Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 88846a2c authored by Josh Gao's avatar Josh Gao
Browse files

Let system_server truncate tombstones. 

There's no way to atomically unlink a specific file for which we have an fd from
a path, which means that we can't safely delete a tombstone without coordination
with tombstoned, which is risky. For example, if we use flock on the directory,
and system_server crashes while holding the lock, we risk deadlock.

We do the next best thing, and keep a file descriptor around for every
tombstone, and truncate it, which requires system_server to be able to
write to tombstones (which are owned by the system group).

Test: treehugger
Change-Id: I6ba7f1fe87ee1a4b57bdb3741e8ec9fbc80788c9
parent b44cf2d7

debuggerd/tombstoned/tombstoned.cpp

+3 −3
Original line number Diff line number Diff line
@@ -143,13 +143,13 @@ class CrashQueue { 
    CrashArtifact result;



    std::optional<std::string> path;

    result.fd.reset(openat(dir_fd_, ".", O_WRONLY | O_APPEND | O_TMPFILE | O_CLOEXEC, 0640));

    result.fd.reset(openat(dir_fd_, ".", O_WRONLY | O_APPEND | O_TMPFILE | O_CLOEXEC, 0660));

    if (result.fd == -1) {

      // We might not have O_TMPFILE. Try creating with an arbitrary filename instead.

      static size_t counter = 0;

      std::string tmp_filename = StringPrintf(".temporary%zu", counter++);

      result.fd.reset(openat(dir_fd_, tmp_filename.c_str(),

                             O_WRONLY | O_APPEND | O_CREAT | O_TRUNC | O_CLOEXEC, 0640));

                             O_WRONLY | O_APPEND | O_CREAT | O_TRUNC | O_CLOEXEC, 0660));

      if (result.fd == -1) {

        PLOG(FATAL) << "failed to create temporary tombstone in " << dir_path_;

      }
@@ -509,7 +509,7 @@ static void crash_completed_cb(evutil_socket_t sockfd, short ev, void* arg) { 
}



int main(int, char* []) {

  umask(0137);

  umask(0117);



  // Don't try to connect to ourselves if we crash.

  struct sigaction action = {};