ctx->pipe_child bug ?

Oren Laadan orenl at cs.columbia.edu
Sat Jan 22 10:28:22 PST 2011



On 01/21/2011 02:39 AM, Sukadev Bhattiprolu wrote:
> Oren,
> 
> 
> In usercr commit 0dd3f9dacc0a08f5fb562e385a4e4244f453b41c we have the following
> diff:
> 
> @@ -1868,10 +1902,16 @@ static int ckpt_fork_feeder(struct ckpt_ctx *ctx)
>         close(ctx->pipe_child[0]);
>         ctx->pipe_out = ctx->pipe_child[1];
> 
> +       ctx->pipe_child[0] = -1;  /* mark unused */
> +       ctx->pipe_child[1] = -1;  /* mark unused */
> 
> ---
> 
> ckpt_fork_feeder() creates the ->pipe_child[] pipe and clones the fork_feeder.
> ckpt_do_feeder() does the following:
> 
> 
>         /* children pipe */
>         close(ctx->pipe_child[1]);
>         ctx->pipe_in = ctx->pipe_child[0];
> 
>         /* feeder pipe */
>         close(ctx->pipe_feed[0]);
> 
> But if the fork_feeder process runs after the parent marks the fds unused, the
> fork feeder would end up with a -1 in ctx->pipe_in right ?
> 
> The two threads don't share the fds but they do share the same VM and hence
> changes to 'ctx' in one process is visible in the other right ?

Good catch. I'll fix that, thanks.

Oren.


More information about the Containers mailing list