Re: [C/R PATCH] reject checkpoint of fd subject to F_SETSIG

[Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>]

Quoting Nathan Lynch (ntl-e+AXbWqSrlAAvxtiuMwx3w@public.gmane.org):
> Similar to our handling of fds that have been subject to F_SETOWN,
> detect when an fd has had its f_owner->signum changed from the
> default.
> 
> Signed-off-by: Nathan Lynch <ntl-e+AXbWqSrlAAvxtiuMwx3w@public.gmane.org>

Hey Nathan,

Can you give more motivation for this?  Do you just feel that it
isn't worth the risk of mis-coding the check at restart?

For safety check, what about forcing such a task to be restarted
in a private pidns?

I'm not nacking it, don't mind it going in temporarily, but this
commit message makes it sound like using F_SETSIG is an application
error.

thanks,
-serge

> ---
>  fs/checkpoint.c |    8 ++++++++
>  1 files changed, 8 insertions(+), 0 deletions(-)
> 
> diff --git a/fs/checkpoint.c b/fs/checkpoint.c
> index fd539c5..bf4d2d4 100644
> --- a/fs/checkpoint.c
> +++ b/fs/checkpoint.c
> @@ -265,6 +265,7 @@ static int checkpoint_file_desc(struct ckpt_ctx *ctx,
>  	struct file *file = NULL;
>  	struct fdtable *fdt;
>  	int objref, ret;
> +	int signum;
>  	int coe = 0;	/* avoid gcc warning */
>  	pid_t pid;
>  
> @@ -311,6 +312,13 @@ static int checkpoint_file_desc(struct ckpt_ctx *ctx,
>  		goto out;
>  	}
>  
> +	signum = ACCESS_ONCE(file->f_owner.signum);
> +	if (signum != 0) {
> +		ret = -EBUSY;
> +		ckpt_err(ctx, ret, "%(T)fd %d has a signal set (%d)\n", fd, signum);
> +		goto out;
> +	}
> +
>  	/*
>  	 * if seen first time, this will add 'file' to the objhash, keep
>  	 * a reference to it, dump its state while at it.
> -- 
> 1.7.4.4
> 
> _______________________________________________
> Containers mailing list
> Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
> https://lists.linux-foundation.org/mailman/listinfo/containers