From: Al Viro <viro@zeniv.linux.org.uk>
To: NeilBrown <neil@brown.name>
Cc: Christian Brauner <brauner@kernel.org>,
Trond Myklebust <trondmy@kernel.org>,
Anna Schumaker <anna@kernel.org>,
linux-nfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
Jeff Layton <jlayton@kernel.org>,
Amir Goldstein <amir73il@gmail.com>, Jan Kara <jack@suse.cz>
Subject: Re: VFS: change ->atomic_open() calling to always have exclusive access
Date: Wed, 17 Sep 2025 05:34:58 +0100 [thread overview]
Message-ID: <20250917043458.GT39973@ZenIV> (raw)
In-Reply-To: <20250915031134.2671907-1-neilb@ownmail.net>
On Mon, Sep 15, 2025 at 01:01:06PM +1000, NeilBrown wrote:
> ->atomic_open() is called with only a shared lock on the directory when
> O_CREAT wasn't requested. If the dentry is negative it is still called
> because the filesystem might want to revalidate-and-open in an atomic
> operations. NFS does this to fullfil close-to-open consistency
> requirements.
>
> NFS has complex code to drop the dentry and reallocate with
> d_alloc_parallel() in this case to ensure that only one lookup/open
> happens at a time. It would be simpler to have NFS return zero from
> ->d_revalidate in this case so that d_alloc_parallel() will be calling
> in lookup_open() and NFS wan't need to worry about concurrency.
>
> So this series makes that change to NFS to simplify atomic_open and remove
> the d_drop() and d_alloc_parallel(), and then changes lookup_open() so that
> atomic_open() can never be called without exclusive access to the dentry.
What will happen if you have a stale negative dentry of /mnt/foo/bar, with
/mnt/foo not writable to you (e.g. because /mnt is read-only mount) and
foo/bar having actually been created by another client since your old lookup
had happened? What's more, assume that this file is owned by you and has 0660
for mode.
Calling open("/mnt/foo/bar", O_CREAT|O_RDWR, 0666) should succeed - the file
in question exists, so O_CREAT and the third argument of open(2) should be
ignored.
What happens is that we get ->d_revalidate() still with effects of O_CREAT
(i.e. LOOKUP_CREATE|LOOKUP_OPEN), but ->atomic_open() does *not* get O_CREAT.
Your series is broken in that case, AFAICS.
next prev parent reply other threads:[~2025-09-17 4:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-15 3:01 VFS: change ->atomic_open() calling to always have exclusive access NeilBrown
2025-09-15 3:01 ` [PATCH 1/2] NFS: remove d_drop()/d_alloc_paralle() from nfs_atomic_open() NeilBrown
2025-09-15 3:01 ` [PATCH 2/2] VFS: don't call ->atomic_open on cached negative without O_CREAT NeilBrown
2025-09-17 4:23 ` Al Viro
2025-09-17 7:36 ` NeilBrown
2025-09-17 4:34 ` Al Viro [this message]
2025-09-17 7:25 ` VFS: change ->atomic_open() calling to always have exclusive access NeilBrown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250917043458.GT39973@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=amir73il@gmail.com \
--cc=anna@kernel.org \
--cc=brauner@kernel.org \
--cc=jack@suse.cz \
--cc=jlayton@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neil@brown.name \
--cc=trondmy@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.