Skip to main content

Browse the archive

https://github.com/torvalds/linux
05 April 2024, 19:05:47 UTC
Revision 4c5640cb5f5a6fd780d99397eca028b575cb1206 authored by David Meybohm on 22 August 2005, 20:11:08 UTC, committed by Linus Torvalds on 23 August 2005, 18:44:29 UTC 
[PATCH] preempt race in getppid
 
With CONFIG_PREEMPT && !CONFIG_SMP, it's possible for sys_getppid to
return a bogus value if the parent's task_struct gets reallocated after
current->group_leader->real_parent is read:

        asmlinkage long sys_getppid(void)
        {
                int pid;
                struct task_struct *me = current;
                struct task_struct *parent;

                parent = me->group_leader->real_parent;
RACE HERE =>    for (;;) {
                        pid = parent->tgid;
        #ifdef CONFIG_SMP
        {
                        struct task_struct *old = parent;

                        /*
                         * Make sure we read the pid before re-reading the
                         * parent pointer:
                         */
                        smp_rmb();
                        parent = me->group_leader->real_parent;
                        if (old != parent)
                                continue;
        }
        #endif
                        break;
                }
                return pid;
        }

If the process gets preempted at the indicated point, the parent process
can go ahead and call exit() and then get wait()'d on to reap its
task_struct. When the preempted process gets resumed, it will not do any
further checks of the parent pointer on !CONFIG_SMP: it will read the
bad pid and return.

So, the same algorithm used when SMP is enabled should be used when
preempt is enabled, which will recheck ->real_parent in this case.

Signed-off-by: David Meybohm <dmeybohmlkml@bellsouth.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
1 parent 3f024c1
History
Tip revision: 4c5640cb5f5a6fd780d99397eca028b575cb1206 authored by David Meybohm on 22 August 2005, 20:11:08 UTC
[PATCH] preempt race in getppid
Tip revision: 4c5640c
File Mode Size
Makefile -rw-r--r-- 425 bytes
acl.c -rw-r--r-- 5.2 KB
endian24.h -rw-r--r-- 1.5 KB
file.c -rw-r--r-- 3.2 KB
inode.c -rw-r--r-- 8.8 KB
jfs_acl.h -rw-r--r-- 1.1 KB
jfs_btree.h -rw-r--r-- 4.0 KB
jfs_debug.c -rw-r--r-- 3.3 KB
jfs_debug.h -rw-r--r-- 3.6 KB
jfs_dinode.h -rw-r--r-- 4.9 KB
jfs_dmap.c -rw-r--r-- 110.7 KB
jfs_dmap.h -rw-r--r-- 11.6 KB
jfs_dtree.c -rw-r--r-- 100.5 KB
jfs_dtree.h -rw-r--r-- 6.7 KB
jfs_extent.c -rw-r--r-- 17.8 KB
jfs_extent.h -rw-r--r-- 1.3 KB
jfs_filsys.h -rw-r--r-- 8.9 KB
jfs_imap.c -rw-r--r-- 84.8 KB
jfs_imap.h -rw-r--r-- 6.7 KB
jfs_incore.h -rw-r--r-- 6.7 KB
jfs_inode.c -rw-r--r-- 2.6 KB
jfs_inode.h -rw-r--r-- 1.8 KB
jfs_lock.h -rw-r--r-- 1.5 KB
jfs_logmgr.c -rw-r--r-- 59.5 KB
jfs_logmgr.h -rw-r--r-- 14.9 KB
jfs_metapage.c -rw-r--r-- 20.0 KB
jfs_metapage.h -rw-r--r-- 4.2 KB
jfs_mount.c -rw-r--r-- 12.7 KB
jfs_superblock.h -rw-r--r-- 4.2 KB
jfs_txnmgr.c -rw-r--r-- 75.9 KB
jfs_txnmgr.h -rw-r--r-- 8.2 KB
jfs_types.h -rw-r--r-- 4.6 KB
jfs_umount.c -rw-r--r-- 4.1 KB
jfs_unicode.c -rw-r--r-- 3.3 KB
jfs_unicode.h -rw-r--r-- 3.7 KB
jfs_uniupr.c -rw-r--r-- 7.5 KB
jfs_xattr.h -rw-r--r-- 2.4 KB
jfs_xtree.c -rw-r--r-- 98.2 KB
jfs_xtree.h -rw-r--r-- 4.2 KB
namei.c -rw-r--r-- 34.2 KB
resize.c -rw-r--r-- 14.8 KB
super.c -rw-r--r-- 16.7 KB
symlink.c -rw-r--r-- 1.3 KB
xattr.c -rw-r--r-- 28.1 KB
back to top