-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix possible segmentation fault in namespace removal #3084
Fix possible segmentation fault in namespace removal #3084
Conversation
Before this patch, if the namespace is closed or not retrievable, then we still assign `nil` to it. In this case the interface checks for `nil` will not work any more on removal and will trigger a segmentation fault. This is now fixed by only touching pointers when necessary. Reproducible via: ```bash > sudo ./bin/crio & > sudo crictl runp test/testdata/sandbox_config.json > sudo pkill crio > sudo pkill conmon > sudo umount /run/crio/ns/*/* > sudo ./bin/crio & > sudo crictl rmp -fa panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x19840d9] goroutine 73 [running]: sync.(*Mutex).Lock(...) /usr/lib64/go/1.13/src/sync/mutex.go:74 github.com/cri-o/cri-o/internal/lib/sandbox.(*Namespace).Remove(0x0, 0x0, 0x0) /home/sascha/go/src/github.com/cri-o/cri-o/internal/lib/sandbox/namespaces_linux.go:167 +0x49 github.com/cri-o/cri-o/internal/lib/sandbox.(*Sandbox).RemoveManagedNamespaces(0xc0001956c0, 0xc0004a6d40, 0x40) /home/sascha/go/src/github.com/cri-o/cri-o/internal/lib/sandbox/namespaces.go:176 +0x84e github.com/cri-o/cri-o/server.(*Server).RemovePodSandbox(0xc0003f4d80, 0x2251c60, 0xc0006a8000, 0xc00053b0e0, 0xc0003f4d80, 0x1, 0x1) /home/sascha/go/src/github.com/cri-o/cri-o/server/sandbox_remove.go:99 +0x1445 ``` Signed-off-by: Sascha Grunert <sgrunert@suse.com>
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: giuseppe, saschagrunert The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
1 similar comment
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: giuseppe, saschagrunert The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm |
/cherrypick release-1.17 |
@saschagrunert: failed to push cherry-picked changes in GitHub: pushing failed, output: "To https://github.com/openshift-cherrypick-robot/cri-o\n ! [remote rejected] cherry-pick-3084-to-release-1.17 -> cherry-pick-3084-to-release-1.17 (cannot lock ref 'refs/heads/cherry-pick-3084-to-release-1.17': reference already exists)\nerror: failed to push some refs to 'https://openshift-cherrypick-robot:CENSORED@github.com/openshift-cherrypick-robot/cri-o'\n", error: exit status 1 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@saschagrunert: new pull request created: #3090 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Before this patch, if the namespace is closed or not retrievable, then
we still assign
nil
to it. In this case the interface checks fornil
will not work any more on removal and will trigger a segmentation fault.
This is now fixed by only touching pointers when necessary. Reproducible
via:
More background information are available here:
https://www.calhoun.io/when-nil-isnt-equal-to-nil/