Bug 39815 - Atomic Creation of uploaded files in mod_dav
Summary: Atomic Creation of uploaded files in mod_dav
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_dav (show other bugs)
Version: 2.5-HEAD
Hardware: Other other
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: FixedInTrunk, PatchAvailable
Depends on:
Blocks:
 
Reported: 2006-06-15 05:23 UTC by Paul Querna
Modified: 2012-02-26 16:40 UTC (History)
2 users (show)


Attachments
attempted fix for 2.2.x (1.89 KB, patch)
2006-06-15 05:23 UTC, Paul Querna 		Details | Diff
also disable inode keyed locks and cleanup the tempfile if something goes wrong (4.97 KB, patch)
2009-07-10 10:10 UTC, Stefan Fritsch 		Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Paul Querna 2006-06-15 05:23:14 UTC 
mod_dav_fs currently writes a file to disk as it is created on disk.

It does not atomically create the file from the upload.  It is hard for external
processes to tell when the upload is complete.
Comment 1 Paul Querna 2006-06-15 05:23:54 UTC 
Created attachment 18472 [details]
attempted fix for 2.2.x
Comment 2 Garrett Rooney 2006-06-15 11:58:30 UTC 
This looks reasonable to me, although I haven't actually tested it.  Only two
comments.

1) The fpath variable could be const, and is declared with different spacing
around the * than everything else in the file.

2) You could move the declaration of fpath and rv into the blocks where they're
used, although I'm not sure if that style is used in this code or not, so no big
deal.
Comment 3 Joe Orton 2006-06-15 12:34:19 UTC 
ISTR from Greg trying this before that it breaks locking (because the lock is
keyed off the inode); have you tried a litmus run with this?
Comment 4 Daniel Seither 2009-03-27 06:27:06 UTC 
(In reply to comment #3)
> ISTR from Greg trying this before that it breaks locking (because the lock is
> keyed off the inode); have you tried a litmus run with this?

I tried litmus and got errors after applying the patch. In fact, locking does not work (first failed test: "DELETE of locked resource should fail"). I am looking into this issue now.
Comment 5 Daniel Seither 2009-06-16 04:39:14 UTC 
I'm sorry, but I could not find a quick fix. Someone with a stronger experience in Apache programming (or more spare time available) may come up with a solution, though.
Comment 6 Stefan Fritsch 2009-07-08 13:51:25 UTC 
This bug can also cause data loss: When something goes wrong with a PUT request that replaces a file, the old file will be deleted.


I see three possible solutions:

1) Create a new hook that is called in dav_notify_created() to update the lock key. This breaks mod_dav's API compatibility and cannot be done in 2.2

2) Use a temp file that is moved over the old file as in Paul's patch, and switch the lock key from inode to filename.

3) Use a temp file that is copied over the old file. This is slow and doesn't solve the problem completely.


I would vote for 2), in order to get this into 2.2.
Comment 7 Stefan Fritsch 2009-07-10 10:10:30 UTC 
Created attachment 23956 [details]
also disable inode keyed locks and cleanup the tempfile if something goes wrong

Switching to filenames in the lock keys is simple and fixes the litmus failures. Are there some numbers on what impact this has on performance?

I have also added some code to remove the tmpfile when the new file is not committed.

For the case that a file is opened seekable and the file existed before, the file should probably not be deleted on error.
Comment 8 Stefan Fritsch 2009-11-09 05:14:41 UTC 
solution 2) commited to trunk as r834049
Comment 9 Stefan Fritsch 2012-02-26 16:40:49 UTC 
fixed in 2.4.1