summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/socket
diff options
context:
space:
mode:
authorIan Gudger <ian@iangudger.com>2021-03-04 02:34:51 -0800
committerIan Gudger <ian@iangudger.com>2021-03-04 02:39:15 -0800
commit9b1170123d323e1f1e49bf5cf792070629d7ae09 (patch)
treee850fc44b92b866313bb23c935934810cd185421 /pkg/sentry/socket
parent76f0d2c67b75f9916866c07663dae7c7da805dbc (diff)
Fix race in unix socket transport.
transport.baseEndpoint.receiver and transport.baseEndpoint.connected are protected by transport.baseEndpoint.Mutex. In order to access them without holding the mutex, we must make a copy. Notifications must be sent without holding the mutex, so we need the values without holding the mutex.
Diffstat (limited to 'pkg/sentry/socket')
-rw-r--r--pkg/sentry/socket/unix/transport/unix.go12
1 files changed, 7 insertions, 5 deletions
diff --git a/pkg/sentry/socket/unix/transport/unix.go b/pkg/sentry/socket/unix/transport/unix.go
index 359a5995b..089a0a647 100644
--- a/pkg/sentry/socket/unix/transport/unix.go
+++ b/pkg/sentry/socket/unix/transport/unix.go
@@ -816,19 +816,20 @@ func (e *baseEndpoint) Connected() bool {
func (e *baseEndpoint) RecvMsg(ctx context.Context, data [][]byte, creds bool, numRights int, peek bool, addr *tcpip.FullAddress) (int64, int64, ControlMessages, bool, *syserr.Error) {
e.Lock()
- if e.receiver == nil {
+ receiver := e.receiver
+ if receiver == nil {
e.Unlock()
return 0, 0, ControlMessages{}, false, syserr.ErrNotConnected
}
- recvLen, msgLen, cms, cmt, a, notify, err := e.receiver.Recv(ctx, data, creds, numRights, peek)
+ recvLen, msgLen, cms, cmt, a, notify, err := receiver.Recv(ctx, data, creds, numRights, peek)
e.Unlock()
if err != nil {
return 0, 0, ControlMessages{}, false, err
}
if notify {
- e.receiver.RecvNotify()
+ receiver.RecvNotify()
}
if addr != nil {
@@ -850,11 +851,12 @@ func (e *baseEndpoint) SendMsg(ctx context.Context, data [][]byte, c ControlMess
return 0, syserr.ErrAlreadyConnected
}
- n, notify, err := e.connected.Send(ctx, data, c, tcpip.FullAddress{Addr: tcpip.Address(e.path)})
+ connected := e.connected
+ n, notify, err := connected.Send(ctx, data, c, tcpip.FullAddress{Addr: tcpip.Address(e.path)})
e.Unlock()
if notify {
- e.connected.SendNotify()
+ connected.SendNotify()
}
return n, err