summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorTing-Yu Wang <anivia@google.com>2021-02-05 17:25:35 -0800
committergVisor bot <gvisor-bot@google.com>2021-02-05 17:28:01 -0800
commit120c8e34687129c919ae45263c14b239a0a5d343 (patch)
treeb684a6e57c6d291c7d7b528c36c9ef9844dd6e3b
parent09afd68326898f783927c65f86f813d815d8c16c (diff)
Replace TaskFromContext(ctx).Kernel() with KernelFromContext(ctx)
Panic seen at some code path like control.ExecAsync where ctx does not have a Task. Reported-by: syzbot+55ce727161cf94a7b7d6@syzkaller.appspotmail.com PiperOrigin-RevId: 355960596
-rw-r--r--pkg/sentry/socket/hostinet/socket_vfs2.go3
-rw-r--r--pkg/sentry/socket/netstack/netstack_vfs2.go3
-rw-r--r--pkg/sentry/socket/unix/unix_vfs2.go3
-rw-r--r--runsc/container/container_test.go22
4 files changed, 25 insertions, 6 deletions
diff --git a/pkg/sentry/socket/hostinet/socket_vfs2.go b/pkg/sentry/socket/hostinet/socket_vfs2.go
index f82c7c224..dc03ccb47 100644
--- a/pkg/sentry/socket/hostinet/socket_vfs2.go
+++ b/pkg/sentry/socket/hostinet/socket_vfs2.go
@@ -80,8 +80,7 @@ func newVFS2Socket(t *kernel.Task, family int, stype linux.SockType, protocol in
// Release implements vfs.FileDescriptionImpl.Release.
func (s *socketVFS2) Release(ctx context.Context) {
- t := kernel.TaskFromContext(ctx)
- t.Kernel().DeleteSocketVFS2(&s.vfsfd)
+ kernel.KernelFromContext(ctx).DeleteSocketVFS2(&s.vfsfd)
s.socketOpsCommon.Release(ctx)
}
diff --git a/pkg/sentry/socket/netstack/netstack_vfs2.go b/pkg/sentry/socket/netstack/netstack_vfs2.go
index 24922c400..fc29f8f13 100644
--- a/pkg/sentry/socket/netstack/netstack_vfs2.go
+++ b/pkg/sentry/socket/netstack/netstack_vfs2.go
@@ -79,8 +79,7 @@ func NewVFS2(t *kernel.Task, family int, skType linux.SockType, protocol int, qu
// Release implements vfs.FileDescriptionImpl.Release.
func (s *SocketVFS2) Release(ctx context.Context) {
- t := kernel.TaskFromContext(ctx)
- t.Kernel().DeleteSocketVFS2(&s.vfsfd)
+ kernel.KernelFromContext(ctx).DeleteSocketVFS2(&s.vfsfd)
s.socketOpsCommon.Release(ctx)
}
diff --git a/pkg/sentry/socket/unix/unix_vfs2.go b/pkg/sentry/socket/unix/unix_vfs2.go
index a7d4d7f1f..9c037cbae 100644
--- a/pkg/sentry/socket/unix/unix_vfs2.go
+++ b/pkg/sentry/socket/unix/unix_vfs2.go
@@ -95,8 +95,7 @@ func NewFileDescription(ep transport.Endpoint, stype linux.SockType, flags uint3
// DecRef implements RefCounter.DecRef.
func (s *SocketVFS2) DecRef(ctx context.Context) {
s.socketVFS2Refs.DecRef(func() {
- t := kernel.TaskFromContext(ctx)
- t.Kernel().DeleteSocketVFS2(&s.vfsfd)
+ kernel.KernelFromContext(ctx).DeleteSocketVFS2(&s.vfsfd)
s.ep.Close(ctx)
if s.abstractNamespace != nil {
s.abstractNamespace.Remove(s.abstractName, s)
diff --git a/runsc/container/container_test.go b/runsc/container/container_test.go
index d50bbcd9f..129478505 100644
--- a/runsc/container/container_test.go
+++ b/runsc/container/container_test.go
@@ -777,6 +777,28 @@ func TestExec(t *testing.T) {
}
})
}
+
+ // Test for exec failure with an non-existent file.
+ t.Run("nonexist", func(t *testing.T) {
+ // b/179114837 found by Syzkaller that causes nil pointer panic when
+ // trying to dec-ref an unix socket FD.
+ fds, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0)
+ if err != nil {
+ t.Fatal(err)
+ }
+ defer syscall.Close(fds[0])
+
+ _, err = cont.executeSync(&control.ExecArgs{
+ Argv: []string{"/nonexist"},
+ FilePayload: urpc.FilePayload{
+ Files: []*os.File{os.NewFile(uintptr(fds[1]), "sock")},
+ },
+ })
+ want := "failed to load /nonexist"
+ if err == nil || !strings.Contains(err.Error(), want) {
+ t.Errorf("executeSync: want err containing %q; got err = %q", want, err)
+ }
+ })
})
}
}