David Alessio <david.alessio@hsa.hitachi.com> wrote:
thomasf@qnx.com > wrote:
David Alessio <> david.alessio@hsa.hitachi.com> > wrote:
thomasf@qnx.com > wrote:
I want to attach a name /dev/1
-If /dev/1 already attached, it is clear I should fail.
Yes
-If /dev/1/2 already attached, should I fail?
Follow the same logic detailed in resmgr_attach/_RESMGR_FLAG_DIR – no
dir beneath a file.
If /dev/1/2 is a dir and you want to attach /dev/1 as a file, then yes
it should fail. Otherwise it seems legal to me.
Except that is a policy which is suggested to programmers but not
a rule actually enforced. If you want to do something odd like
that (put a file in the same location as a directory), you can,
the system won’t stop you.
OK.
-If /dev/ already attached, should I fail?
Clearly not.
Why not … /dev as a “directory” resource manager could be
providing an instance of /dev/1, and it may be a conditional
file so that the path manager has no way of guaranteeing if
that file exists in any atomic fashion.
Yes, you’re quite right. But if UNIQUE means fail in this case, it
would decimate the usefulness of UNIQUE. How could we then build a
system with your /dev (which has no intention of providing /dev/widget)
together with my /dev/widget and still prevent an accidental second
instatiation of widget? And the fact /dev may conditionally provide
anything just further confounds any effort to support this
interpretation.
Let’s carry out the scenario where UNIQUE does not mean fail for this
case.
If widget used _RESMGR_FLAG_BEFORE and is started after the /dev
dir-resmgr we’d be OK for the moment, right? i.e. There’d be only one
widget resmgr and it’ll handle “/dev/widget”. But how do we stay above
other (subsequent) dir resmgrs? Do we need a flag:
_RESMGR_FLAG_ALWAYS_BEFORE_DIRS
guarantees that resmgr will be before all dir resmgrs
can not be used with _RESMGR_FLAG_DIR
BTW: Isn’t this a problem that HA has to solve?
What you have to remember is that size (or length in this case)
matters in terms of the “priority” or ordering of the name resolution.
If we have two managers operating with no ordering flags:
Server 1: /dev
Server 2: /dev/widget
and the /dev server also provides a “widget” file (/dev/widget).
The resolution process will always resolve to Server 2 first
because it is the longest mountpoint match, then to Server 1
since as a directory it might manifest the file “widget”.
As such there is no need for a _RESMGR_FLAG_ALWAYS_BEFORE_DIRS
flag. The BEFORE/AFTER/OPAQUE flags are only relevant when
there are several servers attached with the same mount point,
regardless if it is a filesystem or a device resource manager.
The problem is that the _RESMGR_FLAG_UNIQUE would only make sense
in the case where you don’t specify _RESMGR_FLAG_DIR, and the only
I’m not sure if I should agree with this. Isn’t this just a sub-class
of your first case?
If I attach a name /dev/1 with (_RESMGR_FLAG_DIR | _RESMGR_FLAG_UNIQUE)
it should fail if /dev/1 exists as either a dir or a file.
But if /dev/1/2 already exists as a file, I don’t see a problem.
The question here is what is the purpose of the UNIQUE
flag. Is it to guarantee that there is no manager who
is already registered at a given mountpoint. This is a
Yes, exactly.
condition which can easily be guaranteed since it is
entirely within the realm of the path manager.
If the purpose is to guarantee that there is nothing else
in the system which is using that “path” before we perform
an attach (ala O_EXCL), then regardless of how much effort
we go to, the path manager can make no such guarantees. If
it can’t be guaranteed then it is of no use to anyone.
I’d be willing to concede to the validity and usefullness of
the first case, but not to the second.
We’re in sync.
Additional food for thought is to consider what guarantees
one would expect to have about the meaning of the UNIQUE
mountpoint. Would this forbid others (non-unique) from
mounting on this path?
Perhaps “UNIQUE” is not the best name for such a flag…
I agree, if it were to be implemented, it would most likely
take on the name _RESMGR_FLAG_EXCL, modelling after the
O_EXCL open mode which most programmers will be familiar
with.
But to answer your question, it depends on how you want to assign
responsibility for preserving UNIQUEness.
I’m mainly looking for a solution to preventing multiple instatiation of
a resmgr. So from the perspective of that problem, either
interpretation of the UNIQUE flag would have the same result – I could
rest assured the second attempt would fail. The question becomes:
Should the flag be used to allow other resmgrs to [optionally] honor
uniqueness (in which case the second resmgr would [could] back off)? Or
should the flag be used for the first resmgr to “trademark” the name (in
which case attempts from subsequent resmgrs would be rejected)?
Or should there be both UNIQUE and TRADEMARK flags?
My personal opinion is that the normal file operations
of the world work just fine with O_EXCL type of operation.
If this were present it would no doubt suit the needs of
developers like yourself. Any additional work to reject
other attaches (malicious or not) would be pushed to the
application since an attach of the mythical EXCL flag
in addition to BEFORE on a properly configured system
would guarantee exclusive access to that name.
Good discussion. All taken under advisement and consideration.
Thanks,
Thomas
Thomas (toe-mah) Fletcher QNX Software Systems
thomasf@qnx.com Neutrino Development Group
(613)-591-0931 http://www.qnx.com/~thomasf