Re: [RFC] Race condition?

From: Keith Owens (
Date: Sat Aug 03 2002 - 06:07:11 EST

On Sat, 3 Aug 2002 12:08:28 +0200,
Oliver Neukum <> wrote:
>> >I don't see any locking in the call chain leading to this function, so
>> >I think you're right. The attached patch fixes this. It costs an
>> >extra 2 atomic ops in the failure case, but otherwise just makes the
>> >processes++ operation earlier.
>> Does this race really justify extra locks? AFAICT the worst case is
>> that a user can go slightly over their RLIMIT_NPROC, and that will only
>> occur if they fork on multiple cpus "at the same time". Given the
>Only if preempt is not enabled.

Preempt is irrelevant here. To make any difference, there would have
to be an interrupt in the window between reading and updating
p->user->processes _and_ another process would have to be waiting to
enter fork(). Even if that occurred, the result is the user is one
process over their limit, big deal.

>> timing constraints on that small window, I would be surprised if this
>> race could be exploited to gain more than a couple of extra processes.
>> This looks like a case where close enough is good enough.
>There's no such thing as a tolerable race :-)

The result is just a slightly elevated process count in rare cases.
Even then it is self correcting. It is not a significant race, just a
bit of fuzzy counting.

>Anyway this code can corrupt the global variable nr_threads.
>Without the BKL it is buggy, so it has to be fixed anyway and we
>can do it right.

nr_threads is protected by tasklist_lock. How on earth can fuzzy
counting on user->processes corrupt nr_threads?

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Aug 07 2002 - 22:00:21 EST