[CRIU] regression with 8ffbe754bd9: rst: Lock rst memory allocations earlier

Tycho Andersen tycho.andersen at canonical.com
Wed Jul 15 07:50:13 PDT 2015


On Wed, Jul 15, 2015 at 05:33:19PM +0300, Pavel Emelyanov wrote:
> On 07/15/2015 03:42 PM, Tycho Andersen wrote:
> > Hi Pavel,
> > 
> > I'm seeing a regression with the patch in the subject, it does this
> > for a while:
> > 
> > (00.138425)    492: Error (rst-malloc.c:130): BUG at rst-malloc.c:130
> > 
> > And then eventually seg faults. Any ideas?
> 
> Well, yes :) I (unintentionally) broke this with the patch you've spotted.
> Sorry about that :(
> 
> The thing is that this code
> 
>         if (lsm) {
>                 char *rendered;
>                 int ret;
> 
>                 ret = render_lsm_profile(lsm, &rendered);
>                 xfree(lsm);
>                 if (ret < 0) {
>                         goto err_nv;
>                 }
> 
>                 lsm_pos = rst_mem_cpos(RM_PRIVATE);
>                 lsm_profile_len = strlen(rendered);
>                 lsm = rst_mem_alloc(lsm_profile_len + 1, RM_PRIVATE);
>                 if (!lsm) {
>                         xfree(rendered);
>                         goto err_nv;
>                 }
> 
>                 strncpy(lsm, rendered, lsm_profile_len);
>                 xfree(rendered);
> 
>         }
> 
> form sigreturn_restore() extends the remapable area _after_ we've found
> a hole for it in the restorer address spaces. So we're risking in having
> some memory overwritten by it.
> 
> I missed this "if (lsm) ..." code when I was disabling allocations from 
> remapable area (with rst_mem_alloc) after the hole is found. The fix for 
> that is to move all the rst_mem_alloc() calls _before_ rst_mem_lock(), 
> but I don't have LSM-enabled system to check the fix works. Can you do
> it, please? :)

Yep, I can send a patch.

Tycho


More information about the CRIU mailing list