Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cilium-cni: Fix error handling for bad netns #14645

Merged
merged 1 commit into from Jan 19, 2021
Merged

cilium-cni: Fix error handling for bad netns #14645

merged 1 commit into from Jan 19, 2021

Conversation

joestringer
Copy link
Member

@joestringer joestringer commented Jan 18, 2021
edited

If kubelet gives cilium-cni bad input (no netns), the error here would
not be returned properly to the caller, which could result in a segfault:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x14e0c8b]
goroutine 1 [running, locked to thread]:
main.cmdAdd(0xc00015a000, 0xc0004d60e8, 0x5)
        /go/src/github.com/cilium/cilium/plugins/cilium-cni/cilium-cni.go:354 +0x5cb
github.com/containernetworking/cni/pkg/skel.(*dispatcher).checkVersionAndCall(0xc0005e5d40, 0xc00015a000, 0x1a42f20, 0xc0004de000, 0x18d07c0, 0x0, 0x44a1ef)
        /go/src/github.com/cilium/cilium/vendor/github.com/containernetworking/cni/pkg/skel/skel.go:185 +0x258
github.com/containernetworking/cni/pkg/skel.(*dispatcher).pluginMain(0xc0005e5d40, 0x18d07c0, 0x0, 0x18d07c8, 0x1a42f20, 0xc0004de000, 0xc000174000, 0x5d, 0xc000174000)
        /go/src/github.com/cilium/cilium/vendor/github.com/containernetworking/cni/pkg/skel/skel.go:221 +0x546
github.com/containernetworking/cni/pkg/skel.PluginMainWithError(...)
        /go/src/github.com/cilium/cilium/vendor/github.com/containernetworking/cni/pkg/skel/skel.go:286
github.com/containernetworking/cni/pkg/skel.PluginMain(0x18d07c0, 0x0, 0x18d07c8, 0x1a42f20, 0xc0004de000, 0xc000174000, 0x5d)
        /go/src/github.com/cilium/cilium/vendor/github.com/containernetworking/cni/pkg/skel/skel.go:301 +0x128
main.main()
        /go/src/github.com/cilium/cilium/plugins/cilium-cni/cilium-cni.go:85 +0x33c

The above logs would typically be pushed to kubelet logs.

Related: #11430

@joestringer
cilium-cni: Fix error handling for bad netns
4915ba9 
If kubelet gives cilium-cni bad input (no netns), the error here would
not be returned properly to the caller, which could result in a segfault:

    panic: runtime error: invalid memory address or nil pointer dereference
    [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x14e0c8b]
    goroutine 1 [running, locked to thread]:
    main.cmdAdd(0xc00015a000, 0xc0004d60e8, 0x5)
            /go/src/github.com/cilium/cilium/plugins/cilium-cni/cilium-cni.go:354 +0x5cb
    github.com/containernetworking/cni/pkg/skel.(*dispatcher).checkVersionAndCall(0xc0005e5d40, 0xc00015a000, 0x1a42f20, 0xc0004de000, 0x18d07c0, 0x0, 0x44a1ef)
            /go/src/github.com/cilium/cilium/vendor/github.com/containernetworking/cni/pkg/skel/skel.go:185 +0x258
    github.com/containernetworking/cni/pkg/skel.(*dispatcher).pluginMain(0xc0005e5d40, 0x18d07c0, 0x0, 0x18d07c8, 0x1a42f20, 0xc0004de000, 0xc000174000, 0x5d, 0xc000174000)
            /go/src/github.com/cilium/cilium/vendor/github.com/containernetworking/cni/pkg/skel/skel.go:221 +0x546
    github.com/containernetworking/cni/pkg/skel.PluginMainWithError(...)
            /go/src/github.com/cilium/cilium/vendor/github.com/containernetworking/cni/pkg/skel/skel.go:286
    github.com/containernetworking/cni/pkg/skel.PluginMain(0x18d07c0, 0x0, 0x18d07c8, 0x1a42f20, 0xc0004de000, 0xc000174000, 0x5d)
            /go/src/github.com/cilium/cilium/vendor/github.com/containernetworking/cni/pkg/skel/skel.go:301 +0x128
    main.main()
            /go/src/github.com/cilium/cilium/plugins/cilium-cni/cilium-cni.go:85 +0x33c

The above logs would typically be pushed to kubelet logs.

Signed-off-by: Joe Stringer <joe@cilium.io>
@joestringer joestringer requested a review from a team January 18, 2021 21:41
@joestringer joestringer added area/cni Impacts the Container Networking Interface between Cilium and the orchestrator. needs-backport/1.7 release-note/bug This PR fixes an issue in a previous release of Cilium. labels Jan 18, 2021
@joestringer joestringer requested a review from aanm January 18, 2021 21:41
@maintainer-s-little-helper maintainer-s-little-helper bot added dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. and removed dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Jan 18, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot added this to In progress in 1.10.0 Jan 18, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.7.13 Jan 18, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.8.7 Jan 18, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.9.2 Jan 18, 2021
@joestringer
Copy link
Member Author

test-me-please

@aanm aanm removed their assignment Jan 18, 2021
christarazi
christarazi approved these changes Jan 19, 2021
View reviewed changes
Copy link
Member

@christarazi christarazi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sneaky one

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jan 19, 2021
@rolinh rolinh merged commit 6e3ca8f into cilium:master Jan 19, 2021
This was referenced Jan 19, 2021
Closed
Merged
@joestringer joestringer deleted the submit/fix-netns-validation branch January 19, 2021 18:08
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.8 in 1.8.7 Jan 20, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.8 in 1.8.7 Jan 20, 2021
@joestringer joestringer mentioned this pull request Jan 20, 2021
Merged
@aanm aanm added this to Needs backport from master in 1.9.3 Jan 20, 2021
@aanm aanm removed this from Needs backport from master in 1.9.2 Jan 20, 2021
This was referenced Jan 20, 2021
Closed
Merged
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.7 in 1.7.13 Jan 20, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.7 to Backport done to v1.7 in 1.7.13 Jan 21, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.7 to Backport done to v1.7 in 1.7.13 Jan 21, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.8 to Backport done to v1.8 in 1.8.7 Jan 21, 2021
@aanm aanm added this to Needs backport from master in 1.9.4 Jan 22, 2021
@aanm aanm removed this from Needs backport from master in 1.9.3 Jan 22, 2021
This was referenced Jan 27, 2021
Merged
Merged
@christarazi christarazi moved this from Needs backport from master to Backport done to v1.9 in 1.9.4 Feb 3, 2021
@christarazi christarazi mentioned this pull request Feb 3, 2021
Merged
@joestringer joestringer mentioned this pull request Feb 8, 2021
Merged
@joestringer joestringer mentioned this pull request Feb 17, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@christarazi christarazi christarazi approved these changes

@aanm aanm aanm approved these changes

Assignees
No one assigned
Labels
area/cni Impacts the Container Networking Interface between Cilium and the orchestrator. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium.
Projects
No open projects
1.10.0
Done
1.7.13
Backport done to v1.7
1.8.7
Backport done to v1.8
1.9.4
Backport done to v1.9
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@joestringer @christarazi @aanm @rolinh @vadorovsky