Loading ...
Sorry, an error occurred while loading the content.

Re: myflock?

Expand Messages
  • Wietse Venema
    ... It is hard to make everything signal safe. Therefore, Postfix uses signals in a limited manner: - Enter code block, set an alarm clock, do work, and stop
    Message 1 of 8 , Mar 31, 2006
    • 0 Attachment
      Carlo Contavalli:
      > On Fri, Mar 31, 2006 at 09:58:46AM -0500, Wietse Venema wrote:
      > > Libraries that interrupt applications are is terrible design, and
      > > making every Postfix system call safe agains these could be a
      > > lifetime effort.
      > ok :) .. actually I was looking at myflock from the other side:
      > I considered myflock to be a library function, which should not make
      > assumptions over how the application handles signals. Are we sure
      > that everytime myflock is called there will be no signals disrupting
      > its behavior? (I was thinking about single_server_main)

      It is hard to make everything signal safe. Therefore, Postfix uses
      signals in a limited manner:

      - Enter code block, set an alarm clock, do work, and stop the alarm
      clock before leaving that code block. And this is only when there
      is no other solution such as select().

      - Delete an incomplete output file and _exit().

      The process that differs is master(8). It sets up handlers for
      SIGHUP, SIGTERM, and SIGCHLD, and it should have EINTR guards.

      > Quite a few times
      >
      > if(myflock(...) < 0)
      > msg_panic(...);

      Perhaps you mean msg_fatal; panic is reserved for interface
      violations and integrity violations.

      > and a few lines below where I added the EINTR check there is:
      >
      > myflock.c:131:
      > while ((status = fcntl(fd, request, &lock)) < 0
      > && request == F_SETLKW
      > && (errno == EINTR || errno == ENOLCK || errno == EDEADLK))

      It's probably there because I used cut-and-paste from earlier code.

      I'll add your EINTR test for flock(); but I would not be
      surprised if there are places that have no EINTR guard.

      If you find other calls that can use one just let me know.

      Wietse
    • Carlo Contavalli
      ... as all the libraries it uses, probably, even if postfix reliability has proven it shouldn t be an issue at all... ... yes, sorry. that was what I meant.
      Message 2 of 8 , Mar 31, 2006
      • 0 Attachment
        On Fri, Mar 31, 2006 at 11:23:23AM -0500, Wietse Venema wrote:
        > > ok :) .. actually I was looking at myflock from the other side:
        > > I considered myflock to be a library function, which should not make
        > [...]
        > The process that differs is master(8). It sets up handlers for
        > SIGHUP, SIGTERM, and SIGCHLD, and it should have EINTR guards.
        as all the libraries it uses, probably, even if postfix
        reliability has proven it shouldn't be an issue at all...

        > Perhaps you mean msg_fatal; panic is reserved for interface
        > violations and integrity violations.
        yes, sorry. that was what I meant.

        > I'll add your EINTR test for flock(); but I would not be
        > surprised if there are places that have no EINTR guard.
        ok.. that one was just biting me on some code I was working
        on. Probably, the code is based on wrong assumptions,
        and will probably change the code, but I thought
        it might have been worth reporting it.

        > If you find other calls that can use one just let me know.
        ok, I'll keep that in mind.

        Thanks,
        Carlo

        --
        GPG Fingerprint: 2383 7B14 4D08 53A4 2C1A CA29 9E98 5431 1A68 6975
        -------------
        The first time, it's a KLUDGE!
        The second, a trick.
        Later, it's a well-established technique!
        -- Mike Broido, Intermetrics
      Your message has been successfully submitted and would be delivered to recipients shortly.