[lxc-devel] [lxc/master] attach: do not fail on non-existing namespaces

brauner on Github lxc-bot at linuxcontainers.org
Mon Dec 4 11:28:26 UTC 2017 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 381 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20171204/4f8eb4b0/attachment.bin>
-------------- next part --------------
From 0103eb53defb5864b56131f00f05ff2e69ad369e Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 4 Dec 2017 01:34:50 +0100
Subject: [PATCH 1/6] conf: prevent null pointer dereference

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/conf.c  | 20 +++++++++++---------
 src/lxc/utils.c |  2 +-
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index ae30b5b87..a86a6d752 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1741,11 +1741,12 @@ static int mount_entry(const char *fsname, const char *target,
 	if (ret < 0) {
 		if (optional) {
 			INFO("Failed to mount \"%s\" on \"%s\" (optional): %s",
-			     fsname, target, strerror(errno));
+			     fsname ? fsname : "(null)", target, strerror(errno));
 			return 0;
 		}
 
-		SYSERROR("Failed to mount \"%s\" on \"%s\"", fsname, target);
+		SYSERROR("Failed to mount \"%s\" on \"%s\"",
+			 fsname ? fsname : "(null)", target);
 		return -1;
 	}
 
@@ -1753,13 +1754,12 @@ static int mount_entry(const char *fsname, const char *target,
 		unsigned long rqd_flags = 0;
 
 		DEBUG("Remounting \"%s\" on \"%s\" to respect bind or remount "
-		      "options",
-		      fsname ? fsname : "(none)", target ? target : "(none)");
+		      "options", fsname ? fsname : "(none)", target ? target : "(none)");
 
 		if (mountflags & MS_RDONLY)
 			rqd_flags |= MS_RDONLY;
 #ifdef HAVE_STATVFS
-		if (statvfs(fsname, &sb) == 0) {
+		if (fsname && statvfs(fsname, &sb) == 0) {
 			unsigned long required_flags = rqd_flags;
 
 			if (sb.f_flag & MS_NOSUID)
@@ -1798,12 +1798,14 @@ static int mount_entry(const char *fsname, const char *target,
 		if (ret < 0) {
 			if (optional) {
 				INFO("Failed to mount \"%s\" on \"%s\" "
-				     "(optional): %s", fsname, target,
+				     "(optional): %s",
+				     fsname ? fsname : "(null)", target,
 				     strerror(errno));
 				return 0;
 			}
 
-			SYSERROR("Failed to mount \"%s\" on \"%s\"", fsname, target);
+			SYSERROR("Failed to mount \"%s\" on \"%s\"",
+				 fsname ? fsname : "(null)", target);
 			return -1;
 		}
 	}
@@ -1811,8 +1813,8 @@ static int mount_entry(const char *fsname, const char *target,
 #ifdef HAVE_STATVFS
 skipremount:
 #endif
-	DEBUG("Mounted \"%s\" on \"%s\" with filesystem type \"%s\"", fsname,
-	      target, fstype);
+	DEBUG("Mounted \"%s\" on \"%s\" with filesystem type \"%s\"",
+	      fsname ? fsname : "(null)", target, fstype);
 
 	return 0;
 }
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 19e6c2ee6..67c475e78 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1644,7 +1644,7 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
 	close(destfd);
 	if (ret < 0) {
 		errno = saved_errno;
-		SYSERROR("Failed to mount %s onto %s", src, dest);
+		SYSERROR("Failed to mount %s onto %s", src ? src : "(null)", dest);
 		return ret;
 	}
 

From f39bcb70cf588386d96a93061a0b5ed9a6c39b2c Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 4 Dec 2017 01:38:01 +0100
Subject: [PATCH 2/6] confile_legacy: prevent null pointer deref

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/confile_legacy.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/lxc/confile_legacy.c b/src/lxc/confile_legacy.c
index eb956dd40..9fc2c06c9 100644
--- a/src/lxc/confile_legacy.c
+++ b/src/lxc/confile_legacy.c
@@ -969,7 +969,7 @@ static int lxc_clear_nic(struct lxc_conf *c, const char *key)
 
 	p1 = strchr(key, '.');
 	if (!p1 || *(p1+1) == '\0')
-		p1 = NULL;
+		return -1;
 
 	if (!p1 && it) {
 		lxc_remove_nic(it);
@@ -987,8 +987,9 @@ static int lxc_clear_nic(struct lxc_conf *c, const char *key)
 			free(it2->elem);
 			free(it2);
 		}
+	} else {
+		return -1;
 	}
-	else return -1;
 
 	return 0;
 }

From 113ebd572991152e247ff0899a15d39335017242 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 4 Dec 2017 01:41:49 +0100
Subject: [PATCH 3/6] criu: initialize status

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/criu.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/lxc/criu.c b/src/lxc/criu.c
index 96688edc0..3285176df 100644
--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@@ -827,9 +827,10 @@ static bool restore_net_info(struct lxc_container *c)
  */
 static void do_restore(struct lxc_container *c, int status_pipe, struct migrate_opts *opts, char *criu_version)
 {
+	int fd;
 	pid_t pid;
 	struct lxc_handler *handler;
-	int status, fd;
+	int status = 0;
 	int pipes[2] = {-1, -1};
 
 	/* Try to detach from the current controlling tty if it exists.
@@ -1049,9 +1050,9 @@ static void do_restore(struct lxc_container *c, int status_pipe, struct migrate_
 		 */
 		if (!status)
 			status = 1;
-		if (write(status_pipe, &status, sizeof(status)) != sizeof(status)) {
+
+		if (write(status_pipe, &status, sizeof(status)) != sizeof(status))
 			SYSERROR("writing status failed");
-		}
 		close(status_pipe);
 	}
 

From 1ca0ee11291b99b3fc18da934e6f5ffa52484c3d Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 4 Dec 2017 01:44:45 +0100
Subject: [PATCH 4/6] confile: remove dead assignment

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/confile.c | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index a2e5ba7c1..f247b37db 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -2934,35 +2934,27 @@ static int get_config_mount_auto(const char *key, char *retv, int inlen,
 	switch (c->auto_mounts & LXC_AUTO_CGROUP_MASK) {
 	case LXC_AUTO_CGROUP_NOSPEC:
 		strprint(retv, inlen, "%scgroup", sep);
-		sep = " ";
 		break;
 	case LXC_AUTO_CGROUP_MIXED:
 		strprint(retv, inlen, "%scgroup:mixed", sep);
-		sep = " ";
 		break;
 	case LXC_AUTO_CGROUP_RO:
 		strprint(retv, inlen, "%scgroup:ro", sep);
-		sep = " ";
 		break;
 	case LXC_AUTO_CGROUP_RW:
 		strprint(retv, inlen, "%scgroup:rw", sep);
-		sep = " ";
 		break;
 	case LXC_AUTO_CGROUP_FULL_NOSPEC:
 		strprint(retv, inlen, "%scgroup-full", sep);
-		sep = " ";
 		break;
 	case LXC_AUTO_CGROUP_FULL_MIXED:
 		strprint(retv, inlen, "%scgroup-full:mixed", sep);
-		sep = " ";
 		break;
 	case LXC_AUTO_CGROUP_FULL_RO:
 		strprint(retv, inlen, "%scgroup-full:ro", sep);
-		sep = " ";
 		break;
 	case LXC_AUTO_CGROUP_FULL_RW:
 		strprint(retv, inlen, "%scgroup-full:rw", sep);
-		sep = " ";
 		break;
 	default:
 		break;

From 223e30c16913721be7e4a47c4129951aa1f867f9 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 4 Dec 2017 01:48:46 +0100
Subject: [PATCH 5/6] criu: silence static analysis

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/criu.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/lxc/criu.c b/src/lxc/criu.c
index 3285176df..8b3a213d8 100644
--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@@ -1025,7 +1025,12 @@ static void do_restore(struct lxc_container *c, int status_pipe, struct migrate_
 		 * assign the return here to silence potential.
 		 */
 		ret = snprintf(title, sizeof(title), "[lxc monitor] %s %s", c->config_path, c->name);
+		if (ret < 0 || (size_t)ret >= sizeof(title))
+			INFO("Setting truncated process name");
+
 		ret = setproctitle(title);
+		if (ret < 0)
+			INFO("Failed to set process name");
 
 		ret = lxc_poll(c->name, handler);
 		if (ret)

From 134284c3ff235958150acca3588fba9c27c62b1c Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 4 Dec 2017 12:26:55 +0100
Subject: [PATCH 6/6] attach: do not fail on non-existing namespaces

Closes #1993.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/attach.c | 9 ++++++++-
 src/lxc/utils.c  | 3 ++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 44ac31edd..afe9ab8af 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -281,8 +281,15 @@ static int in_same_namespace(pid_t pid1, pid_t pid2, const char *ns)
 	struct stat ns_st1, ns_st2;
 
 	ns_fd1 = lxc_preserve_ns(pid1, ns);
-	if (ns_fd1 < 0)
+	if (ns_fd1 < 0) {
+		/* The kernel does not support this namespace. This is not an
+		 * error.
+		 */
+		if (errno == ENOENT)
+			return -EINVAL;
+
 		goto out;
+	}
 
 	ns_fd2 = lxc_preserve_ns(pid2, ns);
 	if (ns_fd2 < 0)
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 67c475e78..c597be8fa 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1906,8 +1906,9 @@ int lxc_preserve_ns(const int pid, const char *ns)
 	ret = snprintf(path, __NS_PATH_LEN, "/proc/%d/ns%s%s", pid,
 		       !ns || strcmp(ns, "") == 0 ? "" : "/",
 		       !ns || strcmp(ns, "") == 0 ? "" : ns);
+	errno = EFBIG;
 	if (ret < 0 || (size_t)ret >= __NS_PATH_LEN)
-		return -1;
+		return -EFBIG;
 
 	return open(path, O_RDONLY | O_CLOEXEC);
 }

More information about the lxc-devel mailing list