From: Al Viro <viro@ftp.linux.org.uk>
To: Pekka J Enberg <penberg@cs.helsinki.fi>
Cc: linux-fsdevel@vger.kernel.org
Subject: Re: [RFC/PATCH 2/5] revoke: core code
Date: Wed, 11 Jul 2007 11:09:59 +0100 [thread overview]
Message-ID: <20070711100959.GW21668@ftp.linux.org.uk> (raw)
In-Reply-To: <Pine.LNX.4.64.0707111247180.12522@sbz-30.cs.Helsinki.FI>
On Wed, Jul 11, 2007 at 12:50:48PM +0300, Pekka J Enberg wrote:
> Hi Al,
>
> On Wed, 11 Jul 2007, Al Viro wrote:
> > Better: I have the only opened descriptor for foo. I send it to myself
> > as described above. I close it. revoke() is called, finds no opened
> > instances of foo in any descriptor tables and cheerfully does nothing.
> > I call recvmsg() and I have completely undamaged opened file back.
>
> Uhm, nice. So, revoke() needs a proper inode -> struct files mapping
> somewhere. Can we add a list of files to struct inode? Are there other
> cases where a file can point to an inode but the file is not attached to
> any file descriptor?
Umm... Any number, really - it might be in the middle of syscall
while another task sharing descriptor table has closed the descriptor.
Then there's quota, then there's process accounting, then there's
execve() in progress, then there's knfsd working with that struct
file, etc.
The fundamental issue here is that even if you do find struct file,
you can't blindly rip its ->f_mapping since it can be in the middle
of ->read(), ->write(), pageout, etc. And even if you do manage
that, you still have the ability to do fchmod() later.
I don't see how the ability to find all instances in SCM_RIGHTS
datagrams (for example) will help you with the race I've described
first. Original state: task B has the only reference to file.
revoke() is called, passes task A. B sends datagram to A and closes
file. A receives datagram. Now the only reference is in A's table
and you've already passed that.
So you can't avoid processes keeping pointers to struct file.
If you could find all struct file over given inode (which, I suspect,
will lead to interesting locking), you could call something on
that struct file, but you'd have zero exclusion with processes
calling methods on it.
next prev parent reply other threads:[~2007-07-11 10:10 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-11 9:01 [RFC/PATCH 2/5] revoke: core code Pekka J Enberg
2007-07-11 9:37 ` Al Viro
2007-07-11 9:42 ` Al Viro
2007-07-11 9:50 ` Pekka J Enberg
2007-07-11 10:09 ` Al Viro [this message]
2007-07-11 10:54 ` Pekka J Enberg
2007-07-11 10:01 ` Pekka J Enberg
2007-07-11 10:18 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070711100959.GW21668@ftp.linux.org.uk \
--to=viro@ftp.linux.org.uk \
--cc=linux-fsdevel@vger.kernel.org \
--cc=penberg@cs.helsinki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).