[CRIU] [PATCH] sk-queue: Use int values in getsockopt
Stanislav Kinsbursky
skinsbursky at parallels.com
Fri Jul 13 10:25:40 EDT 2012
13.07.2012 18:17, Cyrill Gorcunov пишет:
> On Fri, Jul 13, 2012 at 06:11:43PM +0400, Stanislav Kinsbursky wrote:
>>>
>>> | Error (sk-queue.c:102): dump_sk_queue: Can't allocate 171798904800 bytes
>>> | Error (cr-dump.c:1289): Dump files (pid: 2505) failed with -1
>>>
>>
>> That's strange...
>> It looks like kernel bug...
>> BTW, here is a part of sock_getsockopt():
>>
>> int sock_getsockopt(struct socket *sock, int level, int optname,
>> char __user *optval, int __user *optlen)
>> {
>> struct sock *sk = sock->sk;
>>
>> union {
>> int val;
>> struct linger ling;
>> struct timeval tm;
>> } v;
>>
>> <--- SNIP --->
>>
>> memset(&v, 0, sizeof(v)); <=== Doesnt' we zeroing 8 bytes here?
>>
>> <--- SNIP --->
>
> The v is on-kernel-stack variable, when the value pushed back
> to user space it's done by
>
> int lv = sizeof(int);
> ...
> case SO_SNDBUF:
> v.val = sk->sk_sndbuf;
> break;
> ...
>
> if (len > lv)
> len = lv;
> if (copy_to_user(optval, &v, len))
> return -EFAULT;
>
> so when we pass long (on x86-64) it's 8 bytes, while int is 4 bytes
> and we don't clean up hight bits.
>
Ок, now I see.
But, anyway, it looks strange...
I.e. you pass pointer and data size. And probably will expect, that this pointer
will be filled with valid data. But kernel leaves garbage in passed memory
regardless to passed size.
And this is not that must be expected by user from my POW.
--
Best regards,
Stanislav Kinsbursky
More information about the CRIU
mailing list