> -Original Message-
> From: Al Viro [mailto:v...@ftp.linux.org.uk] On Behalf Of Al Viro
> Sent: Saturday, August 31, 2013 3:36 PM
> To: Liu, Chuansheng
> Cc: Eric Dumazet; linux-fsde...@vger.kernel.org; linux-kernel@vger.kernel.org
> Subject: Re: [PATCH] Fix the race between the fget()
On Sat, Aug 31, 2013 at 07:01:33AM +, Liu, Chuansheng wrote:
> My scenario is:
> P1 files_struct refcount is 1, P2's is 1 also.
> P1 get_files_struct(P2)
> P1 install one file into P2's files_struct
> P1 put_files_struct(P2)
>
> Then P1 and P2's files_struct refcount are 1, then when P1 is
> -Original Message-
> From: Al Viro [mailto:v...@ftp.linux.org.uk] On Behalf Of Al Viro
> Sent: Saturday, August 31, 2013 2:48 PM
> To: Liu, Chuansheng
> Cc: Eric Dumazet; linux-fsde...@vger.kernel.org; linux-kernel@vger.kernel.org
> Subject: Re: [PATCH] Fix the race between the fget()
On Sat, Aug 31, 2013 at 05:53:11AM +, Liu, Chuansheng wrote:
> I think I found one of possible race here(two processes P1 and P2):
> P1 has the the files_struct pointer FILES1, P2 has the files_struct pointer
> FILES2,
>
> When P1 open file, the new struct file pointer SHARE_FILE will be
On Sat, Aug 31, 2013 at 05:53:11AM +, Liu, Chuansheng wrote:
I think I found one of possible race here(two processes P1 and P2):
P1 has the the files_struct pointer FILES1, P2 has the files_struct pointer
FILES2,
When P1 open file, the new struct file pointer SHARE_FILE will be
-Original Message-
From: Al Viro [mailto:v...@ftp.linux.org.uk] On Behalf Of Al Viro
Sent: Saturday, August 31, 2013 2:48 PM
To: Liu, Chuansheng
Cc: Eric Dumazet; linux-fsde...@vger.kernel.org; linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Fix the race between the fget() and
On Sat, Aug 31, 2013 at 07:01:33AM +, Liu, Chuansheng wrote:
My scenario is:
P1 files_struct refcount is 1, P2's is 1 also.
P1 get_files_struct(P2)
P1 install one file into P2's files_struct
P1 put_files_struct(P2)
Then P1 and P2's files_struct refcount are 1, then when P1 is doing
-Original Message-
From: Al Viro [mailto:v...@ftp.linux.org.uk] On Behalf Of Al Viro
Sent: Saturday, August 31, 2013 3:36 PM
To: Liu, Chuansheng
Cc: Eric Dumazet; linux-fsde...@vger.kernel.org; linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Fix the race between the fget() and
Hello Al,
> -Original Message-
> From: Al Viro [mailto:v...@ftp.linux.org.uk] On Behalf Of Al Viro
> Sent: Tuesday, August 27, 2013 8:49 AM
> To: Liu, Chuansheng
> Cc: Eric Dumazet; linux-fsde...@vger.kernel.org; linux-kernel@vger.kernel.org
> Subject: Re: [PATCH] Fix the race between the
Hello Al,
-Original Message-
From: Al Viro [mailto:v...@ftp.linux.org.uk] On Behalf Of Al Viro
Sent: Tuesday, August 27, 2013 8:49 AM
To: Liu, Chuansheng
Cc: Eric Dumazet; linux-fsde...@vger.kernel.org; linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Fix the race between the
Thanks Al.
> -Original Message-
> From: Al Viro [mailto:v...@ftp.linux.org.uk] On Behalf Of Al Viro
> Sent: Tuesday, August 27, 2013 8:43 AM
> To: Liu, Chuansheng
> Cc: Eric Dumazet; linux-fsde...@vger.kernel.org; linux-kernel@vger.kernel.org
> Subject: Re: [PATCH] Fix the race between
On Tue, Aug 27, 2013 at 01:42:47AM +0100, Al Viro wrote:
> Might be buggered refcounting on struct file somewhere (i.e. extra fput()
> done,
> getting the file freed *before* close(), leaving a dangling pointer in
> descriptor table). Might be memory corruption of some kind, slapping junk
>
On Mon, Aug 26, 2013 at 11:56:43PM +, Liu, Chuansheng wrote:
> Yes, the fix is really insane, I realized it after sent it.
> But I think the race is there, right?
Yes, in userland code. Depending on the timing, T3 might
* issue ioctl() on old file if called before close() in T1
Hello Al and Eric,
Thanks your comments, please see the below comments.
> -Original Message-
> From: Al Viro [mailto:v...@ftp.linux.org.uk] On Behalf Of Al Viro
> Sent: Monday, August 26, 2013 7:30 PM
> To: Liu, Chuansheng
> Cc: linux-fsde...@vger.kernel.org; linux-kernel@vger.kernel.org
On Tue, 2013-08-27 at 00:12 +0800, Chuansheng Liu wrote:
> When one thread is calling sys_ioctl(), and another thread is calling
> sys_close(), current code has protected most cases.
>
> But for the below case, it will cause issue:
> T1T2
On Tue, Aug 27, 2013 at 12:12:49AM +0800, Chuansheng Liu wrote:
>
> When one thread is calling sys_ioctl(), and another thread is calling
> sys_close(), current code has protected most cases.
>
> But for the below case, it will cause issue:
> T1T2
When one thread is calling sys_ioctl(), and another thread is calling
sys_close(), current code has protected most cases.
But for the below case, it will cause issue:
T1T2 T3
sys_close(oldfile)sys_open(newfile)
When one thread is calling sys_ioctl(), and another thread is calling
sys_close(), current code has protected most cases.
But for the below case, it will cause issue:
T1T2 T3
sys_close(oldfile)sys_open(newfile)
On Tue, Aug 27, 2013 at 12:12:49AM +0800, Chuansheng Liu wrote:
When one thread is calling sys_ioctl(), and another thread is calling
sys_close(), current code has protected most cases.
But for the below case, it will cause issue:
T1T2
On Tue, 2013-08-27 at 00:12 +0800, Chuansheng Liu wrote:
When one thread is calling sys_ioctl(), and another thread is calling
sys_close(), current code has protected most cases.
But for the below case, it will cause issue:
T1T2 T3
Hello Al and Eric,
Thanks your comments, please see the below comments.
-Original Message-
From: Al Viro [mailto:v...@ftp.linux.org.uk] On Behalf Of Al Viro
Sent: Monday, August 26, 2013 7:30 PM
To: Liu, Chuansheng
Cc: linux-fsde...@vger.kernel.org; linux-kernel@vger.kernel.org
On Mon, Aug 26, 2013 at 11:56:43PM +, Liu, Chuansheng wrote:
Yes, the fix is really insane, I realized it after sent it.
But I think the race is there, right?
Yes, in userland code. Depending on the timing, T3 might
* issue ioctl() on old file if called before close() in T1
On Tue, Aug 27, 2013 at 01:42:47AM +0100, Al Viro wrote:
Might be buggered refcounting on struct file somewhere (i.e. extra fput()
done,
getting the file freed *before* close(), leaving a dangling pointer in
descriptor table). Might be memory corruption of some kind, slapping junk
pointer
Thanks Al.
-Original Message-
From: Al Viro [mailto:v...@ftp.linux.org.uk] On Behalf Of Al Viro
Sent: Tuesday, August 27, 2013 8:43 AM
To: Liu, Chuansheng
Cc: Eric Dumazet; linux-fsde...@vger.kernel.org; linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Fix the race between the
24 matches
Mail list logo
