From: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
To: Jan Kara <jack@suse.cz>
Cc: mtk.manpages@gmail.com, John McCutchan <john@johnmccutchan.com>,
Robert Love <rlove@rlove.org>, Eric Paris <eparis@redhat.com>,
Lennart Poettering <lennart@poettering.net>,
radu.voicilas@gmail.com, daniel@veillard.com,
Christoph Hellwig <hch@infradead.org>,
Vegard Nossum <vegard.nossum@oracle.com>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
linux-man <linux-man@vger.kernel.org>,
gamin-list@gnome.org, lkml <linux-kernel@vger.kernel.org>,
inotify-tools-general@lists.sourceforge.net
Subject: Re: Things I wish I'd known about Inotify
Date: Sun, 06 Apr 2014 11:00:29 +0200 [thread overview]
Message-ID: <534117AD.1030708@gmail.com> (raw)
In-Reply-To: <20140404124338.GA26806@quack.suse.cz>
On 04/04/2014 02:43 PM, Jan Kara wrote:
> On Fri 04-04-14 09:35:50, Michael Kerrisk (man-pages) wrote:
>> On 04/03/2014 10:52 PM, Jan Kara wrote:
>>> On Thu 03-04-14 08:34:44, Michael Kerrisk (man-pages) wrote:
[...]
>>>> Dealing with rename() events
>>>> The IN_MOVED_FROM and IN_MOVED_TO events that are generated by
>>>> rename(2) are usually available as consecutive events when read‐
>>>> ing from the inotify file descriptor. However, this is not guar‐
>>>> anteed. If multiple processes are triggering events for moni‐
>>>> tored objects, then (on rare occasions) an arbitrary number of
>>>> other events may appear between the IN_MOVED_FROM and IN_MOVED_TO
>>>> events.
>>>>
>>>> Matching up the IN_MOVED_FROM and IN_MOVED_TO event pair gener‐
>>>> ated by rename(2) is thus inherently racy. (Don't forget that if
>>>> an object is renamed outside of a monitored directory, there may
>>>> not even be an IN_MOVED_TO event.) Heuristic approaches (e.g.,
>>>> assume the events are always consecutive) can be used to ensure a
>>>> match in most cases, but will inevitably miss some cases, causing
>>>> the application to perceive the IN_MOVED_FROM and IN_MOVED_TO
>>>> events as being unrelated. If watch descriptors are destroyed
>>>> and re-created as a result, then those watch descriptors will be
>>>> inconsistent with the watch descriptors in any pending events.
>>>> (Re-creating the inotify file descriptor and rebuilding the cache
>>>> may be useful to deal with this scenario.)
>>> Well, but there's 'cookie' value meant exactly for matching up
>>> IN_MOVED_FROM and IN_MOVED_TO events. And 'cookie' is guaranteed to be
>>> unique at least within the inotify instance (in fact currently it is unique
>>> within the whole system but I don't think we want to give that promise).
>>
>> Yes, that's already assumed by my discussion above (its described elsewhere
>> in the page). But your comment makes me think I should add a few words to
>> remind the reader of that fact. I'll do that.
> Yes, that would be good.
>
>> But, the point is that even with the cookie, matching the events is
>> nontrivial, since:
>>
>> * There may not even be an IN_MOVED_FROM event
>> * There may be an arbitrary number of other events in between the
>> IN_MOVED_FROM and the IN_MOVED_TO.
>>
>> Therefore, one has to use heuristic approaches such as "allow at least
>> N millisconds" or "check the next N events" to see if there is an
>> IN_MOVED_FROM that matches the IN_MOVED_TO. I can't see any way around
>> that being inherently racy. (It's unfortunate that the kernel can't
>> provide a guarantee that the two events are always consecutive, since
>> that would simply user space's life considerably.)
> Yeah, it's unpleasant but doing that would be quite costly/complex at the
> kernel side.
Yep, I imagined that was probably the reason.
> And the race would in the worst case lead to application
> thinking there's been file moved outside of watched area & a file moved
> somewhere else inside the watched area. So the application will have to
> possibly inspect that file. That doesn't seem too bad.
It's actually very bad. See the text above. The point is that one likely
treatment on an IN_MOVED_FROM event that has no IN_MOVED_TO is to remove
the watches for the moved out subtree. If it turns out that this really
was just a rename(), then on the IN_MOVED_TO, the watches will be recreated
*with different watch descriptors*, thus invalidating the watch descriptors
in any queued but as yet unprocessed inotify events. See what I mean?
That's quite painful for user space.
Cheers,
Michael
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
To: Jan Kara <jack@suse.cz>
Cc: mtk.manpages@gmail.com, John McCutchan <john@johnmccutchan.com>,
Robert Love <rlove@rlove.org>, Eric Paris <eparis@redhat.com>,
Lennart Poettering <lennart@poettering.net>,
radu.voicilas@gmail.com, daniel@veillard.com,
Christoph Hellwig <hch@infradead.org>,
Vegard Nossum <vegard.nossum@oracle.com>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
linux-man <linux-man@vger.kernel.org>,
gamin-list@gnome.org, lkml <linux-kernel@vger.kernel.org>,
inotify-tools-general@lists.sourceforge.net
Subject: Re: Things I wish I'd known about Inotify
Date: Sun, 06 Apr 2014 11:00:29 +0200 [thread overview]
Message-ID: <534117AD.1030708@gmail.com> (raw)
In-Reply-To: <20140404124338.GA26806@quack.suse.cz>
On 04/04/2014 02:43 PM, Jan Kara wrote:
> On Fri 04-04-14 09:35:50, Michael Kerrisk (man-pages) wrote:
>> On 04/03/2014 10:52 PM, Jan Kara wrote:
>>> On Thu 03-04-14 08:34:44, Michael Kerrisk (man-pages) wrote:
[...]
>>>> Dealing with rename() events
>>>> The IN_MOVED_FROM and IN_MOVED_TO events that are generated by
>>>> rename(2) are usually available as consecutive events when read‐
>>>> ing from the inotify file descriptor. However, this is not guar‐
>>>> anteed. If multiple processes are triggering events for moni‐
>>>> tored objects, then (on rare occasions) an arbitrary number of
>>>> other events may appear between the IN_MOVED_FROM and IN_MOVED_TO
>>>> events.
>>>>
>>>> Matching up the IN_MOVED_FROM and IN_MOVED_TO event pair gener‐
>>>> ated by rename(2) is thus inherently racy. (Don't forget that if
>>>> an object is renamed outside of a monitored directory, there may
>>>> not even be an IN_MOVED_TO event.) Heuristic approaches (e.g.,
>>>> assume the events are always consecutive) can be used to ensure a
>>>> match in most cases, but will inevitably miss some cases, causing
>>>> the application to perceive the IN_MOVED_FROM and IN_MOVED_TO
>>>> events as being unrelated. If watch descriptors are destroyed
>>>> and re-created as a result, then those watch descriptors will be
>>>> inconsistent with the watch descriptors in any pending events.
>>>> (Re-creating the inotify file descriptor and rebuilding the cache
>>>> may be useful to deal with this scenario.)
>>> Well, but there's 'cookie' value meant exactly for matching up
>>> IN_MOVED_FROM and IN_MOVED_TO events. And 'cookie' is guaranteed to be
>>> unique at least within the inotify instance (in fact currently it is unique
>>> within the whole system but I don't think we want to give that promise).
>>
>> Yes, that's already assumed by my discussion above (its described elsewhere
>> in the page). But your comment makes me think I should add a few words to
>> remind the reader of that fact. I'll do that.
> Yes, that would be good.
>
>> But, the point is that even with the cookie, matching the events is
>> nontrivial, since:
>>
>> * There may not even be an IN_MOVED_FROM event
>> * There may be an arbitrary number of other events in between the
>> IN_MOVED_FROM and the IN_MOVED_TO.
>>
>> Therefore, one has to use heuristic approaches such as "allow at least
>> N millisconds" or "check the next N events" to see if there is an
>> IN_MOVED_FROM that matches the IN_MOVED_TO. I can't see any way around
>> that being inherently racy. (It's unfortunate that the kernel can't
>> provide a guarantee that the two events are always consecutive, since
>> that would simply user space's life considerably.)
> Yeah, it's unpleasant but doing that would be quite costly/complex at the
> kernel side.
Yep, I imagined that was probably the reason.
> And the race would in the worst case lead to application
> thinking there's been file moved outside of watched area & a file moved
> somewhere else inside the watched area. So the application will have to
> possibly inspect that file. That doesn't seem too bad.
It's actually very bad. See the text above. The point is that one likely
treatment on an IN_MOVED_FROM event that has no IN_MOVED_TO is to remove
the watches for the moved out subtree. If it turns out that this really
was just a rename(), then on the IN_MOVED_TO, the watches will be recreated
*with different watch descriptors*, thus invalidating the watch descriptors
in any queued but as yet unprocessed inotify events. See what I mean?
That's quite painful for user space.
Cheers,
Michael
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
next prev parent reply other threads:[~2014-04-06 9:00 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-03 6:34 Things I wish I'd known about Inotify Michael Kerrisk (man-pages)
2014-04-03 6:34 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkjymzawYMKZGedK=fai55cwo4p=yeYe6GT8MdxWON__zw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-04-03 15:38 ` Eric W. Biederman
2014-04-03 15:38 ` Eric W. Biederman
2014-04-03 15:38 ` Eric W. Biederman
2014-04-04 7:59 ` Michael Kerrisk (man-pages)
2014-04-04 7:59 ` Michael Kerrisk (man-pages)
2014-04-04 20:24 ` Stef Bon
2014-04-03 20:52 ` Jan Kara
2014-04-03 20:52 ` Jan Kara
2014-04-04 7:35 ` Michael Kerrisk (man-pages)
[not found] ` <533E60D6.2000704-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2014-04-04 12:43 ` Jan Kara
2014-04-04 12:43 ` Jan Kara
2014-04-06 9:00 ` Michael Kerrisk (man-pages) [this message]
2014-04-06 9:00 ` Michael Kerrisk (man-pages)
[not found] ` <534117AD.1030708-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2014-04-07 9:31 ` Jan Kara
2014-04-07 9:31 ` Jan Kara
[not found] ` <20140407093152.GC14927-+0h/O2h83AeN3ZZ/Hiejyg@public.gmane.org>
2014-04-12 5:44 ` Michael Kerrisk (man-pages)
2014-04-12 5:44 ` Michael Kerrisk (man-pages)
2014-07-12 19:06 ` Michael Kerrisk (man-pages)
2014-07-12 19:06 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkj=j2Auym+Euis0qYot3nYoASkeaf4kFPWvL-M-FCXEvQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-14 11:28 ` Jan Kara
2014-07-14 11:28 ` Jan Kara
2014-07-15 4:15 ` Michael Kerrisk (man-pages)
2014-07-15 4:15 ` Michael Kerrisk (man-pages)
2014-04-04 13:00 ` David Herrmann
2014-04-04 13:00 ` David Herrmann
[not found] ` <CANq1E4RzNA_ajEwf1rRbTa8xOP392_YfD0mShK6QV=FexoOpUA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-04-04 13:08 ` David Herrmann
2014-04-04 13:08 ` David Herrmann
2014-04-04 14:50 ` Eric Paris
2014-04-04 14:50 ` Eric Paris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=534117AD.1030708@gmail.com \
--to=mtk.manpages@gmail.com \
--cc=daniel@veillard.com \
--cc=eparis@redhat.com \
--cc=gamin-list@gnome.org \
--cc=hch@infradead.org \
--cc=inotify-tools-general@lists.sourceforge.net \
--cc=jack@suse.cz \
--cc=john@johnmccutchan.com \
--cc=lennart@poettering.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=radu.voicilas@gmail.com \
--cc=rlove@rlove.org \
--cc=vegard.nossum@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.