From: Andreas Dilger <adilger@clusterfs.com>
To: Neil Brown <neilb@cse.unsw.edu.au>
Cc: Jan Hudec <bulb@ucw.cz>,
linux-fsdevel@sd3.mailbank.com, linux-kernel@vger.kernel.org,
"Peter J. Braam" <braam@clusterfs.com>
Subject: Re: Race in open(O_CREAT|O_EXCL) and network filesystem
Date: Mon, 29 Jul 2002 09:02:11 -0600 [thread overview]
Message-ID: <20020729150211.GC3077@clusterfs.com> (raw)
In-Reply-To: <15685.11287.43065.570783@notabene.cse.unsw.edu.au>
On Jul 29, 2002 21:50 +1000, Neil Brown wrote:
> On Sunday July 28, bulb@ucw.cz wrote:
> > maybe I'm blind, but I think there is a race featuring
> > open(O_CREAT|O_EXCL) and nfs or any other network fs.
> >
> > What may happen is:
> >
> > client A: open_namei looks up the inode
> > driver queries server and gets ENOENT
> > client B: open_namei looks up the inode
> > driver queries server and gets ENOENT
> > client A: open_namei calls create method
> > driver requests file to be created and is successful
> > client B: open_namei calls create method
> > dirver requests file to be created and since it does not know,
> > cant specify exclusion, thus is succesful
> > client A: open_namei does no more checks and thus open succeeds
> > client B: open succeeds too here - and it shouldn't
> >
> > Since many applications rely on this working correctly (especialy
> > mailboxes are locked using exclusive creates and mounting them over NFS
> > is quite common).
> >
> > So, can someone please answer:
> >
> > 1) Is there some reason this can't happen that I overlooked?
>
> No. You are correct.
>
> > 2) If it is a problem (comment in NFS suggest so), I can see two ways of
> > handling this. Either pass the flags to the create method, or restart
> > the open when create returns EEXISTS. Which one would be prefered?
>
> Well.. at OLS in the Lustre talk Peter Braam talked about something
> that could be used. Unfortunately it doesn't seem to be included in
> the paper in the proceedings but the idea was to include some "intend"
> in the lookup request. e.g. "lookup with intent to create" or
> "lookup with intent to delete" or maybe "lookup with intent to open
> for exclusive write access". The filesystem could then, at it's
> option, carry out the intended operation (possibly only partially) as
> part of the lookup. A simple filesystem wouldn't bothe and the VFS
> would continue with the normal process. A networked filesystem could
> do that whole operation including intent atomically.
The intent-based lookup code is available as part of the Lustre CVS.
See lustre/patches/patch-2.4.18 at the SF lustre project. There are
a couple of other changes in the patch that are unrelated to intents,
but those are fairly obvious (i.e. ext3/jbd changes, some exports, etc).
Cheers, Andreas
--
Andreas Dilger
http://www-mddsp.enel.ucalgary.ca/People/adilger/
http://sourceforge.net/projects/ext2resize/
next prev parent reply other threads:[~2002-07-29 15:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-07-28 16:52 Race in open(O_CREAT|O_EXCL) and network filesystem Jan Hudec
2002-07-29 11:45 ` Trond Myklebust
2002-07-29 11:50 ` Neil Brown
2002-07-29 15:02 ` Andreas Dilger [this message]
2002-07-29 23:04 ` Neil Brown
2002-07-29 23:44 ` Andreas Dilger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020729150211.GC3077@clusterfs.com \
--to=adilger@clusterfs.com \
--cc=braam@clusterfs.com \
--cc=bulb@ucw.cz \
--cc=linux-fsdevel@sd3.mailbank.com \
--cc=linux-kernel@vger.kernel.org \
--cc=neilb@cse.unsw.edu.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.