Actions
Bug #12255
closedproc_get_fdinfo() crash if fdinfo file grows
Start date:
Due date:
% Done:
100%
Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:
Description
The recently introduced proc_get_fdinfo()
function does not rewind the file pointer when it detects that it needs to re-read with a bigger buffer, usually resulting in a crash. This happens due to a race between fetching the file size and reading it, when the size can change.
This never showed up in testing but some subsequent work involved blowing up the race window and that exposed the problem.
Related issues
Updated by Andy Fiddaman over 2 years ago
- Related to Feature #12046: Provide /proc/<PID>/fdinfo/ added
Updated by Andy Fiddaman over 2 years ago
Manifestation of problem, with truss output. In the test system the size of the fdinfo/3 file is misreported by 40 bytes.
open("/proc/100268/fdinfo/3", O_RDONLY) = 6 read(6, "03\0\0\0FFD1\0\0\0\0\0\0".., 204) = 204 read(6, " / e t c / s y s e v e n".., 408) = 40 read(6, 0x006C6F40, 612) = 0 Incurred fault #6, FLTBOUNDS %pc = 0xFFFFFC7FEF2765A8 siginfo: SIGSEGV SEGV_MAPERR addr=0x1006C702B Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x1006C702B
Updated by Andy Fiddaman over 2 years ago
With the fix:
102826/1: open("/proc/100268/fdinfo/3", O_RDONLY) = 6 102826/1: read(6, "03\0\0\0FFD1\0\0\0\0\0\0".., 204) = 204 102826/1: read(6, "03\0\0\0FFD1\0\0\0\0\0\0".., 408) = 244 102826/1: open("/proc/100268/fdinfo/4", O_RDONLY) = 6
Updated by Andy Fiddaman over 2 years ago
Updated by Electric Monk over 2 years ago
- Status changed from In Progress to Closed
- % Done changed from 0 to 100
git commit 8bd53a1ca9fba2d5585cc775422e4d1db161bf96
commit 8bd53a1ca9fba2d5585cc775422e4d1db161bf96 Author: Andy Fiddaman <omnios@citrus-it.co.uk> Date: 2020-02-04T11:18:23.000Z 12255 proc_get_fdinfo() crash if fdinfo file grows Reviewed by: John Levon <john.levon@joyent.com> Reviewed by: Robert Mustacchi <rm@fingolfin.org> Approved by: Dan McDonald <danmcd@joyent.com>
Actions