From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Florian Larysch <fl@n621.de>
Cc: Eric Blake <eblake@redhat.com>, qemu-devel@nongnu.org, sw@weilnetz.de
Subject: Re: [Qemu-devel] [PATCH for-2.12] os: truncate pidfile on creation
Date: Tue, 20 Mar 2018 16:29:58 +0000 [thread overview]
Message-ID: <20180320162958.GA4530@redhat.com> (raw)
In-Reply-To: <20180320162116.GD15157@nyx.n621.de>
On Tue, Mar 20, 2018 at 05:21:16PM +0100, Florian Larysch wrote:
> On Tue, Mar 20, 2018 at 04:02:44PM +0000, Daniel P. Berrangé wrote:
> > No, it is unsafe - we rely on lockf() to get the mutual exclusion.
> > If a QEMU is running with pidfile locked, and its pid written into
> > it, then a 2nd QEMU comes along it will truncate the pidfile owned
> > by the original QEMU because the truncation happens before it has
> > tried to acquire the lock. The 2nd QEMU will still exit, but the
> > original QEMU's pid has now been lost.
>
> That's correct, thanks for pointing it out.
>
> > We must call ftruncate() after lockf(), but before writing the new
> > pid into the file. That ensures there is no window in which it is
> > possible to see the new & old pids mixed together.
>
> I'll send a revised version doing exactly that.
>
> From my reading of the Windows API documentation, this might not be a
> problem there: The file is opened with FILE_SHARE_READ, which prohibits
> opening the file in a writable mode and CREATE_ALWAYS will only recreate
> the file if it is writable.
I don't think that's correct either I'm afraid.
FILE_SHARE_READ indicates whether other processes are allowed to open
the file in read-only mode, while we have it open for write.
We're passing GENERIC_WRITE so QEMU has it open for write, thus your
change will again cause the 2nd QEMU to blindly replace the file
owned by the original QEMU.
That said, I think the existing pidfile code for win32 is totally broken
because QEMU is closing it immediately after writing its pid. So the only
mutual exclusion is taking place in the tiny time window while QEMU is
writing the pid.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
prev parent reply other threads:[~2018-03-20 16:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-20 9:31 [Qemu-devel] [PATCH] os: truncate pidfile on creation Florian Larysch
2018-03-20 14:50 ` [Qemu-devel] [PATCH for-2.12] " Eric Blake
2018-03-20 15:49 ` Florian Larysch
2018-03-20 16:02 ` Daniel P. Berrangé
2018-03-20 16:07 ` Eric Blake
2018-03-20 16:21 ` Florian Larysch
2018-03-20 16:29 ` Daniel P. Berrangé [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180320162958.GA4530@redhat.com \
--to=berrange@redhat.com \
--cc=eblake@redhat.com \
--cc=fl@n621.de \
--cc=qemu-devel@nongnu.org \
--cc=sw@weilnetz.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).