fix segmentation fault caused by uninitialized mutex

Submitted by Dengguangxing on June 19, 2019, 9:13 a.m.

Details

Message ID 8C50B2937726384B978A7180669B95A4515B5457@nkgeml514-mbx.china.huawei.com
State Accepted
Series "fix segmentation fault caused by uninitialized mutex"
Headers show

Commit Message

Dengguangxing June 19, 2019, 9:13 a.m.
Segmentation fault was raised while trying to restore a process with
tty. Coredump file says this is caused by uninitialized tty_mutex:
        (gdb) where
        #0  0x00000000004d7270 in atomic_add_return (i=1, v=0x0) at
        include/common/asm/atomic.h:34
        #1  0x00000000004d7398 in mutex_lock (m=0x0) at
        include/common/lock.h:151
        #2  0x00000000004d840c in __pty_open_ptmx_index (index=3, flags=2,
        cb=0x4dce50 <open_pty>, arg=0x11, path=0x5562e0 "ptmx") at
        criu/tty.c:603
        #3  0x00000000004dced8 in pty_create_ptmx_index (dfd=17, index=3,
        flags=2) at criu/tty.c:2384

since init_tty_mutex() is reentrantable, just calling it before
mutex_lock()

Signed-off-by: Deng Guangxing <dengguangxing@huawei.com>
---
 criu/tty.c | 3 +++
 1 file changed, 3 insertions(+)

--
2.17.1

Patch hide | download patch | download mbox

diff --git a/criu/tty.c b/criu/tty.c
index 6fe11530..e9a28897 100644
--- a/criu/tty.c
+++ b/criu/tty.c
@@ -600,6 +600,9 @@  static int __pty_open_ptmx_index(int index, int flags,

        memset(fds, 0xff, sizeof(fds));

+       if (init_tty_mutex())
+               return -1;
+
        mutex_lock(tty_mutex);

        for (i = 0; i < ARRAY_SIZE(fds); i++) {

Comments

Andrei Vagin June 22, 2019, 3:27 a.m.
Cyrill, could you review this patch?

On Wed, Jun 19, 2019 at 09:13:39AM +0000, Dengguangxing wrote:
> 
> Segmentation fault was raised while trying to restore a process with
> tty. Coredump file says this is caused by uninitialized tty_mutex:
>         (gdb) where
>         #0  0x00000000004d7270 in atomic_add_return (i=1, v=0x0) at
>         include/common/asm/atomic.h:34
>         #1  0x00000000004d7398 in mutex_lock (m=0x0) at
>         include/common/lock.h:151
>         #2  0x00000000004d840c in __pty_open_ptmx_index (index=3, flags=2,
>         cb=0x4dce50 <open_pty>, arg=0x11, path=0x5562e0 "ptmx") at
>         criu/tty.c:603
>         #3  0x00000000004dced8 in pty_create_ptmx_index (dfd=17, index=3,
>         flags=2) at criu/tty.c:2384
> 
> since init_tty_mutex() is reentrantable, just calling it before
> mutex_lock()
> 
> Signed-off-by: Deng Guangxing <dengguangxing@huawei.com>
> ---
>  criu/tty.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/criu/tty.c b/criu/tty.c
> index 6fe11530..e9a28897 100644
> --- a/criu/tty.c
> +++ b/criu/tty.c
> @@ -600,6 +600,9 @@ static int __pty_open_ptmx_index(int index, int flags,
> 
>         memset(fds, 0xff, sizeof(fds));
> 
> +       if (init_tty_mutex())
> +               return -1;
> +
>         mutex_lock(tty_mutex);
> 
>         for (i = 0; i < ARRAY_SIZE(fds); i++) {
> --
> 2.17.1
> 
> 
> _______________________________________________
> CRIU mailing list
> CRIU@openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
Cyrill Gorcunov June 22, 2019, 9:32 a.m.
On Fri, Jun 21, 2019 at 08:27:12PM -0700, Andrei Vagin wrote:
> Cyrill, could you review this patch?
> 
> On Wed, Jun 19, 2019 at 09:13:39AM +0000, Dengguangxing wrote:
> > 
> > Segmentation fault was raised while trying to restore a process with
> > tty. Coredump file says this is caused by uninitialized tty_mutex:
> >         (gdb) where
> >         #0  0x00000000004d7270 in atomic_add_return (i=1, v=0x0) at
> >         include/common/asm/atomic.h:34
> >         #1  0x00000000004d7398 in mutex_lock (m=0x0) at
> >         include/common/lock.h:151
> >         #2  0x00000000004d840c in __pty_open_ptmx_index (index=3, flags=2,
> >         cb=0x4dce50 <open_pty>, arg=0x11, path=0x5562e0 "ptmx") at
> >         criu/tty.c:603
> >         #3  0x00000000004dced8 in pty_create_ptmx_index (dfd=17, index=3,
> >         flags=2) at criu/tty.c:2384
> > 
> > since init_tty_mutex() is reentrantable, just calling it before
> > mutex_lock()
> > 
> > Signed-off-by: Deng Guangxing <dengguangxing@huawei.com>
> > ---
> >  criu/tty.c | 3 +++
> >  1 file changed, 3 insertions(+)
> > 
> > diff --git a/criu/tty.c b/criu/tty.c
> > index 6fe11530..e9a28897 100644
> > --- a/criu/tty.c
> > +++ b/criu/tty.c
> > @@ -600,6 +600,9 @@ static int __pty_open_ptmx_index(int index, int flags,
> > 
> >         memset(fds, 0xff, sizeof(fds));
> > 
> > +       if (init_tty_mutex())
> > +               return -1;
> > +
> >         mutex_lock(tty_mutex);
> > 
> >         for (i = 0; i < ARRAY_SIZE(fds); i++) {

This should work but I don't like the whole design,
which is my fault. I'll rework it.

If we need a fast fix then

Reviewed-by: Cyrill Gorcunov <gorcunov@gmail.com>
Andrei Vagin July 3, 2019, 5:20 p.m.
Applied, thanks!

On Wed, Jun 19, 2019 at 09:13:39AM +0000, Dengguangxing wrote:
> 
> Segmentation fault was raised while trying to restore a process with
> tty. Coredump file says this is caused by uninitialized tty_mutex:
>         (gdb) where
>         #0  0x00000000004d7270 in atomic_add_return (i=1, v=0x0) at
>         include/common/asm/atomic.h:34
>         #1  0x00000000004d7398 in mutex_lock (m=0x0) at
>         include/common/lock.h:151
>         #2  0x00000000004d840c in __pty_open_ptmx_index (index=3, flags=2,
>         cb=0x4dce50 <open_pty>, arg=0x11, path=0x5562e0 "ptmx") at
>         criu/tty.c:603
>         #3  0x00000000004dced8 in pty_create_ptmx_index (dfd=17, index=3,
>         flags=2) at criu/tty.c:2384
> 
> since init_tty_mutex() is reentrantable, just calling it before
> mutex_lock()
> 
> Signed-off-by: Deng Guangxing <dengguangxing@huawei.com>
> ---
>  criu/tty.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/criu/tty.c b/criu/tty.c
> index 6fe11530..e9a28897 100644
> --- a/criu/tty.c
> +++ b/criu/tty.c
> @@ -600,6 +600,9 @@ static int __pty_open_ptmx_index(int index, int flags,
> 
>         memset(fds, 0xff, sizeof(fds));
> 
> +       if (init_tty_mutex())
> +               return -1;
> +
>         mutex_lock(tty_mutex);
> 
>         for (i = 0; i < ARRAY_SIZE(fds); i++) {
> --
> 2.17.1
> 
> 
> _______________________________________________
> CRIU mailing list
> CRIU@openvz.org
> https://lists.openvz.org/mailman/listinfo/criu