Race in fs/proc/generic.c:make_inode_number()

• Next message: Manoj Sontakke: "which gcc version?"
• Previous message: Jens Axboe: "Re: /dev/loop0 over lvm... leading to d-state :-("
• Next in thread: Tom Leete: "[PATCH] Re: Race in fs/proc/generic.c:make_inode_number()"
• Reply: Tom Leete: "[PATCH] Re: Race in fs/proc/generic.c:make_inode_number()"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

The proc_alloc_map bitfield is unprotected by any lock, and
find_first_zero_bit() is not atomic. Concurrent module loading can race
here.

static unsigned char proc_alloc_map[PROC_NDYNAMIC / 8];

static int make_inode_number(void)
{
        int i = find_first_zero_bit((void *) proc_alloc_map, PROC_NDYNAMIC);
        if (i<0 || i>=PROC_NDYNAMIC)
                return -1;
        set_bit(i, (void *) proc_alloc_map);
        return PROC_DYNAMIC_FIRST + i;
}

Cheers,
Tom

-- 
The Daemons lurk and are dumb. -- Emerson
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Next message: Manoj Sontakke: "which gcc version?"
• Previous message: Jens Axboe: "Re: /dev/loop0 over lvm... leading to d-state :-("
• Next in thread: Tom Leete: "[PATCH] Re: Race in fs/proc/generic.c:make_inode_number()"
• Reply: Tom Leete: "[PATCH] Re: Race in fs/proc/generic.c:make_inode_number()"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Apr 07 2001 - 21:00:16 EST