From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf1-f65.google.com (mail-lf1-f65.google.com [209.85.167.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 17E2A4696C3 for ; Tue, 4 Feb 2020 17:32:13 +0300 (MSK) Received: by mail-lf1-f65.google.com with SMTP id b15so12358686lfc.4 for ; Tue, 04 Feb 2020 06:32:13 -0800 (PST) From: Cyrill Gorcunov Date: Tue, 4 Feb 2020 17:31:45 +0300 Message-Id: <20200204143147.20791-3-gorcunov@gmail.com> In-Reply-To: <20200204143147.20791-1-gorcunov@gmail.com> References: <20200204143147.20791-1-gorcunov@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [Tarantool-patches] [PATCH v3 2/4] fiber: leak stack if we unable to revert guard page List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: tml At the moment we setup fiber's stack with a guard page which is used to detect stack overrun. This page is just a regular page taken from a slab with PROT_NONE attribute. Once fiber is no longer needed we try to revert this attribute back to PROT_READ | PROT_WRITE. Still there is a small chance (well, pretty small I would say) that this attempt get failed. Thus in such case we should not allow to reuse such memory area (because slab engine expects the memory it handles is solid in terms of permissions). IOW, lets explicitly leak such memory with error message, it is a bit better than panic and gives administrator a chance to gracefully restart tarantool instance or relax memory pressue somehow one the node. I put FIXME into the code since I think we could implement some more intelligent handling and collect such corrupted slabs into a list and retry to restore permissions in background. Signed-off-by: Cyrill Gorcunov --- src/lib/core/fiber.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/lib/core/fiber.c b/src/lib/core/fiber.c index b51f46f2f..d6ff481a5 100644 --- a/src/lib/core/fiber.c +++ b/src/lib/core/fiber.c @@ -1041,15 +1041,21 @@ fiber_stack_destroy(struct fiber *fiber, struct slab_cache *slabc) * to setup the original protection back in * background. * + * For now lets keep such slab referenced and + * leaked: if mprotect failed we must not allow + * to reuse such slab with PROT_NONE'ed page + * somewhere inside. + * * Note that in case if we're called from * fiber_stack_create() the @mprotect_flags is * the same as the slab been created with, so * calling mprotect for VMA with same flags * won't fail. */ - diag_log(); - } - slab_put(slabc, fiber->stack_slab); + say_syserror("fiber: Can't put guard page to slab. " + "Leak %zu bytes", (size_t)fiber->stack_size); + } else + slab_put(slabc, fiber->stack_slab); } } -- 2.20.1