Bug#473464: theoretical race that would result in missing menu items

Sun, 30 Mar 2008 13:01:00 -0700 

Package: menu
Version: 2.1.39
Severity: normal

I think I've found a locking bug race in update-menus. This was found by
inspection, I don't know how realistically it happens in the wild.

Many apt-driven upgrades invoke dpkg multiple times. update-menus can
be run inside each dpkg invocation. It forks to the background, and
begins checking dpkg's lock file to see when dpkg exits. The check used
is to call fcntl(F_GETLCK) to see if the lock is available to be taken
(but not actually take it). If the lock is not available, it sleeps for
2 seconds. Now consider the following sequence of events:

    * apt run
    * dpkg run #1
    * update-menus run, forks to background
    * update-menus checks dpkg lock -- still locked
    * update-menus sleeps for 2 seconds
    * 1.9999 seconds later, dpkg run #1 finishes
    * update-menus runs fcntl(F_GETLCK) at just the right time,
      sees that dpkg is not running
    * update-menus begins reading menu files
    * dpkg run #2 starts
    * update-menus finishes reading the files, begins generating menus
    * dpkg adds a new menu file
    * update-menus is run a second time
    * since the first update-menus is still running, the second one
      exists w/o doing anything
    * the first update-menus finishes generating menus. But these
      menus do not include the item from the new menu file.

I suspect that we don't see this in the wild often because of the 2 second
sleep. That narrows the window of the race considerably, without closing it.

Plus, there are really two races that have to happen for the problem to
occur. If the first update-menus exits before the second one runs.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages menu depends on:
ii  libc6                         2.7-9      GNU C Library: Shared libraries
ii  libgcc1                       1:4.3.0-2  GCC support library
ii  libstdc++6                    4.3.0-2    The GNU Standard C++ Library v3

menu recommends no packages.

-- no debconf information

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply via email to