Race in fs/proc/generic.c:make_inode_number()

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Scott Maxwell: "[PATCH] SysV IPC, kernel 2.4.3"
• Previous message: Manoj Sontakke: "which gcc version?"
• Next in thread: Tom Leete: "[PATCH] Re: Race in fs/proc/generic.c:make_inode_number()"
• Reply: Tom Leete: "[PATCH] Re: Race in fs/proc/generic.c:make_inode_number()"

The proc_alloc_map bitfield is unprotected by any lock, and
find_first_zero_bit() is not atomic. Concurrent module loading can race
here.

static unsigned char proc_alloc_map[PROC_NDYNAMIC / 8];

static int make_inode_number(void)
{
int i = find_first_zero_bit((void *) proc_alloc_map, PROC_NDYNAMIC);
if (i<0 || i>=PROC_NDYNAMIC)
return -1;
set_bit(i, (void *) proc_alloc_map);
return PROC_DYNAMIC_FIRST + i;
}

Cheers,
Tom

-- 
The Daemons lurk and are dumb. -- Emerson
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Next message: Scott Maxwell: "[PATCH] SysV IPC, kernel 2.4.3"
• Previous message: Manoj Sontakke: "which gcc version?"
• Next in thread: Tom Leete: "[PATCH] Re: Race in fs/proc/generic.c:make_inode_number()"
• Reply: Tom Leete: "[PATCH] Re: Race in fs/proc/generic.c:make_inode_number()"