Accepting request 985784 from home:cyphar:docker

- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start issue with dockerd. bsc#1200022 + 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch OBS-URL: https://build.opensuse.org/request/show/985784 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=372
2022-06-29 13:59:39 +00:00 · 2022-06-29 13:59:39 +00:00 · b74ac9e95b
commit b74ac9e95b
parent 9f1db41663
3 changed files with 67 additions and 0 deletions
--- a/0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
+++ b/0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
@ -0,0 +1,56 @@
+From 078fbd36b8fecab42ac7faad973a16aed10ab28c Mon Sep 17 00:00:00 2001
+From: Sebastiaan van Stijn <github@gone.nl>
+Date: Fri, 29 Jan 2021 14:55:08 +0100
+Subject: [PATCH 7/7] bsc1200022: fifo.Close(): prevent possible panic if fifo
+ is nil
+
+I'm not sure if this is the right approach, and synchronisation should probably
+be added elsewhere to fix the underlying issue.
+
+Trying to prevent a panic that was seen on container restore in th docker daemon:
+
+    panic: runtime error: invalid memory address or nil pointer dereference
+    [signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x5586c892a7a4]
+
+    goroutine 420 [running]:
+    github.com/docker/docker/vendor/github.com/containerd/fifo.(*fifo).Close(0x0, 0x0, 0x0)
+            /go/src/github.com/docker/docker/vendor/github.com/containerd/fifo/fifo.go:208 +0x44
+    github.com/docker/docker/vendor/github.com/containerd/containerd/cio.(*cio).Close(0xc000d06f60, 0x5586cb5654d0, 0xc000d8e9e8)
+            /go/src/github.com/docker/docker/vendor/github.com/containerd/containerd/cio/io.go:203 +0x90
+    github.com/docker/docker/libcontainerd/remote.(*client).Restore.func1(0xc0008bf820, 0xc0008a2040)
+            /go/src/github.com/docker/docker/libcontainerd/remote/client.go:86 +0x5a
+    github.com/docker/docker/libcontainerd/remote.(*client).Restore(0xc00098e5b0, 0x5586cb61c7c0, 0xc000052088, 0xc0011b6500, 0x40, 0xc0008bf810, 0x5586cb05cf00, 0xffffffffffffffff, 0x0, 0x0, ...)
+            /go/src/github.com/docker/docker/libcontainerd/remote/client.go:107 +0x923
+    github.com/docker/docker/daemon.(*Daemon).restore.func3(0xc00079d9e0, 0xc000a38230, 0xc00000c1e0, 0xc00079d9a8, 0xc000d84f00, 0xc000d84ed0, 0xc000d84ea0, 0xc00128a280)
+            /go/src/github.com/docker/docker/daemon/daemon.go:351 +0x48a
+    created by github.com/docker/docker/daemon.(*Daemon).restore
+            /go/src/github.com/docker/docker/daemon/daemon.go:319 +0x4b3
+
+If the fifo is nil, there's nothing to be done in Close(), so returning early
+in that situation.
+
+Backport: <https://github.com/containerd/fifo/pull/32>
+SUSE-Bugs: bsc#1200022
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+---
+ vendor/github.com/containerd/fifo/fifo.go | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/vendor/github.com/containerd/fifo/fifo.go b/vendor/github.com/containerd/fifo/fifo.go
+index 96c214f270bf..c3eec295b578 100644
+--- a/vendor/github.com/containerd/fifo/fifo.go
+++ b/vendor/github.com/containerd/fifo/fifo.go
+@@ -204,6 +204,10 @@ func (f *fifo) Write(b []byte) (int, error) {
+ // before open(2) has returned and fifo was never opened.
+ func (f *fifo) Close() (retErr error) {
+ 	for {
+		if f == nil {
+			return
+		}
+
+ 		select {
+ 		case <-f.closed:
+ 			f.handle.Close()
+-- 
+2.36.1
+
--- a/docker.changes
+++ b/docker.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Jun 29 12:19:55 UTC 2022 - Aleksa Sarai <asarai@suse.com>
+
+- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start
+  issue with dockerd. bsc#1200022
+  + 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
+
 -------------------------------------------------------------------
 Tue Jun  7 07:18:41 UTC 2022 - Aleksa Sarai <asarai@suse.com>

--- a/docker.spec
+++ b/docker.spec
@ -97,6 +97,8 @@ Patch301:       0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
 # SUSE-BACKPORT: Backport of several golang.org/x/crypto updates.
 #                bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191
 Patch302:       0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
+# SUSE-BACKPORT: Backport of <https://github.com/containerd/fifo/pull/32>. bsc#1200022
+Patch303:       0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
 BuildRequires:  audit
 BuildRequires:  bash-completion
 BuildRequires:  ca-certificates
@ -269,6 +271,8 @@ docker container runtime configuration for kubeadm
 %patch301 -p1
 # bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191
 %patch302 -p1
+# bsc#1200022
+%patch303 -p1

 # README_SUSE.md for documentation.
 cp %{SOURCE103} .