diff --git a/0001-do-not-use-tmpfile.patch b/0001-do-not-use-tmpfile.patch deleted file mode 100644 index 05d7e57..0000000 --- a/0001-do-not-use-tmpfile.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 2e404b3aa5fcea87a905fbd7ff3465b6135b701e Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Wed, 20 Jul 2022 14:26:58 +0800 -Subject: [PATCH 01/21] do not use tmpfile() - -Signed-off-by: WangFengTu ---- - .../image/oci/storage/layer_store/layer_store.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c -index 7e95a52f..208bb3bc 100644 ---- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c -+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c -@@ -2115,7 +2115,9 @@ static void free_tar_split(tar_split *ts) - static tar_split *new_tar_split(layer_t *l, const char *tspath) - { - int ret = 0; -+ int nret = 0; - tar_split *ts = NULL; -+ char path[PATH_MAX] = {0}; - - ts = util_common_calloc_s(sizeof(tar_split)); - if (ts == NULL) { -@@ -2124,12 +2126,20 @@ static tar_split *new_tar_split(layer_t *l, const char *tspath) - goto out; - } - -- ts->tmp_file = tmpfile(); -+ nret = snprintf(path, sizeof(path), ".%s.tmp", tspath); -+ if (nret < 0 || nret >= PATH_MAX) { -+ ERROR("sprintf .%s.tmp failed", tspath); -+ ret = -1; -+ goto out; -+ } -+ -+ ts->tmp_file = fopen(path, "w+"); - if (ts->tmp_file == NULL) { - ERROR("create tmpfile failed: %s", strerror(errno)); - ret = -1; - goto out; - } -+ (void)unlink(path); - - ret = util_gzip_d(tspath, ts->tmp_file); - if (ret != 0) { --- -2.25.1 - diff --git a/0002-use-only-TLS-v1.2-or-later.patch b/0002-use-only-TLS-v1.2-or-later.patch deleted file mode 100644 index 8eaf761..0000000 --- a/0002-use-only-TLS-v1.2-or-later.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 025d2c2dad2786eda40f2367cdd727a36b8249df Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Thu, 21 Jul 2022 15:37:07 +0800 -Subject: [PATCH 02/21] use only TLS v1.2 or later - -Signed-off-by: WangFengTu ---- - src/utils/http/http.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/utils/http/http.c b/src/utils/http/http.c -index edd05f92..20131660 100644 ---- a/src/utils/http/http.c -+++ b/src/utils/http/http.c -@@ -449,6 +449,13 @@ int http_request(const char *url, struct http_get_options *options, long *respon - curl_easy_setopt(curl_handle, CURLOPT_SUPPRESS_CONNECT_HEADERS, 1L); - #endif - -+ /* libcurl support option CURL_SSLVERSION_TLSv1_2 when version >= 7.34.0 -+ * #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z)) -+ * CURL_VERSION_BITS(7,34,0) = 0x072200 */ -+#if (LIBCURL_VERSION_NUM >= 0x072200) -+ curl_easy_setopt(curl_handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); -+#endif -+ - ret = http_custom_options(curl_handle, options); - if (ret) { - goto out; --- -2.25.1 - diff --git a/0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch b/0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch deleted file mode 100644 index a186f9e..0000000 --- a/0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch +++ /dev/null @@ -1,123 +0,0 @@ -From a475d8da1122af712dbc79dc5d92f1cb95d519f9 Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Mon, 25 Jul 2022 20:31:15 +0800 -Subject: [PATCH 03/21] don't mount shareable dirs if user set mount for dev - shm - -Signed-off-by: zhangxiaoyu ---- - src/daemon/modules/spec/specs_mount.c | 51 +++++++++++++++------------ - 1 file changed, 28 insertions(+), 23 deletions(-) - -diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c -index 85623f79..8966293f 100644 ---- a/src/daemon/modules/spec/specs_mount.c -+++ b/src/daemon/modules/spec/specs_mount.c -@@ -2699,7 +2699,12 @@ int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2 - int ret = -1; - int nret = 0; - bool has_mount = false; -- char *spath = NULL; -+ const char *spath = NULL; -+ -+ if (host_spec == NULL || v2_spec == NULL) { -+ ERROR("Invalid args"); -+ return -1; -+ } - - // ignore shm of system container - if (host_spec->system_container) { -@@ -2709,16 +2714,20 @@ int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2 - if (host_spec->ipc_mode != NULL && !namespace_is_shareable(host_spec->ipc_mode)) { - return 0; - } -+ // has mount for /dev/shm -+ if (has_mount_shm(host_spec, v2_spec)) { -+ return 0; -+ } - -- spath = get_prepare_share_shm_path(host_spec->runtime, v2_spec->id); -+ spath = v2_spec->shm_path; - if (spath == NULL) { -+ ERROR("No shm path"); - return -1; - } - - // container shm has been mounted - if (util_detect_mounted(spath)) { - DEBUG("shm path %s has been mounted", spath); -- free(spath); - return 0; - } - -@@ -2757,7 +2766,6 @@ out: - if (ret != 0 && has_mount) { - (void)umount(spath); - } -- free(spath); - return ret; - } - -@@ -2808,20 +2816,6 @@ out_free: - return ret; - } - --static int set_share_shm(const host_config *host_spec, container_config_v2_common_config *v2_spec) --{ -- char *spath = NULL; -- -- spath = get_prepare_share_shm_path(host_spec->runtime, v2_spec->id); -- if (spath == NULL) { -- return -1; -- } -- -- v2_spec->shm_path = spath; -- -- return 0; --} -- - #define SHM_MOUNT_POINT "/dev/shm" - static int set_shm_path(host_config *host_spec, container_config_v2_common_config *v2_spec) - { -@@ -2836,7 +2830,18 @@ static int set_shm_path(host_config *host_spec, container_config_v2_common_confi - } - // setup shareable dirs - if (host_spec->ipc_mode == NULL || namespace_is_shareable(host_spec->ipc_mode)) { -- return set_share_shm(host_spec, v2_spec); -+ // has mount for /dev/shm -+ if (has_mount_shm(host_spec, v2_spec)) { -+ return 0; -+ } -+ -+ v2_spec->shm_path = get_prepare_share_shm_path(host_spec->runtime, v2_spec->id); -+ if (v2_spec->shm_path == NULL) { -+ ERROR("Failed to get prepare share shm path"); -+ return -1; -+ } -+ -+ return 0; - } - - if (namespace_is_container(host_spec->ipc_mode)) { -@@ -3373,14 +3378,14 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai - host_spec->shm_size = DEFAULT_SHM_SIZE; - } - -- /* setup ipc dir */ -- if (setup_ipc_dirs(host_spec, v2_spec) != 0) { -+ if (set_shm_path(host_spec, v2_spec) != 0) { -+ ERROR("Failed to set shm path"); - ret = -1; - goto out; - } - -- if (set_shm_path(host_spec, v2_spec) != 0) { -- ERROR("Failed to set shm path"); -+ /* setup ipc dir */ -+ if (setup_ipc_dirs(host_spec, v2_spec) != 0) { - ret = -1; - goto out; - } --- -2.25.1 - diff --git a/0004-tolerate-arch-unspecified-seccomp-profiles.patch b/0004-tolerate-arch-unspecified-seccomp-profiles.patch deleted file mode 100644 index 5f27074..0000000 --- a/0004-tolerate-arch-unspecified-seccomp-profiles.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 73e02e66102b3e066d5d6424624461c3024cabe4 Mon Sep 17 00:00:00 2001 -From: chengzrz -Date: Fri, 29 Jul 2022 14:44:55 +0800 -Subject: [PATCH 04/21] tolerate arch unspecified seccomp profiles - -Signed-off-by: chengzrz ---- - src/daemon/modules/spec/specs_security.c | 25 +++++++++++++++--------- - 1 file changed, 16 insertions(+), 9 deletions(-) - -diff --git a/src/daemon/modules/spec/specs_security.c b/src/daemon/modules/spec/specs_security.c -index 643c2745..62f67082 100644 ---- a/src/daemon/modules/spec/specs_security.c -+++ b/src/daemon/modules/spec/specs_security.c -@@ -42,11 +42,11 @@ - - static const char * const g_system_caps[] = { "SYS_BOOT", "SETPCAP", "NET_RAW", "NET_BIND_SERVICE", - #ifdef CAP_AUDIT_WRITE -- "AUDIT_WRITE", -+ "AUDIT_WRITE", - #endif -- "DAC_OVERRIDE", "SETFCAP", "SETGID", "SETUID", "MKNOD", "CHOWN", -- "FOWNER", "FSETID", "KILL", "SYS_CHROOT" -- }; -+ "DAC_OVERRIDE", "SETFCAP", "SETGID", "SETUID", "MKNOD", "CHOWN", -+ "FOWNER", "FSETID", "KILL", "SYS_CHROOT" -+ }; - - static int append_capability(char ***dstcaps, size_t *dstcaps_len, const char *cap) - { -@@ -472,11 +472,6 @@ static size_t docker_seccomp_arches_count(const char *seccomp_architecture, cons - } - } - -- if (count == 0) { -- ERROR("seccomp architecture not found"); -- count = -1; -- } -- - return count; - } - -@@ -498,6 +493,18 @@ static int dup_architectures_to_oci_spec(const char *seccomp_architecture, const - return -1; - } - -+ if (arch_size == 0) { -+ WARN("arch map is not provided in specified seccomp profile"); -+ oci_seccomp_spec->architectures = util_smart_calloc_s(sizeof(char *), 1); -+ if (oci_seccomp_spec->architectures == NULL) { -+ ERROR("Failed to allocate memory for architectures in seccomp spec"); -+ return -1; -+ } -+ oci_seccomp_spec->architectures[oci_seccomp_spec->architectures_len++] = -+ util_strdup_s(seccomp_architecture); -+ return 0; -+ } -+ - oci_seccomp_spec->architectures = util_smart_calloc_s(sizeof(char *), arch_size); - if (oci_seccomp_spec->architectures == NULL) { - ERROR("Failed to calloc memory for architectures in seccomp spec"); --- -2.25.1 - diff --git a/0005-add-a-CI-test-case-checking-seccomp-option.patch b/0005-add-a-CI-test-case-checking-seccomp-option.patch deleted file mode 100644 index 38ee6ee..0000000 --- a/0005-add-a-CI-test-case-checking-seccomp-option.patch +++ /dev/null @@ -1,115 +0,0 @@ -From c9c2bb6bfbe2060bdc6af53ca0d752572b21594d Mon Sep 17 00:00:00 2001 -From: chengzrz -Date: Fri, 29 Jul 2022 14:45:20 +0800 -Subject: [PATCH 05/21] add a CI test case, checking seccomp option - -Signed-off-by: chengzrz ---- - CI/test_cases/container_cases/seccomp.sh | 76 +++++++++++++++++++ - .../seccomp_profile_without_archmap.json | 11 +++ - 2 files changed, 87 insertions(+) - create mode 100755 CI/test_cases/container_cases/seccomp.sh - create mode 100644 CI/test_cases/container_cases/test_data/seccomp_profile_without_archmap.json - -diff --git a/CI/test_cases/container_cases/seccomp.sh b/CI/test_cases/container_cases/seccomp.sh -new file mode 100755 -index 00000000..9e886d10 ---- /dev/null -+++ b/CI/test_cases/container_cases/seccomp.sh -@@ -0,0 +1,76 @@ -+#!/bin/bash -+# -+# attributes: isulad seccomp run -+# concurrent: NO -+# spend time: 4 -+ -+####################################################################### -+##- Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. -+# - iSulad licensed under the Mulan PSL v2. -+# - You can use this software according to the terms and conditions of the Mulan PSL v2. -+# - You may obtain a copy of Mulan PSL v2 at: -+# - http://license.coscl.org.cn/MulanPSL2 -+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -+# - PURPOSE. -+# - See the Mulan PSL v2 for more details. -+##- @Description:CI -+##- @Author: chengzeruizhi -+##- @Create: 2022-07-29 -+####################################################################### -+ -+curr_path=$(dirname $(readlink -f "$0")) -+test_data_path=$(realpath $curr_path/test_data) -+source ../helpers.sh -+ -+function do_pre() { -+ local ret=0 -+ -+ isula rm -f $(isula ps -qa) -+ -+ check_valgrind_log -+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) -+ -+ start_isulad_with_valgrind -+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) -+ -+ return $ret -+} -+ -+function do_test() { -+ local ret=0 -+ -+ msg_info "this is $0 do_test" -+ -+ cid1=$(isula run -tid --security-opt seccomp=/etc/isulad/seccomp_default.json busybox sh) -+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Failed to run container with the default seccomp profile" && ((ret++)) -+ -+ cid2=$(isula run -tid --security-opt seccomp=${test_data_path}/seccomp_profile_without_archmap.json busybox sh) -+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Failed to run container with a customized seccomp profile" && ((ret++)) -+ -+ cid3=$(isula run -tid --security-opt seccomp=/etc/isulad/seccomp_default.json \ -+ --security-opt seccomp=${test_data_path}/seccomp_profile_without_archmap.json busybox sh) -+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Failed to run container with multiple seccomp profiles" && ((ret++)) -+ -+ isula stop "${cid1}" "${cid2}" "${cid3}" -+ -+ isula rm -f $(isula ps -qa) -+ -+ msg_info "${test} finished with return ${ret}..." -+ return ${ret} -+} -+ -+function do_post() { -+ check_valgrind_log -+ start_isulad_with_valgrind -+} -+ -+declare -i ans=0 -+ -+do_pre || ((ans++)) -+ -+do_test || ((ans++)) -+ -+do_post -+ -+show_result ${ans} "${curr_path}/${0}" -diff --git a/CI/test_cases/container_cases/test_data/seccomp_profile_without_archmap.json b/CI/test_cases/container_cases/test_data/seccomp_profile_without_archmap.json -new file mode 100644 -index 00000000..1fade163 ---- /dev/null -+++ b/CI/test_cases/container_cases/test_data/seccomp_profile_without_archmap.json -@@ -0,0 +1,11 @@ -+{ -+ "defaultAction": "SCMP_ACT_ALLOW", -+ "syscalls": [ -+ { -+ "names": ["getcwd"], -+ "action": "SCMP_ACT_ERRNO", -+ "args": null -+ } -+ ] -+ -+} --- -2.25.1 - diff --git a/0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch b/0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch deleted file mode 100644 index 353ad30..0000000 --- a/0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 9498a8df59f69acbf75f9aa69fef465350288bb8 Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Mon, 1 Aug 2022 11:20:31 +0800 -Subject: [PATCH 06/21] fix cri attach when stdout and stderr are false - -Signed-off-by: zhangxiaoyu ---- - .../cri/websocket/service/attach_serve.cc | 28 +++++++++++++------ - .../entry/cri/websocket/service/ws_server.cc | 22 +++++++++++++++ - .../entry/cri/websocket/service/ws_server.h | 2 ++ - 3 files changed, 44 insertions(+), 8 deletions(-) - -diff --git a/src/daemon/entry/cri/websocket/service/attach_serve.cc b/src/daemon/entry/cri/websocket/service/attach_serve.cc -index abb08363..57711180 100644 ---- a/src/daemon/entry/cri/websocket/service/attach_serve.cc -+++ b/src/daemon/entry/cri/websocket/service/attach_serve.cc -@@ -101,31 +101,40 @@ int AttachServe::ExecuteStreamCommand(SessionData *lwsCtx, void *request) - return -1; - } - -+ // stdout - struct AttachContext stdoutContext = { 0 }; - stdoutContext.lwsCtx = lwsCtx; - stdoutContext.sem = &attachSem; -- stdoutContext.attachWriter = WsWriteStdoutToClient; -+ // write stdout to client if attach stdout is true -+ stdoutContext.attachWriter = m_request->attach_stdout ? WsWriteStdoutToClient : WsDoNotWriteStdoutToClient; - - struct io_write_wrapper stdoutstringWriter = { 0 }; - stdoutstringWriter.context = static_cast(&stdoutContext); - stdoutstringWriter.write_func = AttachWriteToClient; -- // the close function of StderrstringWriter is preferred unless StderrstringWriter is nullptr -- stdoutstringWriter.close_func = m_request->attach_stderr ? nullptr : AttachConnectClosed; -+ stdoutstringWriter.close_func = AttachConnectClosed; - -+ // stderr - struct AttachContext stderrContext = { 0 }; - stderrContext.lwsCtx = lwsCtx; -- stderrContext.sem = &attachSem; -- stderrContext.attachWriter = WsWriteStderrToClient; -+ stderrContext.sem = nullptr; -+ // write stderr to client if attach stderr is true -+ stderrContext.attachWriter = m_request->attach_stderr ? WsWriteStderrToClient : WsDoNotWriteStderrToClient; - - struct io_write_wrapper stderrstringWriter = { 0 }; - stderrstringWriter.context = static_cast(&stderrContext); - stderrstringWriter.write_func = AttachWriteToClient; -- stderrstringWriter.close_func = m_request->attach_stderr ? AttachConnectClosed : nullptr; -+ stderrstringWriter.close_func = nullptr; -+ -+ // Maybe attach stdout and stderr are both false. -+ // To make sure the close func sem_post, set attach stdout and stderr true. -+ bool record_attach_stdout = m_request->attach_stdout; -+ bool record_attach_stderr = m_request->attach_stderr; -+ m_request->attach_stdout=true; -+ m_request->attach_stderr=true; - - container_attach_response *m_response { nullptr }; - int ret = cb->container.attach(m_request, &m_response, m_request->attach_stdin ? lwsCtx->pipes.at(0) : -1, -- m_request->attach_stdout ? &stdoutstringWriter : nullptr, -- m_request->attach_stderr ? &stderrstringWriter : nullptr); -+ &stdoutstringWriter, &stderrstringWriter); - - if (ret != 0) { - // join io copy thread in attach callback -@@ -139,11 +148,14 @@ int AttachServe::ExecuteStreamCommand(SessionData *lwsCtx, void *request) - } - WsWriteStdoutToClient(lwsCtx, message.c_str(), message.length()); - } else { -+ // wait io copy thread complete - (void)sem_wait(&attachSem); - } - - (void)sem_destroy(&attachSem); - free_container_attach_response(m_response); -+ m_request->attach_stdout = record_attach_stdout; -+ m_request->attach_stderr = record_attach_stderr; - return ret; - } - -diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc -index 98c0fee0..08f2cff0 100644 ---- a/src/daemon/entry/cri/websocket/service/ws_server.cc -+++ b/src/daemon/entry/cri/websocket/service/ws_server.cc -@@ -703,6 +703,28 @@ ssize_t WsWriteStderrToClient(void *context, const void *data, size_t len) - return WsWriteToClient(context, data, len, STDERRCHANNEL); - } - -+ssize_t WsDoNotWriteStdoutToClient(void *context, const void *data, size_t len) -+{ -+ if (context == nullptr) { -+ ERROR("websocket session context empty"); -+ return -1; -+ } -+ -+ TRACE("Ws do not write stdout to client"); -+ return len; -+} -+ -+ssize_t WsDoNotWriteStderrToClient(void *context, const void *data, size_t len) -+{ -+ if (context == nullptr) { -+ ERROR("websocket session context empty"); -+ return -1; -+ } -+ -+ TRACE("Ws do not write stderr to client"); -+ return len; -+} -+ - int closeWsConnect(void *context, char **err) - { - (void)err; -diff --git a/src/daemon/entry/cri/websocket/service/ws_server.h b/src/daemon/entry/cri/websocket/service/ws_server.h -index b871aabc..a2a180ec 100644 ---- a/src/daemon/entry/cri/websocket/service/ws_server.h -+++ b/src/daemon/entry/cri/websocket/service/ws_server.h -@@ -113,6 +113,8 @@ private: - - ssize_t WsWriteStdoutToClient(void *context, const void *data, size_t len); - ssize_t WsWriteStderrToClient(void *context, const void *data, size_t len); -+ssize_t WsDoNotWriteStdoutToClient(void *context, const void *data, size_t len); -+ssize_t WsDoNotWriteStderrToClient(void *context, const void *data, size_t len); - int closeWsConnect(void *context, char **err); - - #endif // DAEMON_ENTRY_CRI_WEBSOCKET_SERVICE_WS_SERVER_H --- -2.25.1 - diff --git a/0007-fix-cpu-quota-out-of-range-when-update-to-1.patch b/0007-fix-cpu-quota-out-of-range-when-update-to-1.patch deleted file mode 100644 index c9f24e0..0000000 --- a/0007-fix-cpu-quota-out-of-range-when-update-to-1.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 5174fd2608a25a8f7f4b61be79d125b19fb420f9 Mon Sep 17 00:00:00 2001 -From: "Neil.wrz" -Date: Tue, 26 Jul 2022 02:08:43 -0700 -Subject: [PATCH 07/21] fix cpu-quota out of range when update to -1 - -Signed-off-by: Neil.wrz ---- - src/daemon/modules/runtime/engines/engine.h | 2 +- - src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/daemon/modules/runtime/engines/engine.h b/src/daemon/modules/runtime/engines/engine.h -index 8935f845..95428e0f 100644 ---- a/src/daemon/modules/runtime/engines/engine.h -+++ b/src/daemon/modules/runtime/engines/engine.h -@@ -33,7 +33,7 @@ struct engine_cgroup_resources { - uint64_t blkio_weight; - uint64_t cpu_shares; - uint64_t cpu_period; -- uint64_t cpu_quota; -+ int64_t cpu_quota; - char *cpuset_cpus; - char *cpuset_mems; - uint64_t memory_limit; -diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c -index dd310091..a2b93b72 100644 ---- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c -+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c -@@ -518,7 +518,7 @@ static void to_engine_resources(const host_config *hostconfig, struct engine_cgr - cr->blkio_weight = hostconfig->blkio_weight; - cr->cpu_shares = (uint64_t)hostconfig->cpu_shares; - cr->cpu_period = (uint64_t)hostconfig->cpu_period; -- cr->cpu_quota = (uint64_t)hostconfig->cpu_quota; -+ cr->cpu_quota = hostconfig->cpu_quota; - cr->cpuset_cpus = hostconfig->cpuset_cpus; - cr->cpuset_mems = hostconfig->cpuset_mems; - cr->memory_limit = (uint64_t)hostconfig->memory; -@@ -532,7 +532,7 @@ static void to_engine_resources(const host_config *hostconfig, struct engine_cgr - period = (uint64_t)(100 * Time_Milli / Time_Micro); - quota = hostconfig->nano_cpus * (int64_t)period / 1e9; - cr->cpu_period = period; -- cr->cpu_quota = (uint64_t)quota; -+ cr->cpu_quota = quota; - } - } - --- -2.25.1 - diff --git a/0008-stop-health-check-monitor-before-stopping-container.patch b/0008-stop-health-check-monitor-before-stopping-container.patch deleted file mode 100644 index 3eb88f8..0000000 --- a/0008-stop-health-check-monitor-before-stopping-container.patch +++ /dev/null @@ -1,146 +0,0 @@ -From b8fd21e636b643fe9f257a77808d53b067f3d105 Mon Sep 17 00:00:00 2001 -From: songbuhuang <544824346@qq.com> -Date: Wed, 3 Aug 2022 16:06:16 +0800 -Subject: [PATCH 08/21] stop health check monitor before stopping container - -Signed-off-by: songbuhuang <544824346@qq.com> ---- - src/daemon/executor/container_cb/execution.c | 2 -- - src/daemon/executor/container_cb/execution_extend.c | 2 +- - src/daemon/modules/api/container_api.h | 2 +- - .../modules/container/health_check/health_check.c | 12 ++---------- - src/daemon/modules/service/service_container.c | 3 +++ - test/mocks/health_check_mock.cc | 4 ++-- - test/mocks/health_check_mock.h | 2 +- - .../execute/execution_extend/execution_extend_ut.cc | 2 +- - 8 files changed, 11 insertions(+), 18 deletions(-) - -diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c -index edc8b42e..68d0d8d6 100644 ---- a/src/daemon/executor/container_cb/execution.c -+++ b/src/daemon/executor/container_cb/execution.c -@@ -676,8 +676,6 @@ static int container_stop_cb(const container_stop_request *request, container_st - goto pack_response; - } - -- container_stop_health_checks(id); -- - if (stop_container(cont, timeout, force, false)) { - cc = ISULAD_ERR_EXEC; - container_state_set_error(cont->state, (const char *)g_isulad_errmsg); -diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c -index 9c2a213b..b0da705e 100644 ---- a/src/daemon/executor/container_cb/execution_extend.c -+++ b/src/daemon/executor/container_cb/execution_extend.c -@@ -715,7 +715,7 @@ static int do_pause_container(container_t *cont) - params.rootpath = cont->root_path; - params.state = cont->state_path; - -- container_stop_health_checks(cont->common_config->id); -+ container_stop_health_checks(cont); - - if (runtime_pause(id, cont->runtime, ¶ms)) { - container_update_health_monitor(cont->common_config->id); -diff --git a/src/daemon/modules/api/container_api.h b/src/daemon/modules/api/container_api.h -index 1140d4d5..ed97633f 100644 ---- a/src/daemon/modules/api/container_api.h -+++ b/src/daemon/modules/api/container_api.h -@@ -254,7 +254,7 @@ extern char *container_exit_fifo_create(const char *cont_state_path); - extern int container_exit_fifo_open(const char *cont_exit_fifo); - - void container_init_health_monitor(const char *id); --void container_stop_health_checks(const char *container_id); -+void container_stop_health_checks(container_t *cont); - - bool container_is_in_gc_progress(const char *id); - -diff --git a/src/daemon/modules/container/health_check/health_check.c b/src/daemon/modules/container/health_check/health_check.c -index b2feee91..273d3531 100644 ---- a/src/daemon/modules/container/health_check/health_check.c -+++ b/src/daemon/modules/container/health_check/health_check.c -@@ -182,23 +182,15 @@ static void close_health_check_monitor(container_t *cont) - - // Called when the container is being stopped (whether because the health check is - // failing or for any other reason). --void container_stop_health_checks(const char *container_id) -+void container_stop_health_checks(container_t *cont) - { -- container_t *cont = NULL; -- -- if (container_id == NULL) { -- return; -- } -- -- cont = containers_store_get(container_id); - if (cont == NULL) { -- ERROR("Failed to get container info"); - return; - } -+ - if (cont->state != NULL && cont->state->state != NULL && cont->state->state->health != NULL) { - close_health_check_monitor(cont); - } -- container_unref(cont); - } - - /* health check manager free */ -diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c -index a9b14043..2f688f57 100644 ---- a/src/daemon/modules/service/service_container.c -+++ b/src/daemon/modules/service/service_container.c -@@ -1401,6 +1401,9 @@ int stop_container(container_t *cont, int timeout, bool force, bool restart) - ret = -1; - goto out; - } -+ -+ container_stop_health_checks(cont); -+ - // set AutoRemove flag to false before stop so the container won't be - // removed during restart process - if (restart) { -diff --git a/test/mocks/health_check_mock.cc b/test/mocks/health_check_mock.cc -index eab18be7..5e2f210b 100644 ---- a/test/mocks/health_check_mock.cc -+++ b/test/mocks/health_check_mock.cc -@@ -32,10 +32,10 @@ void container_update_health_monitor(const char *container_id) - return; - } - --void container_stop_health_checks(const char *container_id) -+void container_stop_health_checks(container_t *cont) - { - if (g_health_check_mock != nullptr) { -- return g_health_check_mock->ContainerStopHealthCheck(container_id); -+ return g_health_check_mock->ContainerStopHealthCheck(cont); - } - return; - } -diff --git a/test/mocks/health_check_mock.h b/test/mocks/health_check_mock.h -index ab8e20b0..29dad8ca 100644 ---- a/test/mocks/health_check_mock.h -+++ b/test/mocks/health_check_mock.h -@@ -22,7 +22,7 @@ - class MockHealthCheck { - public: - MOCK_METHOD1(UpdateHealthMonitor, void(const char *container_id)); -- MOCK_METHOD1(ContainerStopHealthCheck, void(const char *container_id)); -+ MOCK_METHOD1(ContainerStopHealthCheck, void(container_t *cont)); - }; - - void MockHealthCheck_SetMock(MockHealthCheck* mock); -diff --git a/test/services/execution/execute/execution_extend/execution_extend_ut.cc b/test/services/execution/execute/execution_extend/execution_extend_ut.cc -index 03872340..e4e6d8d4 100644 ---- a/test/services/execution/execute/execution_extend/execution_extend_ut.cc -+++ b/test/services/execution/execute/execution_extend/execution_extend_ut.cc -@@ -204,7 +204,7 @@ void invokeStateSetPaused(container_state_t *s) - return; - } - --void invokeContainerStopHealthCheck(const char *container_id) -+void invokeContainerStopHealthCheck(container_t *cont) - { - return; - } --- -2.25.1 - diff --git a/0009-set-dup_option-null-after-free.patch b/0009-set-dup_option-null-after-free.patch deleted file mode 100644 index cc333be..0000000 --- a/0009-set-dup_option-null-after-free.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 3d8258777c2265ea00c9fe13a11d37d0b3320e4c Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Fri, 5 Aug 2022 14:37:38 +0800 -Subject: [PATCH 09/21] set dup_option null after free - -Signed-off-by: zhangxiaoyu ---- - .../oci/storage/layer_store/graphdriver/devmapper/deviceset.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c -index a0e749dd..10c7fafd 100644 ---- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c -+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c -@@ -239,6 +239,7 @@ static int devmapper_parse_options(struct device_set *devset, const char **optio - } - - free(dup_option); -+ dup_option = NULL; - } - - out: --- -2.25.1 - diff --git a/0010-ensure-read-string-must-have-space-store-null-char.patch b/0010-ensure-read-string-must-have-space-store-null-char.patch deleted file mode 100644 index 0866b0d..0000000 --- a/0010-ensure-read-string-must-have-space-store-null-char.patch +++ /dev/null @@ -1,136 +0,0 @@ -From 6e0b890c16d851bd29009b8a778234ce9e82339e Mon Sep 17 00:00:00 2001 -From: haozi007 -Date: Mon, 8 Aug 2022 16:46:22 +0800 -Subject: [PATCH 10/21] ensure read string must have space store null char - -Signed-off-by: haozi007 ---- - src/cmd/isulad-shim/process.c | 2 +- - src/daemon/entry/cri/sysctl_tools.c | 4 ++-- - src/daemon/modules/runtime/isula/isula_rt_ops.c | 2 +- - src/daemon/modules/runtime/shim/shim_rt_ops.c | 8 ++++---- - src/utils/tar/util_archive.c | 4 ++-- - src/utils/tar/util_gzip.c | 2 +- - 6 files changed, 11 insertions(+), 11 deletions(-) - -diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c -index cb859920..4d665b26 100644 ---- a/src/cmd/isulad-shim/process.c -+++ b/src/cmd/isulad-shim/process.c -@@ -1166,7 +1166,7 @@ int create_process(process_t *p) - close_fd(&p->stdio->err); - close_fd(&p->stdio->resize); - } -- nread = read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff)); -+ nread = read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1); - if (nread > 0) { - write_message(g_log_fd, ERR_MSG, "runtime error"); - ret = SHIM_ERR; -diff --git a/src/daemon/entry/cri/sysctl_tools.c b/src/daemon/entry/cri/sysctl_tools.c -index 9883f9ff..257ccf8f 100644 ---- a/src/daemon/entry/cri/sysctl_tools.c -+++ b/src/daemon/entry/cri/sysctl_tools.c -@@ -31,7 +31,7 @@ int get_sysctl(const char *sysctl, char **err) - int fd = -1; - ssize_t rsize; - char fullpath[PATH_MAX] = { 0 }; -- char buff[MAX_BUFFER_SIZE] = { 0 }; -+ char buff[MAX_BUFFER_SIZE + 1] = { 0 }; - - ret = snprintf(fullpath, PATH_MAX, "%s/%s", SYSCTL_BASE, sysctl); - if (ret < 0 || ret >= PATH_MAX) { -@@ -46,7 +46,7 @@ int get_sysctl(const char *sysctl, char **err) - } - goto free_out; - } -- rsize = util_read_nointr(fd, buff, MAX_BUFFER_SIZE); -+ rsize = util_read_nointr(fd, buff, sizeof(buff) - 1); - if (rsize <= 0) { - if (asprintf(err, "Read file failed: %s", strerror(errno)) < 0) { - *err = util_strdup_s("Out of memory"); -diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c -index 42f1cda6..2ccdde2e 100644 ---- a/src/daemon/modules/runtime/isula/isula_rt_ops.c -+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c -@@ -712,7 +712,7 @@ realexec: - } - - close(exec_fd[1]); -- num = util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff)); -+ num = util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1); - close(exec_fd[0]); - if (num > 0) { - ERROR("exec failed: %s", exec_buff); -diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c -index 21d339e5..9c9446a8 100644 ---- a/src/daemon/modules/runtime/shim/shim_rt_ops.c -+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c -@@ -110,7 +110,7 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w - int err_fd[2] = {-1, -1}; - int out_fd[2] = {-1, -1}; - char exec_buff[BUFSIZ + 1] = {0}; -- char stdout_buff[PATH_MAX] = {0}; -+ char stdout_buff[PATH_MAX + 1] = {0}; - char stderr_buff[BUFSIZ + 1] = {0}; - - -@@ -186,7 +186,7 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w - } - - close(exec_fd[1]); -- if (util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff)) > 0) { -+ if (util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1) > 0) { - ERROR("exec failed: %s", exec_buff); - ret = -1; - goto out; -@@ -203,10 +203,10 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w - status = status_to_exit_code(status); - - close(out_fd[1]); -- util_read_nointr(out_fd[0], stdout_buff, sizeof(stdout_buff)); -+ util_read_nointr(out_fd[0], stdout_buff, sizeof(stdout_buff) - 1); - close(out_fd[0]); - close(err_fd[1]); -- util_read_nointr(err_fd[0], stderr_buff, sizeof(stderr_buff)); -+ util_read_nointr(err_fd[0], stderr_buff, sizeof(stderr_buff) - 1); - close(err_fd[0]); - - if (status != 0) { -diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c -index 1128b947..da814c94 100644 ---- a/src/utils/tar/util_archive.c -+++ b/src/utils/tar/util_archive.c -@@ -596,7 +596,7 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co - pid_t pid = -1; - int keepfds[] = { -1, -1, -1 }; - int pipe_stderr[2] = { -1, -1 }; -- char errbuf[BUFSIZ] = { 0 }; -+ char errbuf[BUFSIZ + 1] = { 0 }; - - if (pipe2(pipe_stderr, O_CLOEXEC) != 0) { - ERROR("Failed to create pipe"); -@@ -980,7 +980,7 @@ int archive_chroot_tar(char *path, char *file, char **errmsg) - pid_t pid; - int pipe_for_read[2] = { -1, -1 }; - int keepfds[] = { -1, -1 }; -- char errbuf[BUFSIZ] = { 0 }; -+ char errbuf[BUFSIZ + 1] = { 0 }; - int fd = 0; - - if (pipe2(pipe_for_read, O_CLOEXEC) != 0) { -diff --git a/src/utils/tar/util_gzip.c b/src/utils/tar/util_gzip.c -index 9b17e9d7..5c34d719 100644 ---- a/src/utils/tar/util_gzip.c -+++ b/src/utils/tar/util_gzip.c -@@ -203,7 +203,7 @@ int gzip(const char *filename, size_t len) - } - - ssize_t size_read = 0; -- char buffer[BUFSIZ] = { 0 }; -+ char buffer[BUFSIZ + 1] = { 0 }; - - close(pipefd[1]); - --- -2.25.1 - diff --git a/0011-remove-unused-include-files.patch b/0011-remove-unused-include-files.patch deleted file mode 100644 index 83fa3fa..0000000 --- a/0011-remove-unused-include-files.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 448e4c5b0327916c05d8354e4e99565de7a8129d Mon Sep 17 00:00:00 2001 -From: haozi007 -Date: Tue, 9 Aug 2022 14:36:33 +0800 -Subject: [PATCH 11/21] remove unused include files - -Signed-off-by: haozi007 ---- - .../storage/layer_store/graphdriver/quota/project_quota.h | 1 - - src/utils/cutils/utils_network.c | 7 ------- - 2 files changed, 8 deletions(-) - -diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h -index 2aae6bcd..94230faa 100644 ---- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h -+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.h -@@ -35,7 +35,6 @@ - #include - #include - #include --#include - #include - #include - #include -diff --git a/src/utils/cutils/utils_network.c b/src/utils/cutils/utils_network.c -index 5192d06f..c77edc3c 100644 ---- a/src/utils/cutils/utils_network.c -+++ b/src/utils/cutils/utils_network.c -@@ -18,19 +18,12 @@ - #include "utils_network.h" - - #include --#include - #include - #include - #include --#include --#include - #include --#include - - #include "utils.h" --#include "utils_fs.h" --#include "utils_file.h" --#include "constants.h" - - int util_create_netns_file(const char *netns_path) - { --- -2.25.1 - diff --git a/0012-fix-lose-override-flag.patch b/0012-fix-lose-override-flag.patch deleted file mode 100644 index bd478f5..0000000 --- a/0012-fix-lose-override-flag.patch +++ /dev/null @@ -1,25 +0,0 @@ -From ec627e1564baf4e77311c917bde9bddf23b63b9b Mon Sep 17 00:00:00 2001 -From: haozi007 -Date: Wed, 10 Aug 2022 17:40:36 +0800 -Subject: [PATCH 12/21] fix lose override flag - -Signed-off-by: haozi007 ---- - src/daemon/entry/cri/websocket/service/exec_serve.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/daemon/entry/cri/websocket/service/exec_serve.h b/src/daemon/entry/cri/websocket/service/exec_serve.h -index 65ee6b3a..3f84e0c8 100644 ---- a/src/daemon/entry/cri/websocket/service/exec_serve.h -+++ b/src/daemon/entry/cri/websocket/service/exec_serve.h -@@ -37,6 +37,6 @@ private: - virtual void *SetContainerStreamRequest(::google::protobuf::Message *grequest, const std::string &suffix) override; - virtual int ExecuteStreamCommand(SessionData *lwsCtx, void *request) override; - virtual void CloseConnect(SessionData *lwsCtx) override; -- virtual void FreeRequest(void *m_request); -+ virtual void FreeRequest(void *m_request) override; - }; - #endif // DAEMON_ENTRY_CRI_WEBSOCKET_SERVICE_EXEC_SERVE_H --- -2.25.1 - diff --git a/0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch b/0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch deleted file mode 100644 index e1d6758..0000000 --- a/0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch +++ /dev/null @@ -1,38 +0,0 @@ -From e524923aeeeb96f999dd153ea51f778289fade52 Mon Sep 17 00:00:00 2001 -From: zhongtao -Date: Fri, 12 Aug 2022 17:17:44 +0800 -Subject: [PATCH 13/21] Add read and execute permissions for libhttpclient.so - and libisulad_tools.so for other users, so that non-root users who join the - isula group can use the isula command normally - ---- - src/CMakeLists.txt | 2 +- - src/utils/http/CMakeLists.txt | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt -index b8843f16..65bcb978 100644 ---- a/src/CMakeLists.txt -+++ b/src/CMakeLists.txt -@@ -197,7 +197,7 @@ endif() - - # ------ install binary -------- - install(TARGETS libisulad_tools -- ${INSTALL_TYPE} DESTINATION ${LIB_INSTALL_DIR_DEFAULT} PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE) -+ ${INSTALL_TYPE} DESTINATION ${LIB_INSTALL_DIR_DEFAULT} PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - install(TARGETS libisula - ${INSTALL_TYPE} DESTINATION ${LIB_INSTALL_DIR_DEFAULT} PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - install(TARGETS isula -diff --git a/src/utils/http/CMakeLists.txt b/src/utils/http/CMakeLists.txt -index 0937cfab..ad7d0747 100644 ---- a/src/utils/http/CMakeLists.txt -+++ b/src/utils/http/CMakeLists.txt -@@ -29,4 +29,4 @@ if (ISULAD_GCOV) - endif() - - install(TARGETS libhttpclient -- ${INSTALL_TYPE} DESTINATION ${LIB_INSTALL_DIR_DEFAULT} PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE) -+ ${INSTALL_TYPE} DESTINATION ${LIB_INSTALL_DIR_DEFAULT} PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) --- -2.25.1 - diff --git a/0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch b/0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch deleted file mode 100644 index 7a7a6d0..0000000 --- a/0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch +++ /dev/null @@ -1,27 +0,0 @@ -From dfcd1cbd6403af11d7afed96b0c8e3ca292722f9 Mon Sep 17 00:00:00 2001 -From: "Neil.wrz" -Date: Fri, 12 Aug 2022 15:30:50 -0700 -Subject: [PATCH 14/21] fix exec_request_to_rest forgot to handle suffix - -Signed-off-by: Neil.wrz ---- - src/client/connect/rest/rest_containers_client.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/client/connect/rest/rest_containers_client.c b/src/client/connect/rest/rest_containers_client.c -index 7e549339..dfa20c75 100644 ---- a/src/client/connect/rest/rest_containers_client.c -+++ b/src/client/connect/rest/rest_containers_client.c -@@ -1620,6 +1620,9 @@ static int exec_request_to_rest(const struct isula_exec_request *le_request, cha - if (le_request->stderr != NULL) { - crequest->stderr = util_strdup_s(le_request->stderr); - } -+ if (le_request->suffix != NULL) { -+ crequest->suffix = util_strdup_s(le_request->suffix); -+ } - - int i = 0; - if (le_request->argc > 0) { --- -2.25.1 - diff --git a/0015-add-fuzz-dict.patch b/0015-add-fuzz-dict.patch deleted file mode 100644 index 51a99e4..0000000 --- a/0015-add-fuzz-dict.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 13c9523f3f69bafc62be8465dea235bdc7e6df4f Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Thu, 11 Aug 2022 20:30:48 +0800 -Subject: [PATCH 15/21] add fuzz dict - -Signed-off-by: WangFengTu ---- - test/fuzz/dict/test_volume_mount_spec_fuzz.dict | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/test/fuzz/dict/test_volume_mount_spec_fuzz.dict b/test/fuzz/dict/test_volume_mount_spec_fuzz.dict -index 8ef79c0b..39ae41df 100644 ---- a/test/fuzz/dict/test_volume_mount_spec_fuzz.dict -+++ b/test/fuzz/dict/test_volume_mount_spec_fuzz.dict -@@ -31,4 +31,11 @@ - "bind-selinux-opts" - "selinux-opts" - "volume-nocopy" -+"volume-nocopy=true" -+"volume-nocopy=false" - "empty" -+"type=bind,src=/bind,dst=/bind,volume-nocopy=true,volume-nocopy=true" -+"type=bind,src=/bind,dst=/bind" -+"type=tmpfs,dst=/tmpfs,volume-nocopy=true" -+"type=squashfs,src=/bind,dst=/tmpfs" -+"type=squashfs,src=/,dst=/tmpfs" --- -2.25.1 - diff --git a/0016-clang-analyzer-ensure-agrument-with-nonnull-attirbut.patch b/0016-clang-analyzer-ensure-agrument-with-nonnull-attirbut.patch deleted file mode 100644 index b832840..0000000 --- a/0016-clang-analyzer-ensure-agrument-with-nonnull-attirbut.patch +++ /dev/null @@ -1,121 +0,0 @@ -From 9d365a82ceea7e50bce8069a9b14a529b6467299 Mon Sep 17 00:00:00 2001 -From: haozi007 -Date: Mon, 15 Aug 2022 19:34:42 +0800 -Subject: [PATCH 16/21] [clang-analyzer] ensure agrument with nonnull attirbute - passed nonnull - -Signed-off-by: haozi007 ---- - src/daemon/executor/container_cb/execution_create.c | 3 ++- - .../storage/layer_store/graphdriver/devmapper/deviceset.c | 8 +++----- - .../layer_store/graphdriver/devmapper/wrapper_devmapper.c | 4 ++-- - src/daemon/modules/spec/specs_mount.c | 6 ++++-- - src/utils/cutils/utils_file.c | 3 +-- - 5 files changed, 12 insertions(+), 12 deletions(-) - -diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c -index 626cfbc6..da01a57f 100644 ---- a/src/daemon/executor/container_cb/execution_create.c -+++ b/src/daemon/executor/container_cb/execution_create.c -@@ -833,7 +833,8 @@ static int prepare_host_channel(const host_config_host_channel *host_channel, co - } - #endif - -- if (host_channel == NULL) { -+ if (host_channel == NULL || host_channel->path_on_host == NULL) { -+ DEBUG("Host channel is not setting."); - goto out; - } - if (util_dir_exists(host_channel->path_on_host)) { -diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c -index 10c7fafd..78d8737d 100644 ---- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c -+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c -@@ -3340,15 +3340,14 @@ static int umount_deactivate_dev_all(const struct device_set *devset) - mnt_root = util_path_join(devset->root, "mnt"); - if (mnt_root == NULL) { - ERROR("devmapper:join path %s/mnt failed", devset->root); -- ret = -1; -- goto out; -+ return -1; - } - - dp = opendir(mnt_root); - if (dp == NULL) { - ERROR("devmapper: open dir %s failed", mnt_root); -- ret = -1; -- goto out; -+ free(mnt_root); -+ return -1; - } - - // Do my best to umount all of the device that has been mounted -@@ -3398,7 +3397,6 @@ static int umount_deactivate_dev_all(const struct device_set *devset) - devmapper_device_info_ref_dec(device_info); - } - --out: - closedir(dp); - free(mnt_root); - return ret; -diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c -index 07d64318..8a1dfff5 100644 ---- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c -+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c -@@ -393,13 +393,13 @@ void dev_udev_wait(uint32_t cookie) - - if (gettimeofday(&start, NULL) != 0) { - ERROR("devmapper: get time failed"); -- goto free_out; -+ return; - } - - uwait = util_common_calloc_s(sizeof(udev_wait_pth_t)); - if (uwait == NULL) { - ERROR("Out of memory"); -- goto free_out; -+ return; - } - uwait->cookie = cookie; - uwait->state = DEV_INIT; -diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c -index 8966293f..12f66d8c 100644 ---- a/src/daemon/modules/spec/specs_mount.c -+++ b/src/daemon/modules/spec/specs_mount.c -@@ -3358,7 +3358,7 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai - - /* mounts to mount filesystem */ - ret = merge_fs_mounts_to_v2_spec(all_fs_mounts, all_fs_mounts_len, v2_spec); -- if (ret) { -+ if (ret != 0) { - ERROR("Failed to merge mounts in to v2 spec"); - goto out; - } -@@ -3404,7 +3404,9 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai - } - } - -- qsort(all_fs_mounts, all_fs_mounts_len, sizeof(all_fs_mounts[0]), destination_compare); -+ if (all_fs_mounts_len > 0) { -+ qsort(all_fs_mounts, all_fs_mounts_len, sizeof(all_fs_mounts[0]), destination_compare); -+ } - - ret = merge_fs_mounts_to_oci_spec(oci_spec, all_fs_mounts, all_fs_mounts_len); - if (ret) { -diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c -index 00f586f1..67e7a707 100644 ---- a/src/utils/cutils/utils_file.c -+++ b/src/utils/cutils/utils_file.c -@@ -1531,8 +1531,7 @@ int util_atomic_write_file(const char *fname, const char *content, size_t conten - tmp_file = get_random_tmp_file(fname); - if (tmp_file == NULL) { - ERROR("Failed to get tmp file for %s", fname); -- ret = -1; -- goto free_out; -+ return -1; - } - - ret = do_atomic_write_file(tmp_file, content, content_len, mode, sync); --- -2.25.1 - diff --git a/0017-change-default-umask-to-0022.patch b/0017-change-default-umask-to-0022.patch deleted file mode 100644 index 00d40c7..0000000 --- a/0017-change-default-umask-to-0022.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 53ba0431c50a618bee0e17315ec176e6c400ed86 Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Mon, 15 Aug 2022 19:41:27 +0800 -Subject: [PATCH 17/21] change default umask to 0022 - -Signed-off-by: WangFengTu ---- - src/contrib/config/daemon.json | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/contrib/config/daemon.json b/src/contrib/config/daemon.json -index 92cd6c47..75fc25ad 100644 ---- a/src/contrib/config/daemon.json -+++ b/src/contrib/config/daemon.json -@@ -27,7 +27,7 @@ - "insecure-registries": [ - ], - "pod-sandbox-image": "", -- "native.umask": "secure", -+ "native.umask": "normal", - "network-plugin": "", - "cni-bin-dir": "", - "cni-conf-dir": "", --- -2.25.1 - diff --git a/0018-clang-analyzer-remove-dead-assignment.patch b/0018-clang-analyzer-remove-dead-assignment.patch deleted file mode 100644 index 2b68790..0000000 --- a/0018-clang-analyzer-remove-dead-assignment.patch +++ /dev/null @@ -1,208 +0,0 @@ -From 348c79c8ee9379f5237d1fdbcdb3678c9a9e9527 Mon Sep 17 00:00:00 2001 -From: haozi007 -Date: Tue, 16 Aug 2022 10:23:39 +0800 -Subject: [PATCH 18/21] [clang-analyzer] remove dead assignment - -Signed-off-by: haozi007 ---- - src/cmd/isulad-shim/process.c | 2 +- - src/cmd/options/opt_log.c | 4 ++++ - src/daemon/executor/container_cb/execution_network.c | 1 - - src/daemon/modules/image/oci/oci_import.c | 2 -- - src/daemon/modules/image/oci/registry/auths.c | 2 +- - src/daemon/modules/image/oci/registry/registry.c | 4 +--- - .../graphdriver/overlay2/driver_overlay2.c | 2 +- - .../image/oci/storage/layer_store/layer_store.c | 12 ++++++++---- - src/daemon/modules/log/log_gather.c | 1 - - src/daemon/modules/plugin/plugin.c | 1 - - src/utils/cutils/map/map.c | 2 +- - src/utils/cutils/path.c | 2 +- - 12 files changed, 18 insertions(+), 17 deletions(-) - -diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c -index 4d665b26..c8ce7a44 100644 ---- a/src/cmd/isulad-shim/process.c -+++ b/src/cmd/isulad-shim/process.c -@@ -297,7 +297,7 @@ static void *do_io_copy(void *data) - } - - fd_node_t *fn = ioc->fd_to; -- fd_node_t *next = fn; -+ fd_node_t *next = NULL; - for (; fn != NULL; fn = next) { - next = fn->next; - if (fn->is_log) { -diff --git a/src/cmd/options/opt_log.c b/src/cmd/options/opt_log.c -index 7ec7591f..b1abcfaf 100644 ---- a/src/cmd/options/opt_log.c -+++ b/src/cmd/options/opt_log.c -@@ -162,6 +162,10 @@ bool parse_container_log_opt(const char *key, const char *val, json_map_string_s - } - nret = append_json_map_string_string(opts, support_parsers[i].real_key, parsed_val); - free(parsed_val); -+ if (nret != 0) { -+ ERROR("Out of memory."); -+ return false; -+ } - return true; - } - } -diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c -index 6ca79a8c..fa0ec612 100644 ---- a/src/daemon/executor/container_cb/execution_network.c -+++ b/src/daemon/executor/container_cb/execution_network.c -@@ -625,7 +625,6 @@ static int merge_resolv(const host_config *host_spec, const char *rootfs, const - if (ret != 0) { - WARN("Failed to handle resolv config %s, skip", pline); - free(tmp_content); -- ret = 0; - } else { - free(content); - content = tmp_content; -diff --git a/src/daemon/modules/image/oci/oci_import.c b/src/daemon/modules/image/oci/oci_import.c -index ae2f547a..335ee8d4 100644 ---- a/src/daemon/modules/image/oci/oci_import.c -+++ b/src/daemon/modules/image/oci/oci_import.c -@@ -335,8 +335,6 @@ static int register_image(import_desc *desc) - ret = -1; - goto out; - } -- -- ret = 0; - } - - image_created = true; -diff --git a/src/daemon/modules/image/oci/registry/auths.c b/src/daemon/modules/image/oci/registry/auths.c -index 02b9753c..a95127f2 100644 ---- a/src/daemon/modules/image/oci/registry/auths.c -+++ b/src/daemon/modules/image/oci/registry/auths.c -@@ -218,7 +218,7 @@ out: - free(err); - err = NULL; - -- return 0; -+ return ret; - } - - static int add_allocated_auth(registry_auths *auths, char *host, char *auth) -diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c -index e6369f90..17464c34 100644 ---- a/src/daemon/modules/image/oci/registry/registry.c -+++ b/src/daemon/modules/image/oci/registry/registry.c -@@ -696,6 +696,7 @@ static int create_image(pull_descriptor *desc, char *image_id, bool *reuse) - goto out; - } - -+ *reuse = false; - ret = storage_img_create(image_id, top_layer_id, NULL, &opts); - if (ret != 0) { - pre_top_layer = storage_get_img_top_layer(image_id); -@@ -712,10 +713,7 @@ static int create_image(pull_descriptor *desc, char *image_id, bool *reuse) - goto out; - } - -- ret = 0; - *reuse = true; -- } else { -- *reuse = false; - } - - ret = storage_img_add_name(image_id, desc->dest_image_name); -diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c -index 7a45f880..eac40eb4 100644 ---- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c -+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c -@@ -475,7 +475,7 @@ static int do_diff_symlink(const char *id, char *link_id, const char *driver_hom - } - - nret = symlink(target_path, clean_path); -- if (ret < 0) { -+ if (nret < 0) { - SYSERROR("Failed to create symlink from \"%s\" to \"%s\"", clean_path, target_path); - ret = -1; - goto out; -diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c -index 208bb3bc..cd18c6aa 100644 ---- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c -+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c -@@ -885,12 +885,12 @@ static char *caculate_playload(struct archive *ar) - break; - } - if (r != ARCHIVE_OK) { -- nret = -1; -- break; -+ ERROR("Read archive failed"); -+ goto out; - } - if (!isula_crc_update(ctab, &crc, block_buf, block_size)) { -- nret = -1; -- break; -+ ERROR("Do crc update failed"); -+ goto out; - } - empty = false; - } -@@ -930,6 +930,10 @@ static int archive_entry_parse(struct archive_entry *entry, struct archive *ar, - sentry.position = position; - // caculate playload - sentry.payload = caculate_playload(ar); -+ if (sentry.payload == NULL) { -+ ERROR("Caculate playload failed."); -+ goto out; -+ } - - data = storage_entry_generate_json(&sentry, &ctx, &jerr); - if (data == NULL) { -diff --git a/src/daemon/modules/log/log_gather.c b/src/daemon/modules/log/log_gather.c -index 51c112a3..49facaa2 100644 ---- a/src/daemon/modules/log/log_gather.c -+++ b/src/daemon/modules/log/log_gather.c -@@ -342,7 +342,6 @@ static int init_log(const struct log_gather_conf *lgconf) - break; - case LOG_GATHER_DRIVER_NOSET: - g_save_log_op = write_into_stdout; -- driver = LOG_GATHER_DRIVER_STDOUT; - COMMAND_ERROR("Unset log driver, use stderr to log."); - break; - default: -diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c -index 501271ae..725bca5b 100644 ---- a/src/daemon/modules/plugin/plugin.c -+++ b/src/daemon/modules/plugin/plugin.c -@@ -1268,7 +1268,6 @@ int pm_init(void) - - ret = pthread_rwlock_init(&gpm->pm_rwlock, NULL); - if (ret != 0) { -- ret = -1; - goto bad; - } - -diff --git a/src/utils/cutils/map/map.c b/src/utils/cutils/map/map.c -index 2fe96a54..cca04fe5 100644 ---- a/src/utils/cutils/map/map.c -+++ b/src/utils/cutils/map/map.c -@@ -340,7 +340,7 @@ map_t *map_new(map_type_t kvtype, map_cmp_func comparator, map_kvfree_func kvfre - } else { - freer = kvfree; - } -- cmpor = comparator; -+ - if (is_key_ptr(kvtype) && (comparator == MAP_DEFAULT_CMP_FUNC)) { - cmpor = rbtree_ptr_cmp; - } else if (is_key_int(kvtype) && (comparator == MAP_DEFAULT_CMP_FUNC)) { -diff --git a/src/utils/cutils/path.c b/src/utils/cutils/path.c -index 2446f479..79cd7af6 100644 ---- a/src/utils/cutils/path.c -+++ b/src/utils/cutils/path.c -@@ -55,7 +55,7 @@ static int do_clean_path(const char *respath, const char *limit_respath, const c - char *dest = *dst; - const char *endpos = NULL; - -- for (endpos = stpos; *stpos; stpos = endpos) { -+ for (; *stpos; stpos = endpos) { - while (ISSLASH(*stpos)) { - ++stpos; - } --- -2.25.1 - diff --git a/0019-clang-anaylzer-ensure-derenference-of-non-null-point.patch b/0019-clang-anaylzer-ensure-derenference-of-non-null-point.patch deleted file mode 100644 index a3e841c..0000000 --- a/0019-clang-anaylzer-ensure-derenference-of-non-null-point.patch +++ /dev/null @@ -1,188 +0,0 @@ -From befc89eb26ff693ecb4fc5209985da9183bfd796 Mon Sep 17 00:00:00 2001 -From: haozi007 -Date: Tue, 16 Aug 2022 16:12:13 +0800 -Subject: [PATCH 19/21] [clang-anaylzer] ensure derenference of non-null - pointer - -1. ensure derenference non-null pointer; -2. fix double free; - -Signed-off-by: haozi007 ---- - src/cmd/isula/information/ps.c | 5 ++--- - .../entry/cri/cri_pod_sandbox_manager_service_impl.cc | 2 +- - src/daemon/executor/image_cb/image_cb.c | 10 ++++------ - .../modules/container/container_events_handler.c | 3 +-- - .../modules/container/health_check/health_check.c | 3 ++- - src/daemon/modules/image/oci/registry/http_request.c | 5 ++--- - .../image/oci/storage/image_store/image_store.c | 2 +- - src/daemon/modules/spec/specs.c | 5 +++-- - 8 files changed, 16 insertions(+), 19 deletions(-) - -diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c -index 805cbbd6..71c01acb 100644 ---- a/src/cmd/isula/information/ps.c -+++ b/src/cmd/isula/information/ps.c -@@ -731,6 +731,7 @@ static int append_first_non_header_field(const char *index, struct filters *ff) - goto out; - } - tmp->name = first_non_field; -+ first_non_field = NULL; - tmp->is_field = false; - if (append_field(ff, tmp) != 0) { - ERROR("Failed to append field"); -@@ -738,7 +739,6 @@ static int append_first_non_header_field(const char *index, struct filters *ff) - goto out; - } - tmp = NULL; -- first_non_field = NULL; - - out: - free_filter_field(tmp); -@@ -870,15 +870,14 @@ static int append_header_item_field(const char *index, const char *prefix, const - goto out; - } - field->name = filter_string; -+ filter_string = NULL; - field->is_field = true; - if (append_field(ff, field) != 0) { - ERROR("Failed to append field"); - ret = -1; - goto out; - } -- - field = NULL; -- filter_string = NULL; - - out: - free(sub_patten); -diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -index f0c0c6bb..fc0616e8 100644 ---- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -@@ -851,7 +851,7 @@ auto PodSandboxManagerServiceImpl::RemoveAllContainersInSandbox(const std::strin - } - - // Remove all containers in the sandbox. -- for (size_t i = 0; i < list_response->containers_len; i++) { -+ for (size_t i = 0; list_response != nullptr && i < list_response->containers_len; i++) { - Errors rmError; - CRIHelpers::RemoveContainer(m_cb, list_response->containers[i]->id, rmError); - if (rmError.NotEmpty() && !CRIHelpers::IsContainerNotFoundError(rmError.GetMessage())) { -diff --git a/src/daemon/executor/image_cb/image_cb.c b/src/daemon/executor/image_cb/image_cb.c -index 75ae7b74..55e12d51 100644 ---- a/src/daemon/executor/image_cb/image_cb.c -+++ b/src/daemon/executor/image_cb/image_cb.c -@@ -1009,8 +1009,7 @@ static int image_pull_cb(const image_pull_image_request *request, image_pull_ima - *response = util_common_calloc_s(sizeof(image_pull_image_response)); - if (*response == NULL) { - ERROR("Out of memory"); -- cc = ISULAD_ERR_MEMOUT; -- goto out; -+ return ISULAD_ERR_MEMOUT; - } - - EVENT("Image Event: {Object: %s, Type: Pulling}", request->image_name); -@@ -1030,12 +1029,11 @@ static int image_pull_cb(const image_pull_image_request *request, image_pull_ima - EVENT("Image Event: {Object: %s, Type: Pulled}", request->image_name); - - out: -- if (*response != NULL) { -- (*response)->image_ref = util_strdup_s(im_rsp->image_ref); -- (*response)->cc = cc; -+ (*response)->cc = cc; -+ if (im_rsp != NULL) { - (*response)->errmsg = util_strdup_s(im_rsp->errmsg); -+ (*response)->image_ref = util_strdup_s(im_rsp->image_ref); - } -- - free_im_pull_request(im_req); - free_im_pull_response(im_rsp); - -diff --git a/src/daemon/modules/container/container_events_handler.c b/src/daemon/modules/container/container_events_handler.c -index 994c11cc..55dbfbe6 100644 ---- a/src/daemon/modules/container/container_events_handler.c -+++ b/src/daemon/modules/container/container_events_handler.c -@@ -282,8 +282,7 @@ int container_events_handler_post_events(const struct isulad_events_format *even - cont = containers_store_get(event->id); - if (cont == NULL) { - ERROR("No such container:%s", event->id); -- ret = -1; -- goto out; -+ return -1; - } - - it = util_common_calloc_s(sizeof(struct linked_list)); -diff --git a/src/daemon/modules/container/health_check/health_check.c b/src/daemon/modules/container/health_check/health_check.c -index 273d3531..e9dcbdb9 100644 ---- a/src/daemon/modules/container/health_check/health_check.c -+++ b/src/daemon/modules/container/health_check/health_check.c -@@ -813,7 +813,8 @@ static void *health_check_monitor(void *arg) - cont = containers_store_get(container_id); - if (cont == NULL) { - ERROR("Failed to get container info"); -- goto out; -+ free(container_id); -+ return NULL; - } - set_monitor_exist_flag(cont->health_check, true); - if (util_get_now_time_stamp(&start_timestamp) == false) { -diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c -index e812f947..f29c2017 100644 ---- a/src/daemon/modules/image/oci/registry/http_request.c -+++ b/src/daemon/modules/image/oci/registry/http_request.c -@@ -704,9 +704,8 @@ int http_request_file(pull_descriptor *desc, const char *url, const char **custo - - options = util_common_calloc_s(sizeof(struct http_get_options)); - if (options == NULL) { -- ERROR("Failed to malloc http_get_options"); -- ret = -1; -- goto out; -+ ERROR("Out of memory"); -+ return -1; - } - - memset(options, 0x00, sizeof(struct http_get_options)); -diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c -index 3ee69ee7..9dab66fd 100644 ---- a/src/daemon/modules/image/oci/storage/image_store/image_store.c -+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c -@@ -2026,7 +2026,7 @@ static bool validate_digest(const char *digest) - char *encode = NULL; - - // contains ':' and is not the last character -- if (index == NULL && index - value + 1 == strlen(value)) { -+ if (index == NULL || index - value + 1 == strlen(value)) { - INFO("Invalid checksum digest format"); - ret = false; - goto out; -diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c -index cf4aa111..44e38674 100644 ---- a/src/daemon/modules/spec/specs.c -+++ b/src/daemon/modules/spec/specs.c -@@ -1794,12 +1794,12 @@ int parse_security_opt(const host_config *host_spec, bool *no_new_privileges, ch - continue; - } - -- if (split_security_opt(host_spec->security_opt[i], &items, &items_size)) { -+ if (split_security_opt(host_spec->security_opt[i], &items, &items_size) != 0) { - ret = -1; - goto out; - } - -- if (items_size != 2) { -+ if (items == NULL || items_size != 2) { - ERROR("invalid --security-opt: %s", host_spec->security_opt[i]); - ret = -1; - goto out; -@@ -1823,6 +1823,7 @@ int parse_security_opt(const host_config *host_spec, bool *no_new_privileges, ch - } - util_free_array(items); - items = NULL; -+ items_size = 0; - } - - out: --- -2.25.1 - diff --git a/0020-do-clean-path-and-check-if-file-exist.patch b/0020-do-clean-path-and-check-if-file-exist.patch deleted file mode 100644 index 64377a1..0000000 --- a/0020-do-clean-path-and-check-if-file-exist.patch +++ /dev/null @@ -1,141 +0,0 @@ -From 2cc83682862c28c05f68c0070b26f8dfa36bd2f7 Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Tue, 16 Aug 2022 10:07:09 +0800 -Subject: [PATCH 20/21] do clean path and check if file exist - -Signed-off-by: WangFengTu ---- - src/daemon/executor/image_cb/image_cb.c | 19 +++++++++++++++++-- - src/daemon/modules/image/oci/oci_export.c | 20 ++++++++++++++++++-- - 2 files changed, 35 insertions(+), 4 deletions(-) - -diff --git a/src/daemon/executor/image_cb/image_cb.c b/src/daemon/executor/image_cb/image_cb.c -index 55e12d51..5beda5f4 100644 ---- a/src/daemon/executor/image_cb/image_cb.c -+++ b/src/daemon/executor/image_cb/image_cb.c -@@ -55,11 +55,13 @@ - #include "utils_regex.h" - #include "utils_timestamp.h" - #include "utils_verify.h" -+#include "path.h" - - static int do_import_image(const char *file, const char *tag, char **id) - { - int ret = 0; - im_import_request *request = NULL; -+ char cleanpath[PATH_MAX] = { 0 }; - - if (file == NULL || tag == NULL || id == NULL) { - ERROR("Invalid input arguments"); -@@ -67,6 +69,12 @@ static int do_import_image(const char *file, const char *tag, char **id) - goto out; - } - -+ if (util_clean_path(file, cleanpath, sizeof(cleanpath)) == NULL) { -+ ERROR("clean path for %s failed", file); -+ ret = -1; -+ goto out; -+ } -+ - request = util_common_calloc_s(sizeof(im_import_request)); - if (request == NULL) { - ERROR("Out of memory"); -@@ -75,7 +83,7 @@ static int do_import_image(const char *file, const char *tag, char **id) - } - - request->tag = util_strdup_s(tag); -- request->file = util_strdup_s(file); -+ request->file = util_strdup_s(cleanpath); - - ret = im_import_image(request, id); - if (ret != 0) { -@@ -147,6 +155,7 @@ static int do_load_image(const char *file, const char *tag, const char *type) - int ret = 0; - im_load_request *request = NULL; - im_load_response *response = NULL; -+ char cleanpath[PATH_MAX] = { 0 }; - - if (file == NULL || type == NULL) { - ERROR("Invalid input arguments"); -@@ -154,6 +163,12 @@ static int do_load_image(const char *file, const char *tag, const char *type) - goto out; - } - -+ if (util_clean_path(file, cleanpath, sizeof(cleanpath)) == NULL) { -+ ERROR("clean path for %s failed", file); -+ ret = -1; -+ goto out; -+ } -+ - request = util_common_calloc_s(sizeof(im_load_request)); - if (request == NULL) { - ERROR("Out of memory"); -@@ -163,7 +178,7 @@ static int do_load_image(const char *file, const char *tag, const char *type) - if (tag != NULL) { - request->tag = util_strdup_s(tag); - } -- request->file = util_strdup_s(file); -+ request->file = util_strdup_s(cleanpath); - request->type = util_strdup_s(type); - - ret = im_load_image(request, &response); -diff --git a/src/daemon/modules/image/oci/oci_export.c b/src/daemon/modules/image/oci/oci_export.c -index 4b9d5183..e27ed6d8 100644 ---- a/src/daemon/modules/image/oci/oci_export.c -+++ b/src/daemon/modules/image/oci/oci_export.c -@@ -15,11 +15,14 @@ - #include "oci_export.h" - #include - #include -+#include - - #include "storage.h" - #include "isula_libutils/log.h" - #include "err_msg.h" - #include "util_archive.h" -+#include "path.h" -+#include "utils_file.h" - - int oci_do_export(char *id, char *file) - { -@@ -27,12 +30,25 @@ int oci_do_export(char *id, char *file) - int ret2 = 0; - char *mount_point = NULL; - char *errmsg = NULL; -+ char cleanpath[PATH_MAX] = { 0 }; - - if (id == NULL || file == NULL) { - ERROR("Invalid NULL param"); - return -1; - } - -+ if (util_clean_path(file, cleanpath, sizeof(cleanpath)) == NULL) { -+ ERROR("clean path for %s failed", file); -+ ret = -1; -+ goto out; -+ } -+ -+ if (util_fileself_exists(cleanpath)) { -+ ERROR("dst file %s exist", cleanpath); -+ ret = -1; -+ goto out; -+ } -+ - mount_point = storage_rootfs_mount(id); - if (mount_point == NULL) { - ERROR("mount container %s failed", id); -@@ -40,9 +56,9 @@ int oci_do_export(char *id, char *file) - return -1; - } - -- ret = archive_chroot_tar(mount_point, file, &errmsg); -+ ret = archive_chroot_tar(mount_point, cleanpath, &errmsg); - if (ret != 0) { -- ERROR("failed to export container %s to file %s: %s", id, file, errmsg); -+ ERROR("failed to export container %s to file %s: %s", id, cleanpath, errmsg); - isulad_set_error_message("Failed to export rootfs with error: %s", errmsg); - goto out; - } --- -2.25.1 - diff --git a/0021-clang-analyzer-fix-memory-leak-and-use-after-free.patch b/0021-clang-analyzer-fix-memory-leak-and-use-after-free.patch deleted file mode 100644 index b8c91df..0000000 --- a/0021-clang-analyzer-fix-memory-leak-and-use-after-free.patch +++ /dev/null @@ -1,157 +0,0 @@ -From 1530d542f0beaf9aca8eee68096996240a755b1c Mon Sep 17 00:00:00 2001 -From: haozi007 -Date: Tue, 16 Aug 2022 19:50:29 +0800 -Subject: [PATCH 21/21] [clang-analyzer] fix memory leak and use after free - -Signed-off-by: haozi007 ---- - .../connect/grpc/grpc_containers_client.cc | 5 +++++ - .../entry/cri/websocket/service/ws_server.cc | 1 + - .../oci/storage/layer_store/layer_store.c | 21 +++++++++---------- - src/utils/cpputils/url.cc | 2 +- - src/utils/cutils/utils_file.c | 2 +- - 5 files changed, 18 insertions(+), 13 deletions(-) - -diff --git a/src/client/connect/grpc/grpc_containers_client.cc b/src/client/connect/grpc/grpc_containers_client.cc -index 85cafe9b..33c7c631 100644 ---- a/src/client/connect/grpc/grpc_containers_client.cc -+++ b/src/client/connect/grpc/grpc_containers_client.cc -@@ -1926,6 +1926,7 @@ public: - ClientBaseConstants::COMMON_NAME_LEN); - if (ret != 0) { - ERROR("Failed to get common name in: %s", m_certFile.c_str()); -+ delete ctx; - return -1; - } - ctx->context.AddMetadata("username", std::string(common_name_value, strlen(common_name_value))); -@@ -1945,11 +1946,15 @@ public: - ERROR("Invalid json: %s", err); - free(err); - CopyFromContainerFinish(ctx, &response->errmsg); -+ delete ctx->reader; -+ delete ctx; - return -1; - } - free(err); - } else { - CopyFromContainerFinish(ctx, &response->errmsg); -+ delete ctx->reader; -+ delete ctx; - return -1; - } - // Ignore the first reader which is used for transform metadata -diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc -index 08f2cff0..63afc9dd 100644 ---- a/src/daemon/entry/cri/websocket/service/ws_server.cc -+++ b/src/daemon/entry/cri/websocket/service/ws_server.cc -@@ -391,6 +391,7 @@ int WebsocketServer::RegisterStreamTask(struct lws *wsi) noexcept - } - if (GenerateSessionData(session, containerID) != 0) { - ERROR("failed to fill generate session data"); -+ delete session; - return -1; - } - -diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c -index cd18c6aa..e563a8ef 100644 ---- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c -+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c -@@ -853,7 +853,7 @@ static void free_storage_entry_data(storage_entry *entry) - } - } - --static char *caculate_playload(struct archive *ar) -+static int caculate_playload(struct archive *ar, char **result) - { - int r = 0; - unsigned char *block_buf = NULL; -@@ -863,8 +863,7 @@ static char *caculate_playload(struct archive *ar) - #else - off_t block_offset = 0; - #endif -- char *ret = NULL; -- int nret = 0; -+ int ret = 0; - const isula_crc_table_t *ctab = NULL; - uint64_t crc = 0; - // max crc bits is 8 -@@ -876,7 +875,7 @@ static char *caculate_playload(struct archive *ar) - ctab = new_isula_crc_table(ISO_POLY); - - if (ctab == NULL) { -- return NULL; -+ return -1; - } - - for (;;) { -@@ -886,10 +885,12 @@ static char *caculate_playload(struct archive *ar) - } - if (r != ARCHIVE_OK) { - ERROR("Read archive failed"); -+ ret = -1; - goto out; - } - if (!isula_crc_update(ctab, &crc, block_buf, block_size)) { - ERROR("Do crc update failed"); -+ ret = -1; - goto out; - } - empty = false; -@@ -903,10 +904,9 @@ static char *caculate_playload(struct archive *ar) - for (r = 0; r < 8; r++) { - tmp_data[r] = sum_data[r]; - } -- nret = util_base64_encode(tmp_data, 8, &ret); -- -- if (nret != 0) { -- return NULL; -+ ret = util_base64_encode(tmp_data, 8, result); -+ if (ret != 0) { -+ ERROR("Do encode failed"); - } - - out: -@@ -929,9 +929,8 @@ static int archive_entry_parse(struct archive_entry *entry, struct archive *ar, - sentry.size = archive_entry_size(entry); - sentry.position = position; - // caculate playload -- sentry.payload = caculate_playload(ar); -- if (sentry.payload == NULL) { -- ERROR("Caculate playload failed."); -+ if (caculate_playload(ar, &sentry.payload) != 0) { -+ ERROR("Caculate playload failed"); - goto out; - } - -diff --git a/src/utils/cpputils/url.cc b/src/utils/cpputils/url.cc -index ab1355a3..c78cf787 100644 ---- a/src/utils/cpputils/url.cc -+++ b/src/utils/cpputils/url.cc -@@ -32,7 +32,7 @@ bool GetHexDigit(char c, char &d) - d = c - '0'; - } else if (c >= 'a' && c <= 'f') { - d = c - 'a' + 10; -- } else if (c >= 'A' && c <= 'F') { -+ } else { - d = c - 'A' + 10; - } - return true; -diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c -index 67e7a707..f06f4d49 100644 ---- a/src/utils/cutils/utils_file.c -+++ b/src/utils/cutils/utils_file.c -@@ -1549,10 +1549,10 @@ int util_atomic_write_file(const char *fname, const char *content, size_t conten - } - - free_out: -- free(tmp_file); - if (ret != 0 && unlink(tmp_file) != 0 && errno != ENOENT) { - SYSERROR("Failed to remove temp file:%s", tmp_file); - } -+ free(tmp_file); - return ret; - } - --- -2.25.1 - diff --git a/iSulad.spec b/iSulad.spec index ad6e728..306b0ac 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ -%global _version 2.0.15 -%global _release 6 +%global _version 2.0.16 +%global _release 1 %global is_systemd 1 %global enable_shimv2 1 %global is_embedded 1 @@ -13,28 +13,6 @@ URL: https://gitee.com/openeuler/iSulad Source: https://gitee.com/openeuler/iSulad/repository/archive/v%{version}.tar.gz BuildRoot: {_tmppath}/iSulad-%{version} -Patch6000: 0001-do-not-use-tmpfile.patch -Patch6001: 0002-use-only-TLS-v1.2-or-later.patch -Patch6002: 0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch -Patch6003: 0004-tolerate-arch-unspecified-seccomp-profiles.patch -Patch6004: 0005-add-a-CI-test-case-checking-seccomp-option.patch -Patch6005: 0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch -Patch6006: 0007-fix-cpu-quota-out-of-range-when-update-to-1.patch -Patch6007: 0008-stop-health-check-monitor-before-stopping-container.patch -Patch6008: 0009-set-dup_option-null-after-free.patch -Patch6009: 0010-ensure-read-string-must-have-space-store-null-char.patch -Patch6010: 0011-remove-unused-include-files.patch -Patch6011: 0012-fix-lose-override-flag.patch -Patch6012: 0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch -Patch6013: 0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch -Patch6014: 0015-add-fuzz-dict.patch -Patch6015: 0016-clang-analyzer-ensure-agrument-with-nonnull-attirbut.patch -Patch6016: 0017-change-default-umask-to-0022.patch -Patch6017: 0018-clang-analyzer-remove-dead-assignment.patch -Patch6018: 0019-clang-anaylzer-ensure-derenference-of-non-null-point.patch -Patch6019: 0020-do-clean-path-and-check-if-file-exist.patch -Patch6020: 0021-clang-analyzer-fix-memory-leak-and-use-after-free.patch - %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) Provides: libisula.so()(64bit) @@ -261,6 +239,12 @@ fi %endif %changelog +* Tue Aug 23 2022 wangfengtu - 2.0.16-1 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: update iSulad version to 2.0.16-1 + * Mon Aug 22 2022 zhongtao - 2.0.15-6 - Type: enhancement - ID: NA diff --git a/v2.0.15.tar.gz b/v2.0.16.tar.gz similarity index 53% rename from v2.0.15.tar.gz rename to v2.0.16.tar.gz index 6266bc6..3923784 100644 Binary files a/v2.0.15.tar.gz and b/v2.0.16.tar.gz differ