On 09/28/2012 04:09 AM, Daniel P. Berrange wrote: > On Thu, Sep 27, 2012 at 02:51:35PM -0600, Eric Blake wrote: >> On 09/27/2012 10:44 AM, Daniel P. Berrange wrote: >>> + /* Message was too large, so dump to temporary file >>> + * and pass an FD to the journal >>> + */ >>> + >>> + if ((buffd = mkostemp(path, O_CLOEXEC|O_RDWR)) < 0) >> >> Is mkostemp async-signal safe? But if it isn't, I don't know how else >> to generate a safe file name. Maybe we create ourselves a safe >> temporary directory at process start where we don't care about the async >> safety issues, and then in this function, we track a static counter that >> we increment each time we create a new file within that directory. > > I've looked the glibc source and the only functions they use are > open() and gettimeofday(), and the latter isn't actually used on > most architectures, instead it uses inline asm to read a CPU > timesource like the TSC. So IMHO, since this will be protected by > a #ifdef __linux__ we will be safe in using it. Sure, but add a big fat comment explaining our choice, so that people reading the code later remember our discussion :) -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list