[CRIU] [PATCH 1/9] restore_root_task(): don't fiddle with closed fd
Pavel Emelyanov
xemul at parallels.com
Wed Oct 7 04:56:19 PDT 2015
On 10/07/2015 12:44 PM, Kir Kolyshkin wrote:
> In restore_root_task() function, mnt_ns_fd is closed, but then
> the function calls try_clean_remaps(mnt_ns_fd) which tries to do
> something with the file descriptor which is already closed.
Nice catch :) Actually the fix is incomplete, calling the whole
try_clean_remaps() is not required once we've passed the cleanup_mnt_ns()
point.
> Fix by setting it to -1 after closing.
>
> Reported by Coverity, CID 114629.
>
> Signed-off-by: Kir Kolyshkin <kir at openvz.org>
> ---
> cr-restore.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/cr-restore.c b/cr-restore.c
> index 33205e4..90313a4 100644
> --- a/cr-restore.c
> +++ b/cr-restore.c
> @@ -1847,12 +1847,14 @@ static int restore_root_task(struct pstree_item *init)
> */
> task_entries->nr_threads -= atomic_read(&task_entries->nr_zombies);
>
> - if (mnt_ns_fd >= 0)
> + if (mnt_ns_fd >= 0) {
> /*
> * Don't try_clean_remaps here, since restore went OK
> * and all ghosts were removed by the openers.
> */
> close(mnt_ns_fd);
> + mnt_ns_fd = -1;
> + }
> cleanup_mnt_ns();
>
> ret = stop_usernsd();
>
More information about the CRIU
mailing list