A computer comprising one or more processors and memory may implement multiple threads performing mutually exclusive lock acquisition operations on disjoint ranges of a shared resource each using atomic compare and swap (CAS) operations. A linked list of currently locked ranges is maintained and, upon entry to a lock acquisition operation, a thread waits for all locked ranges overlapping the desired range to be released then inserts a descriptor for the desired range into the linked list using a single CAS operation. To release a locked range, a thread executes a single fetch and add (FAA) operation. The operation may be extended to support simultaneous exclusive and non-exclusive access by allowing overlapping ranges to be locked for non-exclusive access and by performing an additional validation after locking to provide conflict resolution should a conflict be detected.

Methods and systems for file locking are described herein. An on-premise file share may store files that are accessible to both a local on-premise client and a remote off-premise client. The off-premise file share may request to check-out one of the files. In response, one of multiple nodes may obtain for the file a file handle with exclusive write access. File locking information may be stored at the file share that indicates the node that holds the file handle and that indicates the file is in a locked state whereby other remote off-premise clients or local on-premise clients are prevented from editing the file.

Disclosed herein are system, method, and computer program product embodiments for providing a security model to customizable live applications in a cloud collaboration platform. The security approach may dedicate a frame to each live application, serving the frame from a different domain than a document in which the live application is embedded. This approach ensures that more stringent security requirements may be required of the live application and allows the data presented to the live application to be narrowly tailored. The security model may further leverage sandbox attributes and content-security policies to restrict the behavior of sandboxed and non-sandboxed live applications in accordance with best security practices.

A server in a cloud-based environment interfaces with storage devices that store shared content accessible by two or more users. Individual items within the shared content are associated with respective object metadata that is also stored in the cloud-based environment. Download requests initiate downloads of instances of a virtual file system module to two or more user devices associated with two or more users. The downloaded virtual file system modules capture local metadata that pertains to local object operations directed by the users over the shared content. Changed object metadata attributes are delivered to the server and to other user devices that are accessing the shared content. Peer-to-peer connections can be established between the two or more user devices. Object can be divided into smaller portions such that processing the individual smaller portions of a larger object reduces the likelihood of a conflict between user operations over the shared content.

In at least one embodiment, processing can include acquiring a spinlock on a cached copy of a metadata (MD) page includes a field stored in two cache lines; updating a register to include an updated value of the field; determining whether a first portion of the updated value of the register is non-zero, wherein two portions of the updated value of the field as stored in the register correspond to the two cache lines; and responsive to determining that the first portion of the updated value of the register is non-zero, performing processing including: storing the first portion of the updated value of the field from the register in the first cache line; and subsequent to performing storing the first portion, storing the second portion of the updated value of the field as stored in the register in the second cache line.

A method of distributed file deletion, performed by a storage system, is provided. The method includes receiving, at the storage system, a request to delete a directory and contents of the directory and adding the directory to a first set, listed in a memory in the storage system. The method includes operating on the first set, by examining each directory in the first set to identify subdirectories, adding each identified subdirectory to the first set as a directory, and adding each examined directory to a second set listed in the memory. The method includes deleting in a distributed manner across the storage system without concern for order, contents of directories, and the directories, listed in the second set.

The present technology pertains to responding to a kernel level file event for a content item and presenting a file event window associated with the content item. A client device can detect the kernel level file event for the content item. This can be accomplished using a kernel extension on a client device that is networked with a content management system. The client device can then retrieve data associated with the content item, including an instruction for the content item. The client device can then perform the instruction. This instruction can be to retrieve collaboration data from the content management system and present the collaboration data in a file event window.

Disclosed herein are system, method, and computer program product embodiments for generating folder keys and using folder keys to access folder paths. In an embodiment, a computer system may instantiate a graphical user interface (GUI) to display folder and sub-folder contents as well as a folder key. A user may input a folder key as a representation of the displayed sub-folder of the corresponding folder path. The folder key may include one or more symbols that the computer system may store and associate with the folder path. Using the folder key, the computer system may retrieve a particular sub-folder, manage security or permissions related to folders, and/or facilitate navigation between sub-folders. Using a folder key may aid a user in quickly navigating to a particular sub-folder and may allow a computer system to avoid loading unnecessary intermediate sub-folders as a user navigates to a particular desired sub-folder.

Techniques are disclosed relating to installing and operating applications in a server-based application workspace. A computer system, while operating the server-based application workspace, may store subscription information indicating a user that is a developer for a particular application package, and one or more users that are subscribers for the particular application package. The computer system may further store lock data for the particular application package that indicates user permissions to edit at least one application component for the particular application package. Based on the lock data, the computer system may permit the developer to edit the at least one application component of the particular application package, and deny requests from the one or more users to edit the at least one application component.

A global lock is used to access a first set of data structures. An active transaction having a transaction start identifier is identified as a globally oldest active transaction associated with the first set of data structures. A first marker value of a first data structure of a second set of data structures is compared to the transaction start identifier to determine satisfaction of a first condition. In response to satisfying the first condition, the first data structure is accessed to identify a first set of data locks associated with one or more transactions each having a transaction completion identifier that satisfies a second condition when compared to the transaction start identifier. In response to satisfying the second condition, the first set of data locks is released.