Re: Procfs race condition bug

From: Alexey Dobriyan
Date: Wed Jul 09 2014 - 08:17:24 EST

Next message: Ulf Hansson: "Re: [PATCH v3 01/10] mmc: sdhci-st: Intial support for ST SDHCI controller"
Previous message: David Vrabel: "Re: [Xen-devel] [PATCH v3 1/7] xen-pciback: Document the various parameters and attributes in SysFS"
Next in thread: Alexey Dobriyan: "Re: Procfs race condition bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I originally posted this two years ago (*) but received no response.
> I just had a look and the problem still exists on the 3.14 kernel
> I am currently running.
>
> I *think* I've uncovered a race condition bug in procfs.
> If I attempt to open a file in /proc/net, eg "/proc/net/tcp"
> it works fine, but if I spawn a POSIX thread and attempt to do it
> from there, it *usually* fails with a "No such file or directory",
> but some times succeeds. If I do a system call inside the thread
> to look up the thread ID and then open "/proc/THREADID/net/tcp"
> instead, it works fine.
>
> There are more details and some example code
> so you can replicate the problem on a stack overflow question
> I asked previously here:
> http://stackoverflow.com/questions/11580020/opening-proc-net-tcp-in-c-from-a-posix-thread-fails-most-of-the-time
>
> (*) https://lkml.org/lkml/2012/7/20/331

Mike,

as was correctly notes on SO, what's happening is that original thread exits
before spawned thread does open().

->lookup
proc_tgid_net_lookup
get_proc_task_net
nsproxy = NULL <== thread is dead
ENOENT

This was probably broken when /proc/net became symlink:

commit e9720acd728a46cb40daa52c99a979f7c4ff195c
Author: Pavel Emelyanov <xemul@xxxxxxxxxx>
Date: Fri Mar 7 11:08:40 2008 -0800

[NET]: Make /proc/net a symlink on /proc/self/net (v3)

So, userspace has two solutions:
1) original thread doesn't exit too early
2) spawned thread uses /proc/$TID

So,
we definitely broke /proc/net/tcp somewhere after netns concept was introduced.

But,
you'd have very same problem with other /proc files (anything under
/proc/$PID/).

Alexey

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#include <pthread.h>
#include <unistd.h>

void *f(void *_)
{
int fd;

sleep(1);

fd = open("/proc/net/tcp", O_RDONLY);
if (fd == -1) {
fprintf(stderr, "FAIL\n");
return NULL;
}
fprintf(stderr, "OK\n");
return NULL;
}

int main(void)
{
pthread_t thread;

pthread_create(&thread, NULL, f, NULL);
pthread_exit(0);
return 0;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ulf Hansson: "Re: [PATCH v3 01/10] mmc: sdhci-st: Intial support for ST SDHCI controller"
Previous message: David Vrabel: "Re: [Xen-devel] [PATCH v3 1/7] xen-pciback: Document the various parameters and attributes in SysFS"
Next in thread: Alexey Dobriyan: "Re: Procfs race condition bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]