[CRIU] Re: [PATCH urgent] restorer: Fix bug in address computation of thread args area

[Cyrill Gorcunov]

On Thu, Mar 29, 2012 at 02:08:08PM +0400, Pavel Emelyanov wrote:
> On 03/28/2012 09:44 PM, Cyrill Gorcunov wrote:
> > On Wed, Mar 28, 2012 at 09:38:42PM +0400, Cyrill Gorcunov wrote:
> >> It's bloody wrong to treat thread_args as arguments
> > 
> > s/thread_args/restore_thread_exec_start/
> 
> ? Send me the proper patch please.
> 

Here is it

	Cyrill
-------------- next part --------------
>From 9bdde9233c6cedbe4c4bd0955c13ef2bec490e51 Mon Sep 17 00:00:00 2001
From: Cyrill Gorcunov <gorcunov at openvz.org>
Date: Wed, 28 Mar 2012 20:51:16 +0400
Subject: [PATCH] restorer: Fix bug in address computation of thread args area

It's wrong to treat restore_thread_exec_start as arguments
area (I managed to overlook this problem in commit
014841825acb14a1d695569b9fe3575f5de6442b) it's rather
a function start address.

The thread arguments area allocated dynamically after the
restorer blob itself.

We didn't hit any problems earlier simply because there
were a few bytes owerwritten in function prologue.

Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
CC: Andrey Vagin <avagin at openvz.org>
---
 cr-restore.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cr-restore.c b/cr-restore.c
index cf32cdb..4f38c7f 100644
--- a/cr-restore.c
+++ b/cr-restore.c
@@ -1601,10 +1601,10 @@ static int sigreturn_restore(pid_t pid, struct list_head *tgt_vmas, int nr_vmas)
 	restore_thread_exec_start	= restore_code_start + restorer_blob_offset__restore_thread;
 	restore_task_exec_start		= restore_code_start + restorer_blob_offset__restore_task;
 	task_args			= restore_code_start + restore_code_len;
-	thread_args			= restore_thread_exec_start;
+	thread_args			= (void *)((long)task_args + sizeof(*task_args));
 
 	memzero_p(task_args);
-	memzero_p(thread_args);
+	memzero(thread_args, sizeof(*thread_args) * me->nr_threads);
 
 	/*
 	 * Code at a new place.
-- 
1.7.7.6