From b74ac9e95be40f4ac70e0b70d03ef82563fcf5cf2f829c16346a796a025b9913 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 29 Jun 2022 13:59:39 +0000 Subject: [PATCH] Accepting request 985784 from home:cyphar:docker - Backport to fix a crash-on-start issue with dockerd. bsc#1200022 + 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch OBS-URL: https://build.opensuse.org/request/show/985784 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=372 --- ...Close-prevent-possible-panic-if-fifo.patch | 56 +++++++++++++++++++ docker.changes | 7 +++ docker.spec | 4 ++ 3 files changed, 67 insertions(+) create mode 100644 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch diff --git a/0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch b/0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch new file mode 100644 index 0000000..206c746 --- /dev/null +++ b/0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch @@ -0,0 +1,56 @@ +From 078fbd36b8fecab42ac7faad973a16aed10ab28c Mon Sep 17 00:00:00 2001 +From: Sebastiaan van Stijn +Date: Fri, 29 Jan 2021 14:55:08 +0100 +Subject: [PATCH 7/7] bsc1200022: fifo.Close(): prevent possible panic if fifo + is nil + +I'm not sure if this is the right approach, and synchronisation should probably +be added elsewhere to fix the underlying issue. + +Trying to prevent a panic that was seen on container restore in th docker daemon: + + panic: runtime error: invalid memory address or nil pointer dereference + [signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x5586c892a7a4] + + goroutine 420 [running]: + github.com/docker/docker/vendor/github.com/containerd/fifo.(*fifo).Close(0x0, 0x0, 0x0) + /go/src/github.com/docker/docker/vendor/github.com/containerd/fifo/fifo.go:208 +0x44 + github.com/docker/docker/vendor/github.com/containerd/containerd/cio.(*cio).Close(0xc000d06f60, 0x5586cb5654d0, 0xc000d8e9e8) + /go/src/github.com/docker/docker/vendor/github.com/containerd/containerd/cio/io.go:203 +0x90 + github.com/docker/docker/libcontainerd/remote.(*client).Restore.func1(0xc0008bf820, 0xc0008a2040) + /go/src/github.com/docker/docker/libcontainerd/remote/client.go:86 +0x5a + github.com/docker/docker/libcontainerd/remote.(*client).Restore(0xc00098e5b0, 0x5586cb61c7c0, 0xc000052088, 0xc0011b6500, 0x40, 0xc0008bf810, 0x5586cb05cf00, 0xffffffffffffffff, 0x0, 0x0, ...) + /go/src/github.com/docker/docker/libcontainerd/remote/client.go:107 +0x923 + github.com/docker/docker/daemon.(*Daemon).restore.func3(0xc00079d9e0, 0xc000a38230, 0xc00000c1e0, 0xc00079d9a8, 0xc000d84f00, 0xc000d84ed0, 0xc000d84ea0, 0xc00128a280) + /go/src/github.com/docker/docker/daemon/daemon.go:351 +0x48a + created by github.com/docker/docker/daemon.(*Daemon).restore + /go/src/github.com/docker/docker/daemon/daemon.go:319 +0x4b3 + +If the fifo is nil, there's nothing to be done in Close(), so returning early +in that situation. + +Backport: +SUSE-Bugs: bsc#1200022 +Signed-off-by: Sebastiaan van Stijn +--- + vendor/github.com/containerd/fifo/fifo.go | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/vendor/github.com/containerd/fifo/fifo.go b/vendor/github.com/containerd/fifo/fifo.go +index 96c214f270bf..c3eec295b578 100644 +--- a/vendor/github.com/containerd/fifo/fifo.go ++++ b/vendor/github.com/containerd/fifo/fifo.go +@@ -204,6 +204,10 @@ func (f *fifo) Write(b []byte) (int, error) { + // before open(2) has returned and fifo was never opened. + func (f *fifo) Close() (retErr error) { + for { ++ if f == nil { ++ return ++ } ++ + select { + case <-f.closed: + f.handle.Close() +-- +2.36.1 + diff --git a/docker.changes b/docker.changes index 322bfa2..f6f28ee 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Jun 29 12:19:55 UTC 2022 - Aleksa Sarai + +- Backport to fix a crash-on-start + issue with dockerd. bsc#1200022 + + 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch + ------------------------------------------------------------------- Tue Jun 7 07:18:41 UTC 2022 - Aleksa Sarai diff --git a/docker.spec b/docker.spec index 9d85bfa..3ad7fc1 100644 --- a/docker.spec +++ b/docker.spec @@ -97,6 +97,8 @@ Patch301: 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch # SUSE-BACKPORT: Backport of several golang.org/x/crypto updates. # bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191 Patch302: 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch +# SUSE-BACKPORT: Backport of . bsc#1200022 +Patch303: 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: ca-certificates @@ -269,6 +271,8 @@ docker container runtime configuration for kubeadm %patch301 -p1 # bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191 %patch302 -p1 +# bsc#1200022 +%patch303 -p1 # README_SUSE.md for documentation. cp %{SOURCE103} .