From: Oren Laadan <orenl@cs.columbia.edu>
To: Bastian Blank <bastian@waldi.eu.org>,
Oren Laadan <orenl@cs.columbia.edu>,
dave@linux.vnet.ibm.com, containers@lists.linux-foundation.org,
jeremy@goop.org, linux-kernel@vger.kernel.org, arnd@arndb.de
Subject: Re: [RFC v5][PATCH 8/8] Dump open file descriptors
Date: Sun, 14 Sep 2008 11:40:25 -0400 [thread overview]
Message-ID: <48CD3069.7080200@cs.columbia.edu> (raw)
In-Reply-To: <20080914095106.GA6300@wavehammer.waldi.eu.org>
Bastian Blank wrote:
> On Sat, Sep 13, 2008 at 07:06:06PM -0400, Oren Laadan wrote:
>> +int cr_scan_fds(struct files_struct *files, int **fdtable)
>> +{
>> + struct fdtable *fdt;
>> + int *fds;
>> + int i, n, tot;
>> +
>> + n = 0;
>> + tot = CR_DEFAULT_FDTABLE;
>
> Why not?
> | int i;
> | int n = 0;
> | int tot = CR_DEFAULT_FDTABLE;
>
> IHMO easier readable.
Ok.
>
>> + spin_lock(&files->file_lock);
>> + fdt = files_fdtable(files);
>> + for (i = 0; i < fdt->max_fds; i++) {
>
> The process is suspended at this state?
Yes, the assumption is that the process is frozen (or that we checkpoint
ourselves).
With this assumption, it is possible to (a) leave out RCU locking, and also
(b) continue after the krealloc() from where we left off. Also, it means that
(c) the contents of our 'fds' array remain valid by the time the caller makes
use of it.
This certainly deserves a comment in the code, will add.
If the assumption doesn't hold, then I'll have to add the RCU locking. Cases
(b) and (c) are already safe because the caller(s) use fcheck_files() to
access the file-descriptors collected in the array.
While in my mind a task should never be unfrozen while being checkpointed, in
reality future code may allow it e.g. if a OOM kicks in a kills it. So I tend
to add the RCU lock for safety. It can always be optimized out later.
>
>> + if (n == tot) {
>> + /*
>> + * fcheck_files() is safe with drop/re-acquire
>> + * of the lock, because it tests: fd < max_fds
>> + */
>> + spin_unlock(&files->file_lock);
>> + tot *= 2;
>> + if (tot < 0) { /* overflow ? */
>
> _NO_. tot is signed, this does not have documented overflow behaviour.
> You need to restrict this to a sane number.
Ok. (btw, krealloc() will fail much earlier anyway).
>
>> + kfree(fds);
>> + return -EMFILE;
>> + }
>> + fds = krealloc(fds, tot * sizeof(*fds), GFP_KERNEL);
>> + if (!fds)
>
> krealloc does not free the memory on error, so this is a leak.
Ok.
Thanks,
Oren.
next prev parent reply other threads:[~2008-09-14 15:45 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-13 23:05 [RFC v5][PATCH 0/9] Kernel based checkpoint/restart Oren Laadan
2008-09-13 23:05 ` [RFC v5][PATCH 1/8] Create syscalls: sys_checkpoint, sys_restart Oren Laadan
2008-09-15 20:28 ` Serge E. Hallyn
2008-09-13 23:06 ` [RFC v5][PATCH 2/8] General infrastructure for checkpoint restart Oren Laadan
2008-09-15 17:54 ` Dave Hansen
2008-09-15 17:59 ` Dave Hansen
2008-09-15 18:00 ` Dave Hansen
2008-09-15 18:02 ` Dave Hansen
2008-09-15 18:52 ` Oren Laadan
2008-09-15 19:13 ` Dave Hansen
2008-09-16 12:27 ` Bastian Blank
2008-09-15 21:15 ` Serge E. Hallyn
2008-09-13 23:06 ` [RFC v5][PATCH 3/8] x86 support for checkpoint/restart Oren Laadan
2008-09-15 21:31 ` Serge E. Hallyn
2008-09-13 23:06 ` [RFC v5][PATCH 4/8] Dump memory address space Oren Laadan
2008-09-17 6:48 ` MinChan Kim
2008-09-13 23:06 ` [RFC v5][PATCH 5/8] Restore " Oren Laadan
2008-09-15 19:14 ` Dave Hansen
2008-09-13 23:06 ` [RFC v5][PATCH 6/8] Checkpoint/restart: initial documentation Oren Laadan
2008-09-15 20:26 ` Serge E. Hallyn
2008-09-17 6:23 ` MinChan Kim
2008-09-13 23:06 ` [RFC v5][PATCH 7/8] Infrastructure for shared objects Oren Laadan
2008-09-16 16:48 ` Dave Hansen
2008-09-17 7:31 ` MinChan Kim
2008-09-16 20:54 ` Serge E. Hallyn
2008-09-16 21:36 ` Oren Laadan
2008-09-16 22:09 ` Serge E. Hallyn
2008-09-13 23:06 ` [RFC v5][PATCH 8/8] Dump open file descriptors Oren Laadan
2008-09-14 9:51 ` Bastian Blank
2008-09-14 15:40 ` Oren Laadan [this message]
2008-09-16 23:03 ` Serge E. Hallyn
2008-09-22 15:31 ` Dave Hansen
2008-09-16 15:54 ` Dave Hansen
2008-09-16 16:55 ` Dave Hansen
2008-09-13 23:06 ` [RFC v5][PATCH 9/9] Restore open file descriprtors Oren Laadan
2008-09-16 23:08 ` Serge E. Hallyn
2008-09-17 0:11 ` Oren Laadan
2008-09-17 4:56 ` Serge E. Hallyn
2008-09-22 16:02 ` Dave Hansen
2008-09-13 23:22 ` Oren Laadan
2008-09-17 14:16 ` [RFC v5][PATCH 0/9] Kernel based checkpoint/restart Serge E. Hallyn
2008-10-08 9:59 ` Oren Laadan
2008-09-24 21:42 ` Serge E. Hallyn
2008-09-25 12:58 ` Cedric Le Goater
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48CD3069.7080200@cs.columbia.edu \
--to=orenl@cs.columbia.edu \
--cc=arnd@arndb.de \
--cc=bastian@waldi.eu.org \
--cc=containers@lists.linux-foundation.org \
--cc=dave@linux.vnet.ibm.com \
--cc=jeremy@goop.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox