diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-03-03 12:36:58 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2014-03-10 11:44:41 -0400 |
| commit | 9c225f2655e36a470c4f58dbbc99244c5fc7f2d4 (patch) | |
| tree | 7cb89dbc82ee1b533ff2d097fed6a4248374bd4b /include/linux/fs.h | |
| parent | 1b56e98990bcdbb20b9fab163654b9315bf158e8 (diff) | |
vfs: atomic f_pos accesses as per POSIX
Our write() system call has always been atomic in the sense that you get
the expected thread-safe contiguous write, but we haven't actually
guaranteed that concurrent writes are serialized wrt f_pos accesses, so
threads (or processes) that share a file descriptor and use "write()"
concurrently would quite likely overwrite each others data.
This violates POSIX.1-2008/SUSv4 Section XSI 2.9.7 that says:
"2.9.7 Thread Interactions with Regular File Operations
All of the following functions shall be atomic with respect to each
other in the effects specified in POSIX.1-2008 when they operate on
regular files or symbolic links: [...]"
and one of the effects is the file position update.
This unprotected file position behavior is not new behavior, and nobody
has ever cared. Until now. Yongzhi Pan reported unexpected behavior to
Michael Kerrisk that was due to this.
This resolves the issue with a f_pos-specific lock that is taken by
read/write/lseek on file descriptors that may be shared across threads
or processes.
Reported-by: Yongzhi Pan <panyongzhi@gmail.com>
Reported-by: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include/linux/fs.h')
| -rw-r--r-- | include/linux/fs.h | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/include/linux/fs.h b/include/linux/fs.h index 60829565e552..ebfde04bca06 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h | |||
| @@ -123,6 +123,9 @@ typedef void (dio_iodone_t)(struct kiocb *iocb, loff_t offset, | |||
| 123 | /* File is opened with O_PATH; almost nothing can be done with it */ | 123 | /* File is opened with O_PATH; almost nothing can be done with it */ |
| 124 | #define FMODE_PATH ((__force fmode_t)0x4000) | 124 | #define FMODE_PATH ((__force fmode_t)0x4000) |
| 125 | 125 | ||
| 126 | /* File needs atomic accesses to f_pos */ | ||
| 127 | #define FMODE_ATOMIC_POS ((__force fmode_t)0x8000) | ||
| 128 | |||
| 126 | /* File was opened by fanotify and shouldn't generate fanotify events */ | 129 | /* File was opened by fanotify and shouldn't generate fanotify events */ |
| 127 | #define FMODE_NONOTIFY ((__force fmode_t)0x1000000) | 130 | #define FMODE_NONOTIFY ((__force fmode_t)0x1000000) |
| 128 | 131 | ||
| @@ -780,13 +783,14 @@ struct file { | |||
| 780 | const struct file_operations *f_op; | 783 | const struct file_operations *f_op; |
| 781 | 784 | ||
| 782 | /* | 785 | /* |
| 783 | * Protects f_ep_links, f_flags, f_pos vs i_size in lseek SEEK_CUR. | 786 | * Protects f_ep_links, f_flags. |
| 784 | * Must not be taken from IRQ context. | 787 | * Must not be taken from IRQ context. |
| 785 | */ | 788 | */ |
| 786 | spinlock_t f_lock; | 789 | spinlock_t f_lock; |
| 787 | atomic_long_t f_count; | 790 | atomic_long_t f_count; |
| 788 | unsigned int f_flags; | 791 | unsigned int f_flags; |
| 789 | fmode_t f_mode; | 792 | fmode_t f_mode; |
| 793 | struct mutex f_pos_lock; | ||
| 790 | loff_t f_pos; | 794 | loff_t f_pos; |
| 791 | struct fown_struct f_owner; | 795 | struct fown_struct f_owner; |
| 792 | const struct cred *f_cred; | 796 | const struct cred *f_cred; |