diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2008-05-08 21:19:42 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-05-16 17:22:46 -0400 |
commit | adbecb128cd2cc5d14b0ebef6d020ced0efd0ec6 (patch) | |
tree | ba0f7c202e364002eedc999526ac07262f21dae4 /fs | |
parent | afbec7fff4928c273a1f1bb14dfdfdf62688a193 (diff) |
[PATCH] dup_fd() part 4 - race fix
Parent _can_ be a clone task, contrary to the comment. Moreover,
more files could be opened while we allocate a copy, in which case
we end up copying only part into new descriptor table. Since what
we get _is_ affected by all changes in the old range, we can get
rather weird effects - e.g.
dup2(0, 1024); close(0);
in parallel with fork() resulting in child that sees the effect of
close(), but not that of dup2() done just before that close().
What we need is to recalculate the open_count after having reacquired
->file_lock and if external fdtable we'd just allocated is too small for
it, free the sucker and redo allocation.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/file.c | 10 |
1 files changed, 8 insertions, 2 deletions
@@ -308,11 +308,16 @@ struct files_struct *dup_fd(struct files_struct *oldf, int *errorp) | |||
308 | 308 | ||
309 | /* | 309 | /* |
310 | * Check whether we need to allocate a larger fd array and fd set. | 310 | * Check whether we need to allocate a larger fd array and fd set. |
311 | * Note: we're not a clone task, so the open count won't change. | ||
312 | */ | 311 | */ |
313 | if (open_files > new_fdt->max_fds) { | 312 | while (unlikely(open_files > new_fdt->max_fds)) { |
314 | spin_unlock(&oldf->file_lock); | 313 | spin_unlock(&oldf->file_lock); |
315 | 314 | ||
315 | if (new_fdt != &newf->fdtab) { | ||
316 | free_fdarr(new_fdt); | ||
317 | free_fdset(new_fdt); | ||
318 | kfree(new_fdt); | ||
319 | } | ||
320 | |||
316 | new_fdt = alloc_fdtable(open_files - 1); | 321 | new_fdt = alloc_fdtable(open_files - 1); |
317 | if (!new_fdt) { | 322 | if (!new_fdt) { |
318 | *errorp = -ENOMEM; | 323 | *errorp = -ENOMEM; |
@@ -335,6 +340,7 @@ struct files_struct *dup_fd(struct files_struct *oldf, int *errorp) | |||
335 | */ | 340 | */ |
336 | spin_lock(&oldf->file_lock); | 341 | spin_lock(&oldf->file_lock); |
337 | old_fdt = files_fdtable(oldf); | 342 | old_fdt = files_fdtable(oldf); |
343 | open_files = count_open_files(old_fdt); | ||
338 | } | 344 | } |
339 | 345 | ||
340 | old_fds = old_fdt->fd; | 346 | old_fds = old_fdt->fd; |