| Message ID | 1327613801-5828-1-git-send-email-lersek@redhat.com |
|---|---|
| State | New |
| Headers | show |
On Thu, Jan 26, 2012 at 10:36:41PM +0100, Laszlo Ersek wrote: > The lockf() call in qemu_create_pidfile() aims at ensuring mutual > exclusion. We shouldn't close the pidfile on success, because that drops > the lock as well [1]: > > "File locks shall be released on first close by the locking process > of any file descriptor for the file." > > Coverity may complain again about the leaked file descriptor; let's > worry about that later. > > [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/lockf.html > > Signed-off-by: Laszlo Ersek <lersek@redhat.com> > --- Isn't the normal way to do pidfiles O_CREAT | O_EXCL? It may not work on all NFS versions but putting the pidfile on NFS doesn't really make sense. Then we can drop the lockf(3) completely. Stefan
On 01/27/12 07:36, Stefan Hajnoczi wrote: > On Thu, Jan 26, 2012 at 10:36:41PM +0100, Laszlo Ersek wrote: >> The lockf() call in qemu_create_pidfile() aims at ensuring mutual >> exclusion. We shouldn't close the pidfile on success, because that drops >> the lock as well [1]: >> >> "File locks shall be released on first close by the locking process >> of any file descriptor for the file." >> >> Coverity may complain again about the leaked file descriptor; let's >> worry about that later. >> >> [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/lockf.html >> >> Signed-off-by: Laszlo Ersek<lersek@redhat.com> >> --- > > Isn't the normal way to do pidfiles O_CREAT | O_EXCL? Yes, it is. > It may not work > on all NFS versions but putting the pidfile on NFS doesn't really make > sense. > > Then we can drop the lockf(3) completely. When you rely on O_EXCL to ensure mutual exclusion, and an abruptly terminated process leaves the lockfile lying around, then the user has to clean it up manually before starting the next instance (and double check if the pid file is in fact stale or not). I'm personally OK with that, but I reckoned the qemu code tried to avoid that intentionally. Record locks can't remain stale when the process dies. Laszlo
On Fri, Jan 27, 2012 at 06:36:39AM +0000, Stefan Hajnoczi wrote: > On Thu, Jan 26, 2012 at 10:36:41PM +0100, Laszlo Ersek wrote: > > The lockf() call in qemu_create_pidfile() aims at ensuring mutual > > exclusion. We shouldn't close the pidfile on success, because that drops > > the lock as well [1]: > > > > "File locks shall be released on first close by the locking process > > of any file descriptor for the file." > > > > Coverity may complain again about the leaked file descriptor; let's > > worry about that later. > > > > [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/lockf.html > > > > Signed-off-by: Laszlo Ersek <lersek@redhat.com> > > --- > > Isn't the normal way to do pidfiles O_CREAT | O_EXCL? It may not work > on all NFS versions but putting the pidfile on NFS doesn't really make > sense. > > Then we can drop the lockf(3) completely. IMHO it is preferable to use lockf because that makes sure you are crash safe, so you don't get later bogus startup failures due to stale pidfiles Daniel
Laszlo Ersek <lersek@redhat.com> writes: > The lockf() call in qemu_create_pidfile() aims at ensuring mutual > exclusion. We shouldn't close the pidfile on success, because that drops > the lock as well [1]: > > "File locks shall be released on first close by the locking process > of any file descriptor for the file." > > Coverity may complain again about the leaked file descriptor; let's > worry about that later. > > [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/lockf.html Broken in commit 1bbd1592 by yours truly %-} Suitable pointer could be added to the commit message. > Signed-off-by: Laszlo Ersek <lersek@redhat.com> > --- > Please keep me CC'd, I'm not subscribed. Thanks! > > os-posix.c | 1 - > 1 files changed, 0 insertions(+), 1 deletions(-) > > diff --git a/os-posix.c b/os-posix.c > index 5c437ca..f4940c8 100644 > --- a/os-posix.c > +++ b/os-posix.c > @@ -348,6 +348,5 @@ int qemu_create_pidfile(const char *filename) > return -1; > } > > - close(fd); > return 0; > } We intentionally leak fd here. A comment would be nice. Reviewed-by: Markus Armbruster <armbru@redhat.com>
diff --git a/os-posix.c b/os-posix.c index 5c437ca..f4940c8 100644 --- a/os-posix.c +++ b/os-posix.c @@ -348,6 +348,5 @@ int qemu_create_pidfile(const char *filename) return -1; } - close(fd); return 0; }
The lockf() call in qemu_create_pidfile() aims at ensuring mutual exclusion. We shouldn't close the pidfile on success, because that drops the lock as well [1]: "File locks shall be released on first close by the locking process of any file descriptor for the file." Coverity may complain again about the leaked file descriptor; let's worry about that later. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/lockf.html Signed-off-by: Laszlo Ersek <lersek@redhat.com> --- Please keep me CC'd, I'm not subscribed. Thanks! os-posix.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-)