aboutsummaryrefslogtreecommitdiff
path: root/scsi/qemu-pr-helper.c
diff options
context:
space:
mode:
authorMarc-André Lureau <marcandre.lureau@redhat.com>2018-08-31 16:53:12 +0200
committerPaolo Bonzini <pbonzini@redhat.com>2018-10-02 18:47:55 +0200
commit9e6bdef224f700c057462a7d5e9b4a2770e04569 (patch)
treea9328d62c36923ef04d2896fda9f05f348d03587 /scsi/qemu-pr-helper.c
parent71bb4ce1b5592cdc03abc48cdf4ecb15b2db81a0 (diff)
util: add qemu_write_pidfile()
There are variants of qemu_create_pidfile() in qemu-pr-helper and qemu-ga. Let's have a common implementation in libqemuutil. The code is initially based from pr-helper write_pidfile(), with various improvements and suggestions from Daniel Berrangé: QEMU will leave the pidfile existing on disk when it exits which initially made me think it avoids the deletion race. The app managing QEMU, however, may well delete the pidfile after it has seen QEMU exit, and even if the app locks the pidfile before deleting it, there is still a race. eg consider the following sequence QEMU 1 libvirtd QEMU 2 1. lock(pidfile) 2. exit() 3. open(pidfile) 4. lock(pidfile) 5. open(pidfile) 6. unlink(pidfile) 7. close(pidfile) 8. lock(pidfile) IOW, at step 8 the new QEMU has successfully acquired the lock, but the pidfile no longer exists on disk because it was deleted after the original QEMU exited. While we could just say no external app should ever delete the pidfile, I don't think that is satisfactory as people don't read docs, and admins don't like stale pidfiles being left around on disk. To make this robust, I think we might want to copy libvirt's approach to pidfile acquisition which runs in a loop and checks that the file on disk /after/ acquiring the lock matches the file that was locked. Then we could in fact safely let QEMU delete its own pidfiles on clean exit.. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20180831145314.14736-2-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'scsi/qemu-pr-helper.c')
-rw-r--r--scsi/qemu-pr-helper.c40
1 files changed, 5 insertions, 35 deletions
diff --git a/scsi/qemu-pr-helper.c b/scsi/qemu-pr-helper.c
index ed037aabee..ce40008bfc 100644
--- a/scsi/qemu-pr-helper.c
+++ b/scsi/qemu-pr-helper.c
@@ -117,39 +117,6 @@ QEMU_COPYRIGHT "\n"
, name);
}
-static void write_pidfile(void)
-{
- int pidfd;
- char pidstr[32];
-
- pidfd = qemu_open(pidfile, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
- if (pidfd == -1) {
- error_report("Cannot open pid file, %s", strerror(errno));
- exit(EXIT_FAILURE);
- }
-
- if (lockf(pidfd, F_TLOCK, 0)) {
- error_report("Cannot lock pid file, %s", strerror(errno));
- goto fail;
- }
- if (ftruncate(pidfd, 0)) {
- error_report("Failed to truncate pid file");
- goto fail;
- }
-
- snprintf(pidstr, sizeof(pidstr), "%d\n", getpid());
- if (write(pidfd, pidstr, strlen(pidstr)) != strlen(pidstr)) {
- error_report("Failed to write pid file");
- goto fail;
- }
- return;
-
-fail:
- unlink(pidfile);
- close(pidfd);
- exit(EXIT_FAILURE);
-}
-
/* SG_IO support */
typedef struct PRHelperSGIOData {
@@ -1080,8 +1047,11 @@ int main(int argc, char **argv)
}
}
- if (daemonize || pidfile_specified)
- write_pidfile();
+ if ((daemonize || pidfile_specified) &&
+ !qemu_write_pidfile(pidfile, &local_err)) {
+ error_report_err(local_err);
+ exit(EXIT_FAILURE);
+ }
#ifdef CONFIG_LIBCAP
if (drop_privileges() < 0) {