[CRIU] [PATCH v2 1/5] user_ns: Close pid proc in create_user_ns_hierarhy_fn()

Andrei Vagin avagin at virtuozzo.com
Fri Mar 31 11:13:55 PDT 2017


On Wed, Mar 29, 2017 at 12:19:55PM +0300, Kirill Tkhai wrote:
> Child is cloned with CLONE_FILES, so it may rewrite our
> PROC_SELF file. Close it manually.
> 
> We can't use call_in_child_process(), because we need
> additional actions between clone() and wait().
> 
> Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
> ---
>  criu/namespaces.c |    1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/criu/namespaces.c b/criu/namespaces.c
> index c1bee49f..3a24099c 100644
> --- a/criu/namespaces.c
> +++ b/criu/namespaces.c
> @@ -2251,6 +2251,7 @@ static int create_user_ns_hierarhy_fn(void *in_arg)
>  		futex_set_and_wake(p_futex, ret ? NS__ERROR : NS__RESTORED);
>  	if (arg)
>  		munmap(arg, sizeof(*arg));
> +	close_pid_proc();

                pid = clone(create_user_ns_hierarhy_fn, stack + 128,
CLONE_NEWUSER | CLONE_FILES | SIGCHLD, arg);

This function is called from a process which shares files but doesn't
share memory. close_pid_proc() closes a file descriptor and changes data
in memory, but the parent process doesn't see changes in memory and may
try to use the old file descriptor, which is closed already.

I want to say that close_pid_proc(), open_proc() can't be used in case,
because it is unclear how it will affect a parent process.

https://github.com/xemul/criu/commit/9a38c503

>  	return ret ? 1 : 0;
>  }
>  
> 


More information about the CRIU mailing list