From: Cyrill Gorcunov <gorcunov@gmail.com> To: tml <tarantool-patches@dev.tarantool.org> Subject: [Tarantool-patches] [PATCH v3 2/4] fiber: leak stack if we unable to revert guard page Date: Tue, 4 Feb 2020 17:31:45 +0300 [thread overview] Message-ID: <20200204143147.20791-3-gorcunov@gmail.com> (raw) In-Reply-To: <20200204143147.20791-1-gorcunov@gmail.com> At the moment we setup fiber's stack with a guard page which is used to detect stack overrun. This page is just a regular page taken from a slab with PROT_NONE attribute. Once fiber is no longer needed we try to revert this attribute back to PROT_READ | PROT_WRITE. Still there is a small chance (well, pretty small I would say) that this attempt get failed. Thus in such case we should not allow to reuse such memory area (because slab engine expects the memory it handles is solid in terms of permissions). IOW, lets explicitly leak such memory with error message, it is a bit better than panic and gives administrator a chance to gracefully restart tarantool instance or relax memory pressue somehow one the node. I put FIXME into the code since I think we could implement some more intelligent handling and collect such corrupted slabs into a list and retry to restore permissions in background. Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> --- src/lib/core/fiber.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/lib/core/fiber.c b/src/lib/core/fiber.c index b51f46f2f..d6ff481a5 100644 --- a/src/lib/core/fiber.c +++ b/src/lib/core/fiber.c @@ -1041,15 +1041,21 @@ fiber_stack_destroy(struct fiber *fiber, struct slab_cache *slabc) * to setup the original protection back in * background. * + * For now lets keep such slab referenced and + * leaked: if mprotect failed we must not allow + * to reuse such slab with PROT_NONE'ed page + * somewhere inside. + * * Note that in case if we're called from * fiber_stack_create() the @mprotect_flags is * the same as the slab been created with, so * calling mprotect for VMA with same flags * won't fail. */ - diag_log(); - } - slab_put(slabc, fiber->stack_slab); + say_syserror("fiber: Can't put guard page to slab. " + "Leak %zu bytes", (size_t)fiber->stack_size); + } else + slab_put(slabc, fiber->stack_slab); } } -- 2.20.1
next prev parent reply other threads:[~2020-02-04 14:32 UTC|newest] Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-02-04 14:31 [Tarantool-patches] [PATCH v3 0/4] fiber: Handle stack madvise/mprotect errors Cyrill Gorcunov 2020-02-04 14:31 ` [Tarantool-patches] [PATCH v3 1/4] fiber: use diag_ logger in fiber_madvise/mprotect failures Cyrill Gorcunov 2020-02-04 14:31 ` Cyrill Gorcunov [this message] 2020-02-04 14:31 ` [Tarantool-patches] [PATCH v3 3/4] errinj: add ERRINJ_FIBER_MADVISE and ERRINJ_FIBER_MPROTECT Cyrill Gorcunov 2020-02-04 14:31 ` [Tarantool-patches] [PATCH v3 4/4] test: unit/fiber -- add madvise, mprotect tests Cyrill Gorcunov 2020-02-04 14:37 ` Cyrill Gorcunov 2020-02-04 15:43 ` [Tarantool-patches] [PATCH v4 " Cyrill Gorcunov
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200204143147.20791-3-gorcunov@gmail.com \ --to=gorcunov@gmail.com \ --cc=tarantool-patches@dev.tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH v3 2/4] fiber: leak stack if we unable to revert guard page' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox