linux-sg2042/fs
Eric Dumazet 5ba97d2832 fs/file.c: __fget() and dup2() atomicity rules
__fget() does lockless fetch of pointer from the descriptor
table, attempts to grab a reference and treats "it was already
zero" as "it's already gone from the table, we just hadn't
seen the store, let's fail".  Unfortunately, that breaks the
atomicity of dup2() - __fget() might see the old pointer,
notice that it's been already dropped and treat that as
"it's closed".  What we should be getting is either the
old file or new one, depending whether we come before or after
dup2().

Dmitry had following test failing sometimes :

int fd;
void *Thread(void *x) {
  char buf;
  int n = read(fd, &buf, 1);
  if (n != 1)
    exit(printf("read failed: n=%d errno=%d\n", n, errno));
  return 0;
}

int main()
{
  fd = open("/dev/urandom", O_RDONLY);
  int fd2 = open("/dev/urandom", O_RDONLY);
  if (fd == -1 || fd2 == -1)
    exit(printf("open failed\n"));
  pthread_t th;
  pthread_create(&th, 0, Thread, 0);
  if (dup2(fd2, fd) == -1)
    exit(printf("dup2 failed\n"));
  pthread_join(th, 0);
  if (close(fd) == -1)
    exit(printf("close failed\n"));
  if (close(fd2) == -1)
    exit(printf("close failed\n"));
  printf("DONE\n");
  return 0;
}

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2015-07-01 02:31:08 -04:00
..
9p get rid of assorted nameidata-related debris 2015-05-15 01:10:37 -04:00
adfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
affs fs: cleanup slight list_entry abuse 2015-06-23 18:01:59 -04:00
afs VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
autofs4 make simple_positive() public 2015-06-23 18:02:01 -04:00
befs fs: cleanup slight list_entry abuse 2015-06-23 18:01:59 -04:00
bfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
btrfs fs: Rename file_remove_suid() to file_remove_privs() 2015-06-23 18:01:08 -04:00
cachefiles Merge branch 'fscache-fixes' into for-next 2015-06-23 18:01:30 -04:00
ceph make simple_positive() public 2015-06-23 18:02:01 -04:00
cifs don't pass nameidata to ->follow_link() 2015-05-10 22:20:15 -04:00
coda fs: cleanup slight list_entry abuse 2015-06-23 18:01:59 -04:00
configfs make simple_positive() public 2015-06-23 18:02:01 -04:00
cramfs
debugfs make simple_positive() public 2015-06-23 18:02:01 -04:00
devpts VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
dlm netlink: make nlmsg_end() and genlmsg_end() void 2015-01-18 01:03:45 -05:00
ecryptfs get rid of assorted nameidata-related debris 2015-05-15 01:10:37 -04:00
efivarfs Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-05-06 10:57:37 -07:00
efs VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
exofs pagemap.h: move dir_pages() over there 2015-06-23 18:02:00 -04:00
exportfs VFS: (Scripted) Convert S_ISLNK/DIR/REG(dentry->d_inode) to d_is_*(dentry) 2015-02-22 11:38:41 -05:00
ext2 pagemap.h: move dir_pages() over there 2015-06-23 18:02:00 -04:00
ext3 ext3: switch to simple_follow_link() 2015-05-10 22:18:22 -04:00
ext4 vfs: add file_path() helper 2015-06-23 18:00:05 -04:00
f2fs switch ->put_link() from dentry to inode 2015-05-11 08:13:12 -04:00
fat Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
freevxfs pagemap.h: move dir_pages() over there 2015-06-23 18:02:00 -04:00
fscache FS-Cache: Retain the netfs context in the retrieval op earlier 2015-04-02 14:28:53 +01:00
fuse fs: Rename file_remove_suid() to file_remove_privs() 2015-06-23 18:01:08 -04:00
gfs2 don't pass nameidata to ->follow_link() 2015-05-10 22:20:15 -04:00
hfs fs: cleanup slight list_entry abuse 2015-06-23 18:01:59 -04:00
hfsplus fs: cleanup slight list_entry abuse 2015-06-23 18:01:59 -04:00
hostfs switch ->put_link() from dentry to inode 2015-05-11 08:13:12 -04:00
hpfs fs: cleanup slight list_entry abuse 2015-06-23 18:01:59 -04:00
hppfs switch ->put_link() from dentry to inode 2015-05-11 08:13:12 -04:00
hugetlbfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
isofs VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
jbd jbd: Deletion of an unnecessary check before the function call "iput" 2014-11-18 10:15:29 +01:00
jbd2 jbd2: complain about descriptor block checksum errors 2015-01-19 15:59:58 -05:00
jffs2 fs: cleanup slight list_entry abuse 2015-06-23 18:01:59 -04:00
jfs fs: cleanup slight list_entry abuse 2015-06-23 18:01:59 -04:00
kernfs new helper: free_page_put_link() 2015-05-11 08:13:13 -04:00
lockd nfsd: eliminate NFSD_DEBUG 2015-04-21 16:16:02 -04:00
logfs logfs: fix a pagecache leak for symlinks 2015-05-10 22:18:28 -04:00
minix pagemap.h: move dir_pages() over there 2015-06-23 18:02:00 -04:00
ncpfs ncpfs: successful rename() should invalidate caches for parents 2015-06-14 11:31:39 -04:00
nfs make simple_positive() public 2015-06-23 18:02:01 -04:00
nfs_common
nfsd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
nilfs2 pagemap.h: move dir_pages() over there 2015-06-23 18:02:00 -04:00
nls
notify fanotify: fix event filtering with FAN_ONDIR set 2015-03-12 18:46:08 -07:00
ntfs fs: cleanup slight list_entry abuse 2015-06-23 18:01:59 -04:00
ocfs2 ocfs2: dlm: fix race between purge and get lock resource 2015-05-05 17:10:11 -07:00
omfs VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
openpromfs
overlayfs overlayfs: Make f_path always point to the overlay and f_inode to the underlay 2015-06-19 03:19:32 -04:00
proc vfs: add seq_file_path() helper 2015-06-23 18:01:07 -04:00
pstore Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
qnx4
qnx6 pagemap.h: move dir_pages() over there 2015-06-23 18:02:00 -04:00
quota Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
ramfs VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
reiserfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
romfs make new_sync_{read,write}() static 2015-04-11 22:29:40 -04:00
squashfs fs: cleanup slight list_entry abuse 2015-06-23 18:01:59 -04:00
sysfs sysfs: Only accept read/write permissions for file attributes 2015-03-25 13:27:57 +01:00
sysv pagemap.h: move dir_pages() over there 2015-06-23 18:02:00 -04:00
tracefs make simple_positive() public 2015-06-23 18:02:01 -04:00
ubifs ubifs: switch to simple_follow_link() 2015-05-10 22:18:25 -04:00
udf fs: cleanup slight list_entry abuse 2015-06-23 18:01:59 -04:00
ufs ufs: use dir_pages instead of ufs_dir_pages() 2015-06-23 18:02:01 -04:00
xfs xfs: Correctly lock inode when removing suid and file capabilities 2015-06-23 18:01:10 -04:00
Kconfig f2fs: relocate Kconfig from misc filesystems 2015-04-10 15:08:35 -07:00
Kconfig.binfmt mm: split ET_DYN ASLR from mmap ASLR 2015-04-14 16:49:05 -07:00
Makefile This adds the new tracefs file system. This has been in linux-next for 2015-04-14 10:22:29 -07:00
aio.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-16 23:27:56 -04:00
anon_inodes.c
attr.c
bad_inode.c don't bother with most of the bad_file_ops methods 2015-02-20 04:03:58 -05:00
binfmt_aout.c assorted conversions to %p[dD] 2014-11-19 13:01:20 -05:00
binfmt_elf.c vfs: add file_path() helper 2015-06-23 18:00:05 -04:00
binfmt_elf_fdpic.c
binfmt_em86.c syscalls: implement execveat() system call 2014-12-13 12:42:51 -08:00
binfmt_flat.c
binfmt_misc.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
binfmt_script.c syscalls: implement execveat() system call 2014-12-13 12:42:51 -08:00
block_dev.c direct-io: only inc/dec inode->i_dio_count for file systems 2015-04-24 15:45:28 -04:00
buffer.c page_writeback: clean up mess around cancel_dirty_page() 2015-04-14 16:49:01 -07:00
char_dev.c fs: introduce f_op->mmap_capabilities for nommu mmap support 2015-01-20 14:02:58 -07:00
compat.c vfs: make first argument of dir_context.actor typed 2014-10-31 17:48:54 -04:00
compat_binfmt_elf.c
compat_ioctl.c Bluetooth: bnep: Add support for get bnep features via ioctl 2015-04-03 23:21:34 +02:00
coredump.c vfs: add file_path() helper 2015-06-23 18:00:05 -04:00
dax.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
dcache.c overlayfs: Make f_path always point to the overlay and f_inode to the underlay 2015-06-19 03:19:32 -04:00
dcookies.c
direct-io.c direct-io: only inc/dec inode->i_dio_count for file systems 2015-04-24 15:45:28 -04:00
drop_caches.c vmscan: per memory cgroup slab shrinkers 2015-02-12 18:54:09 -08:00
eventfd.c eventfd: don't take the spinlock in eventfd_poll 2015-02-17 14:34:52 -08:00
eventpoll.c epoll: optimize setting task running after blocking 2015-02-13 21:21:40 -08:00
exec.c fs: take i_mutex during prepare_binprm for set[ug]id executables 2015-04-19 13:46:21 -07:00
fcntl.c vfs: renumber FMODE_NONOTIFY and add to uniqueness check 2015-01-08 15:10:52 -08:00
fhandle.c
file.c fs/file.c: __fget() and dup2() atomicity rules 2015-07-01 02:31:08 -04:00
file_table.c remove the pointless include of lglock.h 2015-06-23 18:02:00 -04:00
filesystems.c
fs-writeback.c fs: add dirtytime_expire_seconds sysctl 2015-03-17 12:23:32 -04:00
fs_pin.c fs_pin: Allow for the possibility that m_list or s_list go unused. 2015-04-09 11:39:55 -05:00
fs_struct.c
inode.c vfs: avoid creation of inode number 0 in get_next_ino 2015-06-30 23:59:49 -04:00
internal.h overlayfs: Make f_path always point to the overlay and f_inode to the underlay 2015-06-19 03:19:32 -04:00
ioctl.c fsioctl.c: make generic_block_fiemap() signal-tolerant 2015-02-10 14:30:30 -08:00
libfs.c make simple_positive() public 2015-06-23 18:02:01 -04:00
locks.c proc: show locks in /proc/pid/fdinfo/X 2015-04-17 09:04:12 -04:00
mbcache.c
mount.h new helper: __legitimize_mnt() 2015-05-11 08:13:14 -04:00
mpage.c
namei.c namei: make set_root_rcu() return void 2015-06-29 12:07:04 -04:00
namespace.c new helper: __legitimize_mnt() 2015-05-11 08:13:14 -04:00
no-block.c
nsfs.c VFS: assorted weird filesystems: d_inode() annotations 2015-04-15 15:06:58 -04:00
open.c fs: Call security_ops->inode_killpriv on truncate 2015-06-23 18:01:09 -04:00
pipe.c VFS: assorted weird filesystems: d_inode() annotations 2015-04-15 15:06:58 -04:00
pnode.c mnt: Don't propagate unmounts to locked mounts 2015-04-02 20:34:20 -05:00
pnode.h mnt: Honor MNT_LOCKED when detaching mounts 2015-04-09 11:39:55 -05:00
posix_acl.c fs/posix_acl.c: make posix_acl_create() safer and cleaner 2015-06-23 18:01:07 -04:00
proc_namespace.c vfs: add support for a lazytime mount option 2015-02-05 02:45:00 -05:00
read_write.c new_sync_write(): discard ->ki_pos unless the return value is positive 2015-04-11 22:29:46 -04:00
readdir.c vfs: make first argument of dir_context.actor typed 2014-10-31 17:48:54 -04:00
select.c all arches, signal: move restart_block to struct task_struct 2015-02-12 18:54:12 -08:00
seq_file.c vfs: add seq_file_path() helper 2015-06-23 18:01:07 -04:00
signalfd.c fs: Convert show_fdinfo functions to void 2014-11-05 14:13:23 -05:00
splice.c splice: sendfile() at once fails for big files 2015-05-06 09:27:41 -06:00
stack.c
stat.c VFS: assorted d_backing_inode() annotations 2015-04-15 15:06:59 -04:00
statfs.c
super.c fs:super:get_anon_bdev: fix race condition could cause dev exceed its upper limitation 2015-07-01 01:50:06 -04:00
sync.c vfs: add support for a lazytime mount option 2015-02-05 02:45:00 -05:00
timerfd.c fs: Convert show_fdinfo functions to void 2014-11-05 14:13:23 -05:00
utimes.c
xattr.c new helper: audit_file() 2014-11-19 13:01:26 -05:00