DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=TjQkcKhu3SZr7U7hgz1ILgoHpX80jAR2tTm2PwF7OdAWId5FjCwRw
	FDCSj5YeAnCDGMeEivgcn3hwfPVu+qz3RxBmFRzK3yiHQ7b4B5u8MCh3/VYUDsnZ
	y0cpfrx/rVOV84SEPeEUBWAWm6+W6rSi7MYlwmCqbbNZTBx1Q0lcek=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Date: Wed, 5 Jun 2013 19:02:46 +0200
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Mandatory file locking semantics (was: sqlite3: bug with monotone)
Message-ID: <20130605170246.GD3250@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <51A7862F.1070507@etr-usa.com> <51A7D47E.3050502@users.sourceforge.net> <51A7F547.6020509@etr-usa.com> <20130531092228.GB30659@calimero.vinschen.de> <51A900EF.2020606@etr-usa.com> <20130601105741.GC30659@calimero.vinschen.de> <20130602103125.GE13934@calimero.vinschen.de> <51ACD415.2090709@etr-usa.com> <20130604084815.GD19572@calimero.vinschen.de> <51AF6433.5050104@etr-usa.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <51AF6433.5050104@etr-usa.com>
User-Agent: Mutt/1.5.21 (2010-09-15)

On Jun  5 10:15, Warren Young wrote:
> On 6/4/2013 02:48, Corinna Vinschen wrote:
> >On Jun  3 11:36, Warren Young wrote:
> >>Could you add an O_MAND open(2) option as well to turn on the same
> >>feature?  This will avoid a race condition.
> >
> >If you call F_LCK_MANDATORY right after open in the opening routine,
> >there won't be (much of) a race.  I know what you mean (it's the
> >O_CLOEXEC dilemma)
> 
> As long as everyone plays by the rules, there actually isn't a race.
> 
> For this style of locking to work at all, every program involved has
> to enable the mandatory locking flag before doing any I/O on the
> file.  In that sense, locking is already atomic.
> 
> Adding O_MAND changes the call pattern from:
> 
>    fd = open(..., O_RDWR);
>    fcntl(fd, F_LCK_MANDATORY, 1);
>    fcntl(fd, F_SETLK, &lock);
> 
> to:
> 
>    fd = open(..., O_RDWR | O_MAND);
>    fcntl(fd, F_SETLK, &lock);
> 
> Since there are two required calls due to the POSIX design, there's
> still a hole here, where an uncooperative program could call open(2)
> for writing on the same file without acquiring the lock.  To fix
> *that* race condition, you'd need an extension to open(2) that lets
> it acquire the lock on open.  That just isn't in the cards.

Advisory locking is *based* on cooperative behaviour.  That means,
the assumption is that all applications accessing certain files
behave like they should and not write to a file before asking for the
lock.  In your case, there's the sqlite lib.  If every application
accessing an sqlite db uses the sqlite lib, there's no reason to
assume that there's an uncooperative application.

> Or am I missing something?  Does mandatory locking on Linux or SysV
> somehow avoid the "uncooperative program" race?

Not at all.  Did you read Section 0, "Why you should avoid mandatory
locking" in Linux Documentation/filesystems/mandatory-locking.txt file?
It's all about races.

> That having been said, I still think O_MAND works better.
> [...]

Again, to be clear: Mandatory locking is not for the every day use of a
Cygwin application.  I provided it for the sake of a *very* limited
scenario, where Cygwin applications have to cooperate with native Windows
applications using record locking.  The burden to use it correctly is
on the application developer.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple