BUG in parasite_infect_seized()

Submitted by Andrey Vagin on May 20, 2016, 9:05 p.m.

Details

Message ID 20160520210502.GB28567@outlook.office365.com
State Not Applicable
Series "BUG in parasite_infect_seized()"
Headers show

Commit Message

Andrey Vagin May 20, 2016, 9:05 p.m.
On Fri, May 20, 2016 at 03:39:38PM +0300, Kirill Tkhai wrote:
> Hi,
> 
> in case of parasite_start_daemon() fail, there is called:
> 
> parasite_cure_seized()->parasite_cure_remote()->parasite_unmap()->parasite_run() and parasite_stop_on_syscall(),
> 
> but the tracee is not infected at the moment, and it can't execute remote commands.
> 
> So, criu fails to unmap memfd.

I can't understand what you are talking about.

How can I reproduce this bug?

I tried to add a new faul, but everything works as expected:


[root@fc22-vm criu]# python test/zdtm.py run -t zdtm/static/env00 --fault 4 -k always --sbs -f h
=== Run 1/1 ================

========================== Run zdtm/static/env00 in h ==========================
tart test
./env00 --pidfile=env00.pid --outfile=env00.out --envname=ENV_00_TEST
Pause at pre-dump. Press any key to continue.
Run criu dump
Forcing 4 fault
=[log]=> dump/zdtm/static/env00/24/1/dump.log
------------------------ grep Error ------------------------
(00.018147) Error (parasite-syscall.c:1419): 
(00.018290) Error (cr-dump.c:1228): Can't infect (pid: 24) with parasite
(00.018711) Error (cr-dump.c:1600): Dumping FAILED.
------------------------ ERROR OVER ------------------------
Pause at pre-restore. Press any key to continue.
Run criu restore
Forcing 4 fault
=[log]=> dump/zdtm/static/env00/24/1/restore.log
Pause at post-restore. Press any key to continue.
Wait for zdtm/static/env00 to die for 0.100000
========================= Test zdtm/static/env00 PASS ==========================

[root@fc22-vm ~]# perf trace -fp 14650
     0.000 ( 0.000 ms):  ... [continued]: futex()) = -1 (null) Unknown error 512
     7.641 ( 0.053 ms): memfd_create(__syscall_nr: 4194312                                    ) = 3
    10.097 ( 0.045 ms): mmap(addr: 55872, len: EXEC|READ|WRITE, prot: SHARED, flags: 3</memfd:CRIUMFD (deleted)>, off: 42949672960) = 0x7f693db2d000
    11.750 ( 0.013 ms): close(__syscall_nr: 3</memfd:CRIUMFD (deleted)>                       ) = 0
    13.455 ( 0.034 ms): munmap(__syscall_nr: 0x7f693db2d000, addr: 57344, len: 4              ) = 0

> 
> Kirill
> _______________________________________________
> CRIU mailing list
> CRIU@openvz.org
> https://lists.openvz.org/mailman/listinfo/criu

Patch hide | download patch | download mbox

diff --git a/criu/include/fault-injection.h
b/criu/include/fault-injection.h
index f1e5c72..af721ab 100644
--- a/criu/include/fault-injection.h
+++ b/criu/include/fault-injection.h
@@ -7,6 +7,7 @@  enum faults {
        FI_DUMP_EARLY,
        FI_RESTORE_ROOT_ONLY,
        FI_DUMP_PAGES,
+       FI_PARASITE_START_DAEMON,
        /* not fatal */
        FI_CHECK_OPEN_HANDLE = 128,
        FI_NO_MEMFD = 129,
diff --git a/criu/parasite-syscall.c b/criu/parasite-syscall.c
index 214a932..59bbf1f 100644
--- a/criu/parasite-syscall.c
+++ b/criu/parasite-syscall.c
@@ -1415,6 +1415,10 @@  struct parasite_ctl *parasite_infect_seized(pid_t
pid, struct pstree_item *item,
                ctl->r_thread_stack = ctl->remote_map + p;
        }
 
+       if (fault_injected(FI_PARASITE_START_DAEMON)) {
+               pr_err("\n");
+               goto err_restore;
+       }
        if (parasite_start_daemon(ctl, item))
                goto err_restore;

Comments

Kirill Tkhai May 23, 2016, 2:51 p.m.
On 21.05.2016 00:05, Andrew Vagin wrote:
> On Fri, May 20, 2016 at 03:39:38PM +0300, Kirill Tkhai wrote:
>> Hi,
>>
>> in case of parasite_start_daemon() fail, there is called:
>>
>> parasite_cure_seized()->parasite_cure_remote()->parasite_unmap()->parasite_run() and parasite_stop_on_syscall(),
>>
>> but the tracee is not infected at the moment, and it can't execute remote commands.
>>
>> So, criu fails to unmap memfd.
> 
> I can't understand what you are talking about.
> 
> How can I reproduce this bug?

Hm. Maybe it's not problem. I'll need to recheck again.
 
> I tried to add a new faul, but everything works as expected:
> 
> diff --git a/criu/include/fault-injection.h
> b/criu/include/fault-injection.h
> index f1e5c72..af721ab 100644
> --- a/criu/include/fault-injection.h
> +++ b/criu/include/fault-injection.h
> @@ -7,6 +7,7 @@ enum faults {
>         FI_DUMP_EARLY,
>         FI_RESTORE_ROOT_ONLY,
>         FI_DUMP_PAGES,
> +       FI_PARASITE_START_DAEMON,
>         /* not fatal */
>         FI_CHECK_OPEN_HANDLE = 128,
>         FI_NO_MEMFD = 129,
> diff --git a/criu/parasite-syscall.c b/criu/parasite-syscall.c
> index 214a932..59bbf1f 100644
> --- a/criu/parasite-syscall.c
> +++ b/criu/parasite-syscall.c
> @@ -1415,6 +1415,10 @@ struct parasite_ctl *parasite_infect_seized(pid_t
> pid, struct pstree_item *item,
>                 ctl->r_thread_stack = ctl->remote_map + p;
>         }
>  
> +       if (fault_injected(FI_PARASITE_START_DAEMON)) {
> +               pr_err("\n");
> +               goto err_restore;
> +       }
>         if (parasite_start_daemon(ctl, item))
>                 goto err_restore;
> 
> [root@fc22-vm criu]# python test/zdtm.py run -t zdtm/static/env00 --fault 4 -k always --sbs -f h
> === Run 1/1 ================
> 
> ========================== Run zdtm/static/env00 in h ==========================
> tart test
> ./env00 --pidfile=env00.pid --outfile=env00.out --envname=ENV_00_TEST
> Pause at pre-dump. Press any key to continue.
> Run criu dump
> Forcing 4 fault
> =[log]=> dump/zdtm/static/env00/24/1/dump.log
> ------------------------ grep Error ------------------------
> (00.018147) Error (parasite-syscall.c:1419): 
> (00.018290) Error (cr-dump.c:1228): Can't infect (pid: 24) with parasite
> (00.018711) Error (cr-dump.c:1600): Dumping FAILED.
> ------------------------ ERROR OVER ------------------------
> Pause at pre-restore. Press any key to continue.
> Run criu restore
> Forcing 4 fault
> =[log]=> dump/zdtm/static/env00/24/1/restore.log
> Pause at post-restore. Press any key to continue.
> Wait for zdtm/static/env00 to die for 0.100000
> ========================= Test zdtm/static/env00 PASS ==========================
> 
> [root@fc22-vm ~]# perf trace -fp 14650
>      0.000 ( 0.000 ms):  ... [continued]: futex()) = -1 (null) Unknown error 512
>      7.641 ( 0.053 ms): memfd_create(__syscall_nr: 4194312                                    ) = 3
>     10.097 ( 0.045 ms): mmap(addr: 55872, len: EXEC|READ|WRITE, prot: SHARED, flags: 3</memfd:CRIUMFD (deleted)>, off: 42949672960) = 0x7f693db2d000
>     11.750 ( 0.013 ms): close(__syscall_nr: 3</memfd:CRIUMFD (deleted)>                       ) = 0
>     13.455 ( 0.034 ms): munmap(__syscall_nr: 0x7f693db2d000, addr: 57344, len: 4              ) = 0
> 
>>
>> Kirill
>> _______________________________________________
>> CRIU mailing list
>> CRIU@openvz.org
>> https://lists.openvz.org/mailman/listinfo/criu