From: Li Zefan <lizefan@huawei.com>
To: Ming Lei <ming.lei@canonical.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
<linux-kernel@vger.kernel.org>, <stable@vger.kernel.org>
Subject: Re: [PATCH 1/2] sysfs: fix race between readdir and lseek
Date: Fri, 22 Mar 2013 13:48:46 +0800 [thread overview]
Message-ID: <514BF0BE.1070907@huawei.com> (raw)
In-Reply-To: <CACVXFVMS644BpX7voMHS-xXoRs9-G4y96=ubk_NAj6KDTy1ENQ@mail.gmail.com>
On 2013/3/21 12:48, Ming Lei wrote:
> On Thu, Mar 21, 2013 at 11:28 AM, Li Zefan <lizefan@huawei.com> wrote:
>> On 2013/3/21 11:17, Ming Lei wrote:
>>> On Thu, Mar 21, 2013 at 10:41 AM, Li Zefan <lizefan@huawei.com> wrote:
>>>>
>>>> In fact the same race exists between readdir() and read()/write()...
>>>
>>> Fortunately, no read()/write() are implemented on sysfs directory, :-)
>>>
>>
>> That's irrelevant...
>
> As far as sysfs is concerned, the filp->f_ops can't be changed in
> read/write path.
>
Yes, it can...As I said, it's irrelevant, because it's vfs that changes
file->f_pos.
SYSCALL_DEFINE3(read, unsigned int, fd, char __user *, buf, size_t, count)
{
struct fd f = fdget(fd);
ssize_t ret = -EBADF;
if (f.file) {
loff_t pos = file_pos_read(f.file); <--- read f_pos
ret = vfs_read(f.file, buf, count, &pos); <--- return -EISDIR
file_pos_write(f.file, pos); <--- write f_pos
fdput(f);
}
return ret;
}
>>
>> See my report:
>>
>> https://patchwork.kernel.org/patch/2160771/
>
> Yes, I know there might be some mess after the commit ef3d0fd2
> (vfs: do (nearly) lockless generic_file_llseek).
>
> Also looks it has been stated in Documentation/filesystems/Locking:
>
> ->llseek() locking has moved from llseek to the individual llseek
> implementations. If your fs is not using generic_file_llseek, you
> need to acquire and release the appropriate locks in your ->llseek().
> For many filesystems, it is probably safe to acquire the inode
> mutex or just to use i_size_read() instead.
> Note: this does not protect the file->f_pos against concurrent modifications
> since this is something the userspace has to take care about.
>
next prev parent reply other threads:[~2013-03-22 5:49 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-20 15:25 [PATCH 0/2] sysfs: fix use after free in sysfs_readdir() Ming Lei
2013-03-20 15:25 ` [PATCH 1/2] sysfs: fix race between readdir and lseek Ming Lei
2013-03-21 2:41 ` Li Zefan
2013-03-21 3:17 ` Ming Lei
2013-03-21 3:28 ` Li Zefan
2013-03-21 4:48 ` Ming Lei
2013-03-22 5:48 ` Li Zefan [this message]
2013-03-22 9:31 ` Ming Lei
2013-03-26 7:30 ` Li Zefan
2013-03-26 8:45 ` Ming Lei
2013-03-26 14:03 ` Ming Lei
2013-03-26 15:59 ` Ming Lei
2013-03-20 15:25 ` [PATCH 2/2] sysfs: handle failure path correctly for readdir() Ming Lei
2013-03-20 16:26 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=514BF0BE.1070907@huawei.com \
--to=lizefan@huawei.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ming.lei@canonical.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox