Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix preserve-fds flag may cause runc hang #2000

Merged
merged 1 commit into from
Mar 4, 2019
Merged

fix preserve-fds flag may cause runc hang #2000

merged 1 commit into from
Mar 4, 2019

Conversation

lifubang
Copy link
Member

--preserve-fds may caluse runc create and runc run hang.
If preserve-fds > 3, and /dev/fd/5 is not exist, runc will hang.
Because at that time, there is a socket pair for runc init,
one of it's fd is 5.
So, when we pass preserve-fds flag, we need to check whether these fds is exist.

root@test:/opt/ubuntu# ls /dev/fd/ -alh
dr-x------ 2 root root  0 2月  28 16:36 .
dr-xr-xr-x 9 root root  0 2月  28 16:36 ..
lrwx------ 1 root root 64 2月  28 16:36 0 -> /dev/pts/2
lrwx------ 1 root root 64 2月  28 16:36 1 -> /dev/pts/2
lrwx------ 1 root root 64 2月  28 16:36 2 -> /dev/pts/2
lr-x------ 1 root root 64 2月  28 16:36 3 -> /proc/24479/fd
root@test:/opt/ubuntu# docker-runc run -d --preserve-fds 3 test1
^C^C^C^C^C
root@test:/opt/ubuntu#

Signed-off-by: lifubang lifubang@acmcoder.com

cyphar
cyphar reviewed Mar 1, 2019
View reviewed changes
utils_linux.go Outdated Show resolved Hide resolved
cyphar
cyphar reviewed Mar 1, 2019
View reviewed changes
utils_linux.go Outdated Show resolved Hide resolved
@lifubang
fix preserve-fds flag may cause runc hang
7cb3cde 
Signed-off-by: lifubang <lifubang@acmcoder.com>
@lifubang lifubang force-pushed the preserve-fds-error branch from ac3e7c8 to 7cb3cde Compare March 1, 2019 09:15
@cyphar
Copy link
Member

cyphar commented Mar 1, 2019
edited by caniszczyk
Loading

LGTM.

Approved with PullApprove

@crosbymichael
Copy link
Member

crosbymichael commented Mar 4, 2019
edited by caniszczyk
Loading

LGTM

Approved with PullApprove

@crosbymichael crosbymichael merged commit f416cac into opencontainers:master Mar 4, 2019
thaJeztah added a commit to thaJeztah/containerd that referenced this pull request Mar 7, 2019
@thaJeztah
update runc to 2b18fe1d885ee5083ef9f0838fee39b62d653e30
b8d40b3 
This includes an improved fix for CVE-2019-5736 to reduce the
increased memory-consumption introduced by the original patch,
RHEL 7.6 getting into a loop due to a kernel bug in those kernels,
and improve compatibility with older kernels.

changes included:

- opencontainers/runc#1973 Vendor opencontainers/runtime-spec 29686dbc
- opencontainers/runc#1978 Remove detection for scope properties, which have always been broken
- opencontainers/runc#1963 Vendor in go-criu and use it for CRIU's RPC definition
- opencontainers/runc#1995 exec: expose --preserve-fds
- opencontainers/runc#2000 fix preserve-fds flag may cause runc hang
- opencontainers/runc#1968 Create bind mount mountpoints during restore
- opencontainers/runc#1984 nsenter: cloned_binary: "memfd" cleanups

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah mentioned this pull request Mar 7, 2019
Merged
thaJeztah added a commit to thaJeztah/containerd that referenced this pull request Mar 7, 2019
@thaJeztah
update runc to 2b18fe1d885ee5083ef9f0838fee39b62d653e30
b7e7f11 
This includes an improved fix for CVE-2019-5736 to reduce the
increased memory-consumption introduced by the original patch,
RHEL 7.6 getting into a loop due to a kernel bug in those kernels,
and improve compatibility with older kernels.

changes included:

- opencontainers/runc#1973 Vendor opencontainers/runtime-spec 29686dbc
- opencontainers/runc#1978 Remove detection for scope properties, which have always been broken
- opencontainers/runc#1963 Vendor in go-criu and use it for CRIU's RPC definition
- opencontainers/runc#1995 exec: expose --preserve-fds
- opencontainers/runc#2000 fix preserve-fds flag may cause runc hang
- opencontainers/runc#1968 Create bind mount mountpoints during restore
- opencontainers/runc#1984 nsenter: cloned_binary: "memfd" cleanups

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b8d40b3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah added a commit to thaJeztah/containerd that referenced this pull request Mar 7, 2019
@thaJeztah
update runc to 2b18fe1d885ee5083ef9f0838fee39b62d653e30
f86b114 
This includes an improved fix for CVE-2019-5736 to reduce the
increased memory-consumption introduced by the original patch,
RHEL 7.6 getting into a loop due to a kernel bug in those kernels,
and improve compatibility with older kernels.

changes included:

- opencontainers/runc#1973 Vendor opencontainers/runtime-spec 29686dbc
- opencontainers/runc#1978 Remove detection for scope properties, which have always been broken
- opencontainers/runc#1963 Vendor in go-criu and use it for CRIU's RPC definition
- opencontainers/runc#1995 exec: expose --preserve-fds
- opencontainers/runc#2000 fix preserve-fds flag may cause runc hang
- opencontainers/runc#1968 Create bind mount mountpoints during restore
- opencontainers/runc#1984 nsenter: cloned_binary: "memfd" cleanups

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b8d40b3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was referenced Mar 7, 2019
Merged
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@cyphar cyphar cyphar left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lifubang @cyphar @crosbymichael