[CRIU] [PATCH v3 06/26] files: Allow to receive further fds
Kirill Tkhai
ktkhai at virtuozzo.com
Wed Dec 7 01:08:44 PST 2016
On 07.12.2016 10:14, Pavel Emelyanov wrote:
> On 12/06/2016 09:11 PM, Kirill Tkhai wrote:
>> On 06.12.2016 21:13, Pavel Emelyanov wrote:
>>> On 12/06/2016 08:19 PM, Kirill Tkhai wrote:
>>>>
>>>>
>>>> On 06.12.2016 20:16, Pavel Emelyanov wrote:
>>>>>
>>>>>> int recv_fd_from_peer(struct fdinfo_list_entry *fle)
>>>>>> {
>>>>>> struct fdinfo_list_entry *tmp;
>>>>>> int fd, ret;
>>>>>>
>>>>>> + if (fle->received)
>>>>>> + return fle->fe->fd;
>>>>>> +again:
>>>>>> ret = recv_fds(fle->fe->fd, &fd, 1, (void *)&tmp, sizeof(struct fdinfo_list_entry *));
>>>>>> if (ret)
>>>>>> return -1;
>>>>>>
>>>>>> if (tmp != fle) {
>>>>>> - pr_err("Received wrong fle\n");
>>>>>> - return -1;
>>>>>> + pr_info("Further fle=%p, pid=%d\n", tmp, fle->pid);
>>>>>> + if (!task_fle(current, fle)) {
>>>>>
>>>>> OK, so this routine makes sure the fle received sits in current's list.
>>>>> Two questions: 1. should we consider receiving of non-current fle as BUG()?
>>>>
>>>> Yes, it's a BUG. We fail restore if so.
>>>
>>> OK, so I'll change this return -1 to BUG() instead.
>>>
>>>>> and 2. can we make the same check by comparing fle->pid with current? All
>>>>> fle's are in shmem, so contents is accessible by everyone.
>>>>
>>>> It seems to be worse, because if there is a problem with fle, it may point
>>>> to a random memory. So fle->pid dereference will finish with SIGSEGV.
>>>
>>> But it can point to a random memory only if someone sends in this descriptor
>>> anything, but fle, right? All fle-s are accessible by anyone.
>>
>> If we do not consider the case with malefactor, then it's only fle, yes.
>
> I will change this check for pid mismatch then, OK?
OK, I have no objections.
More information about the CRIU
mailing list