Minutes of the 16 February 2012 Teleconference Austin-549 Page 1 of 1 Submitted by Andrew Josey, The Open Group. February 17 , 2012 Attendees Andrew Josey, The Open Group Don Cragun, PASC OR Mark Brown, IBM, TOG OR Geoff Clare, The Open Group Nick Stoughton, USENIX, ISO/IEC OR Eric Blake, Red Hat Jim Pugsley, Oracle Joerg Schilling, Fraunhofer Society The TC1-2008 Draft 4 document merger into the Base Specs is still progressing, XBD, XCU and XRAT are now complete, and XSH is now over 80% complete. * Old Business Bug 0000251: Forbid newline, or even bytes 1 through 31 (inclusive), in filenames OPEN http://austingroupbugs.net/view.php?id=251 This bug will remain open until after TC1 is approved *New business Bug 0000529: fildes unspecified on close()'s [EINTR] Re-OPENED http://austingroupbugs.net/view.php?id=529 This bug has been reopened due to the discussion on the mailing list. A number of notes had been added to the bug. AI: Eric agreed to add a note to the bug with a proposal (completed below). It was agreed that we would send this to the HP representative. AI: Andrew to send to Larry Dwyer. After line 15033 [XBD Constants for Functions], add: The header shall define the following symbolic constant as a value for the flag used by posix_close( ): POSIX_CLOSE_RESTART Allows restarts if a signal interrupts a close operation. After line 15094 [XBD Declarations], add: int posix_close(int, int); At line 23862 [XSH close NAME], change: close - close a file descriptor to: close, posix_close - close a file descriptor After line 22865 [XSH close SYNOPSIS], add: int posix_close(int fildes, int flag); At line 22871 [XSH close DESCRIPTION], change: If close( ) is interrupted by a signal that is to be caught, it shall return -1 with errno set to [EINTR] and the state of fildes is unspecified. If an I/O error occurred while reading from or writing to the file system during close( ), it may return -1 with errno set to [EIO]; if this error is returned, the state of fildes is unspecified. to: The close( ) function shall close fildes, even if an error occurs. If close( ) is interrupted by a signal that is to be caught, then the process shall have no further ability to track the completion or final status of the close operation, and the close( ) shall either return 0 if it is guaranteed that no data will be discarded, or shall return -1 with errno set to [EINPROGRESS] to indicate that it is unspecified whether the remainder of the close operation may discard data. After line 22915 [XSH close DESCRIPTION], add: The posix_close( ) function shall be equivalent to the close( ) function, except that the behavior shall be modified by the value of flag as described below. If flag includes POSIX_CLOSE_RESTART, and posix_close( ) is interrupted by a signal that is to be caught, then posix_close( ) may return -1 with errno set to [EINTR], in which case fildes shall be left open; however, it is unspecified whether fildes can subsequently be passed to any function except close( ) or posix_close( ) without error. If flag is invalid, posix_close( ) may fail with errno set to [EINVAL], but shall otherwise behave as if flag had been 0 and close fildes. At line 22920 [XSH close ERRORS], change: The close( ) function shall fail if: [EBADF] The fildes argument is not a valid file descriptor. [EINTR] The close( ) function was interrupted by a signal. The close( ) function may fail if: [EIO] An I/O error occurred while reading from or writing to the file system. to: The close( ) and posix_close( ) functions shall fail if: [EBADF] The fildes argument is not a valid file descriptor. [EINPROGRESS] The function was interrupted by a signal and fildes was closed without any guarantee of whether any remaining data might be discarded. The close( ) and posix_close( ) functions may fail if: [EIO] An I/O error occurred while reading from or writing to the file system. The posix_close( ) function may fail if: [EINTR] The posix_close( ) function was interrupted by a signal and the flag argument included POSIX_CLOSE_RESTART, in which case fildes is still open. [EINVAL] The value of the flag argument is invalid. The close( ) and posix_close( ) functions shall not return an [EAGAIN] or [EWOULDBLOCK] error. The close( ) function shall not return an [EINTR] error, and the posix_close( ) function shall not return an [EINTR] error unless flag includes POSIX_CLOSE_RESTART. At line 22964 [XSH close RATIONALE], change: The use of interruptible device close routines should be discouraged to avoid problems with the implicit closes of file descriptors by exec and exit( ). This volume of POSIX.1-2008 only intends to permit such behavior by specifying the [EINTR] error condition. to: The use of interruptible device close routines should be discouraged to avoid problems with the implicit closes of file descriptors, such as by exec, process termination, or dup2( ). This volume of only intends to permit such behavior by specifying the [EINTR] error condition for posix_close( ) with POSIX_CLOSE_RESTART, to allow applications a portable way to know when the event that close( ) was waiting for when it was interrupted has completed (for example, a tape drive rewinding). Although the file descriptor is left open on [EINTR], it might no longer be usable; that is, passing it to any function except close( ) might result in an error such as [EIO]. If an application must guarantee that data will not be lost, it is recommended that the application use fsync( ) prior to close( ), rather than leaving the close( ) to deal with pending I/O and risk an interrupt. Earlier versions of this standard left the state of fildes unspecified after errors such as [EINTR] and [EIO]; and implementations differed on whether close( ) left fildes open after [EINTR]. This was unsatisfactory once threads were introduced, since multithreaded applications need to know whether fildes has been closed. Applications cannot blindly call close( ) again, because if fildes was closed by the first call another thread could have been allocated a file descriptor with the same value as fildes, which must not be closed by the first thread. On the other hand, the alternative of never retrying close( ) would lead to a file descriptor leak in implementations where close( ) did not close fildes. This standard now requires that close( ) must close the file descriptor regardless of errors (except [EBADF]), and further requires that close( ) may not fail with [EINTR]; this allows code that previously retried close( ) after [EINTR] to avoid closing the wrong fildes because the retry loop will no longer be reached, while avoiding file descriptor leaks in code that does not check for failures, thus making code that assumed either implemenation portable. It should also be noted that the requirement for close( ) to always close fildes, even if an error is reported, is similar to the requirements on fclose( ) to always release the stream, even if an error is encountered while flushing data. Implementations that previously always closed fildes can meet the new requirements by translating [EINTR] to [EINPROGRESS] in close( ); and it is the intent of this standard to allow such an implementation to ignore POSIX_CLOSE_RESTART and never fail with [EINTR], rather than having to add restart semantics. On the other hand, implementations that previously left fildes open on [EINTR] can map that to posix_close( ) with POSIX_CLOSE_RESTART, and must add the semantics of posix_close( ) when flag is 0; one possibility is by wrapping the original close( ) implementation with a check of errno, and on [EINTR], using actions similar to dup2( ) to replace the incomplete close operation with another file descriptor that can be closed immediately by the original close( ), all before returning to the application. Such an implementation is encouraged to use versioned symbols, where applications compiled against a previous version of the standard treat close( ) as if it were like posix_close( ) with POSIX_CLOSE_RESTART, so as not to break implementation-specific expectations of those older applications about waiting for restartable device closes, while applications compiled against this version of the standard must be explicitly rewritten to use posix_close( ) for [EINTR] to work, in the rare cases where a retry loop is desired. The standard developers considered introducing a thread-local variable that close( ) would set to indicate whether it had closed fildes when returning -1. However, this was rejected in favor of the simpler solution of requiring close( ) to close fildes for all errors (except [EBADF]), and adding posix_close( ) as the way to expose the retry semantics. Additionally, while the name posix_close( ) is new to this standard, it is reminiscent of at least one implementation that introduced an alternate system call named close_nocancel( ) in order to allow an application to choose whether restart semantics were desired. Another consideration was whether implementations might return [EAGAIN] as an extension and whether close( ) should be required to leave the file descriptor open in this case, since [EAGAIN] normally implies an operation should be retried. It seemed very unlikely that any implementation would have a legitimate reason to return [EAGAIN] or [EWOULDBLOCK], and therefore this requirement would mean applications have to include code for an error case that will never be used. Therefore close( ) is now forbidden from returning [EAGAIN] and [EWOULDBLOCK] errors. Before page 1410 [XSH posix_fadvise], add a new redirect page: NAME posix_close - close a file descriptor SYNOPSIS #include int posix_close(int fildes, int flag); DESCRIPTION Refer to close( ). Bug 0000537: for set -e, compound commands and functions case should be clarified OPEN http://austingroupbugs.net/view.php?id=537 It was agreed to leave this item open as we had only heard back from Dave Korn.AI: Andrew to add the response from Dave Korn as a note to the bug. Bug 0000542: rm -f with no file operands Accepted http://austingroupbugs.net/view.php?id=542 This item is tagged for TC2-2008 Bug 0000526: Adopt C99 wording for zero size calloc(), malloc() et al Accepted http://austingroupbugs.net/view.php?id=526 The desired action was updated during the meeting. The item is tagged for TC2-2008. We discussed an issue raised on the reflector by Fred Tydeman. AI: It was agreed that Geoff would take an action to file a bug report. This has now been filed as bug: [1003.1(2008)/Issue 7 0000543]: Missing C99 text about undeserved underflow Next Steps ---------- The next call is on February 23 and will continue processing defect reports. This call will be for the regular 90 minutes. http://austingroupbugs.net See the calendar for the list of dialup numbers. An IRC channel will be available for the meeting irc://irc.freenode.org/austingroupbugs ICAL: http://www.google.com/calendar/ical/nvctqtstkuni3fab9k3jqtrt4g@group.calendar.google.com/public/basic XML: http://www.google.com/calendar/feeds/nvctqtstkuni3fab9k3jqtrt4g@group.calendar.google.com/public/basic