[libvirt PATCH] util: keep the pidfile locked

marcandre.lureau@redhat.com posted 1 patch 2 weeks ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20200324235800.1880165-1-marcandre.lureau@redhat.com
src/util/vircommand.c       | 12 ++----------
tests/commanddata/test4.log |  2 +-
2 files changed, 3 insertions(+), 11 deletions(-)

[libvirt PATCH] util: keep the pidfile locked

Posted by marcandre.lureau@redhat.com 2 weeks ago
From: Marc-André Lureau <marcandre.lureau@redhat.com>

Unfortunately, advisory record locking lose the lock if any fd refering
to the file is closed. There doesn't seem to be a way to preserve the
lock atomically. We could eventually retake the lock if low pidfilefd
is required.

This fixes processes being leaked, as they are not killed in
virPidFileForceCleanupPath() if the lock can be taken. Here also, we may
consider this is not good enough, as a process may leak by simply
closing the pidfilefd.

Fixes commit d146105f1e4a9e0ab179f0b78c070ea38b9d5334 ("virCommand:
Actually acquire pidfile instead of just writing it")

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 src/util/vircommand.c       | 12 ++----------
 tests/commanddata/test4.log |  2 +-
 2 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/src/util/vircommand.c b/src/util/vircommand.c
index 77078d09fb..b84fb40948 100644
--- a/src/util/vircommand.c
+++ b/src/util/vircommand.c
@@ -797,8 +797,7 @@ virExec(virCommandPtr cmd)
         virProcessSetMaxCoreSize(0, cmd->maxCore) < 0)
         goto fork_error;
     if (cmd->pidfile) {
-        VIR_AUTOCLOSE pidfilefd = -1;
-        int newpidfilefd = -1;
+        int pidfilefd = -1;
         char c;
 
         pidfilefd = virPidFileAcquirePath(cmd->pidfile, false, getpid());
@@ -818,14 +817,7 @@ virExec(virCommandPtr cmd)
         VIR_FORCE_CLOSE(pipesync[0]);
         VIR_FORCE_CLOSE(pipesync[1]);
 
-        /* This is here only to move the pidfilefd
-         * to the lowest possible number. */
-        if ((newpidfilefd = dup(pidfilefd)) < 0) {
-            virReportSystemError(errno, "%s", _("Unable to dup FD"));
-            goto fork_error;
-        }
-
-        /* newpidfilefd is intentionally leaked. */
+        /* pidfilefd is intentionally leaked. */
     }
 
     if (cmd->hook) {
diff --git a/tests/commanddata/test4.log b/tests/commanddata/test4.log
index 5820f28307..24a37a7e96 100644
--- a/tests/commanddata/test4.log
+++ b/tests/commanddata/test4.log
@@ -9,7 +9,7 @@ ENV:USER=test
 FD:0
 FD:1
 FD:2
-FD:3
+FD:5
 DAEMON:yes
 CWD:/
 UMASK:0022
-- 
2.26.0.rc2.42.g98cedd0233

Re: [libvirt PATCH] util: keep the pidfile locked

Posted by Michal Prívozník 2 weeks ago
On 25. 3. 2020 0:58, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
> 
> Unfortunately, advisory record locking lose the lock if any fd refering
> to the file is closed. There doesn't seem to be a way to preserve the
> lock atomically. We could eventually retake the lock if low pidfilefd
> is required.
> 
> This fixes processes being leaked, as they are not killed in
> virPidFileForceCleanupPath() if the lock can be taken. Here also, we may
> consider this is not good enough, as a process may leak by simply
> closing the pidfilefd.
> 
> Fixes commit d146105f1e4a9e0ab179f0b78c070ea38b9d5334 ("virCommand:
> Actually acquire pidfile instead of just writing it")
> 
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
>  src/util/vircommand.c       | 12 ++----------
>  tests/commanddata/test4.log |  2 +-
>  2 files changed, 3 insertions(+), 11 deletions(-)

Ooops.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

and pushed. Thanks, for fixing this.

Michal