[CRIU] [PATCH 2/2] restore: Return error instead of BUG_ON on image corruption
Andrew Vagin
avagin at parallels.com
Mon Mar 25 06:57:39 EDT 2013
On Mon, Mar 25, 2013 at 12:54:02PM +0400, Cyrill Gorcunov wrote:
>
> In case if there image corruption and page entry addres
> is invalid -- exit out gracefully instead of BUG_ON hammer.
>
> Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
> ---
> cr-restore.c | 14 ++++++++++----
> 1 file changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/cr-restore.c b/cr-restore.c
> index f8ed66a..13273c1 100644
> --- a/cr-restore.c
> +++ b/cr-restore.c
> @@ -268,6 +268,7 @@ static int restore_priv_vma_content(pid_t pid)
> unsigned int nr_restored = 0;
> unsigned int nr_shared = 0;
> unsigned int nr_droped = 0;
> + unsigned long va;
>
> vma = list_first_entry(&rst_vmas.h, struct vma_area, list);
>
> @@ -287,22 +288,22 @@ static int restore_priv_vma_content(pid_t pid)
> while (1) {
> PagemapEntry *pe;
> unsigned long off, i;
> - unsigned long va;
>
> ret = pb_read_one_eof(fd, &pe, PB_PAGEMAP);
> if (ret <= 0)
> break;
>
> va = (unsigned long)decode_pointer(pe->vaddr);
> -
> - BUG_ON(va < vma->vma.start);
> + if (va < vma->vma.start)
> + goto err_addr;
>
> for (i = 0; i < pe->nr_pages; i++) {
> unsigned char buf[PAGE_SIZE];
> void *p;
>
> while (va >= vma->vma.end) {
> - BUG_ON(vma->list.next == &rst_vmas.h);
> + if (vma->list.next == &rst_vmas.h)
> + goto err_addr;
> vma = list_entry(vma->list.next, struct vma_area, list);
> }
The check about vma->vma.start should be here
> + if (va < vma->vma.start)
> + goto err_addr;
>
>
> @@ -370,6 +371,11 @@ static int restore_priv_vma_content(pid_t pid)
> pr_info("nr_droped_pages: %d\n", nr_droped);
>
> return 0;
> +
> +err_addr:
> + pr_err("Page entry address %lx outside of VMA %lx-%lx\n",
> + va, (long)vma->vma.start, (long)vma->vma.end);
> + return -1;
> }
>
> static int read_vmas(int pid)
More information about the CRIU
mailing list