From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id C5F94767AD for ; Fri, 16 Jul 2021 10:28:43 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C40DFDA74 for ; Fri, 16 Jul 2021 10:28:43 +0200 (CEST) Received: from elsa.proxmox.com (unknown [94.136.29.99]) by firstgate.proxmox.com (Proxmox) with ESMTP id 3BE6EDA51 for ; Fri, 16 Jul 2021 10:28:42 +0200 (CEST) Received: by elsa.proxmox.com (Postfix, from userid 0) id DE987AE1CB8; Fri, 16 Jul 2021 10:28:35 +0200 (CEST) From: Dietmar Maurer To: pbs-devel@lists.proxmox.com Date: Fri, 16 Jul 2021 10:28:31 +0200 Message-Id: <20210716082834.2354163-1-dietmar@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.488 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox 1/2] new helper atomic_open_or_create_file() X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jul 2021 08:28:43 -0000 --- proxmox/src/tools/fs.rs | 86 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 85 insertions(+), 1 deletion(-) diff --git a/proxmox/src/tools/fs.rs b/proxmox/src/tools/fs.rs index 12e96bd..2a93b30 100644 --- a/proxmox/src/tools/fs.rs +++ b/proxmox/src/tools/fs.rs @@ -12,9 +12,10 @@ use nix::errno::Errno; use nix::fcntl::OFlag; use nix::sys::stat; use nix::unistd::{self, Gid, Uid}; +use nix::NixPath; use serde_json::Value; -use crate::sys::error::SysResult; +use crate::sys::error::{SysError, SysResult}; use crate::sys::timer; use crate::tools::fd::Fd; use crate::try_block; @@ -187,6 +188,89 @@ pub fn replace_file>( Ok(()) } +/// Like open(2), but allows setting initial data, perm, owner and group +/// +/// Since we need to initialize the file, we also need a solid slow +/// path where we create the file. In order to avoid races, we create +/// it in a temporary location and rotate it in place. +pub fn atomic_open_or_create_file>( + path: P, + mut oflag: OFlag, + initial_data: &[u8], + options: CreateOptions, +) -> Result { + let path = path.as_ref(); + + if oflag.contains(OFlag::O_TMPFILE) { + bail!("open {:?} failed - unsupported OFlag O_TMPFILE", path); + } + + oflag.remove(OFlag::O_CREAT); // we want to handle CREAT ourselfes + + // Note: 'mode' is ignored, because oflag does not contain O_CREAT or O_TMPFILE + match nix::fcntl::open(path, oflag, stat::Mode::empty()) { + Ok(fd) => return Ok(unsafe { File::from_raw_fd(fd) }), + Err(err) => { + if err.not_found() { + // fall thrue - try to create the file + } else { + bail!("open {:?} failed - {}", path, err); + } + } + } + + let (mut file, temp_file_name) = make_tmp_file(path, options)?; + + if !initial_data.is_empty() { + file.write_all(initial_data).map_err(|err| { + let _ = nix::unistd::unlink(&temp_file_name); + format_err!( + "writing initial data to {:?} failed - {}", + temp_file_name, + err, + ) + })?; + } + + // rotate the file into place, but use `RENAME_NOREPLACE`, so in case 2 processes race against + // the initialization, the first one wins! + let rename_result = temp_file_name.with_nix_path(|c_file_name| { + path.with_nix_path(|new_path| unsafe { + let rc = libc::renameat2( + libc::AT_FDCWD, + c_file_name.as_ptr(), + libc::AT_FDCWD, + new_path.as_ptr(), + libc::RENAME_NOREPLACE, + ); + nix::errno::Errno::result(rc) + })? + })?; + + match rename_result { + Ok(_) => Ok(file), + Err(err) => { + // if another process has already raced ahead and created + // the file, let's just open theirs instead: + let _ = nix::unistd::unlink(&temp_file_name); + + if err.already_exists() { + match nix::fcntl::open(path, oflag, stat::Mode::empty()) { + Ok(fd) => Ok(unsafe { File::from_raw_fd(fd) }), + Err(err) => bail!("open {:?} failed - {}", path, err), + } + } else { + bail!( + "failed to move file at {:?} into place at {:?} - {}", + temp_file_name, + path, + err + ); + } + } + } +} + /// Change ownership of an open file handle pub fn fchown(fd: RawFd, owner: Option, group: Option) -> Result<(), Error> { // According to the POSIX specification, -1 is used to indicate that owner and group -- 2.30.2