On Mon, Mar 01, 2021 at 02:09:03PM -0500, J. Bruce Fields wrote: > On Sun, Feb 28, 2021 at 08:57:20AM -0500, Drew DeVault wrote: > > On Sat Feb 27, 2021 at 11:03 PM EST, Matthew Wilcox wrote: > > > > 1. Program A creates a directory > > > > 2. Program A is pre-empted > > > > 3. Program B deletes the directory > > > > 4. Program A creates a file in that directory > > > > 5. RIP > > > > > > umm ... program B deletes the directory. program A opens it in order to > > > use openat(). program A gets ENOENT and exits, confused. that's the > > > race you're removing here -- and it seems fairly insignificant to me. > > > > Yes, that is the race being eliminated here. Instead of this, program A > > has an fd which holds a reference to the directory, so it just works. A > > race is a race. It's an oversight in the API. > > Step 4 still fails either way, because you can't create a file in an > unlinked directory, even if you hold a reference to that directory. > What's the behavior change at step 4 that you're hoping for? If step 3 is 'mv foo bar', then the behaviour change will be that the files still get created, just as bar/quux, instead of foo/quux. It's not clear to me this is necessarily an improvement in behaviour. (as an aside, i think there's a missing feature in posix -- being able to atomically replace one directory with another. you can atomically replace one file with another with hard links, but since you can't hardlink a directory, you can't do the same trick. Maybe you should just always move files out of a directory instead of moving directories as a single operation)
