Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Message-ID: <d134571f381868e1cec74aca905012d8aec9fec8.camel@HansenPartnership.com>
Subject: Re: Race-free block device opening
From:   James Bottomley <James.Bottomley@HansenPartnership.com>
To:     Demi Marie Obenour <demi@invisiblethingslab.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc:     Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Linux Block Mailing List <linux-block@vger.kernel.org>,
        Linux Filesystem Mailing List <linux-fsdevel@vger.kernel.org>
Date:   Wed, 27 Apr 2022 09:29:12 -0400
In-Reply-To: <Ymg2HIc8NGraPNbM@itl-email>
References: <Ymg2HIc8NGraPNbM@itl-email>
Content-Type: multipart/signed; micalg="pgp-sha256";
        protocol="application/pgp-signature"; boundary="=-m2/yxg2jUsj/Q2J7p/Oh"
User-Agent: Evolution 3.34.4 
MIME-Version: 1.0
Precedence: bulk


--=-m2/yxg2jUsj/Q2J7p/Oh
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Tue, 2022-04-26 at 14:12 -0400, Demi Marie Obenour wrote:
> Right now, opening block devices in a race-free way is incredibly
> hard.

Could you be more specific about what the race you're having problems
with is?  What is racing.

> The only reasonable approach I know of is sd_device_new_from_path() +
> sd_device_open(), and is only available in systemd git main.  It also
> requires waiting on systemd-udev to have processed udev rules, which
> can be a bottleneck.

This doesn't actually seem to be in my copy of systemd.

>   There are better approaches in various special cases, such as using
> device-mapper ioctls to check that the device one has opened still
> has the name and/or UUID one expects.  However, none of them works
> for a plain call to open(2).

Just so we're clear: if you call open on, say /dev/sdb1 and something
happens to hot unplug and then replug a different device under that
node, the file descriptor you got at open does *not* point to the new
node.  It points to a dead device responder that errors everything.

The point being once you open() something, the file descriptor is
guaranteed to point to the same device (or error).

> A much better approach would be for udev to point its symlinks at
> "/dev/disk/by-diskseq/$DISKSEQ" for non-partition disk devices, or at
> "/dev/disk/by-diskseq/${DISKSEQ}p${PARTITION}" for partitions.  A
> filesystem would then be mounted at "/dev/disk/by-diskseq" that
> provides for race-free opening of these paths.  This could be
> implemented in userspace using FUSE, either with difficulty using the
> current kernel API, or easily and efficiently using a new kernel API
> for opening a block device by diskseq + partition.  However, I think
> this should be handled by the Linux kernel itself.
>=20
> What would be necessary to get this into the kernel?  I would like to
> implement this, but I don=E2=80=99t have the time to do so anytime soon. =
 Is
> anyone else interested in taking this on?  I suspect the kernel code
> needed to implement this would be quite a bit smaller than the FUSE
> implementation.

So it sounds like the problem is you want to be sure that the device
doesn't change after you've called libblkid to identify it but before
you call open?  If that's so, the way you do this in userspace is to
call libblkid again after the open.  If the before and after id match,
you're as sure as you can be the open was of the right device.

James


--=-m2/yxg2jUsj/Q2J7p/Oh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iHUEABMIAB0WIQTnYEDbdso9F2cI+arnQslM7pishQUCYmlFKAAKCRDnQslM7pis
hUPRAP9pjLs7yDBOO2c5Li9a7Pn7ceWfSbT5gPoE+EHnc411EAD+ILidPuqJQpgK
dqmy5RX/RG/fj7Tt6j8VKRMWYrsXFbk=
=fhrO
-----END PGP SIGNATURE-----

--=-m2/yxg2jUsj/Q2J7p/Oh--