From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Mon, 9 Feb 1998 15:21:09 -0600 From: G. David Butler gdb@dbSystems.com Subject: [9fans] create(2)/open(2) race for file creation Topicbox-Message-UUID: 723f3408-eac8-11e9-9e20-41e7f4b1d025 Content-Type: text/plain; charset=UTF-8 Message-ID: <19980209212109.-rHKgg-UFqZI5mdYzmvpJSSioP0V-rrQij7bVMzaxaQ@z> >From: "G. David Butler" >The current create(2) call, IMHO, is broken. When the call was >implemented, it introduced a race condition that was not necessary >and can't be easily avoided. Since Plan9 is a "research" system, >I don't consider the API set in stone and was trying to open a >discussion on the subject. I offered two solutions, an option >to open (POSIX O_EXCL) or a fix to create(2). There is a third I have found some interesting information while considering the change of create(2). Look at the code in /sys/src/cmd/exportfs/exportsrv.c and /sys/src/cmd/iostats/statsrv.c for the comment with the word "race" in it. It seems that any user space "file server" laying over a real file server can't transfer the Tcreate correctly. Big surprise! Another comment in /sys/src/cmd/samterm/plan9.c about an "existing guy" is interesting in that it assumes that create(2) fails if the file exists! It doesn't take much to make the change in the kernel and a simple change in /sys/src/cmd/rc/plan9.c will let the system boot. Beyond that the changes are mechanical and I have listed most of them below. Overall, the change of create(2) is not very hard. The actual change in the cpu/terminal kernel is: delete from the comment in namec() in /sys/src/9/port/chan.c near line 582 /* * Walk the element to near line 600 poperror(); delete from the comment near line 610 /* * protect against the open/create race. to near line 620 } delete the line near line 625 poperror(); also remove the local variables cc and createrr and the label Open: to keep the compile warning free. In the following list, if there is no comment then the change is create becomes open/create/open as previously discussed. /sys/man/2 open documentation change /sys/man/5 open documentation change /sys/src/9/boot aux.c /sys/src/alef/8 output.c /sys/src/alef/k output.c /sys/src/alef/lib/libauth newns.l /sys/src/alef/lib/libbio binit.l /sys/src/alef/lib/libg binit.l create should be open OTRUNC /sys/src/alef/lib/p9 putenv.l /sys/src/alef/test test16.l /sys/src/alef/test/Y files.l /sys/src/alef/v output.c /sys/src/ape/9src ptyfs.c create there is correct to keep two from running /sys/src/ape/lib/ap/plan9 execve.c fix _CREATE mkdir.c access is race, but _CREATE is correct open.c access is race, but _CREATE is correct rename.c fix _CREATE tmpfile.c fix _CREATE /sys/src/cmd ar.c char.c cp.c dd.c ed.c fortune.c init.c mkdir.c access is race but create is correct mv.c news.c ramfs.c create there is correct to keep two from running sed.c create there is correct sh.C sort.c to avoid races, some create become open OTRUNC split.c srv.c access is race but create is correct srvfs.c create there is correct to keep two from running strip.c swap.c fix create on env but swapfd create is correct tar.c tee.c touch.c tweak.c ½char.c /sys/src/cmd/2l obj.c /sys/src/cmd/6l obj.c /sys/src/cmd/8l obj.c /sys/src/cmd/8½ main.c fix create on env but srv create is correct /sys/src/cmd/9660srv main.c create there is correct to keep two from running /sys/src/cmd/acid builtin.c already does the create/open trick /sys/src/cmd/acme disk.l stat is race but create is correct exec.l rows.l util.l /sys/src/cmd/art fileio.c /sys/src/cmd/auth adduser.c create is correct changeuser.c create is correct cron.c create is correct /sys/src/cmd/aux consolefs.l create there is correct to keep two from running depend.l create there is correct to keep two from running /sys/src/cmd/aux/icmp icmp.c create there is correct to keep two from running /sys/src/cmd/cc compat.c /sys/src/cmd/chdb sub.c /sys/src/cmd/chdb/cdb cdb.c /sys/src/cmd/con xmr.c /sys/src/cmd/cpp nlist.c /sys/src/cmd/db output.c create ok setup.c create ok trcrun.c /sys/src/cmd/diff main.c create ok /sys/src/cmd/disk format.c mkext.c create ok mkfs.c create ok /sys/src/cmd/disk/kfs main.c create there is correct to keep two from running /sys/src/cmd/disk/pip disk.c /sys/src/cmd/dossrv xfssrv.c create there is correct to keep two from running /sys/src/cmd/exportfs exportsrv.c create now will work like it should! see race comment /sys/src/cmd/fax file.c create is correct /sys/src/cmd/fone plan9.c create there is correct to keep two from running /sys/src/cmd/ftpfs file.c stat is race but create is correct /sys/src/cmd/hp hp.c /sys/src/cmd/hp/hp-vt main.c /sys/src/cmd/iostats iostats.c create there maybe correct if two run in debug mode statsrv.c create now will work like it should! see race comment /sys/src/cmd/ip tftpd.c /sys/src/cmd/kl obj.c /sys/src/cmd/lex sub1.c /sys/src/cmd/lp LOCK.c create now will work like it should! lpdaemon.c create ok lpsend.c create ok /sys/src/cmd/mk main.c create ok plan9.c t_ar.c create ok t_file.c create ok /sys/src/cmd/mothra gopher2html.c create ok http.c create ok mothra.c /sys/src/cmd/ndb cs.c create there is correct to keep two from running dns.c create there is correct to keep two from running mkhash.c mkhosts.c /sys/src/cmd/plot plot.c create there is correct to keep two from running /sys/src/cmd/postscript/postio postio.l create ok /sys/src/cmd/postscript/tcpostio tcpostio.l create ok /sys/src/cmd/rc plan9.c /sys/src/cmd/rschar rschar.c /sys/src/cmd/sam io.c mesg.c plan9.c create ok sam.c shell.c /sys/src/cmd/samterm plan9.c one create ok (see comment) other open OTRUNC /sys/src/cmd/scuzz scuzz.c /sys/src/cmd/service ftp.c two creates need changing, not all /sys/src/cmd/service/nfs chat.c create there is correct to keep two from running /sys/src/cmd/spin pangen1.h create ok /sys/src/cmd/telco telco.c create there is correct to keep two from running /sys/src/cmd/upas/common libsys.c fix create in syscreate /sys/src/cmd/upas/q qer.c look at more runq.c fix create on /dev/user /sys/src/cmd/vl obj.c /sys/src/cmd/xl obj.c /sys/src/fb cvt2pic.c create ok /sys/src/games/gps gps55.c create ok /sys/src/games/plumb pced.c /sys/src/games/smiley mkfont.c /sys/src/libauth newns.c /sys/src/libbio binit.c /sys/src/libc/9sys putenv.c /sys/src/libc/port profile.c /sys/src/libfb picopen_w.c /sys/src/libg binit.c /sys/src/libstdio freopen.c David Butler gdb@dbSystems.com