On Mon, 10/31 17:01, Eric Blake wrote: > On 10/31/2016 10:38 AM, Fam Zheng wrote: > > This implements open flag sensible image locking for local file > > and host device protocol. > > > > virtlockd in libvirt locks the first byte, so we start looking at the > > file bytes from 1. > > What happens if we try to use a raw file with less than 3 bytes? There's > not much to be locked in that case (especially if we round down to > sector sizes - the file is effectively empty) - but it's probably a > corner case you have to be aware of.
Yes. Not sure if it is complete (and always true) but patch 14 covers a 0 byte test case and it seems the lock just works the same a a large file. So I look at the kernel implementation of fcntl locks, to see if it limits lock range to file size, but I don't see any. I also manually tested with "touch /var/tmp/zerofile && qemu-io /var/tmp/zerofile" and "lslocks", it indeed report the locked bytes tough the file is 0 byte. As another example, /dev/null is also lockable by this series, that's why I have to add a patch to change it to null-co://. So, I think where a zero byte file cannot be locked, if any, is a corner case. > > > > > Quoting what was proposed by Kevin Wolf <kw...@redhat.com>, there are > > four locking modes by combining two bits (BDRV_O_RDWR and > > BDRV_O_SHARE_RW), and implemented by taking two locks: > > > > Lock bytes: > > > > * byte 1: I can't allow other processes to write to the image > > * byte 2: I am writing to the image > > > > Lock modes: > > > > * shared writer (BDRV_O_RDWR | BDRV_O_SHARE_RW): Take shared lock on > > byte 2. Test whether byte 1 is locked using an exclusive lock, and > > fail if so. > > > > * exclusive writer (BDRV_O_RDWR only): Take shared lock on byte 2. Test > > whether byte 1 is locked using an exclusive lock, and fail if so. Then > > take shared lock on byte 1. I suppose this is racy, but we can > > probably tolerate that. > > > > * reader that can tolerate writers (BDRV_O_SHARE_RW only): Don't do anything > > > > * reader that can't tolerate writers (neither bit is set): Take shared > > lock on byte 1. Test whether byte 2 is locked, and fail if so. > > > > The complication is in the transactional reopen. To make the reopen > > logic managable, and allow better reuse, the code is internally > > s/managable/manageable/ > > > organized with a table from old mode to the new one. > > > > Signed-off-by: Fam Zheng <f...@redhat.com> > > --- > > block/raw-posix.c | 710 > > ++++++++++++++++++++++++++++++++++++++++++++++++++---- > > 1 file changed, 660 insertions(+), 50 deletions(-) > > > > > +typedef enum { > > + /* Read only and accept other writers. */ > > + RAW_L_READ_SHARE_RW, > > + /* Read only and try to forbid other writers. */ > > + RAW_L_READ, > > + /* Read write and accept other writers. */ > > + RAW_L_WRITE_SHARE_RW, > > + /* Read write and try to forbit other writers. */ > > s/forbit/forbid/ > > > > > > +static int raw_lock_fd(int fd, BDRVRawLockMode mode, Error **errp) > > +{ > > + int ret; > > + assert(fd >= 0); > > + /* Locking byte 1 avoids interfereing with virtlockd. */ > > s/interfereing/interfering/ > > > > +/** > > + * Transactionally moving between possible locking states is tricky and > > must be > > + * done carefully. That is mostly because downgrading an exclusive lock to > > + * shared or unlocked is not guaranteed to be revertable. As a result, in > > such > > s/revertable/revertible/ > > > + * cases we have to defer the downgraing to "commit", given that no revert > > will > > s/downgraing/downgrading/ > > > + * happen after that point, and that downgrading a lock should never fail. > > + * > > + * On the other hand, upgrading a lock (e.g. from unlocked or shared to > > + * exclusive lock) must happen in "prepare" because it may fail. > > + * > > + * Manage the operation matrix with this state transition table to make > > + * fulfulling above conditions easier. > > s/fulfulling/fulfilling/ Thanks, will fix these typos and misspells. > > > > @@ -560,61 +1177,24 @@ static int raw_reopen_prepare(BDRVReopenState *state, > > > > raw_parse_flags(state->flags, &rs->open_flags); > > > > - rs->fd = -1; > > - > > - int fcntl_flags = O_APPEND | O_NONBLOCK; > > -#ifdef O_NOATIME > > - fcntl_flags |= O_NOATIME; > > -#endif > > - > > -#ifdef O_ASYNC > > - /* Not all operating systems have O_ASYNC, and those that don't > > - * will not let us track the state into rs->open_flags (typically > > - * you achieve the same effect with an ioctl, for example I_SETSIG > > - * on Solaris). But we do not use O_ASYNC, so that's fine. > > - */ > > - assert((s->open_flags & O_ASYNC) == 0); > > -#endif > > It looks like you are doing some code motion (refactoring into a helper > function) mixed in with everything else; it might be worth splitting > that into a separate commit for ease of review. Yes, good idea. Fam