[OpenAFS-devel] flock Input/output error

Derek Atkins warlord@MIT.EDU
Fri, 13 Aug 2010 09:18:39 -0400 

Hans-Werner Paulsen <hans@MPA-Garching.MPG.DE> writes:

> On Wed, Aug 11, 2010 at 11:34:53PM +0100, Simon Wilkinson wrote:
>> The first is that locks and unlocks can race against each other. On a
>> lock we do SetAFSLock, SetKernelLock. On unlock we do ReleaseAFSLock,
>> ReleaseKernelLock. However, we don't hold any locks on the file
>> whilst we do so. Multiple calls to set a lock are safe, as the
>> SetAFSLock serialises them. However, a lock and an unlock may race
>> each other. In this case we have
>> 
>> Process A                 Process B
>> SetAFSLock
>> SetKernelLock
>> ....
>> ReleaseAFSLock
>> 			  SetAFSLock
>> 			  SetKernelLock
>> ReleaseKernelLock
>> 
>> Process B can't get the kernel lock, despite the fact that it has the AFS lock, because process A hasn't released it yet. So you get an error message.
>
> Isn't possible to do ReleaseKernelLock first, and then ReleaseAFSLock on
> unlock?
>

To which Simon replied:

> If ReleaseAFSLock fails for some reason, we don't want to release the
> kernel lock. Releasing it, only to reobtain it, is racy. I'm pretty
> sure that the correct solution here is to hold the vcache lock across
> the calls - I'll hopefully get a chance to look at some code to do
> this today.

Here's the issue:  When you're using multiple locks, you need to
consider them as a stack.  You should consider it illegal to:

lock A
lock B
unlock A
unlock B

This (erroneous) locking strategy *will* lead to deadlocks.  The reason
is exactly as Hans-Werner pointed out.  As soon as you unlock A then a
second process can obtain A..  But then if the first process tries to
re-aquire A (because, e.g. something else failed) then it will deadlock.
To work around these kinds of deadlocks you must make the locks dependent:

lock A
lock B
unlock B
unlock A

In other words, in order to hold lock B you must already have lock A.

So the questions to you would be:  What is AFSLock and what is
KernelLock?  And what are the relationships between them?  Clearly they
are not quite independent.  You ask "what if ReleaseAFSLock fails?"  Can
you fail to release the AFS lock?  If so, what would it MEAN to fail to
release the AFS Lock?

If you're really worried about failing to release the AFSLock, then what
about if you can only have the AFSLock if you have the KernelLock?

> HW

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available