Re: [PATCH/RFC] mount: improve signal management when locking mtab.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Jun 22, 2011, at 5:20 PM, NeilBrown wrote:

> On Wed, 22 Jun 2011 09:08:25 -0600 Chuck Lever <chuck.lever@xxxxxxxxxx> wrote:
> 
>> Since we are going to adopt libmount for mount.nfs in the near future, would it be better to update libmount instead?
> 
> How near?
> 
> Libmount appears to get signal handling right already (though I haven't
> tested it).  It blocks all signals rather than catching some of them.
> 
> So switching to libmount would a perfectly reasonably response.  However if
> that is more than a few weeks away I think I would rather see this fixed up
> anyway...

We have a libmount-based mount.nfs already in the nfs-utils tree, IIRC.  I don't think we yet have a generic plan for switching to installing that one by default.  Steve?

> Thanks,
> NeilBrown
> 
> 
>> 
>> On Jun 22, 2011, at 12:38 AM, NeilBrown wrote:
>> 
>>> 
>>> From: Neil Brown <neilb@xxxxxxx>
>>> Date: Wed, 22 Jun 2011 16:15:45 +1000
>>> Subject: [PATCH] mount: improve signal management when locking mtab.
>>> 
>>> As mount.nfs can run setuid it must be careful about how the user can
>>> interact with in.  In particular it needs to ensure it does not
>>> respond badly to any signals that the user might be able to generate.
>>> 
>>> This is particularly an issue while updating /etc/mtab (when that is
>>> not linked to /proc/mounts).  If the user can generate a signal which
>>> kills mount.nfs while /etc/mtab is locked, then it will leave the file
>>> locked, and could possibly corrupt mtab (particularly if 'ulimit 1'
>>> was previously issued).
>>> 
>>> Currently lock_mtab does set some handlers for signals, but not
>>> enough.  It arranges for every signal up to (but not including)
>>> SIGCHLD to cause mount.nfs to unlock mdadm promptly exit ... even if
>>> the default behaviour would be to ignore the signal.  SIGALRM is
>>> handled specially, and signals after SIGCHLD are left with their
>>> default behaviour.  This includes for example SIGXFSZ which can be
>>> generated by the user running "ulimit 1".
>>> 
>>> So: change this so that some signals are left unchanged, SIGALRM is
>>> handled as required, and all signals that the user can generate are
>>> explicitly ignored.
>>> 
>>> The remainder still cause mount.nfs to print a message, unlock mtab, and exit.
>>> 
>>> Signed-off-by: NeilBrown <neilb@xxxxxxx>
>>> ---
>>> utils/mount/fstab.c |   37 ++++++++++++++++++++++++++++++++-----
>>> 1 files changed, 32 insertions(+), 5 deletions(-)
>>> 
>>> diff --git a/utils/mount/fstab.c b/utils/mount/fstab.c
>>> index a742e64..1fc9efe 100644
>>> --- a/utils/mount/fstab.c
>>> +++ b/utils/mount/fstab.c
>>> @@ -331,16 +331,43 @@ lock_mtab (void) {
>>> 		int sig = 0;
>>> 		struct sigaction sa;
>>> 
>>> -		sa.sa_handler = handler;
>>> 		sa.sa_flags = 0;
>>> 		sigfillset (&sa.sa_mask);
>>> 
>>> -		while (sigismember (&sa.sa_mask, ++sig) != -1
>>> -		       && sig != SIGCHLD) {
>>> -			if (sig == SIGALRM)
>>> +		while (sigismember (&sa.sa_mask, ++sig) != -1) {
>>> +			switch(sig) {
>>> +			case SIGCHLD:
>>> +			case SIGKILL:
>>> +			case SIGCONT:
>>> +			case SIGSTOP:
>>> +				/* The cannot be caught, or should not,
>>> +				 * so don't even try.
>>> +				 */
>>> +				continue;
>>> +			case SIGALRM:
>>> 				sa.sa_handler = setlkw_timeout;
>>> -			else
>>> +				break;
>>> +			case SIGHUP:
>>> +			case SIGINT:
>>> +			case SIGQUIT:
>>> +			case SIGWINCH:
>>> +			case SIGTSTP:
>>> +			case SIGTTIN:
>>> +			case SIGTTOU:
>>> +			case SIGPIPE:
>>> +			case SIGXFSZ:
>>> +			case SIGXCPU:
>>> +				/* non-priv user can cause these to be
>>> +				 * generated, so ignore them.
>>> +				 */
>>> +				sa.sa_handler = SIG_IGN;
>>> +				break;
>>> +			default:
>>> +				/* The rest should not be possible, so just
>>> +				 * print a message and unlock mtab.
>>> +				 */
>>> 				sa.sa_handler = handler;
>>> +			}
>>> 			sigaction (sig, &sa, (struct sigaction *) 0);
>>> 		}
>>> 		signals_have_been_setup = 1;
>>> -- 
>>> 1.7.3.4
>>> 
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
>>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>> 
>> --
>> Chuck Lever
>> chuck[dot]lever[at]oracle[dot]com
>> 
>> 
> 

--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com



--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux