xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Ian Jackson <Ian.Jackson@eu.citrix.com>
To: Martin Lucina <martin@lucina.net>
Cc: xen-devel@lists.xenproject.org, Wei Liu <wei.liu2@citrix.com>,
	Ian Campbell <ian.campbell@citrix.com>,
	Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Subject: Re: [PATCH] xenconsole: Ensure exclusive access to console using locks
Date: Fri, 24 Jul 2015 14:32:16 +0100	[thread overview]
Message-ID: <21938.15968.711376.627272@mariner.uk.xensource.com> (raw)
In-Reply-To: <1437742310-14193-1-git-send-email-martin@lucina.net>

Martin Lucina writes ("[PATCH] xenconsole: Ensure exclusive access to console using locks"):
> If more than one instance of xenconsole is run against the same DOMID
> then each instance will only get some data. This change ensures
> exclusive access to the console by creating and obtaining an exclusive
> lock on <XEN_LOCK_DIR>/xenconsole.<DOMID>.

It is a shame that we are still using ptys for the xenconsole
connection.  If it were a socket we could allow as many clients as we
like.  But I haven't got round to fixing this for the last n years so
I think the general plan you have makes sense.


> +static void console_lock(int domid)
> +{
> +	lockfile = malloc(PATH_MAX);
> +	if (lockfile == NULL)
> +		err(ENOMEM, "malloc");
> +	snprintf(lockfile, PATH_MAX - 1, "%s/xenconsole.%d", XEN_LOCK_DIR, domid);

Why not use asprintf ?


> +	lockfd = open(lockfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
> +	if (lockfd == -1)
> +		err(errno, "Could not open %s", lockfile);
> +	if (flock(lockfd, LOCK_EX|LOCK_NB) != 0)
> +		err(errno, "Could not lock %s", lockfile);
> +}

This locking strategy is not safe if the lockfile is ever unlinked,
because it allows:

    A   open         flock              .o{ I have the lock }
 
    B        unlink

    C                      open flock   .o{ I have the lock }

> +static void console_unlock(void)
> +{
> +	if (lockfd != -1) {
> +		flock(lockfd, LOCK_UN);
> +		close(lockfd);
> +	}
> +	if (lockfile != NULL)
> +		unlink(lockfile);

And this unlinking strategy is not safe even if we are more careful
with our locking.  You must only unlink with the lock held.


You should use the same recipe as with-lock-ex (from chiark-utils)

  http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=chiark-utils.git;a=blob;f=cprogs/with-lock-ex.c;h=1850d1f0283bd61fc1da12458cba7ec0a227c572;hb=HEAD
  
(which we also use in tools/hotplug/Linux/locking.sh and
tools/libxl/libxl_internal.c:libxl__lock_domain_userdata)


Ian.

  parent reply	other threads:[~2015-07-24 13:32 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-07-22 17:08 [PATCH] xenconsole: Allow non-interactive use Martin Lucina
2015-07-23  8:48 ` Ian Campbell
2015-07-23 10:53   ` Wei Liu
2015-07-23 15:09   ` Martin Lucina
2015-07-23 15:23     ` Ian Campbell
2015-07-24 11:30       ` [PATCH v2] " Martin Lucina
2015-07-24 13:13         ` Ian Campbell
2015-07-24 11:36       ` [PATCH] " Martin Lucina
2015-07-24 11:44         ` Ian Campbell
2015-07-24 12:51           ` [PATCH] xenconsole: Ensure exclusive access to console using locks Martin Lucina
2015-07-24 13:11             ` Ian Campbell
2015-07-24 13:35               ` Ian Jackson
2015-07-24 13:40               ` Martin Lucina
2015-07-24 13:54                 ` Ian Campbell
2015-07-24 13:32             ` Ian Jackson [this message]
2015-07-24 13:42               ` Martin Lucina
2015-07-24 14:47                 ` [PATCH v2] " Martin Lucina
2015-07-24 15:07                   ` Ian Jackson
2015-07-24 15:29                     ` [PATCH v3] " Martin Lucina
2015-07-24 16:01                       ` Ian Jackson
2015-07-27 12:44                         ` Martin Lucina
2015-07-27 13:29                           ` Wei Liu
2015-07-27 15:14                             ` Ian Campbell
2015-07-24 15:12                   ` [PATCH v2] " Ian Campbell
2015-07-24 13:42               ` [PATCH] " Ian Campbell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=21938.15968.711376.627272@mariner.uk.xensource.com \
    --to=ian.jackson@eu.citrix.com \
    --cc=ian.campbell@citrix.com \
    --cc=martin@lucina.net \
    --cc=stefano.stabellini@eu.citrix.com \
    --cc=wei.liu2@citrix.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).