From: Matt Armstrong <matt@rfc20.org>
To: Eli Zaretskii <eliz@gnu.org>
Cc: gmatta@gmail.com, 46397@debbugs.gnu.org,
Paul Eggert <eggert@cs.ucla.edu>,
craven@gmx.net
Subject: bug#46397: 27.1; Cannot delete buffer pointing to a file in a path that includes a file
Date: Wed, 10 Feb 2021 14:39:36 -0800 [thread overview]
Message-ID: <m25z2zfsyf.fsf@matts-mbp-2016.lan> (raw)
In-Reply-To: <835z2ziu52.fsf@gnu.org> (Eli Zaretskii's message of "Wed, 10 Feb 2021 21:45:45 +0200")
Eli Zaretskii <eliz@gnu.org> writes:
>> Cc: craven@gmx.net, 46397@debbugs.gnu.org, Matt Armstrong <gmatta@gmail.com>
>> From: Paul Eggert <eggert@cs.ucla.edu>
>> Date: Wed, 10 Feb 2021 11:23:46 -0800
>>
>> --- a/src/filelock.c
>> +++ b/src/filelock.c
>> @@ -532,7 +532,7 @@ current_lock_owner (lock_info_type *owner, char *lfname)
>> /* If nonexistent lock file, all is well; otherwise, got strange error. */
>> lfinfolen = read_lock_data (lfname, owner->user);
>> if (lfinfolen < 0)
>> - return errno == ENOENT ? 0 : errno;
>> + return errno == ENOENT || errno == ENOTDIR ? 0 : errno;
>
> As I said, I don't think this is TRT. Why should we silently ignore
> ENOTDIR? couldn't it mean some kind of malicious attack on the user's
> account, or some other trouble?
>
> We should not ignore these errors, we should ask the user what to do
> about them. The user can tell us the error can be ignored, but we
> should not decide that without asking.
I think Paul's commit is a good one. I'll try to explain why.
The commit does not silently ignore ENOTDIR. Instead, it is explicitly
handles that particular error code it in a way that honors the lock file
API contract.
In this case, Paul's commit changes the current_lock_owner() function
such that it returns zero upon ENOTDIR. The caller must interpret the
zero return as meaning "at the time current_lock_owner() was called,
nobody owned the lock file...or the lock file was obsolete."
ENOTDIR has a specific meaning that we can rely on. Both ENOENT and
ENOTDIR imply that the file was definitely not on disk at the time of
the call. Because of this, current_lock_owner() can safely conclude that
nobody owned the lock.
Put another way, I think a clearer API spec for current_lock_owner()
would be:
/* Return -2 if the current process owns the lock file,
or -1 if another process appears to own it (and set OWNER (if
non-null) to info),
or 0 if the lock file isn't there, or it is there but has no current
owner,
or an errno value if something is wrong with the locking mechanism. */
That spec is semantically equivalent to the current one, but makes it
more clear why ENOENT and ENOTDIR should cause the function to return
zero. Those errno values do not imply that "something is wrong with the
locking mechanism."
Up a level of abstraction, the callers of the lock file API are still
presented with coherent semantics, even if current_lock_owner() returns
"lock file not owned" when the directory is missing. If the higher level
code wants to acquire the lock, it will attempt that and get an error at
that time. If the higher level code wants to abandon a buffer, it can
just do that knowing that this process definitely doesn't own that lock.
In neither case the user need not be interrogated, and if they do, it
will be done at a time that makes much more sense to them -- when
actually trying to acquire the lock.
next prev parent reply other threads:[~2021-02-10 22:39 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-09 9:47 bug#46397: 27.1; Cannot delete buffer pointing to a file in a path that includes a file Peter
2021-02-09 23:47 ` Matt Armstrong
2021-02-10 0:23 ` Matt Armstrong
2021-02-10 15:05 ` Eli Zaretskii
2021-02-10 19:23 ` Paul Eggert
2021-02-10 19:45 ` Eli Zaretskii
2021-02-10 22:39 ` Matt Armstrong [this message]
2021-02-12 7:43 ` Eli Zaretskii
2021-02-12 9:36 ` Paul Eggert
2021-02-12 11:33 ` Eli Zaretskii
2021-02-12 23:59 ` Matt Armstrong
2021-02-13 8:07 ` Eli Zaretskii
2021-02-11 22:14 ` Matt Armstrong
2021-02-12 2:20 ` Paul Eggert
2021-02-12 7:15 ` Eli Zaretskii
2021-02-13 1:15 ` Matt Armstrong
2021-02-13 1:26 ` Paul Eggert
2021-02-13 8:21 ` Eli Zaretskii
2021-02-13 8:28 ` Eli Zaretskii
2021-02-14 0:49 ` Matt Armstrong
2021-02-14 19:22 ` Eli Zaretskii
2021-02-14 22:16 ` Matt Armstrong
2021-02-15 15:09 ` Eli Zaretskii
2021-02-16 0:49 ` Matt Armstrong
2021-02-16 1:55 ` Paul Eggert
2021-02-16 15:06 ` Eli Zaretskii
2021-02-16 11:53 ` Lars Ingebrigtsen
2021-02-22 19:24 ` bug#46397: [PATCH] " Matt Armstrong
2021-02-19 19:10 ` Matt Armstrong
2021-02-19 19:23 ` Eli Zaretskii
2021-02-19 21:46 ` Matt Armstrong
2021-02-20 9:09 ` Eli Zaretskii
2021-02-21 0:36 ` Matt Armstrong
2021-02-21 23:43 ` Mike Kupfer
2021-02-22 1:42 ` Matt Armstrong
2021-03-14 18:03 ` Bill Wohler
2021-03-17 23:36 ` Matt Armstrong
2021-02-24 17:37 ` Matt Armstrong
2021-02-24 18:50 ` Eli Zaretskii
2021-03-01 16:59 ` Eli Zaretskii
2021-03-05 22:19 ` Matt Armstrong
2021-03-06 9:36 ` Eli Zaretskii
2021-03-06 23:39 ` Matt Armstrong
2021-03-07 2:50 ` Paul Eggert
2021-03-07 5:57 ` Matt Armstrong
2021-02-19 19:45 ` Paul Eggert
2021-02-19 21:52 ` Matt Armstrong
2021-03-08 2:18 ` Matt Armstrong
2021-03-11 14:34 ` Eli Zaretskii
2021-03-17 23:49 ` Matt Armstrong
2021-03-17 23:51 ` Matt Armstrong
2021-03-20 10:43 ` Eli Zaretskii
2021-03-22 1:43 ` Matt Armstrong
2021-03-27 9:20 ` Eli Zaretskii
2021-02-10 0:26 ` Matt Armstrong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m25z2zfsyf.fsf@matts-mbp-2016.lan \
--to=matt@rfc20.org \
--cc=46397@debbugs.gnu.org \
--cc=craven@gmx.net \
--cc=eggert@cs.ucla.edu \
--cc=eliz@gnu.org \
--cc=gmatta@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).