From: Eric Blake <eblake@redhat.com>
To: Florian Larysch <fl@n621.de>, qemu-devel@nongnu.org
Cc: sw@weilnetz.de
Subject: Re: [Qemu-devel] [PATCH for-2.12] os: truncate pidfile on creation
Date: Tue, 20 Mar 2018 09:50:19 -0500 [thread overview]
Message-ID: <d5ad61b8-1570-0234-fd2a-97dfb174de59@redhat.com> (raw)
In-Reply-To: <20180320093135.26422-1-fl@n621.de>
On 03/20/2018 04:31 AM, Florian Larysch wrote:
> qemu_create_pidfile does not truncate the pidfile when it creates it,
> but rather overwrites its contents with the new pid. This works fine as
> long as the length of the pid doesn't decrease, but this might happen in
> case of wraparounds, causing pidfiles to contain trailing garbage which
> breaks operations such as 'kill $(cat pidfile)'.
Ouch. Good analysis.
However, I have to wonder if we have the opposite problem - when the
file exists (truncated) but has not yet been written, how often do we
have a race where someone can see the empty file?
Should we be going even further and writing the pid into a temporary
file and then rename(2)ing that file onto the real destination, so that
if the pid file exists at all, it has stable contents that can't cause
confusion?
>
> Instead, always truncate the file before writing it.
>
> Signed-off-by: Florian Larysch <fl@n621.de>
> ---
> os-posix.c | 2 +-
> os-win32.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/os-posix.c b/os-posix.c
> index b9c2343b1e..9a6b874180 100644
> --- a/os-posix.c
> +++ b/os-posix.c
> @@ -301,7 +301,7 @@ int qemu_create_pidfile(const char *filename)
> int len;
> int fd;
>
> - fd = qemu_open(filename, O_RDWR | O_CREAT, 0600);
> + fd = qemu_open(filename, O_RDWR | O_CREAT | O_TRUNC, 0600);
This part is right, if we don't care about the race with someone reading
an empty file.
> if (fd == -1) {
> return -1;
> }
> diff --git a/os-win32.c b/os-win32.c
> index 586a7c7d49..85dbad7af8 100644
> --- a/os-win32.c
> +++ b/os-win32.c
> @@ -108,7 +108,7 @@ int qemu_create_pidfile(const char *filename)
> memset(&overlap, 0, sizeof(overlap));
>
> file = CreateFile(filename, GENERIC_WRITE, FILE_SHARE_READ, NULL,
> - OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
> + CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
I assume this is right (at least for looking comparable to the POSIX
case), although I'm trusting you here.
Reviewed-by: Eric Blake <eblake@redhat.com>
Worth including in 2.12, unless we want to also avoid the race of an
empty pidfile.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
next prev parent reply other threads:[~2018-03-20 14:50 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-20 9:31 [Qemu-devel] [PATCH] os: truncate pidfile on creation Florian Larysch
2018-03-20 14:50 ` Eric Blake [this message]
2018-03-20 15:49 ` [Qemu-devel] [PATCH for-2.12] " Florian Larysch
2018-03-20 16:02 ` Daniel P. Berrangé
2018-03-20 16:07 ` Eric Blake
2018-03-20 16:21 ` Florian Larysch
2018-03-20 16:29 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d5ad61b8-1570-0234-fd2a-97dfb174de59@redhat.com \
--to=eblake@redhat.com \
--cc=fl@n621.de \
--cc=qemu-devel@nongnu.org \
--cc=sw@weilnetz.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).