When creating packed files, we take many small files, concatenate their contents into one large object, and then update the xattrs on each original file, to indicate it is packed and is a member of this new object, at a given offset, etc. Just before updating the xattr, we stat the file to see whether it has changed while we were packing. If so, we leave it as is. It is okay that we didn't update the xattrs, because the file was overwritten. (The remaining files in the packed object can all still be considered valid packed files. And the wrong contents of the changed file will be ignored.)
The problem is that (in the case where the stat does not indicate anybody touched the file during packing), between the moment we stat the file and the moment we update the xattrs, someone could now change the original file. In this case, it is not okay that we updated the xattrs.
The problem scenario is:
[a] packer stats file
[b] fuse writes new file with new xattrs
[c] packer overwrites new xattrs to correspond with the (obsolete) packed file.
This is a race-condition, albeit very brief. The proposed solution is to provide a special "lock" (e.g. an xattr) which can be put on the file before stat'ing and removed after updating the other xattrs. Fuse and pftool would both forbid trashing the file while the lock was held.
Okay, but what if someone writes the file after the lock has been removed? Well, that is just a normal fact of life. They overwrote the file. The packed file should be trashed as usual, and the new file written in its place. Thus, the locks are only preventing the xattrs from becoming incorrect.
What if someone had the file open for writing, while the packer was running? We put an xattr onto open files. The packer should avoid those. Its stat should also check for this xattr.
There may be other use-cases, as well. To lock an entire namespace, admins can just change the access perms in the configuration, so they don't need this technique. However, this scheme could perhaps be used to lock directory-trees, etc.