Fix capability option race and panic. by Random-Liu · Pull Request #3137 · containerd/containerd

Random-Liu · 2019-03-28T08:17:25Z

Race

With the following code:

var WithAllCapabilities = WithCapabilities(GetAllCapabilities())

All WithAllCapabilities option will share the same instance of capability list returned by GetAllCapabilities(). This means that dropping a cap will actually drop the cap for all WithAllCapabilities callers.

This is very bad, and we may want to cherry-pick this fix.

Without the fix, the newly added test will fail:

--- FAIL: TestDropCaps (0.00s)
    spec_opts_test.go:487: cap list 0 doesn't contain non-dropped cap
    spec_opts_test.go:487: cap list 1 doesn't contain non-dropped cap
    spec_opts_test.go:487: cap list 2 doesn't contain non-dropped cap
    spec_opts_test.go:487: cap list 3 doesn't contain non-dropped cap
FAIL
exit status 1
FAIL	github.com/containerd/containerd/oci	0.032s

Panic

When pushing the change, I found #3117 has already handled the panic.

But it seems better not to assume there is no duplicated cap.

Without the fix, the newly added test will panic:

--- FAIL: TestDropCaps (0.00s)
panic: runtime error: slice bounds out of range [recovered]
	panic: runtime error: slice bounds out of range

goroutine 13 [running]:
testing.tRunner.func1(0xc0000bcc00)
	/usr/local/go/src/testing/testing.go:792 +0x387
panic(0x635e60, 0xa43ad0)
	/usr/local/go/src/runtime/panic.go:513 +0x1b9
github.com/containerd/containerd/oci.removeCap(0xc0000bb080, 0x67743b, 0x9)
	/usr/local/google/home/lantaol/workspace/src/github.com/containerd/containerd/oci/spec_opts.go:778 +0x24e
github.com/containerd/containerd/oci.WithDroppedCapabilities.func1(0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000baf80, 0x0, 0x0)
	/usr/local/google/home/lantaol/workspace/src/github.com/containerd/containerd/oci/spec_opts.go:826 +0x8f
github.com/containerd/containerd/oci.TestDropCaps(0xc0000bcc00)
	/usr/local/google/home/lantaol/workspace/src/github.com/containerd/containerd/oci/spec_opts_test.go:494 +0x7a0
testing.tRunner(0xc0000bcc00, 0x684ed0)
	/usr/local/go/src/testing/testing.go:827 +0xbf
created by testing.(*T).Run
	/usr/local/go/src/testing/testing.go:878 +0x353
exit status 2
FAIL	github.com/containerd/containerd/oci	0.035s

Signed-off-by: Lantao Liu [email protected]

Signed-off-by: Lantao Liu <[email protected]>

codecov-io · 2019-03-28T09:31:02Z

Codecov Report

Merging #3137 into master will increase coverage by 0.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #3137      +/-   ##
==========================================
+ Coverage   43.58%   43.59%   +0.01%     
==========================================
  Files         104      104              
  Lines       11156    11159       +3     
==========================================
+ Hits         4862     4865       +3     
  Misses       5555     5555              
  Partials      739      739

Flag	Coverage Δ
#linux	`47.59% <100%> (+0.02%)`	⬆️
#windows	`40.49% <100%> (-0.01%)`	⬇️

Impacted Files	Coverage Δ
oci/spec_opts.go	`30.58% <100%> (+0.26%)`	⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 90a7da8...808b223. Read the comment docs.

estesp

LGTM

crosbymichael · 2019-03-28T15:43:25Z

LGTM

Random-Liu added cherry-pick/1.1.x labels Mar 28, 2019

Fix race and panic.

808b223

Signed-off-by: Lantao Liu <[email protected]>

Random-Liu force-pushed the fix-race-and-panic branch from d46e8a7 to 808b223 Compare March 28, 2019 08:27

estesp approved these changes Mar 28, 2019

View reviewed changes

crosbymichael merged commit f2a20ea into containerd:master Mar 28, 2019

Random-Liu deleted the fix-race-and-panic branch March 28, 2019 18:14

This was referenced Mar 28, 2019

Update containerd to f2a20ead833f8caf3ffc12be058d6ce668b4ebed. containerd/cri#1106

Merged

[release/1.2 backport] Fix race and panic. #3147

Merged

Random-Liu added cherry-picked/1.2.x and removed cherry-pick/1.1.x labels Mar 29, 2019

AkihiroSuda removed the cherry-pick/1.2.x label Jun 24, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix capability option race and panic.#3137

Fix capability option race and panic.#3137
crosbymichael merged 1 commit intocontainerd:masterfrom
Random-Liu:fix-race-and-panic

Random-Liu commented Mar 28, 2019 •

edited

Loading

Uh oh!

codecov-io commented Mar 28, 2019

Uh oh!

estesp left a comment

Uh oh!

crosbymichael commented Mar 28, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

Random-Liu commented Mar 28, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Race

Panic

Uh oh!

codecov-io commented Mar 28, 2019

Codecov Report

Uh oh!

estesp left a comment

Choose a reason for hiding this comment

Uh oh!

crosbymichael commented Mar 28, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Random-Liu commented Mar 28, 2019 •

edited

Loading