Actions
Bug #12255
closed
proc_get_fdinfo() crash if fdinfo file grows
Start date:
Due date:
% Done:
100%
Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:
Description
The recently introduced proc_get_fdinfo() function does not rewind the file pointer when it detects that it needs to re-read with a bigger buffer, usually resulting in a crash. This happens due to a race between fetching the file size and reading it, when the size can change.
This never showed up in testing but some subsequent work involved blowing up the race window and that exposed the problem.
Related issues
Updated by Andy Fiddaman over 2 years ago
- Related to Feature #12046: Provide /proc/<PID>/fdinfo/ added
Updated by Andy Fiddaman over 2 years ago
Manifestation of problem, with truss output. In the test system the size of the fdinfo/3 file is misreported by 40 bytes.
open("/proc/100268/fdinfo/3", O_RDONLY) = 6
read(6, "03\0\0\0FFD1\0\0\0\0\0\0".., 204) = 204
read(6, " / e t c / s y s e v e n".., 408) = 40
read(6, 0x006C6F40, 612) = 0
Incurred fault #6, FLTBOUNDS %pc = 0xFFFFFC7FEF2765A8
siginfo: SIGSEGV SEGV_MAPERR addr=0x1006C702B
Received signal #11, SIGSEGV [default]
siginfo: SIGSEGV SEGV_MAPERR addr=0x1006C702B
Updated by Andy Fiddaman over 2 years ago
With the fix:
102826/1: open("/proc/100268/fdinfo/3", O_RDONLY) = 6
102826/1: read(6, "03\0\0\0FFD1\0\0\0\0\0\0".., 204) = 204
102826/1: read(6, "03\0\0\0FFD1\0\0\0\0\0\0".., 408) = 244
102826/1: open("/proc/100268/fdinfo/4", O_RDONLY) = 6
Updated by Andy Fiddaman over 2 years ago
Updated by Electric Monk over 2 years ago
- Status changed from In Progress to Closed
- % Done changed from 0 to 100
git commit 8bd53a1ca9fba2d5585cc775422e4d1db161bf96
commit 8bd53a1ca9fba2d5585cc775422e4d1db161bf96
Author: Andy Fiddaman <omnios@citrus-it.co.uk>
Date: 2020-02-04T11:18:23.000Z
12255 proc_get_fdinfo() crash if fdinfo file grows
Reviewed by: John Levon <john.levon@joyent.com>
Reviewed by: Robert Mustacchi <rm@fingolfin.org>
Approved by: Dan McDonald <danmcd@joyent.com>
Actions