[lxc-devel] [lxd/master] lxd/instance/exec: Adds protection against clients reconnecting after exec has started
tomponline on Github
lxc-bot at linuxcontainers.org
Thu Mar 26 21:19:49 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 444 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200326/b38e3f53/attachment.bin>
-------------- next part --------------
From 186fc13bdd5d2ac16564c64eda53e374304f4154 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 26 Mar 2020 21:18:46 +0000
Subject: [PATCH] lxd/instance/exec: Adds protection against clients
reconnecting after exec has started
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/instance_exec.go | 39 +++++++++++++++++++++++++++------------
1 file changed, 27 insertions(+), 12 deletions(-)
diff --git a/lxd/instance_exec.go b/lxd/instance_exec.go
index 7107467ab3..72bde90ea8 100644
--- a/lxd/instance_exec.go
+++ b/lxd/instance_exec.go
@@ -33,14 +33,16 @@ import (
type execWs struct {
req api.InstanceExecPost
- instance instance.Instance
- rootUid int64
- rootGid int64
- conns map[int]*websocket.Conn
- connsLock sync.Mutex
- allConnected chan struct{}
- controlConnected chan struct{}
- fds map[int]string
+ instance instance.Instance
+ rootUid int64
+ rootGid int64
+ conns map[int]*websocket.Conn
+ connsLock sync.Mutex
+ allConnected chan struct{}
+ allConnectedDone bool
+ controlConnected chan struct{}
+ controlConnectedDone bool
+ fds map[int]string
}
func (s *execWs) Metadata() interface{} {
@@ -76,23 +78,36 @@ func (s *execWs) Connect(op *operations.Operation, r *http.Request, w http.Respo
s.connsLock.Lock()
s.conns[fd] = conn
- s.connsLock.Unlock()
if fd == -1 {
- close(s.controlConnected) // Control WS is now connected.
+ if s.controlConnectedDone {
+ return fmt.Errorf("Control websocket already connected")
+ }
+
+ // Control WS is now connected.
+ s.controlConnectedDone = true
+ close(s.controlConnected)
+ s.connsLock.Unlock()
return nil
}
- s.connsLock.Lock()
+ if s.allConnectedDone {
+ return fmt.Errorf("All websockets already connected")
+ }
+
for i, c := range s.conns {
if i != -1 && c == nil {
s.connsLock.Unlock()
return nil
}
}
+
+ // All WS now connected.
+ s.allConnectedDone = true
+ close(s.allConnected)
+
s.connsLock.Unlock()
- close(s.allConnected) // All WS not connected.
return nil
}
}
More information about the lxc-devel
mailing list