[Question] race condition with remove_proc_entry
- From: Steven Rostedt <rostedt@xxxxxxxxxxx>
- Date: Fri, 30 Dec 2005 15:04:35 -0500
I'm just curious if it is know that remove_proc_entry has an inherit
race condition? I have a modified kernel that would add and remove
stuff from the proc system and it would every so often crash. I traced
the bug to remove_proc_entry.
for (p = &parent->subdir; *p; p=&(*p)->next ) {
if (!proc_match(len, fn, *p))
continue;
Looking at proc_match
int proc_match(int len, const char *name, struct proc_dir_entry *de)
{
if (de->namelen != len)
return 0;
return !memcmp(name, de->name, len);
}
The bug would happen either at de->namelen in proc_match or in the loop
of p=&(*p)->next.
The race is if two threads remove two entries that are siblings. Since
p = &(*p)->next, and this is then dereferenced, the race is with *p
becoming NULL.
The way I'm fixing this is to put a lock around the call to
remove_proc_entry. But is this race already known and the solution is
to have the callers perform their own locking? Or is this an actual
bug? If it is not a bug, where's the documentation on having callers
protect it?
Thanks,
-- Steve
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- [PATCH] protect remove_proc_entry
- From: Steven Rostedt
- [PATCH] protect remove_proc_entry
- Prev by Date: Re: [patch 00/2] improve .text size on gcc 4.0 and newer compilers
- Next by Date: Re: [PATCH] strict VM overcommit accounting for 2.4.32/2.4.33-pre1
- Previous by thread: oops in kernel 2.6.15-rc7
- Next by thread: [PATCH] protect remove_proc_entry
- Index(es):
Relevant Pages
- Warp Rogue 0.5.2 released
... The "Never jams" attribute was removed from the Ork guns. ... A bug that
allowed shooting through closed doors was fixed. ... A bug that allowed recruiting race leaders
was fixed. ... The character generation screens were rearranged. ... (rec.games.roguelike.announce) - Re: [PATCH] page->flags corruption fix
... >> I'd just like to understand the bug before it's fixed. ... spinlocks
really avoids the race, your patch sounds less obviously safe ... you've aio like in your
tree like in my tree). ... taking one more spinlock to avoid the race at all, ...
(Linux-Kernel) - Re: [PATCH] race condition with drivers/char/vt.c (bug in vt_ioctl.c)
... There's a similar report in Kernel Bugzilla ... should fix that bug too.
... > While debugging Ingo's RT patch, I came accross this race condition. ...
(Linux-Kernel) - Re: panic in RELENG_5 UMA - two new stack traces
... We definitely see that the bug is a race, ... there is one for race between
incoming ARP reply and ... Does it look like fixing this bug may fix a lot of the
... (freebsd-stable) - Yet another PPC64 hugepage bugfix
... the other bug will never be triggered in 32-bit processes, ... This patch fixes
two bugs in the PPC64 hugepage ... safe with some recent changes (race condition).
... To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body
of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/ ... (Linux-Kernel)
