This looks wonderful and will be useful to the Ganesha user space NFS server also.
I do have a couple questions.
1. How will this interact with the idea of private locks from the patch set Jeff Layton has been pushing?
2. If a process opens multiple file descriptors with deny modes, will they conflict with each other (which is the behavior we will want for Ganesha).
3. Is there any functionality to upgrade or downgrade the access and deny modes (thinking in terms of NFS v4 support of OPEN upgrade and OPEN_DOWNGRADE operations).
Thanks
Frank
-----Original Message----- From: linux-nfs-owner@vger.kernel.org [mailto:linux-nfs- owner@vger.kernel.org] On Behalf Of Pavel Shilovsky Sent: Friday, January 17, 2014 2:07 AM To: linux-kernel@vger.kernel.org Cc: linux-cifs@vger.kernel.org; linux-fsdevel@vger.kernel.org; linux- nfs@vger.kernel.org; wine-devel@winehq.org Subject: [PATCH v7 0/7] Add O_DENY* support for VFS and CIFS/NFS
This patchset adds support of O_DENY* flags for Linux fs layer. These
flags
can be used by any application that needs share reservations to organize a file access. VFS already has some sort of this capability - now it's done through flock/LOCK_MAND mechanis, but that approach is non-atomic. This patchset build new capabilities on top of the existing one but doesn't
bring
any changes into the flock call semantic.
These flags can be used by NFS (built-in-kernel) and CIFS (Samba) servers and Wine applications through VFS (for local filesystems) or CIFS/NFS modules. This will help when e.g. Samba and NFS server share the same directory for Windows and Linux users or Wine applications use Samba/NFS share to access the same data from different clients.
According to the previous discussions the most problematic question is how to prevent situations like DoS attacks where e.g /lib/liba.so file can be
open
with DENYREAD, or smth like this. That's why extra mount option
'sharelock'
is added for switching on/off O_DENY* flags processing. It allows to avoid
use
of these flags on critical places (like /, /lib) and turn them on if we
really want
it proccessed that way.
So, we have 3 new flags: O_DENYREAD - to prevent other opens with read access, O_DENYWRITE - to prevent other opens with write access, O_DENYDELETE - to prevent delete operations
The patchset avoids data races problem on newely created files: open with O_CREAT can return the -ESHAREDENIED error for a successfully created file if this files was locked with a sharelock by another task. Also, it turns flock/LOCK_MAND capability off for mounts with 'sharelock' option. This
lets
not mix one share reservation approach with another.
Patches #1, #2 and #3 add O_DENY* flags to fcntl and implement VFS part. A patch #4 is related to CIFS client changes, #5 -- NFSD, #6 and #7 describe NFSv4 client parts.
The preliminary patch for Samba that replaces the existing use of flock/LOCK_MAND mechanism with O_DENY* flags: http://git.etersoft.ru/people/piastry/packages/?p=samba.git;a=commitdiff; h=173070262b7f29134ad6b2e49a760017c11aec4a
The future part of open man page patch:
O_DENYREAD, O_DENYWRIYE, O_DENYDELETE - used to inforce a mandatory share reservation scheme of the file access. If these flag is passed, the
open
fails with -ESHAREDENIED in following cases:
- if O_DENYREAD flag is specified and there is another open with READ
access to the file; 2) if O_DENYWRITE flag is specified and there is another open with WRITE access to the file; 3) if READ access is requested and there is another open with O_DENYREAD flags; 4) if WRITE access is requested and there is another open with O_DENYWRITE flags.
If O_DENYDELETE flag is specified and the open succeded, any further
unlink
operation will fail with -ESHAREDENIED untill this open is closed. Now
this flag
is processed by VFS and CIFS filesystem. NFS returns -EINVAL for opens
with
this flag.
This mechanism is done through flocks. If O_DENY* flags are specified,
flock
syscall is processed after the open. The share modes are translated into
flock
according the following rules:
- !O_DENYREAD -> LOCK_READ | LOCK_MAND
- !O_DENYWRITE -> LOCK_WRITE | LOCK_MAND
- !O_DENYDELETE -> LOCK_DELETE | LOCK_MAND
Pavel Shilovsky (7): VFS: Introduce new O_DENY* open flags VFS: Add O_DENYDELETE support for VFS locks: Disable LOCK_MAND support for MS_SHARELOCK mounts CIFS: Add O_DENY* open flags support NFSD: Pass share reservations flags to VFS NFSv4: Add deny state handling for nfs4_state struct NFSv4: Add O_DENY* open flags support
arch/alpha/include/uapi/asm/errno.h | 2 + arch/alpha/include/uapi/asm/fcntl.h | 3 + arch/mips/include/uapi/asm/errno.h | 2 + arch/parisc/include/uapi/asm/errno.h | 2 + arch/parisc/include/uapi/asm/fcntl.h | 3 + arch/sparc/include/uapi/asm/errno.h | 2 + arch/sparc/include/uapi/asm/fcntl.h | 3 + fs/cifs/cifsacl.c | 2 + fs/cifs/cifsfs.c | 2 +- fs/cifs/cifsglob.h | 17 +- fs/cifs/cifssmb.c | 2 +- fs/cifs/dir.c | 6 + fs/cifs/file.c | 20 ++- fs/cifs/inode.c | 12 +- fs/cifs/link.c | 2 + fs/cifs/netmisc.c | 2 +- fs/cifs/smb1ops.c | 3 + fs/cifs/smb2inode.c | 1 + fs/cifs/smb2maperror.c | 2 +- fs/cifs/smb2ops.c | 6 + fs/cifs/smb2pdu.c | 2 +- fs/fcntl.c | 5 +- fs/locks.c | 161 ++++++++++++++++-- fs/namei.c | 56 +++++- fs/nfs/dir.c | 39 ++++- fs/nfs/inode.c | 8 +- fs/nfs/internal.h | 3 +- fs/nfs/nfs4_fs.h | 83 ++++++++- fs/nfs/nfs4file.c | 8 +- fs/nfs/nfs4proc.c | 310
+++++++++++++++++++++++-----------
fs/nfs/nfs4state.c | 65 ++++--- fs/nfs/nfs4super.c | 9 +- fs/nfs/nfs4xdr.c | 21 ++- fs/nfs/super.c | 7 +- fs/nfsd/nfs4state.c | 46 ++++- fs/nfsd/nfsproc.c | 1 + fs/proc_namespace.c | 1 + include/linux/fs.h | 15 ++ include/linux/nfs_fs.h | 5 +- include/linux/nfs_xdr.h | 1 + include/uapi/asm-generic/errno.h | 2 + include/uapi/asm-generic/fcntl.h | 12 ++ include/uapi/linux/fs.h | 1 + 43 files changed, 789 insertions(+), 166 deletions(-)
-- 1.7.10.4
-- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the
body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html