On Fri, May 20, 2005 at 09:23:25AM -0400, Neil Horman wrote:
> Patch to increase the scope of the locked critical path in fget_light to include
> the conditional where there is only one reference to the passed file_struct.
> Currently there is no protection against someone modifying that reference count
> after it has been read in fget_light and falling into a code path where the fd
> array is modified. The result is a race condition that leads to a corrupted fd
> table and potential oopses. This patch corrects that by enforcing the locking
> protocol that is used by all other accessors of the fd table on the 1 reference
> case in fget_light. Smoke tested by me, with no failures.
Er... If we get 1, we *KNOW* who holds the only reference - that's us.
And to change refcount of files_struct you need to hold a reference to
it.
Do you have a full race scenario? With all participants spelled out, please.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
