Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sat, 3 Aug 2002 07:03:54 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sat, 3 Aug 2002 07:03:54 -0400 Received: from mail.ocs.com.au ([203.34.97.2]:49668 "HELO mail.ocs.com.au") by vger.kernel.org with SMTP id ; Sat, 3 Aug 2002 07:03:53 -0400 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 From: Keith Owens To: Oliver Neukum Cc: Dave Hansen , Kasper Dupont , Linux-Kernel Subject: Re: [RFC] Race condition? In-reply-to: Your message of "Sat, 03 Aug 2002 12:08:28 +0200." <17aw0S-0U7gB7C@fmrl00.sul.t-online.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 03 Aug 2002 21:07:11 +1000 Message-ID: <2020.1028372831@ocs3.intra.ocs.com.au> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1843 Lines: 43 On Sat, 3 Aug 2002 12:08:28 +0200, Oliver Neukum wrote: >Hi, > >> >I don't see any locking in the call chain leading to this function, so >> >I think you're right. The attached patch fixes this. It costs an >> >extra 2 atomic ops in the failure case, but otherwise just makes the >> >processes++ operation earlier. >> >> Does this race really justify extra locks? AFAICT the worst case is >> that a user can go slightly over their RLIMIT_NPROC, and that will only >> occur if they fork on multiple cpus "at the same time". Given the > >Only if preempt is not enabled. Preempt is irrelevant here. To make any difference, there would have to be an interrupt in the window between reading and updating p->user->processes _and_ another process would have to be waiting to enter fork(). Even if that occurred, the result is the user is one process over their limit, big deal. >> timing constraints on that small window, I would be surprised if this >> race could be exploited to gain more than a couple of extra processes. >> This looks like a case where close enough is good enough. > >There's no such thing as a tolerable race :-) The result is just a slightly elevated process count in rare cases. Even then it is self correcting. It is not a significant race, just a bit of fuzzy counting. >Anyway this code can corrupt the global variable nr_threads. >Without the BKL it is buggy, so it has to be fixed anyway and we >can do it right. nr_threads is protected by tasklist_lock. How on earth can fuzzy counting on user->processes corrupt nr_threads? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/