Accepting request 985784 from home:cyphar:docker

- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start
  issue with dockerd. bsc#1200022
  + 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch

OBS-URL: https://build.opensuse.org/request/show/985784
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=372
This commit is contained in:
Aleksa Sarai 2022-06-29 13:59:39 +00:00 committed by Git OBS Bridge
parent 9f1db41663
commit b74ac9e95b
3 changed files with 67 additions and 0 deletions

View File

@ -0,0 +1,56 @@
From 078fbd36b8fecab42ac7faad973a16aed10ab28c Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Fri, 29 Jan 2021 14:55:08 +0100
Subject: [PATCH 7/7] bsc1200022: fifo.Close(): prevent possible panic if fifo
is nil
I'm not sure if this is the right approach, and synchronisation should probably
be added elsewhere to fix the underlying issue.
Trying to prevent a panic that was seen on container restore in th docker daemon:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x5586c892a7a4]
goroutine 420 [running]:
github.com/docker/docker/vendor/github.com/containerd/fifo.(*fifo).Close(0x0, 0x0, 0x0)
/go/src/github.com/docker/docker/vendor/github.com/containerd/fifo/fifo.go:208 +0x44
github.com/docker/docker/vendor/github.com/containerd/containerd/cio.(*cio).Close(0xc000d06f60, 0x5586cb5654d0, 0xc000d8e9e8)
/go/src/github.com/docker/docker/vendor/github.com/containerd/containerd/cio/io.go:203 +0x90
github.com/docker/docker/libcontainerd/remote.(*client).Restore.func1(0xc0008bf820, 0xc0008a2040)
/go/src/github.com/docker/docker/libcontainerd/remote/client.go:86 +0x5a
github.com/docker/docker/libcontainerd/remote.(*client).Restore(0xc00098e5b0, 0x5586cb61c7c0, 0xc000052088, 0xc0011b6500, 0x40, 0xc0008bf810, 0x5586cb05cf00, 0xffffffffffffffff, 0x0, 0x0, ...)
/go/src/github.com/docker/docker/libcontainerd/remote/client.go:107 +0x923
github.com/docker/docker/daemon.(*Daemon).restore.func3(0xc00079d9e0, 0xc000a38230, 0xc00000c1e0, 0xc00079d9a8, 0xc000d84f00, 0xc000d84ed0, 0xc000d84ea0, 0xc00128a280)
/go/src/github.com/docker/docker/daemon/daemon.go:351 +0x48a
created by github.com/docker/docker/daemon.(*Daemon).restore
/go/src/github.com/docker/docker/daemon/daemon.go:319 +0x4b3
If the fifo is nil, there's nothing to be done in Close(), so returning early
in that situation.
Backport: <https://github.com/containerd/fifo/pull/32>
SUSE-Bugs: bsc#1200022
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
vendor/github.com/containerd/fifo/fifo.go | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/vendor/github.com/containerd/fifo/fifo.go b/vendor/github.com/containerd/fifo/fifo.go
index 96c214f270bf..c3eec295b578 100644
--- a/vendor/github.com/containerd/fifo/fifo.go
+++ b/vendor/github.com/containerd/fifo/fifo.go
@@ -204,6 +204,10 @@ func (f *fifo) Write(b []byte) (int, error) {
// before open(2) has returned and fifo was never opened.
func (f *fifo) Close() (retErr error) {
for {
+ if f == nil {
+ return
+ }
+
select {
case <-f.closed:
f.handle.Close()
--
2.36.1

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Jun 29 12:19:55 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start
issue with dockerd. bsc#1200022
+ 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jun 7 07:18:41 UTC 2022 - Aleksa Sarai <asarai@suse.com> Tue Jun 7 07:18:41 UTC 2022 - Aleksa Sarai <asarai@suse.com>

View File

@ -97,6 +97,8 @@ Patch301: 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
# SUSE-BACKPORT: Backport of several golang.org/x/crypto updates. # SUSE-BACKPORT: Backport of several golang.org/x/crypto updates.
# bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191 # bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191
Patch302: 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch Patch302: 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
# SUSE-BACKPORT: Backport of <https://github.com/containerd/fifo/pull/32>. bsc#1200022
Patch303: 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
BuildRequires: audit BuildRequires: audit
BuildRequires: bash-completion BuildRequires: bash-completion
BuildRequires: ca-certificates BuildRequires: ca-certificates
@ -269,6 +271,8 @@ docker container runtime configuration for kubeadm
%patch301 -p1 %patch301 -p1
# bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191 # bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191
%patch302 -p1 %patch302 -p1
# bsc#1200022
%patch303 -p1
# README_SUSE.md for documentation. # README_SUSE.md for documentation.
cp %{SOURCE103} . cp %{SOURCE103} .