Add sanity timeouts

[zyga]

This patch adds library functions to ensure that ensures a system call
such as flock() doesn't block for more than a given "sanity timeout"
value. This is meant to guard against bugs in the code that might
manifest as hanging process, keeping a flock-based lock alive, that will
never wake up.

The timer is implemented using SIGARLM and alarm(). The intent is to
simply wake up the system call and detect a flag being set by the signal
handler. This relies on using a signal handler that is not restarting
system calls.

Signed-off-by: Zygmunt Krynicki zygmunt.krynicki@canonical.com

[zyga]

I guess this could be done before we reset the alarm really

[jdstrand]

This is more standard (eg, http://www.gnu.org/software/libc/manual/html_node/Sigaction-Function-Example.html):

struct sigaction act;
act.sa_handler = sc_SIGALRM_handler;
if (sigemptyset(&act.sa_mask) < 0) {
    die(...);
}
act.sa_flags = 0;
if (sigaction(SIGINT, &act, NULL) < 0) {
    die(...);
}

If you use this, you can drop the comment since it is clear the flag won't be set.

[zyga]

Done, slightly differently, have a look please.

[jdstrand]

Similarly, I think you would want to use this instead:

struct sigaction act;
if (sigemptyset(&act.sa_mask) < 0) {
    die(...);
}
if (sigaction(SIGINT, &act, NULL) < 0) {
    die(...);
}

However, rather than setting this to the empty set, perhaps it would be better to save off the old action in sc_enable_sanity_timeout() and then reinstating it here. The GNU libc URL above shows how to do this; I suspect that may be overkill.

[zyga]

I assume you meant SIGARLM? I also tweaked this to restore SIG_DFL. I don't think we need to restore anything else as we're not using any other signals at this time (YAGNI)

[jdstrand]

Nitpick: you aren't using '{}' for a one line body here but you do a few lines below. Does this pass indent?

[zyga]

It does, I'll correct this to { }

[jdstrand]

Same comment here re '{}'

[jdstrand]

+1 provided my style comments are addressed.