From: Al Viro <viro@ZenIV.linux.org.uk>
To: Mateusz Guzik <mguzik@redhat.com>
Cc: Yann Droneaud <ydroneaud@opteya.com>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] fs: clear close-on-exec flag as part of put_unused_fd()
Date: Wed, 11 Dec 2013 23:30:11 +0000 [thread overview]
Message-ID: <20131211233011.GA10323@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20131211223634.GA13828@mguzik.redhat.com>
On Wed, Dec 11, 2013 at 11:36:35PM +0100, Mateusz Guzik wrote:
> >From my reading this will break at least the following:
> fd = open(..., .. | O_CLOEXEC);
> dup2(whatever, fd);
>
> now fd has O_CLOEXEC even though it should not
Moreover, consider fork() done by a thread that shares descriptor
table with somebody else. Suppose it happens in the middle of
open() with O_CLOEXEC being done by another thread. We copy descriptor
table after descriptor had been reserved (and marked close-on-exec),
but before a reference to struct file has actually been inserted there.
This code
for (i = open_files; i != 0; i--) {
struct file *f = *old_fds++;
if (f) {
get_file(f);
} else {
/*
* The fd may be claimed in the fd bitmap but not yet
* instantiated in the files array if a sibling thread
* is partway through open(). So make sure that this
* fd is available to the new process.
*/
__clear_open_fd(open_files - i, new_fdt);
}
rcu_assign_pointer(*new_fds++, f);
}
spin_unlock(&oldf->file_lock);
in dup_fd() will clear the corresponding bit in open_fds, leaving close_on_exec
alone. Currently that's fine (we will override whatever had been in
close_on_exec when we reserve that descriptor again), but AFAICS with this
patch it will break.
Sure, it can be fixed up (ditto with dup2(), etc.), but what's the point?
Result will require more subtle reasoning to prove correctness and will
be more prone to breakage. Does that really yield visible performance
improvements that would be worth the extra complexity? After all, you
trade some writes to close_on_exec on descriptor reservation for unconditional
write on descriptor freeing; if anything, I would expect that you'll get
minor _loss_ from that change, assuming they'll be measurable in the first
place...
next prev parent reply other threads:[~2013-12-11 23:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-11 21:08 [PATCH] fs: clear close-on-exec flag as part of put_unused_fd() Yann Droneaud
2013-12-11 22:36 ` Mateusz Guzik
2013-12-11 23:30 ` Al Viro [this message]
2013-12-12 11:36 ` Yann Droneaud
2013-12-12 11:57 ` [PATCH] fs: bits in .close_on_exec are only defined for matching bits in .open_fds bits Yann Droneaud
2013-12-12 10:45 ` [PATCH] fs: clear close-on-exec flag as part of put_unused_fd() Yann Droneaud
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131211233011.GA10323@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mguzik@redhat.com \
--cc=ydroneaud@opteya.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).