[lxc-devel] [lxc/master] lxccontainer: fix fd leaks when sending signals

Thu May 24 22:03:28 UTC 2018

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180524/44a2be1d/attachment.bin>
-------------- next part --------------
From 9dd541531f9fe79a773f0220d358c0c679368def Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Fri, 25 May 2018 00:00:50 +0200
Subject: [PATCH] lxccontainer: fix fd leaks when sending signals

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/lxccontainer.c | 28 ++++++++++++++++++++--------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index d50ac8516..2a8066767 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1893,24 +1893,30 @@ static bool lxcapi_create(struct lxc_container *c, const char *t,
 
 static bool do_lxcapi_reboot(struct lxc_container *c)
 {
+	int ret;
 	pid_t pid;
 	int rebootsignal = SIGINT;
 
 	if (!c)
 		return false;
+
 	if (!do_lxcapi_is_running(c))
 		return false;
+
 	pid = do_lxcapi_init_pid(c);
 	if (pid <= 0)
 		return false;
+
 	if (c->lxc_conf && c->lxc_conf->rebootsignal)
 		rebootsignal = c->lxc_conf->rebootsignal;
-	if (kill(pid, rebootsignal) < 0) {
-		WARN("Could not send signal %d to pid %d.", rebootsignal, pid);
+
+	ret = kill(pid, rebootsignal);
+	if (ret < 0) {
+		WARN("Failed to send signal %d to pid %d", rebootsignal, pid);
 		return false;
 	}
-	return true;
 
+	return true;
 }
 
 WRAP_API(bool, lxcapi_reboot)
@@ -1958,15 +1964,18 @@ static bool do_lxcapi_reboot2(struct lxc_container *c, int timeout)
 	/* Send reboot signal to container. */
 	killret = kill(pid, rebootsignal);
 	if (killret < 0) {
-		WARN("Could not send signal %d to pid %d", rebootsignal, pid);
 		if (state_client_fd >= 0)
 			close(state_client_fd);
+		WARN("Failed to send signal %d to pid %d", rebootsignal, pid);
 		return false;
 	}
 	TRACE("Sent signal %d to pid %d", rebootsignal, pid);
 
-	if (timeout == 0)
+	if (timeout == 0) {
+		if (state_client_fd >= 0)
+			close(state_client_fd);
 		return true;
+	}
 
 	ret = lxc_cmd_sock_rcv_state(state_client_fd, timeout);
 	close(state_client_fd);
@@ -1986,7 +1995,7 @@ static bool do_lxcapi_shutdown(struct lxc_container *c, int timeout)
 {
 	int killret, ret;
 	pid_t pid;
-	int haltsignal = SIGPWR, state_client_fd = -1;
+	int haltsignal = SIGPWR, state_client_fd = -EBADF;
 	lxc_state_t states[MAX_STATE] = {0};
 
 	if (!c)
@@ -2028,15 +2037,18 @@ static bool do_lxcapi_shutdown(struct lxc_container *c, int timeout)
 	/* Send shutdown signal to container. */
 	killret = kill(pid, haltsignal);
 	if (killret < 0) {
-		WARN("Could not send signal %d to pid %d", haltsignal, pid);
 		if (state_client_fd >= 0)
 			close(state_client_fd);
+		WARN("Failed to send signal %d to pid %d", haltsignal, pid);
 		return false;
 	}
 	TRACE("Sent signal %d to pid %d", haltsignal, pid);
 
-	if (timeout == 0)
+	if (timeout == 0) {
+		if (state_client_fd >= 0)
+			close(state_client_fd);
 		return true;
+	}
 
 	ret = lxc_cmd_sock_rcv_state(state_client_fd, timeout);
 	close(state_client_fd);
