[PATCH 1/1] cr: uts: don't deref h after freeing

[PATCH 1/1] cr: uts: don't deref h after freeing

[Serge E. Hallyn]

Don't pass h->xyz_len etc as lengths after freeing h!  Send
the result of sizeof(name->xyz) directly.

Changelog: Jun 23: resend with new description which accurately
	describes what is being fixed (figured out by Nathan Lynch).

Signed-off-by: Serge E. Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
---
 checkpoint/namespace.c |   12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/checkpoint/namespace.c b/checkpoint/namespace.c
index 5726acb..8206aee 100644
--- a/checkpoint/namespace.c
+++ b/checkpoint/namespace.c
@@ -46,22 +46,22 @@ static int do_checkpoint_uts_ns(struct ckpt_ctx *ctx,
 		return ret;
 
 	down_read(&uts_sem);
-	ret = ckpt_write_string(ctx, name->sysname, h->sysname_len);
+	ret = ckpt_write_string(ctx, name->sysname, sizeof(name->sysname));
 	if (ret < 0)
 		goto up;
-	ret = ckpt_write_string(ctx, name->nodename, h->nodename_len);
+	ret = ckpt_write_string(ctx, name->nodename, sizeof(name->nodename));
 	if (ret < 0)
 		goto up;
-	ret = ckpt_write_string(ctx, name->release, h->release_len);
+	ret = ckpt_write_string(ctx, name->release, sizeof(name->release));
 	if (ret < 0)
 		goto up;
-	ret = ckpt_write_string(ctx, name->version, h->version_len);
+	ret = ckpt_write_string(ctx, name->version, sizeof(name->version));
 	if (ret < 0)
 		goto up;
-	ret = ckpt_write_string(ctx, name->machine, h->machine_len);
+	ret = ckpt_write_string(ctx, name->machine, sizeof(name->machine));
 	if (ret < 0)
 		goto up;
-	ret = ckpt_write_string(ctx, name->domainname, h->domainname_len);
+	ret = ckpt_write_string(ctx, name->domainname, sizeof(name->domainname));
  up:
 	up_read(&uts_sem);
 	return ret;
-- 
1.6.1

Re: [PATCH 1/1] cr: uts: don't deref h after freeing

[Oren Laadan]

I actually fixed it differently:  I observed that the kernel
constants in question need only be saved once for the entire
checkpoint, rather than per object in which they are used.

So I added a sub-header "ckpt_hdr_constants" to the header that
is filled at checkpoint. Once these values are confirmed at
restart, the remaining code can safely use the kernel constants
directly.

This is fixed in the latest ckpt-v16-dev.

Oren.

Serge E. Hallyn wrote:
> Don't pass h->xyz_len etc as lengths after freeing h!  Send
> the result of sizeof(name->xyz) directly.
> 
> Changelog: Jun 23: resend with new description which accurately
> 	describes what is being fixed (figured out by Nathan Lynch).
> 
> Signed-off-by: Serge E. Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
> ---
>  checkpoint/namespace.c |   12 ++++++------
>  1 files changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/checkpoint/namespace.c b/checkpoint/namespace.c
> index 5726acb..8206aee 100644
> --- a/checkpoint/namespace.c
> +++ b/checkpoint/namespace.c
> @@ -46,22 +46,22 @@ static int do_checkpoint_uts_ns(struct ckpt_ctx *ctx,
>  		return ret;
>  
>  	down_read(&uts_sem);
> -	ret = ckpt_write_string(ctx, name->sysname, h->sysname_len);
> +	ret = ckpt_write_string(ctx, name->sysname, sizeof(name->sysname));
>  	if (ret < 0)
>  		goto up;
> -	ret = ckpt_write_string(ctx, name->nodename, h->nodename_len);
> +	ret = ckpt_write_string(ctx, name->nodename, sizeof(name->nodename));
>  	if (ret < 0)
>  		goto up;
> -	ret = ckpt_write_string(ctx, name->release, h->release_len);
> +	ret = ckpt_write_string(ctx, name->release, sizeof(name->release));
>  	if (ret < 0)
>  		goto up;
> -	ret = ckpt_write_string(ctx, name->version, h->version_len);
> +	ret = ckpt_write_string(ctx, name->version, sizeof(name->version));
>  	if (ret < 0)
>  		goto up;
> -	ret = ckpt_write_string(ctx, name->machine, h->machine_len);
> +	ret = ckpt_write_string(ctx, name->machine, sizeof(name->machine));
>  	if (ret < 0)
>  		goto up;
> -	ret = ckpt_write_string(ctx, name->domainname, h->domainname_len);
> +	ret = ckpt_write_string(ctx, name->domainname, sizeof(name->domainname));
>   up:
>  	up_read(&uts_sem);
>  	return ret;