About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Documentation / filesystems / inotify.txt




Custom Search

Based on kernel version 3.13. Page generated on 2014-01-20 22:02 EST.

1					   inotify
2		    a powerful yet simple file change notification system
3	
4	
5	
6	Document started 15 Mar 2005 by Robert Love <rml@novell.com>
7	
8	
9	(i) User Interface
10	
11	Inotify is controlled by a set of three system calls and normal file I/O on a
12	returned file descriptor.
13	
14	First step in using inotify is to initialise an inotify instance:
15	
16		int fd = inotify_init ();
17	
18	Each instance is associated with a unique, ordered queue.
19	
20	Change events are managed by "watches".  A watch is an (object,mask) pair where
21	the object is a file or directory and the mask is a bit mask of one or more
22	inotify events that the application wishes to receive.  See <linux/inotify.h>
23	for valid events.  A watch is referenced by a watch descriptor, or wd.
24	
25	Watches are added via a path to the file.
26	
27	Watches on a directory will return events on any files inside of the directory.
28	
29	Adding a watch is simple:
30	
31		int wd = inotify_add_watch (fd, path, mask);
32	
33	Where "fd" is the return value from inotify_init(), path is the path to the
34	object to watch, and mask is the watch mask (see <linux/inotify.h>).
35	
36	You can update an existing watch in the same manner, by passing in a new mask.
37	
38	An existing watch is removed via
39	
40		int ret = inotify_rm_watch (fd, wd);
41	
42	Events are provided in the form of an inotify_event structure that is read(2)
43	from a given inotify instance.  The filename is of dynamic length and follows
44	the struct. It is of size len.  The filename is padded with null bytes to
45	ensure proper alignment.  This padding is reflected in len.
46	
47	You can slurp multiple events by passing a large buffer, for example
48	
49		size_t len = read (fd, buf, BUF_LEN);
50	
51	Where "buf" is a pointer to an array of "inotify_event" structures at least
52	BUF_LEN bytes in size.  The above example will return as many events as are
53	available and fit in BUF_LEN.
54	
55	Each inotify instance fd is also select()- and poll()-able.
56	
57	You can find the size of the current event queue via the standard FIONREAD
58	ioctl on the fd returned by inotify_init().
59	
60	All watches are destroyed and cleaned up on close.
61	
62	
63	(ii)
64	
65	Prototypes:
66	
67		int inotify_init (void);
68		int inotify_add_watch (int fd, const char *path, __u32 mask);
69		int inotify_rm_watch (int fd, __u32 mask);
70	
71	
72	(iii) Kernel Interface
73	
74	Inotify's kernel API consists a set of functions for managing watches and an
75	event callback.
76	
77	To use the kernel API, you must first initialize an inotify instance with a set
78	of inotify_operations.  You are given an opaque inotify_handle, which you use
79	for any further calls to inotify.
80	
81	    struct inotify_handle *ih = inotify_init(my_event_handler);
82	
83	You must provide a function for processing events and a function for destroying
84	the inotify watch.
85	
86	    void handle_event(struct inotify_watch *watch, u32 wd, u32 mask,
87	    	              u32 cookie, const char *name, struct inode *inode)
88	
89		watch - the pointer to the inotify_watch that triggered this call
90		wd - the watch descriptor
91		mask - describes the event that occurred
92		cookie - an identifier for synchronizing events
93		name - the dentry name for affected files in a directory-based event
94		inode - the affected inode in a directory-based event
95	
96	    void destroy_watch(struct inotify_watch *watch)
97	
98	You may add watches by providing a pre-allocated and initialized inotify_watch
99	structure and specifying the inode to watch along with an inotify event mask.
100	You must pin the inode during the call.  You will likely wish to embed the
101	inotify_watch structure in a structure of your own which contains other
102	information about the watch.  Once you add an inotify watch, it is immediately
103	subject to removal depending on filesystem events.  You must grab a reference if
104	you depend on the watch hanging around after the call.
105	
106	    inotify_init_watch(&my_watch->iwatch);
107	    inotify_get_watch(&my_watch->iwatch);	// optional
108	    s32 wd = inotify_add_watch(ih, &my_watch->iwatch, inode, mask);
109	    inotify_put_watch(&my_watch->iwatch);	// optional
110	
111	You may use the watch descriptor (wd) or the address of the inotify_watch for
112	other inotify operations.  You must not directly read or manipulate data in the
113	inotify_watch.  Additionally, you must not call inotify_add_watch() more than
114	once for a given inotify_watch structure, unless you have first called either
115	inotify_rm_watch() or inotify_rm_wd().
116	
117	To determine if you have already registered a watch for a given inode, you may
118	call inotify_find_watch(), which gives you both the wd and the watch pointer for
119	the inotify_watch, or an error if the watch does not exist.
120	
121	    wd = inotify_find_watch(ih, inode, &watchp);
122	
123	You may use container_of() on the watch pointer to access your own data
124	associated with a given watch.  When an existing watch is found,
125	inotify_find_watch() bumps the refcount before releasing its locks.  You must
126	put that reference with:
127	
128	    put_inotify_watch(watchp);
129	
130	Call inotify_find_update_watch() to update the event mask for an existing watch.
131	inotify_find_update_watch() returns the wd of the updated watch, or an error if
132	the watch does not exist.
133	
134	    wd = inotify_find_update_watch(ih, inode, mask);
135	
136	An existing watch may be removed by calling either inotify_rm_watch() or
137	inotify_rm_wd().
138	
139	    int ret = inotify_rm_watch(ih, &my_watch->iwatch);
140	    int ret = inotify_rm_wd(ih, wd);
141	
142	A watch may be removed while executing your event handler with the following:
143	
144	    inotify_remove_watch_locked(ih, iwatch);
145	
146	Call inotify_destroy() to remove all watches from your inotify instance and
147	release it.  If there are no outstanding references, inotify_destroy() will call
148	your destroy_watch op for each watch.
149	
150	    inotify_destroy(ih);
151	
152	When inotify removes a watch, it sends an IN_IGNORED event to your callback.
153	You may use this event as an indication to free the watch memory.  Note that
154	inotify may remove a watch due to filesystem events, as well as by your request.
155	If you use IN_ONESHOT, inotify will remove the watch after the first event, at
156	which point you may call the final inotify_put_watch.
157	
158	(iv) Kernel Interface Prototypes
159	
160		struct inotify_handle *inotify_init(struct inotify_operations *ops);
161	
162		inotify_init_watch(struct inotify_watch *watch);
163	
164		s32 inotify_add_watch(struct inotify_handle *ih,
165			              struct inotify_watch *watch,
166				      struct inode *inode, u32 mask);
167	
168		s32 inotify_find_watch(struct inotify_handle *ih, struct inode *inode,
169				       struct inotify_watch **watchp);
170	
171		s32 inotify_find_update_watch(struct inotify_handle *ih,
172					      struct inode *inode, u32 mask);
173	
174		int inotify_rm_wd(struct inotify_handle *ih, u32 wd);
175	
176		int inotify_rm_watch(struct inotify_handle *ih,
177				     struct inotify_watch *watch);
178	
179		void inotify_remove_watch_locked(struct inotify_handle *ih,
180						 struct inotify_watch *watch);
181	
182		void inotify_destroy(struct inotify_handle *ih);
183	
184		void get_inotify_watch(struct inotify_watch *watch);
185		void put_inotify_watch(struct inotify_watch *watch);
186	
187	
188	(v) Internal Kernel Implementation
189	
190	Each inotify instance is represented by an inotify_handle structure.
191	Inotify's userspace consumers also have an inotify_device which is
192	associated with the inotify_handle, and on which events are queued.
193	
194	Each watch is associated with an inotify_watch structure.  Watches are chained
195	off of each associated inotify_handle and each associated inode.
196	
197	See fs/notify/inotify/inotify_fsnotify.c and fs/notify/inotify/inotify_user.c
198	for the locking and lifetime rules.
199	
200	
201	(vi) Rationale
202	
203	Q: What is the design decision behind not tying the watch to the open fd of
204	   the watched object?
205	
206	A: Watches are associated with an open inotify device, not an open file.
207	   This solves the primary problem with dnotify: keeping the file open pins
208	   the file and thus, worse, pins the mount.  Dnotify is therefore infeasible
209	   for use on a desktop system with removable media as the media cannot be
210	   unmounted.  Watching a file should not require that it be open.
211	
212	Q: What is the design decision behind using an-fd-per-instance as opposed to
213	   an fd-per-watch?
214	
215	A: An fd-per-watch quickly consumes more file descriptors than are allowed,
216	   more fd's than are feasible to manage, and more fd's than are optimally
217	   select()-able.  Yes, root can bump the per-process fd limit and yes, users
218	   can use epoll, but requiring both is a silly and extraneous requirement.
219	   A watch consumes less memory than an open file, separating the number
220	   spaces is thus sensible.  The current design is what user-space developers
221	   want: Users initialize inotify, once, and add n watches, requiring but one
222	   fd and no twiddling with fd limits.  Initializing an inotify instance two
223	   thousand times is silly.  If we can implement user-space's preferences 
224	   cleanly--and we can, the idr layer makes stuff like this trivial--then we 
225	   should.
226	
227	   There are other good arguments.  With a single fd, there is a single
228	   item to block on, which is mapped to a single queue of events.  The single
229	   fd returns all watch events and also any potential out-of-band data.  If
230	   every fd was a separate watch,
231	
232	   - There would be no way to get event ordering.  Events on file foo and
233	     file bar would pop poll() on both fd's, but there would be no way to tell
234	     which happened first.  A single queue trivially gives you ordering.  Such
235	     ordering is crucial to existing applications such as Beagle.  Imagine
236	     "mv a b ; mv b a" events without ordering.
237	
238	   - We'd have to maintain n fd's and n internal queues with state,
239	     versus just one.  It is a lot messier in the kernel.  A single, linear
240	     queue is the data structure that makes sense.
241	
242	   - User-space developers prefer the current API.  The Beagle guys, for
243	     example, love it.  Trust me, I asked.  It is not a surprise: Who'd want
244	     to manage and block on 1000 fd's via select?
245	
246	   - No way to get out of band data.
247	
248	   - 1024 is still too low.  ;-)
249	
250	   When you talk about designing a file change notification system that
251	   scales to 1000s of directories, juggling 1000s of fd's just does not seem
252	   the right interface.  It is too heavy.
253	
254	   Additionally, it _is_ possible to  more than one instance  and
255	   juggle more than one queue and thus more than one associated fd.  There
256	   need not be a one-fd-per-process mapping; it is one-fd-per-queue and a
257	   process can easily want more than one queue.
258	
259	Q: Why the system call approach?
260	
261	A: The poor user-space interface is the second biggest problem with dnotify.
262	   Signals are a terrible, terrible interface for file notification.  Or for
263	   anything, for that matter.  The ideal solution, from all perspectives, is a
264	   file descriptor-based one that allows basic file I/O and poll/select.
265	   Obtaining the fd and managing the watches could have been done either via a
266	   device file or a family of new system calls.  We decided to implement a
267	   family of system calls because that is the preferred approach for new kernel
268	   interfaces.  The only real difference was whether we wanted to use open(2)
269	   and ioctl(2) or a couple of new system calls.  System calls beat ioctls.
Hide Line Numbers
About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Information is copyright its respective author. All material is available from the Linux Kernel Source distributed under a GPL License. This page is provided as a free service by mjmwired.net.