[lxc-devel] [lxd/master] lxd: Fix order of cgroup initialization

monstermunchkin on Github lxc-bot at linuxcontainers.org
Mon Dec 16 13:49:25 UTC 2019 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 622 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20191216/9dd44c6a/attachment.bin>
-------------- next part --------------
From 0cc81a1021568d67a2f274f08b4728a8615d0a9f Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Mon, 16 Dec 2019 14:33:59 +0100
Subject: [PATCH] lxd: Fix order of cgroup initialization

This moves the cgroup initialization below initLXC().

The previous order caused a segfault when trying to set limits.memory
for a running container. The segfault would occur in
lxcCgroupReadWriter.Get() as the cc variable would be nil when
dereferencing it.

Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
 lxd/container_lxc.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 726c852ae2..36c3b495cd 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -3860,10 +3860,6 @@ func (c *containerLXC) VolatileSet(changes map[string]string) error {
 }
 
 func (c *containerLXC) Update(args db.InstanceArgs, userRequested bool) error {
-	cg, err := c.cgroup(c.c)
-	if err != nil {
-		return err
-	}
 	// Set sane defaults for unset keys
 	if args.Project == "" {
 		args.Project = "default"
@@ -3886,7 +3882,7 @@ func (c *containerLXC) Update(args db.InstanceArgs, userRequested bool) error {
 	}
 
 	// Validate the new config
-	err = instance.ValidConfig(c.state.OS, args.Config, false, false)
+	err := instance.ValidConfig(c.state.OS, args.Config, false, false)
 	if err != nil {
 		return errors.Wrap(err, "Invalid config")
 	}
@@ -4099,6 +4095,11 @@ func (c *containerLXC) Update(args db.InstanceArgs, userRequested bool) error {
 		return errors.Wrap(err, "Initialize LXC")
 	}
 
+	cg, err := c.cgroup(c.c)
+	if err != nil {
+		return err
+	}
+
 	// If apparmor changed, re-validate the apparmor profile
 	if shared.StringInSlice("raw.apparmor", changedConfig) || shared.StringInSlice("security.nesting", changedConfig) {
 		err = apparmor.ParseProfile(c)

More information about the lxc-devel mailing list