From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:34827)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1STzQb-000205-3a
	for qemu-devel@nongnu.org; Mon, 14 May 2012 13:51:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1STzQY-0006Gq-8z
	for qemu-devel@nongnu.org; Mon, 14 May 2012 13:51:24 -0400
Received: from mx1.redhat.com ([209.132.183.28]:9670)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1STzQY-0006GZ-0F
	for qemu-devel@nongnu.org; Mon, 14 May 2012 13:51:22 -0400
Message-ID: <4FB14611.7090808@redhat.com>
Date: Mon, 14 May 2012 11:51:13 -0600
From: Eric Blake <eblake@redhat.com>
MIME-Version: 1.0
References: <20120514144058.2ffac223@doriath.home>
In-Reply-To: <20120514144058.2ffac223@doriath.home>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="------------enig9037774E087F4951E21BE8C0"
Subject: Re: [Qemu-devel] [PATCH] qemu-ga: guest-shutdown: use only
	async-signal-safe functions
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Luiz Capitulino <lcapitulino@redhat.com>
Cc: qemu-devel <qemu-devel@nongnu.org>, mdroth@linux.vnet.ibm.com

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig9037774E087F4951E21BE8C0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 05/14/2012 11:40 AM, Luiz Capitulino wrote:
> POSIX mandates[1] that a child process of a multi-thread program uses
> only async-signal-safe functions before exec(). We consider qemu-ga
> to be multi-thread, because it uses glib.
>=20
> However, qmp_guest_shutdown() uses functions that are not
> async-signal-safe. Fix it the following way:
>=20
> - fclose() -> reopen_fd_to_null()
> - execl() -> execle()
> - exit() -> _exit()
> - drop slog() usage (which is not safe)
>=20
>   [1] http://pubs.opengroup.org/onlinepubs/009695399/functions/fork.htm=
l
>=20

>  # @guest-shutdown:
>  #
>  # Initiate guest-activated shutdown. Note: this is an asynchronous
> -# shutdown request, with no guaruntee of successful shutdown. Errors
> -# will be logged to guest's syslog.
> +# shutdown request, with no guaruntee of successful shutdown.

As long as you are changing docs, fix the typo:

s/guaruntee/guarantee/

> +++ b/qga/commands-posix.c
> @@ -57,16 +57,13 @@ void qmp_guest_shutdown(bool has_mode, const char *=
mode, Error **err)
>      if (pid =3D=3D 0) {
>          /* child, start the shutdown */
>          setsid();
> -        fclose(stdin);
> -        fclose(stdout);
> -        fclose(stderr);
> -
> -        ret =3D execl("/sbin/shutdown", "shutdown", shutdown_flag, "+0=
",
> -                    "hypervisor initiated shutdown", (char*)NULL);
> -        if (ret) {
> -            slog("guest-shutdown failed: %s", strerror(errno));
> -        }
> -        exit(!!ret);
> +        reopen_fd_to_null(0);
> +        reopen_fd_to_null(1);
> +        reopen_fd_to_null(2);

I prefer the POSIX-mandated macros STDIN_FILENO, STDOUT_FILENO, and
STDERR_FILENO, but don't know if qemu intends to rely on them (according
to gnulib, at least older mingw lacked those macro names from
<unistd.h>).  So I won't make you change this.

> +
> +        ret =3D execle("/sbin/shutdown", "shutdown", shutdown_flag, "+=
0",
> +                    "hypervisor initiated shutdown", (char*)NULL, envi=
ron);

Where was 'environ' declared?  POSIX says that environ must exist, but
that it is the one variable where you must declare it yourself rather
than getting it from a public header.  (For convenience, glibc declares
environ in <unistd.h> when using _GNU_SOURCE, but when you are asking
for strict standards namespace compliance, it disappears.)

> +        _exit(!!ret);

Why are we even bothering with ret?  If execle() returns, we _know_ we
had a failure, and !!ret will always be 1.

--=20
Eric Blake   eblake@redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--------------enig9037774E087F4951E21BE8C0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJPsUYRAAoJEKeha0olJ0Nq5rkH/Rffb6uUMc/9ORITNVa+pLYa
H+PE0KVBrX2pGhKa4Kr94wg5cSnFF975N2pRjHcJ2pC7F2VCNtGKqfbKtamGhcet
W5LLS+624wHAqQhk0Zyjp6Lgf4bHIDGpCSRQBw5t7fXEMJ5Way9JARGJSvqYyvha
TqdnCwHP9hj9Ku2WrdqiHr2qlpRDYQhEq/husaoT5hunAECjDqHGhOQy71L/ET9Q
RwoYANR/90wOpMYaCPmvhVub1xQwHF9ry+CvP1bo/tXhNc10Xlc0aZZa885RFMot
sqxQZ1ANC0pmyn3s0nPxnK6aHzRoMqdufJJ9OxFpac8jnTf410aZEhPCRgBarAM=
=VZNN
-----END PGP SIGNATURE-----

--------------enig9037774E087F4951E21BE8C0--