On Sun, 8 Nov 2009, Pavel Machek wrote: > Does it really close the race completely? > > udev sets 660 > open does permission checks > device disappears > chmod 000 > new device appears > udev chmods 600 > open returns new device Yes, there's still a small hole there. We could check nlink != 0 after grabbing the device (untested patch). That is a hack, however, and would break apps which previously relied on being able to re-open already deleted devices through /proc/*/fd. But there might not be a better solution... Thoughts? Thanks, Miklos Index: linux-2.6/fs/char_dev.c =================================================================== --- linux-2.6.orig/fs/char_dev.c 2009-09-24 20:10:58.000000000 +0200 +++ linux-2.6/fs/char_dev.c 2009-11-16 12:48:58.000000000 +0100 @@ -396,6 +396,16 @@ static int chrdev_open(struct inode *ino if (ret) return ret; + /* + * The device might have been removed and then reused while + * the open was in progress. Make sure we don't let open + * proceed in such a case, since the old device could have had + * different permissions. + */ + ret = -ENOENT; + if (inode->i_nlink == 0) + goto out_cdev_put; + ret = -ENXIO; filp->f_op = fops_get(p->ops); if (!filp->f_op) -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
