locks: add warning about mandatory locking races

The mandatory file locking implementation has long-standing races that probably render it useless. I know of no plans to fix them. Till we do, we should at least warn people. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
author: J. Bruce Fields <bfields@citi.umich.edu> 2007-09-25 11:57:19 -0400
committer: J. Bruce Fields <bfields@citi.umich.edu> 2007-10-09 18:32:45 -0400
commit: 9efa68ed079af97f4e9477eadef567ffe64f7afc (patch)
tree: 4f5ea350d651f1030ae24068cdfa8b8c145167c1
parent: 4f3b19ca41fbe572e3d44caf516c215b286fe2a6 (diff)
1 files changed, 20 insertions, 1 deletions
diff --git a/Documentation/filesystems/mandatory-locking.txt b/Documentation/filesystems/mandatory-locking.txt
index bc449d49eee5..0979d1d2ca8b 100644
--- a/Documentation/filesystems/mandatory-locking.txt
+++ b/Documentation/filesystems/mandatory-locking.txt
@@ -3,7 +3,26 @@
                Andy Walker <andy@lysaker.kvaerner.no>
                           15 April 1996
+                     (Updated September 2007)
+0. Why you should avoid mandatory locking
+-----------------------------------------
+The Linux implementation is prey to a number of difficult-to-fix race
+conditions which in practice make it not dependable:
+        - The write system call checks for a mandatory lock only once
+          at its start.  It is therefore possible for a lock request to
+          be granted after this check but before the data is modified.
+          A process may then see file data change even while a mandatory
+          lock was held.
+        - Similarly, an exclusive lock may be granted on a file after
+          the kernel has decided to proceed with a read, but before the
+          read has actually completed, and the reading process may see
+          the file data in a state which should not have been visible
+          to it.
+        - Similar races make the claimed mutual exclusion between lock
+          and mmap similarly unreliable.
 1. What is  mandatory locking?
 ------------------------------
author	J. Bruce Fields <bfields@citi.umich.edu>	2007-09-25 11:57:19 -0400
committer	J. Bruce Fields <bfields@citi.umich.edu>	2007-10-09 18:32:45 -0400
commit	9efa68ed079af97f4e9477eadef567ffe64f7afc (patch)
tree	4f5ea350d651f1030ae24068cdfa8b8c145167c1
parent	4f3b19ca41fbe572e3d44caf516c215b286fe2a6 (diff)

diff --git a/Documentation/filesystems/mandatory-locking.txt b/Documentation/filesystems/mandatory-locking.txt index bc449d49eee5..0979d1d2ca8b 100644 --- a/Documentation/filesystems/mandatory-locking.txt +++ b/Documentation/filesystems/mandatory-locking.txt
@@ -3,7 +3,26 @@
3	Andy Walker <andy@lysaker.kvaerner.no>	3	Andy Walker <andy@lysaker.kvaerner.no>
4		4
5	15 April 1996	5	15 April 1996
6		6	(Updated September 2007)
		7
		8	0. Why you should avoid mandatory locking
		9	-----------------------------------------
		10
		11	The Linux implementation is prey to a number of difficult-to-fix race
		12	conditions which in practice make it not dependable:
		13
		14	- The write system call checks for a mandatory lock only once
		15	at its start. It is therefore possible for a lock request to
		16	be granted after this check but before the data is modified.
		17	A process may then see file data change even while a mandatory
		18	lock was held.
		19	- Similarly, an exclusive lock may be granted on a file after
		20	the kernel has decided to proceed with a read, but before the
		21	read has actually completed, and the reading process may see
		22	the file data in a state which should not have been visible
		23	to it.
		24	- Similar races make the claimed mutual exclusion between lock
		25	and mmap similarly unreliable.
7		26
8	1. What is mandatory locking?	27	1. What is mandatory locking?
9	------------------------------	28	------------------------------