Am 14.02.2017 um 06:51 hat Fam Zheng geschrieben: > On Mon, 02/13 18:22, Kevin Wolf wrote: > > +int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared, > > + Error **errp) > > +{ > > + int ret; > > + > > + ret = bdrv_child_check_perm(c, perm, shared, errp); > > + if (ret < 0) { > > + return ret; > > + } > > + > > + bdrv_child_set_perm(c, perm, shared); > > This has an issue of TOCTOU, which means image locking cannot fit in easily. > Maybe squash them into one callback (.bdrv_try_set_perm) that can return > error?
That doesn't work, it would leave us with broken error handling. If one driver in the middle of the update process fails to update the permissions, we would end up with half of the nodes having the old permissions and half having the new ones. I think the file driver needs to lock the file already on check, and then we need to add a callback for the failure case so that it gives up the lock again. In other words, we might need a transaction with prepare/commit/abort here (*sigh*). Hm, or maybe just prepare/abort could be enough? Needs some thinking about. Kevin