• Eric W. Biederman's avatar
    [PATCH] proc: readdir race fix (take 3) · 0804ef4b
    Eric W. Biederman authored
    The problem: An opendir, readdir, closedir sequence can fail to report
    process ids that are continually in use throughout the sequence of system
    calls.  For this race to trigger the process that proc_pid_readdir stops at
    must exit before readdir is called again.
    
    This can cause ps to fail to report processes, and it is in violation of
    posix guarantees and normal application expectations with respect to
    readdir.
    
    Currently there is no way to work around this problem in user space short
    of providing a gargantuan buffer to user space so the directory read all
    happens in on system call.
    
    This patch implements the normal directory semantics for proc, that
    guarantee that a directory entry that is neither created nor destroyed
    while reading the directory entry will be returned.  For directory that are
    either created or destroyed during the readdir you may or may not see them.
     Furthermore you may seek to a directory offset you have previously seen.
    
    These are the guarantee that ext[23] provides and that posix requires, and
    more importantly that user space expects.  Plus it is a simple semantic to
    implement reliable service.  It is just a matter of calling readdir a
    second time if you are wondering if something new has show up.
    
    These better semantics are implemented by scanning through the pids in
    numerical order and by making the file offset a pid plus a fixed offset.
    
    The pid scan happens on the pid bitmap, which when you look at it is
    remarkably efficient for a brute force algorithm.  Given that a typical
    cache line is 64 bytes and thus covers space for 64*8 == 200 pids.  There
    are only 40 cache lines for the entire 32K pid space.  A typical system
    will have 100 pids or more so this is actually fewer cache lines we have to
    look at to scan a linked list, and the worst case of having to scan the
    entire pid bitmap is pretty reasonable.
    
    If we need something more efficient we can go to a more efficient data
    structure for indexing the pids, but for now what we have should be
    sufficient.
    
    In addition this takes no additional locks and is actually less code than
    what we are doing now.
    
    Also another very subtle bug in this area has been fixed.  It is possible
    to catch a task in the middle of de_thread where a thread is assuming the
    thread of it's thread group leader.  This patch carefully handles that case
    so if we hit it we don't fail to return the pid, that is undergoing the
    de_thread dance.
    
    Thanks to KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> for
    providing the first fix, pointing this out and working on it.
    
    [oleg@tv-sign.ru: fix it]
    Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
    Acked-by: default avatarKAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
    Signed-off-by: default avatarOleg Nesterov <oleg@tv-sign.ru>
    Cc: Jean Delvare <jdelvare@suse.de>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    0804ef4b
pid.c 9.32 KB