OpenCores
URL https://opencores.org/ocsvn/or1k/or1k/trunk

Subversion Repositories or1k

[/] [or1k/] [trunk/] [rc203soc/] [sw/] [uClinux/] [Documentation/] [mandatory.txt] - Blame information for rev 1777

Go to most recent revision | Details | Compare with Previous | View Log

Line No. Rev Author Line
1 1625 jcastillo
        Mandatory File Locking For The Linux Operating System
2
 
3
                Andy Walker 
4
 
5
                           15 April 1996
6
 
7
 
8
1. What is  mandatory locking?
9
------------------------------
10
 
11
Mandatory locking is kernel enforced file locking, as opposed to the more usual
12
cooperative file locking used to guarantee sequential access to files among
13
processes. File locks are applied using the flock() and fcntl() system calls
14
(and the lockf() library routine which is a wrapper around fcntl().) It is
15
normally a process' responsibility to check for locks on a file it wishes to
16
update, before applying its own lock, updating the file and unlocking it again.
17
The most commonly used example of this (and in the case of sendmail, the most
18
troublesome) is access to a user's mailbox. The mail user agent and the mail
19
transfer agent must guard against updating the mailbox at the same time, and
20
prevent reading the mailbox while it is being updated.
21
 
22
In a perfect world all process would use and honour a cooperative, or
23
"advisory" locking scheme. However, the world isn't perfect, and there's
24
a lot of poorly written code out there.
25
 
26
In trying to address this problem, the designers of System V UNIX came up
27
with a "mandatory" locking scheme, whereby the operating system kernel would
28
block attempts by a process to write to a file that another process holds a
29
"read" -or- "shared" lock on, and block attempts to both read and write to a
30
file that a process holds a "write " -or- "exclusive" lock on.
31
 
32
The System V mandatory locking scheme was intended to have as little impact as
33
possible on existing user code. The scheme is based on marking individual files
34
as candidates for mandatory locking, and using the existing fcntl()/lockf()
35
interface for applying locks just as if they were normal, advisory locks.
36
 
37
Note 1: In saying "file" in the paragraphs above I am actually not telling
38
the whole truth. System V locking is based on fcntl(). The granularity of
39
fcntl() is such that it allows the locking of byte ranges in files, in addition
40
to entire files, so the mandatory locking rules also have byte level
41
granularity.
42
 
43
Note 2: POSIX.1 does not specify any scheme for mandatory locking, despite
44
borrowing the fcntl() locking scheme from System V. The mandatory locking
45
scheme is defined by the System V Interface Definition (SVID) Version 3.
46
 
47
2. Marking a file for mandatory locking
48
---------------------------------------
49
 
50
A file is marked as a candidate for mandatory by setting the group-id bit in
51
its file mode but removing the group-execute bit. This is an otherwise
52
meaningless combination, and was chosen by the System V implementors so as not
53
to break existing user programs.
54
 
55
Note that the group-id bit is usually automatically cleared by the kernel when
56
a setgid file is written to. This is a security measure. The kernel has been
57
modified to recognize the special case of a mandatory lock candidate and to
58
refrain from clearing this bit. Similarly the kernel has been modified not
59
to run mandatory lock candidates with setgid privileges.
60
 
61
3. Available implementations
62
----------------------------
63
 
64
I have considered the implementations of mandatory locking available with
65
SunOS 4.1.x, Solaris 2.x and HP-UX 9.x.
66
 
67
Generally I have tried to make the most sense out of the behaviour exhibited
68
by these three reference systems. There are many anomalies.
69
 
70
All the reference systems reject all calls to open() for a file on which
71
another process has outstanding mandatory locks. This is in direct
72
contravention of SVID 3, which states that only calls to open() with the
73
O_TRUNC flag set should be rejected. The Linux implementation follows the SVID
74
definition, which is the "Right Thing", since only calls with O_TRUNC can
75
modify the contents of the file.
76
 
77
HP-UX even disallows open() with O_TRUNC for a file with advisory locks, not
78
just mandatory locks. That would appear to contravene POSIX.1.
79
 
80
mmap() is another interesting case. All the operating systems mentioned
81
prevent mandatory locks from being applied to an mmap()'ed file, but  HP-UX
82
also disallows advisory locks for such a file. SVID actually specifies the
83
paranoid HP-UX behaviour.
84
 
85
In my opinion only MAP_SHARED mappings should be immune from locking, and then
86
only from mandatory locks - that is what is currently implemented.
87
 
88
SunOS is so hopeless that it doesn't even honour the O_NONBLOCK flag for
89
mandatory locks, so reads and writes to locked files always block when they
90
should return EAGAIN.
91
 
92
I'm afraid that this is such an esoteric area that the semantics described
93
below are just as valid as any others, so long as the main points seem to
94
agree.
95
 
96
4. Semantics
97
------------
98
 
99
1. Mandatory locks can only be applied via the fcntl()/lockf() locking
100
   interface - in other words the System V/POSIX interface. BSD style
101
   locks using flock() never result in a mandatory lock.
102
 
103
2. If a process has locked a region of a file with a mandatory read lock, then
104
   other processes are permitted to read from that region. If any of these
105
   processes attempts to write to the region it will block until the lock is
106
   released, unless the process has opened the file opened with the O_NONBLOCK
107
   flag in which case the system call will return immediately with the error
108
   status EAGAIN.
109
 
110
3. If a process has locked a region of a file with a mandatory write lock, all
111
   attempts to read or write to that region block until the lock is released,
112
   unless a process has opened the file with the O_NONBLOCK flag in which case
113
   the system call will return immediately with the error status EAGAIN.
114
 
115
4. Calls to open() with O_TRUNC, or to creat(), on a existing file that has
116
   any mandatory locks owned by other processes will be rejected with the
117
   error status EAGAIN.
118
 
119
5. Attempts to apply a mandatory lock to a file that is memory mapped and
120
   shared (via mmap() with MAP_SHARED) will be rejected with the error status
121
   EAGAIN.
122
 
123
6. Attempts to create a shared memory map of a file (via mmap() with MAP_SHARED)
124
   that has any mandatory locks in effect will be rejected with the error status
125
   EAGAIN.
126
 
127
5. Which system calls are affected?
128
-----------------------------------
129
 
130
Those which modify a file's contents, not just the inode. That gives read(),
131
write(), readv(), writev(), open(), creat(), mmap(), truncate() and
132
ftruncate(). truncate() and ftruncate() are considered to be "write" actions
133
for the purposes of mandatory locking.
134
 
135
The affected region is usually defined as stretching from the current position
136
for the total number of bytes read or written. For the truncate calls it is
137
defined as the bytes of a file removed or added (we must also consider bytes
138
added, as a lock can specify just "the whole file", rather than a specific
139
range of bytes.)
140
 
141
Note 3: I may have overlooked some system calls that need mandatory lock
142
checking in my eagerness to get this code out the door. Please let me know, or
143
better still fix the system calls yourself and submit a patch to me or Linus.
144
 
145
6. Warning!
146
-----------
147
 
148
Not even root can override a mandatory lock, so runaway process can wreak
149
havoc if they lock crucial files. The way around it is to change the file
150
permissions (remove the setgid bit) before trying to read or write to it.
151
Of course, that might be a bit tricky if the system is hung :-(
152
 

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.