Accepting request 985784 from home:cyphar:docker
- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start issue with dockerd. bsc#1200022 + 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch OBS-URL: https://build.opensuse.org/request/show/985784 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=372
This commit is contained in:
parent
9f1db41663
commit
b74ac9e95b
@ -0,0 +1,56 @@
|
|||||||
|
From 078fbd36b8fecab42ac7faad973a16aed10ab28c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sebastiaan van Stijn <github@gone.nl>
|
||||||
|
Date: Fri, 29 Jan 2021 14:55:08 +0100
|
||||||
|
Subject: [PATCH 7/7] bsc1200022: fifo.Close(): prevent possible panic if fifo
|
||||||
|
is nil
|
||||||
|
|
||||||
|
I'm not sure if this is the right approach, and synchronisation should probably
|
||||||
|
be added elsewhere to fix the underlying issue.
|
||||||
|
|
||||||
|
Trying to prevent a panic that was seen on container restore in th docker daemon:
|
||||||
|
|
||||||
|
panic: runtime error: invalid memory address or nil pointer dereference
|
||||||
|
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x5586c892a7a4]
|
||||||
|
|
||||||
|
goroutine 420 [running]:
|
||||||
|
github.com/docker/docker/vendor/github.com/containerd/fifo.(*fifo).Close(0x0, 0x0, 0x0)
|
||||||
|
/go/src/github.com/docker/docker/vendor/github.com/containerd/fifo/fifo.go:208 +0x44
|
||||||
|
github.com/docker/docker/vendor/github.com/containerd/containerd/cio.(*cio).Close(0xc000d06f60, 0x5586cb5654d0, 0xc000d8e9e8)
|
||||||
|
/go/src/github.com/docker/docker/vendor/github.com/containerd/containerd/cio/io.go:203 +0x90
|
||||||
|
github.com/docker/docker/libcontainerd/remote.(*client).Restore.func1(0xc0008bf820, 0xc0008a2040)
|
||||||
|
/go/src/github.com/docker/docker/libcontainerd/remote/client.go:86 +0x5a
|
||||||
|
github.com/docker/docker/libcontainerd/remote.(*client).Restore(0xc00098e5b0, 0x5586cb61c7c0, 0xc000052088, 0xc0011b6500, 0x40, 0xc0008bf810, 0x5586cb05cf00, 0xffffffffffffffff, 0x0, 0x0, ...)
|
||||||
|
/go/src/github.com/docker/docker/libcontainerd/remote/client.go:107 +0x923
|
||||||
|
github.com/docker/docker/daemon.(*Daemon).restore.func3(0xc00079d9e0, 0xc000a38230, 0xc00000c1e0, 0xc00079d9a8, 0xc000d84f00, 0xc000d84ed0, 0xc000d84ea0, 0xc00128a280)
|
||||||
|
/go/src/github.com/docker/docker/daemon/daemon.go:351 +0x48a
|
||||||
|
created by github.com/docker/docker/daemon.(*Daemon).restore
|
||||||
|
/go/src/github.com/docker/docker/daemon/daemon.go:319 +0x4b3
|
||||||
|
|
||||||
|
If the fifo is nil, there's nothing to be done in Close(), so returning early
|
||||||
|
in that situation.
|
||||||
|
|
||||||
|
Backport: <https://github.com/containerd/fifo/pull/32>
|
||||||
|
SUSE-Bugs: bsc#1200022
|
||||||
|
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
||||||
|
---
|
||||||
|
vendor/github.com/containerd/fifo/fifo.go | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/vendor/github.com/containerd/fifo/fifo.go b/vendor/github.com/containerd/fifo/fifo.go
|
||||||
|
index 96c214f270bf..c3eec295b578 100644
|
||||||
|
--- a/vendor/github.com/containerd/fifo/fifo.go
|
||||||
|
+++ b/vendor/github.com/containerd/fifo/fifo.go
|
||||||
|
@@ -204,6 +204,10 @@ func (f *fifo) Write(b []byte) (int, error) {
|
||||||
|
// before open(2) has returned and fifo was never opened.
|
||||||
|
func (f *fifo) Close() (retErr error) {
|
||||||
|
for {
|
||||||
|
+ if f == nil {
|
||||||
|
+ return
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
select {
|
||||||
|
case <-f.closed:
|
||||||
|
f.handle.Close()
|
||||||
|
--
|
||||||
|
2.36.1
|
||||||
|
|
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jun 29 12:19:55 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
||||||
|
|
||||||
|
- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start
|
||||||
|
issue with dockerd. bsc#1200022
|
||||||
|
+ 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jun 7 07:18:41 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
Tue Jun 7 07:18:41 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
||||||
|
|
||||||
|
@ -97,6 +97,8 @@ Patch301: 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
|
|||||||
# SUSE-BACKPORT: Backport of several golang.org/x/crypto updates.
|
# SUSE-BACKPORT: Backport of several golang.org/x/crypto updates.
|
||||||
# bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191
|
# bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191
|
||||||
Patch302: 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
|
Patch302: 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
|
||||||
|
# SUSE-BACKPORT: Backport of <https://github.com/containerd/fifo/pull/32>. bsc#1200022
|
||||||
|
Patch303: 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
|
||||||
BuildRequires: audit
|
BuildRequires: audit
|
||||||
BuildRequires: bash-completion
|
BuildRequires: bash-completion
|
||||||
BuildRequires: ca-certificates
|
BuildRequires: ca-certificates
|
||||||
@ -269,6 +271,8 @@ docker container runtime configuration for kubeadm
|
|||||||
%patch301 -p1
|
%patch301 -p1
|
||||||
# bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191
|
# bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191
|
||||||
%patch302 -p1
|
%patch302 -p1
|
||||||
|
# bsc#1200022
|
||||||
|
%patch303 -p1
|
||||||
|
|
||||||
# README_SUSE.md for documentation.
|
# README_SUSE.md for documentation.
|
||||||
cp %{SOURCE103} .
|
cp %{SOURCE103} .
|
||||||
|
Loading…
Reference in New Issue
Block a user