[lxc-devel] [lxd/master] lxd/instance/exec: Adds protection against clients reconnecting after exec has started

tomponline on Github lxc-bot at linuxcontainers.org
Thu Mar 26 21:19:49 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 444 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200326/b38e3f53/attachment.bin>
-------------- next part --------------
From 186fc13bdd5d2ac16564c64eda53e374304f4154 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 26 Mar 2020 21:18:46 +0000
Subject: [PATCH] lxd/instance/exec: Adds protection against clients
 reconnecting after exec has started

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/instance_exec.go | 39 +++++++++++++++++++++++++++------------
 1 file changed, 27 insertions(+), 12 deletions(-)

diff --git a/lxd/instance_exec.go b/lxd/instance_exec.go
index 7107467ab3..72bde90ea8 100644
--- a/lxd/instance_exec.go
+++ b/lxd/instance_exec.go
@@ -33,14 +33,16 @@ import (
 type execWs struct {
 	req api.InstanceExecPost
 
-	instance         instance.Instance
-	rootUid          int64
-	rootGid          int64
-	conns            map[int]*websocket.Conn
-	connsLock        sync.Mutex
-	allConnected     chan struct{}
-	controlConnected chan struct{}
-	fds              map[int]string
+	instance             instance.Instance
+	rootUid              int64
+	rootGid              int64
+	conns                map[int]*websocket.Conn
+	connsLock            sync.Mutex
+	allConnected         chan struct{}
+	allConnectedDone     bool
+	controlConnected     chan struct{}
+	controlConnectedDone bool
+	fds                  map[int]string
 }
 
 func (s *execWs) Metadata() interface{} {
@@ -76,23 +78,36 @@ func (s *execWs) Connect(op *operations.Operation, r *http.Request, w http.Respo
 
 			s.connsLock.Lock()
 			s.conns[fd] = conn
-			s.connsLock.Unlock()
 
 			if fd == -1 {
-				close(s.controlConnected) // Control WS is now connected.
+				if s.controlConnectedDone {
+					return fmt.Errorf("Control websocket already connected")
+				}
+
+				// Control WS is now connected.
+				s.controlConnectedDone = true
+				close(s.controlConnected)
+				s.connsLock.Unlock()
 				return nil
 			}
 
-			s.connsLock.Lock()
+			if s.allConnectedDone {
+				return fmt.Errorf("All websockets already connected")
+			}
+
 			for i, c := range s.conns {
 				if i != -1 && c == nil {
 					s.connsLock.Unlock()
 					return nil
 				}
 			}
+
+			// All WS now connected.
+			s.allConnectedDone = true
+			close(s.allConnected)
+
 			s.connsLock.Unlock()
 
-			close(s.allConnected) // All WS not connected.
 			return nil
 		}
 	}


More information about the lxc-devel mailing list