2004-11-03 13:51:07 +00:00
|
|
|
'\" t
|
|
|
|
.\" Hey Emacs! This file is -*- nroff -*- source.
|
|
|
|
.\"
|
|
|
|
.\" This manpage is Copyright (C) 1992 Drew Eckhardt;
|
2006-05-22 23:52:24 +00:00
|
|
|
.\" and Copyright (C) 1993 Michael Haardt, Ian Jackson;
|
|
|
|
.\" and Copyright (C) 1998 Jamie Lokier;
|
|
|
|
.\" and Copyright (C) 2002 Michael Kerrisk.
|
2004-11-03 13:51:07 +00:00
|
|
|
.\"
|
|
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
|
|
.\" preserved on all copies.
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
|
|
.\" permission notice identical to this one.
|
|
|
|
.\"
|
|
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
|
|
.\" have taken the same level of care in the production of this manual,
|
|
|
|
.\" which is licensed free of charge, as they might when working
|
|
|
|
.\" professionally.
|
|
|
|
.\"
|
|
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
|
|
.\"
|
|
|
|
.\" Modified 1993-07-24 by Rik Faith <faith@cs.unc.edu>
|
|
|
|
.\" Modified 1995-09-26 by Andries Brouwer <aeb@cwi.nl>
|
|
|
|
.\" and again on 960413 and 980804 and 981223.
|
|
|
|
.\" Modified 1998-12-11 by Jamie Lokier <jamie@imbolc.ucc.ie>
|
|
|
|
.\" Applied correction by Christian Ehrhardt - aeb, 990712
|
2004-11-03 14:43:40 +00:00
|
|
|
.\" Modified 2002-04-23 by Michael Kerrisk <mtk-manpages@gmx.net>
|
2004-11-03 13:51:07 +00:00
|
|
|
.\" Added note on F_SETFL and O_DIRECT
|
|
|
|
.\" Complete rewrite + expansion of material on file locking
|
|
|
|
.\" Incorporated description of F_NOTIFY, drawing on
|
|
|
|
.\" Stephen Rothwell's notes in Documentation/dnotify.txt.
|
|
|
|
.\" Added description of F_SETLEASE and F_GETLEASE
|
|
|
|
.\" Corrected and polished, aeb, 020527.
|
2004-11-03 14:43:40 +00:00
|
|
|
.\" Modified 2004-03-03 by Michael Kerrisk <mtk-manpages@gmx.net>
|
2004-11-03 13:51:07 +00:00
|
|
|
.\" Modified description of file leases: fixed some errors of detail
|
|
|
|
.\" Replaced the term "lease contestant" by "lease breaker"
|
2004-11-03 14:43:40 +00:00
|
|
|
.\" Modified, 27 May 2004, Michael Kerrisk <mtk-manpages@gmx.net>
|
2004-11-03 13:51:07 +00:00
|
|
|
.\" Added notes on capability requirements
|
2004-12-08 16:41:10 +00:00
|
|
|
.\" Modified 2004-12-08, added O_NOATIME after note from Martin Pool
|
[Further notes on that F_GETOWN bug]
Hi Andries,
[Just for my own reference, I reinclude the pointer to Philippe
Troin's patch
http://marc.theaimsgroup.com/?l=linux-kernel&m=108380640603164&w=2
]
> > > Except of course for fcntl(fd, F_GETOWN) where the owner is a
> > > (negative) process group... If the owning process group has a "low
> > > enough" PGID, it collides with errors and glibc reports an error and
> > > sets errno to -PGID. One might argue that in this instance, that the
> > > BSD's overloading of the pid field with pgids is at fault, but the
> > > bug
> > > still remains :-)
> >
> > I believe that practically speaking this is a non-issue. The
> > lowest PID / PGID that can be allocated to a process other than
> > init or a kernel thread is 300. (RESERVED_PID in kernel/pid.c
> > in 2.6, details differ, but same limit in <= 2.4.)
>
> Hmm. RESERVED_PIDS is used as starting value after overflow,
> not as a starting value at the beginning. I think you are mistaken.
Hmm -- yes. And I was in any case assuming the notion
of a process that might do an F_SETOWN assigning
its own PGID to the socket -- but that might not be so.
And I was overlooking a comment in the fs/fcntl.c
sources that reiterates the point:
case F_GETOWN:
/*
* XXX If f_owner is a process group, the
* negative return value will get converted
* into an error. Oops. If we keep the
* current syscall conventions, the only way
* to fix this will be in libc.
*/
err = filp->f_owner.pid;
force_successful_syscall_return();
break;
And now I've actually created the error in userland code.
It seems that whenever the -PGID retrieved by F_GETOWN is
smaller than 4096, then it is interpreted as an error.
Now I see the relevant code in
sysdeps/unix/sysv/linux/i386/sysdep.h:
==
/* Linux uses a negative return value to indicate syscall errors,
unlike most Unices, which use the condition codes' carry flag.
Since version 2.1 the return value of a system call might be
negative even if the call succeeded. E.g., the `lseek' system call
might return a large offset. Therefore we must not anymore test
for < 0, but test for a real error by making sure the value in %eax
is a real error number. Linus said he will make sure the no syscall
returns a value in -1 .. -4095 as a valid result so we can savely
test with -4095. */
[...]
DO_CALL (syscall_name, args);
cmpl $-4095, %eax;
jae SYSCALL_ERROR_LABEL;
==
Ugh.
2004-12-10 16:28:25 +00:00
|
|
|
.\" 2004-12-10, mtk, noted F_GETOWN bug after suggestion from aeb.
|
2005-04-08 13:42:00 +00:00
|
|
|
.\" 2005-04-08 Jamie Lokier <jamie@shareable.org>, mtk
|
|
|
|
.\" Described behaviour of F_SETOWN/F_SETSIG in
|
|
|
|
.\" multi-threaded processes, and generally cleaned
|
|
|
|
.\" up the discussion of F_SETOWN.
|
Noted F_SETOWN bug for socket file descriptor in Linux 2.4 and earlier.
Added text on permissions required to send signal to owner.
====
Hello Johannes,
> Betreff: Inaccuracy of fcntl man page
> Datum: Mon, 2 May 2005 20:07:12 +0200
Thanks for yor note.
Sorry for the delay in getting back to you. I needed to find time
to set aside to look at the details. Now I've finally got there.
> I have attached a simple program
Thanks -- a little program is always helpful.
> that uses the fcntl system call in order
> to kill an arbitrary process of the same user.
> According to the fcntl man page, fcntl(fd,F_SETOWN,pid) returns zero if
> it has success.
Yes.
> If you strace the program while killing for exampe man running in another
> terminal, you will see that man is killed, but fcntl(fd,F_SETOWN,pid)
> will return EPERM,
I confirm that I see this problem in 2.4, with both Unix domain
and Internet domain sockets.
> where you can only find a very confusing explanation
> in the fcntl man page.
I'm not sure what explanation you mean here. As far as I can
tell, the manual page just doesn't cover this point.
> I have looked into the kernel source of 2.4.30 and found out, that
> net/core/socket::sock_no_fcntl is the culprit if you use fcntl on Unix
> sockets.
Yes, looks that way to me, as well, And the 2.2 code looks
similar.
> If pid is not your own pid or not your own process group,
> the system call will return EPERM but will also set the pid
> as you wanted to.
Yes.
> In the 2.6 kernel line, fcntl will react according the specification in
> the manual page.
Yes.
> If you also think, that one should clarify the return specification of
> fcntl(fd,F_SETOWN,pid) or 2.4.x kernels, please tell me and I will
> provide you with a patch for the manual page.
In fact I've written some new text under BUGS, which describes
the problem:
In Linux 2.4 and earlier, there is bug that can occur when an
unprivileged process uses F_SETOWN to specify the owner of a
socket file descriptor as a process (group) other than the
caller. In this case, fcntl() can return -1 with errno set to
EPERM, even when the owner process (group) is one that the
caller has permission to send signals to. Despite this error
return, the file descriptor owner is set, and signals will be
sent to the owner.
Does that seem okay to you?
> Furthermore, it would be interseting to write there, what permissions
> one need in order to send signals to processes via fcntl
Good idea. I added the following new text:
Sending a signal to the owner process (group) specified by
F_SETOWN is subject to the same permissions checks as are
described for kill(2), where the sending process is the one that
employs F_SETOWN (but see BUGS below).
====
#define _GNU_SOURCE /* needed to get the defines */
#include <fcntl.h> /* in glibc 2.2 this has the needed
values defined */
#include <signal.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
/**
* Funnykill kills a program with fcntl
**/
int
main (int argc, char **argv)
{
if (argc != 2)
{
fprintf (stderr, "Usage: funnykill <pid>\n");
return 1;
}
int sockets[2];
socketpair (AF_UNIX, SOCK_STREAM, 0, sockets);
if (fcntl (sockets[0], F_SETFL, O_ASYNC | O_NONBLOCK) == -1)
errMsg("fcntl-F_SETFL");
if (fcntl (sockets[0], F_SETOWN, atoi (argv[1])) == -1)
errMsg("fcntl-F_SETOWN");
// fcntl (sockets[0], F_SETOWN, getpid());
if (fcntl (sockets[0], F_SETSIG, SIGKILL) == -1)
errMsg("fcntl-_FSETSIG");
write (sockets[1], "good bye", 9);
}
2005-05-20 12:11:25 +00:00
|
|
|
.\" 2005-05-20, Johannes Nicolai <johannes.nicolai@hpi.uni-potsdam.de>,
|
|
|
|
.\" mtk: Noted F_SETOWN bug for socket file descriptor in Linux 2.4
|
|
|
|
.\" and earlier. Added text on permissions required to send signal.
|
2004-11-03 13:51:07 +00:00
|
|
|
.\"
|
2006-02-13 22:46:01 +00:00
|
|
|
.TH FCNTL 2 2005-05-20 "Linux 2.6.14" "Linux Programmer's Manual"
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH NAME
|
|
|
|
fcntl \- manipulate file descriptor
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.nf
|
|
|
|
.B #include <unistd.h>
|
|
|
|
.B #include <fcntl.h>
|
|
|
|
.sp
|
|
|
|
.BI "int fcntl(int " fd ", int " cmd );
|
|
|
|
.BI "int fcntl(int " fd ", int " cmd ", long " arg );
|
|
|
|
.BI "int fcntl(int " fd ", int " cmd ", struct flock *" lock );
|
|
|
|
.fi
|
|
|
|
.SH DESCRIPTION
|
2005-06-22 09:53:58 +00:00
|
|
|
.BR fcntl ()
|
|
|
|
performs one of the operations described below on the open file descriptor
|
2004-11-03 13:51:07 +00:00
|
|
|
.IR fd .
|
2005-06-22 09:53:58 +00:00
|
|
|
The operation is determined by
|
2004-11-03 13:51:07 +00:00
|
|
|
.IR cmd .
|
2005-06-24 10:53:06 +00:00
|
|
|
.P
|
2005-06-22 09:53:58 +00:00
|
|
|
.SS "Duplicating a file descriptor"
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B F_DUPFD
|
|
|
|
Find the lowest numbered available file descriptor
|
|
|
|
greater than or equal to
|
|
|
|
.I arg
|
|
|
|
and make it be a copy of
|
|
|
|
.IR fd .
|
2005-06-22 09:53:58 +00:00
|
|
|
This is different from
|
2004-11-03 13:51:07 +00:00
|
|
|
.BR dup2 (2)
|
|
|
|
which uses exactly the descriptor specified.
|
|
|
|
.sp
|
|
|
|
On success, the new descriptor is returned.
|
2005-06-22 09:53:58 +00:00
|
|
|
.sp
|
|
|
|
See
|
|
|
|
.BR dup (2)
|
|
|
|
for further details.
|
2005-06-24 10:53:06 +00:00
|
|
|
.P
|
2005-06-22 10:59:21 +00:00
|
|
|
.SS "File descriptor flags"
|
2005-06-22 09:53:58 +00:00
|
|
|
The following commands manipulate the flags associated with
|
|
|
|
a file descriptor.
|
|
|
|
Currently, only one such flag is defined:
|
|
|
|
.BR FD_CLOEXEC ,
|
|
|
|
the close-on-exec flag.
|
|
|
|
If the
|
2004-11-03 13:51:07 +00:00
|
|
|
.B FD_CLOEXEC
|
2005-06-22 09:53:58 +00:00
|
|
|
bit is 0, the file descriptor will remain open across an
|
|
|
|
.BR execve (2),
|
2004-11-03 13:51:07 +00:00
|
|
|
otherwise it will be closed.
|
|
|
|
.TP
|
2005-06-22 09:53:58 +00:00
|
|
|
.B F_GETFD
|
|
|
|
Read the file descriptor flags.
|
|
|
|
.TP
|
2004-11-03 13:51:07 +00:00
|
|
|
.B F_SETFD
|
2005-06-22 09:53:58 +00:00
|
|
|
Set the file descriptor flags to the value specified by
|
2004-11-03 13:51:07 +00:00
|
|
|
.IR arg .
|
2005-06-24 10:53:06 +00:00
|
|
|
.P
|
2005-06-22 10:59:21 +00:00
|
|
|
.SS "File status flags"
|
2005-06-27 14:42:40 +00:00
|
|
|
Each open file description has certain associated status flags,
|
|
|
|
initialized by
|
2004-11-03 13:51:07 +00:00
|
|
|
.BR open (2)
|
|
|
|
.\" or
|
|
|
|
.\" .BR creat (2),
|
|
|
|
and possibly modified by
|
|
|
|
.BR fcntl (2).
|
2005-06-22 09:53:58 +00:00
|
|
|
Duplicated file descriptors
|
|
|
|
(made with
|
|
|
|
.BR dup (),
|
|
|
|
.BR fcntl (F_DUPFD),
|
|
|
|
.BR fork (),
|
|
|
|
etc.) refer to the same open file description, and thus
|
|
|
|
share the same file status flags.
|
2004-11-03 13:51:07 +00:00
|
|
|
.sp
|
2005-06-22 09:53:58 +00:00
|
|
|
The file status flags and their semantics are described in
|
2004-11-03 13:51:07 +00:00
|
|
|
.BR open (2).
|
|
|
|
.TP
|
|
|
|
.B F_GETFL
|
2005-06-22 09:53:58 +00:00
|
|
|
Read the file status flags.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B F_SETFL
|
2005-06-22 09:53:58 +00:00
|
|
|
Set the file status flags to the value specified by
|
2004-11-03 13:51:07 +00:00
|
|
|
.IR arg .
|
2005-06-22 09:53:58 +00:00
|
|
|
File access mode
|
|
|
|
.RB ( O_RDONLY ", " O_WRONLY ", " O_RDWR )
|
|
|
|
and file creation flags
|
2006-02-02 03:25:50 +00:00
|
|
|
(i.e.,
|
|
|
|
.BR O_CREAT ", " O_EXCL ", " O_NOCTTY ", " O_TRUNC )
|
2005-06-22 09:53:58 +00:00
|
|
|
in
|
2004-11-03 13:51:07 +00:00
|
|
|
.I arg
|
|
|
|
are ignored.
|
2004-12-08 16:41:10 +00:00
|
|
|
On Linux this command can only change the
|
|
|
|
.BR O_APPEND ,
|
|
|
|
.BR O_ASYNC ,
|
|
|
|
.BR O_DIRECT ,
|
|
|
|
.BR O_NOATIME ,
|
|
|
|
and
|
|
|
|
.BR O_NONBLOCK
|
|
|
|
flags.
|
2006-08-03 13:57:17 +00:00
|
|
|
.\" FIXME According to POSIX.1-2001, O_SYNC should also be modifiable
|
2006-02-10 18:46:42 +00:00
|
|
|
.\" via fcntl(2), but currently Linux does not permit this
|
2006-02-08 09:44:13 +00:00
|
|
|
.\" See http://bugzilla.kernel.org/show_bug.cgi?id=5994
|
2004-11-03 13:51:07 +00:00
|
|
|
.P
|
|
|
|
.SS "Advisory locking"
|
|
|
|
.BR F_GETLK ", " F_SETLK " and " F_SETLKW
|
|
|
|
are used to acquire, release, and test for the existence of record
|
|
|
|
locks (also known as file-segment or file-region locks).
|
|
|
|
The third argument
|
|
|
|
.I lock
|
|
|
|
is a pointer to a structure that has at least the following fields
|
|
|
|
(in unspecified order).
|
|
|
|
.in +2n
|
|
|
|
.nf
|
|
|
|
.sp
|
|
|
|
struct flock {
|
|
|
|
...
|
|
|
|
short l_type; /* Type of lock: F_RDLCK,
|
|
|
|
F_WRLCK, F_UNLCK */
|
|
|
|
short l_whence; /* How to interpret l_start:
|
|
|
|
SEEK_SET, SEEK_CUR, SEEK_END */
|
|
|
|
off_t l_start; /* Starting offset for lock */
|
|
|
|
off_t l_len; /* Number of bytes to lock */
|
|
|
|
pid_t l_pid; /* PID of process blocking our lock
|
|
|
|
(F_GETLK only) */
|
|
|
|
...
|
|
|
|
};
|
|
|
|
.fi
|
|
|
|
.in -2n
|
|
|
|
.P
|
|
|
|
The
|
|
|
|
.IR l_whence ", " l_start ", and " l_len
|
|
|
|
fields of this structure specify the range of bytes we wish to lock.
|
|
|
|
.I l_start
|
|
|
|
is the starting offset for the lock, and is interpreted
|
|
|
|
relative to either:
|
|
|
|
the start of the file (if
|
|
|
|
.I l_whence
|
|
|
|
is
|
|
|
|
.BR SEEK_SET );
|
|
|
|
the current file offset (if
|
|
|
|
.I l_whence
|
|
|
|
is
|
|
|
|
.BR SEEK_CUR );
|
|
|
|
or the end of the file (if
|
|
|
|
.I l_whence
|
|
|
|
is
|
|
|
|
.BR SEEK_END ).
|
|
|
|
In the final two cases,
|
|
|
|
.I l_start
|
|
|
|
can be a negative number provided the
|
|
|
|
offset does not lie before the start of the file.
|
|
|
|
.I l_len
|
|
|
|
is a non-negative integer (but see the NOTES below) specifying
|
|
|
|
the number of bytes to be locked.
|
|
|
|
Bytes past the end of the file may be locked,
|
|
|
|
but not bytes before the start of the file.
|
|
|
|
Specifying 0 for
|
|
|
|
.I l_len
|
|
|
|
has the special meaning: lock all bytes starting at the
|
|
|
|
location specified by
|
|
|
|
.IR l_whence " and " l_start
|
|
|
|
through to the end of file, no matter how large the file grows.
|
|
|
|
.P
|
|
|
|
The
|
|
|
|
.I l_type
|
|
|
|
field can be used to place a read
|
|
|
|
.RB ( F_RDLCK )
|
|
|
|
or a write
|
2004-12-06 13:39:28 +00:00
|
|
|
.RB ( F_WRLCK )
|
2004-11-03 13:51:07 +00:00
|
|
|
lock on a file.
|
|
|
|
Any number of processes may hold a read lock (shared lock)
|
|
|
|
on a file region, but only one process may hold a write lock
|
|
|
|
(exclusive lock). An exclusive lock excludes all other locks,
|
|
|
|
both shared and exclusive.
|
|
|
|
A single process can hold only one type of lock on a file region;
|
|
|
|
if a new lock is applied to an already-locked region,
|
2005-07-05 13:50:51 +00:00
|
|
|
then the existing lock is converted to the new lock type.
|
2004-11-03 13:51:07 +00:00
|
|
|
(Such conversions may involve splitting, shrinking, or coalescing with
|
|
|
|
an existing lock if the byte range specified by the new lock does not
|
|
|
|
precisely coincide with the range of the existing lock.)
|
|
|
|
.TP
|
|
|
|
.B F_SETLK
|
|
|
|
Acquire a lock (when
|
|
|
|
.I l_type
|
|
|
|
is
|
|
|
|
.B F_RDLCK
|
|
|
|
or
|
|
|
|
.BR F_WRLCK )
|
|
|
|
or release a lock (when
|
|
|
|
.I l_type
|
|
|
|
is
|
|
|
|
.BR F_UNLCK )
|
|
|
|
on the bytes specified by the
|
|
|
|
.IR l_whence ", " l_start ", and " l_len
|
|
|
|
fields of
|
|
|
|
.IR lock .
|
|
|
|
If a conflicting lock is held by another process,
|
|
|
|
this call returns \-1 and sets
|
|
|
|
.I errno
|
|
|
|
to
|
|
|
|
.B EACCES
|
|
|
|
or
|
|
|
|
.BR EAGAIN .
|
|
|
|
.TP
|
|
|
|
.B F_SETLKW
|
|
|
|
As for
|
|
|
|
.BR F_SETLK ,
|
|
|
|
but if a conflicting lock is held on the file, then wait for that
|
|
|
|
lock to be released.
|
|
|
|
If a signal is caught while waiting, then the call is interrupted
|
|
|
|
and (after the signal handler has returned)
|
|
|
|
returns immediately (with return value \-1 and
|
|
|
|
.I errno
|
|
|
|
set to
|
|
|
|
.BR EINTR ).
|
|
|
|
.TP
|
|
|
|
.B F_GETLK
|
|
|
|
On input to this call,
|
|
|
|
.I lock
|
|
|
|
describes a lock we would like to place on the file.
|
|
|
|
If the lock could be placed,
|
|
|
|
.BR fcntl ()
|
|
|
|
does not actually place it, but returns
|
|
|
|
.B F_UNLCK
|
|
|
|
in the
|
|
|
|
.I l_type
|
|
|
|
field of
|
|
|
|
.I lock
|
|
|
|
and leaves the other fields of the structure unchanged.
|
|
|
|
If one or more incompatible locks would prevent
|
|
|
|
this lock being placed, then
|
|
|
|
.BR fcntl ()
|
|
|
|
returns details about one of these locks in the
|
|
|
|
.IR l_type ", " l_whence ", " l_start ", and " l_len
|
|
|
|
fields of
|
|
|
|
.I lock
|
|
|
|
and sets
|
|
|
|
.I l_pid
|
|
|
|
to be the PID of the process holding that lock.
|
|
|
|
.P
|
|
|
|
In order to place a read lock,
|
|
|
|
.I fd
|
|
|
|
must be open for reading.
|
|
|
|
In order to place a write lock,
|
|
|
|
.I fd
|
|
|
|
must be open for writing.
|
|
|
|
To place both types of lock, open a file read-write.
|
|
|
|
.P
|
|
|
|
As well as being removed by an explicit
|
|
|
|
.BR F_UNLCK ,
|
|
|
|
record locks are automatically released when the process
|
|
|
|
terminates or if it closes
|
|
|
|
.I any
|
|
|
|
file descriptor referring to a file on which locks are held.
|
|
|
|
.\" (Additional file descriptors referring to the same file
|
|
|
|
.\" may have been obtained by calls to
|
|
|
|
.\" .BR open "(2), " dup "(2), " dup2 "(2), or " fcntl (2).)
|
|
|
|
This is bad: it means that a process can lose the locks on
|
|
|
|
a file like
|
|
|
|
.I /etc/passwd
|
|
|
|
or
|
|
|
|
.I /etc/mtab
|
|
|
|
when for some reason a library function decides to open, read
|
|
|
|
and close it.
|
|
|
|
.P
|
|
|
|
Record locks are not inherited by a child created via
|
|
|
|
.BR fork (2),
|
|
|
|
but are preserved across an
|
|
|
|
.BR execve (2).
|
|
|
|
.P
|
|
|
|
Because of the buffering performed by the
|
|
|
|
.BR stdio (3)
|
|
|
|
library, the use of record locking with routines in that package
|
|
|
|
should be avoided; use
|
2005-10-19 13:48:50 +00:00
|
|
|
.BR read (2)
|
|
|
|
and
|
|
|
|
.BR write (2)
|
2004-11-03 13:51:07 +00:00
|
|
|
instead.
|
|
|
|
.P
|
|
|
|
.SS "Mandatory locking"
|
|
|
|
(Non-POSIX.)
|
|
|
|
The above record locks may be either advisory or mandatory,
|
|
|
|
and are advisory by default.
|
|
|
|
|
|
|
|
Advisory locks are not enforced and are useful only between
|
2006-03-31 21:14:41 +00:00
|
|
|
cooperating processes.
|
|
|
|
|
|
|
|
Mandatory locks are enforced for all processes.
|
|
|
|
If a process tries to perform an incompatible access (e.g.,
|
|
|
|
.BR read (2)
|
|
|
|
or
|
|
|
|
.BR write (2))
|
|
|
|
on a file region that has an incompatible mandatory lock,
|
|
|
|
then the result depends upon whether the
|
|
|
|
.B O_NONBLOCK
|
|
|
|
flag is enabled for its open file description.
|
|
|
|
If the
|
|
|
|
.B O_NONBLOCK
|
|
|
|
flag is not enabled, then
|
|
|
|
system call is blocked until the lock is removed
|
|
|
|
or converted to a mode that is compatible with the access.
|
|
|
|
If the
|
|
|
|
.B O_NONBLOCK
|
|
|
|
flag is enabled, then the system call fails with the error
|
2006-08-03 03:02:31 +00:00
|
|
|
.BR EAGAIN
|
|
|
|
or
|
2006-03-31 21:14:41 +00:00
|
|
|
.BR EWOULDBLOCK.
|
|
|
|
|
|
|
|
To make use of mandatory locks, mandatory locking must be enabled
|
|
|
|
both on the file system that contains the file to be locked,
|
|
|
|
and on the file itself.
|
|
|
|
Mandatory locking is enabled on a file system
|
|
|
|
using the "\-o mand" option to
|
|
|
|
.BR mount (8),
|
|
|
|
or the
|
|
|
|
.B MS_MANDLOCK
|
|
|
|
flag for
|
|
|
|
.BR mount (2).
|
|
|
|
Mandatory locking is enabled on a file by disabling
|
|
|
|
group execute permission on the file and enabling the set-group-ID
|
|
|
|
permission bit (see
|
|
|
|
.BR chmod (1)
|
|
|
|
and
|
|
|
|
.BR chmod (2)).
|
2004-11-03 13:51:07 +00:00
|
|
|
.P
|
|
|
|
.SS "Managing signals"
|
|
|
|
.BR F_GETOWN ", " F_SETOWN ", " F_GETSIG " and " F_SETSIG
|
|
|
|
are used to manage I/O availability signals:
|
|
|
|
.TP
|
|
|
|
.B F_GETOWN
|
|
|
|
Get the process ID or process group currently receiving SIGIO
|
|
|
|
and SIGURG signals for events on file descriptor
|
|
|
|
.IR fd .
|
2005-04-08 13:42:00 +00:00
|
|
|
Process IDs are returned as positive values;
|
|
|
|
process group IDs are returned as negative values (but see BUGS below).
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B F_SETOWN
|
2005-04-08 13:42:00 +00:00
|
|
|
Set the process ID or process group ID that will receive SIGIO
|
2004-11-03 13:51:07 +00:00
|
|
|
and SIGURG signals for events on file descriptor
|
|
|
|
.IR fd .
|
2005-04-08 13:42:00 +00:00
|
|
|
A process ID is specified as a positive value;
|
|
|
|
a process group ID is specified as a negative value.
|
Noted F_SETOWN bug for socket file descriptor in Linux 2.4 and earlier.
Added text on permissions required to send signal to owner.
====
Hello Johannes,
> Betreff: Inaccuracy of fcntl man page
> Datum: Mon, 2 May 2005 20:07:12 +0200
Thanks for yor note.
Sorry for the delay in getting back to you. I needed to find time
to set aside to look at the details. Now I've finally got there.
> I have attached a simple program
Thanks -- a little program is always helpful.
> that uses the fcntl system call in order
> to kill an arbitrary process of the same user.
> According to the fcntl man page, fcntl(fd,F_SETOWN,pid) returns zero if
> it has success.
Yes.
> If you strace the program while killing for exampe man running in another
> terminal, you will see that man is killed, but fcntl(fd,F_SETOWN,pid)
> will return EPERM,
I confirm that I see this problem in 2.4, with both Unix domain
and Internet domain sockets.
> where you can only find a very confusing explanation
> in the fcntl man page.
I'm not sure what explanation you mean here. As far as I can
tell, the manual page just doesn't cover this point.
> I have looked into the kernel source of 2.4.30 and found out, that
> net/core/socket::sock_no_fcntl is the culprit if you use fcntl on Unix
> sockets.
Yes, looks that way to me, as well, And the 2.2 code looks
similar.
> If pid is not your own pid or not your own process group,
> the system call will return EPERM but will also set the pid
> as you wanted to.
Yes.
> In the 2.6 kernel line, fcntl will react according the specification in
> the manual page.
Yes.
> If you also think, that one should clarify the return specification of
> fcntl(fd,F_SETOWN,pid) or 2.4.x kernels, please tell me and I will
> provide you with a patch for the manual page.
In fact I've written some new text under BUGS, which describes
the problem:
In Linux 2.4 and earlier, there is bug that can occur when an
unprivileged process uses F_SETOWN to specify the owner of a
socket file descriptor as a process (group) other than the
caller. In this case, fcntl() can return -1 with errno set to
EPERM, even when the owner process (group) is one that the
caller has permission to send signals to. Despite this error
return, the file descriptor owner is set, and signals will be
sent to the owner.
Does that seem okay to you?
> Furthermore, it would be interseting to write there, what permissions
> one need in order to send signals to processes via fcntl
Good idea. I added the following new text:
Sending a signal to the owner process (group) specified by
F_SETOWN is subject to the same permissions checks as are
described for kill(2), where the sending process is the one that
employs F_SETOWN (but see BUGS below).
====
#define _GNU_SOURCE /* needed to get the defines */
#include <fcntl.h> /* in glibc 2.2 this has the needed
values defined */
#include <signal.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
/**
* Funnykill kills a program with fcntl
**/
int
main (int argc, char **argv)
{
if (argc != 2)
{
fprintf (stderr, "Usage: funnykill <pid>\n");
return 1;
}
int sockets[2];
socketpair (AF_UNIX, SOCK_STREAM, 0, sockets);
if (fcntl (sockets[0], F_SETFL, O_ASYNC | O_NONBLOCK) == -1)
errMsg("fcntl-F_SETFL");
if (fcntl (sockets[0], F_SETOWN, atoi (argv[1])) == -1)
errMsg("fcntl-F_SETOWN");
// fcntl (sockets[0], F_SETOWN, getpid());
if (fcntl (sockets[0], F_SETSIG, SIGKILL) == -1)
errMsg("fcntl-_FSETSIG");
write (sockets[1], "good bye", 9);
}
2005-05-20 12:11:25 +00:00
|
|
|
Most commonly, the calling process specifies itself as the owner
|
|
|
|
(that is,
|
|
|
|
.I arg
|
|
|
|
is specified as
|
2005-11-02 11:34:24 +00:00
|
|
|
.BR getpid ()).
|
2004-11-03 13:51:07 +00:00
|
|
|
|
|
|
|
.\" From glibc.info:
|
|
|
|
If you set the
|
|
|
|
.B O_ASYNC
|
|
|
|
status flag on a file descriptor (either by providing this flag with the
|
2005-04-08 13:42:00 +00:00
|
|
|
.BR open (2)
|
2006-02-08 09:44:13 +00:00
|
|
|
.\" FIXME The statement that O_ASYNC can be used in open() does not
|
2006-02-10 18:46:42 +00:00
|
|
|
.\" match reality; setting O_ASYNC via open() does not seem to be
|
|
|
|
.\" effective.
|
2006-02-08 09:44:13 +00:00
|
|
|
.\" See http://bugzilla.kernel.org/show_bug.cgi?id=5993
|
2004-11-03 13:51:07 +00:00
|
|
|
call, or by using the
|
|
|
|
.B F_SETFL
|
|
|
|
command of
|
2005-06-22 09:53:58 +00:00
|
|
|
.BR fcntl ()),
|
2004-11-03 13:51:07 +00:00
|
|
|
a SIGIO signal is sent whenever input or output becomes possible
|
|
|
|
on that file descriptor.
|
2005-04-08 13:42:00 +00:00
|
|
|
.B F_SETSIG
|
|
|
|
can be used to obtain delivery of a signal other than SIGIO.
|
Noted F_SETOWN bug for socket file descriptor in Linux 2.4 and earlier.
Added text on permissions required to send signal to owner.
====
Hello Johannes,
> Betreff: Inaccuracy of fcntl man page
> Datum: Mon, 2 May 2005 20:07:12 +0200
Thanks for yor note.
Sorry for the delay in getting back to you. I needed to find time
to set aside to look at the details. Now I've finally got there.
> I have attached a simple program
Thanks -- a little program is always helpful.
> that uses the fcntl system call in order
> to kill an arbitrary process of the same user.
> According to the fcntl man page, fcntl(fd,F_SETOWN,pid) returns zero if
> it has success.
Yes.
> If you strace the program while killing for exampe man running in another
> terminal, you will see that man is killed, but fcntl(fd,F_SETOWN,pid)
> will return EPERM,
I confirm that I see this problem in 2.4, with both Unix domain
and Internet domain sockets.
> where you can only find a very confusing explanation
> in the fcntl man page.
I'm not sure what explanation you mean here. As far as I can
tell, the manual page just doesn't cover this point.
> I have looked into the kernel source of 2.4.30 and found out, that
> net/core/socket::sock_no_fcntl is the culprit if you use fcntl on Unix
> sockets.
Yes, looks that way to me, as well, And the 2.2 code looks
similar.
> If pid is not your own pid or not your own process group,
> the system call will return EPERM but will also set the pid
> as you wanted to.
Yes.
> In the 2.6 kernel line, fcntl will react according the specification in
> the manual page.
Yes.
> If you also think, that one should clarify the return specification of
> fcntl(fd,F_SETOWN,pid) or 2.4.x kernels, please tell me and I will
> provide you with a patch for the manual page.
In fact I've written some new text under BUGS, which describes
the problem:
In Linux 2.4 and earlier, there is bug that can occur when an
unprivileged process uses F_SETOWN to specify the owner of a
socket file descriptor as a process (group) other than the
caller. In this case, fcntl() can return -1 with errno set to
EPERM, even when the owner process (group) is one that the
caller has permission to send signals to. Despite this error
return, the file descriptor owner is set, and signals will be
sent to the owner.
Does that seem okay to you?
> Furthermore, it would be interseting to write there, what permissions
> one need in order to send signals to processes via fcntl
Good idea. I added the following new text:
Sending a signal to the owner process (group) specified by
F_SETOWN is subject to the same permissions checks as are
described for kill(2), where the sending process is the one that
employs F_SETOWN (but see BUGS below).
====
#define _GNU_SOURCE /* needed to get the defines */
#include <fcntl.h> /* in glibc 2.2 this has the needed
values defined */
#include <signal.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
/**
* Funnykill kills a program with fcntl
**/
int
main (int argc, char **argv)
{
if (argc != 2)
{
fprintf (stderr, "Usage: funnykill <pid>\n");
return 1;
}
int sockets[2];
socketpair (AF_UNIX, SOCK_STREAM, 0, sockets);
if (fcntl (sockets[0], F_SETFL, O_ASYNC | O_NONBLOCK) == -1)
errMsg("fcntl-F_SETFL");
if (fcntl (sockets[0], F_SETOWN, atoi (argv[1])) == -1)
errMsg("fcntl-F_SETOWN");
// fcntl (sockets[0], F_SETOWN, getpid());
if (fcntl (sockets[0], F_SETSIG, SIGKILL) == -1)
errMsg("fcntl-_FSETSIG");
write (sockets[1], "good bye", 9);
}
2005-05-20 12:11:25 +00:00
|
|
|
If this permission check fails, then the signal is
|
|
|
|
silently discarded.
|
|
|
|
|
|
|
|
Sending a signal to the owner process (group) specified by
|
|
|
|
.B F_SETOWN
|
|
|
|
is subject to the same permissions checks as are described for
|
|
|
|
.BR kill (2),
|
|
|
|
where the sending process is the one that employs
|
|
|
|
.BR F_SETOWN
|
|
|
|
(but see BUGS below).
|
2004-11-03 13:51:07 +00:00
|
|
|
.sp
|
2005-04-08 13:42:00 +00:00
|
|
|
If the file descriptor
|
|
|
|
.I fd
|
|
|
|
refers to a socket,
|
2004-11-03 13:51:07 +00:00
|
|
|
.B F_SETOWN
|
2005-04-08 13:42:00 +00:00
|
|
|
also selects
|
2004-11-03 13:51:07 +00:00
|
|
|
the recipient of SIGURG signals that are delivered when out-of-band
|
|
|
|
data arrives on that socket. (SIGURG is sent in any situation where
|
|
|
|
.BR select (2)
|
|
|
|
would report the socket as having an "exceptional condition".)
|
2005-04-08 13:42:00 +00:00
|
|
|
.\" The following appears to be rubbish. It doesn't seem to
|
|
|
|
.\" be true according to the kernel source, and I can write
|
|
|
|
.\" a program that gets a terminal-generated SIGIO even though
|
|
|
|
.\" it is not the foreground process group of the terminal.
|
|
|
|
.\" -- MTK, 8 Apr 05
|
|
|
|
.\"
|
|
|
|
.\" If the file descriptor
|
|
|
|
.\" .I fd
|
|
|
|
.\" refers to a terminal device, then SIGIO
|
|
|
|
.\" signals are sent to the foreground process group of the terminal.
|
|
|
|
|
|
|
|
If a non-zero value is given to
|
|
|
|
.B F_SETSIG
|
Date: Fri, 28 Jan 2005 11:00:59 +0000
From: Jamie Lokier <jamie@shareable.org>
To: mtk-manpages@gmx.net
Subject: Update to fcntl(2) man page
Hi Michael,
I have a correction to the fcntl(2) man page.
Under the section for F_SETOWN, which describes how to set the
recipient process or group for SIGIO signals, see this paragraph:
The process or process group to receive the signal can be
selected by using the F_SETOWN command to the fcntl function.
If the file descriptor is a socket, this also selects the recip-
ient of SIGURG signals that are delivered when out-of-band data
arrives on that socket. (SIGURG is sent in any situation where
select(2) would report the socket as having an "exceptional con-
dition".) If the file descriptor corresponds to a terminal
device, then SIGIO signals are sent to the foreground process
group of the terminal.
I would like to add an additional paragraph:
The value given to F_SETOWN has a slightly different meaning
when F_SETSIG is used in a multi-threaded process.
If a non-zero value is given to F_SETSIG, then a positive
value given to F_SETOWN identifies a specific thread within a
process, instead of a whole process. The value is a thread id
not a process id, so you may need to pass the result of
gettid() instead of getpid() to get sensible results when
F_SETSIG is used. (Thread ids are different from process ids,
although they have the same value for some threads depending
on details of the threading library used).
Also, this is the first paragraph of the F_SETSIG section:
Sets the signal sent when input or output becomes possible. A
value of zero means to send the default SIGIO signal. Any other
value (including SIGIO) is the signal to send instead, and in
this case additional info is available to the signal handler if
installed with SA_SIGINFO.
I'd like to append another paragraph right after that one:
Additionally, passing a non-zero value to F_SETSIG changes the
signal recipient from a whole process to a specific thread
within a process. The section on F_SETOWN gives more details.
Date: Thu, 7 Apr 2005 17:58:59 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
[[...]]
> I've been trying to follow the kernel source code to verify
> the details you describe above. The relevant place is the
> 'switch' in fs/fcntl.c::send_sigio_to_task() right?
Yes.
> Also, for NPTL, perhaps one needs to mention that for the main
> thread, gettid() == getpid(), which allows the traditional
> use of F_SETSIG / F_SETOWN in programs consisting of a single
> thread -- right?
Yes, that makes sense. It's also fine for the "main thread" with
NPTL, so programs which spawn threads can still use F_SETOWN/F_SETSIG
in the main thread using getpid().
Date: Tue, 12 Apr 2005 15:25:49 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
Michael Kerrisk wrote:
> F_SETOWN
> Set the process ID or process group ID that will
> receive SIGIO and SIGURG signals for events on
> file descriptor fd. A process ID is specified as
> a positive value; a process group ID is specified
> as a negative value.
>
> If you set the O_ASYNC status flag on a file
> descriptor (either by providing this flag with the
> open(2) call, or by using the F_SETFL command of
> fcntl), a SIGIO signal is sent whenever input or
> output becomes possible on that file descriptor.
> F_SETSIG can be used to obtain delivery of a sig‐
> nal other than SIGIO.
>
> If the file descriptor fd refers to a socket,
> F_SETOWN also selects the recipient of SIGURG sig‐
> nals that are delivered when out-of-band data
> arrives on that socket. (SIGURG is sent in any
> situation where select(2) would report the socket
> as having an "exceptional condition".)
>
> If a non-zero value is given to F_SETSIG in a
> multi-threaded process, then a positive value
> value given to F_SETOWN has a different meaning:
> instead of being a process ID identifying a whole
> process, it is a thread ID identifying a specific
> thread within a process. Consequently, it may be
> necessary to pass F_SETOWN the result of gettid()
> instead of getpid() to get sensible results when
> F_SETSIG is used. (In current Linux threading
> implementations, a main thread's thread ID is the
> same as its process ID. This means that a single-
> threaded program can equally use gettid() or get‐
> pid() in this scenario.) Note, however, that the
> statements in this paragraph do not apply to the
> SIGURG signal generated for out-of-band data on a
> socket: this signal is always sent to either a
> process or a process group, depending on the value
> given to F_SETOWN.
>
> And the first part of the description of F_SETSIG now reads:
>
> F_SETSIG
> Sets the signal sent when input or output becomes
> possible. A value of zero means to send the
> default SIGIO signal. Any other value (including
> SIGIO) is the signal to send instead, and in this
> case additional info is available to the signal
> handler if installed with SA_SIGINFO.
>
> Additionally, passing a non-zero value to F_SETSIG
> changes the signal recipient from a whole process
> to a specific thread within a process. See the
> desciption of F_SETOWN for more details.
>
> Does the above seem okay to you?
It looks good, but:
1. An omission: It mentions that SIGURG is always sent to the whole
process. SIGIO is also sent to the whole process, instead of
queueing a thread-specific signal, when the signal queue is full.
Programs that mustn't miss readiness events need to handle it.
2. The description could be confusing to LinuxThreads users, because
all the signals are thread-specific in LinuxThreads.
Date: Tue, 12 Apr 2005 16:53:19 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
Michael Kerrisk wrote:
> > 1. An omission: It mentions that SIGURG is always sent to the whole
> > process. SIGIO is also sent to the whole process, instead of
> > queueing a thread-specific signal, when the signal queue is full.
> > Programs that mustn't miss readiness events need to handle it.
>
> Sorry -- can you point me to the relevant code for the
> above point please.
In 2.6:
switch (fown->signum) {
siginfo_t si;
default:
/* Queue a rt signal with the appropriate fd as its
value. We use SI_SIGIO as the source, not
SI_KERNEL, since kernel signals always get
delivered even if we can't queue. Failure to
queue in this case _should_ be reported; we fall
back to SIGIO in that case. --sct */
si.si_signo = fown->signum;
si.si_errno = 0;
si.si_code = reason;
/* Make sure we are called with one of the POLL_*
reasons, otherwise we could leak kernel stack into
userspace. */
if ((reason & __SI_MASK) != __SI_POLL)
BUG();
if (reason - POLL_IN >= NSIGPOLL)
si.si_band = ~0L;
else
si.si_band = band_table[reason - POLL_IN];
si.si_fd = fd;
if (!send_sig_info(fown->signum, &si, p))
break;
/* fall-through: fall back on the old plain SIGIO signal */
case 0:
send_group_sig_info(SIGIO, SEND_SIG_PRIV, p);
2.4 is exactly the same, except:
/* fall-through: fall back on the old plain SIGIO signal */
case 0:
send_sig(SIGIO, p, 1);
The fall-through happens when send_sig_info() fails, which happens
when the real-time signal queue is full.
Programs using a queued signal to track file readiness efficiently (as
an alternative to select/poll), must listen for SIGIO in addition to
the real-time signal, as otherwise they will miss notifications when
the queue is full (which happens often on a busy server).
Multi-threaded programs using NPTL must be aware this SIGIO is
process-wide - so receiving it on one thread must cause all threads to
assume a queued signal may be lost. Programs using LinuxThreads do
not have to assume this (but it's safe if they do).
Date: Wed, 13 Apr 2005 17:25:44 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
Michael Kerrisk wrote:
> I added a few more sentences to the end of that paragraph
> on F_SETOWN:
>
> If a non-zero value is given to F_SETSIG in a multi-threaded
> process running with a threading library that supports thread
> groups (e.g., NPTL), then a positive value value given to
> F_SETOWN has a different meaning: instead of being a process ID
> identifying a whole process, it is a thread ID identifying a
> specific thread within a process. Consequently, it may be nec-
> essary to pass F_SETOWN the result of gettid() instead of get
> pid() to get sensible results when F_SETSIG is used. (In cur-
> rent Linux threading implementations, a main thread's thread ID
> is the same as its process ID. This means that a single-
> threaded program can equally use gettid() or getpid() in this
> scenario.) Note, however, that the statements in this paragraph
> do not apply to the SIGURG signal generated for out-of-band data
> on a socket: this signal is always sent to either a process or a
> process group, depending on the value given to F_SETOWN. Note
> also that Linux imposes a limit on the number of real-time sig-
> nals that may be queued to a process (see getrlimit(2) and sig-
> nal(7)) and if this limit is reached, then the kernel reverts to
> delivering SIGIO, and this signal is delivered to the entire
> process rather than to a specifc thread.
>
> Look oay now?
Looks ood.
It will take a minor genius to translate that to working
multi-threaded RT-SIGIO code without a tutorial -- and in fact I
haven't heard of any program or library which does it (though I'm
trying to write one) -- but technically it seems to include everything.
2005-04-05 05:54:09 +00:00
|
|
|
in a multi-threaded process running with a threading library
|
|
|
|
that supports thread groups (e.g., NPTL),
|
2005-06-22 09:53:58 +00:00
|
|
|
then a positive value given to
|
2005-04-08 13:42:00 +00:00
|
|
|
.B F_SETOWN
|
|
|
|
has a different meaning:
|
|
|
|
.\" The relevant place in the (2.6) kernel source is the
|
|
|
|
.\" 'switch' in fs/fcntl.c::send_sigio_to_task() -- MTK, Apr 2005
|
|
|
|
instead of being a process ID identifying a whole process,
|
|
|
|
it is a thread ID identifying a specific thread within a process.
|
|
|
|
Consequently, it may be necessary to pass
|
|
|
|
.B F_SETOWN
|
|
|
|
the result of
|
|
|
|
.BR gettid ()
|
|
|
|
instead of
|
|
|
|
.BR getpid ()
|
|
|
|
to get sensible results when
|
|
|
|
.B F_SETSIG
|
|
|
|
is used.
|
|
|
|
(In current Linux threading implementations,
|
|
|
|
a main thread's thread ID is the same as its process ID.
|
|
|
|
This means that a single-threaded program can equally use
|
|
|
|
.BR gettid ()
|
|
|
|
or
|
|
|
|
.BR getpid ()
|
|
|
|
in this scenario.)
|
|
|
|
Note, however, that the statements in this paragraph do not apply
|
|
|
|
to the SIGURG signal generated for out-of-band data on a socket:
|
|
|
|
this signal is always sent to either a process or a process group,
|
|
|
|
depending on the value given to
|
|
|
|
.BR F_SETOWN .
|
|
|
|
.\" send_sigurg()/send_sigurg_to_task() bypasses
|
|
|
|
.\" kill_fasync()/send_sigio()/send_sigio_to_task()
|
|
|
|
.\" to directly call send_group_sig_info()
|
|
|
|
.\" -- MTK, Apr 2005 (kernel 2.6.11)
|
Date: Fri, 28 Jan 2005 11:00:59 +0000
From: Jamie Lokier <jamie@shareable.org>
To: mtk-manpages@gmx.net
Subject: Update to fcntl(2) man page
Hi Michael,
I have a correction to the fcntl(2) man page.
Under the section for F_SETOWN, which describes how to set the
recipient process or group for SIGIO signals, see this paragraph:
The process or process group to receive the signal can be
selected by using the F_SETOWN command to the fcntl function.
If the file descriptor is a socket, this also selects the recip-
ient of SIGURG signals that are delivered when out-of-band data
arrives on that socket. (SIGURG is sent in any situation where
select(2) would report the socket as having an "exceptional con-
dition".) If the file descriptor corresponds to a terminal
device, then SIGIO signals are sent to the foreground process
group of the terminal.
I would like to add an additional paragraph:
The value given to F_SETOWN has a slightly different meaning
when F_SETSIG is used in a multi-threaded process.
If a non-zero value is given to F_SETSIG, then a positive
value given to F_SETOWN identifies a specific thread within a
process, instead of a whole process. The value is a thread id
not a process id, so you may need to pass the result of
gettid() instead of getpid() to get sensible results when
F_SETSIG is used. (Thread ids are different from process ids,
although they have the same value for some threads depending
on details of the threading library used).
Also, this is the first paragraph of the F_SETSIG section:
Sets the signal sent when input or output becomes possible. A
value of zero means to send the default SIGIO signal. Any other
value (including SIGIO) is the signal to send instead, and in
this case additional info is available to the signal handler if
installed with SA_SIGINFO.
I'd like to append another paragraph right after that one:
Additionally, passing a non-zero value to F_SETSIG changes the
signal recipient from a whole process to a specific thread
within a process. The section on F_SETOWN gives more details.
Date: Thu, 7 Apr 2005 17:58:59 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
[[...]]
> I've been trying to follow the kernel source code to verify
> the details you describe above. The relevant place is the
> 'switch' in fs/fcntl.c::send_sigio_to_task() right?
Yes.
> Also, for NPTL, perhaps one needs to mention that for the main
> thread, gettid() == getpid(), which allows the traditional
> use of F_SETSIG / F_SETOWN in programs consisting of a single
> thread -- right?
Yes, that makes sense. It's also fine for the "main thread" with
NPTL, so programs which spawn threads can still use F_SETOWN/F_SETSIG
in the main thread using getpid().
Date: Tue, 12 Apr 2005 15:25:49 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
Michael Kerrisk wrote:
> F_SETOWN
> Set the process ID or process group ID that will
> receive SIGIO and SIGURG signals for events on
> file descriptor fd. A process ID is specified as
> a positive value; a process group ID is specified
> as a negative value.
>
> If you set the O_ASYNC status flag on a file
> descriptor (either by providing this flag with the
> open(2) call, or by using the F_SETFL command of
> fcntl), a SIGIO signal is sent whenever input or
> output becomes possible on that file descriptor.
> F_SETSIG can be used to obtain delivery of a sig‐
> nal other than SIGIO.
>
> If the file descriptor fd refers to a socket,
> F_SETOWN also selects the recipient of SIGURG sig‐
> nals that are delivered when out-of-band data
> arrives on that socket. (SIGURG is sent in any
> situation where select(2) would report the socket
> as having an "exceptional condition".)
>
> If a non-zero value is given to F_SETSIG in a
> multi-threaded process, then a positive value
> value given to F_SETOWN has a different meaning:
> instead of being a process ID identifying a whole
> process, it is a thread ID identifying a specific
> thread within a process. Consequently, it may be
> necessary to pass F_SETOWN the result of gettid()
> instead of getpid() to get sensible results when
> F_SETSIG is used. (In current Linux threading
> implementations, a main thread's thread ID is the
> same as its process ID. This means that a single-
> threaded program can equally use gettid() or get‐
> pid() in this scenario.) Note, however, that the
> statements in this paragraph do not apply to the
> SIGURG signal generated for out-of-band data on a
> socket: this signal is always sent to either a
> process or a process group, depending on the value
> given to F_SETOWN.
>
> And the first part of the description of F_SETSIG now reads:
>
> F_SETSIG
> Sets the signal sent when input or output becomes
> possible. A value of zero means to send the
> default SIGIO signal. Any other value (including
> SIGIO) is the signal to send instead, and in this
> case additional info is available to the signal
> handler if installed with SA_SIGINFO.
>
> Additionally, passing a non-zero value to F_SETSIG
> changes the signal recipient from a whole process
> to a specific thread within a process. See the
> desciption of F_SETOWN for more details.
>
> Does the above seem okay to you?
It looks good, but:
1. An omission: It mentions that SIGURG is always sent to the whole
process. SIGIO is also sent to the whole process, instead of
queueing a thread-specific signal, when the signal queue is full.
Programs that mustn't miss readiness events need to handle it.
2. The description could be confusing to LinuxThreads users, because
all the signals are thread-specific in LinuxThreads.
Date: Tue, 12 Apr 2005 16:53:19 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
Michael Kerrisk wrote:
> > 1. An omission: It mentions that SIGURG is always sent to the whole
> > process. SIGIO is also sent to the whole process, instead of
> > queueing a thread-specific signal, when the signal queue is full.
> > Programs that mustn't miss readiness events need to handle it.
>
> Sorry -- can you point me to the relevant code for the
> above point please.
In 2.6:
switch (fown->signum) {
siginfo_t si;
default:
/* Queue a rt signal with the appropriate fd as its
value. We use SI_SIGIO as the source, not
SI_KERNEL, since kernel signals always get
delivered even if we can't queue. Failure to
queue in this case _should_ be reported; we fall
back to SIGIO in that case. --sct */
si.si_signo = fown->signum;
si.si_errno = 0;
si.si_code = reason;
/* Make sure we are called with one of the POLL_*
reasons, otherwise we could leak kernel stack into
userspace. */
if ((reason & __SI_MASK) != __SI_POLL)
BUG();
if (reason - POLL_IN >= NSIGPOLL)
si.si_band = ~0L;
else
si.si_band = band_table[reason - POLL_IN];
si.si_fd = fd;
if (!send_sig_info(fown->signum, &si, p))
break;
/* fall-through: fall back on the old plain SIGIO signal */
case 0:
send_group_sig_info(SIGIO, SEND_SIG_PRIV, p);
2.4 is exactly the same, except:
/* fall-through: fall back on the old plain SIGIO signal */
case 0:
send_sig(SIGIO, p, 1);
The fall-through happens when send_sig_info() fails, which happens
when the real-time signal queue is full.
Programs using a queued signal to track file readiness efficiently (as
an alternative to select/poll), must listen for SIGIO in addition to
the real-time signal, as otherwise they will miss notifications when
the queue is full (which happens often on a busy server).
Multi-threaded programs using NPTL must be aware this SIGIO is
process-wide - so receiving it on one thread must cause all threads to
assume a queued signal may be lost. Programs using LinuxThreads do
not have to assume this (but it's safe if they do).
Date: Wed, 13 Apr 2005 17:25:44 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
Michael Kerrisk wrote:
> I added a few more sentences to the end of that paragraph
> on F_SETOWN:
>
> If a non-zero value is given to F_SETSIG in a multi-threaded
> process running with a threading library that supports thread
> groups (e.g., NPTL), then a positive value value given to
> F_SETOWN has a different meaning: instead of being a process ID
> identifying a whole process, it is a thread ID identifying a
> specific thread within a process. Consequently, it may be nec-
> essary to pass F_SETOWN the result of gettid() instead of get
> pid() to get sensible results when F_SETSIG is used. (In cur-
> rent Linux threading implementations, a main thread's thread ID
> is the same as its process ID. This means that a single-
> threaded program can equally use gettid() or getpid() in this
> scenario.) Note, however, that the statements in this paragraph
> do not apply to the SIGURG signal generated for out-of-band data
> on a socket: this signal is always sent to either a process or a
> process group, depending on the value given to F_SETOWN. Note
> also that Linux imposes a limit on the number of real-time sig-
> nals that may be queued to a process (see getrlimit(2) and sig-
> nal(7)) and if this limit is reached, then the kernel reverts to
> delivering SIGIO, and this signal is delivered to the entire
> process rather than to a specifc thread.
>
> Look oay now?
Looks ood.
It will take a minor genius to translate that to working
multi-threaded RT-SIGIO code without a tutorial -- and in fact I
haven't heard of any program or library which does it (though I'm
trying to write one) -- but technically it seems to include everything.
2005-04-05 05:54:09 +00:00
|
|
|
Note also that Linux imposes a limit on the
|
|
|
|
number of real-time signals that may be queued to a
|
|
|
|
process (see
|
|
|
|
.BR getrlimit (2)
|
|
|
|
and
|
|
|
|
.BR signal (7))
|
|
|
|
and if this limit is reached, then the kernel reverts to
|
|
|
|
delivering SIGIO, and this signal is delivered to the entire
|
2005-04-14 09:24:26 +00:00
|
|
|
process rather than to a specific thread.
|
Date: Fri, 28 Jan 2005 11:00:59 +0000
From: Jamie Lokier <jamie@shareable.org>
To: mtk-manpages@gmx.net
Subject: Update to fcntl(2) man page
Hi Michael,
I have a correction to the fcntl(2) man page.
Under the section for F_SETOWN, which describes how to set the
recipient process or group for SIGIO signals, see this paragraph:
The process or process group to receive the signal can be
selected by using the F_SETOWN command to the fcntl function.
If the file descriptor is a socket, this also selects the recip-
ient of SIGURG signals that are delivered when out-of-band data
arrives on that socket. (SIGURG is sent in any situation where
select(2) would report the socket as having an "exceptional con-
dition".) If the file descriptor corresponds to a terminal
device, then SIGIO signals are sent to the foreground process
group of the terminal.
I would like to add an additional paragraph:
The value given to F_SETOWN has a slightly different meaning
when F_SETSIG is used in a multi-threaded process.
If a non-zero value is given to F_SETSIG, then a positive
value given to F_SETOWN identifies a specific thread within a
process, instead of a whole process. The value is a thread id
not a process id, so you may need to pass the result of
gettid() instead of getpid() to get sensible results when
F_SETSIG is used. (Thread ids are different from process ids,
although they have the same value for some threads depending
on details of the threading library used).
Also, this is the first paragraph of the F_SETSIG section:
Sets the signal sent when input or output becomes possible. A
value of zero means to send the default SIGIO signal. Any other
value (including SIGIO) is the signal to send instead, and in
this case additional info is available to the signal handler if
installed with SA_SIGINFO.
I'd like to append another paragraph right after that one:
Additionally, passing a non-zero value to F_SETSIG changes the
signal recipient from a whole process to a specific thread
within a process. The section on F_SETOWN gives more details.
Date: Thu, 7 Apr 2005 17:58:59 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
[[...]]
> I've been trying to follow the kernel source code to verify
> the details you describe above. The relevant place is the
> 'switch' in fs/fcntl.c::send_sigio_to_task() right?
Yes.
> Also, for NPTL, perhaps one needs to mention that for the main
> thread, gettid() == getpid(), which allows the traditional
> use of F_SETSIG / F_SETOWN in programs consisting of a single
> thread -- right?
Yes, that makes sense. It's also fine for the "main thread" with
NPTL, so programs which spawn threads can still use F_SETOWN/F_SETSIG
in the main thread using getpid().
Date: Tue, 12 Apr 2005 15:25:49 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
Michael Kerrisk wrote:
> F_SETOWN
> Set the process ID or process group ID that will
> receive SIGIO and SIGURG signals for events on
> file descriptor fd. A process ID is specified as
> a positive value; a process group ID is specified
> as a negative value.
>
> If you set the O_ASYNC status flag on a file
> descriptor (either by providing this flag with the
> open(2) call, or by using the F_SETFL command of
> fcntl), a SIGIO signal is sent whenever input or
> output becomes possible on that file descriptor.
> F_SETSIG can be used to obtain delivery of a sig‐
> nal other than SIGIO.
>
> If the file descriptor fd refers to a socket,
> F_SETOWN also selects the recipient of SIGURG sig‐
> nals that are delivered when out-of-band data
> arrives on that socket. (SIGURG is sent in any
> situation where select(2) would report the socket
> as having an "exceptional condition".)
>
> If a non-zero value is given to F_SETSIG in a
> multi-threaded process, then a positive value
> value given to F_SETOWN has a different meaning:
> instead of being a process ID identifying a whole
> process, it is a thread ID identifying a specific
> thread within a process. Consequently, it may be
> necessary to pass F_SETOWN the result of gettid()
> instead of getpid() to get sensible results when
> F_SETSIG is used. (In current Linux threading
> implementations, a main thread's thread ID is the
> same as its process ID. This means that a single-
> threaded program can equally use gettid() or get‐
> pid() in this scenario.) Note, however, that the
> statements in this paragraph do not apply to the
> SIGURG signal generated for out-of-band data on a
> socket: this signal is always sent to either a
> process or a process group, depending on the value
> given to F_SETOWN.
>
> And the first part of the description of F_SETSIG now reads:
>
> F_SETSIG
> Sets the signal sent when input or output becomes
> possible. A value of zero means to send the
> default SIGIO signal. Any other value (including
> SIGIO) is the signal to send instead, and in this
> case additional info is available to the signal
> handler if installed with SA_SIGINFO.
>
> Additionally, passing a non-zero value to F_SETSIG
> changes the signal recipient from a whole process
> to a specific thread within a process. See the
> desciption of F_SETOWN for more details.
>
> Does the above seem okay to you?
It looks good, but:
1. An omission: It mentions that SIGURG is always sent to the whole
process. SIGIO is also sent to the whole process, instead of
queueing a thread-specific signal, when the signal queue is full.
Programs that mustn't miss readiness events need to handle it.
2. The description could be confusing to LinuxThreads users, because
all the signals are thread-specific in LinuxThreads.
Date: Tue, 12 Apr 2005 16:53:19 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
Michael Kerrisk wrote:
> > 1. An omission: It mentions that SIGURG is always sent to the whole
> > process. SIGIO is also sent to the whole process, instead of
> > queueing a thread-specific signal, when the signal queue is full.
> > Programs that mustn't miss readiness events need to handle it.
>
> Sorry -- can you point me to the relevant code for the
> above point please.
In 2.6:
switch (fown->signum) {
siginfo_t si;
default:
/* Queue a rt signal with the appropriate fd as its
value. We use SI_SIGIO as the source, not
SI_KERNEL, since kernel signals always get
delivered even if we can't queue. Failure to
queue in this case _should_ be reported; we fall
back to SIGIO in that case. --sct */
si.si_signo = fown->signum;
si.si_errno = 0;
si.si_code = reason;
/* Make sure we are called with one of the POLL_*
reasons, otherwise we could leak kernel stack into
userspace. */
if ((reason & __SI_MASK) != __SI_POLL)
BUG();
if (reason - POLL_IN >= NSIGPOLL)
si.si_band = ~0L;
else
si.si_band = band_table[reason - POLL_IN];
si.si_fd = fd;
if (!send_sig_info(fown->signum, &si, p))
break;
/* fall-through: fall back on the old plain SIGIO signal */
case 0:
send_group_sig_info(SIGIO, SEND_SIG_PRIV, p);
2.4 is exactly the same, except:
/* fall-through: fall back on the old plain SIGIO signal */
case 0:
send_sig(SIGIO, p, 1);
The fall-through happens when send_sig_info() fails, which happens
when the real-time signal queue is full.
Programs using a queued signal to track file readiness efficiently (as
an alternative to select/poll), must listen for SIGIO in addition to
the real-time signal, as otherwise they will miss notifications when
the queue is full (which happens often on a busy server).
Multi-threaded programs using NPTL must be aware this SIGIO is
process-wide - so receiving it on one thread must cause all threads to
assume a queued signal may be lost. Programs using LinuxThreads do
not have to assume this (but it's safe if they do).
Date: Wed, 13 Apr 2005 17:25:44 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
Michael Kerrisk wrote:
> I added a few more sentences to the end of that paragraph
> on F_SETOWN:
>
> If a non-zero value is given to F_SETSIG in a multi-threaded
> process running with a threading library that supports thread
> groups (e.g., NPTL), then a positive value value given to
> F_SETOWN has a different meaning: instead of being a process ID
> identifying a whole process, it is a thread ID identifying a
> specific thread within a process. Consequently, it may be nec-
> essary to pass F_SETOWN the result of gettid() instead of get
> pid() to get sensible results when F_SETSIG is used. (In cur-
> rent Linux threading implementations, a main thread's thread ID
> is the same as its process ID. This means that a single-
> threaded program can equally use gettid() or getpid() in this
> scenario.) Note, however, that the statements in this paragraph
> do not apply to the SIGURG signal generated for out-of-band data
> on a socket: this signal is always sent to either a process or a
> process group, depending on the value given to F_SETOWN. Note
> also that Linux imposes a limit on the number of real-time sig-
> nals that may be queued to a process (see getrlimit(2) and sig-
> nal(7)) and if this limit is reached, then the kernel reverts to
> delivering SIGIO, and this signal is delivered to the entire
> process rather than to a specifc thread.
>
> Look oay now?
Looks ood.
It will take a minor genius to translate that to working
multi-threaded RT-SIGIO code without a tutorial -- and in fact I
haven't heard of any program or library which does it (though I'm
trying to write one) -- but technically it seems to include everything.
2005-04-05 05:54:09 +00:00
|
|
|
.\" See fs/fcntl.c::send_sigio_to_task() (2.4/2.6) sources -- MTK, Apr 05
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B F_GETSIG
|
|
|
|
Get the signal sent when input or output becomes possible. A value of
|
|
|
|
zero means SIGIO is sent. Any other value (including SIGIO) is the
|
|
|
|
signal sent instead, and in this case additional info is available to
|
|
|
|
the signal handler if installed with SA_SIGINFO.
|
|
|
|
.TP
|
|
|
|
.B F_SETSIG
|
|
|
|
Sets the signal sent when input or output becomes possible. A value of
|
|
|
|
zero means to send the default SIGIO signal. Any other value (including
|
|
|
|
SIGIO) is the signal to send instead, and in this case additional info
|
|
|
|
is available to the signal handler if installed with SA_SIGINFO.
|
|
|
|
.sp
|
2005-04-08 13:42:00 +00:00
|
|
|
Additionally, passing a non-zero value to
|
|
|
|
.B F_SETSIG
|
|
|
|
changes the signal recipient from a whole process to a specific thread
|
|
|
|
within a process.
|
2005-04-18 13:35:29 +00:00
|
|
|
See the description of
|
2005-04-08 13:42:00 +00:00
|
|
|
.B F_SETOWN
|
|
|
|
for more details.
|
|
|
|
.sp
|
|
|
|
By using
|
|
|
|
.B F_SETSIG
|
|
|
|
with a non-zero value, and setting SA_SIGINFO for the
|
2004-11-03 13:51:07 +00:00
|
|
|
signal handler (see
|
|
|
|
.BR sigaction (2)),
|
|
|
|
extra information about I/O events is passed to
|
|
|
|
the handler in a
|
|
|
|
.I siginfo_t
|
|
|
|
structure.
|
|
|
|
If the
|
|
|
|
.I si_code
|
|
|
|
field indicates the source is SI_SIGIO, the
|
|
|
|
.I si_fd
|
|
|
|
field gives the file descriptor associated with the event. Otherwise,
|
|
|
|
there is no indication which file descriptors are pending, and you
|
|
|
|
should use the usual mechanisms
|
|
|
|
.RB ( select (2),
|
|
|
|
.BR poll (2),
|
|
|
|
.BR read (2)
|
|
|
|
with
|
|
|
|
.B O_NONBLOCK
|
|
|
|
set etc.) to determine which file descriptors are available for I/O.
|
|
|
|
.sp
|
2006-08-04 12:39:17 +00:00
|
|
|
By selecting a real time signal (value >= SIGRTMIN), multiple
|
2004-11-03 13:51:07 +00:00
|
|
|
I/O events may be queued using the same signal numbers. (Queuing is
|
|
|
|
dependent on available memory). Extra information is available
|
|
|
|
if SA_SIGINFO is set for the signal handler, as above.
|
|
|
|
.PP
|
|
|
|
Using these mechanisms, a program can implement fully asynchronous I/O
|
|
|
|
without using
|
|
|
|
.BR select (2)
|
|
|
|
or
|
|
|
|
.BR poll (2)
|
|
|
|
most of the time.
|
|
|
|
.PP
|
|
|
|
The use of
|
|
|
|
.BR O_ASYNC ,
|
|
|
|
.BR F_GETOWN ,
|
|
|
|
.B F_SETOWN
|
|
|
|
is specific to BSD and Linux.
|
|
|
|
.B F_GETSIG
|
|
|
|
and
|
|
|
|
.B F_SETSIG
|
|
|
|
are Linux-specific. POSIX has asynchronous I/O and the
|
|
|
|
.I aio_sigevent
|
|
|
|
structure to achieve similar things; these are also available
|
|
|
|
in Linux as part of the GNU C Library (Glibc).
|
|
|
|
.P
|
|
|
|
.SS Leases
|
|
|
|
.B F_SETLEASE
|
|
|
|
and
|
|
|
|
.B F_GETLEASE
|
|
|
|
(Linux 2.4 onwards) are used (respectively) to establish and
|
|
|
|
retrieve the current setting of the calling process's lease on
|
|
|
|
the file referred to by
|
|
|
|
.IR fd .
|
|
|
|
A file lease provides a mechanism whereby the process holding
|
|
|
|
the lease (the "lease holder") is notified (via delivery of a signal)
|
2005-10-13 09:30:54 +00:00
|
|
|
when a process (the "lease breaker") tries to
|
2004-11-03 13:51:07 +00:00
|
|
|
.BR open (2)
|
|
|
|
or
|
|
|
|
.BR truncate (2)
|
|
|
|
that file.
|
|
|
|
.TP
|
|
|
|
.B F_SETLEASE
|
|
|
|
Set or remove a file lease according to which of the following
|
|
|
|
values is specified in the integer
|
|
|
|
.IR arg :
|
|
|
|
|
|
|
|
.RS
|
|
|
|
.TP
|
|
|
|
.B F_RDLCK
|
|
|
|
Take out a read lease.
|
2005-10-12 14:54:00 +00:00
|
|
|
This will cause the calling process to be notified when
|
2005-10-13 09:30:54 +00:00
|
|
|
the file is opened for writing or is truncated.
|
2005-10-12 14:54:00 +00:00
|
|
|
.\" The following became true in kernel 2.6.10:
|
|
|
|
.\" See the man-pages-2.09 Changelog for further info.
|
|
|
|
A read lease can only be placed on a file descriptor that
|
|
|
|
is opened read-only.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B F_WRLCK
|
|
|
|
Take out a write lease.
|
2005-10-13 09:30:54 +00:00
|
|
|
This will cause the caller to be notified when
|
|
|
|
the file is opened for reading or writing or is truncated.
|
2004-11-03 13:51:07 +00:00
|
|
|
A write lease may be placed on a file only if no other process
|
|
|
|
currently has the file open.
|
|
|
|
.TP
|
|
|
|
.B F_UNLCK
|
|
|
|
Remove our lease from the file.
|
|
|
|
.RE
|
|
|
|
.P
|
|
|
|
A process may hold only one type of lease on a file.
|
|
|
|
.P
|
|
|
|
Leases may only be taken out on regular files.
|
|
|
|
An unprivileged process may only take out a lease on a file whose
|
|
|
|
UID matches the file system UID of the process.
|
|
|
|
A process with the
|
|
|
|
.B CAP_LEASE
|
|
|
|
capability may take out leases on arbitrary files.
|
|
|
|
.TP
|
|
|
|
.B F_GETLEASE
|
|
|
|
Indicates what type of lease we hold on the file
|
|
|
|
referred to by
|
|
|
|
.I fd
|
|
|
|
by returning either
|
|
|
|
.BR F_RDLCK ", " F_WRLCK ", or " F_UNLCK,
|
|
|
|
indicating, respectively, that the calling process holds a
|
|
|
|
read, a write, or no lease on the file.
|
|
|
|
(The third argument to
|
|
|
|
.BR fcntl ()
|
|
|
|
is omitted.)
|
|
|
|
.PP
|
|
|
|
When a process (the "lease breaker") performs an
|
|
|
|
.BR open ()
|
|
|
|
or
|
|
|
|
.BR truncate ()
|
|
|
|
that conflicts with a lease established via
|
|
|
|
.BR F_SETLEASE ,
|
2005-11-17 14:56:41 +00:00
|
|
|
the system call is blocked by the kernel and
|
|
|
|
the kernel notifies the lease holder by sending it a signal
|
2004-11-03 13:51:07 +00:00
|
|
|
(SIGIO by default).
|
|
|
|
The lease holder should respond to receipt of this signal by doing
|
|
|
|
whatever cleanup is required in preparation for the file to be
|
|
|
|
accessed by another process (e.g., flushing cached buffers) and
|
|
|
|
then either remove or downgrade its lease.
|
|
|
|
A lease is removed by performing an
|
|
|
|
.B F_SETLEASE
|
|
|
|
command specifying
|
|
|
|
.I arg
|
|
|
|
as
|
|
|
|
.BR F_UNLCK .
|
|
|
|
If we currently hold a write lease on the file,
|
|
|
|
and the lease breaker is opening the file for reading,
|
|
|
|
then it is sufficient to downgrade the lease to a read lease.
|
|
|
|
This is done by performing an
|
|
|
|
.B F_SETLEASE
|
|
|
|
command specifying
|
|
|
|
.I arg
|
|
|
|
as
|
|
|
|
.BR F_RDLCK .
|
|
|
|
|
|
|
|
If the lease holder fails to downgrade or remove the lease within
|
|
|
|
the number of seconds specified in
|
|
|
|
.I /proc/sys/fs/lease-break-time
|
|
|
|
then the kernel forcibly removes or downgrades the lease holder's lease.
|
|
|
|
|
|
|
|
Once the lease has been voluntarily or forcibly removed or downgraded,
|
|
|
|
and assuming the lease breaker has not unblocked its system call,
|
|
|
|
the kernel permits the lease breaker's system call to proceed.
|
|
|
|
|
2005-11-17 14:56:41 +00:00
|
|
|
If the lease breaker's blocked
|
|
|
|
.BR open ()
|
|
|
|
or
|
|
|
|
.BR truncate ()
|
|
|
|
is interrupted by a signal handler,
|
|
|
|
then the system call fails with the error
|
|
|
|
.BR EINTR ,
|
|
|
|
but the other steps still occur as described above.
|
|
|
|
If the lease breaker is killed by a signal while blocked in
|
|
|
|
.BR open ()
|
|
|
|
or
|
|
|
|
.BR truncate (),
|
|
|
|
then the other steps still occur as described above.
|
|
|
|
If the lease breaker specifies the
|
|
|
|
.B O_NONBLOCK
|
|
|
|
flag when calling
|
|
|
|
.BR open (),
|
|
|
|
then the call immediately fails with the error
|
|
|
|
.BR EWOULDBLOCK ,
|
|
|
|
but the other steps still occur as described above.
|
|
|
|
|
2004-11-03 13:51:07 +00:00
|
|
|
The default signal used to notify the lease holder is SIGIO,
|
|
|
|
but this can be changed using the
|
|
|
|
.B F_SETSIG
|
|
|
|
command to
|
2005-10-13 09:30:54 +00:00
|
|
|
.BR fcntl ().
|
2004-11-03 13:51:07 +00:00
|
|
|
If a
|
|
|
|
.B F_SETSIG
|
|
|
|
command is performed (even one specifying SIGIO), and the signal
|
|
|
|
handler is established using SA_SIGINFO, then the handler will
|
|
|
|
receive a
|
|
|
|
.I siginfo_t
|
2005-04-18 13:35:29 +00:00
|
|
|
structure as its second argument, and the
|
2004-11-03 13:51:07 +00:00
|
|
|
.I si_fd
|
|
|
|
field of this argument will hold the descriptor of the leased file
|
|
|
|
that has been accessed by another process.
|
|
|
|
(This is useful if the caller holds leases against multiple files).
|
2005-06-24 10:53:06 +00:00
|
|
|
.P
|
2006-06-05 01:51:44 +00:00
|
|
|
.SS "File and directory change notification (dnotify)"
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B F_NOTIFY
|
|
|
|
(Linux 2.4 onwards)
|
|
|
|
Provide notification when the directory referred to by
|
|
|
|
.I fd
|
|
|
|
or any of the files that it contains is changed.
|
|
|
|
The events to be notified are specified in
|
|
|
|
.IR arg ,
|
|
|
|
which is a bit mask specified by ORing together zero or more of
|
|
|
|
the following bits:
|
|
|
|
|
|
|
|
.TS
|
|
|
|
l l
|
|
|
|
----
|
|
|
|
lB l.
|
|
|
|
Bit Description (event in directory)
|
|
|
|
DN_ACCESS A file was accessed (read, pread, readv)
|
|
|
|
DN_MODIFY A file was modified (write, pwrite,
|
|
|
|
writev, truncate, ftruncate)
|
|
|
|
DN_CREATE A file was created (open, creat, mknod,
|
|
|
|
mkdir, link, symlink, rename)
|
|
|
|
DN_DELETE A file was unlinked (unlink, rename to
|
|
|
|
another directory, rmdir)
|
|
|
|
DN_RENAME A file was renamed within this
|
|
|
|
directory (rename)
|
|
|
|
DN_ATTRIB The attributes of a file were changed
|
|
|
|
(chown, chmod, utime[s])
|
|
|
|
.TE
|
|
|
|
.sp
|
2006-04-21 06:49:34 +00:00
|
|
|
(In order to obtain these definitions, the _GNU_SOURCE feature test macro
|
|
|
|
must be defined.)
|
2004-11-03 13:51:07 +00:00
|
|
|
.sp
|
|
|
|
Directory notifications are normally "one-shot", and the application
|
|
|
|
must re-register to receive further notifications.
|
|
|
|
Alternatively, if
|
|
|
|
.B DN_MULTISHOT
|
|
|
|
is included in
|
|
|
|
.IR arg ,
|
|
|
|
then notification will remain in effect until explicitly removed.
|
|
|
|
|
|
|
|
.\" The following does seem a poor API-design choice...
|
|
|
|
A series of
|
|
|
|
.B F_NOTIFY
|
|
|
|
requests is cumulative, with the events in
|
|
|
|
.I arg
|
|
|
|
being added to the set already monitored.
|
|
|
|
To disable notification of all events, make an
|
|
|
|
.B F_NOTIFY
|
|
|
|
call specifying
|
|
|
|
.I arg
|
|
|
|
as 0.
|
|
|
|
.sp
|
|
|
|
Notification occurs via delivery of a signal.
|
|
|
|
The default signal is SIGIO, but this can be changed using the
|
|
|
|
.B F_SETSIG
|
|
|
|
command to
|
|
|
|
.BR fcntl ().
|
|
|
|
In the latter case, the signal handler receives a
|
|
|
|
.I siginfo_t
|
|
|
|
structure as its second argument (if the handler was
|
|
|
|
established using SA_SIGINFO) and the
|
|
|
|
.I si_fd
|
|
|
|
field of this structure contains the file descriptor which
|
|
|
|
generated the notification (useful when establishing notification
|
|
|
|
on multiple directories).
|
|
|
|
.sp
|
|
|
|
Especially when using
|
|
|
|
.BR DN_MULTISHOT ,
|
2006-08-04 12:39:17 +00:00
|
|
|
a real time signal should be used for notification,
|
2004-11-03 13:51:07 +00:00
|
|
|
so that multiple notifications can be queued.
|
2006-02-06 22:43:15 +00:00
|
|
|
|
|
|
|
.B NOTE:
|
|
|
|
New applications should consider using the
|
|
|
|
.I inotify
|
|
|
|
interface (available since kernel 2.6.13),
|
|
|
|
which provides a superior interface for obtaining notifications of
|
|
|
|
file system events. See
|
|
|
|
.BR inotify (7).
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "RETURN VALUE"
|
|
|
|
For a successful call, the return value depends on the operation:
|
|
|
|
.TP 0.9i
|
|
|
|
.B F_DUPFD
|
|
|
|
The new descriptor.
|
|
|
|
.TP
|
|
|
|
.B F_GETFD
|
2005-06-22 10:59:21 +00:00
|
|
|
Value of flags.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B F_GETFL
|
|
|
|
Value of flags.
|
|
|
|
.TP
|
|
|
|
.B F_GETOWN
|
|
|
|
Value of descriptor owner.
|
|
|
|
.TP
|
|
|
|
.B F_GETSIG
|
|
|
|
Value of signal sent when read or write becomes possible, or zero
|
|
|
|
for traditional SIGIO behaviour.
|
|
|
|
.TP
|
|
|
|
All other commands
|
|
|
|
Zero.
|
|
|
|
.PP
|
|
|
|
On error, \-1 is returned, and
|
|
|
|
.I errno
|
|
|
|
is set appropriately.
|
|
|
|
.SH ERRORS
|
|
|
|
.TP
|
|
|
|
.BR EACCES " or " EAGAIN
|
|
|
|
Operation is prohibited by locks held by other processes.
|
2006-02-10 20:29:38 +00:00
|
|
|
.TP
|
|
|
|
.B EAGAIN
|
|
|
|
The operation is prohibited because the file has been memory-mapped by
|
2004-11-03 13:51:07 +00:00
|
|
|
another process.
|
|
|
|
.TP
|
|
|
|
.B EBADF
|
|
|
|
.I fd
|
|
|
|
is not an open file descriptor, or the command was
|
|
|
|
.B F_SETLK
|
|
|
|
or
|
|
|
|
.B F_SETLKW
|
|
|
|
and the file descriptor open mode doesn't match with the
|
|
|
|
type of lock requested.
|
|
|
|
.TP
|
|
|
|
.B EDEADLK
|
|
|
|
It was detected that the specified
|
|
|
|
.B F_SETLKW
|
|
|
|
command would cause a deadlock.
|
|
|
|
.TP
|
|
|
|
.B EFAULT
|
|
|
|
.I lock
|
|
|
|
is outside your accessible address space.
|
|
|
|
.TP
|
|
|
|
.B EINTR
|
|
|
|
For
|
|
|
|
.BR F_SETLKW ,
|
|
|
|
the command was interrupted by a signal.
|
|
|
|
For
|
|
|
|
.BR F_GETLK " and " F_SETLK ,
|
|
|
|
the command was interrupted by a signal before the lock was checked or
|
|
|
|
acquired. Most likely when locking a remote file (e.g. locking over
|
|
|
|
NFS), but can sometimes happen locally.
|
|
|
|
.TP
|
|
|
|
.B EINVAL
|
|
|
|
For
|
|
|
|
.BR F_DUPFD ,
|
|
|
|
.I arg
|
|
|
|
is negative or is greater than the maximum allowable value. For
|
|
|
|
.BR F_SETSIG ,
|
|
|
|
.I arg
|
|
|
|
is not an allowable signal number.
|
|
|
|
.TP
|
|
|
|
.B EMFILE
|
|
|
|
For
|
|
|
|
.BR F_DUPFD ,
|
|
|
|
the process already has the maximum number of file descriptors open.
|
|
|
|
.TP
|
|
|
|
.B ENOLCK
|
|
|
|
Too many segment locks open, lock table is full, or a remote locking
|
|
|
|
protocol failed (e.g. locking over NFS).
|
|
|
|
.TP
|
|
|
|
.B EPERM
|
|
|
|
Attempted to clear the
|
|
|
|
.B O_APPEND
|
|
|
|
flag on a file that has the append-only attribute set.
|
|
|
|
.SH NOTES
|
|
|
|
The errors returned by
|
2005-06-22 09:53:58 +00:00
|
|
|
.BR dup2 ()
|
2004-11-03 13:51:07 +00:00
|
|
|
are different from those returned by
|
|
|
|
.BR F_DUPFD .
|
|
|
|
|
|
|
|
Since kernel 2.0, there is no interaction between the types of lock
|
|
|
|
placed by
|
|
|
|
.BR flock (2)
|
|
|
|
and
|
|
|
|
.BR fcntl (2).
|
|
|
|
|
2006-08-03 13:57:17 +00:00
|
|
|
POSIX.1-2001 allows
|
2004-11-03 13:51:07 +00:00
|
|
|
.I l_len
|
|
|
|
to be negative. (And if it is, the interval described by the lock
|
|
|
|
covers bytes
|
|
|
|
.IR l_start + l_len
|
|
|
|
up to and including
|
2005-06-15 14:10:23 +00:00
|
|
|
.IR l_start \-1.)
|
2004-11-03 13:51:07 +00:00
|
|
|
This is supported by Linux since Linux 2.4.21 and 2.5.49.
|
|
|
|
|
|
|
|
Several systems have more fields in
|
|
|
|
.I "struct flock"
|
|
|
|
such as e.g.
|
|
|
|
.IR l_sysid .
|
|
|
|
Clearly,
|
|
|
|
.I l_pid
|
|
|
|
alone is not going to be very useful if the process holding the lock
|
|
|
|
may live on a different machine.
|
2004-12-10 16:26:28 +00:00
|
|
|
.SH BUGS
|
Date: Mon, 13 Dec 2004 12:09:43 +0100 (MET)
From: "Michael Kerrisk" <mtk-manpages@gmx.net>
To: Andries Brouwer <Andries.Brouwer@cwi.nl>
Subject: Re: errno
Hi Andries,
> On Fri, Dec 10, 2004 at 05:07:36PM +0100, Michael Kerrisk wrote:
>
> > I added this text to fcntl.2:
> >
> > BUGS
> > A limitation of the Linux system call conventions means that
> > if a (negative) process group ID to be returned by F_GETOWN
> > falls in the range -1 to -4095, then the return value is
> > wrongly interpreted by glibc as an error in the system call;
> > that is, the return value of fcntl() will be -1, and errno
> > will contain the (positive) process group ID.
>
> Yes.
>
> (Maybe glibc always did this, early libc considered any negative
> return value an error. On the other hand, not all the world is an i386 -
> IBM has just decided that we don't need any i386's anymore
> and sold their stuff to the Chinese - we must use PPC, as Linus
> does already - and on other architectures we do not have this
> ugliness, I think.)
>
> You might consider adding "i386" somewhere:
> A limitation of the Linux i386 system call conventions ...
Some testing on ia64 (RedHat EL 3.0, 2.4.21) and
alpha (2.4.18, Debian 3.0) showed that any negative PGID value
causes F_GETOWN to fail.
My limited reading of the ia64 source:
sysdeps/unix/sysv/linux/ia64/sysdep.h
shows that there is a comment about the -4095 value there,
but that doesn't seem to reflect the reality of the code.
Reading the source, the -4095 limit seems to hold on some
other architectures, e.g.:
sysdeps/unix/sysv/linux/m68k/sysdep.h
sysdeps/unix/sysv/linux/hppa/sysdep.h
sysdeps/unix/sysv/linux/s390/s390-32/sysdep.h
sysdeps/unix/sysv/linux/s390/s390-64/sysdep.h
sysdeps/unix/sysv/linux/x86_64/sysdep.h
Unfortunately, I have no non-x86 systems other than the above
alpha and ia64 (HP-testdrive) on which I can test.
I modified the text a little:
BUGS
A limitation of the Linux system call conventions on some
architectures (notably x86) means that if a (negative) pro‐
cess group ID to be returned by F_GETOWN falls in the range
-1 to -4095, then the return value is wrongly interpreted
by glibc as an error in the system call; that is, the
return value of fcntl() will be -1, and errno will contain
the (positive) process group ID.
I've left a FIXME in the man page source noting that details have
yet to be sorted out for ia64, alpha, etc.
2004-12-13 11:32:37 +00:00
|
|
|
A limitation of the Linux system call conventions on some
|
|
|
|
architectures (notably x86) means that if a (negative)
|
|
|
|
process group ID to be returned by
|
2004-12-10 16:26:28 +00:00
|
|
|
.B F_GETOWN
|
2005-06-15 14:10:23 +00:00
|
|
|
falls in the range \-1 to \-4095, then the return value is wrongly
|
2004-12-10 16:26:28 +00:00
|
|
|
interpreted by glibc as an error in the system call;
|
Date: Mon, 13 Dec 2004 12:09:43 +0100 (MET)
From: "Michael Kerrisk" <mtk-manpages@gmx.net>
To: Andries Brouwer <Andries.Brouwer@cwi.nl>
Subject: Re: errno
Hi Andries,
> On Fri, Dec 10, 2004 at 05:07:36PM +0100, Michael Kerrisk wrote:
>
> > I added this text to fcntl.2:
> >
> > BUGS
> > A limitation of the Linux system call conventions means that
> > if a (negative) process group ID to be returned by F_GETOWN
> > falls in the range -1 to -4095, then the return value is
> > wrongly interpreted by glibc as an error in the system call;
> > that is, the return value of fcntl() will be -1, and errno
> > will contain the (positive) process group ID.
>
> Yes.
>
> (Maybe glibc always did this, early libc considered any negative
> return value an error. On the other hand, not all the world is an i386 -
> IBM has just decided that we don't need any i386's anymore
> and sold their stuff to the Chinese - we must use PPC, as Linus
> does already - and on other architectures we do not have this
> ugliness, I think.)
>
> You might consider adding "i386" somewhere:
> A limitation of the Linux i386 system call conventions ...
Some testing on ia64 (RedHat EL 3.0, 2.4.21) and
alpha (2.4.18, Debian 3.0) showed that any negative PGID value
causes F_GETOWN to fail.
My limited reading of the ia64 source:
sysdeps/unix/sysv/linux/ia64/sysdep.h
shows that there is a comment about the -4095 value there,
but that doesn't seem to reflect the reality of the code.
Reading the source, the -4095 limit seems to hold on some
other architectures, e.g.:
sysdeps/unix/sysv/linux/m68k/sysdep.h
sysdeps/unix/sysv/linux/hppa/sysdep.h
sysdeps/unix/sysv/linux/s390/s390-32/sysdep.h
sysdeps/unix/sysv/linux/s390/s390-64/sysdep.h
sysdeps/unix/sysv/linux/x86_64/sysdep.h
Unfortunately, I have no non-x86 systems other than the above
alpha and ia64 (HP-testdrive) on which I can test.
I modified the text a little:
BUGS
A limitation of the Linux system call conventions on some
architectures (notably x86) means that if a (negative) pro‐
cess group ID to be returned by F_GETOWN falls in the range
-1 to -4095, then the return value is wrongly interpreted
by glibc as an error in the system call; that is, the
return value of fcntl() will be -1, and errno will contain
the (positive) process group ID.
I've left a FIXME in the man page source noting that details have
yet to be sorted out for ia64, alpha, etc.
2004-12-13 11:32:37 +00:00
|
|
|
.\" glibc source: sysdeps/unix/sysv/linux/i386/sysdep.h
|
2004-12-10 16:26:28 +00:00
|
|
|
that is, the return value of
|
|
|
|
.BR fcntl ()
|
|
|
|
will be \-1, and
|
|
|
|
.I errno
|
|
|
|
will contain the (positive) process group ID.
|
Date: Mon, 13 Dec 2004 12:09:43 +0100 (MET)
From: "Michael Kerrisk" <mtk-manpages@gmx.net>
To: Andries Brouwer <Andries.Brouwer@cwi.nl>
Subject: Re: errno
Hi Andries,
> On Fri, Dec 10, 2004 at 05:07:36PM +0100, Michael Kerrisk wrote:
>
> > I added this text to fcntl.2:
> >
> > BUGS
> > A limitation of the Linux system call conventions means that
> > if a (negative) process group ID to be returned by F_GETOWN
> > falls in the range -1 to -4095, then the return value is
> > wrongly interpreted by glibc as an error in the system call;
> > that is, the return value of fcntl() will be -1, and errno
> > will contain the (positive) process group ID.
>
> Yes.
>
> (Maybe glibc always did this, early libc considered any negative
> return value an error. On the other hand, not all the world is an i386 -
> IBM has just decided that we don't need any i386's anymore
> and sold their stuff to the Chinese - we must use PPC, as Linus
> does already - and on other architectures we do not have this
> ugliness, I think.)
>
> You might consider adding "i386" somewhere:
> A limitation of the Linux i386 system call conventions ...
Some testing on ia64 (RedHat EL 3.0, 2.4.21) and
alpha (2.4.18, Debian 3.0) showed that any negative PGID value
causes F_GETOWN to fail.
My limited reading of the ia64 source:
sysdeps/unix/sysv/linux/ia64/sysdep.h
shows that there is a comment about the -4095 value there,
but that doesn't seem to reflect the reality of the code.
Reading the source, the -4095 limit seems to hold on some
other architectures, e.g.:
sysdeps/unix/sysv/linux/m68k/sysdep.h
sysdeps/unix/sysv/linux/hppa/sysdep.h
sysdeps/unix/sysv/linux/s390/s390-32/sysdep.h
sysdeps/unix/sysv/linux/s390/s390-64/sysdep.h
sysdeps/unix/sysv/linux/x86_64/sysdep.h
Unfortunately, I have no non-x86 systems other than the above
alpha and ia64 (HP-testdrive) on which I can test.
I modified the text a little:
BUGS
A limitation of the Linux system call conventions on some
architectures (notably x86) means that if a (negative) pro‐
cess group ID to be returned by F_GETOWN falls in the range
-1 to -4095, then the return value is wrongly interpreted
by glibc as an error in the system call; that is, the
return value of fcntl() will be -1, and errno will contain
the (positive) process group ID.
I've left a FIXME in the man page source noting that details have
yet to be sorted out for ia64, alpha, etc.
2004-12-13 11:32:37 +00:00
|
|
|
.\" FIXME Dec 04: some limited testing on alpha and ia64 seems to
|
|
|
|
.\" indicate that ANY negative PGID value will cause F_GETOWN
|
2005-04-18 13:35:29 +00:00
|
|
|
.\" to misinterpret the return as an error. Some other architectures
|
2006-02-08 09:44:13 +00:00
|
|
|
.\" seem to have the same range check as x86. Must document
|
|
|
|
.\" the reality on other architectures -- MTK
|
Noted F_SETOWN bug for socket file descriptor in Linux 2.4 and earlier.
Added text on permissions required to send signal to owner.
====
Hello Johannes,
> Betreff: Inaccuracy of fcntl man page
> Datum: Mon, 2 May 2005 20:07:12 +0200
Thanks for yor note.
Sorry for the delay in getting back to you. I needed to find time
to set aside to look at the details. Now I've finally got there.
> I have attached a simple program
Thanks -- a little program is always helpful.
> that uses the fcntl system call in order
> to kill an arbitrary process of the same user.
> According to the fcntl man page, fcntl(fd,F_SETOWN,pid) returns zero if
> it has success.
Yes.
> If you strace the program while killing for exampe man running in another
> terminal, you will see that man is killed, but fcntl(fd,F_SETOWN,pid)
> will return EPERM,
I confirm that I see this problem in 2.4, with both Unix domain
and Internet domain sockets.
> where you can only find a very confusing explanation
> in the fcntl man page.
I'm not sure what explanation you mean here. As far as I can
tell, the manual page just doesn't cover this point.
> I have looked into the kernel source of 2.4.30 and found out, that
> net/core/socket::sock_no_fcntl is the culprit if you use fcntl on Unix
> sockets.
Yes, looks that way to me, as well, And the 2.2 code looks
similar.
> If pid is not your own pid or not your own process group,
> the system call will return EPERM but will also set the pid
> as you wanted to.
Yes.
> In the 2.6 kernel line, fcntl will react according the specification in
> the manual page.
Yes.
> If you also think, that one should clarify the return specification of
> fcntl(fd,F_SETOWN,pid) or 2.4.x kernels, please tell me and I will
> provide you with a patch for the manual page.
In fact I've written some new text under BUGS, which describes
the problem:
In Linux 2.4 and earlier, there is bug that can occur when an
unprivileged process uses F_SETOWN to specify the owner of a
socket file descriptor as a process (group) other than the
caller. In this case, fcntl() can return -1 with errno set to
EPERM, even when the owner process (group) is one that the
caller has permission to send signals to. Despite this error
return, the file descriptor owner is set, and signals will be
sent to the owner.
Does that seem okay to you?
> Furthermore, it would be interseting to write there, what permissions
> one need in order to send signals to processes via fcntl
Good idea. I added the following new text:
Sending a signal to the owner process (group) specified by
F_SETOWN is subject to the same permissions checks as are
described for kill(2), where the sending process is the one that
employs F_SETOWN (but see BUGS below).
====
#define _GNU_SOURCE /* needed to get the defines */
#include <fcntl.h> /* in glibc 2.2 this has the needed
values defined */
#include <signal.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
/**
* Funnykill kills a program with fcntl
**/
int
main (int argc, char **argv)
{
if (argc != 2)
{
fprintf (stderr, "Usage: funnykill <pid>\n");
return 1;
}
int sockets[2];
socketpair (AF_UNIX, SOCK_STREAM, 0, sockets);
if (fcntl (sockets[0], F_SETFL, O_ASYNC | O_NONBLOCK) == -1)
errMsg("fcntl-F_SETFL");
if (fcntl (sockets[0], F_SETOWN, atoi (argv[1])) == -1)
errMsg("fcntl-F_SETOWN");
// fcntl (sockets[0], F_SETOWN, getpid());
if (fcntl (sockets[0], F_SETSIG, SIGKILL) == -1)
errMsg("fcntl-_FSETSIG");
write (sockets[1], "good bye", 9);
}
2005-05-20 12:11:25 +00:00
|
|
|
|
|
|
|
In Linux 2.4 and earlier, there is bug that can occur
|
|
|
|
when an unprivileged process uses
|
|
|
|
.B F_SETOWN
|
|
|
|
to specify the owner
|
|
|
|
of a socket file descriptor
|
|
|
|
as a process (group) other than the caller.
|
|
|
|
In this case,
|
|
|
|
.BR fcntl ()
|
|
|
|
can return \-1 with
|
|
|
|
.I errno
|
|
|
|
set to
|
|
|
|
.BR EPERM ,
|
|
|
|
even when the owner process (group) is one that the caller
|
|
|
|
has permission to send signals to.
|
|
|
|
Despite this error return, the file descriptor owner is set,
|
|
|
|
and signals will be sent to the owner.
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "CONFORMING TO"
|
2006-08-03 13:57:17 +00:00
|
|
|
SVr4, 4.3BSD, POSIX.1-2001.
|
|
|
|
Only the operations F_DUPFD,
|
Date: Fri, 28 Jan 2005 11:00:59 +0000
From: Jamie Lokier <jamie@shareable.org>
To: mtk-manpages@gmx.net
Subject: Update to fcntl(2) man page
Hi Michael,
I have a correction to the fcntl(2) man page.
Under the section for F_SETOWN, which describes how to set the
recipient process or group for SIGIO signals, see this paragraph:
The process or process group to receive the signal can be
selected by using the F_SETOWN command to the fcntl function.
If the file descriptor is a socket, this also selects the recip-
ient of SIGURG signals that are delivered when out-of-band data
arrives on that socket. (SIGURG is sent in any situation where
select(2) would report the socket as having an "exceptional con-
dition".) If the file descriptor corresponds to a terminal
device, then SIGIO signals are sent to the foreground process
group of the terminal.
I would like to add an additional paragraph:
The value given to F_SETOWN has a slightly different meaning
when F_SETSIG is used in a multi-threaded process.
If a non-zero value is given to F_SETSIG, then a positive
value given to F_SETOWN identifies a specific thread within a
process, instead of a whole process. The value is a thread id
not a process id, so you may need to pass the result of
gettid() instead of getpid() to get sensible results when
F_SETSIG is used. (Thread ids are different from process ids,
although they have the same value for some threads depending
on details of the threading library used).
Also, this is the first paragraph of the F_SETSIG section:
Sets the signal sent when input or output becomes possible. A
value of zero means to send the default SIGIO signal. Any other
value (including SIGIO) is the signal to send instead, and in
this case additional info is available to the signal handler if
installed with SA_SIGINFO.
I'd like to append another paragraph right after that one:
Additionally, passing a non-zero value to F_SETSIG changes the
signal recipient from a whole process to a specific thread
within a process. The section on F_SETOWN gives more details.
Date: Thu, 7 Apr 2005 17:58:59 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
[[...]]
> I've been trying to follow the kernel source code to verify
> the details you describe above. The relevant place is the
> 'switch' in fs/fcntl.c::send_sigio_to_task() right?
Yes.
> Also, for NPTL, perhaps one needs to mention that for the main
> thread, gettid() == getpid(), which allows the traditional
> use of F_SETSIG / F_SETOWN in programs consisting of a single
> thread -- right?
Yes, that makes sense. It's also fine for the "main thread" with
NPTL, so programs which spawn threads can still use F_SETOWN/F_SETSIG
in the main thread using getpid().
Date: Tue, 12 Apr 2005 15:25:49 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
Michael Kerrisk wrote:
> F_SETOWN
> Set the process ID or process group ID that will
> receive SIGIO and SIGURG signals for events on
> file descriptor fd. A process ID is specified as
> a positive value; a process group ID is specified
> as a negative value.
>
> If you set the O_ASYNC status flag on a file
> descriptor (either by providing this flag with the
> open(2) call, or by using the F_SETFL command of
> fcntl), a SIGIO signal is sent whenever input or
> output becomes possible on that file descriptor.
> F_SETSIG can be used to obtain delivery of a sig‐
> nal other than SIGIO.
>
> If the file descriptor fd refers to a socket,
> F_SETOWN also selects the recipient of SIGURG sig‐
> nals that are delivered when out-of-band data
> arrives on that socket. (SIGURG is sent in any
> situation where select(2) would report the socket
> as having an "exceptional condition".)
>
> If a non-zero value is given to F_SETSIG in a
> multi-threaded process, then a positive value
> value given to F_SETOWN has a different meaning:
> instead of being a process ID identifying a whole
> process, it is a thread ID identifying a specific
> thread within a process. Consequently, it may be
> necessary to pass F_SETOWN the result of gettid()
> instead of getpid() to get sensible results when
> F_SETSIG is used. (In current Linux threading
> implementations, a main thread's thread ID is the
> same as its process ID. This means that a single-
> threaded program can equally use gettid() or get‐
> pid() in this scenario.) Note, however, that the
> statements in this paragraph do not apply to the
> SIGURG signal generated for out-of-band data on a
> socket: this signal is always sent to either a
> process or a process group, depending on the value
> given to F_SETOWN.
>
> And the first part of the description of F_SETSIG now reads:
>
> F_SETSIG
> Sets the signal sent when input or output becomes
> possible. A value of zero means to send the
> default SIGIO signal. Any other value (including
> SIGIO) is the signal to send instead, and in this
> case additional info is available to the signal
> handler if installed with SA_SIGINFO.
>
> Additionally, passing a non-zero value to F_SETSIG
> changes the signal recipient from a whole process
> to a specific thread within a process. See the
> desciption of F_SETOWN for more details.
>
> Does the above seem okay to you?
It looks good, but:
1. An omission: It mentions that SIGURG is always sent to the whole
process. SIGIO is also sent to the whole process, instead of
queueing a thread-specific signal, when the signal queue is full.
Programs that mustn't miss readiness events need to handle it.
2. The description could be confusing to LinuxThreads users, because
all the signals are thread-specific in LinuxThreads.
Date: Tue, 12 Apr 2005 16:53:19 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
Michael Kerrisk wrote:
> > 1. An omission: It mentions that SIGURG is always sent to the whole
> > process. SIGIO is also sent to the whole process, instead of
> > queueing a thread-specific signal, when the signal queue is full.
> > Programs that mustn't miss readiness events need to handle it.
>
> Sorry -- can you point me to the relevant code for the
> above point please.
In 2.6:
switch (fown->signum) {
siginfo_t si;
default:
/* Queue a rt signal with the appropriate fd as its
value. We use SI_SIGIO as the source, not
SI_KERNEL, since kernel signals always get
delivered even if we can't queue. Failure to
queue in this case _should_ be reported; we fall
back to SIGIO in that case. --sct */
si.si_signo = fown->signum;
si.si_errno = 0;
si.si_code = reason;
/* Make sure we are called with one of the POLL_*
reasons, otherwise we could leak kernel stack into
userspace. */
if ((reason & __SI_MASK) != __SI_POLL)
BUG();
if (reason - POLL_IN >= NSIGPOLL)
si.si_band = ~0L;
else
si.si_band = band_table[reason - POLL_IN];
si.si_fd = fd;
if (!send_sig_info(fown->signum, &si, p))
break;
/* fall-through: fall back on the old plain SIGIO signal */
case 0:
send_group_sig_info(SIGIO, SEND_SIG_PRIV, p);
2.4 is exactly the same, except:
/* fall-through: fall back on the old plain SIGIO signal */
case 0:
send_sig(SIGIO, p, 1);
The fall-through happens when send_sig_info() fails, which happens
when the real-time signal queue is full.
Programs using a queued signal to track file readiness efficiently (as
an alternative to select/poll), must listen for SIGIO in addition to
the real-time signal, as otherwise they will miss notifications when
the queue is full (which happens often on a busy server).
Multi-threaded programs using NPTL must be aware this SIGIO is
process-wide - so receiving it on one thread must cause all threads to
assume a queued signal may be lost. Programs using LinuxThreads do
not have to assume this (but it's safe if they do).
Date: Wed, 13 Apr 2005 17:25:44 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
Michael Kerrisk wrote:
> I added a few more sentences to the end of that paragraph
> on F_SETOWN:
>
> If a non-zero value is given to F_SETSIG in a multi-threaded
> process running with a threading library that supports thread
> groups (e.g., NPTL), then a positive value value given to
> F_SETOWN has a different meaning: instead of being a process ID
> identifying a whole process, it is a thread ID identifying a
> specific thread within a process. Consequently, it may be nec-
> essary to pass F_SETOWN the result of gettid() instead of get
> pid() to get sensible results when F_SETSIG is used. (In cur-
> rent Linux threading implementations, a main thread's thread ID
> is the same as its process ID. This means that a single-
> threaded program can equally use gettid() or getpid() in this
> scenario.) Note, however, that the statements in this paragraph
> do not apply to the SIGURG signal generated for out-of-band data
> on a socket: this signal is always sent to either a process or a
> process group, depending on the value given to F_SETOWN. Note
> also that Linux imposes a limit on the number of real-time sig-
> nals that may be queued to a process (see getrlimit(2) and sig-
> nal(7)) and if this limit is reached, then the kernel reverts to
> delivering SIGIO, and this signal is delivered to the entire
> process rather than to a specifc thread.
>
> Look oay now?
Looks ood.
It will take a minor genius to translate that to working
multi-threaded RT-SIGIO code without a tutorial -- and in fact I
haven't heard of any program or library which does it (though I'm
trying to write one) -- but technically it seems to include everything.
2005-04-05 05:54:09 +00:00
|
|
|
F_GETFD, F_SETFD, F_GETFL, F_SETFL, F_GETLK, F_SETLK, F_SETLKW,
|
2006-08-04 12:39:17 +00:00
|
|
|
F_GETOWN, and F_SETOWN are specified in POSIX.1-2001.
|
2006-08-03 13:57:17 +00:00
|
|
|
|
Date: Fri, 28 Jan 2005 11:00:59 +0000
From: Jamie Lokier <jamie@shareable.org>
To: mtk-manpages@gmx.net
Subject: Update to fcntl(2) man page
Hi Michael,
I have a correction to the fcntl(2) man page.
Under the section for F_SETOWN, which describes how to set the
recipient process or group for SIGIO signals, see this paragraph:
The process or process group to receive the signal can be
selected by using the F_SETOWN command to the fcntl function.
If the file descriptor is a socket, this also selects the recip-
ient of SIGURG signals that are delivered when out-of-band data
arrives on that socket. (SIGURG is sent in any situation where
select(2) would report the socket as having an "exceptional con-
dition".) If the file descriptor corresponds to a terminal
device, then SIGIO signals are sent to the foreground process
group of the terminal.
I would like to add an additional paragraph:
The value given to F_SETOWN has a slightly different meaning
when F_SETSIG is used in a multi-threaded process.
If a non-zero value is given to F_SETSIG, then a positive
value given to F_SETOWN identifies a specific thread within a
process, instead of a whole process. The value is a thread id
not a process id, so you may need to pass the result of
gettid() instead of getpid() to get sensible results when
F_SETSIG is used. (Thread ids are different from process ids,
although they have the same value for some threads depending
on details of the threading library used).
Also, this is the first paragraph of the F_SETSIG section:
Sets the signal sent when input or output becomes possible. A
value of zero means to send the default SIGIO signal. Any other
value (including SIGIO) is the signal to send instead, and in
this case additional info is available to the signal handler if
installed with SA_SIGINFO.
I'd like to append another paragraph right after that one:
Additionally, passing a non-zero value to F_SETSIG changes the
signal recipient from a whole process to a specific thread
within a process. The section on F_SETOWN gives more details.
Date: Thu, 7 Apr 2005 17:58:59 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
[[...]]
> I've been trying to follow the kernel source code to verify
> the details you describe above. The relevant place is the
> 'switch' in fs/fcntl.c::send_sigio_to_task() right?
Yes.
> Also, for NPTL, perhaps one needs to mention that for the main
> thread, gettid() == getpid(), which allows the traditional
> use of F_SETSIG / F_SETOWN in programs consisting of a single
> thread -- right?
Yes, that makes sense. It's also fine for the "main thread" with
NPTL, so programs which spawn threads can still use F_SETOWN/F_SETSIG
in the main thread using getpid().
Date: Tue, 12 Apr 2005 15:25:49 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
Michael Kerrisk wrote:
> F_SETOWN
> Set the process ID or process group ID that will
> receive SIGIO and SIGURG signals for events on
> file descriptor fd. A process ID is specified as
> a positive value; a process group ID is specified
> as a negative value.
>
> If you set the O_ASYNC status flag on a file
> descriptor (either by providing this flag with the
> open(2) call, or by using the F_SETFL command of
> fcntl), a SIGIO signal is sent whenever input or
> output becomes possible on that file descriptor.
> F_SETSIG can be used to obtain delivery of a sig‐
> nal other than SIGIO.
>
> If the file descriptor fd refers to a socket,
> F_SETOWN also selects the recipient of SIGURG sig‐
> nals that are delivered when out-of-band data
> arrives on that socket. (SIGURG is sent in any
> situation where select(2) would report the socket
> as having an "exceptional condition".)
>
> If a non-zero value is given to F_SETSIG in a
> multi-threaded process, then a positive value
> value given to F_SETOWN has a different meaning:
> instead of being a process ID identifying a whole
> process, it is a thread ID identifying a specific
> thread within a process. Consequently, it may be
> necessary to pass F_SETOWN the result of gettid()
> instead of getpid() to get sensible results when
> F_SETSIG is used. (In current Linux threading
> implementations, a main thread's thread ID is the
> same as its process ID. This means that a single-
> threaded program can equally use gettid() or get‐
> pid() in this scenario.) Note, however, that the
> statements in this paragraph do not apply to the
> SIGURG signal generated for out-of-band data on a
> socket: this signal is always sent to either a
> process or a process group, depending on the value
> given to F_SETOWN.
>
> And the first part of the description of F_SETSIG now reads:
>
> F_SETSIG
> Sets the signal sent when input or output becomes
> possible. A value of zero means to send the
> default SIGIO signal. Any other value (including
> SIGIO) is the signal to send instead, and in this
> case additional info is available to the signal
> handler if installed with SA_SIGINFO.
>
> Additionally, passing a non-zero value to F_SETSIG
> changes the signal recipient from a whole process
> to a specific thread within a process. See the
> desciption of F_SETOWN for more details.
>
> Does the above seem okay to you?
It looks good, but:
1. An omission: It mentions that SIGURG is always sent to the whole
process. SIGIO is also sent to the whole process, instead of
queueing a thread-specific signal, when the signal queue is full.
Programs that mustn't miss readiness events need to handle it.
2. The description could be confusing to LinuxThreads users, because
all the signals are thread-specific in LinuxThreads.
Date: Tue, 12 Apr 2005 16:53:19 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
Michael Kerrisk wrote:
> > 1. An omission: It mentions that SIGURG is always sent to the whole
> > process. SIGIO is also sent to the whole process, instead of
> > queueing a thread-specific signal, when the signal queue is full.
> > Programs that mustn't miss readiness events need to handle it.
>
> Sorry -- can you point me to the relevant code for the
> above point please.
In 2.6:
switch (fown->signum) {
siginfo_t si;
default:
/* Queue a rt signal with the appropriate fd as its
value. We use SI_SIGIO as the source, not
SI_KERNEL, since kernel signals always get
delivered even if we can't queue. Failure to
queue in this case _should_ be reported; we fall
back to SIGIO in that case. --sct */
si.si_signo = fown->signum;
si.si_errno = 0;
si.si_code = reason;
/* Make sure we are called with one of the POLL_*
reasons, otherwise we could leak kernel stack into
userspace. */
if ((reason & __SI_MASK) != __SI_POLL)
BUG();
if (reason - POLL_IN >= NSIGPOLL)
si.si_band = ~0L;
else
si.si_band = band_table[reason - POLL_IN];
si.si_fd = fd;
if (!send_sig_info(fown->signum, &si, p))
break;
/* fall-through: fall back on the old plain SIGIO signal */
case 0:
send_group_sig_info(SIGIO, SEND_SIG_PRIV, p);
2.4 is exactly the same, except:
/* fall-through: fall back on the old plain SIGIO signal */
case 0:
send_sig(SIGIO, p, 1);
The fall-through happens when send_sig_info() fails, which happens
when the real-time signal queue is full.
Programs using a queued signal to track file readiness efficiently (as
an alternative to select/poll), must listen for SIGIO in addition to
the real-time signal, as otherwise they will miss notifications when
the queue is full (which happens often on a busy server).
Multi-threaded programs using NPTL must be aware this SIGIO is
process-wide - so receiving it on one thread must cause all threads to
assume a queued signal may be lost. Programs using LinuxThreads do
not have to assume this (but it's safe if they do).
Date: Wed, 13 Apr 2005 17:25:44 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: Update to fcntl(2) man page
Michael Kerrisk wrote:
> I added a few more sentences to the end of that paragraph
> on F_SETOWN:
>
> If a non-zero value is given to F_SETSIG in a multi-threaded
> process running with a threading library that supports thread
> groups (e.g., NPTL), then a positive value value given to
> F_SETOWN has a different meaning: instead of being a process ID
> identifying a whole process, it is a thread ID identifying a
> specific thread within a process. Consequently, it may be nec-
> essary to pass F_SETOWN the result of gettid() instead of get
> pid() to get sensible results when F_SETSIG is used. (In cur-
> rent Linux threading implementations, a main thread's thread ID
> is the same as its process ID. This means that a single-
> threaded program can equally use gettid() or getpid() in this
> scenario.) Note, however, that the statements in this paragraph
> do not apply to the SIGURG signal generated for out-of-band data
> on a socket: this signal is always sent to either a process or a
> process group, depending on the value given to F_SETOWN. Note
> also that Linux imposes a limit on the number of real-time sig-
> nals that may be queued to a process (see getrlimit(2) and sig-
> nal(7)) and if this limit is reached, then the kernel reverts to
> delivering SIGIO, and this signal is delivered to the entire
> process rather than to a specifc thread.
>
> Look oay now?
Looks ood.
It will take a minor genius to translate that to working
multi-threaded RT-SIGIO code without a tutorial -- and in fact I
haven't heard of any program or library which does it (though I'm
trying to write one) -- but technically it seems to include everything.
2005-04-05 05:54:09 +00:00
|
|
|
F_GETSIG, F_SETSIG, F_NOTIFY, F_GETLEASE, and F_SETLEASE
|
2004-11-03 13:51:07 +00:00
|
|
|
are Linux specific.
|
2006-04-21 06:49:34 +00:00
|
|
|
(Define the _GNU_SOURCE macro to obtain these definitions.)
|
2006-08-03 13:57:17 +00:00
|
|
|
.\" .PP
|
|
|
|
.\" SVr4 documents additional EIO, ENOLINK and EOVERFLOW error conditions.
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "SEE ALSO"
|
|
|
|
.BR dup2 (2),
|
|
|
|
.BR flock (2),
|
|
|
|
.BR open (2),
|
|
|
|
.BR socket (2),
|
|
|
|
.BR lockf (3),
|
2006-04-21 06:49:34 +00:00
|
|
|
.BR capabilities (7),
|
2006-05-15 09:13:10 +00:00
|
|
|
.BR feature_test_macros (7)
|
2004-11-03 13:51:07 +00:00
|
|
|
.P
|
|
|
|
See also locks.txt, mandatory.txt, and dnotify.txt in
|
|
|
|
/usr/src/linux/Documentation.
|