From nobody Sun May 19 18:10:04 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1691160815; cv=none; d=zohomail.com; s=zohoarc; b=TNBUEI72EWvgKoVcn7K72HksZwzlR/Agr8GLJwUNlHFKJbCWbncvCMLuqeluDUW+JKMgVdxKNSQpS/9kemHQVUkAo/QkY+pA/4KzfwjZXtqJ/gqyPTuO0xDB6GszX+uTKbH+gOkd+G+Z4bJe8PA16heezdLAo51jay3jaR8vGvE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1691160815; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=KACbXBZI2iDeaZHtqeh09LNbMBuEdoCDo1Qo3vVohw4=; b=EMvNg4CkvXB2dA9UKL3CjgpC5KxfepGZ1F8hQUSuu+8SpzkJ2wTSPY9O8/JXBShPDTgsUoz7QnNDbVadvx6cYl6v/WXWXHQqqJ7cNUN5BmxHy5GfWyX41BzF0HYqRpjMGHwqKABa51mAhnoeXe2qJfZW2Ftja1R3FRuEO+XJUBI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1691160815763806.7171108132109; Fri, 4 Aug 2023 07:53:35 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-205-zfBwVjMGPZOS3lIJkX3dMA-1; Fri, 04 Aug 2023 10:53:30 -0400 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C76228022EF; Fri, 4 Aug 2023 14:53:28 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id DB40C492B03; Fri, 4 Aug 2023 14:53:26 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 40A58194658F; Fri, 4 Aug 2023 14:53:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id B25EE194658D for ; Fri, 4 Aug 2023 14:53:24 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 6906B492CA6; Fri, 4 Aug 2023 14:53:24 +0000 (UTC) Received: from localhost.localdomain (unknown [10.43.2.36]) by smtp.corp.redhat.com (Postfix) with ESMTP id 108A8492B03 for ; Fri, 4 Aug 2023 14:53:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1691160814; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=KACbXBZI2iDeaZHtqeh09LNbMBuEdoCDo1Qo3vVohw4=; b=NFRgfi+GRcwIyFIaw2+gNPw29yXnHwgWjmOZWGwdUhF1cQ0ff6DpNbhMzFAzfaWmhjP2kG 24Xze1RJ/n/b0tlGO1iVzxOl0UVEGX6RHMPKwFp5S/O1ZLeitGx25HEASoFVdchKPe19Q9 AqH2Ts4msbvGElRUwvST7BnOHh037xA= X-MC-Unique: zfBwVjMGPZOS3lIJkX3dMA-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH v2] lxc_container: Increase stack size for lxcContainerChild() Date: Fri, 4 Aug 2023 16:53:22 +0200 Message-ID: <3e4a9d0c0c23e9c9e787461e7a5f9447ac77ce37.1691160754.git.mprivozn@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1691160816541100001 Content-Type: text/plain; charset="utf-8"; x-default="true" When spawning a new container (via clone()) we allocate stack for lxcContainerChild(). So far, we allocate 4 pages for the stack and this used to be enough until we started rewriting everything to glib. With glib we switched to g_strerror() which localizes errno strings and thus increases stack usage, while the previously used strerror_r() was more compact. Fortunately, the solution is easy - just increase how much stack the child can use (16 pages ought to be enough for anybody). And while at it, lets use mmap() for allocation which offer some nice features: MAP_STACK - align allocation to be suitable for stack (even though, currently ignored on Linux), MAP_GROWSDOWN - kernel guards out of bounds access from child Resolves: https://gitlab.com/libvirt/libvirt/-/issues/511 Signed-off-by: Michal Privoznik Reviewed-by: Martin Kletzander --- This is a v2 of: https://listman.redhat.com/archives/libvir-list/2023-August/241127.html diff to v1: - switched from g_new0() to mmap() for additional security src/lxc/lxc_container.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 63cf283285..c215b83848 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -2132,9 +2133,10 @@ int lxcContainerStart(virDomainDef *def, { pid_t pid; int cflags; - int stacksize =3D getpagesize() * 4; - g_autofree char *stack =3D NULL; + int stacksize =3D getpagesize() * 16; + char *stack =3D NULL; char *stacktop; + int ret =3D -1; lxc_child_argv_t args =3D { .config =3D def, .securityDriver =3D securityDriver, @@ -2150,7 +2152,14 @@ int lxcContainerStart(virDomainDef *def, }; =20 /* allocate a stack for the container */ - stack =3D g_new0(char, stacksize); + stack =3D mmap(NULL, stacksize, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS | MAP_GROWSDOWN | MAP_STACK, + -1, 0); + if (stack =3D=3D MAP_FAILED) { + virReportSystemError(errno, "%s", + _("Unable to allocate stack")); + return -1; + } =20 stacktop =3D stack + stacksize; =20 @@ -2160,7 +2169,7 @@ int lxcContainerStart(virDomainDef *def, if (virProcessNamespaceAvailable(VIR_PROCESS_NAMESPACE_USER) < 0) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Kernel doesn't support user namespace")); - return -1; + goto cleanup; } VIR_DEBUG("Enable user namespace"); cflags |=3D CLONE_NEWUSER; @@ -2175,7 +2184,7 @@ int lxcContainerStart(virDomainDef *def, virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Config asks for inherit net namespace " "as well as private network interfaces")); - return -1; + goto cleanup; } VIR_DEBUG("Inheriting a net namespace"); } @@ -2199,10 +2208,16 @@ int lxcContainerStart(virDomainDef *def, if (pid < 0) { virReportSystemError(errno, "%s", _("Failed to run clone container")); - return -1; + goto cleanup; } =20 - return pid; + ret =3D pid; + cleanup: + if (munmap(stack, stacksize) < 0) { + VIR_WARN("Unable to munmap() stack: %s", g_strerror(errno)); + } + + return ret; } =20 int lxcContainerChown(virDomainDef *def, const char *path) --=20 2.41.0