Presentation is loading. Please wait.

Presentation is loading. Please wait.

Outline for Today Objective –Metadata complications –More on naming Attribute-based file naming: “Why can’t I find my files?” Administrative –Not yet.

Published byDomenic Sims Modified over 9 years ago

Similar presentations

Presentation on theme: "Outline for Today Objective –Metadata complications –More on naming Attribute-based file naming: “Why can’t I find my files?” Administrative –Not yet."— Presentation transcript:

1 Outline for Today Objective –Metadata complications –More on naming Attribute-based file naming: “Why can’t I find my files?” Administrative –Not yet.

2 Metadata File size File type Protection - access control information History: creation time, last modification, last access. Location of file - which device Location of individual blocks of the file on disk. Owner of file Group(s) of users associated with file

3 Operations on Directories ( UNIX ) link (oldpathname, newpathname) - make entry pointing to file unlink (filename) - remove entry pointing to file mknod (dirname, type, device) - used (e.g. by mkdir utility function) to create a directory (or named pipe, or special file) getdents(fd, buf, structsize) - reads dir entries

4 Metadata & Performance There are two popular approaches for improving the performance of metadata operations and recovery: –Journaling –Soft Updates Journaling systems record metadata operations on an auxiliary log Soft Updates uses ordered writes (Ganger & Patt, OSDI 94)

5 Metadata Operations Metadata operations modify the structure of the file system –Creating, deleting, or renaming files, directories, or special files Data must be written to disk in such a way that the file system can be recovered to a consistent state after a system crash

6 General Rules of Ordering 1)Never point to a structure before it has been initialized (inode < direntry) 2)Never re-use a resource before nullifying all previous pointers to it 3)Never reset the old pointer to a live resource before the new pointer has been set (renaming)

7 Metadata Integrity FFS uses synchronous writes to guarantee the integrity of metadata –Any operation modifying multiple pieces of metadata will write its data to disk in a specific order –These writes will be blocking Guarantees integrity and durability of metadata updates

8 Deleting a file abc def ghi i-node-1 i-node-2 i-node-3 Assume we want to delete file “def”

9 Deleting a file abc def ghi i-node-1 i-node-3 Cannot delete i-node before directory entry “def” ?

10 Deleting a file Correct sequence is 1.Write to disk directory block containing deleted directory entry “def” 2.Write to disk i-node block containing deleted i-node Leaves the file system in a consistent state

11 Creating a file abc ghi i-node-1 i-node-3 Assume we want to create new file “tuv”

12 Creating a file abc ghi tuv i-node-1 i-node-3 Cannot write directory entry “tuv” before i-node ?

13 Creating a file Correct sequence is 1.Write to disk i-node block containing new i-node 2.Write to disk directory block containing new directory entry Leaves the file system in a consistent state

14 Synchronous Updates Used by FFS to guarantee consistency of metadata: –All metadata updates are done through blocking writes Increases the cost of metadata updates Can significantly impact the performance of whole file system

15 SOFT UPDATES Use delayed writes (write back) Maintain dependency information about cached pieces of metadata: This i-node must be updated before/after this directory entry Guarantee that metadata blocks are written to disk in the required order

16 First Problem Synchronous writes guaranteed that metadata operations were durable once the system call returned Soft Updates guarantee that file system will recover into a consistent state but not necessarily the most recent one –Some updates could be lost

17 Second Problem Cyclical dependencies: –Same directory block contains entries to be created and entries to be deleted –These entries point to i-nodes in the same block

18 i-node-2 Example We want to delete file “def” and create new file “xyz” def NEW xyz NEW i-node-3 --- Block ABlock B ----------

19 Example Cannot write block A before block B: –Block A contains a new directory entry pointing to block B Cannot write block B before block A: –Block A contains a deleted directory entry pointing to block B

20 The Solution Roll back metadata in one of the blocks to an earlier, safe state (Safe state does not contain new directory entry) def --- Block A’

21 The Solution Write first block with metadata that were rolled back (block A’ of example) Write blocks that can be written after first block has been written (block B of example) Roll forward block that was rolled back Write that block Breaks the cyclical dependency but must now write twice block A

22 Journaling Journaling systems maintain an auxiliary log that records all meta-data operations Write-ahead logging ensures that the log is written to disk before any blocks containing data modified by the corresponding operations. –After a crash, can replay the log to bring the file system to a consistent state

23 Journaling Log writes are performed in addition to the regular writes Journaling systems incur log write overhead but –Log writes can be performed efficiently because they are sequential –Metadata blocks do not need to be written back after each update

24 Journaling Journaling systems can provide –same durability semantics as FFS if log is forced to disk after each meta-data operation –the laxer semantics of Soft Updates if log writes are buffered until entire buffers are full Will discuss two implementations –Log to file –Write Ahead File System

25 Log-to-File Maintains a circular log in a pre-allocated file in the FFS (about 1% of file system size) Buffer manager uses a write-ahead logging protocol to ensure proper synchronization between regular file data and the log

26 Log-to-File Buffer header of each modified block in cache identifies the first and last log entries describing an update to the block System uses –First item to decide which log entries can be purged from log –Second item to ensure that all relevant log entries are written to disk before the block is flushed from the cache

27 LFS-File LFFS-file maintains its log asynchronously –Maintains file system integrity, but does not guarantee durability of updates

28 WAFS Implements its log in an auxiliary file system: Write Ahead File System (WAFS) –Can be mounted and unmounted – Can append data –Can return data by sequential or keyed reads Keys for keyed reads are log-sequence-numbers (LSNs) that correspond to logical offsets in the log

29 WAFS Log is implemented as a circular buffer within the physical space allocated to the file system. Buffer header of each modified block in cache contains LSNs of first and last log entries describing an update to the block

30 WAFS Major advantage of WAFS is additional flexibility: –Can put WAFS on separate disk drive to avoid I/O contention –Can even put it in NVRAM Normally uses synchronous writes –Metadata operations are persistent upon return from the system call –Same durability semantics as FFS

31 Recovery Superblock has address of last checkpoint –LFFS-file has frequent checkpoints –LFFS-wafs much less frequent checkpoints First recover the log Read then the log from logical end (backward pass) and undo all aborted operations Do forward pass and reapply all updates that have not yet been written to disk

32 Other Approaches Using non-volatile cache (Network Appliances) –Ultimate solution: can keep data in cache forever –Additional cost of NVRAM Simulating NVRAM with –Uninterruptible power supplies –Hardware-protected RAM (Rio): cache is marked read- only most of the time

33 Other Approaches Log-structured file systems –Not always possible to write all related meta- data in a single disk transfer –Sprite-LFS adds small log entries to the beginning of segments –BSD-LFS make segments temporary until all metadata necessary to ensure the recoverability of the file system are on disk.

34 System Comparison Compared performances of –Standard FFS –FFS mounted with the async option –FFS mounted with Soft Updates –FFS augmented with a file log using either synchronous or asynchronous log writes – FFS augmented with a WAFS log using either synchronous or asynchronous log writes and WAFS log on same or different drive

35 Feature Comparison

36 Microbenchmark Results clustering indirect block background deletes

37 Macrobenchmark Results Large data set exceeds cache dependency rollbacks hit

38 Summary of Journaling vs. Soft Updates Journaling alone is not sufficient to “solve” the meta-data update problem –Cannot realize its full potential when synchronous semantics are required When that condition is relaxed, journaling and Soft Updates perform comparably in most cases

39 Extending Metadata File size File type Protection - access control information History: creation time, last modification, last access. Location of file - which device Location of individual blocks of the file on disk. Owner of file Group(s) of users associated with file pairs

40 A Naming Problem usr project coursearchive cwd fall02fall01 fall00 fall99 fall03 spring02 spring99 spring01 spring00 cps210 cps110 Find the lecture where metadata was discussed

41 usr project coursearchive cwd fall02fall01 fall00 fall99 fall03 spring02 spring99 spring01 spring00 cps210 cps110 … Find the lecture where metadata was discussed A Naming Problem

42 spring00 spring01 spring02 spring99 usr project coursearchive cwd fall02fall01 fall00 fall99 fall03 spring02 spring99 spring01 spring00 cps210 cps110 Find the lecture where metadata was discussed cps210 With symbolic links A Naming Problem

43 It gets worse: /home/home5/carla/talks 2 laptops (one lives at work, one at home) desktop machine at home Forest not a tree! –Growing more like kudzu A Naming Problem

44 Attributes in File Systems Metadata: How to assign? –User provided – too much work –Content analysis – restricted by formats Semantic file system provided transducers –Context analysis Access-based or inter-file relationships Once you have them –Virtual directories – “views” –Indexing

45 spring00 spring01 spring02 spring99 Virtual Directories usr project coursearchive cwd fall02fall01 fall00 fall99 fall03 spring02 spring99 spring01 spring00 cps210 cps110 Find the lecture where metadata was discussed Query: Automated symbolic links

46 Lecture10.ppt Virtual Directories usr project coursearchive cwd fall02fall01 fall00 fall99 fall03 spring02 spring99 spring01 spring00 cps210 cps110 Find the lecture where metadata was discussed Query: AND Lecture10.ppt metadata.ppt raid.ppt Versions?

47 Issues with Virtual Directories What if I want to create a file under a virtual directory that doesn’t have a path location already? How does the system maintain consistency? We should make sure that when a file changes, its contents are still consistent with the query. –What if somewhere a new file is created that should match the query and be included? –What if currently matching file is changed to not match? How do I construct a query that captures exactly the set of files I wish to group together?

48 Example: HAC File System (Gopal & Manber, OSDI99) Semantic directories created within the hierarchy (given a pathname in the tree) by issuing a query over the scope inherited from parent –Physically exist as directory files containing symlinks Creates symbolic links to all files that satisfy query User can also explicitly add symbolic links to this semantic directory as well as remove ones returned by the query as posed. –Query is a starting point for organization. Reevaluate queries whenever something in scope changes..

49 Context-based Relationships Premise: Context is what user might remember best. Previous work –Hoarding for disconnected access (inter-file relationships) –Google: textual context for link and feedback from search behavior (assumption of popularity over many users)

50 Access-based Use context of user’s session at access time Application knowledge – modify apps to provide hints –Example: subject of email associated with attached file Feedback from “find” type queries –Searches are for rarely accessed files and usually only one user – limits statistical info

51 Traced File Creation Behavior

52 Inter-file Attributes can be shared/propagated among related files Determining relationships –User access patterns – temporal locality –Inter-file content analysis Similarity – duplication -- hashing Versions

53 Challenges Mechanisms –Storage of large numbers of attributes that get automatically generated –User interface Context switches –Creating false positive relationships

54 “Cache It”

55 Prefetching To avoid the access latency of moving the data in for that first cache miss. Prediction! “Guessing” what data will be needed in the future. –It’s not for free: Consequences of guessing wrong Overhead

56 Background: Inter-file Relationships

57 Hoarding - Prefetching for Disconnected Information Access Caching for availability (not just latency) Cache misses, when operating disconnected, have no redeeming value. (Unlike in connected mode, they can’t be used as the triggering mechanism for filling the cache.) How to preload the cache for subsequent disconnection? Planned or unplanned. What does it mean for replacement?

58 SEER’s Hoarding Scheme: Semantic Distance Observer monitors user access patterns, classifying each access by type. Correlator calculates semantic distance among files Clustering algorithm assign each file to one or more projects Only entire projects are hoarded.

59 Defining Semantic Distance Temporal semantic distance - elapsed time between two file references Time scale effects :-( Sequence-based semantic distance - number of intervening file references between 2, of interest. At what point? Open? Close? Lifetime semantic distance - accounts for concurrently open files - overlapping lifetimes

60 Calc of Lifetime Distance foo.c foo.hbar.h foo.o Distance is 0 if A not closed before B opened (0verlap) # intervening opens including itself otherwise foo.c -> foo.h 0 foo.c -> bar.h 0 foo.c -> foo.o3

61 How to turn semantic distance between two references into semantic distance between files? Summarize - geometric mean. Using months of data. Only store n nearest neighbors for each file and files within distance M External investigators can incorporate some extra info (e.g. heuristics used by Tait, makefile) 0 1 3

62 Real World Complications Meaningless clutter in the reference stream (e.g. find command) Shared libraries - an apparent link between unrelated files - want to hoard but not use in distance calculations and clustering Rare but critical files, temp files, directories Multi-tasking clutter Delete and recreate by same filename. Examine metadata then open – 1 or 2 accesses? SEER tracing itself – avoid accesses by root

63 Evaluation Metric –Hoard misses usually do not allow continuation of activity (stops trace) – counting misses is meaningless. –Time to 1 st miss – would depend on hoard size –Miss-free hoard size – size necessary to ensure no misses Method –Live deployment – difficulty in making comparisons Only long enough disconnections Subtract off suspensions –Trace-driven simulation -- reproducible What kind of traces are valid?

64 Metadata File size File type Protection - access control information History: creation time, last modification, last access. Location of file - which device Location of individual blocks of the file on disk. Owner of file Group(s) of users associated with file

65 Access Control for Files Access control lists - detailed list attached to file of users allowed (denied) access, including kind of access allowed/denied. UNIX RWX - owner, group, everyone

66 UNIX access control Each file carries its access control with it. rwx rwx rwx setuid Owner UID Group GID Everybody elseWhen bit set, it allows process executing object to assume UID of owner temporarily - enter owner domain (rights amplification) Owner has chmod, chgrp rights (granting, revoking)

67 The Access Model Authorization problems can be represented abstractly by of an access model. –each row represents a subject/principal/domain –each column represents an object –each cell: accesses permitted for the {subject, object} pair read, write, delete, execute, search, control, or any other method In real systems, the access matrix is sparse and dynamic. need a flexible, efficient representation

68 68 Access Matrix TA grp Chris Pat gradefile solutions proj1 rwx rw r rx luvltr r rw hotgossip rw

69 69 Two Representations ACL - Access Control Lists –Columns of previous matrix –Permissions attached to Objects –ACL for file hotgossip: Chris, rw; Pat, rw Capabilities –Rows of previous matrix –Permissions associated with Subject –Tickets, Namespace (what it is that one can name) –Capabilities held by Pat: luvltr, rw; hotgossip,rw

70 Access Control Lists Approach: represent the access matrix by storing its columns with the objects. Tag each object with an access control list (ACL) of authorized subjects/principals. To authorize an access requested by S for O –search O’s ACL for an entry matching S –compare requested access with permitted access –access checks are often made only at bind time

71 Access Control Lists Use of access control lists of manage file access

72 Access Control Lists Two access control lists

73 Capabilities Approach: represent the access matrix by storing its rows with the subjects. Tag each subject with a list of capabilities for the objects it is permitted to access. –A capability is an unforgeable object reference, like a pointer. –It endows the holder with permission to operate on the object e.g., permission to invoke specific methods –Typically, capabilities may be passed from one subject to another. Rights propagation and confinement problems

74 Dynamics of Protection Schemes How to endow software modules with appropriate privilege? –What mechanism exists to bind principals with subjects? e.g., setuid syscall, setuid bit –What principals should a software module bind to? privilege of creator: but may not be sufficient to perform the service privilege of owner or system: dangerous

75 75 Dynamics of Protection Schemes How to revoke privileges? What about adding new subjects or new objects? How to dynamically change the set of objects accessible (or vulnerable) to different processes run by the same user? –Need-to-know principle / Principle of minimal privilege –How do subjects change identity to execute a more privileged module? protection domain, protection domain switch (enter)

76 76 Protection Domains Processes execute in a protection domain, initially inherited from subject Goal: to be able to change protection domains Introduce a level of indirection Domains become protected objects with operations defined on them: owner, copy, control TA grp Chris Pat gradefile solutions proj1 rwx rwrwo r rxc luvltr r rw hotgossip rw Domain0 ctl enter r

77 77 If domain contains copy on right to some object, then it can transfer that right to the object to another domain. If domain is owner of some object, it can grant that right to the object, with or without copy to another domain If domain is owner or has ctl right to a domain, it can remove right to object from that domain Rights propagation. TA grp Chris Pat gradefile solutions proj1 rwo rwrwo r rcrc luvltr r rw hotgossip rw Domain0 ctl enter r rcrc r

Download ppt "Outline for Today Objective –Metadata complications –More on naming Attribute-based file naming: “Why can’t I find my files?” Administrative –Not yet."

Similar presentations

More on File Management

More on File Management
Lectures on File Management

Lectures on File Management
2013-2014. 1. Concepts about the file system 2. The disk structure 3. Files in disk – The ext2 FS 4. The Virtual File System (c) 2013, Prof. Jordi Garcia.

Concepts about the file system 2. The disk structure 3. Files in disk – The ext2 FS 4. The Virtual File System (c) 2013, Prof. Jordi Garcia.
File Systems Examples.

File Systems Examples.
File Management Chapter 12. File Management File management system is considered part of the operating system Input to applications is by means of a file.

File Management Chapter 12. File Management File management system is considered part of the operating system Input to applications is by means of a file.
File Management Chapter 12. File Management A file is a named entity used to save results from a program or provide data to a program. Access control.

File Management Chapter 12. File Management A file is a named entity used to save results from a program or provide data to a program. Access control.
Chapter 11: File System Implementation

Chapter 11: File System Implementation
Recovery 10/18/05. Implementing atomicity Note, when a transaction commits, the portion of the system implementing durability ensures the transaction’s.

Recovery 10/18/05. Implementing atomicity Note, when a transaction commits, the portion of the system implementing durability ensures the transaction’s.
File System Implementation

File System Implementation
File System Implementation

File System Implementation
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.

19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
CS 333 Introduction to Operating Systems Class 18 - File System Performance Jonathan Walpole Computer Science Portland State University.

CS 333 Introduction to Operating Systems Class 18 - File System Performance Jonathan Walpole Computer Science Portland State University.
CMPT 300: Final Review Chapters 8 – 14. 2 Memory Management: Ch. 8, 9 Address spaces Logical (virtual): generated by the CPU Physical: seen by the memory.

CMPT 300: Final Review Chapters 8 – Memory Management: Ch. 8, 9 Address spaces Logical (virtual): generated by the CPU Physical: seen by the memory.
6/24/2015B.RamamurthyPage 1 File System B. Ramamurthy.

6/24/2015B.RamamurthyPage 1 File System B. Ramamurthy.
Ext3 Journaling File System “absolute consistency of the filesystem in every respect after a reboot, with no loss of existing functionality” chadd williams.

Ext3 Journaling File System “absolute consistency of the filesystem in every respect after a reboot, with no loss of existing functionality” chadd williams.
Chapter 12 File Management Systems

Chapter 12 File Management Systems
Outline Objective –Attribute file naming: “Why can’t I find my files?” –Hoarding techniques and their use in disconnected file systems Administrative –New.

Outline Objective –Attribute file naming: “Why can’t I find my files?” –Hoarding techniques and their use in disconnected file systems Administrative –New.
1 Course Outline Processes & Threads CPU Scheduling Synchronization & Deadlock Memory Management File Systems & I/O Networks, Protection and Security.

1 Course Outline Processes & Threads CPU Scheduling Synchronization & Deadlock Memory Management File Systems & I/O Networks, Protection and Security.
7/15/2015B.RamamurthyPage 1 File System B. Ramamurthy.

7/15/2015B.RamamurthyPage 1 File System B. Ramamurthy.
Transactions and Reliability. File system components Disk management Naming Reliability  What are the reliability issues in file systems? Security.

Transactions and Reliability. File system components Disk management Naming Reliability  What are the reliability issues in file systems? Security.

Similar presentations

Ads by Google