Re: Patch for proc w/ no supplementary groups

From: mukti jain (muktijn_at_gmail_dot_com)
Date: Wed Aug 13 2008 - 02:59:12 PDT

  • Next message: Paul H. Hargrove: "Re: Patch for proc w/ no supplementary groups"
    I checked on i386 and arm,
    getgroups  when run by a user(included  in one group only) returns  zero
    supplementary groups on arm and 1 on i386.
    in the manpage of getgroups it is said that
    "It is unspecified whether the effective group ID of the calling process is
    included in the returned list."
    
    Can someone throw more light on this?
    
    On Wed, Aug 13, 2008 at 2:27 PM, mukti jain <muktijn_at_gmail_dot_com> wrote:
    
    > We have not seen the issue on x86 with the same application,
    > why is this problem arm specific?
    >
    >>
    >> On Tue, Aug 12, 2008 at 12:04 AM, Paul H. Hargrove <PHHargrove_at_lbl_dot_gov>wrote:
    >>
    >>> It seems the ENOMEM problem reported by Manish Dwivedi recently is due to
    >>> having zero supplementary group ids.  When BLCR goes to save the group ids,
    >>> this results in vmalloc(0) which rightly returns NULL.  BLCR, however,
    >>> interprets the NULL return as an out of memory condition.  Mukti Jain has
    >>> observed that the same exists on the corresponding restore path.
    >>>
    >>> Attached is a patch that should resolve these problems (works in my
    >>> limited testing).
    >>>
    >>> I had planned to release 0.7.3 today, but will probably delay that until
    >>> I've gotten confirmation from Manish and/or Mukti that this patch solves the
    >>> problem, or until somebody finds a problem with this patch.
    >>>
    >>> -Paul
    >>>
    >>> --
    >>> Paul H. Hargrove                          PHHargrove_at_lbl_dot_gov
    >>> Future Technologies Group
    >>> HPC Research Department                   Tel: +1-510-495-2352
    >>> Lawrence Berkeley National Laboratory     Fax: +1-510-486-6900
    >>>
    >>> Index: cr_module/cr_dump_self.c
    >>> ===================================================================
    >>> RCS file: /var/local/cvs/lbnl_cr/cr_module/cr_dump_self.c,v
    >>> retrieving revision 1.202.2.5
    >>> diff -u -r1.202.2.5 cr_dump_self.c
    >>> --- cr_module/cr_dump_self.c    26 Jun 2008 00:05:42 -0000
    >>> 1.202.2.5
    >>> +++ cr_module/cr_dump_self.c    11 Aug 2008 18:22:40 -0000
    >>> @@ -819,7 +819,7 @@
    >>>         }
    >>>
    >>>  #if HAVE_TASK_GROUP_INFO
    >>> -        {
    >>> +        if (sizeof_groups != 0) {
    >>>             /* copy current->groups into an array and write it out */
    >>>             int i;
    >>>             gid_t *groups;
    >>> Index: cr_module/cr_rstrt_req.c
    >>> ===================================================================
    >>> RCS file: /var/local/cvs/lbnl_cr/cr_module/cr_rstrt_req.c,v
    >>> retrieving revision 1.292.2.8
    >>> diff -u -r1.292.2.8 cr_rstrt_req.c
    >>> --- cr_module/cr_rstrt_req.c    5 Aug 2008 00:39:59 -0000       1.292.2.8
    >>> +++ cr_module/cr_rstrt_req.c    11 Aug 2008 18:22:40 -0000
    >>> @@ -144,8 +144,7 @@
    >>>  {
    >>>     struct cr_context_creds cf_creds;
    >>>     int retval;
    >>> -    gid_t *groups;
    >>> -    size_t sizeof_groups;
    >>> +    gid_t *groups = NULL;
    >>>
    >>>     retval = cr_kread(proc_req->file, &cf_creds, sizeof(cf_creds));
    >>>     if (retval < sizeof(cf_creds)) {
    >>> @@ -162,20 +161,21 @@
    >>>        CR_ERR("Invalid supplemental group count (%d)",
    >>> (int)cf_creds.ngroups);
    >>>        retval = -EINVAL;
    >>>        goto out;
    >>> -    }
    >>> +    } else if (cf_creds.ngroups) {
    >>> +       size_t sizeof_groups = cf_creds.ngroups*sizeof(gid_t);
    >>> +       groups = vmalloc(sizeof_groups);
    >>> +       retval = -ENOMEM;
    >>> +       if (groups == NULL) {
    >>> +           goto out;
    >>> +       }
    >>>
    >>> -    sizeof_groups = cf_creds.ngroups*sizeof(gid_t);
    >>> -    groups = vmalloc(sizeof_groups);
    >>> -    retval = -ENOMEM;
    >>> -    if (groups == NULL) {
    >>> -       goto out;
    >>> +       retval = cr_kread(proc_req->file, groups, sizeof_groups);
    >>> +       if (retval < sizeof_groups) {
    >>> +           CR_ERR("groups: read returned %d", retval);
    >>> +            goto out_vfree;
    >>> +       }
    >>>     }
    >>>
    >>> -    retval = cr_kread(proc_req->file, groups, sizeof_groups);
    >>> -    if (retval < sizeof_groups) {
    >>> -       CR_ERR("groups: read returned %d", retval);
    >>> -        goto out_vfree;
    >>> -    }
    >>>
    >>>  #if CR_RESTORE_IDS
    >>>     {
    >>>
    >>>
    >>
    >
    

  • Next message: Paul H. Hargrove: "Re: Patch for proc w/ no supplementary groups"