diff options
author | Ting-Yu Wang <anivia@google.com> | 2021-02-05 17:25:35 -0800 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-02-05 17:28:01 -0800 |
commit | 120c8e34687129c919ae45263c14b239a0a5d343 (patch) | |
tree | b684a6e57c6d291c7d7b528c36c9ef9844dd6e3b | |
parent | 09afd68326898f783927c65f86f813d815d8c16c (diff) |
Replace TaskFromContext(ctx).Kernel() with KernelFromContext(ctx)
Panic seen at some code path like control.ExecAsync where
ctx does not have a Task.
Reported-by: syzbot+55ce727161cf94a7b7d6@syzkaller.appspotmail.com
PiperOrigin-RevId: 355960596
-rw-r--r-- | pkg/sentry/socket/hostinet/socket_vfs2.go | 3 | ||||
-rw-r--r-- | pkg/sentry/socket/netstack/netstack_vfs2.go | 3 | ||||
-rw-r--r-- | pkg/sentry/socket/unix/unix_vfs2.go | 3 | ||||
-rw-r--r-- | runsc/container/container_test.go | 22 |
4 files changed, 25 insertions, 6 deletions
diff --git a/pkg/sentry/socket/hostinet/socket_vfs2.go b/pkg/sentry/socket/hostinet/socket_vfs2.go index f82c7c224..dc03ccb47 100644 --- a/pkg/sentry/socket/hostinet/socket_vfs2.go +++ b/pkg/sentry/socket/hostinet/socket_vfs2.go @@ -80,8 +80,7 @@ func newVFS2Socket(t *kernel.Task, family int, stype linux.SockType, protocol in // Release implements vfs.FileDescriptionImpl.Release. func (s *socketVFS2) Release(ctx context.Context) { - t := kernel.TaskFromContext(ctx) - t.Kernel().DeleteSocketVFS2(&s.vfsfd) + kernel.KernelFromContext(ctx).DeleteSocketVFS2(&s.vfsfd) s.socketOpsCommon.Release(ctx) } diff --git a/pkg/sentry/socket/netstack/netstack_vfs2.go b/pkg/sentry/socket/netstack/netstack_vfs2.go index 24922c400..fc29f8f13 100644 --- a/pkg/sentry/socket/netstack/netstack_vfs2.go +++ b/pkg/sentry/socket/netstack/netstack_vfs2.go @@ -79,8 +79,7 @@ func NewVFS2(t *kernel.Task, family int, skType linux.SockType, protocol int, qu // Release implements vfs.FileDescriptionImpl.Release. func (s *SocketVFS2) Release(ctx context.Context) { - t := kernel.TaskFromContext(ctx) - t.Kernel().DeleteSocketVFS2(&s.vfsfd) + kernel.KernelFromContext(ctx).DeleteSocketVFS2(&s.vfsfd) s.socketOpsCommon.Release(ctx) } diff --git a/pkg/sentry/socket/unix/unix_vfs2.go b/pkg/sentry/socket/unix/unix_vfs2.go index a7d4d7f1f..9c037cbae 100644 --- a/pkg/sentry/socket/unix/unix_vfs2.go +++ b/pkg/sentry/socket/unix/unix_vfs2.go @@ -95,8 +95,7 @@ func NewFileDescription(ep transport.Endpoint, stype linux.SockType, flags uint3 // DecRef implements RefCounter.DecRef. func (s *SocketVFS2) DecRef(ctx context.Context) { s.socketVFS2Refs.DecRef(func() { - t := kernel.TaskFromContext(ctx) - t.Kernel().DeleteSocketVFS2(&s.vfsfd) + kernel.KernelFromContext(ctx).DeleteSocketVFS2(&s.vfsfd) s.ep.Close(ctx) if s.abstractNamespace != nil { s.abstractNamespace.Remove(s.abstractName, s) diff --git a/runsc/container/container_test.go b/runsc/container/container_test.go index d50bbcd9f..129478505 100644 --- a/runsc/container/container_test.go +++ b/runsc/container/container_test.go @@ -777,6 +777,28 @@ func TestExec(t *testing.T) { } }) } + + // Test for exec failure with an non-existent file. + t.Run("nonexist", func(t *testing.T) { + // b/179114837 found by Syzkaller that causes nil pointer panic when + // trying to dec-ref an unix socket FD. + fds, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0) + if err != nil { + t.Fatal(err) + } + defer syscall.Close(fds[0]) + + _, err = cont.executeSync(&control.ExecArgs{ + Argv: []string{"/nonexist"}, + FilePayload: urpc.FilePayload{ + Files: []*os.File{os.NewFile(uintptr(fds[1]), "sock")}, + }, + }) + want := "failed to load /nonexist" + if err == nil || !strings.Contains(err.Error(), want) { + t.Errorf("executeSync: want err containing %q; got err = %q", want, err) + } + }) }) } } |