From: Cyrill Gorcunov <gorcunov@gmail.com>
To: tml <tarantool-patches@dev.tarantool.org>
Subject: [Tarantool-patches] [PATCH v3 2/4] fiber: leak stack if we unable to revert guard page
Date: Tue, 4 Feb 2020 17:31:45 +0300 [thread overview]
Message-ID: <20200204143147.20791-3-gorcunov@gmail.com> (raw)
In-Reply-To: <20200204143147.20791-1-gorcunov@gmail.com>
At the moment we setup fiber's stack with a guard page
which is used to detect stack overrun. This page is just
a regular page taken from a slab with PROT_NONE attribute.
Once fiber is no longer needed we try to revert this
attribute back to PROT_READ | PROT_WRITE. Still there
is a small chance (well, pretty small I would say) that
this attempt get failed.
Thus in such case we should not allow to reuse such memory
area (because slab engine expects the memory it handles is
solid in terms of permissions). IOW, lets explicitly leak
such memory with error message, it is a bit better than
panic and gives administrator a chance to gracefully restart
tarantool instance or relax memory pressue somehow one the node.
I put FIXME into the code since I think we could implement
some more intelligent handling and collect such corrupted
slabs into a list and retry to restore permissions in background.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
---
src/lib/core/fiber.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/lib/core/fiber.c b/src/lib/core/fiber.c
index b51f46f2f..d6ff481a5 100644
--- a/src/lib/core/fiber.c
+++ b/src/lib/core/fiber.c
@@ -1041,15 +1041,21 @@ fiber_stack_destroy(struct fiber *fiber, struct slab_cache *slabc)
* to setup the original protection back in
* background.
*
+ * For now lets keep such slab referenced and
+ * leaked: if mprotect failed we must not allow
+ * to reuse such slab with PROT_NONE'ed page
+ * somewhere inside.
+ *
* Note that in case if we're called from
* fiber_stack_create() the @mprotect_flags is
* the same as the slab been created with, so
* calling mprotect for VMA with same flags
* won't fail.
*/
- diag_log();
- }
- slab_put(slabc, fiber->stack_slab);
+ say_syserror("fiber: Can't put guard page to slab. "
+ "Leak %zu bytes", (size_t)fiber->stack_size);
+ } else
+ slab_put(slabc, fiber->stack_slab);
}
}
--
2.20.1
next prev parent reply other threads:[~2020-02-04 14:32 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-04 14:31 [Tarantool-patches] [PATCH v3 0/4] fiber: Handle stack madvise/mprotect errors Cyrill Gorcunov
2020-02-04 14:31 ` [Tarantool-patches] [PATCH v3 1/4] fiber: use diag_ logger in fiber_madvise/mprotect failures Cyrill Gorcunov
2020-02-04 14:31 ` Cyrill Gorcunov [this message]
2020-02-04 14:31 ` [Tarantool-patches] [PATCH v3 3/4] errinj: add ERRINJ_FIBER_MADVISE and ERRINJ_FIBER_MPROTECT Cyrill Gorcunov
2020-02-04 14:31 ` [Tarantool-patches] [PATCH v3 4/4] test: unit/fiber -- add madvise, mprotect tests Cyrill Gorcunov
2020-02-04 14:37 ` Cyrill Gorcunov
2020-02-04 15:43 ` [Tarantool-patches] [PATCH v4 " Cyrill Gorcunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200204143147.20791-3-gorcunov@gmail.com \
--to=gorcunov@gmail.com \
--cc=tarantool-patches@dev.tarantool.org \
--subject='Re: [Tarantool-patches] [PATCH v3 2/4] fiber: leak stack if we unable to revert guard page' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox