|
 |
ed2e38 |
From 40fd67a5303214be8a6aeb30e4f30735dcaf3094 Mon Sep 17 00:00:00 2001
|
|
|
ed2e38 |
From: y00316549 <yangshukui@huawei.com>
|
|
|
ed2e38 |
Date: Thu, 11 Jan 2018 20:16:18 +0800
|
|
|
ed2e38 |
Subject: [PATCH] Security: fix mem leak in containerd
|
|
|
ed2e38 |
|
|
|
ed2e38 |
Change-Id: I79df63093835a28ff23074ebc0f75fffac592e66
|
|
|
ed2e38 |
Signed-off-by: Shukui Yang <yangshukui@huawei.com>
|
|
|
ed2e38 |
(cherry picked from commit 64456eccb7443ab68b1b5cf0c33be51fdfe5e346)
|
|
|
ed2e38 |
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
|
|
ed2e38 |
---
|
|
|
ed2e38 |
supervisor/delete.go | 7 +++++--
|
|
|
ed2e38 |
supervisor/exit.go | 1 +
|
|
|
ed2e38 |
supervisor/supervisor.go | 8 ++++++--
|
|
|
ed2e38 |
3 files changed, 12 insertions(+), 4 deletions(-)
|
|
|
ed2e38 |
|
|
|
ed2e38 |
diff --git a/supervisor/delete.go b/supervisor/delete.go
|
|
|
ed2e38 |
index 26cf1bb..9cf517f 100644
|
|
|
ed2e38 |
--- a/containerd-9c53e35c39f214b128beed3dfb670ccf751c4173/supervisor/delete.go
|
|
|
ed2e38 |
+++ b/containerd-9c53e35c39f214b128beed3dfb670ccf751c4173/supervisor/delete.go
|
|
|
ed2e38 |
@@ -27,11 +27,14 @@ func (s *Supervisor) delete(t *DeleteTask) error {
|
|
|
ed2e38 |
t.Process.Wait()
|
|
|
ed2e38 |
}
|
|
|
ed2e38 |
if !t.NoEvent {
|
|
|
ed2e38 |
- execMap := s.getExecSyncMap(t.ID)
|
|
|
ed2e38 |
go func() {
|
|
|
ed2e38 |
// Wait for all exec processe events to be sent (we seem
|
|
|
ed2e38 |
// to sometimes receive them after the init event)
|
|
|
ed2e38 |
- for _, ch := range execMap {
|
|
|
ed2e38 |
+ for {
|
|
|
ed2e38 |
+ ch := s.getExecSyncOneChannel(t.ID)
|
|
|
ed2e38 |
+ if ch == nil {
|
|
|
ed2e38 |
+ break
|
|
|
ed2e38 |
+ }
|
|
|
ed2e38 |
<-ch
|
|
|
ed2e38 |
}
|
|
|
ed2e38 |
s.deleteExecSyncMap(t.ID)
|
|
|
ed2e38 |
diff --git a/supervisor/exit.go b/supervisor/exit.go
|
|
|
ed2e38 |
index 2bce31e..537927b 100644
|
|
|
ed2e38 |
--- a/containerd-9c53e35c39f214b128beed3dfb670ccf751c4173/supervisor/exit.go
|
|
|
ed2e38 |
+++ b/containerd-9c53e35c39f214b128beed3dfb670ccf751c4173/supervisor/exit.go
|
|
|
ed2e38 |
@@ -89,6 +89,7 @@ func (s *Supervisor) execExit(t *ExecExitTask) error {
|
|
|
ed2e38 |
PID: t.PID,
|
|
|
ed2e38 |
Status: t.Status,
|
|
|
ed2e38 |
})
|
|
|
ed2e38 |
+ s.deleteExecSyncChannel(t.ID, t.PID)
|
|
|
ed2e38 |
close(synCh)
|
|
|
ed2e38 |
}()
|
|
|
ed2e38 |
return nil
|
|
|
ed2e38 |
diff --git a/supervisor/supervisor.go b/supervisor/supervisor.go
|
|
|
ed2e38 |
index e21ae7b..bbb001c 100644
|
|
|
ed2e38 |
--- a/containerd-9c53e35c39f214b128beed3dfb670ccf751c4173/supervisor/supervisor.go
|
|
|
ed2e38 |
+++ b/containerd-9c53e35c39f214b128beed3dfb670ccf751c4173/supervisor/supervisor.go
|
|
|
ed2e38 |
@@ -479,10 +479,14 @@ func (s *Supervisor) getExecSyncChannel(containerID, pid string) chan struct{} {
|
|
|
ed2e38 |
return ch
|
|
|
ed2e38 |
}
|
|
|
ed2e38 |
|
|
|
ed2e38 |
-func (s *Supervisor) getExecSyncMap(containerID string) map[string]chan struct{} {
|
|
|
ed2e38 |
+func (s *Supervisor) getExecSyncOneChannel(containerID string) chan struct{} {
|
|
|
ed2e38 |
s.containerExecSyncLock.Lock()
|
|
|
ed2e38 |
defer s.containerExecSyncLock.Unlock()
|
|
|
ed2e38 |
- return s.containerExecSync[containerID]
|
|
|
ed2e38 |
+
|
|
|
ed2e38 |
+ for _, ch := range s.containerExecSync[containerID] {
|
|
|
ed2e38 |
+ return ch
|
|
|
ed2e38 |
+ }
|
|
|
ed2e38 |
+ return nil
|
|
|
ed2e38 |
}
|
|
|
ed2e38 |
|
|
|
ed2e38 |
func (s *Supervisor) deleteExecSyncMap(containerID string) {
|