From: Jan Kara <jack@suse.cz>
To: Lennart Sorensen <lsorense@csclub.uwaterloo.ca>
Cc: Bodo Eggert <7eggert@gmx.de>, Diego Calleja <diegocg@gmail.com>,
Jiri Kosina <jkosina@suse.cz>, Jan Kara <jack@suse.cz>,
Michal Hocko <mhocko@suse.cz>, Meelis Roos <mroos@linux.ee>,
Linux Kernel list <linux-kernel@vger.kernel.org>,
linux-fsdevel@vger.kernel.org
Subject: Re: file offset corruption on 32-bit machines?
Date: Mon, 14 Apr 2008 18:20:31 +0200 [thread overview]
Message-ID: <20080414162031.GD15824@duck.suse.cz> (raw)
In-Reply-To: <20080411135544.GG2160@csclub.uwaterloo.ca>
On Fri 11-04-08 09:55:44, Lennart Sorensen wrote:
> On Fri, Apr 11, 2008 at 02:24:34PM +0200, Bodo Eggert wrote:
> > AS far as I understand, the race is e.g.:
> >
> > fpos := A:a, we want to make process/thread a read A:b or B:a without it
> > being a correct value in fpos. a!=b!=c, A!=B, A!=C.
> >
> > a: read fpos.high (A:?)
> > b: write fpos (B:b)
> > a: read fpos.low (A:b)
> >
> >
> > If you change this to
> >
> > a: read fpos.high
> > a: read fpos.low
> > a: read fpos.high
> > a: read fpos.low
> >
> > and compare the results, you need to
> >
> > a: read fpos.high (A:?)
> > b: write fpos (B:b)
> > a: read fpos.low (A:b)
> > b: write fpos (A:c)
> > a: read fpos.high (A:b),(A:?)
> > b: write fpos (C:b)
> > a: read fpos.low (A:b),(A:b)
> >
> > That would be winning three races in order to hit the bug.
> >
> >
> > OTOH, writers MUST NOT be interrupted, because:
> >
> > b: write fpos.high (B:a)
> > a: read fpos.high (B:?)
> > a: read fpos.low (B:a)
> > a: read fpos.high (B:a),(B:?)
> > a: read fpos.low (B:a),(B:a)
> > b: write fpos.low (B:b)
>
> So if you write multithreaded code and don't understand what locking
> around shared resources is for, then your application might break. Can
> you give an example where locking is being used correctly where this can
> possibly fail? The kernel can't prevent idiots from writing bad code
> that breaks.
>
> I just don't get this "problem".
Well, as Jiri Kosina wrote, this isn't a problem unless someone finds
a way how to use this race for some attack (and for example making f_pos
negative compromises security so it is not so far-fetched as it would
seem). So proactively fixing this makes some sence.
Honza
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
next prev parent reply other threads:[~2008-04-14 16:20 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <agh4d-6yc-35@gated-at.bofh.it>
[not found] ` <ah5tY-3lR-7@gated-at.bofh.it>
[not found] ` <ah5DA-3X9-9@gated-at.bofh.it>
[not found] ` <ah5X5-4tl-13@gated-at.bofh.it>
[not found] ` <ah66A-4Nk-7@gated-at.bofh.it>
[not found] ` <ah7vN-7Wz-9@gated-at.bofh.it>
2008-04-11 12:24 ` file offset corruption on 32-bit machines? Bodo Eggert
2008-04-11 12:24 ` Bodo Eggert
2008-04-11 13:55 ` Lennart Sorensen
2008-04-11 16:59 ` Bryan Henderson
2008-04-11 17:15 ` Lennart Sorensen
2008-04-11 21:29 ` Bryan Henderson
2008-04-12 8:48 ` Pavel Machek
2008-04-14 16:20 ` Jan Kara [this message]
2008-04-14 16:22 ` Lennart Sorensen
2008-04-14 16:53 ` Jan Kara
2008-04-14 16:54 ` Alan Cox
2008-04-14 18:34 ` Alexey Dobriyan
2008-04-14 17:06 ` Lennart Sorensen
2008-04-14 19:03 ` Jan Kara
2008-04-14 19:29 ` Lennart Sorensen
2008-04-14 19:42 ` Jan Kara
2008-04-14 19:45 ` Lennart Sorensen
2008-04-15 8:57 ` Pavel Machek
2008-04-15 15:32 ` Lennart Sorensen
2008-04-15 17:34 ` Pavel Machek
2008-04-15 18:24 ` Lennart Sorensen
2008-04-15 19:12 ` Pavel Machek
2008-04-15 19:49 ` Lennart Sorensen
2008-04-15 20:06 ` Pavel Machek
2008-04-15 20:28 ` Peter Zijlstra
2008-04-16 8:15 ` Pavel Machek
2008-04-16 8:20 ` Peter Zijlstra
2008-04-16 10:54 ` Alan Cox
2008-04-16 13:57 ` Lennart Sorensen
2008-04-15 20:29 ` Lennart Sorensen
2008-04-15 22:11 ` Bryan Henderson
2008-04-16 9:40 ` Jamie Lokier
2008-04-08 8:05 Meelis Roos
2008-04-10 13:55 ` Michal Hocko
2008-04-10 14:01 ` Jiri Kosina
2008-04-10 14:27 ` Jan Kara
2008-04-10 14:31 ` Jiri Kosina
2008-04-10 14:48 ` Matthew Wilcox
2008-04-10 15:22 ` Jan Kara
2008-04-10 15:30 ` Matthew Wilcox
2008-04-10 15:19 ` Jan Kara
2008-04-10 15:37 ` Michal Hocko
2008-04-10 15:56 ` Jan Kara
2008-04-10 16:03 ` Diego Calleja
2008-04-10 16:03 ` Diego Calleja
2008-04-10 16:15 ` Jan Kara
2008-04-11 19:26 ` Pavel Machek
2008-04-14 16:25 ` Jan Kara
2008-04-10 14:31 ` Michal Hocko
2008-04-10 14:35 ` Jiri Kosina
2008-04-10 14:11 ` Martin Mares
2008-04-10 15:12 ` Jan Kara
2008-04-10 15:14 ` Jamie Lokier
2008-04-10 15:21 ` Matthew Wilcox
2008-04-10 15:28 ` Jan Kara
2008-04-10 15:33 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080414162031.GD15824@duck.suse.cz \
--to=jack@suse.cz \
--cc=7eggert@gmx.de \
--cc=diegocg@gmail.com \
--cc=jkosina@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lsorense@csclub.uwaterloo.ca \
--cc=mhocko@suse.cz \
--cc=mroos@linux.ee \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.