Re: [PATCH] 2.4: Fix steal_locks race

[Herbert Xu]

On Sat, Aug 09, 2003 at 05:13:52AM +0200, Andreas Gruenbacher wrote:
> On Sat, 9 Aug 2003, Herbert Xu wrote:
> 
> > On Sat, Aug 09, 2003 at 04:04:53AM +0200, Andreas Gruenbacher wrote:
> > >
> > > > My patch is buggy too.  If a file is closed by another clone between
> > > > the two steal_locks calls the lock will again be lost.  Fortunately
> > > > this much harder to trigger than the previous bug.
> > >
> > > I think this is not a strict bug---this scenario is not covered by POSIX
> > > in the first place. Unless lock stealing is done atomically with
> > > unshare_files there is a window of oportunity between unshare_files() and
> > > steal_locks(), so locks can still get lost.
> >
> > It's not a standard compliance issue.  In this case the lock will never
> > be released and it will eventually lead to a crash when someone reads
> > /proc/locks.
> 
> I don't see how this would happen. Could you please elaborate?

Suppose that A and B share current->files and fd has a POSIX lock on it.

A			B
unshare_files
steal_locks
			close(fd)
exec fails
steal_locks
put_files_struct

The close in B fails to release the lock as it has been stolen by the
new files structure.  The second steal_locks sets the fl_owner back to
the original files structure which no longer has fd in it and hence can
never release that lock.  The put_files_struct doesn't release the lock
either since it is now owned by the original file structure.
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/