|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v1 02/10] libxl_internal: functions to lock / unlock domain configuration
Wei Liu writes ("[PATCH v1 02/10] libxl_internal: functions to lock / unlock
domain configuration"):
> Simple file lock taken from xl to serialise access to "libxl-json" file.
> If a thread cannot get hold of the lock it waits due to F_SETLKW.
Right.
> In order to generate lock file name, rename userdata_path to
> libxl__userdata_path and declare it in libxl_internal.h
I don't mind it in such a small patch but in general it is easier to
review things if non-functional changes like this are split out into a
separate patch.
> +int libxl__lock_domain_configuration(libxl__gc *gc, uint32_t domid,
> + int *fd_lock)
> +{
...
> + int rc;
> + struct flock fl;
> + const char *lockfile;
> +
> + if (*fd_lock >= 0)
> + return ERROR_INVAL;
Why not assert() ?
> + lockfile = libxl__userdata_path(gc, domid, "libxl-json.lock", "d");
Perhaps lockfile = ...(, "libxl-json", "l") ? I think users of
libxl__userdata_path are entitled to invent their own `wh' values.
Otherwise you have to document "libxl-json.lock" as a reserved
userdata name (which is a bit daft because no-one would use it, but it
is, formally speaking, wrong to use it here).
> + *fd_lock = open(lockfile, O_WRONLY|O_CREAT, S_IWUSR);
> + if (*fd_lock < 0) {
> + LOGE(ERROR, "cannot open lockfile %s errno=%d\n", lockfile, errno);
LOGE's message should not contain \n.
> + if (fcntl(*fd_lock, F_SETFD, FD_CLOEXEC) < 0) {
What's wrong with libxl_fd_set_cloexec ?
> + close(*fd_lock);
Please use the idempotent `goto out' error handling style to deal with
closing the fd on error. Your failure to do so has resulted in
error-case fd leak in this function.
> +get_lock:
> + fl.l_type = F_WRLCK;
> + fl.l_whence = SEEK_SET;
> + fl.l_start = 0;
> + fl.l_len = 0;
> + rc = fcntl(*fd_lock, F_SETLKW, &fl);
> + if (rc < 0 && errno == EINTR)
> + goto get_lock;
Please, no more of these `goto'-based loops!
> + if (rc < 0) {
> + LOGE(ERROR, "cannot acquire lock %s errno=%d\n", lockfile, errno);
> + rc = ERROR_FAIL;
goto out.
> + } else
> + rc = 0;
No, not like that. Like this:
rc = 0;
return rc;
out:
if (*fd_lock >= 0) { close(*fd_lock); *fd_lock = -1; }
return rc;
> +int libxl__unlock_domain_configuration(libxl__gc *gc, uint32_t domid,
> + int *fd_lock)
> +{
Closing the fd is sufficient. I'm not even sure why you need a whole
function for this; the caller could just call close(). The caller can
can ignore any errors (which I think are impossible anyway) since
after close the fd is gone anyway.
> +/*
> + * Lock / unlock domain configuration in libxl private data store.
> + * fd_lock contains the file descriptor pointing to the lock file.
> + */
> +int libxl__lock_domain_configuration(libxl__gc *gc, uint32_t domid,
> + int *fd_lock);
You need to explain the lifetime semantics of *fd_lock. Your code
demands that the caller set it to -1 beforehand (which is fine).
> +int libxl__unlock_domain_configuration(libxl__gc *gc, uint32_t domid,
> + int *fd_lock);
If you do retain this as a separate function, it should return void.
I can think of nothing useful that the caller could do with an error
from it.
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |