diff mbox series

[v3,02/10] virtiofsd: Add TempFd structure

Message ID 20210730150134.216126-3-mreitz@redhat.com (mailing list archive)
State New, archived
Headers show
Series virtiofsd: Allow using file handles instead of O_PATH FDs | expand

Commit Message

Max Reitz July 30, 2021, 3:01 p.m. UTC
We are planning to add file handles to lo_inode objects as an
alternative to lo_inode.fd.  That means that everywhere where we
currently reference lo_inode.fd, we will have to open a temporary file
descriptor that needs to be closed after use.

So instead of directly accessing lo_inode.fd, there will be a helper
function (lo_inode_fd()) that either returns lo_inode.fd, or opens a new
file descriptor with open_by_handle_at().  It encapsulates this result
in a TempFd structure to let the caller know whether the FD needs to be
closed after use (opened from the handle) or not (copied from
lo_inode.fd).

By using g_auto(TempFd) to store this result, callers will not even have
to care about closing a temporary FD after use.  It will be done
automatically once the object goes out of scope.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
---
 tools/virtiofsd/passthrough_ll.c | 49 ++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

Comments

Vivek Goyal Aug. 6, 2021, 2:41 p.m. UTC | #1
On Fri, Jul 30, 2021 at 05:01:26PM +0200, Max Reitz wrote:
> We are planning to add file handles to lo_inode objects as an
> alternative to lo_inode.fd.  That means that everywhere where we
> currently reference lo_inode.fd, we will have to open a temporary file
> descriptor that needs to be closed after use.
> 
> So instead of directly accessing lo_inode.fd, there will be a helper
> function (lo_inode_fd()) that either returns lo_inode.fd, or opens a new
> file descriptor with open_by_handle_at().  It encapsulates this result
> in a TempFd structure to let the caller know whether the FD needs to be
> closed after use (opened from the handle) or not (copied from
> lo_inode.fd).

I am wondering why this notion of "owned". Why not have this requirement
of always closing "fd". If we copied it from lo_inode.fd, then we will
need to dup() it. Otherwise we opened it from file handle and we will
need to close it anyway.

I guess you are trying to avoid having to call dup() and that's why
this notion of "owned" fd.

> 
> By using g_auto(TempFd) to store this result, callers will not even have
> to care about closing a temporary FD after use.  It will be done
> automatically once the object goes out of scope.
> 
> Signed-off-by: Max Reitz <mreitz@redhat.com>
> Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
> ---
>  tools/virtiofsd/passthrough_ll.c | 49 ++++++++++++++++++++++++++++++++
>  1 file changed, 49 insertions(+)
> 
> diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> index 1f27eeabc5..fb5e073e6a 100644
> --- a/tools/virtiofsd/passthrough_ll.c
> +++ b/tools/virtiofsd/passthrough_ll.c
> @@ -178,6 +178,28 @@ struct lo_data {
>      int user_posix_acl, posix_acl;
>  };
>  
> +/**
> + * Represents a file descriptor that may either be owned by this
> + * TempFd, or only referenced (i.e. the ownership belongs to some
> + * other object, and the value has just been copied into this TempFd).
> + *
> + * The purpose of this encapsulation is to be used as g_auto(TempFd)
> + * to automatically clean up owned file descriptors when this object
> + * goes out of scope.
> + *
> + * Use temp_fd_steal() to get an owned file descriptor that will not
> + * be closed when the TempFd goes out of scope.
> + */
> +typedef struct {
> +    int fd;
> +    bool owned; /* fd owned by this object? */
> +} TempFd;
> +
> +#define TEMP_FD_INIT ((TempFd) { .fd = -1, .owned = false })
> +
> +static void temp_fd_clear(TempFd *temp_fd);
> +G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(TempFd, temp_fd_clear);
> +
>  static const struct fuse_opt lo_opts[] = {
>      { "sandbox=namespace",
>        offsetof(struct lo_data, sandbox),
> @@ -255,6 +277,33 @@ static struct lo_data *lo_data(fuse_req_t req)
>      return (struct lo_data *)fuse_req_userdata(req);
>  }
>  
> +/**
> + * Clean-up function for TempFds
> + */
> +static void temp_fd_clear(TempFd *temp_fd)
> +{
> +    if (temp_fd->owned) {
> +        close(temp_fd->fd);
> +        *temp_fd = TEMP_FD_INIT;
> +    }
> +}
> +
> +/**
> + * Return an owned fd from *temp_fd that will not be closed when
> + * *temp_fd goes out of scope.
> + *
> + * (TODO: Remove __attribute__ once this is used.)
> + */
> +static __attribute__((unused)) int temp_fd_steal(TempFd *temp_fd)
> +{
> +    if (temp_fd->owned) {
> +        temp_fd->owned = false;
> +        return temp_fd->fd;
> +    } else {
> +        return dup(temp_fd->fd);
> +    }
> +}

This also will be simpler if we always called dup() and every caller
will close() fd. 

I think only downside is having to call dup()/close(). Not sure if this
is an expensive operation or not.

Vivek
Max Reitz Aug. 9, 2021, 10:44 a.m. UTC | #2
On 06.08.21 16:41, Vivek Goyal wrote:
> On Fri, Jul 30, 2021 at 05:01:26PM +0200, Max Reitz wrote:
>> We are planning to add file handles to lo_inode objects as an
>> alternative to lo_inode.fd.  That means that everywhere where we
>> currently reference lo_inode.fd, we will have to open a temporary file
>> descriptor that needs to be closed after use.
>>
>> So instead of directly accessing lo_inode.fd, there will be a helper
>> function (lo_inode_fd()) that either returns lo_inode.fd, or opens a new
>> file descriptor with open_by_handle_at().  It encapsulates this result
>> in a TempFd structure to let the caller know whether the FD needs to be
>> closed after use (opened from the handle) or not (copied from
>> lo_inode.fd).
> I am wondering why this notion of "owned". Why not have this requirement
> of always closing "fd". If we copied it from lo_inode.fd, then we will
> need to dup() it. Otherwise we opened it from file handle and we will
> need to close it anyway.
>
> I guess you are trying to avoid having to call dup() and that's why
> this notion of "owned" fd.

Yes, I don’t want to dup() it.  One reason is that I’d rather just not.  
It’s something that we can avoid, and dup-ing every time wouldn’t make 
the code that much simpler (I think, without having tried).

One other is because this affects the current behavior (with O_PATH 
FDs), which I don’t want to alter.

Well, and finally, as a pragmatic reason, virtiofsd-rs uses the same 
structure and I don’t really want C virtiofsd and virtiofsd-rs to differ 
too much.

>> By using g_auto(TempFd) to store this result, callers will not even have
>> to care about closing a temporary FD after use.  It will be done
>> automatically once the object goes out of scope.
>>
>> Signed-off-by: Max Reitz <mreitz@redhat.com>
>> Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
>> ---
>>   tools/virtiofsd/passthrough_ll.c | 49 ++++++++++++++++++++++++++++++++
>>   1 file changed, 49 insertions(+)
>>
>> diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
>> index 1f27eeabc5..fb5e073e6a 100644
>> --- a/tools/virtiofsd/passthrough_ll.c
>> +++ b/tools/virtiofsd/passthrough_ll.c
>> @@ -178,6 +178,28 @@ struct lo_data {
>>       int user_posix_acl, posix_acl;
>>   };
>>   
>> +/**
>> + * Represents a file descriptor that may either be owned by this
>> + * TempFd, or only referenced (i.e. the ownership belongs to some
>> + * other object, and the value has just been copied into this TempFd).
>> + *
>> + * The purpose of this encapsulation is to be used as g_auto(TempFd)
>> + * to automatically clean up owned file descriptors when this object
>> + * goes out of scope.
>> + *
>> + * Use temp_fd_steal() to get an owned file descriptor that will not
>> + * be closed when the TempFd goes out of scope.
>> + */
>> +typedef struct {
>> +    int fd;
>> +    bool owned; /* fd owned by this object? */
>> +} TempFd;
>> +
>> +#define TEMP_FD_INIT ((TempFd) { .fd = -1, .owned = false })
>> +
>> +static void temp_fd_clear(TempFd *temp_fd);
>> +G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(TempFd, temp_fd_clear);
>> +
>>   static const struct fuse_opt lo_opts[] = {
>>       { "sandbox=namespace",
>>         offsetof(struct lo_data, sandbox),
>> @@ -255,6 +277,33 @@ static struct lo_data *lo_data(fuse_req_t req)
>>       return (struct lo_data *)fuse_req_userdata(req);
>>   }
>>   
>> +/**
>> + * Clean-up function for TempFds
>> + */
>> +static void temp_fd_clear(TempFd *temp_fd)
>> +{
>> +    if (temp_fd->owned) {
>> +        close(temp_fd->fd);
>> +        *temp_fd = TEMP_FD_INIT;
>> +    }
>> +}
>> +
>> +/**
>> + * Return an owned fd from *temp_fd that will not be closed when
>> + * *temp_fd goes out of scope.
>> + *
>> + * (TODO: Remove __attribute__ once this is used.)
>> + */
>> +static __attribute__((unused)) int temp_fd_steal(TempFd *temp_fd)
>> +{
>> +    if (temp_fd->owned) {
>> +        temp_fd->owned = false;
>> +        return temp_fd->fd;
>> +    } else {
>> +        return dup(temp_fd->fd);
>> +    }
>> +}
> This also will be simpler if we always called dup() and every caller
> will close() fd.
>
> I think only downside is having to call dup()/close(). Not sure if this
> is an expensive operation or not.
>
> Vivek
>
diff mbox series

Patch

diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 1f27eeabc5..fb5e073e6a 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -178,6 +178,28 @@  struct lo_data {
     int user_posix_acl, posix_acl;
 };
 
+/**
+ * Represents a file descriptor that may either be owned by this
+ * TempFd, or only referenced (i.e. the ownership belongs to some
+ * other object, and the value has just been copied into this TempFd).
+ *
+ * The purpose of this encapsulation is to be used as g_auto(TempFd)
+ * to automatically clean up owned file descriptors when this object
+ * goes out of scope.
+ *
+ * Use temp_fd_steal() to get an owned file descriptor that will not
+ * be closed when the TempFd goes out of scope.
+ */
+typedef struct {
+    int fd;
+    bool owned; /* fd owned by this object? */
+} TempFd;
+
+#define TEMP_FD_INIT ((TempFd) { .fd = -1, .owned = false })
+
+static void temp_fd_clear(TempFd *temp_fd);
+G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(TempFd, temp_fd_clear);
+
 static const struct fuse_opt lo_opts[] = {
     { "sandbox=namespace",
       offsetof(struct lo_data, sandbox),
@@ -255,6 +277,33 @@  static struct lo_data *lo_data(fuse_req_t req)
     return (struct lo_data *)fuse_req_userdata(req);
 }
 
+/**
+ * Clean-up function for TempFds
+ */
+static void temp_fd_clear(TempFd *temp_fd)
+{
+    if (temp_fd->owned) {
+        close(temp_fd->fd);
+        *temp_fd = TEMP_FD_INIT;
+    }
+}
+
+/**
+ * Return an owned fd from *temp_fd that will not be closed when
+ * *temp_fd goes out of scope.
+ *
+ * (TODO: Remove __attribute__ once this is used.)
+ */
+static __attribute__((unused)) int temp_fd_steal(TempFd *temp_fd)
+{
+    if (temp_fd->owned) {
+        temp_fd->owned = false;
+        return temp_fd->fd;
+    } else {
+        return dup(temp_fd->fd);
+    }
+}
+
 /*
  * Load capng's state from our saved state if the current thread
  * hadn't previously been loaded.