Patchwork keep the PID file locked for the lifetime of the process

login
register
mail settings
Submitter Laszlo Ersek
Date Jan. 26, 2012, 9:36 p.m.
Message ID <1327613801-5828-1-git-send-email-lersek@redhat.com>
Download mbox | patch
Permalink /patch/138073/
State New
Headers show

Comments

Laszlo Ersek - Jan. 26, 2012, 9:36 p.m.
The lockf() call in qemu_create_pidfile() aims at ensuring mutual
exclusion. We shouldn't close the pidfile on success, because that drops
the lock as well [1]:

    "File locks shall be released on first close by the locking process
    of any file descriptor for the file."

Coverity may complain again about the leaked file descriptor; let's
worry about that later.

[1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/lockf.html

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
Please keep me CC'd, I'm not subscribed. Thanks!

 os-posix.c |    1 -
 1 files changed, 0 insertions(+), 1 deletions(-)
Stefan Hajnoczi - Jan. 27, 2012, 6:36 a.m.
On Thu, Jan 26, 2012 at 10:36:41PM +0100, Laszlo Ersek wrote:
> The lockf() call in qemu_create_pidfile() aims at ensuring mutual
> exclusion. We shouldn't close the pidfile on success, because that drops
> the lock as well [1]:
> 
>     "File locks shall be released on first close by the locking process
>     of any file descriptor for the file."
> 
> Coverity may complain again about the leaked file descriptor; let's
> worry about that later.
> 
> [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/lockf.html
> 
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---

Isn't the normal way to do pidfiles O_CREAT | O_EXCL?  It may not work
on all NFS versions but putting the pidfile on NFS doesn't really make
sense.

Then we can drop the lockf(3) completely.

Stefan
Laszlo Ersek - Jan. 27, 2012, 8:56 a.m.
On 01/27/12 07:36, Stefan Hajnoczi wrote:
> On Thu, Jan 26, 2012 at 10:36:41PM +0100, Laszlo Ersek wrote:
>> The lockf() call in qemu_create_pidfile() aims at ensuring mutual
>> exclusion. We shouldn't close the pidfile on success, because that drops
>> the lock as well [1]:
>>
>>      "File locks shall be released on first close by the locking process
>>      of any file descriptor for the file."
>>
>> Coverity may complain again about the leaked file descriptor; let's
>> worry about that later.
>>
>> [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/lockf.html
>>
>> Signed-off-by: Laszlo Ersek<lersek@redhat.com>
>> ---
>
> Isn't the normal way to do pidfiles O_CREAT | O_EXCL?

Yes, it is.

> It may not work
> on all NFS versions but putting the pidfile on NFS doesn't really make
> sense.
>
> Then we can drop the lockf(3) completely.

When you rely on O_EXCL to ensure mutual exclusion, and an abruptly 
terminated process leaves the lockfile lying around, then the user has 
to clean it up manually before starting the next instance (and double 
check if the pid file is in fact stale or not). I'm personally OK with 
that, but I reckoned the qemu code tried to avoid that intentionally. 
Record locks can't remain stale when the process dies.

Laszlo
Daniel P. Berrange - Jan. 27, 2012, 10:26 a.m.
On Fri, Jan 27, 2012 at 06:36:39AM +0000, Stefan Hajnoczi wrote:
> On Thu, Jan 26, 2012 at 10:36:41PM +0100, Laszlo Ersek wrote:
> > The lockf() call in qemu_create_pidfile() aims at ensuring mutual
> > exclusion. We shouldn't close the pidfile on success, because that drops
> > the lock as well [1]:
> > 
> >     "File locks shall be released on first close by the locking process
> >     of any file descriptor for the file."
> > 
> > Coverity may complain again about the leaked file descriptor; let's
> > worry about that later.
> > 
> > [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/lockf.html
> > 
> > Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> > ---
> 
> Isn't the normal way to do pidfiles O_CREAT | O_EXCL?  It may not work
> on all NFS versions but putting the pidfile on NFS doesn't really make
> sense.
> 
> Then we can drop the lockf(3) completely.

IMHO it is preferable to use lockf because that makes sure you are crash
safe, so you don't get later bogus startup failures due to stale pidfiles


Daniel
Markus Armbruster - Jan. 27, 2012, 1:17 p.m.
Laszlo Ersek <lersek@redhat.com> writes:

> The lockf() call in qemu_create_pidfile() aims at ensuring mutual
> exclusion. We shouldn't close the pidfile on success, because that drops
> the lock as well [1]:
>
>     "File locks shall be released on first close by the locking process
>     of any file descriptor for the file."
>
> Coverity may complain again about the leaked file descriptor; let's
> worry about that later.
>
> [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/lockf.html

Broken in commit 1bbd1592 by yours truly %-}  Suitable pointer could be
added to the commit message.

> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
> Please keep me CC'd, I'm not subscribed. Thanks!
>
>  os-posix.c |    1 -
>  1 files changed, 0 insertions(+), 1 deletions(-)
>
> diff --git a/os-posix.c b/os-posix.c
> index 5c437ca..f4940c8 100644
> --- a/os-posix.c
> +++ b/os-posix.c
> @@ -348,6 +348,5 @@ int qemu_create_pidfile(const char *filename)
>          return -1;
>      }
>  
> -    close(fd);
>      return 0;
>  }

We intentionally leak fd here.  A comment would be nice.

Reviewed-by: Markus Armbruster <armbru@redhat.com>

Patch

diff --git a/os-posix.c b/os-posix.c
index 5c437ca..f4940c8 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -348,6 +348,5 @@  int qemu_create_pidfile(const char *filename)
         return -1;
     }
 
-    close(fd);
     return 0;
 }