[Patch] vfs: increase scope of critical locked path in fget_light to avoid race

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Patch to increase the scope of the locked critical path in fget_light to include
the conditional where there is only one reference to the passed file_struct.
Currently there is no protection against someone modifying that reference count
after it has been read in fget_light and falling into a code path where the fd
array is modified.  The result is a race condition that leads to a corrupted fd
table and potential oopses.  This patch corrects that by enforcing the locking
protocol that is used by all other accessors of the fd table on the 1 reference
case in fget_light.  Smoke tested by me, with no failures.

Signed-off-by: Neil Horman <[email protected]>

 file_table.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

 
--- linux-2.6.git/fs/file_table.c.racefix	2005-05-20 07:32:12.000000000 -0400
+++ linux-2.6.git/fs/file_table.c	2005-05-20 08:53:03.000000000 -0400
@@ -174,17 +174,17 @@ struct file fastcall *fget_light(unsigne
 	struct files_struct *files = current->files;
 
 	*fput_needed = 0;
+	spin_lock(&files->file_lock);
 	if (likely((atomic_read(&files->count) == 1))) {
 		file = fcheck_files(files, fd);
 	} else {
-		spin_lock(&files->file_lock);
 		file = fcheck_files(files, fd);
 		if (file) {
 			get_file(file);
 			*fput_needed = 1;
 		}
-		spin_unlock(&files->file_lock);
 	}
+	spin_unlock(&files->file_lock);
 	return file;
 }
 
-- 
/***************************************************
 *Neil Horman
 *Software Engineer
 *Red Hat, Inc.
 *[email protected]
 *gpg keyid: 1024D / 0x92A74FA1
 *http://pgp.mit.edu
 ***************************************************/

Attachment: pgp3Qfe4AKQqb.pgp
Description: PGP signature


[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux