[CRIU] [PATCH] restorer/inotify: Don't overflow PIE stack
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Wed Oct 9 12:48:03 MSK 2019
Thanks a lot for adding me in CC, will port it to VZ7 also.
On 10/4/19 6:32 PM, Dmitry Safonov wrote:
> PATH_MAX == 4096; PATH_MAX*8 == 32k; RESTORE_STACK_SIZE == 32k.
>
> Fixes: a3cdf948699c6 ("inotify: cleanup auxiliary events from queue")
> Cc: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> Cc: Andrei Vagin <avagin at gmail.com>
> Co-debugged-with: Andrei Vagin <avagin at gmail.com>
> Signed-off-by: Dmitry Safonov <dima at arista.com>
> ---
> criu/pie/restorer.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/criu/pie/restorer.c b/criu/pie/restorer.c
> index 390c0e1a9a03..dab58add6abb 100644
> --- a/criu/pie/restorer.c
> +++ b/criu/pie/restorer.c
> @@ -1320,21 +1320,23 @@ static int fd_poll(int inotify_fd)
> }
>
> /*
> - * note: Actually kernel may want even more space for one event (see
> - * round_event_name_len), so using buffer of EVENT_BUFF_SIZE size may fail.
> - * To be on the safe side - take a bigger buffer, and these also allows to
> - * read more events in one syscall.
> + * In the worst case buf size should be:
> + * sizeof(struct inotify_event) * 2 + PATH_MAX
> + * See round_event_name_len() in kernel.
> */
> -#define EVENT_BUFF_SIZE ((sizeof(struct inotify_event) + PATH_MAX))
> +#define EVENT_BUFF_SIZE ((sizeof(struct inotify_event) * 2 + PATH_MAX))
>
> /*
> * Read all available events from inotify queue
> */
> static int cleanup_inotify_events(int inotify_fd)
> {
> - char buf[EVENT_BUFF_SIZE * 8];
> + char buf[EVENT_BUFF_SIZE * 3];
> int ret;
>
> + /* Limit buf to be lesser than half of restorer's stack */
> + BUILD_BUG_ON(ARRAY_SIZE(buf) >= RESTORE_STACK_SIZE/2);
> +
> while (1) {
> ret = fd_poll(inotify_fd);
> if (ret < 0) {
>
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
More information about the CRIU
mailing list