I'm sorry for the delay. The last week was busy and this fell through the cracks. On Mon 29-01-24 20:30:34, Amir Goldstein wrote: > On Mon, Dec 18, 2023 at 5:53 PM Amir Goldstein <amir73il@xxxxxxxxx> wrote: > > In the HttpDirFS HSM demo, I used FAN_OPEN_PERM on a mount mark > > to deny open of file during the short time that it's content is being > > punched out [1]. > > It is quite complicated to explain, but I only used it for denying access, > > not to fill content and not to write anything to filesystem. > > It's worth noting that returning EBUSY in that case would be more meaningful > > to users. > > > > That's one case in favor of allowing FAN_DENY_ERRNO for FAN_OPEN_PERM, > > but mainly I do not have a proof that people will not need it. > > > > OTOH, I am a bit concerned that this will encourage developer to use > > FAN_OPEN_PERM as a trigger to filling file content and then we are back to > > deadlock risk zone. > > > > Not sure which way to go. > > > > Anyway, I think we agree that there is no reason to merge FAN_DENY_ERRNO > > before FAN_PRE_* events, so we can continue this discussion later when > > I post FAN_PRE_* patches - not for this cycle. > > I started to prepare the pre-content events patches for posting and got back > to this one as well. > > Since we had this discussion I have learned of another use case that > requires filling file content in FAN_OPEN_PERM hook, FAN_OPEN_EXEC_PERM > to be exact. > > The reason is that unless an executable content is filled at execve() time, > there is no other opportunity to fill its content without getting -ETXTBSY. Yes, I've been scratching my head over this usecase for a few days. I was thinking whether we could somehow fill in executable (and executed) files on access but it all seemed too hacky so I agree that we probably have to fill them in on open. > So to keep things more flexible, I decided to add -ETXTBSY to the > allowed errors with FAN_DENY_ERRNO() and to decided to allow > FAN_DENY_ERRNO() with all permission events. > > To keep FAN_DENY_ERRNO() a bit more focused on HSM, I have > added a limitation that FAN_DENY_ERRNO() is allowed only for > FAN_CLASS_PRE_CONTENT groups. I have no problem with adding -ETXTBSY to the set of allowed errors. That makes sense. Adding FAN_DENY_ERRNO() to all permission events in FAN_CLASS_PRE_CONTENT groups - OK, if we don't find anything better - I wanted to hash out another possibility here: Currently all permission events (and thus also the events we plan to use for HSM AFAIU) are using 'fd' to identify file where the event happened. This is used as identifier for response, can be used to fill in file contents for HSM but it also causes issues such as the problem with exec(2) occasionally failing if this fd happens to get closed only after exec(2) gets to checking deny_write_access(). So what if we implemented events needed for HSM as FID events (we'd have think how to match replies to events)? Then the app would open the file for filling in using FID as well as it would naturally close the handle before replying so problems with exec(2) would not arise. These would be essentially new events (so far we didn't allow permission events in FID groups) so allowing FAN_DENY_ERRNO() replies for them would be natural. Overall it would seem like a cleaner "clean room implementation" API? Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
