[RFA]: race safe fwalk

[Jeff Johnston]

Thomas Pfaff wrote:
> This time with attachment.
> 
> There is a possible race between fwalk and fopen:
> 
> When a thread make a call to fopen the FILE * _flags will be set to 1 in 
> findfp to mark it used and later it will be changed to the real FILE flag.
> 
> When another thread calls fwalk during that time fwalk will treat the 
> FILE as already opened and calls the callback functions with the yet 
> unopened and only partially initialized FILE *.
> 
> This can be avoided by checking for fp->_flags != 0 && fp->_flags != 1. 
> Since _flags is signed short i did not check for _flags > 1. The flag 
> should be set as the last step in an open call.
> I do not think that 1 is a valid _flag for an open file. Correct me if 
> am wrong.
> 

Unfortunately, 1 is also line-buffered: __SLBF.

What if instead, we use the _file field to check for a valid file.  It gets set 
to -1 by __sfp.  Now, if we set _file inside the __sfp_lock and then had fwalk() 
use the __sfp lock as well and check for _file != -1, plus have the open 
routines set the _file field last, this should work equally as well.  Comments?

-- Jeff J.

> 2004-03-08  Thomas Pfaff  <tpfaff@gmx.net>
> 
>     * libc/stdio/fdopen.c (_fdopen_r): Add missing
>     __lock_init_recursive.
>     Set FILE flags as the last step.
>     * libc/stdio/fopen.c (_fopen_r): Set FILE flags as the last
>     step.
>     * libc/stdio/fwalk.c: Check for _flags != 1 to make sure that
>     file is really open.
>     * libc/stdio64/fdopen64.c (_fdopen64_r): Set FILE flags as the
>     last step.
>     * libc/stdio64/fopen64.c (_fopen64_r): Ditto.
>