From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mimi Zohar Subject: Re: [PATCH 1/2] locks: introduce i_blockleases to close lease races Date: Sun, 12 Jun 2011 15:10:04 -0400 Message-ID: <1307905804.3564.28.camel@localhost.localdomain> References: <20110610000944.GC22215@fieldses.org> <20110610001011.GD22215@fieldses.org> <1307737440.3281.5.camel@localhost.localdomain> <20110610213446.GC27837@fieldses.org> <20110612040826.GD9246@fieldses.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Cc: linux-nfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, samba-technical@lists.samba.org, Christoph Hellwig , Eric Paris To: "J. Bruce Fields" Return-path: Received: from e37.co.us.ibm.com ([32.97.110.158]:40350 "EHLO e37.co.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751476Ab1FLTKP (ORCPT ); Sun, 12 Jun 2011 15:10:15 -0400 In-Reply-To: <20110612040826.GD9246@fieldses.org> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Sun, 2011-06-12 at 00:08 -0400, J. Bruce Fields wrote: > On Fri, Jun 10, 2011 at 05:34:46PM -0400, J. Bruce Fields wrote: > > On Fri, Jun 10, 2011 at 04:24:00PM -0400, Mimi Zohar wrote: > > > On Thu, 2011-06-09 at 20:10 -0400, J. Bruce Fields wrote: > > > > From: J. Bruce Fields > > > > > > > > Since break_lease is called before i_writecount is incremented, there's > > > > a window between the two where a setlease call would have no way to know > > > > that an open is about to happen. > > > > > > So unless the break_lease() call is moved from may_open() to after > > > nameidata_to_filp(), I don't see any other options. > > > > Actually, offhand I can't see why that wouldn't be OK. > > > > Though I think we still end up needing something like i_blockleases to > > handle unlink, link, rename, chown, and chmod. > > Well, I guess there's a bizarre alternative that wouldn't require a new > inode field: In lieu of adding a new inode field, another possible option, a bit kludgy, would be extending i_flock with an additional fl_flag FL_BLOCKLEASE. #define IS_BLOCKLEASE(fl) (fl->fl_flags & FL_BLOCKLEASE) Mimi > What we care about is conflicts between read leases and operations that > modify the metadata of the inode or the set of names pointing to it. > > As far as I can tell those operations all take the i_mutex either on the > inode itself or on the parents of one of its aliases. > > So, you could prevent break_lease/setlease races by calling setlease > under *all* of those i_mutexes: > > - take i_mutex on the inode > - take i_lock to prevent the set of aliases from changing > - take i_mutex for parent of each alias > - set the lease > - drop the parent i_mutexes, etc. > > where the i_mutexes would all be taken with mutex_trylock, and we'd just > fail the whole setlease if any of them failed. > > ??? > > --b.