Re: [CHECKER] race in 2.5.62/fs/exec.c?

Andrew Morton (akpm@digeo.com)
Sat, 22 Mar 2003 13:45:01 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew Morton: "Re: [CHECKER] race in 2.5.62/kernel/ptrace.c?"
Previous message: nklxsynthobserver@yahoo.com: "as a fan of Depeche Mode..."
In reply to: Dawson Engler: "[CHECKER] race in 2.5.62/fs/exec.c?"

Dawson Engler <engler@csl.stanford.edu> wrote:
>
> I'm not sure if I'm missing something --- is the following a race?
>
> 2.5.62/fs/exec.c:1013:search_binary_handler:
> read_unlock(&binfmt_lock);
> retval = fn(bprm, regs);
> if (retval >= 0) {
> put_binfmt(fmt);

Don't think so.

That lock protects the global list of registered formats only. Because we
have a ref against the format's underlying module when that lock is dropped,
the module cannot be unloaded and nobody can unregister the format. Hence
the thing at *fmt is stable, and reading fmt->next after retaking the lock is
safe.

The particular piece of code you quote would be buggy if it continued
to go around the loop and again used fmt->next. But it will unconditionally
return after performing the put_binfmt() call.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [CHECKER] race in 2.5.62/kernel/ptrace.c?"
Previous message: nklxsynthobserver@yahoo.com: "as a fan of Depeche Mode..."
In reply to: Dawson Engler: "[CHECKER] race in 2.5.62/fs/exec.c?"