|
|
a7f575 |
From 0f90cc1ecb2db92e5388e07b8662b6c4a3a64f6c Mon Sep 17 00:00:00 2001
|
|
|
a7f575 |
From: Kir Kolyshkin <kolyshkin@gmail.com>
|
|
|
a7f575 |
Date: Tue, 15 Sep 2020 21:46:32 -0700
|
|
|
a7f575 |
Subject: [PATCH] runc run: fix panic on error
|
|
|
a7f575 |
|
|
|
a7f575 |
In case (*initProcess).start did not set sentRun, and ierr is nil,
|
|
|
a7f575 |
runc run panics:
|
|
|
a7f575 |
|
|
|
a7f575 |
```
|
|
|
a7f575 |
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
|
|
|
a7f575 |
panic: runtime error: invalid memory address or nil pointer dereference
|
|
|
a7f575 |
[signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x68a117]
|
|
|
a7f575 |
|
|
|
a7f575 |
goroutine 1 [running]:
|
|
|
a7f575 |
github.com/urfave/cli.HandleAction.func1(0xc0002277d8)
|
|
|
a7f575 |
/home/kir/go/src/github.com/projectatomic/runc/Godeps/_workspace/src/github.com/urfave/cli/app.go:478 +0x22d
|
|
|
a7f575 |
panic(0x730b60, 0xa06fc0)
|
|
|
a7f575 |
/usr/lib/golang/src/runtime/panic.go:969 +0x166
|
|
|
a7f575 |
github.com/opencontainers/runc/libcontainer.(*genericError).Error(0x0, 0xc0002ca0e0, 0xe)
|
|
|
a7f575 |
/home/kir/go/src/github.com/projectatomic/runc/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/generic_error.go:93 +0x37
|
|
|
a7f575 |
github.com/opencontainers/runc/libcontainer.createSystemError(0x7fcd20, 0x0, 0x78c23e, 0xe, 0xc000098050, 0x0)
|
|
|
a7f575 |
/home/kir/go/src/github.com/projectatomic/runc/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/generic_error.go:78 +0x14c
|
|
|
a7f575 |
github.com/opencontainers/runc/libcontainer.newSystemErrorWithCause(...)
|
|
|
a7f575 |
/home/kir/go/src/github.com/projectatomic/runc/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/generic_error.go:63
|
|
|
a7f575 |
github.com/opencontainers/runc/libcontainer.(*initProcess).start(0xc000298000, 0x0, 0x0)
|
|
|
a7f575 |
/home/kir/go/src/github.com/projectatomic/runc/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/process_linux.go:361 +0x94b
|
|
|
a7f575 |
....
|
|
|
a7f575 |
```
|
|
|
a7f575 |
|
|
|
a7f575 |
This is caused by the fact that `ierr` is a typed variable (rather than a
|
|
|
a7f575 |
generic `error`), and when `newSystemErrorWithCause(ierr, ...)` is called
|
|
|
a7f575 |
with a typed variable, the check `if err != nil` in `createSystemError`
|
|
|
a7f575 |
does not work, since err has a type. This Golang peculiarity is described
|
|
|
a7f575 |
in https://golang.org/doc/faq#nil_error.
|
|
|
a7f575 |
|
|
|
a7f575 |
After this patch (tested by temporarily modifying the source to set
|
|
|
a7f575 |
`sentRun` to `false`) it no longer panics, instead we get:
|
|
|
a7f575 |
|
|
|
a7f575 |
```
|
|
|
a7f575 |
container_linux.go:247: starting container process caused "container init failed"
|
|
|
a7f575 |
```
|
|
|
a7f575 |
|
|
|
a7f575 |
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
|
|
a7f575 |
---
|
|
|
a7f575 |
libcontainer/process_linux.go | 5 ++++-
|
|
|
a7f575 |
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
a7f575 |
|
|
|
a7f575 |
diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go
|
|
|
a7f575 |
index 7c92c93a..53df9fa5 100644
|
|
|
a7f575 |
--- docker-0be3e217c42ecf554bf5117bec9c832bd3f3b6fd/runc-66aedde759f33c190954815fb765eedc1d782dd9/libcontainer/process_linux.go
|
|
|
a7f575 |
+++ docker-0be3e217c42ecf554bf5117bec9c832bd3f3b6fd/runc-66aedde759f33c190954815fb765eedc1d782dd9/libcontainer/process_linux.go
|
|
|
a7f575 |
@@ -364,7 +364,10 @@ loop:
|
|
|
a7f575 |
return newSystemError(fmt.Errorf("container init exited prematurely"))
|
|
|
a7f575 |
}
|
|
|
a7f575 |
if !sentRun {
|
|
|
a7f575 |
- return newSystemErrorWithCause(ierr, "container init")
|
|
|
a7f575 |
+ if ierr != nil {
|
|
|
a7f575 |
+ return newSystemErrorWithCause(ierr, "container init")
|
|
|
a7f575 |
+ }
|
|
|
a7f575 |
+ return newSystemError(errors.New("container init failed"))
|
|
|
a7f575 |
}
|
|
|
a7f575 |
if p.config.Config.Namespaces.Contains(configs.NEWNS) && !sentResume {
|
|
|
a7f575 |
return newSystemError(fmt.Errorf("could not synchronise after executing prestart hooks with container process"))
|