bus signal_handler: call _exit in the unlikely event that the pipe is full or invalid
authorSimon McVittie <simon.mcvittie@collabora.co.uk>
Wed, 29 Jun 2011 15:44:33 +0000 (16:44 +0100)
committerSimon McVittie <simon.mcvittie@collabora.co.uk>
Fri, 5 Aug 2011 13:39:34 +0000 (14:39 +0100)
On OSs with abstract sockets, this is close enough. On OSs without
abstract sockets, this results in failing to clean up Unix sockets
in /tmp if someone has sent us thousands of SIGHUP signals since we
last entered the main loop - I think that's acceptable.

The reload pipe should never get closed, but if it is for some reason,
we want a SIGTERM after that to cause an exit too.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=38656
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
bus/main.c

index b35ccf6..47f38c8 100644 (file)
@@ -101,13 +101,19 @@ signal_handler (int sig)
         DBusString str;
         char action[2] = { ACTION_QUIT, '\0' };
         _dbus_string_init_const (&str, action);
-        if ((reload_pipe[RELOAD_WRITE_END] > 0) &&
+        if ((reload_pipe[RELOAD_WRITE_END] < 0) ||
             !_dbus_write_socket (reload_pipe[RELOAD_WRITE_END], &str, 0, 1))
           {
+            /* If we can't write to the socket, dying seems a more
+             * important response to SIGTERM than cleaning up sockets,
+             * so we exit. We'd use exit(), but that's not async-signal-safe,
+             * so we'll have to resort to _exit(). */
             static const char message[] =
-              "Unable to write to reload pipe - buffer full?\n";
+              "Unable to write termination signal to pipe - buffer full?\n"
+              "Will exit instead.\n";
 
             write (STDERR_FILENO, message, strlen (message));
+            _exit (1);
           }
       }
       break;