From: Jeff Layton <jlayton@kernel.org>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
"J. Bruce Fields" <bfields@fieldses.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Daniel P . Berrangé" <berrange@redhat.com>,
"Kate Stewart" <kstewart@linuxfoundation.org>,
"Dan Williams" <dan.j.williams@intel.com>,
"Philippe Ombredanne" <pombredanne@nexb.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>
Subject: Re: [PATCH] locks: change POSIX lock ownership on execve when files_struct is displaced
Date: Sat, 17 Mar 2018 15:28:10 -0400 [thread overview]
Message-ID: <1521314890.4064.12.camel@kernel.org> (raw)
In-Reply-To: <20180317155228.GN30522@ZenIV.linux.org.uk>
On Sat, 2018-03-17 at 15:52 +0000, Al Viro wrote:
> On Sat, Mar 17, 2018 at 11:43:28AM -0400, Jeff Layton wrote:
> > On Sat, 2018-03-17 at 15:05 +0000, Al Viro wrote:
> > > On Sat, Mar 17, 2018 at 10:25:20AM -0400, Jeff Layton wrote:
> > > > From: Jeff Layton <jlayton@redhat.com>
> > > >
> > > > POSIX mandates that open fds and their associated file locks should be
> > > > preserved across an execve. This works, unless the process is
> > > > multithreaded at the time that execve is called.
> > > >
> > > > In that case, we'll end up unsharing the files_struct but the locks will
> > > > still have their fl_owner set to the address of the old one. Eventually,
> > > > when the other threads die and the last reference to the old
> > > > files_struct is put, any POSIX locks get torn down since it looks like
> > > > a close occurred on them.
> > > >
> > > > The result is that all of your open files will be intact with none of
> > > > the locks you held before execve. The simple answer to this is "use OFD
> > > > locks", but this is a nasty surprise and it violates the spec.
> > > >
> > > > On a successful execve, change ownership of any POSIX file_locks
> > > > associated with the old files_struct to the new one, if we ended up
> > > > swapping it out.
> > >
> > > TBH, I don't like the way you implement that. Why not simply use
> > > iterate_fd()?
> >
> > Ahh, I wasn't aware of it. I copied the loop in change_lock_owners from
> > close_files. I'll have a look at iterate_fd().
>
> BTW, if iterate_fd() turns out to be slower, it might make sense to have it
> look at the bitmap to skip unpopulated parts of descriptor table faster -
> other users might also benefit from that.
Thanks, I'll keep that in mind.
Full disclosure: I haven't done any performance testing with this. My
assumption is that threaded programs that execve without forking first
are rather rare. I don't know of a great way to confirm that though.
I made a small change to the v2 patch as well to use
struct files_struct * instead of fl_owner_t here. That gives us more
type safety and should prevent any problems if Bruce's patch to remove
fl_owner_t gets merged.
Thanks,
--
Jeff Layton <jlayton@kernel.org>
next prev parent reply other threads:[~2018-03-17 19:28 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-17 14:25 [PATCH] locks: change POSIX lock ownership on execve when files_struct is displaced Jeff Layton
2018-03-17 15:05 ` Al Viro
2018-03-17 15:43 ` Jeff Layton
2018-03-17 15:52 ` Al Viro
2018-03-17 19:28 ` Jeff Layton [this message]
2018-03-17 16:58 ` [PATCH v2] " Jeff Layton
2018-03-22 5:19 ` Eric W. Biederman
2018-03-22 5:36 ` Eric W. Biederman
2018-03-22 10:57 ` Jeff Layton
2018-04-02 12:56 ` Jeff Layton
2018-04-03 17:22 ` Eric W. Biederman
2018-03-22 11:14 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1521314890.4064.12.camel@kernel.org \
--to=jlayton@kernel.org \
--cc=berrange@redhat.com \
--cc=bfields@fieldses.org \
--cc=dan.j.williams@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=kstewart@linuxfoundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pombredanne@nexb.com \
--cc=tglx@linutronix.de \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.