Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp4318194ybi;
        Mon, 3 Jun 2019 08:58:51 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyZtP1ikQb7sl/PdAhXnERccyTVlgS5/pT6eqS466j5tnykRwWU1qotimgTthoRrrNE8cI0
X-Received: by 2002:a17:902:5c5:: with SMTP id f63mr30878263plf.176.1559577531286;
        Mon, 03 Jun 2019 08:58:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1559577531; cv=none;
        d=google.com; s=arc-20160816;
        b=DXpyuwQCL3Xsw06F19WIV8RnL/hd1imTZroGnqMmNkDD2w3RpoI6PyYyxpGM9bGI5q
         nn0zf+MJOX8BJ+JYhMFS+rm1NQA00AD8z/NINrfbQKf4PHde834i89/9eetCikiPsved
         y1k7ZmMmrqSWfM/tuO83d2RwWXiPn7Z00DanHU6S4i/FiuQNdcOoI7/VbWePcydhDRim
         CqpKZnsKQmuNrV/9vF0XuLXErCstSxBi8dwo05XpqkZC03Q7Hu1d5jwr+cuWC1PfQ69b
         ghC5pfeRLqTxsSWl/Xg/lQnO/kEbXRwn0Kt4zHds2tic8TBwy8PPfjjCGJqG0xrWW6Gn
         8fRw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id:dkim-signature;
        bh=cc2qpruDakPhVR/+oGLp9bzGzok2vGK8TIr8IQJeQhA=;
        b=vK9Umv9FlPGTL3l405EuXes6isgeEgMwuZH9b1zLln3LcQAbtk8FrxbhLu3OTI/fj2
         aYgFuVAhDIFNCUpFqHF/WOh6Q1Hi1vmdZ6w5Sm6bkTrdY5M8ytFIDuTSjj5Rzc70lAXd
         +G38Oba506wArmxOcu6X7Dencw2uPIayXdyB1ahXeniOlUeqFy+8fr5F2jjsYZu9o2+E
         j4XV3zrcMRjGCNjtr6CK1tAYaeJmSSV/lZSA1JyNqTFFWPS6jCb6oRP0eYeMO0lIiUB5
         kpc9UJy5IJZF+iH0TWtbuYnOMiAx2b5wZSKC0r2Cph9Zbbkzti5I8EZgLOb0baH4skIK
         H+ZA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=NS6Q74II;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d10si18648033pgm.531.2019.06.03.08.58.34;
        Mon, 03 Jun 2019 08:58:51 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=NS6Q74II;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729339AbfFCP4x (ORCPT
        <rfc822;ArcheFireLinuxKernelMain@gmail.com> + 99 others);
        Mon, 3 Jun 2019 11:56:53 -0400
Received: from mail-wm1-f54.google.com ([209.85.128.54]:51483 "EHLO
        mail-wm1-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728865AbfFCP4x (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 3 Jun 2019 11:56:53 -0400
Received: by mail-wm1-f54.google.com with SMTP id f10so11783077wmb.1
        for <linux-kernel@vger.kernel.org>; Mon, 03 Jun 2019 08:56:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=message-id:subject:from:to:cc:date:in-reply-to:references
         :user-agent:mime-version:content-transfer-encoding;
        bh=cc2qpruDakPhVR/+oGLp9bzGzok2vGK8TIr8IQJeQhA=;
        b=NS6Q74IIv8QB4krMkgs4Z9IVQ/L7pYBS4KAPNrffZl4NiBWlyDQAr1i6n+6dpjkb6/
         J6+wbDcSx5kPgyhGffeJezsXhLGEATG2LG3i/lmQ/khNcy2524DTjZYwWtIQIeQ4Q3z3
         gBEp5SBWEF1RqoYuKRrnC1MKr8iUx9jqiZfJQFcU4Xaj5CIBbUEY19/xmpI2NT0/bVI9
         5hhWJhy1oEn7lWPpShFUTp0ELu5cEaYp7KZAwIHR+zL5w8Fq+cEv4We5oa7GfP3GIM2r
         jQYBAfp9oZHjQGbfeU4s3mJnnaArSRMtfth/iRRZW2hcSm0ZP3SLZLPINAUGEq3xsohH
         OsVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to
         :references:user-agent:mime-version:content-transfer-encoding;
        bh=cc2qpruDakPhVR/+oGLp9bzGzok2vGK8TIr8IQJeQhA=;
        b=EG2dbwlMbSgx+9rJBfE0V8bLOhBOshVi8ILRLZM37k2TmAwa9K028welVwTr2KmcEk
         6W2yfBcf02qpnlhr3I+6a2dy0WB1BeUWTowey94qqu/TBi0WI03I4h9T97dBtVFAWILZ
         3/7Jo3e/Ba8F9yR16rvWcXn0xj4WAMcBGyOf5qfFXH998M9Z73+ixru2PaPP2GMeFfQw
         QgmHDvOdaWFolKzoyal0U3bQZKQOny6oqgZKtGfKGc4gOM1y+PZsVogZ+cRdwOYz24Kz
         kGW0VvRINOIw+6Cx3GptqFzWyIKJjnOMbtXcR6jRoYkH1UQTEgEK1Cnrz/lj8z7Sfppb
         UyEA==
X-Gm-Message-State: APjAAAXgTW42YhyATTugIPRx7n1Wx5bi4T6KrziD35cxgYB2FuVorTkz
        7Vmx7FyIvxWZTQJnVSlach8=
X-Received: by 2002:a1c:b68a:: with SMTP id g132mr15319505wmf.66.1559577411337;
        Mon, 03 Jun 2019 08:56:51 -0700 (PDT)
Received: from [10.17.91.220] ([91.199.104.6])
        by smtp.gmail.com with ESMTPSA id f2sm3881449wru.31.2019.06.03.08.56.50
        (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);
        Mon, 03 Jun 2019 08:56:50 -0700 (PDT)
Message-ID: <b8c50bcb9335c93c3c730d55b6a9415d5f1fdb2a.camel@gmail.com>
Subject: Re: O_CLOFORK use case
From:   Mihai =?UTF-8?Q?Don=C8=9Bu?= <mihai.dontu@gmail.com>
To:     Joshua Hudson <joshudson@gmail.com>
Cc:     linux-kernel@vger.kernel.org
Date:   Mon, 03 Jun 2019 18:56:49 +0300
In-Reply-To: <CA+jjjYT6_ZZP5Ucqxvtmcd3d18vAC1LRtruiXojFVaxpJ-HhLA@mail.gmail.com>
References: <CA+jjjYT6_ZZP5Ucqxvtmcd3d18vAC1LRtruiXojFVaxpJ-HhLA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.30.5 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 2019-06-03 at 08:24 -0700, Joshua Hudson wrote:
> I ran headlong into the use case for O_CLOFORK and got into a locking
> debate over it.
> 
> The actual use case involves squashing a thread race between two
> threads. If a file is opened for write in one thread with O_CLOEXEC
> while another thread calls fork(), a race condition can happen where
> the thread that closes the handle misses the out of disk error because
> the child process closed the handle last inside execve().
> 
> The decades old idiom for replacing config files isn't safe in
> multi-threaded code. Yipe.
> 
>     int h = open(".configfile~", O_WRONY | O_EXCL | O_CLOEXEC, 0666);
>     if (h < 0) { perror(".configfile"); return 1; }
>     ssize_t delta = 0;
>     while ((delta = write(h, newconfigdata, newconfiglen)) > 0) {
>         newconfigdata += delta;
>         newconfiglen -= delta;
>     }
>     if (delta < 0) { perror(".configfile"); return 1; }
>     if (close(h)) { perror(".configfile"); return 1; }
>     rename(".configfile~", ".configfile");
> 
> To fix it, we have to put locks around close() and fork()/vfork(). Ugh.

fsync() / fdatasync() before close() should fix it, non?

I was under the impression that any of those two became mandatory when
ext4 came along.

-- 
Mihai Donțu