[CRIU] Re: [PATCH 4/4] sockets: Restore unconnected dgram sockets v4

Pavel Emelyanov xemul at parallels.com
Tue Apr 17 10:15:26 EDT 2012


On 04/17/2012 02:18 PM, Cyrill Gorcunov wrote:
> On Mon, Apr 16, 2012 at 08:36:34PM +0400, Cyrill Gorcunov wrote:
>> In case if dgram socket peer is not connected back
>> we can try to resolve peer by name.
>>
>> For security reason this happens only if '-x' option
>> is passed at restore time.
>>
>> In particular this is needed for programs which do
>> use dgram socket to send messages to /dev/log.
> 
> Here is an updated version
> 
>  - '-x' option taken into account on both stages (checkpoint and restore)
>  - fixed bind call on extern sockets
> 
> I've tested it in both way -- with our zdtm suite and crond/rsyslogd
> (which requires inotify).
> 
> 	Cyrill

> @@ -1370,6 +1435,16 @@ static int open_unixsk_standalone(struct unix_sk_info *ui)
>  	if (restore_fown(sk, &ui->ue.fown))
>  		return -1;
>  
> +	/*
> +	 * No connect should be done over external peers,
> +	 * simply bind only to them, and that's all.
> +	 */
> +	if (ui->peer && ui->peer->ue.uflags & USK_EXTERN) {
> +		if (bind_unix_sk(sk, ui->peer))
> +			return -1;
> +		return sk;
> +	}
> +
>  	if (bind_unix_sk(sk, ui))
>  		return -1;
>  

I don't understand why this hunk is needed. This only occurs when we meet someone's file
descriptor pointing to this socket. External sockets don't have anybody with a descriptor
pointing on them (otherwise they would be "internal")

> @@ -1483,6 +1558,9 @@ int resolve_unix_peers(void)
>  		if (!ui->ue.peer)
>  			continue;
>  
> +		if ((ui->ue.uflags & USK_EXTERN) && opts.ext_unix_sk)
> +			continue;
> +
>  		peer = find_unix_sk(ui->ue.peer);
>  		if (!peer) {
>  			pr_err("FATAL: Peer 0x%x unresolved for 0x%x\n",

External socket cannot have a peer on it. Otherwise it's not "external" but "lost internal".


More information about the CRIU mailing list