From: Oleg Nesterov <oleg@redhat.com>
To: Jonathan Corbet <corbet@lwn.net>
Cc: LKML <linux-kernel@vger.kernel.org>,
Andi Kleen <andi@firstfloor.org>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
Al Viro <viro@ZenIV.linux.org.uk>,
bfields@fieldses.org
Subject: Re: RFC: Fix f_flags races without the BKL
Date: Fri, 9 Jan 2009 11:08:21 +0100 [thread overview]
Message-ID: <20090109100821.GA27829@redhat.com> (raw)
In-Reply-To: <20090108162806.48caaa29@bike.lwn.net>
On 01/08, Jonathan Corbet wrote:
>
> This patch returns -ENOTTY in both places. It seems better
> to me, but it *is* a change, and we may well not want to do that.
I'm afraid, this can break user-space applications. But I agree
it looks better.
> static int setfl(int fd, struct file * filp, unsigned long arg)
> {
> @@ -176,25 +179,52 @@ static int setfl(int fd, struct file * filp, unsigned long arg)
> if (error)
> return error;
>
> - /*
> - * We still need a lock here for now to keep multiple FASYNC calls
> - * from racing with each other.
> - */
> - lock_kernel();
> if ((arg ^ filp->f_flags) & FASYNC) {
> - if (filp->f_op && filp->f_op->fasync) {
> - error = filp->f_op->fasync(fd, filp, (arg & FASYNC) != 0);
> - if (error < 0)
> - goto out;
> - }
> + error = fasync_change(fd, filp, (arg & FASYNC) != 0);
> + if (error < 0)
> + goto out;
So, fasync_change() sets/clears FASYNC,
> + lock_file_flags();
> filp->f_flags = (arg & SETFL_MASK) | (filp->f_flags & ~SETFL_MASK);
> + unlock_file_flags();
and then we change f_flags again, including F_ASYNC bit.
This is racy?
Suppose T1 does setfl(arg == 0) and preempted before lock_file_flags()
above. T2 does setfl(FASYNC) and succeeds. T1 resumes and clears FASYNC.
Now we have the same problem, the file's state is not consistent.
> +int fasync_change(int fd, struct file *filp, int on)
> +{
> + int ret;
> + static DEFINE_MUTEX(fasync_mutex);
> +
> + if (filp->f_op->fasync == NULL)
> + return -ENOTTY;
> +
> + mutex_lock(&fasync_mutex);
> + lock_file_flags();
> + if (((filp->f_flags & FASYNC) == 0) == (on == 0)) {
> + unlock_file_flags();
> + return 0;
> + }
> + if (on)
> + filp->f_flags |= FASYNC;
> + else
> + filp->f_flags &= ~FASYNC;
> + unlock_file_flags();
> + ret = filp->f_op->fasync(fd, filp, on);
> + mutex_unlock(&fasync_mutex);
> + return ret;
But we must not change ->f_flags if ->fasync() fails?
Now we have the global mutex for ->fasync... Well, not very
good but fasync_helper() takes fasync_lock anyway.
Oleg.
next prev parent reply other threads:[~2009-01-09 10:10 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-29 11:13 RFC: Fix f_flags races without the BKL Jonathan Corbet
2008-12-29 11:57 ` Sam Ravnborg
2008-12-30 12:49 ` Jonathan Corbet
2008-12-29 12:41 ` Oleg Nesterov
2008-12-29 15:27 ` Andi Kleen
2008-12-30 12:59 ` Jonathan Corbet
2008-12-30 13:04 ` [xfs-masters] " Christoph Hellwig
2008-12-30 13:37 ` Andi Kleen
2008-12-30 14:48 ` Christoph Hellwig
2008-12-31 9:52 ` Jonathan Corbet
2008-12-30 14:55 ` Andi Kleen
2009-01-08 23:28 ` Jonathan Corbet
2009-01-09 10:08 ` Oleg Nesterov [this message]
2009-01-09 13:18 ` Jonathan Corbet
2009-01-09 14:03 ` Oleg Nesterov
2009-01-09 15:09 ` Andi Kleen
2008-12-29 12:50 ` [xfs-masters] " Christoph Hellwig
2008-12-29 15:15 ` Andi Kleen
2009-01-02 18:29 ` Al Viro
2009-01-02 18:27 ` Al Viro
2009-01-02 18:42 ` Al Viro
2009-01-02 19:09 ` Oleg Nesterov
2009-01-02 19:54 ` Al Viro
2009-01-03 16:45 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090109100821.GA27829@redhat.com \
--to=oleg@redhat.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=andi@firstfloor.org \
--cc=bfields@fieldses.org \
--cc=corbet@lwn.net \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox