[Bugme-new] [Bug 12454] New: race between procfile opens and setting of pde->owner

bugme-daemon at bugzilla.kernel.org bugme-daemon at bugzilla.kernel.org
Thu Jan 15 10:42:09 PST 2009


http://bugzilla.kernel.org/show_bug.cgi?id=12454

           Summary: race between procfile opens and setting of pde->owner
           Product: File System
           Version: 2.5
     KernelVersion: 2.6.29-rc1
          Platform: All
        OS/Version: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: Other
        AssignedTo: fs_other at kernel-bugs.osdl.org
        ReportedBy: jlayton at redhat.com


When a procfile is created, one thing that can be done is to set the "owner"
field in the proc_dir_entry. When this is done, a module_get is done against
that module when the file is opened and put when it's closed. The problem is
that there is a race window where the procfile exists on the system but the
owner is not yet set.

If this happens then no module reference will be taken on open
(try_module_get(NULL) is a no-op that returns success). If the owner is then
set while the file is open, a module reference will be put when it's closed.
This can make the module refcount go negative.

I believe fixing this requires that we make certain that if the owner is to be
set, that it be set when the proc_dir_entry is created but before proc_register
(similar to how proc_create sets the fops).

This is not a difficult problem to fix, but it will probably be labour
intensive. A new interface will need to be created that can create the procfile
with the owner already set and the places where we create procfiles will need
to be fixed to use it (and to pass in an "owner" arg).

Some possibilities for shortcuts:

1) if the owner field in the file_operations struct is set then set pde->owner
to that. We'll have to audit the existing uses to make sure that this doesn't
break anything...

2) turn proc_create and proc_create_data into wrappers that call the new
function with an owner of THIS_MODULE. That would probably work, but may mean
that some places that don't set the owner would now do so.

I count >300 places that call either proc_create, proc_create_data, or
create_proc_entry. Some sort of shortcut may be a necessity.

Alexy Dobriyan may have an opinion on this, he did a patch a while back that
added the proc_create interface that fixes a similar problem race with setting
the fops for the file.


-- 
Configure bugmail: http://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


More information about the Bugme-new mailing list