upcalls, to
1400  limit the frequency of upcalls.  Upcalls carry a price since a process
1401  context switch needs to take place.  The counterpart of caching the
1402  information is that Venus will notify the FS Driver that cached
1403  entries must be flushed or renamed.
1404
1405  The kernel code generally has to maintain a structure which links the
1406  internal file handles (called vnodes in BSD, inodes in Linux and
1407  FileHandles in Windows) with the ViceFid's which Venus maintains.  The
1408  reason is that frequent translations back and forth are needed in
1409  order to make upcalls and use the results of upcalls.  Such linking
1410  objects are called cnodes.
1411
1412  The current minicache implementations have cache entries which record
1413  the following:
1414
1415  1. the name of the file
1416
1417  2. the cnode of the directory containing the object
1418
1419  3. a list of CodaCred's for which the lookup is permitted.
1420
1421  4. the cnode of the object
1422
1423  The lookup call in the Coda FS Driver may request the cnode of the
1424  desired object from the cache, by passing its name, directory and the
1425  CodaCred's of the caller.  The cache will return the cnode or indicate
1426  that it cannot be found.  The Coda FS Driver must be careful to
1427  invalidate cache entries when it modifies or removes objects.
1428
1429  When Venus obtains information that indicates that cache entries are
1430  no longer valid, it will make a downcall to the kernel.  Downcalls are
1431  intercepted by the Coda FS Driver and lead to cache invalidations of
1432  the kind described below.  The Coda FS Driver does not return an error
1433  unless the downcall data could not be read into kernel memory.
1434
1435
14365.1.  INVALIDATE
1437----------------
1438
1439
1440  No information is available on this call.
1441
1442
14435.2.  FLUSH
1444-----------
1445
1446
1447
1448  Arguments
1449    None
1450
1451  Summary
1452    Flush the name cache entirely.
1453
1454  Description
1455    Venus issues this call upon startup and when it dies. This
1456    is to prevent stale cache information being held.  Some operating
1457    systems allow the kernel name cache to be switched off dynamically.
1458    When this is done, this downcall is made.
1459
1460
14615.3.  PURGEUSER
1462---------------
1463
1464
1465  Arguments
1466    ::
1467
1468	  struct cfs_purgeuser_out {/* CFS_PURGEUSER is a venus->kernel call */
1469	      struct CodaCred cred;
1470	  } cfs_purgeuser;
1471
1472
1473
1474  Description
1475    Remove all entries in the cache carrying the Cred.  This
1476    call is issued when tokens for a user expire or are flushed.
1477
1478
14795.4.  ZAPFILE
1480-------------
1481
1482
1483  Arguments
1484    ::
1485
1486	  struct cfs_zapfile_out {  /* CFS_ZAPFILE is a venus->kernel call */
1487	      ViceFid CodaFid;
1488	  } cfs_zapfile;
1489
1490
1491
1492  Description
1493    Remove all entries which have the (dir vnode, name) pair.
1494    This is issued as a result of an invalidation of cached attributes of
1495    a vnode.
1496
1497  .. Note::
1498
1499     Call is not named correctly in NetBSD and Mach.  The minicache
1500     zapfile routine takes different arguments. Linux does not implement
1501     the invalidation of attributes correctly.
1502
1503
1504
15055.5.  ZAPDIR
1506------------
1507
1508
1509  Arguments
1510    ::
1511
1512	  struct cfs_zapdir_out {   /* CFS_ZAPDIR is a venus->kernel call */
1513	      ViceFid CodaFid;
1514	  } cfs_zapdir;
1515
1516
1517
1518  Description
1519    Remove all entries in the cache lying in a directory
1520    CodaFid, and all children of this directory. This call is issued when
1521    Venus receives a callback on the directory.
1522
1523
15245.6.  ZAPVNODE
1525--------------
1526
1527
1528
1529  Arguments
1530    ::
1531
1532	  struct cfs_zapvnode_out { /* CFS_ZAPVNODE is a venus->kernel call */
1533	      struct CodaCred cred;
1534	      ViceFid VFid;
1535	  } cfs_zapvnode;
1536
1537
1538
1539  Description
1540    Remove all entries in the cache carrying the cred and VFid
1541    as in the arguments. This downcall is probably never issued.
1542
1543
15445.7.  PURGEFID
1545--------------
1546
1547
1548  Arguments
1549    ::
1550
1551	  struct cfs_purgefid_out { /* CFS_PURGEFID is a venus->kernel call */
1552	      ViceFid CodaFid;
1553	  } cfs_purgefid;
1554
1555
1556
1557  Description
1558    Flush the attribute for the file. If it is a dir (odd
1559    vnode), purge its children from the namecache and remove the file from the
1560    namecache.
1561
1562
1563
15645.8.  REPLACE
1565-------------
1566
1567
1568  Summary
1569    Replace the Fid's for a collection of names.
1570
1571  Arguments
1572    ::
1573
1574	  struct cfs_replace_out { /* cfs_replace is a venus->kernel call */
1575	      ViceFid NewFid;
1576	      ViceFid OldFid;
1577	  } cfs_replace;
1578
1579
1580
1581  Description
1582    This routine replaces a ViceFid in the name cache with
1583    another.  It is added to allow Venus during reintegration to replace
1584    locally allocated temp fids while disconnected with global fids even
1585    when the reference counts on those fids are not zero.
1586
1587
15886.  Initialization and cleanup
1589==============================
1590
1591
1592  This section gives brief hints as to desirable features for the Coda
1593  FS Driver at startup and upon shutdown or Venus failures.  Before
1594  entering the discussion it is useful to repeat that the Coda FS Driver
1595  maintains the following data:
1596
1597
1598  1. message queues
1599
1600  2. cnodes
1601
1602  3. name cache entries
1603
1604     The name cache entries are entirely private to the driver, so they
1605     can easily be manipulated.   The message queues will generally have
1606     clear points of initialization and destruction.  The cnodes are
1607     much more delicate.  User processes hold reference counts in Coda
1608     filesystems and it can be difficult to clean up the cnodes.
1609
1610  It can expect requests through:
1611
1612  1. the message subsystem
1613
1614  2. the VFS layer
1615
1616  3. pioctl interface
1617
1618     Currently the pioctl passes through the VFS for Coda so we can
1619     treat these similarly.
1620
1621
16226.1.  Requirements
1623------------------
1624
1625
1626  The following requirements should be accommodated:
1627
1628  1. The message queues should have open and close routines.  On Unix
1629     the opening of the character devices are such routines.
1630
1631    -  Before opening, no messages can be placed.
1632
1633    -  Opening will remove any old messages still pending.
1634
1635    -  Close will notify any sleeping processes that their upcall cannot
1636       be completed.
1637
1638    -  Close will free all memory allocated by the message queues.
1639
1640
1641  2. At open the namecache shall be initialized to empty state.
1642
1643  3. Before the message queues are open, all VFS operations will fail.
1644     Fortunately this can be achieved by making sure than mounting the
1645     Coda filesystem cannot succeed before opening.
1646
1647  4. After closing of the queues, no VFS operations can succeed.  Here
1648     one needs to be careful, since a few operations (lookup,
1649     read/write, readdir) can proceed without upcalls.  These must be
1650     explicitly blocked.
1651
1652  5. Upon closing the namecache shall be flushed and disabled.
1653
1654  6. All memory held by cnodes can be freed without relying on upcalls.
1655
1656  7. Unmounting the file system can be done without relying on upcalls.
1657
1658  8. Mounting the Coda filesystem should fail gracefully if Venus cannot
1659     get the rootfid or the attributes of the rootfid.  The latter is
1660     best implemented by Venus fetching these objects before attempting
1661     to mount.
1662
1663  .. Note::
1664
1665     NetBSD in particular but also Linux have not implemented the
1666     above requirements fully.  For smooth operation this needs to be
1667     corrected.
1668
1669
1670
1671