Re: Adding truncate/ftruncate length argument checks

[Nicolas Joly <njoly%pasteur.fr@localhost>]

On Wed, Feb 26, 2014 at 08:40:14PM +0000, David Laight wrote:
> On Wed, Feb 26, 2014 at 08:38:28PM +0100, Nicolas Joly wrote:
> > >  > The attached patch add the missing length argument checks, and update
> > >  > the man page accordingly.
> > > 
> > > Isn't there (shouldn't there be) some lock needed to read the limit
> > > data?
> > 
> > Even for fetching a single value ? I thought it was mostly atomic ?
> 
> +       if (length > l->l_proc->p_rlimit[RLIMIT_FSIZE].rlim_cur) {            
>   
> 
> Well...
> l->l_proc is ok.
> l_proc->p_rlimit may not be (if it is shared with another process,
>   and an update by another process/thread causes the pointer to change,
>   and the other owners all exit ...)

I don't think another process will cause any problem. Before any
update, it will have its own private copy, leaving the previous shared
version unmodified.

Regarding an other thread ... The race does indeed exists, but only
once in process life, for the first limit write access.

> p_rlimit[RLIMIT_FSIZE].rlim_cur is uint64_t so is a problem on 32bit.

Ok. Every limit read/write need to be done with pl_lock held for
atomicity.

-- 
Nicolas Joly

Biology IT Center
Institut Pasteur, Paris.