Re: [PATCH v3 02/10] virtiofsd: Add TempFd structure

[Vivek Goyal <vgoyal@redhat.com>]

On Fri, Jul 30, 2021 at 05:01:26PM +0200, Max Reitz wrote:
> We are planning to add file handles to lo_inode objects as an
> alternative to lo_inode.fd.  That means that everywhere where we
> currently reference lo_inode.fd, we will have to open a temporary file
> descriptor that needs to be closed after use.
> 
> So instead of directly accessing lo_inode.fd, there will be a helper
> function (lo_inode_fd()) that either returns lo_inode.fd, or opens a new
> file descriptor with open_by_handle_at().  It encapsulates this result
> in a TempFd structure to let the caller know whether the FD needs to be
> closed after use (opened from the handle) or not (copied from
> lo_inode.fd).

I am wondering why this notion of "owned". Why not have this requirement
of always closing "fd". If we copied it from lo_inode.fd, then we will
need to dup() it. Otherwise we opened it from file handle and we will
need to close it anyway.

I guess you are trying to avoid having to call dup() and that's why
this notion of "owned" fd.

> 
> By using g_auto(TempFd) to store this result, callers will not even have
> to care about closing a temporary FD after use.  It will be done
> automatically once the object goes out of scope.
> 
> Signed-off-by: Max Reitz <mreitz@redhat.com>
> Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
> ---
>  tools/virtiofsd/passthrough_ll.c | 49 ++++++++++++++++++++++++++++++++
>  1 file changed, 49 insertions(+)
> 
> diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> index 1f27eeabc5..fb5e073e6a 100644
> --- a/tools/virtiofsd/passthrough_ll.c
> +++ b/tools/virtiofsd/passthrough_ll.c
> @@ -178,6 +178,28 @@ struct lo_data {
>      int user_posix_acl, posix_acl;
>  };
>  
> +/**
> + * Represents a file descriptor that may either be owned by this
> + * TempFd, or only referenced (i.e. the ownership belongs to some
> + * other object, and the value has just been copied into this TempFd).
> + *
> + * The purpose of this encapsulation is to be used as g_auto(TempFd)
> + * to automatically clean up owned file descriptors when this object
> + * goes out of scope.
> + *
> + * Use temp_fd_steal() to get an owned file descriptor that will not
> + * be closed when the TempFd goes out of scope.
> + */
> +typedef struct {
> +    int fd;
> +    bool owned; /* fd owned by this object? */
> +} TempFd;
> +
> +#define TEMP_FD_INIT ((TempFd) { .fd = -1, .owned = false })
> +
> +static void temp_fd_clear(TempFd *temp_fd);
> +G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(TempFd, temp_fd_clear);
> +
>  static const struct fuse_opt lo_opts[] = {
>      { "sandbox=namespace",
>        offsetof(struct lo_data, sandbox),
> @@ -255,6 +277,33 @@ static struct lo_data *lo_data(fuse_req_t req)
>      return (struct lo_data *)fuse_req_userdata(req);
>  }
>  
> +/**
> + * Clean-up function for TempFds
> + */
> +static void temp_fd_clear(TempFd *temp_fd)
> +{
> +    if (temp_fd->owned) {
> +        close(temp_fd->fd);
> +        *temp_fd = TEMP_FD_INIT;
> +    }
> +}
> +
> +/**
> + * Return an owned fd from *temp_fd that will not be closed when
> + * *temp_fd goes out of scope.
> + *
> + * (TODO: Remove __attribute__ once this is used.)
> + */
> +static __attribute__((unused)) int temp_fd_steal(TempFd *temp_fd)
> +{
> +    if (temp_fd->owned) {
> +        temp_fd->owned = false;
> +        return temp_fd->fd;
> +    } else {
> +        return dup(temp_fd->fd);
> +    }
> +}

This also will be simpler if we always called dup() and every caller
will close() fd. 

I think only downside is having to call dup()/close(). Not sure if this
is an expensive operation or not.

Vivek