lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 1 Oct 2019 14:01:57 -0700
From:   Ira Weiny <>
To:     Dave Chinner <>
Cc:,,,,,,, Jeff Layton <>,
        Jan Kara <>, Theodore Ts'o <>,
        John Hubbard <>,
        Dan Williams <>,
        Jason Gunthorpe <>
Subject: Re: Lease semantic proposal

On Mon, Sep 30, 2019 at 06:42:33PM +1000, Dave Chinner wrote:
> On Wed, Sep 25, 2019 at 04:46:03PM -0700, Ira Weiny wrote:
> > On Tue, Sep 24, 2019 at 08:26:20AM +1000, Dave Chinner wrote:
> > > Hence, AFIACT, the above definition of a F_RDLCK|F_LAYOUT lease
> > > doesn't appear to be compatible with the semantics required by
> > > existing users of layout leases.
> > 
> > I disagree.  Other than the addition of F_UNBREAK, I think this is consistent
> > with what is currently implemented.  Also, by exporting all this to user space
> > we can now write tests for it independent of the RDMA pinning.
> The current usage of F_RDLCK | F_LAYOUT by the pNFS code allows
> layout changes to occur to the file while the layout lease is held.

This was not my understanding.

> IOWs, your definition of F_RDLCK | F_LAYOUT not being allowed
> to change the is in direct contradition to existing users.
> I've said this several times over the past few months now: shared
> layout leases must allow layout modifications to be made.

I don't understand what the point of having a layout lease is then?

> Only
> allowing an exclusive layout lease to modify the layout rules out
> many potential use cases for direct data placement and p2p DMA
> applications,

How?  I think that having a typical design pattern of multiple readers
and only a single writer would actually make all these use cases easier.

> not to mention conflicts with the existing pNFS usage.

I apologize for not understanding this.  My reading of the code is that layout
changes require the read layout to be broken prior to proceeding.

The break layout code does this by creating a F_WRLCK of type FL_LAYOUT which
conflicts with the F_RDLCK of type FL_LAYOUT...

int __break_lease(struct inode *inode, unsigned int mode, unsigned int type)
        struct file_lock *new_fl, *fl, *tmp;

        new_fl = lease_alloc(NULL, want_write ? F_WRLCK : F_RDLCK, 0);
        if (IS_ERR(new_fl))
                return PTR_ERR(new_fl);
        new_fl->fl_flags = type;
        list_for_each_entry_safe(fl, tmp, &ctx->flc_lease, fl_list) {
                if (!leases_conflict(fl, new_fl))

type == FL_LAYOUT from the call here.

static inline int break_layout(struct inode *inode, bool wait)
        if (inode->i_flctx && !list_empty_careful(&inode->i_flctx->flc_lease))
                return __break_lease(inode,
                                wait ? O_WRONLY : O_WRONLY | O_NONBLOCK,
        return 0;

Also, I don't see any code which limits the number of read layout holders which
can be present and all of them will be revoked by the above code.

What am I missing?


Powered by blists - more mailing lists