All of lore.kernel.org
 help / color / mirror / Atom feed
From: Michal Suchanek <msuchanek@suse.de>
To: linux-modules@vger.kernel.org
Cc: Michal Suchanek <msuchanek@suse.de>
Subject: [PATCH] depmod: Prevent module dependency files corruption due to parallel invocation.
Date: Fri,  7 Dec 2018 16:45:57 +0100	[thread overview]
Message-ID: <20181207154557.5865-1-msuchanek@suse.de> (raw)

Depmod does not use unique filename for temporary files. There is no
guarantee the user does not attempt to run mutiple depmod processes in
parallel. If that happens a temporary file might be created by
depmod(1st), truncated by depmod(2nd), and renamed to final name by
depmod(1st) resulting in corrupted file seen by user.

Due to missing mkstempat() this is more complex than it should be.
Adding PID and random number to the filename should be reasonably
reliable. Adding O_EXCL as mkstemp does fails creating the file rather
than corrupting existing file.

Also prevent dependency files missing. This happens because target files
are removed before renaming the temporary file.

Signed-off-by: Michal Suchanek <msuchanek@suse.de>
---
 tools/depmod.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/tools/depmod.c b/tools/depmod.c
index 989d9077926c..5526ac892cf8 100644
--- a/tools/depmod.c
+++ b/tools/depmod.c
@@ -29,6 +29,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <sys/stat.h>
+#include <sys/time.h>
 #include <sys/utsname.h>
 
 #include <shared/array.h>
@@ -2398,6 +2399,10 @@ static int depmod_output(struct depmod *depmod, FILE *out)
 	};
 	const char *dname = depmod->cfg->dirname;
 	int dfd, err = 0;
+	struct timeval tv;
+
+	gettimeofday(&tv, NULL);
+	srand(tv.tv_sec);
 
 	if (out != NULL)
 		dfd = -1;
@@ -2412,15 +2417,17 @@ static int depmod_output(struct depmod *depmod, FILE *out)
 
 	for (itr = depfiles; itr->name != NULL; itr++) {
 		FILE *fp = out;
-		char tmp[NAME_MAX] = "";
+		char tmp[NAME_MAX + 1] = "";
 		int r, ferr;
 
 		if (fp == NULL) {
-			int flags = O_CREAT | O_TRUNC | O_WRONLY;
+			int flags = O_CREAT | O_TRUNC | O_WRONLY | O_EXCL;
 			int mode = 0644;
 			int fd;
 
-			snprintf(tmp, sizeof(tmp), "%s.tmp", itr->name);
+			snprintf(tmp, sizeof(tmp), "%s.%i.%i", itr->name, getpid(),
+					rand());
+			tmp[NAME_MAX] = 0;
 			fd = openat(dfd, tmp, flags, mode);
 			if (fd < 0) {
 				ERR("openat(%s, %s, %o, %o): %m\n",
@@ -2451,7 +2458,6 @@ static int depmod_output(struct depmod *depmod, FILE *out)
 			break;
 		}
 
-		unlinkat(dfd, itr->name, 0);
 		if (renameat(dfd, tmp, dfd, itr->name) != 0) {
 			err = -errno;
 			CRIT("renameat(%s, %s, %s, %s): %m\n",
-- 
2.19.2


             reply	other threads:[~2018-12-07 15:46 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-12-07 15:45 Michal Suchanek [this message]
2018-12-10 21:29 ` [PATCH v2 0/3] Fix dependency file corruption with parallel depmod invocation Michal Suchanek
2018-12-10 21:29   ` [PATCH v2 1/3] depmod: prevent module dependency files missing during " Michal Suchanek
2018-12-10 21:29   ` [PATCH v2 2/3] depmod: prevent module dependency files corruption due to parallel invocation Michal Suchanek
2018-12-17 18:10     ` Lucas De Marchi
2018-12-17 22:07       ` Michal Suchánek
2018-12-18  6:47         ` Yauheni Kaliuta
2018-12-18 10:26           ` Michal Suchánek
2018-12-10 21:29   ` [PATCH v2 3/3] depmod: shut up gcc insufficinet buffer warning Michal Suchanek
2018-12-17 18:19     ` Lucas De Marchi
2018-12-17 22:46 ` [PATCH v3 0/3] Fix dependency file corruption with parallel depmod invocation Michal Suchanek
2018-12-17 22:46   ` [PATCH v3 1/3] depmod: prevent module dependency files missing during " Michal Suchanek
2018-12-17 22:46   ` [PATCH v3 2/3] depmod: prevent module dependency files corruption due to parallel invocation Michal Suchanek
2018-12-17 22:46   ` [PATCH v3 3/3] depmod: shut up gcc insufficinet buffer warning Michal Suchanek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181207154557.5865-1-msuchanek@suse.de \
    --to=msuchanek@suse.de \
    --cc=linux-modules@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.