packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!387 sync from openeuler

Browse Source 
From: @duguhaotian 
Reviewed-by: @zh_xiaoyu, @jingwoo 
Signed-off-by: @jingwoo
This commit is contained in:
openeuler-ci-bot 2022-07-14 02:48:50 +00:00 committed by Gitee
commit 7a7cb9b2f9
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
32 changed files with 8 additions and 6672 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
0001-do-not-mkdir-of-isulad-if-no-controller-found.patch
View File

@ -1,56 +0,0 @@
From 9837be14200fecb32db0337652e60532f1adb7be Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Mon, 23 May 2022 17:06:19 +0800
Subject: [PATCH 01/30] do not mkdir of isulad if no controller found
If selinux disable the capibility DAC_OVERRIDE,
mkdir isulad may fail when run container.
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
src/daemon/common/sysinfo.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c
index e60377dd..6fb4ec38 100644
--- a/src/daemon/common/sysinfo.c
+++ b/src/daemon/common/sysinfo.c
@@ -1303,6 +1303,21 @@ out:
return ret;
}
+#ifdef __ANDROID__
+static bool cgroup2_no_controller() {
+ char *controllers_str = NULL;
+
+ controllers_str = util_read_content_from_file(CGROUP2_CONTROLLERS_PATH);
+ if (controllers_str == NULL || strlen(controllers_str) == 0 || strcmp(controllers_str, "\n") == 0) {
+ free(controllers_str);
+ return true;
+ }
+
+ free(controllers_str);
+ return false;
+}
+#endif
+
static int make_sure_cgroup2_isulad_path_exist()
{
int ret = 0;
@@ -1315,6 +1330,13 @@ static int make_sure_cgroup2_isulad_path_exist()
return -1;
}
+#ifdef __ANDROID__
+ if (cgroup2_no_controller()) {
+ DEBUG("no cgroup controller found");
+ return 0;
+ }
+#endif
+
ret = mkdir(CGROUP_ISULAD_PATH, DEFAULT_CGROUP_DIR_MODE);
if (ret != 0 && (errno != EEXIST || !util_dir_exists(CGROUP_ISULAD_PATH))) {
return -1;
--
2.32.1 (Apple Git-133)

46
0002-fix-install-error-when-android.patch
View File

@ -1,46 +0,0 @@
From 426a282802b8b81c66e6857857a745583f816c0a Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Tue, 24 May 2022 16:51:02 +0800
Subject: [PATCH 02/30] fix install error when android
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
src/common/constants.h | 2 +-
src/contrib/config/{lxc_contexts => container_contexts} | 0
src/daemon/common/selinux_label.c | 2 +-
3 files changed, 2 insertions(+), 2 deletions(-)
rename src/contrib/config/{lxc_contexts => container_contexts} (100%)
diff --git a/src/common/constants.h b/src/common/constants.h
index 56c88d46..60fb9abe 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -66,7 +66,7 @@ extern "C" {
#define ISULAD_CONFIG SYSCONFDIR_PREFIX"/etc/isulad"
-#define ISULAD_DAEMON_LXC_CONTEXTS ISULAD_CONFIG "/container_contexts"
+#define ISULAD_DAEMON_CONTAINER_CONTEXTS ISULAD_CONFIG "/container_contexts"
#define ISULAD_DAEMON_JSON_CONF_FILE ISULAD_CONFIG "/daemon.json"
#define ISULAD_DAEMON_CONSTANTS_JSON_CONF_FILE ISULAD_CONFIG "/daemon_constants.json"
diff --git a/src/contrib/config/lxc_contexts b/src/contrib/config/container_contexts
similarity index 100%
rename from src/contrib/config/lxc_contexts
rename to src/contrib/config/container_contexts
diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c
index 9efd16e9..5468111e 100644
--- a/src/daemon/common/selinux_label.c
+++ b/src/daemon/common/selinux_label.c
@@ -593,7 +593,7 @@ static int container_label(char **process_label, char **file_label)
}
#ifdef __ANDROID__
- lxc_path = ISULAD_DAEMON_LXC_CONTEXTS;
+ lxc_path = ISULAD_DAEMON_CONTAINER_CONTEXTS;
#else
lxc_path = selinux_lxc_contexts_path();
#endif
--
2.32.1 (Apple Git-133)

249
0003-imp-fuzz-for-pw-gr-parser.patch
View File

@ -1,249 +0,0 @@
From 9ccb30fa430c7b98ecab4406dabe8498c74db8c3 Mon Sep 17 00:00:00 2001
From: chegJH <hejunjie10@huawei.com>
Date: Thu, 12 May 2022 16:40:41 +0800
Subject: [PATCH 03/30] imp fuzz for pw gr parser
Signed-off-by: chegJH <hejunjie10@huawei.com>
---
test/fuzz/CMakeLists.txt | 48 ++++++++++++++++++++++++++++
test/fuzz/dict/gr_fuzz.dict | 4 +++
test/fuzz/dict/pw_fuzz.dict | 6 ++++
test/fuzz/fuzz.sh | 4 +++
test/fuzz/test_gr_obj_parser_fuzz.cc | 45 ++++++++++++++++++++++++++
test/fuzz/test_pw_obj_parser_fuzz.cc | 46 ++++++++++++++++++++++++++
6 files changed, 153 insertions(+)
create mode 100644 test/fuzz/dict/gr_fuzz.dict
create mode 100644 test/fuzz/dict/pw_fuzz.dict
create mode 100644 test/fuzz/test_gr_obj_parser_fuzz.cc
create mode 100644 test/fuzz/test_pw_obj_parser_fuzz.cc
diff --git a/test/fuzz/CMakeLists.txt b/test/fuzz/CMakeLists.txt
index 61ab47d7..555c3813 100644
--- a/test/fuzz/CMakeLists.txt
+++ b/test/fuzz/CMakeLists.txt
@@ -20,6 +20,8 @@ SET(EXE1 im_config_image_exist_fuzz)
SET(EXE2 im_get_image_count_fuzz)
SET(EXE3 test_volume_mount_spec_fuzz)
SET(EXE4 test_volume_parse_volume_fuzz)
+SET(EXE5 test_pw_obj_parser_fuzz)
+SET(EXE6 test_gr_obj_parser_fuzz)
add_executable(${EXE0}
${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/isulad_config.c
${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/daemon_arguments.c
@@ -66,6 +68,36 @@ add_executable(${EXE4}
${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/daemon_arguments.c
test_volume_parse_volume_fuzz.cc
)
+add_executable(${EXE5}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_string.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_array.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_file.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_convert.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_verify.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_regex.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_pwgr.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256/sha256.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/map.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/rb_tree.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/path.c
+ test_pw_obj_parser_fuzz.cc
+ )
+add_executable(${EXE6}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_string.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_array.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_file.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_convert.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_verify.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_regex.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_pwgr.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256/sha256.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/map.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/rb_tree.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/path.c
+ test_gr_obj_parser_fuzz.cc
+ )
SET(IMAGE_FUZZ_INCLUDE_DIRS
${GTEST_INCLUDE_DIR}
@@ -107,6 +139,14 @@ target_include_directories(${EXE4} PUBLIC
${IMAGE_FUZZ_INCLUDE_DIRS}
)
+target_include_directories(${EXE5} PUBLIC
+ ${IMAGE_FUZZ_INCLUDE_DIRS}
+)
+
+target_include_directories(${EXE6} PUBLIC
+ ${IMAGE_FUZZ_INCLUDE_DIRS}
+)
+
set_target_properties(${EXE0} PROPERTIES LINKER_LANGUAGE CXX)
set_target_properties(${EXE0} PROPERTIES LINK_FLAGS "-fsanitize=address -fsanitize-coverage=trace-pc")
target_link_libraries(${EXE0} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} ${LIB_FUZZING_ENGINE} pthread rt -lisulad_img -lgcov)
@@ -126,3 +166,11 @@ target_link_libraries(${EXE3} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY
set_target_properties(${EXE4} PROPERTIES LINKER_LANGUAGE CXX)
set_target_properties(${EXE4} PROPERTIES LINK_FLAGS "-fsanitize=address -fsanitize-coverage=trace-pc")
target_link_libraries(${EXE4} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} ${LIB_FUZZING_ENGINE} pthread rt -lcrypto -lyajl -lz -lisulad_img -lgcov)
+
+set_target_properties(${EXE5} PROPERTIES LINKER_LANGUAGE CXX)
+set_target_properties(${EXE5} PROPERTIES LINK_FLAGS "-fsanitize=address -fsanitize-coverage=trace-pc")
+target_link_libraries(${EXE5} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} ${LIB_FUZZING_ENGINE} pthread rt -lcrypto -lyajl -lz -lisulad_img -lgcov)
+
+set_target_properties(${EXE6} PROPERTIES LINKER_LANGUAGE CXX)
+set_target_properties(${EXE6} PROPERTIES LINK_FLAGS "-fsanitize=address -fsanitize-coverage=trace-pc")
+target_link_libraries(${EXE6} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} ${LIB_FUZZING_ENGINE} pthread rt -lcrypto -lyajl -lz -lisulad_img -lgcov)
\ No newline at end of file
diff --git a/test/fuzz/dict/gr_fuzz.dict b/test/fuzz/dict/gr_fuzz.dict
new file mode 100644
index 00000000..0f14d1c3
--- /dev/null
+++ b/test/fuzz/dict/gr_fuzz.dict
@@ -0,0 +1,4 @@
+"root:x:0:"
+"+adm:x:4:"
+"adm:x:4:root,john, boob,jason"
+"empty"
\ No newline at end of file
diff --git a/test/fuzz/dict/pw_fuzz.dict b/test/fuzz/dict/pw_fuzz.dict
new file mode 100644
index 00000000..0b7790a4
--- /dev/null
+++ b/test/fuzz/dict/pw_fuzz.dict
@@ -0,0 +1,6 @@
+"root:x:0:0:root:/root:/bin/bash"
+"bin:x:-1:1:bin:/bin:/sbin/nologin"
+"uidonly:x:1::bin:/bin:/sbin/nologin"
+"::::1:1:bin:/bin:/sbin/nologin"
+"-npt:*::::/etc/ntp:/sbin/nologin"
+"empty"
\ No newline at end of file
diff --git a/test/fuzz/fuzz.sh b/test/fuzz/fuzz.sh
index 6c8ce19a..c5b55979 100755
--- a/test/fuzz/fuzz.sh
+++ b/test/fuzz/fuzz.sh
@@ -17,6 +17,8 @@
current_dir=$(cd $(dirname $0) && pwd)
FUZZ_OPTION="${current_dir}/corpus -dict=${current_dir}/dict/im_oci_image_exist_fuzz.dict -runs=1000000 -max_total_time=3600"
VOLUME_FUZZ_OPTION="${current_dir}/corpus -dict=${current_dir}/dict/volume_fuzz.dict -runs=1000000 -max_total_time=3600"
+PW_FUZZ_OPTION="${current_dir}/corpus -dict=${current_dir}/dict/pw_fuzz.dict -runs=30000000 -max_total_time=10800"
+GR_FUZZ_OPTION="${current_dir}/corpus -dict=${current_dir}/dict/gr_fuzz.dict -runs=30000000 -max_total_time=10800"
find /usr -name "libclang_rt.fuzzer-$(uname -m)*"
if [ $? != 0 ];then
@@ -34,6 +36,8 @@ ${current_dir}/im_config_image_exist_fuzz ${FUZZ_OPTION} -artifact_prefix=im_con
${current_dir}/im_get_image_count_fuzz ${FUZZ_OPTION} -artifact_prefix=im_get_image_count_fuzz-
${current_dir}/test_volume_mount_spec_fuzz ${VOLUME_FUZZ_OPTION} -artifact_prefix=test_volume_mount_spec_fuzz-
${current_dir}/test_volume_parse_volume_fuzz ${VOLUME_FUZZ_OPTION} -artifact_prefix=test_volume_parse_volume_fuzz-
+${current_dir}/test_pw_obj_parser_fuzz ${PW_FUZZ_OPTION} -artifact_prefix=test_pw_obj_parser_fuzz-
+${current_dir}/test_gr_obj_parser_fuzz ${GR_FUZZ_OPTION} -artifact_prefix=test_gr_obj_parser_fuzz-
# 查找crash文件
diff --git a/test/fuzz/test_gr_obj_parser_fuzz.cc b/test/fuzz/test_gr_obj_parser_fuzz.cc
new file mode 100644
index 00000000..01db0cf2
--- /dev/null
+++ b/test/fuzz/test_gr_obj_parser_fuzz.cc
@@ -0,0 +1,45 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: hejunjie
+ * Create: 2022-05-12
+ * Description: provide fuzz test for parser of group object
+ ******************************************************************************/
+
+#include <cstdio>
+#include <fstream>
+#include <iostream>
+#include <sstream>
+#include <string>
+#include "utils_pwgr.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ std::string testData(reinterpret_cast<const char *>(data), size);
+ std::string fileName("grstreamfile.txt");
+ struct group gr;
+ struct group *pgr = nullptr;
+ char buf[BUFSIZ];
+
+ std::ofstream outFile(fileName);
+ outFile << testData;
+ outFile.close();
+
+ FILE *f = fopen(fileName.c_str(), "r");
+
+ if (testData == "empty") {
+ util_getgrent_r(nullptr, &gr, buf, sizeof(buf), &pgr);
+ } else {
+ util_getgrent_r(f, &gr, buf, sizeof(buf), &pgr);
+ }
+
+ fclose(f);
+ return 0;
+}
diff --git a/test/fuzz/test_pw_obj_parser_fuzz.cc b/test/fuzz/test_pw_obj_parser_fuzz.cc
new file mode 100644
index 00000000..3a2195c6
--- /dev/null
+++ b/test/fuzz/test_pw_obj_parser_fuzz.cc
@@ -0,0 +1,46 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: hejunjie
+ * Create: 2022-05-12
+ * Description: provide fuzz test for passwd object parser
+ ******************************************************************************/
+
+#include <cstdio>
+#include <fstream>
+#include <iostream>
+#include <sstream>
+#include <string>
+#include "utils_pwgr.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ std::string testData(reinterpret_cast<const char *>(data), size);
+ std::string fileName("pwstreamfile.txt");
+ struct passwd pw;
+ struct passwd *ppw = nullptr;
+ char buf[BUFSIZ];
+
+ std::ofstream outFile(fileName);
+ outFile << testData;
+ outFile.close();
+
+ FILE *f = fopen(fileName.c_str(), "r");
+
+ if (testData == "empty") {
+ util_getpwent_r(nullptr, &pw, buf, sizeof(buf), &ppw);
+ } else {
+ util_getpwent_r(f, &pw, buf, sizeof(buf), &ppw);
+ }
+
+ fclose(f);
+ return 0;
+
+}
--
2.32.1 (Apple Git-133)

119
0004-improve-fuzz-test.patch
View File

@ -1,119 +0,0 @@
From 31a92265a6bd29dc8f98179947406f1bb56ac5a8 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 26 May 2022 13:53:09 +0100
Subject: [PATCH 04/30] improve fuzz test
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
test/fuzz/CMakeLists.txt | 50 ++++++++++++++--------------
test/fuzz/test_gr_obj_parser_fuzz.cc | 2 +-
test/fuzz/test_pw_obj_parser_fuzz.cc | 2 +-
test/mocks/oci_image_mock.cc | 2 +-
4 files changed, 28 insertions(+), 28 deletions(-)
diff --git a/test/fuzz/CMakeLists.txt b/test/fuzz/CMakeLists.txt
index 555c3813..8561b495 100644
--- a/test/fuzz/CMakeLists.txt
+++ b/test/fuzz/CMakeLists.txt
@@ -1,6 +1,6 @@
project(iSulad_UT)
-execute_process(COMMAND bash "-c" "find /usr -name *libclang_rt.fuzzer-${CMAKE_HOST_SYSTEM_PROCESSOR}*"
+execute_process(COMMAND bash "-c" "find /usr -name *libclang_rt.fuzzer-${CMAKE_HOST_SYSTEM_PROCESSOR}* | head -1"
OUTPUT_VARIABLE LIB_FUZZING_ENGINE
OUTPUT_STRIP_TRAILING_WHITESPACE)
@@ -69,33 +69,33 @@ add_executable(${EXE4}
test_volume_parse_volume_fuzz.cc
)
add_executable(${EXE5}
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_string.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_array.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_file.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_convert.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_verify.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_regex.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_pwgr.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256/sha256.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/map.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/rb_tree.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/path.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_string.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_array.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_file.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_convert.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_verify.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_regex.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_pwgr.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/sha256/sha256.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/map/map.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/map/rb_tree.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/path.c
test_pw_obj_parser_fuzz.cc
)
add_executable(${EXE6}
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_string.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_array.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_file.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_convert.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_verify.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_regex.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_pwgr.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256/sha256.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/map.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/rb_tree.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/path.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_string.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_array.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_file.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_convert.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_verify.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_regex.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_pwgr.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/sha256/sha256.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/map/map.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/map/rb_tree.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/path.c
test_gr_obj_parser_fuzz.cc
)
diff --git a/test/fuzz/test_gr_obj_parser_fuzz.cc b/test/fuzz/test_gr_obj_parser_fuzz.cc
index 01db0cf2..d43d153d 100644
--- a/test/fuzz/test_gr_obj_parser_fuzz.cc
+++ b/test/fuzz/test_gr_obj_parser_fuzz.cc
@@ -1,5 +1,5 @@
/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
diff --git a/test/fuzz/test_pw_obj_parser_fuzz.cc b/test/fuzz/test_pw_obj_parser_fuzz.cc
index 3a2195c6..cf09f576 100644
--- a/test/fuzz/test_pw_obj_parser_fuzz.cc
+++ b/test/fuzz/test_pw_obj_parser_fuzz.cc
@@ -1,5 +1,5 @@
/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
diff --git a/test/mocks/oci_image_mock.cc b/test/mocks/oci_image_mock.cc
index 8e975e3b..c333c0dd 100644
--- a/test/mocks/oci_image_mock.cc
+++ b/test/mocks/oci_image_mock.cc
@@ -37,5 +37,5 @@ struct oci_image_module_data *get_oci_image_data(void)
if (g_oci_image_mock != nullptr) {
return g_oci_image_mock->GetOciImageData();
}
- return { 0 };
+ return nullptr;
}
--
2.32.1 (Apple Git-133)

262
0005-Seccomp-optimization.patch
View File

@ -1,262 +0,0 @@
From 02167555e702316fe14cc963f9e978e9f66f59ba Mon Sep 17 00:00:00 2001
From: chengzrz <czrzrichard@gmail.com>
Date: Fri, 24 Dec 2021 10:47:31 +0800
Subject: [PATCH 05/30] Seccomp optimization
Signed-off-by: chengzrz <czrzrichard@gmail.com>
---
src/common/constants.h | 2 +
src/daemon/modules/spec/specs_security.c | 112 +++++++++++++++++++----
src/utils/cutils/utils.c | 54 ++++++-----
3 files changed, 128 insertions(+), 40 deletions(-)
diff --git a/src/common/constants.h b/src/common/constants.h
index 60fb9abe..294f4b78 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -142,6 +142,8 @@ extern "C" {
/* RUNPATH is defined by -DRUNPATH=$value when execute cmake, default is "/var/run" */
#define CLIENT_RUNDIR RUNPATH"/isula"
+#define SCMP_ARCH_X86_64 "SCMP_ARCH_X86_64"
+#define SCMP_ARCH_AARCH64 "SCMP_ARCH_AARCH64"
typedef enum {
CONTAINER_STATUS_UNKNOWN = 0,
diff --git a/src/daemon/modules/spec/specs_security.c b/src/daemon/modules/spec/specs_security.c
index 658c2e1f..8a8b2d86 100644
--- a/src/daemon/modules/spec/specs_security.c
+++ b/src/daemon/modules/spec/specs_security.c
@@ -457,45 +457,123 @@ static bool meet_filtering_rules(const docker_seccomp *seccomp, const docker_sec
return meet_include_arch && meet_include_cap && meet_exclude_arch && meet_exclude_cap;
}
-static size_t docker_seccomp_arches_count(const docker_seccomp *docker_seccomp_spec)
+static size_t docker_seccomp_arches_count(const char* seccomp_architecture, const docker_seccomp *docker_seccomp_spec)
{
size_t count = 0;
size_t i = 0;
- for (i = 0; i < docker_seccomp_spec->arch_map_len; i++) {
- count += docker_seccomp_spec->arch_map[i]->sub_architectures_len + 1;
+
+ if (seccomp_architecture == NULL) {
+ ERROR("Invalid input seccomp architecture");
+ return -1;
+ }
+
+ for (i = 0; i < docker_seccomp_spec->arch_map_len; ++i) {
+ if (docker_seccomp_spec->arch_map[i] == NULL || docker_seccomp_spec->arch_map[i]->architecture == NULL) {
+ continue;
+ }
+ if (strcmp(seccomp_architecture, docker_seccomp_spec->arch_map[i]->architecture) == 0) {
+ count = docker_seccomp_spec->arch_map[i]->sub_architectures_len + 1;
+ break;
+ }
+ }
+
+ if (count == 0) {
+ ERROR("seccomp architecture not found");
+ count = -1;
}
+
return count;
}
-static int dup_architectures_to_oci_spec(const docker_seccomp *docker_seccomp_spec,
+static int dup_architectures_to_oci_spec(const char* seccomp_architecture, const docker_seccomp *docker_seccomp_spec,
oci_runtime_config_linux_seccomp *oci_seccomp_spec)
{
+ size_t i = 0;
+ size_t j = 0;
size_t arch_size = 0;
- arch_size = docker_seccomp_arches_count(docker_seccomp_spec);
- if (arch_size != 0) {
- size_t i;
- size_t j;
- if (arch_size > (SIZE_MAX / sizeof(char *))) {
- return -1;
- }
- oci_seccomp_spec->architectures = util_common_calloc_s(arch_size * sizeof(char *));
- if (oci_seccomp_spec->architectures == NULL) {
- return -1;
+ if (seccomp_architecture == NULL) {
+ oci_seccomp_spec->architectures_len = 0;
+ return 0;
+ }
+
+ arch_size = docker_seccomp_arches_count(seccomp_architecture, docker_seccomp_spec);
+ if (arch_size < 0) {
+ ERROR("Failed to get arches count from docker seccomp spec");
+ return -1;
+ }
+
+ oci_seccomp_spec->architectures = util_common_calloc_s(arch_size * sizeof(char *));
+ if (oci_seccomp_spec->architectures == NULL) {
+ ERROR("Failed to calloc memory for architectures in seccomp spec");
+ return -1;
+ }
+
+ for (i = 0; i < docker_seccomp_spec->arch_map_len; ++i) {
+ if (docker_seccomp_spec->arch_map[i] == NULL || docker_seccomp_spec->arch_map[i]->architecture == NULL) {
+ continue;
}
- for (i = 0; i < docker_seccomp_spec->arch_map_len; i++) {
+ if (strcmp(seccomp_architecture, docker_seccomp_spec->arch_map[i]->architecture) == 0) {
oci_seccomp_spec->architectures[oci_seccomp_spec->architectures_len++] =
util_strdup_s(docker_seccomp_spec->arch_map[i]->architecture);
- for (j = 0; j < docker_seccomp_spec->arch_map[i]->sub_architectures_len; j++) {
+
+ for (j = 0; j < docker_seccomp_spec->arch_map[i]->sub_architectures_len; ++j) {
oci_seccomp_spec->architectures[oci_seccomp_spec->architectures_len++] =
util_strdup_s(docker_seccomp_spec->arch_map[i]->sub_architectures[j]);
}
+ break;
}
}
return 0;
}
+// return 0 when normalized_arch has been properly set into seccomp spec
+static int normalized_arch_to_seccomp_arch(const char *host_arch, const docker_seccomp *docker_seccomp_spec,
+ oci_runtime_config_linux_seccomp *oci_seccomp_spec)
+{
+ INFO("host architecture is %s", host_arch);
+ // x86 archs
+ if (strcasecmp(host_arch, "386") == 0 || strcasecmp(host_arch, "amd64") == 0) {
+ return dup_architectures_to_oci_spec(SCMP_ARCH_X86_64, docker_seccomp_spec, oci_seccomp_spec);
+ }
+ // arm archs
+ if (strcasecmp(host_arch, "arm64") == 0 || strcasecmp(host_arch, "arm") == 0) {
+ return dup_architectures_to_oci_spec(SCMP_ARCH_AARCH64, docker_seccomp_spec, oci_seccomp_spec);
+ }
+ //other archs
+ return dup_architectures_to_oci_spec(NULL, docker_seccomp_spec, oci_seccomp_spec);
+}
+
+static int load_architectures_into_oci_spec(const docker_seccomp *docker_seccomp_spec,
+ oci_runtime_config_linux_seccomp *oci_seccomp_spec)
+{
+ int ret = 0;
+ char *host_os = NULL;
+ char *host_arch = NULL;
+ char *host_variant = NULL;
+
+ ret = util_normalized_host_os_arch(&host_os, &host_arch, &host_variant);
+ if (ret != 0) {
+ ERROR("get host os and arch for import failed");
+ isulad_try_set_error_message("get host os and arch for import failed");
+ goto out;
+ }
+
+ ret = normalized_arch_to_seccomp_arch(host_arch, docker_seccomp_spec, oci_seccomp_spec);
+ if (ret != 0) {
+ ERROR("transfer normalized arch to seccomp arch failed");
+ isulad_try_set_error_message("transfer normalized arch to seccomp arch failed");
+ goto out;
+ }
+
+out:
+ free(host_os);
+ free(host_arch);
+ free(host_variant);
+ return ret;
+}
+
static int dup_syscall_args_to_oci_spec(const docker_seccomp_syscalls_element *docker_syscall,
defs_syscall *oci_syscall)
{
@@ -606,7 +684,7 @@ static oci_runtime_config_linux_seccomp *trans_docker_seccomp_to_oci_format(cons
oci_seccomp_spec->default_action = util_strdup_s(docker_seccomp_spec->default_action);
// architectures
- if (dup_architectures_to_oci_spec(docker_seccomp_spec, oci_seccomp_spec)) {
+ if (load_architectures_into_oci_spec(docker_seccomp_spec, oci_seccomp_spec)) {
goto out;
}
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index a647f7bc..278a72c5 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -1353,6 +1353,7 @@ static char *get_cpu_variant()
int util_normalized_host_os_arch(char **host_os, char **host_arch, char **host_variant)
{
int ret = 0;
+ int i = 0;
struct utsname uts;
char *tmp_variant = NULL;
@@ -1367,20 +1368,31 @@ int util_normalized_host_os_arch(char **host_os, char **host_arch, char **host_v
goto out;
}
+ const char *arch_map[][2] = { { "i386", "386" },
+ { "x86_64", "amd64" },
+ { "x86-64", "amd64" },
+ { "aarch64", "arm64" },
+ { "armhf", "arm" },
+ { "armel", "arm" },
+ { "mips64le", "mips64le" },
+ { "mips64el", "mips64le" }
+ };
+
+ const char *variant_map[][2] = { { "5", "v5" },
+ { "6", "v6" },
+ { "7", "v7" },
+ { "8", "v8" }
+ };
+
*host_os = util_strings_to_lower(uts.sysname);
+ *host_arch = util_strdup_s(uts.machine);
- if (strcasecmp("i386", uts.machine) == 0) {
- *host_arch = util_strdup_s("386");
- } else if ((strcasecmp("x86_64", uts.machine) == 0) || (strcasecmp("x86-64", uts.machine) == 0)) {
- *host_arch = util_strdup_s("amd64");
- } else if (strcasecmp("aarch64", uts.machine) == 0) {
- *host_arch = util_strdup_s("arm64");
- } else if ((strcasecmp("armhf", uts.machine) == 0) || (strcasecmp("armel", uts.machine) == 0)) {
- *host_arch = util_strdup_s("arm");
- } else if ((strcasecmp("mips64le", uts.machine) == 0) || (strcasecmp("mips64el", uts.machine) == 0)) {
- *host_arch = util_strdup_s("mips64le");
- } else {
- *host_arch = util_strdup_s(uts.machine);
+ for (i = 0; i < sizeof(arch_map) / sizeof(arch_map[0]); ++i) {
+ if (strcasecmp(uts.machine, arch_map[i][0]) == 0) {
+ free(*host_arch);
+ *host_arch = util_strdup_s(arch_map[i][1]);
+ break;
+ }
}
if (!strcmp(*host_arch, "arm") || !strcmp(*host_arch, "arm64")) {
@@ -1394,17 +1406,13 @@ int util_normalized_host_os_arch(char **host_os, char **host_arch, char **host_v
*host_variant = util_strdup_s("v7");
} else if (!strcmp(*host_arch, "arm") && *host_variant != NULL) {
tmp_variant = *host_variant;
- *host_variant = NULL;
- if (!strcmp(tmp_variant, "5")) {
- *host_variant = util_strdup_s("v5");
- } else if (!strcmp(tmp_variant, "6")) {
- *host_variant = util_strdup_s("v6");
- } else if (!strcmp(tmp_variant, "7")) {
- *host_variant = util_strdup_s("v7");
- } else if (!strcmp(tmp_variant, "8")) {
- *host_variant = util_strdup_s("v8");
- } else {
- *host_variant = util_strdup_s(tmp_variant);
+ *host_variant = util_strdup_s(tmp_variant);
+ for (i = 0; i < sizeof(variant_map) / sizeof(variant_map[0]); ++i) {
+ if (!strcmp(tmp_variant, variant_map[i][0])) {
+ free(*host_variant);
+ *host_variant = util_strdup_s(variant_map[i][1]);
+ break;
+ }
}
free(tmp_variant);
tmp_variant = NULL;
--
2.32.1 (Apple Git-133)

264
0006-fix-different-type-convert.patch
View File

@ -1,264 +0,0 @@
From 1db2941da2eba089f3ed07c59f4925c857860023 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 31 May 2022 03:33:16 +0100
Subject: [PATCH 06/30] fix different type convert
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/isula/isula_host_spec.c | 23 ++++++++++++++-----
src/cmd/isula/stream/exec.c | 6 +++--
src/cmd/isulad/isulad_commands.c | 11 +++++++--
src/cmd/options/opt_ulimit.c | 9 ++++++--
.../modules/runtime/engines/lcr/lcr_engine.c | 2 +-
src/daemon/modules/spec/specs_mount.c | 8 +++++--
src/utils/http/parser.c | 2 +-
7 files changed, 45 insertions(+), 16 deletions(-)
diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c
index 85451dd4..297f9299 100644
--- a/src/cmd/isula/isula_host_spec.c
+++ b/src/cmd/isula/isula_host_spec.c
@@ -516,6 +516,7 @@ static int parse_blkio_throttle_bps_device(const char *device, char **path, uint
{
int ret = 0;
char **split = NULL;
+ int64_t converted = 0;
split = util_string_split_multi(device, ':');
if (split == NULL || util_array_len((const char **)split) != 2) {
@@ -530,13 +531,16 @@ static int parse_blkio_throttle_bps_device(const char *device, char **path, uint
goto out;
}
- if (util_parse_byte_size_string(split[1], (int64_t *)rate) != 0) {
+ ret = util_parse_byte_size_string(split[1], &converted);
+ if (ret != 0 || converted < 0) {
COMMAND_ERROR("invalid rate for device: %s. The correct format is <device-path>:<number>[<unit>]."
" Number must be a positive integer. Unit is optional and can be kb, mb, or gb",
device);
ret = -1;
goto out;
}
+
+ *rate = converted;
*path = util_strdup_s(split[0]);
out:
@@ -691,6 +695,7 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input)
char *trans_page = NULL;
uint64_t limit = 0;
uint64_t page = 0;
+ int64_t tconverted = 0;
host_config_hugetlbs_element *limit_element = NULL;
temp = util_strdup_s(input);
@@ -704,18 +709,21 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input)
goto free_out;
}
- ret = util_parse_byte_size_string(limit_value, (int64_t *)(&limit));
- if (ret != 0) {
+ ret = util_parse_byte_size_string(limit_value, &tconverted);
+ if (ret != 0 || tconverted < 0) {
COMMAND_ERROR("Parse limit value: %s failed:%s", limit_value, strerror(-ret));
goto free_out;
}
+ limit = (uint64_t)tconverted;
if (pagesize != NULL) {
- ret = util_parse_byte_size_string(pagesize, (int64_t *)(&page));
- if (ret != 0) {
+ tconverted = 0;
+ ret = util_parse_byte_size_string(pagesize, &tconverted);
+ if (ret != 0 || tconverted < 0) {
COMMAND_ERROR("Parse pagesize error.Invalid hugepage size: %s: %s", pagesize, strerror(-ret));
goto free_out;
}
+ page = (uint64_t)tconverted;
trans_page = util_human_size(page);
if (trans_page == NULL) {
@@ -842,15 +850,18 @@ static bool parse_size(const char *input, const char *token, host_config_host_ch
uint64_t size = 0;
uint64_t mem_total_size = 0;
uint64_t mem_available_size = 0;
+ int64_t converted = 0;
if (strcmp(token, "") == 0) {
host_channel->size = 64 * SIZE_MB;
return true;
}
- if (util_parse_byte_size_string(token, (int64_t *)(&size))) {
+ if (util_parse_byte_size_string(token, &converted) != 0 || converted < 0) {
COMMAND_ERROR("Invalid size limit for host channel: %s", input);
return false;
}
+ size = (uint64_t)converted;
+
if (size < HOST_CHANNLE_MIN_SIZE) {
COMMAND_ERROR("Invalid size, larger than 4KB is allowed");
return false;
diff --git a/src/cmd/isula/stream/exec.c b/src/cmd/isula/stream/exec.c
index aa702b90..df911d0b 100644
--- a/src/cmd/isula/stream/exec.c
+++ b/src/cmd/isula/stream/exec.c
@@ -49,6 +49,7 @@ static int fill_exec_request(const struct client_arguments *args, const struct c
{
int ret = 0;
size_t i = 0;
+ size_t tconverted = 0;
char *new_env = NULL;
request->name = util_strdup_s(args->name);
@@ -67,12 +68,13 @@ static int fill_exec_request(const struct client_arguments *args, const struct c
request->user = util_strdup_s(args->custom_conf.user);
request->workdir = util_strdup_s(args->custom_conf.workdir);
- if (util_dup_array_of_strings((const char **)args->argv, args->argc, &(request->argv),
- (size_t *)(&request->argc)) != 0) {
+ ret = util_dup_array_of_strings((const char **)args->argv, args->argc, &(request->argv), &tconverted);
+ if (ret != 0 || tconverted >= INT_MAX) {
ERROR("Failed to dup args");
ret = -1;
goto out;
}
+ request->argc = (int)tconverted;
/* environment variables */
for (i = 0; i < util_array_len((const char **)(args->extra_env)); i++) {
diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c
index 2a0ccf92..f73a82e2 100644
--- a/src/cmd/isulad/isulad_commands.c
+++ b/src/cmd/isulad/isulad_commands.c
@@ -517,7 +517,6 @@ out:
static int do_merge_conf_default_ulimit_into_global(struct service_arguments *args)
{
size_t i, j, json_default_ulimit_len;
- isulad_daemon_configs_default_ulimits_element *ptr = NULL;
if (args->json_confs->default_ulimits == NULL) {
return 0;
@@ -525,6 +524,9 @@ static int do_merge_conf_default_ulimit_into_global(struct service_arguments *ar
json_default_ulimit_len = args->json_confs->default_ulimits->len;
for (i = 0; i < json_default_ulimit_len; i++) {
+ isulad_daemon_configs_default_ulimits_element *ptr = NULL;
+ host_config_ulimits_element telem = { 0 };
+
ptr = args->json_confs->default_ulimits->values[i];
for (j = 0; j < args->default_ulimit_len; j++) {
if (strcmp(ptr->name, args->default_ulimit[j]->name) == 0) {
@@ -532,12 +534,17 @@ static int do_merge_conf_default_ulimit_into_global(struct service_arguments *ar
}
}
+ // ulimit of name setted, just update values
if (j < args->default_ulimit_len) {
args->default_ulimit[j]->soft = ptr->soft;
args->default_ulimit[j]->hard = ptr->hard;
continue;
}
- if (ulimit_array_append(&args->default_ulimit, (host_config_ulimits_element *)ptr, args->default_ulimit_len) !=
+
+ telem.name = ptr->name;
+ telem.hard = ptr->hard;
+ telem.soft = ptr->soft;
+ if (ulimit_array_append(&args->default_ulimit, &telem, args->default_ulimit_len) !=
0) {
ERROR("merge json confs default ulimit config failed");
return -1;
diff --git a/src/cmd/options/opt_ulimit.c b/src/cmd/options/opt_ulimit.c
index 1a9c6165..b9eddf8a 100644
--- a/src/cmd/options/opt_ulimit.c
+++ b/src/cmd/options/opt_ulimit.c
@@ -58,22 +58,27 @@ static void get_ulimit_split_parts(const char *val, char ***parts, size_t *parts
static int parse_soft_hard_ulimit(const char *val, char **limitvals, size_t limitvals_len, int64_t *soft, int64_t *hard)
{
int ret = 0;
+ long long converted = 0;
+
// parse soft
- ret = util_safe_llong(limitvals[0], (long long *)soft);
+ ret = util_safe_llong(limitvals[0], &converted);
if (ret < 0) {
COMMAND_ERROR("Invalid ulimit soft value: \"%s\", parse int64 failed: %s", val, strerror(-ret));
ret = -1;
goto out;
}
+ *soft = (int64_t)converted;
// parse hard if exists
if (limitvals_len > 1) {
- ret = util_safe_llong(limitvals[1], (long long *)hard);
+ converted = 0;
+ ret = util_safe_llong(limitvals[1], &converted);
if (ret < 0) {
COMMAND_ERROR("Invalid ulimit hard value: \"%s\", parse int64 failed: %s", val, strerror(-ret));
ret = -1;
goto out;
}
+ *hard = (int64_t)converted;
if (*soft > *hard) {
COMMAND_ERROR("Ulimit soft limit must be less than or equal to hard limit: %lld > %lld",
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_engine.c b/src/daemon/modules/runtime/engines/lcr/lcr_engine.c
index 0d29e362..2ca12545 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_engine.c
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_engine.c
@@ -30,7 +30,7 @@
typedef bool (*lcr_state_op_t)(const char *name, const char *lcrpath, struct lcr_container_state *lcs);
typedef void (*lcr_container_state_free_t)(struct lcr_container_state *lcs);
typedef bool (*lcr_update_op_t)(const char *name, const char *lcrpath, struct lcr_cgroup_resources *cr);
-typedef bool (*lcr_start_op_t)(struct lcr_start_request *request);
+typedef bool (*lcr_start_op_t)(const struct lcr_start_request *request);
typedef bool (*lcr_exec_op_t)(const struct lcr_exec_request *request, int *exit_code);
static lcr_state_op_t g_lcr_state_op = NULL;
diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c
index c89f077f..b35061d8 100644
--- a/src/daemon/modules/spec/specs_mount.c
+++ b/src/daemon/modules/spec/specs_mount.c
@@ -2089,21 +2089,25 @@ static int parse_device_cgroup_rule(defs_device_cgroup *spec_dev_cgroup, const c
if (strcmp(file_mode[0], "*") == 0) {
spec_dev_cgroup->major = -1;
} else {
- if (util_safe_llong(file_mode[0], (long long *)&spec_dev_cgroup->major) != 0) {
+ long long converted = 0;
+ if (util_safe_llong(file_mode[0], &converted) != 0) {
ERROR("Invalid rule mode %s", file_mode[0]);
ret = -1;
goto free_out;
}
+ spec_dev_cgroup->major = converted;
}
if (strcmp(file_mode[1], "*") == 0) {
spec_dev_cgroup->minor = -1;
} else {
- if (util_safe_llong(file_mode[1], (long long *)&spec_dev_cgroup->minor) != 0) {
+ long long converted = 0;
+ if (util_safe_llong(file_mode[1], &converted) != 0) {
ERROR("Invalid rule mode %s", file_mode[1]);
ret = -1;
goto free_out;
}
+ spec_dev_cgroup->minor = (int64_t)converted;
}
free_out:
diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c
index 5ea1677c..37475b33 100644
--- a/src/utils/http/parser.c
+++ b/src/utils/http/parser.c
@@ -47,7 +47,7 @@
#include "utils.h"
#include "isula_libutils/log.h"
-size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize)
+static size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize)
{
size_t ssize, dsize;
--
2.32.1 (Apple Git-133)

226
0007-add-pointer-parameters-NULL-check.patch
View File

@ -1,226 +0,0 @@
From 17b6015d5abe3500a5a89d171af79698e57545f2 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 31 May 2022 19:35:35 +0800
Subject: [PATCH 07/30] add pointer parameters NULL check
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/isula/extend/update.c | 24 +++++++++----------
src/cmd/isula/extend/update.h | 1 -
src/cmd/isula/isula_commands.c | 2 +-
src/cmd/isula/isula_commands.h | 2 --
src/daemon/config/isulad_config.c | 4 ++++
src/daemon/modules/api/container_api.h | 2 --
src/daemon/modules/api/plugin_api.h | 1 -
.../modules/container/container_state.c | 2 +-
.../modules/container/containers_store.c | 5 ++++
.../graphdriver/devmapper/deviceset.c | 2 +-
.../graphdriver/overlay2/driver_overlay2.c | 2 +-
src/daemon/modules/plugin/plugin.c | 2 +-
src/daemon/modules/spec/specs_extend.c | 4 ++++
13 files changed, 30 insertions(+), 23 deletions(-)
diff --git a/src/cmd/isula/extend/update.c b/src/cmd/isula/extend/update.c
index a9b0fccf..27cd07c0 100644
--- a/src/cmd/isula/extend/update.c
+++ b/src/cmd/isula/extend/update.c
@@ -86,6 +86,18 @@ error_out:
return NULL;
}
+static int update_checker(const struct client_arguments *args)
+{
+ int ret = 0;
+
+ if (args->argc == 0) {
+ COMMAND_ERROR("Update requires at least 1 container names");
+ return EINVALIDARGS;
+ }
+
+ return ret;
+}
+
static int client_update(const struct client_arguments *args)
{
int ret = 0;
@@ -191,15 +203,3 @@ int cmd_update_main(int argc, const char **argv)
return ret;
}
-
-int update_checker(const struct client_arguments *args)
-{
- int ret = 0;
-
- if (args->argc == 0) {
- COMMAND_ERROR("Update requires at least 1 container names");
- return EINVALIDARGS;
- }
-
- return ret;
-}
diff --git a/src/cmd/isula/extend/update.h b/src/cmd/isula/extend/update.h
index a527b46a..15a6ce59 100644
--- a/src/cmd/isula/extend/update.h
+++ b/src/cmd/isula/extend/update.h
@@ -114,7 +114,6 @@ extern const char g_cmd_update_desc[];
extern const char g_cmd_update_usage[];
extern struct client_arguments g_cmd_update_args;
int cmd_update_main(int argc, const char **argv);
-int update_checker(const struct client_arguments *args);
#ifdef __cplusplus
}
diff --git a/src/cmd/isula/isula_commands.c b/src/cmd/isula/isula_commands.c
index db37f705..89d9ca96 100644
--- a/src/cmd/isula/isula_commands.c
+++ b/src/cmd/isula/isula_commands.c
@@ -94,7 +94,7 @@ static void print_version()
}
/* compare commands */
-int compare_commands(const void *s1, const void *s2)
+static int compare_commands(const void *s1, const void *s2)
{
return strcmp((*(const struct command *)s1).name, (*(const struct command *)s2).name);
}
diff --git a/src/cmd/isula/isula_commands.h b/src/cmd/isula/isula_commands.h
index 0518025f..1ee773ee 100644
--- a/src/cmd/isula/isula_commands.h
+++ b/src/cmd/isula/isula_commands.h
@@ -44,8 +44,6 @@ struct command {
// NOTE: Command arrays must end in a command with all member is NULL
const struct command *command_by_name(const struct command *cmds, const char * const name);
-int compare_commands(const void *s1, const void *s2);
-
// Default help command if implementation doesn't prvide one
int command_default_help(const char * const program_name, struct command *commands, int argc, const char **argv);
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 287e5707..92d86a3b 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -1069,6 +1069,10 @@ int conf_get_isulad_default_ulimit(host_config_ulimits_element ***ulimit)
size_t i, ulimit_len;
struct service_arguments *conf = NULL;
+ if (ulimit == NULL) {
+ return -1;
+ }
+
if (isulad_server_conf_rdlock() != 0) {
return -1;
}
diff --git a/src/daemon/modules/api/container_api.h b/src/daemon/modules/api/container_api.h
index 3b7f2889..1140d4d5 100644
--- a/src/daemon/modules/api/container_api.h
+++ b/src/daemon/modules/api/container_api.h
@@ -244,8 +244,6 @@ char *container_state_get_started_at(container_state_t *s);
bool container_is_valid_state_string(const char *state);
-int container_dup_health_check_status(defs_health **dst, const defs_health *src);
-
void container_update_health_monitor(const char *container_id);
extern int container_supervisor_add_exit_monitor(int fd, const pid_ppid_info_t *pid_info, const char *name,
diff --git a/src/daemon/modules/api/plugin_api.h b/src/daemon/modules/api/plugin_api.h
index 82011363..4346b9e9 100644
--- a/src/daemon/modules/api/plugin_api.h
+++ b/src/daemon/modules/api/plugin_api.h
@@ -68,7 +68,6 @@ plugin_t *plugin_new(const char *name, const char *addr);
void plugin_get(plugin_t *plugin); /* ref++ */
void plugin_put(plugin_t *plugin); /* ref-- */
-int plugin_set_activated(plugin_t *plugin, bool activated, const char *errmsg);
int plugin_set_manifest(plugin_t *plugin, const plugin_manifest_t *manifest);
bool plugin_is_watching(plugin_t *plugin, uint64_t pe);
diff --git a/src/daemon/modules/container/container_state.c b/src/daemon/modules/container/container_state.c
index 834901f3..efcbe852 100644
--- a/src/daemon/modules/container/container_state.c
+++ b/src/daemon/modules/container/container_state.c
@@ -462,7 +462,7 @@ Container_Status container_state_get_status(container_state_t *s)
return status;
}
-int container_dup_health_check_status(defs_health **dst, const defs_health *src)
+static int container_dup_health_check_status(defs_health **dst, const defs_health *src)
{
int ret = 0;
size_t i = 0;
diff --git a/src/daemon/modules/container/containers_store.c b/src/daemon/modules/container/containers_store.c
index 42972392..e0700296 100644
--- a/src/daemon/modules/container/containers_store.c
+++ b/src/daemon/modules/container/containers_store.c
@@ -247,6 +247,11 @@ int containers_store_list(container_t ***out, size_t *size)
container_t **conts = NULL;
map_itor *itor = NULL;
+ if (out == NULL || size == NULL) {
+ ERROR("Invalid arguments");
+ return -1;
+ }
+
if (pthread_rwlock_rdlock(&g_containers_store->rwlock) != 0) {
ERROR("lock memory store failed");
return -1;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
index 728b0a62..e20d4f1b 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
@@ -3019,7 +3019,7 @@ int unmount_device(const char *hash, const char *mount_path, struct device_set *
int ret = 0;
devmapper_device_info_t *device_info = NULL;
- if (hash == NULL || mount_path == NULL) {
+ if (hash == NULL || mount_path == NULL || devset == NULL) {
ERROR("devmapper: invalid input params to unmount device");
return -1;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index 6d1832be..7a45f880 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -2123,7 +2123,7 @@ int overlay2_get_layer_fs_info(const char *id, const struct graphdriver *driver,
char *layer_dir = NULL;
char *layer_diff = NULL;
- if (id == NULL || fs_info == NULL) {
+ if (id == NULL || driver == NULL || fs_info == NULL) {
ERROR("Invalid input arguments");
return -1;
}
diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c
index 4a14ee46..4cea2b2a 100644
--- a/src/daemon/modules/plugin/plugin.c
+++ b/src/daemon/modules/plugin/plugin.c
@@ -785,7 +785,7 @@ bad:
return NULL;
}
-int plugin_set_activated(plugin_t *plugin, bool activated, const char *errmsg)
+static int plugin_set_activated(plugin_t *plugin, bool activated, const char *errmsg)
{
plugin_wrlock(plugin);
plugin->activated = activated;
diff --git a/src/daemon/modules/spec/specs_extend.c b/src/daemon/modules/spec/specs_extend.c
index 7f43ae57..6276a586 100644
--- a/src/daemon/modules/spec/specs_extend.c
+++ b/src/daemon/modules/spec/specs_extend.c
@@ -496,6 +496,10 @@ int make_sure_oci_spec_linux_resources(oci_runtime_spec *oci_spec)
{
int ret = 0;
+ if (oci_spec == NULL) {
+ return -1;
+ }
+
ret = make_sure_oci_spec_linux(oci_spec);
if (ret < 0) {
return -1;
--
2.32.1 (Apple Git-133)

533
0008-add-check-to-arguments.patch
View File

@ -1,533 +0,0 @@
From 56c2a6a98d51ea893939079cc31e3a7897fa5aba Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 31 May 2022 12:53:10 +0100
Subject: [PATCH 08/30] add check to arguments
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/isula/base/create.c | 7 ++-
src/cmd/isula/stream/attach.c | 5 ++
src/cmd/isulad/isulad_commands.c | 2 +-
src/daemon/common/err_msg.c | 5 +-
src/daemon/common/selinux_label.c | 7 ++-
src/daemon/common/sysinfo.c | 9 +++
src/daemon/config/isulad_config.c | 9 +++
src/daemon/modules/api/plugin_api.h | 1 -
src/daemon/modules/image/image.c | 6 ++
.../modules/image/oci/oci_common_operators.c | 2 +-
.../graphdriver/devmapper/deviceset.c | 5 ++
.../graphdriver/devmapper/metadata_store.c | 4 ++
src/daemon/modules/plugin/plugin.c | 58 ++-----------------
src/utils/console/console.c | 10 ++++
src/utils/cutils/filters.c | 2 +-
src/utils/cutils/map/rb_tree.c | 4 ++
src/utils/cutils/path.c | 5 ++
src/utils/cutils/utils.c | 48 +++++++--------
src/utils/http/http.c | 7 ++-
src/utils/http/parser.c | 5 ++
test/path/path_ut.cc | 5 ++
21 files changed, 120 insertions(+), 86 deletions(-)
diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c
index ce485f0d..2db2fd21 100644
--- a/src/cmd/isula/base/create.c
+++ b/src/cmd/isula/base/create.c
@@ -393,7 +393,7 @@ static int read_label_from_file(const char *path, size_t file_size, isula_contai
if (file_size == 0) {
return 0;
}
- fp = fopen(path, "re");
+ fp = util_fopen(path, "re");
if (fp == NULL) {
ERROR("Failed to open '%s'", path);
return -1;
@@ -1477,12 +1477,13 @@ int callback_log_opt(command_option_t *option, const char *value)
int callback_log_driver(command_option_t *option, const char *value)
{
- struct client_arguments *args = (struct client_arguments *)option->data;
+ struct client_arguments *args = NULL;
- if (value == NULL) {
+ if (value == NULL || option == NULL) {
COMMAND_ERROR("log driver is NULL");
return -1;
}
+ args = (struct client_arguments *)option->data;
if (!check_opt_container_log_driver(value)) {
COMMAND_ERROR("Unsupported log driver: %s", value);
diff --git a/src/cmd/isula/stream/attach.c b/src/cmd/isula/stream/attach.c
index 3a434bca..9cc19161 100644
--- a/src/cmd/isula/stream/attach.c
+++ b/src/cmd/isula/stream/attach.c
@@ -104,6 +104,11 @@ int inspect_container(const struct client_arguments *args, container_inspect **i
isula_connect_ops *ops = NULL;
parser_error perr = NULL;
+ if (inspect_data == NULL) {
+ COMMAND_ERROR("Empty inspect data");
+ return -1;
+ }
+
inspect_response = util_common_calloc_s(sizeof(struct isula_inspect_response));
if (inspect_response == NULL) {
COMMAND_ERROR("Out of memory");
diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c
index f73a82e2..89d91c1b 100644
--- a/src/cmd/isulad/isulad_commands.c
+++ b/src/cmd/isulad/isulad_commands.c
@@ -657,7 +657,7 @@ static int check_conf_default_ulimit(const struct service_arguments *args)
ret = -1;
goto out;
}
- if (strcmp(ptr->name, type) != 0) {
+ if (type == NULL || strcmp(ptr->name, type) != 0) {
COMMAND_ERROR("Ulimit Name \"%s\" must same as type \"%s\" in %s", ptr->name, type,
ISULAD_DAEMON_JSON_CONF_FILE);
ret = -1;
diff --git a/src/daemon/common/err_msg.c b/src/daemon/common/err_msg.c
index 739cb353..3e62fad6 100644
--- a/src/daemon/common/err_msg.c
+++ b/src/daemon/common/err_msg.c
@@ -29,8 +29,11 @@ void isulad_set_error_message(const char *format, ...)
{
int ret = 0;
char errbuf[BUFSIZ + 1] = { 0 };
-
va_list argp;
+
+ if (format == NULL) {
+ return;
+ }
va_start(argp, format);
ret = vsnprintf(errbuf, BUFSIZ, format, argp);
diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c
index 5468111e..533393a6 100644
--- a/src/daemon/common/selinux_label.c
+++ b/src/daemon/common/selinux_label.c
@@ -602,7 +602,7 @@ static int container_label(char **process_label, char **file_label)
return -1;
}
- file = fopen(lxc_path, "re");
+ file = util_fopen(lxc_path, "re");
if (file == NULL) {
ERROR("Failed to open '%s'", lxc_path);
return -1;
@@ -782,6 +782,11 @@ int init_label(const char **label_opts, size_t label_opts_len, char **dst_proces
return 0;
}
+ if (label_opts == NULL || dst_process_label == NULL || dst_mount_label == NULL) {
+ ERROR("Empty arguments");
+ return -1;
+ }
+
if (container_label(&process_label, &mount_label) != 0) {
ret = -1;
goto out;
diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c
index 6fb4ec38..89ca5225 100644
--- a/src/daemon/common/sysinfo.c
+++ b/src/daemon/common/sysinfo.c
@@ -915,6 +915,11 @@ int find_cgroup_mountpoint_and_root(const char *subsystem, char **mountpoint, ch
size_t length = 0;
char *pline = NULL;
+ if (subsystem == NULL) {
+ ERROR("Empty subsystem");
+ return -1;
+ }
+
fp = util_fopen("/proc/self/mountinfo", "r");
if (fp == NULL) {
ERROR("Failed to open \"/proc/self/mountinfo\"\n");
@@ -1566,6 +1571,10 @@ mountinfo_t *find_mount_info(mountinfo_t **minfos, const char *dir)
{
mountinfo_t **it = NULL;
+ if (dir == NULL) {
+ return NULL;
+ }
+
for (it = minfos; it && *it; it++) {
if ((*it)->mountpoint && !strcmp((*it)->mountpoint, dir)) {
return *it;
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 92d86a3b..38d2a0bf 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -227,6 +227,10 @@ int conf_get_cgroup_cpu_rt(int64_t *cpu_rt_period, int64_t *cpu_rt_runtime)
{
struct service_arguments *conf = NULL;
+ if (cpu_rt_period == NULL || cpu_rt_runtime == NULL) {
+ return -1;
+ }
+
if (isulad_server_conf_rdlock() != 0) {
return -1;
}
@@ -776,6 +780,11 @@ out:
int conf_get_daemon_log_config(char **loglevel, char **logdriver, char **engine_log_path)
{
+ if (loglevel == NULL || logdriver == NULL || engine_log_path == NULL) {
+ ERROR("Empty arguments");
+ return -1;
+ }
+
*loglevel = conf_get_isulad_loglevel();
if (*loglevel == NULL) {
ERROR("DoStart: Failed to get log level");
diff --git a/src/daemon/modules/api/plugin_api.h b/src/daemon/modules/api/plugin_api.h
index 4346b9e9..303ba6bf 100644
--- a/src/daemon/modules/api/plugin_api.h
+++ b/src/daemon/modules/api/plugin_api.h
@@ -101,7 +101,6 @@ int pm_del_plugin(const plugin_t *plugin);
*/
int pm_get_plugin(const char *name, plugin_t **rplugin);
void pm_put_plugin(plugin_t *plugin);
-int pm_get_plugins_nolock(uint64_t pe, plugin_t ***rplugins, size_t *count);
int start_plugin_manager(void);
int plugin_event_container_pre_create(const char *cid, oci_runtime_spec *ocic);
diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c
index 6832aec3..f487f831 100644
--- a/src/daemon/modules/image/image.c
+++ b/src/daemon/modules/image/image.c
@@ -831,11 +831,17 @@ static int append_images_to_response(im_list_response *response, imagetool_image
out:
return ret;
}
+
int im_list_images(const im_list_request *ctx, im_list_response **response)
{
size_t i;
imagetool_images_list *images_tmp = NULL;
+ if (response == NULL) {
+ ERROR("Empty arguments");
+ return -1;
+ }
+
*response = util_common_calloc_s(sizeof(im_list_response));
if (*response == NULL) {
ERROR("Out of memory");
diff --git a/src/daemon/modules/image/oci/oci_common_operators.c b/src/daemon/modules/image/oci/oci_common_operators.c
index 09405651..fd23096a 100644
--- a/src/daemon/modules/image/oci/oci_common_operators.c
+++ b/src/daemon/modules/image/oci/oci_common_operators.c
@@ -459,7 +459,7 @@ int oci_status_image(im_status_request *request, im_status_response *response)
char *image_ref = NULL;
char *resolved_name = NULL;
- if (response == NULL) {
+ if (request == NULL || response == NULL) {
ERROR("Invalid arguments");
return -1;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
index e20d4f1b..d90dde50 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
@@ -3183,6 +3183,11 @@ struct status *device_set_status(struct device_set *devset)
int sem_usz = 0;
int sem_mni = 0;
+ if (devset == NULL) {
+ ERROR("empty arguments");
+ return NULL;
+ }
+
if (pthread_rwlock_wrlock(&(devset->devmapper_driver_rwlock)) != 0) {
ERROR("lock devmapper conf failed");
return NULL;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c
index c8d10b7a..93fc9758 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c
@@ -201,6 +201,10 @@ char **metadata_store_list_hashes(metadata_store_t *meta_store)
char **hashes_array = NULL;
map_itor *itor = NULL;
+ if (meta_store == NULL) {
+ return NULL;
+ }
+
if (map_size(meta_store->map) == 0) {
DEBUG("Metadata store hash list is empty");
ret = true;
diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c
index 4cea2b2a..4e343a20 100644
--- a/src/daemon/modules/plugin/plugin.c
+++ b/src/daemon/modules/plugin/plugin.c
@@ -760,8 +760,14 @@ plugin_t *plugin_new(const char *name, const char *addr)
plugin_t *plugin = NULL;
int errcode = 0;
+ if (name == NULL || addr == NULL) {
+ ERROR("Empty arguments");
+ return NULL;
+ }
+
plugin = util_common_calloc_s(sizeof(plugin_t));
if (plugin == NULL) {
+ ERROR("Out of memory");
goto bad;
}
@@ -1234,58 +1240,6 @@ void pm_put_plugin(plugin_t *plugin)
plugin_put(plugin);
}
-int pm_get_plugins_nolock(uint64_t pe, plugin_t ***rplugins, size_t *count)
-{
- int ret = 0;
- int i = 0;
- size_t size = 0;
- plugin_t **plugins = NULL;
- map_itor *itor = NULL;
-
- size = map_size(g_plugin_manager->np);
- if (size == 0) { /* empty */
- return 0;
- }
- if (size > SIZE_MAX / sizeof(plugin_t *)) {
- ret = -1;
- ERROR("Invalid plugins size");
- goto out;
- }
-
- plugins = util_common_calloc_s(sizeof(plugin_t *) * size);
- if (plugins == NULL) {
- ret = -1;
- ERROR("Out of memory");
- goto out;
- }
-
- itor = map_itor_new(g_plugin_manager->np);
- if (itor == NULL) {
- ret = -1;
- ERROR("Out of memory");
- goto out;
- }
-
- for (i = 0; i < (int)size && map_itor_valid(itor); i++, map_itor_next(itor)) {
- plugins[i] = map_itor_value(itor);
- /* plugin_put() called in pm_put_plugins() */
- plugin_get(plugins[i]);
- }
-
- *rplugins = plugins;
- *count = (size_t)i;
-
-out:
- map_itor_free(itor);
- itor = NULL;
-
- if (ret < 0) {
- UTIL_FREE_AND_SET_NULL(plugins);
- }
-
- return ret;
-}
-
static void pm_np_item_free(void *key, void *val)
{
plugin_t *plugin = val;
diff --git a/src/utils/console/console.c b/src/utils/console/console.c
index 17c8b242..8492eb4d 100644
--- a/src/utils/console/console.c
+++ b/src/utils/console/console.c
@@ -253,6 +253,11 @@ int console_fifo_open(const char *fifo_path, int *fdout, int flags)
{
int fd = 0;
+ if (fifo_path ==NULL || fdout == NULL) {
+ ERROR("Argument must not be NULL");
+ return -1;
+ }
+
fd = util_open(fifo_path, flags, (mode_t)0);
if (fd < 0) {
ERROR("Failed to open fifo %s to send message: %s.", fifo_path, strerror(errno));
@@ -302,6 +307,11 @@ int setup_tios(int fd, struct termios *curr_tios)
struct termios tmptios;
int ret = 0;
+ if (curr_tios == NULL) {
+ ERROR("Empty terminal io setting");
+ return -1;
+ }
+
if (!isatty(fd)) {
ERROR("Specified fd: '%d' is not a tty", fd);
return -1;
diff --git a/src/utils/cutils/filters.c b/src/utils/cutils/filters.c
index a8fa220f..1885e9cc 100644
--- a/src/utils/cutils/filters.c
+++ b/src/utils/cutils/filters.c
@@ -66,7 +66,7 @@ char **filters_args_get(const struct filters_args *filters, const char *field)
map_t *field_values_map = NULL;
map_itor *itor = NULL;
- if (filters == NULL || filters->fields == NULL) {
+ if (filters == NULL || filters->fields == NULL || field == NULL) {
return NULL;
}
diff --git a/src/utils/cutils/map/rb_tree.c b/src/utils/cutils/map/rb_tree.c
index ddae0646..b63165d5 100644
--- a/src/utils/cutils/map/rb_tree.c
+++ b/src/utils/cutils/map/rb_tree.c
@@ -133,6 +133,10 @@ void rbtree_clear(rb_tree_t *tree)
void rbtree_free(rb_tree_t *tree)
{
+ if (tree == NULL) {
+ return;
+ }
+
rbtree_clear(tree);
free(tree->nil);
tree->nil = NULL;
diff --git a/src/utils/cutils/path.c b/src/utils/cutils/path.c
index f195257d..2446f479 100644
--- a/src/utils/cutils/path.c
+++ b/src/utils/cutils/path.c
@@ -590,6 +590,11 @@ int util_resolve_path(const char *rootpath, const char *path, char **resolvedpat
char tmppath[PATH_MAX] = { 0 };
char cleanedpath[PATH_MAX] = { 0 };
+ if (abspath == NULL || resolvedpath == NULL || rootpath == NULL) {
+ ERROR("Empty arguments");
+ return -1;
+ }
+
*resolvedpath = NULL;
*abspath = NULL;
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index 278a72c5..30ff629f 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -1475,32 +1475,32 @@ void util_parse_user_group(const char *username, char **user, char **group, char
return;
}
- if (username != NULL) {
- tmp = util_strdup_s(username);
-
- // for free tmp in caller
- *tmp_dup = tmp;
-
- pdot = strstr(tmp, ":");
- if (pdot != NULL) {
- *pdot = '\0';
- if (pdot != tmp) {
- // User found
- *user = tmp;
- }
- if (*(pdot + 1) != '\0') {
- // group found
- *group = pdot + 1;
- }
- } else {
- // No : found
- if (*tmp != '\0') {
- *user = tmp;
- }
- }
+ if (username == NULL) {
+ return;
}
- return;
+ tmp = util_strdup_s(username);
+
+ // for free tmp in caller
+ *tmp_dup = tmp;
+
+ pdot = strstr(tmp, ":");
+ if (pdot != NULL) {
+ *pdot = '\0';
+ if (pdot != tmp) {
+ // User found
+ *user = tmp;
+ }
+ if (*(pdot + 1) != '\0') {
+ // group found
+ *group = pdot + 1;
+ }
+ } else {
+ // No : found
+ if (*tmp != '\0') {
+ *user = tmp;
+ }
+ }
}
defs_map_string_object *dup_map_string_empty_object(defs_map_string_object *src)
diff --git a/src/utils/http/http.c b/src/utils/http/http.c
index 0b53cf1e..e4788efd 100644
--- a/src/utils/http/http.c
+++ b/src/utils/http/http.c
@@ -241,7 +241,7 @@ static void http_custom_general_options(CURL *curl_handle, const struct http_get
static int http_custom_options(CURL *curl_handle, const struct http_get_options *options)
{
- if (curl_handle == NULL || options == NULL) {
+ if (curl_handle == NULL) {
return -1;
}
@@ -413,6 +413,11 @@ int http_request(const char *url, struct http_get_options *options, long *respon
size_t fsize = 0;
char *replaced_url = 0;
+ if (url == NULL || options == NULL) {
+ ERROR("must set url and options to use http request");
+ return -1;
+ }
+
if (recursive_len + 1 >= MAX_REDIRCT_NUMS) {
ERROR("reach the max redirect num");
return -1;
diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c
index 37475b33..0e0e603b 100644
--- a/src/utils/http/parser.c
+++ b/src/utils/http/parser.c
@@ -319,6 +319,11 @@ char *get_header_value(const struct parsed_http_message *m, const char *header)
int i = 0;
char *ret = NULL;
+ if (m == NULL || header == NULL) {
+ ERROR("Empty arguments");
+ return NULL;
+ }
+
for (i = 0; i < m->num_headers; i++) {
if (strcasecmp(m->headers[i][0], header) == 0) {
ret = (char *)m->headers[i][1];
diff --git a/test/path/path_ut.cc b/test/path/path_ut.cc
index ce6dcc08..0068ecb4 100644
--- a/test/path/path_ut.cc
+++ b/test/path/path_ut.cc
@@ -311,6 +311,11 @@ TEST(path_ut, test_resolve_path)
char *resolvedpath = nullptr;
char *abspath = nullptr;
+ rootpath = "/home";
+ path = "/home/dir/test";
+ ASSERT_EQ(util_resolve_path(rootpath.c_str(), path.c_str(), nullptr, &abspath), -1);
+ ASSERT_EQ(util_resolve_path(rootpath.c_str(), path.c_str(), &resolvedpath, nullptr), -1);
+
ASSERT_EQ(util_resolve_path(nullptr, nullptr, &resolvedpath, &abspath), -1);
free(resolvedpath);
resolvedpath = nullptr;
--
2.32.1 (Apple Git-133)

26
0009-remove-static-of-strlncat.patch
View File

@ -1,26 +0,0 @@
From 9133e2159e9e69434b41e9649762f8eaed191f37 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 31 May 2022 22:39:44 +0800
Subject: [PATCH 09/30] remove static of strlncat
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/utils/http/parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c
index 0e0e603b..12df2435 100644
--- a/src/utils/http/parser.c
+++ b/src/utils/http/parser.c
@@ -47,7 +47,7 @@
#include "utils.h"
#include "isula_libutils/log.h"
-static size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize)
+size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize)
{
size_t ssize, dsize;
--
2.32.1 (Apple Git-133)

26
0010-remove-check-parameter-label_opts-in-init_label.patch
View File

@ -1,26 +0,0 @@
From 60715b192de2cb1b4e8fe9ce48ddf081a6d2be53 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Wed, 1 Jun 2022 09:50:03 +0800
Subject: [PATCH 10/30] remove check parameter label_opts in init_label
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/daemon/common/selinux_label.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c
index 533393a6..52422970 100644
--- a/src/daemon/common/selinux_label.c
+++ b/src/daemon/common/selinux_label.c
@@ -782,7 +782,7 @@ int init_label(const char **label_opts, size_t label_opts_len, char **dst_proces
return 0;
}
- if (label_opts == NULL || dst_process_label == NULL || dst_mount_label == NULL) {
+ if (dst_process_label == NULL || dst_mount_label == NULL) {
ERROR("Empty arguments");
return -1;
}
--
2.32.1 (Apple Git-133)

191
0011-update-seccomp-to-Linux-5.10-syscall-list.patch
View File

@ -1,191 +0,0 @@
From 55a4f57232c42a9c2d36a41de5d743ee9ebbe88e Mon Sep 17 00:00:00 2001
From: vegbir <yangjiaqi16@huawei.com>
Date: Wed, 1 Jun 2022 13:44:37 +0800
Subject: [PATCH 11/30] update seccomp to Linux 5.10 syscall list
Signed-off-by: yangjiaqi <yangjiaqi16@huawei.com>
---
src/contrib/config/seccomp_default.json | 39 +++++++++++++++++++++++--
1 file changed, 36 insertions(+), 3 deletions(-)
diff --git a/src/contrib/config/seccomp_default.json b/src/contrib/config/seccomp_default.json
index 7218b99c..7b2fcad3 100644
--- a/src/contrib/config/seccomp_default.json
+++ b/src/contrib/config/seccomp_default.json
@@ -31,10 +31,16 @@
"chmod",
"chown",
"chown32",
+ "clock_adjtime",
+ "clock_adjtime64",
"clock_getres",
+ "clock_getres_time64",
"clock_gettime",
+ "clock_gettime64",
"clock_nanosleep",
+ "clock_nanosleep_time64",
"close",
+ "close_range",
"connect",
"copy_file_range",
"creat",
@@ -46,6 +52,7 @@
"epoll_ctl",
"epoll_ctl_old",
"epoll_pwait",
+ "epoll_pwait2",
"epoll_wait",
"epoll_wait_old",
"eventfd",
@@ -55,6 +62,7 @@
"exit",
"exit_group",
"faccessat",
+ "faccessat2",
"fadvise64",
"fadvise64_64",
"fallocate",
@@ -83,6 +91,7 @@
"ftruncate",
"ftruncate64",
"futex",
+ "futex_time64",
"futimesat",
"getcpu",
"getcwd",
@@ -128,10 +137,15 @@
"ioctl",
"io_destroy",
"io_getevents",
+ "io_pgetevents",
+ "io_pgetevents_time64",
"ioprio_get",
"ioprio_set",
"io_setup",
"io_submit",
+ "io_uring_enter",
+ "io_uring_register",
+ "io_uring_setup",
"ipc",
"kill",
"lchown",
@@ -149,6 +163,7 @@
"lstat",
"lstat64",
"madvise",
+ "membarrier",
"memfd_create",
"mincore",
"mkdir",
@@ -165,7 +180,9 @@
"mq_notify",
"mq_open",
"mq_timedreceive",
+ "mq_timedreceive_time64",
"mq_timedsend",
+ "mq_timedsend_time64",
"mq_unlink",
"mremap",
"msgctl",
@@ -181,17 +198,22 @@
"_newselect",
"open",
"openat",
+ "openat2",
"pause",
+ "pidfd_open",
+ "pidfd_send_signal",
"pipe",
"pipe2",
"poll",
"ppoll",
+ "ppoll_time64",
"prctl",
"pread64",
"preadv",
"preadv2",
"prlimit64",
"pselect6",
+ "pselect6_time64",
"pwrite64",
"pwritev",
"pwritev2",
@@ -203,6 +225,7 @@
"recv",
"recvfrom",
"recvmmsg",
+ "recvmmsg_time64",
"recvmsg",
"remap_file_pages",
"removexattr",
@@ -211,6 +234,7 @@
"renameat2",
"restart_syscall",
"rmdir",
+ "rseq",
"rt_sigaction",
"rt_sigpending",
"rt_sigprocmask",
@@ -218,6 +242,7 @@
"rt_sigreturn",
"rt_sigsuspend",
"rt_sigtimedwait",
+ "rt_sigtimedwait_time64",
"rt_tgsigqueueinfo",
"sched_getaffinity",
"sched_getattr",
@@ -226,6 +251,7 @@
"sched_get_priority_min",
"sched_getscheduler",
"sched_rr_get_interval",
+ "sched_rr_get_interval_time64",
"sched_setaffinity",
"sched_setattr",
"sched_setparam",
@@ -237,6 +263,7 @@
"semget",
"semop",
"semtimedop",
+ "semtimedop_time64",
"send",
"sendfile",
"sendfile64",
@@ -279,6 +306,7 @@
"sigaltstack",
"signalfd",
"signalfd4",
+ "sigprocmask",
"sigreturn",
"socket",
"socketcall",
@@ -300,12 +328,16 @@
"time",
"timer_create",
"timer_delete",
- "timerfd_create",
- "timerfd_gettime",
- "timerfd_settime",
"timer_getoverrun",
"timer_gettime",
+ "timer_gettime64",
"timer_settime",
+ "timer_settime64",
+ "timerfd_create",
+ "timerfd_gettime",
+ "timerfd_gettime64",
+ "timerfd_settime",
+ "timerfd_settime64",
"times",
"tkill",
"truncate",
@@ -317,6 +349,7 @@
"unlinkat",
"utime",
"utimensat",
+ "utimensat_time64",
"utimes",
"vfork",
"vmsplice",
--
2.32.1 (Apple Git-133)

319
0012-fix-invalid-convert-and-format.patch
View File

@ -1,319 +0,0 @@
From 8dcad172ea0241f35cdd464029523253ada7e99f Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 1 Jun 2022 12:53:56 +0100
Subject: [PATCH 12/30] fix invalid convert and format
1. invalid convert;
2. error print format;
3. unuse marco;
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/isula/base/create.h | 3 +--
src/cmd/isula/information/inspect.c | 1 -
src/cmd/isula/information/ps.c | 1 -
src/cmd/isulad/isulad_commands.h | 3 +--
src/cmd/isulad/main.c | 2 +-
src/daemon/modules/runtime/shim/shim_rt_ops.c | 11 ++++++-----
src/daemon/modules/service/service_container.c | 6 +++---
src/daemon/modules/spec/specs_namespace.c | 8 +++++---
src/utils/cutils/utils.c | 2 +-
src/utils/cutils/utils_aes.c | 7 +------
src/utils/cutils/utils_aes.h | 1 -
src/utils/cutils/utils_file.c | 1 -
src/utils/cutils/utils_network.c | 11 +++++++++--
13 files changed, 28 insertions(+), 29 deletions(-)
diff --git a/src/cmd/isula/base/create.h b/src/cmd/isula/base/create.h
index 36c0dc9e..467fefe8 100644
--- a/src/cmd/isula/base/create.h
+++ b/src/cmd/isula/base/create.h
@@ -414,8 +414,7 @@ extern "C" {
"health-start-period", \
0, \
&(cmdargs).custom_conf.health_start_period, \
- "Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) " \
- "(default 0s)", \
+ "Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s)", \
command_convert_nanoseconds }, \
{ CMD_OPT_TYPE_BOOL, \
false, \
diff --git a/src/cmd/isula/information/inspect.c b/src/cmd/isula/information/inspect.c
index 30b228a0..5058fb95 100644
--- a/src/cmd/isula/information/inspect.c
+++ b/src/cmd/isula/information/inspect.c
@@ -639,7 +639,6 @@ out:
return ret_string;
}
-#define MATCH_NUM 1
#define CHECK_FAILED (-1)
#ifdef __ANDROID__
#define JSON_ARGS "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*(json)?[ \t\r\n\v\f]+[^ \t\r\n\v\f]+[ \t\r\n\v\f]*.*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$"
diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c
index 45296fad..74c2f94a 100644
--- a/src/cmd/isula/information/ps.c
+++ b/src/cmd/isula/information/ps.c
@@ -765,7 +765,6 @@ static int get_header_field(const char *patten, struct filters *ff)
static int format_field_check(const char *source, const char *patten)
{
-#define MATCH_NUM 1
#define CHECK_FAILED (-1)
int status = 0;
diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h
index e989466f..ad8ba9e5 100644
--- a/src/cmd/isulad/isulad_commands.h
+++ b/src/cmd/isulad/isulad_commands.h
@@ -182,8 +182,7 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
"pod-sandbox-image", \
0, \
&(cmdargs)->json_confs->pod_sandbox_image, \
- "The image whose network/ipc namespaces containers in each pod will use. " \
- "(default \"pause-${machine}:3.0\")", \
+ "The image whose network/ipc namespaces containers in each pod will use. (default \"pause-${machine}:3.0\")", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 9801c245..e644b16d 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -707,7 +707,7 @@ static int update_graph_for_userns_remap(struct service_arguments *args)
goto out;
}
- nret = snprintf(graph, sizeof(graph), "%s/%d.%d", args->json_confs->graph, host_uid, host_gid);
+ nret = snprintf(graph, sizeof(graph), "%s/%u.%u", args->json_confs->graph, host_uid, host_gid);
if (nret < 0 || (size_t)nret >= sizeof(graph)) {
ERROR("Path is too long");
ret = -1;
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index 346e6f48..21d339e5 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -30,8 +30,6 @@
#include "err_msg.h"
#include "engine.h"
-#define SHIM_LOG_SIZE ((BUFSIZ-100)/2)
-#define PID_WAIT_TIME 120
#define EXIT_SIGNAL_OFFSET_X 128
static void copy_process(shim_client_process_state *p, defs_process *dp)
@@ -112,7 +110,7 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w
int err_fd[2] = {-1, -1};
int out_fd[2] = {-1, -1};
char exec_buff[BUFSIZ + 1] = {0};
- char stdout_buff[BUFSIZ + 1] = {0};
+ char stdout_buff[PATH_MAX] = {0};
char stderr_buff[BUFSIZ + 1] = {0};
@@ -177,7 +175,10 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w
(void)dprintf(exec_fd[1], "close inherited fds failed");
}
- setenv("EXIT_FIFO_DIR", exit_fifo_dir, 1);
+ if (setenv("EXIT_FIFO_DIR", exit_fifo_dir, 1) != 0) {
+ (void)dprintf(exec_fd[1], "%s: failed to set env for process %d", id, getpid());
+ exit(EXIT_FAILURE);
+ }
execvp(binary, (char * const *)params);
(void)dprintf(exec_fd[1], "exec failed: %s", strerror(errno));
@@ -379,7 +380,7 @@ int rt_shim_rm(const char *id, const char *runtime, const rt_rm_params_t *params
}
nret = snprintf(libdir, sizeof(libdir), "%s/%s", params->rootpath, id);
- if (nret < 0 && nret >= sizeof(libdir)) {
+ if (nret < 0 || nret >= sizeof(libdir)) {
ERROR("failed to get shim workdir");
ret = -1;
goto out;
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 64219423..c3c4fc1c 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -1233,7 +1233,7 @@ static int send_signal_to_process(pid_t pid, unsigned long long start_time, uint
return 0;
}
-static int container_stop_signal(container_t *cont)
+static uint32_t container_stop_signal(container_t *cont)
{
int signal = 0;
@@ -1245,7 +1245,7 @@ static int container_stop_signal(container_t *cont)
signal = SIGTERM;
}
- return signal;
+ return (uint32_t)signal;
}
static int kill_with_signal(container_t *cont, uint32_t signal)
@@ -1253,7 +1253,7 @@ static int kill_with_signal(container_t *cont, uint32_t signal)
int ret = 0;
int nret = 0;
const char *id = cont->common_config->id;
- int stop_signal = container_stop_signal(cont);
+ uint32_t stop_signal = container_stop_signal(cont);
bool need_unpause = container_is_paused(cont->state);
rt_resume_params_t params = { 0 };
char annotations[EVENT_EXTRA_ANNOTATION_MAX] = { 0 };
diff --git a/src/daemon/modules/spec/specs_namespace.c b/src/daemon/modules/spec/specs_namespace.c
index e9f98d00..3888f556 100644
--- a/src/daemon/modules/spec/specs_namespace.c
+++ b/src/daemon/modules/spec/specs_namespace.c
@@ -191,7 +191,7 @@ int get_network_namespace_path(const host_config *host_spec,
const container_config_v2_common_config_network_settings *network_settings,
const char *type, char **dest_path)
{
- int index;
+ size_t index = 0;
int ret = -1;
struct get_netns_path_handler handler_jump_table[] = {
{ SHARE_NAMESPACE_NONE, handle_get_path_from_none },
@@ -200,11 +200,13 @@ int get_network_namespace_path(const host_config *host_spec,
{ SHARE_NAMESPACE_FILE, handle_get_path_from_file },
};
size_t jump_table_size = sizeof(handler_jump_table) / sizeof(handler_jump_table[0]);
- const char *network_mode = host_spec->network_mode;
+ const char *network_mode = NULL;
- if (network_mode == NULL || dest_path == NULL) {
+ if (host_spec == NULL || network_mode == NULL || dest_path == NULL) {
+ ERROR("Invalid input");
return -1;
}
+ network_mode = host_spec->network_mode;
for (index = 0; index < jump_table_size; ++index) {
if (strncmp(network_mode, handler_jump_table[index].mode, strlen(handler_jump_table[index].mode)) == 0) {
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index 30ff629f..a47c5644 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -1549,7 +1549,7 @@ out:
int convert_v2_runtime(const char *runtime, char *binary)
{
char **parts = NULL;
- int parts_len = 0;
+ size_t parts_len = 0;
char buf[PATH_MAX] = {0};
int ret = 0;
diff --git a/src/utils/cutils/utils_aes.c b/src/utils/cutils/utils_aes.c
index 5dc822a2..dec1e8bc 100644
--- a/src/utils/cutils/utils_aes.c
+++ b/src/utils/cutils/utils_aes.c
@@ -28,8 +28,6 @@
#include "openssl/evp.h"
#include "utils_file.h"
-#define AES_256_CFB_IV_LEN 16
-
int util_aes_key(char *key_file, bool create, unsigned char *aeskey)
{
char *key_dir = NULL;
@@ -83,7 +81,6 @@ int util_aes_key(char *key_file, bool create, unsigned char *aeskey)
out:
free(key_dir);
- key_dir = NULL;
if (fd != 0) {
close(fd);
}
@@ -97,7 +94,7 @@ size_t util_aes_decode_buf_len(size_t len)
return len;
}
- return (len / AES_BLOCK_SIZE * AES_BLOCK_SIZE) + AES_BLOCK_SIZE;
+ return (len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE + AES_BLOCK_SIZE;
}
size_t util_aes_encode_buf_len(size_t len)
@@ -179,7 +176,6 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
out:
EVP_CIPHER_CTX_free(ctx);
- ctx = NULL;
if (ret != 0) {
free(*out);
*out = NULL;
@@ -262,7 +258,6 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
out:
EVP_CIPHER_CTX_free(ctx);
- ctx = NULL;
if (ret != 0) {
free(*out);
*out = NULL;
diff --git a/src/utils/cutils/utils_aes.h b/src/utils/cutils/utils_aes.h
index 2bfe3ea6..d429c9e0 100644
--- a/src/utils/cutils/utils_aes.h
+++ b/src/utils/cutils/utils_aes.h
@@ -17,7 +17,6 @@
#define UTILS_CUTILS_UTILS_AES_H
#include <stdbool.h>
-#include <stddef.h>
#include <stdint.h>
#include <sys/types.h>
diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c
index 45e4842b..00f586f1 100644
--- a/src/utils/cutils/utils_file.c
+++ b/src/utils/cutils/utils_file.c
@@ -1619,7 +1619,6 @@ static int do_check_args(const char *path)
char *util_read_content_from_file(const char *path)
{
-#define FILE_MODE 0640
char *buf = NULL;
char rpath[PATH_MAX + 1] = { 0 };
int fd = -1;
diff --git a/src/utils/cutils/utils_network.c b/src/utils/cutils/utils_network.c
index 1ca901ea..5192d06f 100644
--- a/src/utils/cutils/utils_network.c
+++ b/src/utils/cutils/utils_network.c
@@ -27,6 +27,7 @@
#include <isula_libutils/log.h>
#include <fcntl.h>
+#include "utils.h"
#include "utils_fs.h"
#include "utils_file.h"
#include "constants.h"
@@ -67,10 +68,16 @@ out:
static void* mount_netns(void *netns_path)
{
- int *ecode = (int *)malloc(sizeof(int));
+ int *ecode = NULL;
char fullpath[PATH_MAX] = { 0x00 };
int ret = 0;
+ ecode = (int *)util_common_calloc_s(sizeof(int));
+ if (ecode == NULL) {
+ ERROR("Out of memory");
+ return NULL;
+ }
+
if (unshare(CLONE_NEWNET) != 0) {
ERROR("Failed to unshare");
goto err_out;
@@ -102,7 +109,7 @@ int util_mount_namespace(const char *netns_path)
int ret = 0;
void *status = NULL;
- ret = pthread_create(&newns_thread, NULL, (void *)&mount_netns, (void *)netns_path);
+ ret = pthread_create(&newns_thread, NULL, mount_netns, (void *)netns_path);
if (ret != 0) {
ERROR("Failed to create thread");
return -1;
--
2.32.1 (Apple Git-133)

33
0013-fix-get_network_namespace_path-check.patch
View File

@ -1,33 +0,0 @@
From a96ad33008671e61bddebb744a7ac0aa3798313b Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Thu, 2 Jun 2022 10:33:07 +0800
Subject: [PATCH 13/30] fix get_network_namespace_path check
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/daemon/modules/spec/specs_namespace.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/daemon/modules/spec/specs_namespace.c b/src/daemon/modules/spec/specs_namespace.c
index 3888f556..2bf4cc36 100644
--- a/src/daemon/modules/spec/specs_namespace.c
+++ b/src/daemon/modules/spec/specs_namespace.c
@@ -200,13 +200,12 @@ int get_network_namespace_path(const host_config *host_spec,
{ SHARE_NAMESPACE_FILE, handle_get_path_from_file },
};
size_t jump_table_size = sizeof(handler_jump_table) / sizeof(handler_jump_table[0]);
- const char *network_mode = NULL;
+ const char *network_mode = host_spec->network_mode;
- if (host_spec == NULL || network_mode == NULL || dest_path == NULL) {
+ if (network_mode == NULL || dest_path == NULL) {
ERROR("Invalid input");
return -1;
}
- network_mode = host_spec->network_mode;
for (index = 0; index < jump_table_size; ++index) {
if (strncmp(network_mode, handler_jump_table[index].mode, strlen(handler_jump_table[index].mode)) == 0) {
--
2.32.1 (Apple Git-133)

227
0014-bugfix-for-double-free-and-use-after-free.patch
View File

@ -1,227 +0,0 @@
From 7934311c1b1003021449b92900f3102ff77395e2 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 7 Jun 2022 15:19:20 +0800
Subject: [PATCH 14/30] bugfix for double free and use after free
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/client/connect/rest/rest_images_client.c | 2 +-
src/cmd/isula/information/ps.c | 4 ++-
src/daemon/common/sysinfo.c | 3 +-
.../cri_pod_sandbox_manager_service_impl.cc | 3 +-
.../entry/cri/websocket/service/ws_server.h | 19 +++++-----
.../oci/storage/image_store/image_store.c | 36 ++++++++++++++-----
.../oci/storage/layer_store/layer_store.c | 3 +-
src/utils/console/console.c | 2 +-
8 files changed, 48 insertions(+), 24 deletions(-)
diff --git a/src/client/connect/rest/rest_images_client.c b/src/client/connect/rest/rest_images_client.c
index 3deeeead..c2fc17f1 100644
--- a/src/client/connect/rest/rest_images_client.c
+++ b/src/client/connect/rest/rest_images_client.c
@@ -929,7 +929,7 @@ out:
static int rest_image_import(const struct isula_import_request *request, struct isula_import_response *response,
void *arg)
{
-
+
client_connect_config_t *connect_config = (client_connect_config_t *)arg;
const char *socketname = (const char *)(connect_config->socket);
char *body = NULL;
diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c
index 74c2f94a..805cbbd6 100644
--- a/src/cmd/isula/information/ps.c
+++ b/src/cmd/isula/information/ps.c
@@ -904,14 +904,16 @@ static int append_non_header_item_field(const char *prefix, const char *non_fiel
ret = -1;
goto out;
}
+
field->name = non_field_string;
+ non_field_string = NULL;
field->is_field = false;
+
if (append_field(ff, field) != 0) {
ERROR("Failed to append field");
ret = -1;
goto out;
}
- non_field_string = NULL;
field = NULL;
out:
diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c
index 89ca5225..d52f8767 100644
--- a/src/daemon/common/sysinfo.c
+++ b/src/daemon/common/sysinfo.c
@@ -1309,7 +1309,8 @@ out:
}
#ifdef __ANDROID__
-static bool cgroup2_no_controller() {
+static bool cgroup2_no_controller()
+{
char *controllers_str = NULL;
controllers_str = util_read_content_from_file(CGROUP2_CONTROLLERS_PATH);
diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
index f0c8e470..4bc9845f 100644
--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
@@ -99,7 +99,8 @@ void PodSandboxManagerServiceImpl::ApplySandboxResources(const runtime::v1alpha2
}
-void PodSandboxManagerServiceImpl::SetHostConfigDefaultValue(host_config *hc) {
+void PodSandboxManagerServiceImpl::SetHostConfigDefaultValue(host_config *hc)
+{
free(hc->network_mode);
hc->network_mode = util_strdup_s(CRI::Constants::namespaceModeFile.c_str());
}
diff --git a/src/daemon/entry/cri/websocket/service/ws_server.h b/src/daemon/entry/cri/websocket/service/ws_server.h
index 4af54067..b871aabc 100644
--- a/src/daemon/entry/cri/websocket/service/ws_server.h
+++ b/src/daemon/entry/cri/websocket/service/ws_server.h
@@ -30,8 +30,7 @@
#include "errors.h"
#include "read_write_lock.h"
-namespace
-{
+namespace {
const int MAX_ECHO_PAYLOAD = 4096;
const int MAX_ARRAY_LEN = 2;
const int MAX_PROTOCOL_NUM = 2;
@@ -97,13 +96,15 @@ private:
static struct lws_context *m_context;
volatile int m_forceExit = 0;
std::thread m_pthreadService;
- const struct lws_protocols m_protocols[MAX_PROTOCOL_NUM] = { {
- "channel.k8s.io",
- Callback,
- 0,
- MAX_ECHO_PAYLOAD,
- },
- { nullptr, nullptr, 0, 0 } };
+ const struct lws_protocols m_protocols[MAX_PROTOCOL_NUM] = {
+ {
+ "channel.k8s.io",
+ Callback,
+ 0,
+ MAX_ECHO_PAYLOAD,
+ },
+ { nullptr, nullptr, 0, 0 }
+ };
RouteCallbackRegister m_handler;
static std::unordered_map<int, SessionData *> m_wsis;
url::URLDatum m_url;
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index 727991fe..edb28b78 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -734,6 +734,7 @@ static int image_store_append_image(const char *id, const char *searchable_diges
{
int ret = 0;
size_t i = 0;
+ size_t record_name_len = 0;
struct linked_list *item = NULL;
item = util_smart_calloc_s(sizeof(struct linked_list), 1);
@@ -748,33 +749,52 @@ static int image_store_append_image(const char *id, const char *searchable_diges
if (!map_insert(g_image_store->byid, (void *)id, (void *)img)) {
ERROR("Failed to insert image to image store");
ret = -1;
- goto out;
+ goto list_err_out;
}
if (append_image_according_to_digest(g_image_store->bydigest, searchable_digest, img) != 0) {
ERROR("Failed to insert image to image store digest index");
ret = -1;
- goto out;
+ goto id_err_out;
}
for (i = 0; i < img->simage->names_len; i++) {
if (map_search(g_image_store->byname, (void *)img->simage->names[i]) != NULL) {
ERROR("Image name is already in use : %s", img->simage->names[i]);
ret = -1;
- goto out;
+ goto err_out;
}
if (!map_insert(g_image_store->byname, (void *)img->simage->names[i], (void *)img)) {
ERROR("Failed to insert image to image store's byname");
ret = -1;
- goto out;
+ goto err_out;
}
}
-out:
- if (ret != 0) {
- linked_list_del(item);
- free(item);
+ return 0;
+
+err_out:
+ record_name_len = i;
+ for (i = 0; i < record_name_len; i++) {
+ if (!map_remove(g_image_store->byname, (void *)img->simage->names[i])) {
+ ERROR("Failed to remove image from image store's byname");
+ }
}
+
+ if (remove_image_from_digest_index(img, searchable_digest) != 0) {
+ ERROR("Failed to remove image from image store digest index");
+ }
+
+id_err_out:
+ if (!map_remove(g_image_store->byid, (void *)id)) {
+ ERROR("Failed to remove image from ids map in image store");
+ }
+
+list_err_out:
+ linked_list_del(item);
+ g_image_store->images_list_len--;
+ free(item);
+
return ret;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index a35f61ee..bb9e5b94 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -212,6 +212,7 @@ static bool append_layer_into_list(layer_t *l)
return true;
}
+// only delete item from list, free item->elem by caller
static inline void delete_g_layer_list_item(struct linked_list *item)
{
if (item == NULL) {
@@ -220,8 +221,6 @@ static inline void delete_g_layer_list_item(struct linked_list *item)
linked_list_del(item);
- layer_ref_dec((layer_t *)item->elem);
- item->elem = NULL;
free(item);
g_metadata.layers_list_len -= 1;
}
diff --git a/src/utils/console/console.c b/src/utils/console/console.c
index 8492eb4d..b0dc7ee5 100644
--- a/src/utils/console/console.c
+++ b/src/utils/console/console.c
@@ -253,7 +253,7 @@ int console_fifo_open(const char *fifo_path, int *fdout, int flags)
{
int fd = 0;
- if (fifo_path ==NULL || fdout == NULL) {
+ if (fifo_path == NULL || fdout == NULL) {
ERROR("Argument must not be NULL");
return -1;
}
--
2.32.1 (Apple Git-133)

73
0015-fix-isulad-shim-coredump-when-remove-ioc-fd-node.patch
View File

@ -1,73 +0,0 @@
From 18db58c919bb9767bbe2f11c7447cfed27312c63 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Thu, 9 Jun 2022 21:16:26 +0800
Subject: [PATCH 15/30] fix isulad-shim coredump when remove ioc fd node
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/cmd/isulad-shim/process.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 21b2523a..6de470f7 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -195,10 +195,6 @@ static void remove_io_dispatch(io_thread_t *io_thd, int from, int to)
}
io_copy_t *ioc = io_thd->ioc;
- if (pthread_mutex_lock(&(ioc->mutex))) {
- return;
- }
-
fd_node_t *tmp = NULL;
do {
/* remove src fd */
@@ -233,7 +229,6 @@ static void remove_io_dispatch(io_thread_t *io_thd, int from, int to)
free(tmp);
tmp = NULL;
}
- pthread_mutex_unlock(&(ioc->mutex));
}
static int get_exec_winsize(const char *buf, struct winsize *wsize)
@@ -297,8 +292,14 @@ static void *do_io_copy(void *data)
/* End of file. The remote has closed the connection */
break;
} else if (ioc->id != EXEC_RESIZE) {
+ if (pthread_mutex_lock(&(ioc->mutex)) != 0) {
+ continue;
+ }
+
fd_node_t *fn = ioc->fd_to;
- for (; fn != NULL; fn = fn->next) {
+ fd_node_t *next = fn;
+ for (; fn != NULL; fn = next) {
+ next = fn->next;
if (fn->is_log) {
shim_write_container_log_file(io_thd->terminal, ioc->id, buf, r_count);
} else {
@@ -309,7 +310,12 @@ static void *do_io_copy(void *data)
}
}
}
+ pthread_mutex_unlock(&(ioc->mutex));
} else {
+ if (pthread_mutex_lock(&(ioc->mutex)) != 0) {
+ continue;
+ }
+
int resize_fd = ioc->fd_to->fd;
struct winsize wsize = { 0x00 };
if (get_exec_winsize(buf, &wsize) < 0) {
@@ -318,6 +324,7 @@ static void *do_io_copy(void *data)
if (ioctl(resize_fd, TIOCSWINSZ, &wsize) < 0) {
break;
}
+ pthread_mutex_unlock(&(ioc->mutex));
}
/*
--
2.32.1 (Apple Git-133)

65
0016-do-not-fail-if-pw-is-not-NULL.patch
View File

@ -1,65 +0,0 @@
From ae49fce8e19f7544c463cfbff58794f35f44c493 Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Thu, 9 Jun 2022 16:17:52 +0800
Subject: [PATCH 16/30] do not fail if pw is not NULL
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
src/utils/cutils/utils_pwgr.c | 7 +------
test/cutils/utils_pwgr/utils_pwgr_ut.cc | 5 ++---
2 files changed, 3 insertions(+), 9 deletions(-)
diff --git a/src/utils/cutils/utils_pwgr.c b/src/utils/cutils/utils_pwgr.c
index 01490863..6b83f787 100644
--- a/src/utils/cutils/utils_pwgr.c
+++ b/src/utils/cutils/utils_pwgr.c
@@ -212,11 +212,6 @@ int util_getpwent_r(FILE *stream, struct passwd *resbuf, char *buffer, size_t bu
return -1;
}
- if (*result != NULL) {
- ERROR("Result shall point to null to start.");
- return -1;
- }
-
buff_end = buffer + buflen - 1;
flockfile(stream);
@@ -337,4 +332,4 @@ int util_getgrent_r(FILE *stream, struct group *resbuf, char *buffer, size_t buf
out:
funlockfile(stream);
return ret;
-}
\ No newline at end of file
+}
diff --git a/test/cutils/utils_pwgr/utils_pwgr_ut.cc b/test/cutils/utils_pwgr/utils_pwgr_ut.cc
index 00a32e05..bf9c9f06 100644
--- a/test/cutils/utils_pwgr/utils_pwgr_ut.cc
+++ b/test/cutils/utils_pwgr/utils_pwgr_ut.cc
@@ -44,7 +44,7 @@ TEST(utils_pwgr, test_getpwent_r)
ASSERT_EQ(util_getpwent_r(NULL, &pw, buf, sizeof(buf), &ppw), -1);
ASSERT_EQ(util_getpwent_r(f_pw, &pw, NULL, 0, &ppw), -1);
ASSERT_EQ(util_getpwent_r(f_pw, &pw, invalid_buf, 1, &ppw), -1);
- ASSERT_EQ(util_getpwent_r(f_pw, &pw, buf, sizeof(buf), &ppw_alter), -1);
+ ASSERT_EQ(util_getpwent_r(f_pw, &pw, buf, sizeof(buf), &ppw_alter), 0);
ASSERT_EQ(util_getpwent_r(f_pw, &pw, buf, sizeof(buf), NULL), -1);
while (!feof(f_pw)) {
@@ -65,7 +65,6 @@ TEST(utils_pwgr, test_getpwent_r)
ASSERT_STREQ(pw.pw_dir, std::get<5>(elem).c_str());
ASSERT_STREQ(pw.pw_shell, std::get<6>(elem).c_str());
EXPECT_TRUE(ppw == &pw);
- ppw = nullptr;
pw = {0};
}
@@ -134,4 +133,4 @@ TEST(utils_pwgr, test_getgrent_r)
}
fclose(f_gr);
-}
\ No newline at end of file
+}
--
2.32.1 (Apple Git-133)

51
0017-do-not-fail-if-gr-is-NULL.patch
View File

@ -1,51 +0,0 @@
From b4596641a08891bfec9384f87815c8e671d594d4 Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Thu, 9 Jun 2022 17:07:40 +0800
Subject: [PATCH 17/30] do not fail if gr is NULL
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
src/utils/cutils/utils_pwgr.c | 5 -----
test/cutils/utils_pwgr/utils_pwgr_ut.cc | 3 +--
2 files changed, 1 insertion(+), 7 deletions(-)
diff --git a/src/utils/cutils/utils_pwgr.c b/src/utils/cutils/utils_pwgr.c
index 6b83f787..b3aed14b 100644
--- a/src/utils/cutils/utils_pwgr.c
+++ b/src/utils/cutils/utils_pwgr.c
@@ -279,11 +279,6 @@ int util_getgrent_r(FILE *stream, struct group *resbuf, char *buffer, size_t buf
return -1;
}
- if (*result != NULL) {
- ERROR("Result shall point to null to start.");
- return -1;
- }
-
flockfile(stream);
buff_end = buffer + buflen - 1;
diff --git a/test/cutils/utils_pwgr/utils_pwgr_ut.cc b/test/cutils/utils_pwgr/utils_pwgr_ut.cc
index bf9c9f06..c289e2b9 100644
--- a/test/cutils/utils_pwgr/utils_pwgr_ut.cc
+++ b/test/cutils/utils_pwgr/utils_pwgr_ut.cc
@@ -106,7 +106,7 @@ TEST(utils_pwgr, test_getgrent_r)
ASSERT_EQ(util_getgrent_r(NULL, &gr, buf, sizeof(buf), &pgr), -1);
ASSERT_EQ(util_getgrent_r(f_gr, &gr, NULL, 0, &pgr), -1);
ASSERT_EQ(util_getgrent_r(f_gr, &gr, invalid_buf, 1, &pgr), -1);
- ASSERT_EQ(util_getgrent_r(f_gr, &gr, buf, sizeof(buf), &pgr_alter), -1);
+ ASSERT_EQ(util_getgrent_r(f_gr, &gr, buf, sizeof(buf), &pgr_alter), 0);
ASSERT_EQ(util_getgrent_r(f_gr, &gr, buf, sizeof(buf), NULL), -1);
while (!feof(f_gr)) {
@@ -129,7 +129,6 @@ TEST(utils_pwgr, test_getgrent_r)
}
EXPECT_TRUE(pgr == &gr);
gr = {0};
- pgr = nullptr;
}
fclose(f_gr);
--
2.32.1 (Apple Git-133)

56
0018-fix-memory-leak-of-remove-layer.patch
View File

@ -1,56 +0,0 @@
From eb168d32053f9204336c37af98210810957cedd2 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Fri, 10 Jun 2022 04:10:39 +0100
Subject: [PATCH 18/30] fix memory leak of remove layer
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
.../image/oci/storage/layer_store/layer_store.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index bb9e5b94..7e95a52f 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -213,7 +213,7 @@ static bool append_layer_into_list(layer_t *l)
}
// only delete item from list, free item->elem by caller
-static inline void delete_g_layer_list_item(struct linked_list *item)
+static inline void delete_g_layer_list_item(struct linked_list *item, bool rm_val)
{
if (item == NULL) {
return;
@@ -221,6 +221,11 @@ static inline void delete_g_layer_list_item(struct linked_list *item)
linked_list_del(item);
+ if (rm_val) {
+ layer_ref_dec((layer_t *)item->elem);
+ item->elem = NULL;
+ }
+
free(item);
g_metadata.layers_list_len -= 1;
}
@@ -235,7 +240,7 @@ void remove_layer_list_tail()
item = g_metadata.layers_list.prev;
- delete_g_layer_list_item(item);
+ delete_g_layer_list_item(item, false);
}
static bool init_from_conf(const struct storage_module_init_options *conf)
@@ -725,7 +730,7 @@ static int remove_memory_stores(const char *id)
if (strcmp(tl->slayer->id, id) != 0) {
continue;
}
- delete_g_layer_list_item(item);
+ delete_g_layer_list_item(item, true);
break;
}
--
2.32.1 (Apple Git-133)

56
0019-add-null-terminal-at-end-of-gr-mem-list.patch
View File

@ -1,56 +0,0 @@
From 12bbd939c1c2c55d0906b5a53a0b9b26b616c56b Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Fri, 10 Jun 2022 04:16:48 +0100
Subject: [PATCH 19/30] add null terminal at end of gr mem list
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/utils/cutils/utils_pwgr.c | 4 +++-
test/cutils/utils_pwgr/utils_pwgr_ut.cc | 9 +++++++--
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/utils/cutils/utils_pwgr.c b/src/utils/cutils/utils_pwgr.c
index b3aed14b..a3c41dd5 100644
--- a/src/utils/cutils/utils_pwgr.c
+++ b/src/utils/cutils/utils_pwgr.c
@@ -144,7 +144,7 @@ static char **hold_string_list(char **line, char *buf_start, char *buf_end, cons
for (; walker < (char **)buf_end; ++walker) {
if (**line == '\0') {
- return result;
+ goto out;
}
(void)util_trim_space(*line);
@@ -155,6 +155,8 @@ static char **hold_string_list(char **line, char *buf_start, char *buf_end, cons
}
}
+out:
+ *walker = NULL;
return result;
}
diff --git a/test/cutils/utils_pwgr/utils_pwgr_ut.cc b/test/cutils/utils_pwgr/utils_pwgr_ut.cc
index c289e2b9..2a6b7e08 100644
--- a/test/cutils/utils_pwgr/utils_pwgr_ut.cc
+++ b/test/cutils/utils_pwgr/utils_pwgr_ut.cc
@@ -123,8 +123,13 @@ TEST(utils_pwgr, test_getgrent_r)
ASSERT_STREQ(gr.gr_passwd, std::get<1>(testcase[i]).c_str());
ASSERT_EQ(gr.gr_gid, std::get<2>(testcase[i]));
if (string_list[i].size()) {
- for (j = 0; j < string_list[i].size(); ++j) {
- EXPECT_TRUE(strcmp(gr.gr_mem[j], string_list[i][j].c_str()) == 0);
+ char **walker = gr.gr_mem;
+ j = 0;
+ // use pointer to ensure gr_mem has end null pointer
+ while (walker != NULL && *walker != NULL) {
+ EXPECT_TRUE(strcmp(*walker, string_list[i][j].c_str()) == 0);
+ walker++;
+ j++;
}
}
EXPECT_TRUE(pgr == &gr);
--
2.32.1 (Apple Git-133)

246
0020-fix-shm-size-set-invalid-when-reboot.patch
View File

@ -1,246 +0,0 @@
From b289a6b384ac5ba474dd477b2a92b89244b27c24 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Mon, 13 Jun 2022 14:35:46 +0800
Subject: [PATCH 20/30] fix shm size set invalid when reboot
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
.../modules/service/service_container.c | 8 +++
src/daemon/modules/spec/specs_mount.c | 63 +++++++++++++++----
src/daemon/modules/spec/specs_mount.h | 2 +
.../image/oci/oci_config_merge/CMakeLists.txt | 1 +
test/specs/specs/CMakeLists.txt | 1 +
test/specs/specs_extend/CMakeLists.txt | 1 +
6 files changed, 63 insertions(+), 13 deletions(-)
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index c3c4fc1c..43a4a0c9 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -43,6 +43,7 @@
#include "events_sender_api.h"
#include "image_api.h"
#include "specs_api.h"
+#include "specs_mount.h"
#include "isulad_config.h"
#include "verify.h"
#include "plugin_api.h"
@@ -735,6 +736,13 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
goto close_exit_fd;
}
+ nret = setup_ipc_dirs(cont->hostconfig, cont->common_config);
+ if (nret != 0) {
+ ERROR("Failed to setup ipc dirs");
+ ret = -1;
+ goto close_exit_fd;
+ }
+
// embedded conainter is readonly, create mtab link will fail
// kata-runtime container's qemu donot support to create mtab in host
if (strcmp(IMAGE_TYPE_EMBEDDED, cont->common_config->image_type) != 0 && strcmp(KATA_RUNTIME, cont->runtime) != 0) {
diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c
index b35061d8..e55832c5 100644
--- a/src/daemon/modules/spec/specs_mount.c
+++ b/src/daemon/modules/spec/specs_mount.c
@@ -49,6 +49,7 @@
#include "utils_file.h"
#include "utils_string.h"
#include "utils_verify.h"
+#include "utils_fs.h"
#include "image_api.h"
#include "volume_api.h"
#include "parse_volume.h"
@@ -2574,10 +2575,11 @@ static int chown_for_shm(const char *shm_path, const char *user_remap)
static char *get_prepare_share_shm_path(const char *truntime, const char *cid)
{
-#define SHM_MOUNT_FILE_NAME "/mounts/shm/"
+#define SHM_MOUNT_FILE_NAME "/mounts/shm"
char *c_root_path = NULL;
size_t slen = 0;
char *spath = NULL;
+ char real_root_path[PATH_MAX] = { 0 };
int nret = 0;
if (truntime == NULL) {
@@ -2588,19 +2590,24 @@ static char *get_prepare_share_shm_path(const char *truntime, const char *cid)
goto err_out;
}
- // c_root_path + "/" + cid + "/mounts/shm"
- if (strlen(c_root_path) > (((PATH_MAX - strlen(cid)) - 1) - strlen(SHM_MOUNT_FILE_NAME)) - 1) {
+ if (realpath(c_root_path, real_root_path) == NULL) {
+ ERROR("Failed to get %s realpath", c_root_path);
+ goto err_out;
+ }
+
+ // real_root_path + "/" + cid + "/mounts/shm"
+ if (strlen(real_root_path) > (((PATH_MAX - strlen(cid)) - 1) - strlen(SHM_MOUNT_FILE_NAME)) - 1) {
ERROR("Too large path");
goto err_out;
}
- slen = strlen(c_root_path) + 1 + strlen(cid) + strlen(SHM_MOUNT_FILE_NAME) + 1;
+ slen = strlen(real_root_path) + 1 + strlen(cid) + strlen(SHM_MOUNT_FILE_NAME) + 1;
spath = util_smart_calloc_s(sizeof(char), slen);
if (spath == NULL) {
ERROR("Out of memory");
goto err_out;
}
- nret = snprintf(spath, slen, "%s/%s/mounts/shm/", c_root_path, cid);
+ nret = snprintf(spath, slen, "%s/%s/mounts/shm", real_root_path, cid);
if (nret < 0 || nret >= slen) {
ERROR("Sprintf failed");
goto err_out;
@@ -2637,7 +2644,7 @@ out:
return ret;
}
-static int prepare_share_shm(host_config *host_spec, container_config_v2_common_config *v2_spec)
+int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2_spec)
{
#define MAX_PROPERTY_LEN 64
char shmproperty[MAX_PROPERTY_LEN] = { 0 };
@@ -2650,14 +2657,26 @@ static int prepare_share_shm(host_config *host_spec, container_config_v2_common_
char *p = NULL;
char *userns_remap = NULL;
#endif
- // has mount for /dev/shm
- if (has_mount_shm(host_spec, v2_spec)) {
+
+ // ignore shm of system container
+ if (host_spec->system_container) {
+ return 0;
+ }
+ // setup shareable dirs
+ if (host_spec->ipc_mode != NULL && !namespace_is_shareable(host_spec->ipc_mode)) {
return 0;
}
spath = get_prepare_share_shm_path(host_spec->runtime, v2_spec->id);
if (spath == NULL) {
- goto out;
+ return -1;
+ }
+
+ // container shm has been mounted
+ if (util_detect_mounted(spath)) {
+ DEBUG("shm path %s has been mounted", spath);
+ free(spath);
+ return 0;
}
nret = util_mkdir_p(spath, 0700);
@@ -2683,7 +2702,6 @@ static int prepare_share_shm(host_config *host_spec, container_config_v2_common_
goto out;
}
- v2_spec->shm_path = spath;
#ifdef ENABLE_USERNS_REMAP
userns_remap = conf_get_isulad_userns_remap();
@@ -2716,7 +2734,6 @@ static int prepare_share_shm(host_config *host_spec, container_config_v2_common_
}
#endif
- spath = NULL;
ret = 0;
out:
if (ret != 0 && has_mount) {
@@ -2777,8 +2794,22 @@ out_free:
return ret;
}
+static int set_share_shm(const host_config *host_spec, container_config_v2_common_config *v2_spec)
+{
+ char *spath = NULL;
+
+ spath = get_prepare_share_shm_path(host_spec->runtime, v2_spec->id);
+ if (spath == NULL) {
+ return -1;
+ }
+
+ v2_spec->shm_path = spath;
+
+ return 0;
+}
+
#define SHM_MOUNT_POINT "/dev/shm"
-static int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2_spec)
+static int set_shm_path(host_config *host_spec, container_config_v2_common_config *v2_spec)
{
int ret = 0;
container_t *cont = NULL;
@@ -2791,7 +2822,7 @@ static int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_con
}
// setup shareable dirs
if (host_spec->ipc_mode == NULL || namespace_is_shareable(host_spec->ipc_mode)) {
- return prepare_share_shm(host_spec, v2_spec);
+ return set_share_shm(host_spec, v2_spec);
}
if (namespace_is_container(host_spec->ipc_mode)) {
@@ -3334,6 +3365,12 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai
goto out;
}
+ if (set_shm_path(host_spec, v2_spec) != 0) {
+ ERROR("Failed to set shm path");
+ ret = -1;
+ goto out;
+ }
+
/* add ipc mount */
if (v2_spec->shm_path != NULL) {
// check whether duplication
diff --git a/src/daemon/modules/spec/specs_mount.h b/src/daemon/modules/spec/specs_mount.h
index b1e987e5..07c07a37 100644
--- a/src/daemon/modules/spec/specs_mount.h
+++ b/src/daemon/modules/spec/specs_mount.h
@@ -41,4 +41,6 @@ bool mount_run_tmpfs(oci_runtime_spec *container, const host_config *host_spec,
int merge_conf_device(oci_runtime_spec *oci_spec, host_config *host_spec);
+int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2_spec);
+
#endif
diff --git a/test/image/oci/oci_config_merge/CMakeLists.txt b/test/image/oci/oci_config_merge/CMakeLists.txt
index 36dc3ead..88047fde 100644
--- a/test/image/oci/oci_config_merge/CMakeLists.txt
+++ b/test/image/oci/oci_config_merge/CMakeLists.txt
@@ -13,6 +13,7 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils_convert.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils_file.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils_timestamp.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils_fs.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/map/map.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/map/rb_tree.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/util_atomic.c
diff --git a/test/specs/specs/CMakeLists.txt b/test/specs/specs/CMakeLists.txt
index e0031e08..b730959c 100644
--- a/test/specs/specs/CMakeLists.txt
+++ b/test/specs/specs/CMakeLists.txt
@@ -13,6 +13,7 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_timestamp.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/util_atomic.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_mount_spec.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_fs.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256/sha256.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/path.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/map.c
diff --git a/test/specs/specs_extend/CMakeLists.txt b/test/specs/specs_extend/CMakeLists.txt
index 45b21ecd..7d05deb4 100644
--- a/test/specs/specs_extend/CMakeLists.txt
+++ b/test/specs/specs_extend/CMakeLists.txt
@@ -13,6 +13,7 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_timestamp.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/util_atomic.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_mount_spec.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_fs.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256/sha256.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/path.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/map.c
--
2.32.1 (Apple Git-133)

338
0021-set-the-name-of-each-container-and-image-operation-t.patch
View File

@ -1,338 +0,0 @@
From 8878630c20163dc9b716e2fdc35cae23b8aec6d1 Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Tue, 14 Jun 2022 15:30:49 +0800
Subject: [PATCH 21/30] set the name of each container and image operation
thread
Signed-off-by: wujing <wujing50@huawei.com>
---
.../connect/grpc/grpc_containers_service.cc | 54 +++++++++++++++++++
.../entry/connect/grpc/grpc_images_service.cc | 16 ++++++
2 files changed, 70 insertions(+)
diff --git a/src/daemon/entry/connect/grpc/grpc_containers_service.cc b/src/daemon/entry/connect/grpc/grpc_containers_service.cc
index f3066af4..62aeb05a 100644
--- a/src/daemon/entry/connect/grpc/grpc_containers_service.cc
+++ b/src/daemon/entry/connect/grpc/grpc_containers_service.cc
@@ -153,6 +153,8 @@ Status ContainerServiceImpl::Version(ServerContext *context, const VersionReques
container_version_request *container_req = nullptr;
container_version_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "VersionOp");
+
auto status = GrpcServerTlsAuth::auth(context, "docker_version");
if (!status.ok()) {
return status;
@@ -185,6 +187,8 @@ Status ContainerServiceImpl::Info(ServerContext *context, const InfoRequest *req
host_info_request *container_req = nullptr;
host_info_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "InfoOp");
+
auto status = GrpcServerTlsAuth::auth(context, "docker_info");
if (!status.ok()) {
return status;
@@ -217,6 +221,8 @@ Status ContainerServiceImpl::Create(ServerContext *context, const CreateRequest
container_create_response *container_res = nullptr;
container_create_request *container_req = nullptr;
+ prctl(PR_SET_NAME, "ContCreate");
+
auto status = GrpcServerTlsAuth::auth(context, "container_create");
if (!status.ok()) {
return status;
@@ -249,6 +255,8 @@ Status ContainerServiceImpl::Start(ServerContext *context, const StartRequest *r
container_start_request *req = nullptr;
container_start_response *res = nullptr;
+ prctl(PR_SET_NAME, "ContStart");
+
auto status = GrpcServerTlsAuth::auth(context, "container_start");
if (!status.ok()) {
return status;
@@ -327,6 +335,8 @@ Status ContainerServiceImpl::RemoteStart(ServerContext *context,
container_start_response *container_res = nullptr;
sem_t sem;
+ prctl(PR_SET_NAME, "ContRStart");
+
cb = get_service_executor();
if (cb == nullptr || cb->container.start == nullptr) {
return Status(StatusCode::UNIMPLEMENTED, "Unimplemented callback");
@@ -402,6 +412,8 @@ Status ContainerServiceImpl::Top(ServerContext *context, const TopRequest *reque
container_top_request *req = nullptr;
container_top_response *res = nullptr;
+ prctl(PR_SET_NAME, "ContTop");
+
auto status = GrpcServerTlsAuth::auth(context, "container_top");
if (!status.ok()) {
return status;
@@ -434,6 +446,8 @@ Status ContainerServiceImpl::Stop(ServerContext *context, const StopRequest *req
container_stop_request *container_req = nullptr;
container_stop_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "ContStop");
+
auto status = GrpcServerTlsAuth::auth(context, "container_stop");
if (!status.ok()) {
return status;
@@ -466,6 +480,8 @@ Status ContainerServiceImpl::Restart(ServerContext *context, const RestartReques
container_restart_request *container_req = nullptr;
container_restart_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "ContRestart");
+
auto status = GrpcServerTlsAuth::auth(context, "container_restart");
if (!status.ok()) {
return status;
@@ -498,6 +514,8 @@ Status ContainerServiceImpl::Kill(ServerContext *context, const KillRequest *req
container_kill_request *container_req = nullptr;
container_kill_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "ContKill");
+
auto status = GrpcServerTlsAuth::auth(context, "container_kill");
if (!status.ok()) {
return status;
@@ -530,6 +548,8 @@ Status ContainerServiceImpl::Delete(ServerContext *context, const DeleteRequest
container_delete_request *container_req = nullptr;
container_delete_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "ContDelete");
+
auto status = GrpcServerTlsAuth::auth(context, "container_delete");
if (!status.ok()) {
return status;
@@ -562,6 +582,8 @@ Status ContainerServiceImpl::Exec(ServerContext *context, const ExecRequest *req
container_exec_request *container_req = nullptr;
container_exec_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "ContExec");
+
auto status = GrpcServerTlsAuth::auth(context, "container_exec_create");
if (!status.ok()) {
return status;
@@ -665,6 +687,8 @@ Status ContainerServiceImpl::RemoteExec(ServerContext *context,
container_exec_request *container_req = nullptr;
container_exec_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "ContRExec");
+
auto status = GrpcServerTlsAuth::auth(context, "container_exec_create");
if (!status.ok()) {
return status;
@@ -739,6 +763,8 @@ Status ContainerServiceImpl::Inspect(ServerContext *context, const InspectContai
container_inspect_request *container_req = nullptr;
container_inspect_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "ContInspect");
+
Status status = GrpcServerTlsAuth::auth(context, "container_inspect");
if (!status.ok()) {
return status;
@@ -772,6 +798,8 @@ Status ContainerServiceImpl::List(ServerContext *context, const ListRequest *req
container_list_request *container_req = nullptr;
container_list_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "ContList");
+
auto status = GrpcServerTlsAuth::auth(context, "container_list");
if (!status.ok()) {
return status;
@@ -884,6 +912,8 @@ Status ContainerServiceImpl::Attach(ServerContext *context, ServerReaderWriter<A
sem_t sem_stderr;
int pipefd[2] = { -1, -1 };
+ prctl(PR_SET_NAME, "ContAttach");
+
auto status = AttachInit(context, &cb, &container_req, &container_res, &sem_stderr, pipefd);
if (!status.ok()) {
return status;
@@ -944,6 +974,8 @@ Status ContainerServiceImpl::Pause(ServerContext *context, const PauseRequest *r
container_pause_request *container_req = nullptr;
container_pause_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "ContPause");
+
auto status = GrpcServerTlsAuth::auth(context, "container_pause");
if (!status.ok()) {
return status;
@@ -976,6 +1008,8 @@ Status ContainerServiceImpl::Resume(ServerContext *context, const ResumeRequest
container_resume_request *container_req = nullptr;
container_resume_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "ContResume");
+
auto status = GrpcServerTlsAuth::auth(context, "container_unpause");
if (!status.ok()) {
return status;
@@ -1008,6 +1042,8 @@ Status ContainerServiceImpl::Export(ServerContext *context, const ExportRequest
container_export_request *container_req = nullptr;
container_export_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "ContExport");
+
auto status = GrpcServerTlsAuth::auth(context, "container_export");
if (!status.ok()) {
return status;
@@ -1040,6 +1076,8 @@ Status ContainerServiceImpl::Rename(ServerContext *context, const RenameRequest
struct isulad_container_rename_request *isuladreq = nullptr;
struct isulad_container_rename_response *isuladres = nullptr;
+ prctl(PR_SET_NAME, "ContRename");
+
auto status = GrpcServerTlsAuth::auth(context, "container_rename");
if (!status.ok()) {
return status;
@@ -1073,6 +1111,8 @@ Status ContainerServiceImpl::Resize(ServerContext *context, const ResizeRequest
struct isulad_container_resize_request *isuladreq = nullptr;
struct isulad_container_resize_response *isuladres = nullptr;
+ prctl(PR_SET_NAME, "ContResize");
+
auto status = GrpcServerTlsAuth::auth(context, "container_resize");
if (!status.ok()) {
return status;
@@ -1106,6 +1146,8 @@ Status ContainerServiceImpl::Update(ServerContext *context, const UpdateRequest
container_update_request *container_req = nullptr;
container_update_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "ContUpdate");
+
auto status = GrpcServerTlsAuth::auth(context, "container_update");
if (!status.ok()) {
return status;
@@ -1138,6 +1180,8 @@ Status ContainerServiceImpl::Stats(ServerContext *context, const StatsRequest *r
container_stats_request *container_req = nullptr;
container_stats_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "ContStats");
+
auto status = GrpcServerTlsAuth::auth(context, "container_stats");
if (!status.ok()) {
return status;
@@ -1170,6 +1214,8 @@ Status ContainerServiceImpl::Wait(ServerContext *context, const WaitRequest *req
container_wait_request *container_req = nullptr;
container_wait_response *container_res = nullptr;
+ prctl(PR_SET_NAME, "ContWait");
+
auto status = GrpcServerTlsAuth::auth(context, "container_wait");
if (!status.ok()) {
return status;
@@ -1202,6 +1248,8 @@ Status ContainerServiceImpl::Events(ServerContext *context, const EventsRequest
isulad_events_request *isuladreq = nullptr;
stream_func_wrapper stream = { 0 };
+ prctl(PR_SET_NAME, "ContEvents");
+
auto status = GrpcServerTlsAuth::auth(context, "docker_events");
if (!status.ok()) {
return status;
@@ -1238,6 +1286,8 @@ Status ContainerServiceImpl::CopyFromContainer(ServerContext *context, const Cop
service_executor_t *cb = nullptr;
isulad_copy_from_container_request *isuladreq = nullptr;
+ prctl(PR_SET_NAME, "ContCopyFrom");
+
auto status = GrpcServerTlsAuth::auth(context, "container_archive");
if (!status.ok()) {
return status;
@@ -1280,6 +1330,8 @@ ContainerServiceImpl::CopyToContainer(ServerContext *context,
service_executor_t *cb = nullptr;
container_copy_to_request *isuladreq = nullptr;
+ prctl(PR_SET_NAME, "ContCopyTo");
+
auto status = GrpcServerTlsAuth::auth(context, "container_archive");
if (!status.ok()) {
return status;
@@ -1387,6 +1439,8 @@ Status ContainerServiceImpl::Logs(ServerContext *context, const LogsRequest *req
struct isulad_logs_response *isulad_response = nullptr;
stream_func_wrapper stream = { 0 };
+ prctl(PR_SET_NAME, "ContLogs");
+
auto status = GrpcServerTlsAuth::auth(context, "container_logs");
if (!status.ok()) {
return status;
diff --git a/src/daemon/entry/connect/grpc/grpc_images_service.cc b/src/daemon/entry/connect/grpc/grpc_images_service.cc
index dff07b39..79c4fb7c 100644
--- a/src/daemon/entry/connect/grpc/grpc_images_service.cc
+++ b/src/daemon/entry/connect/grpc/grpc_images_service.cc
@@ -248,6 +248,8 @@ void ImagesServiceImpl::inspect_response_to_grpc(const image_inspect_response *r
Status ImagesServiceImpl::List(ServerContext *context, const ListImagesRequest *request, ListImagesResponse *reply)
{
+ prctl(PR_SET_NAME, "ImageList");
+
auto status = GrpcServerTlsAuth::auth(context, "image_list");
if (!status.ok()) {
return status;
@@ -277,6 +279,8 @@ Status ImagesServiceImpl::List(ServerContext *context, const ListImagesRequest *
Status ImagesServiceImpl::Delete(ServerContext *context, const DeleteImageRequest *request, DeleteImageResponse *reply)
{
+ prctl(PR_SET_NAME, "ImageDelete");
+
auto status = GrpcServerTlsAuth::auth(context, "image_delete");
if (!status.ok()) {
return status;
@@ -306,6 +310,8 @@ Status ImagesServiceImpl::Delete(ServerContext *context, const DeleteImageReques
Status ImagesServiceImpl::Tag(ServerContext *context, const TagImageRequest *request, TagImageResponse *reply)
{
+ prctl(PR_SET_NAME, "ImageTag");
+
auto status = GrpcServerTlsAuth::auth(context, "image_tag");
if (!status.ok()) {
return status;
@@ -351,6 +357,8 @@ void ImagesServiceImpl::import_response_to_grpc(const image_import_response *res
Status ImagesServiceImpl::Import(ServerContext *context, const ImportRequest *request, ImportResponse *reply)
{
+ prctl(PR_SET_NAME, "ImageImport");
+
auto status = GrpcServerTlsAuth::auth(context, "image_import");
if (!status.ok()) {
return status;
@@ -380,6 +388,8 @@ Status ImagesServiceImpl::Import(ServerContext *context, const ImportRequest *re
Status ImagesServiceImpl::Load(ServerContext *context, const LoadImageRequest *request, LoadImageResponse *reply)
{
+ prctl(PR_SET_NAME, "ImageLoad");
+
auto status = GrpcServerTlsAuth::auth(context, "image_load");
if (!status.ok()) {
return status;
@@ -415,6 +425,8 @@ Status ImagesServiceImpl::Inspect(ServerContext *context, const InspectImageRequ
image_inspect_request *image_req = nullptr;
image_inspect_response *image_res = nullptr;
+ prctl(PR_SET_NAME, "ImageInspect");
+
Status status = GrpcServerTlsAuth::auth(context, "image_inspect");
if (!status.ok()) {
return status;
@@ -487,6 +499,8 @@ int ImagesServiceImpl::image_logout_request_from_grpc(const LogoutRequest *grequ
Status ImagesServiceImpl::Login(ServerContext *context, const LoginRequest *request, LoginResponse *reply)
{
+ prctl(PR_SET_NAME, "RegistryLogin");
+
auto status = GrpcServerTlsAuth::auth(context, "login");
if (!status.ok()) {
return status;
@@ -516,6 +530,8 @@ Status ImagesServiceImpl::Login(ServerContext *context, const LoginRequest *requ
Status ImagesServiceImpl::Logout(ServerContext *context, const LogoutRequest *request, LogoutResponse *reply)
{
+ prctl(PR_SET_NAME, "RegistryLogout");
+
auto status = GrpcServerTlsAuth::auth(context, "logout");
if (!status.ok()) {
return status;
--
2.32.1 (Apple Git-133)

274
0022-set-the-name-of-each-container-and-image-operation-t.patch
View File

@ -1,274 +0,0 @@
From 7d13b23a09d397f743acdcaf606804fea5989cff Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Tue, 14 Jun 2022 18:54:02 +0800
Subject: [PATCH 22/30] set the name of each container and image operation
thread for restful version
Signed-off-by: wujing <wujing50@huawei.com>
---
.../connect/rest/rest_containers_service.c | 36 +++++++++++++++++++
.../entry/connect/rest/rest_images_service.c | 19 ++++++++++
2 files changed, 55 insertions(+)
diff --git a/src/daemon/entry/connect/rest/rest_containers_service.c b/src/daemon/entry/connect/rest/rest_containers_service.c
index a7c32500..9c822324 100644
--- a/src/daemon/entry/connect/rest/rest_containers_service.c
+++ b/src/daemon/entry/connect/rest/rest_containers_service.c
@@ -522,6 +522,8 @@ static void rest_create_cb(evhtp_request_t *req, void *arg)
container_create_response *cresponse = NULL;
container_create_request *crequest = NULL;
+ prctl(PR_SET_NAME, "ContCreate");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -557,6 +559,8 @@ static void rest_start_cb(evhtp_request_t *req, void *arg)
container_start_response *cresponse = NULL;
container_start_request *crequest = NULL;
+ prctl(PR_SET_NAME, "ContStart");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -592,6 +596,8 @@ static void rest_wait_cb(evhtp_request_t *req, void *arg)
container_wait_request *crequest = NULL;
container_wait_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ContWait");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -654,6 +660,8 @@ static void rest_stop_cb(evhtp_request_t *req, void *arg)
container_stop_request *crequest = NULL;
container_stop_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ContStop");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -715,6 +723,8 @@ static void rest_restart_cb(evhtp_request_t *req, void *arg)
container_restart_request *crequest = NULL;
container_restart_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ContRestart");
+
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
return;
@@ -771,6 +781,8 @@ static void rest_version_cb(evhtp_request_t *req, void *arg)
container_version_request *crequest = NULL;
container_version_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "VersionOp");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -833,6 +845,8 @@ static void rest_info_cb(evhtp_request_t *req, void *arg)
host_info_request *crequest = NULL;
host_info_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "InfoOp");
+
// only deal with post request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -896,6 +910,8 @@ static void rest_update_cb(evhtp_request_t *req, void *arg)
container_update_request *container_req = NULL;
container_update_response *container_res = NULL;
+ prctl(PR_SET_NAME, "ContUpdate");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -957,6 +973,8 @@ static void rest_kill_cb(evhtp_request_t *req, void *arg)
container_kill_request *crequest = NULL;
container_kill_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ContKill");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -1020,6 +1038,8 @@ static void rest_container_inspect_cb(evhtp_request_t *req, void *arg)
container_inspect_request *crequest = NULL;
container_inspect_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ContInspect");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -1082,6 +1102,8 @@ static void rest_exec_cb(evhtp_request_t *req, void *arg)
container_exec_request *crequest = NULL;
container_exec_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ContExec");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -1145,6 +1167,8 @@ static void rest_attach_cb(evhtp_request_t *req, void *arg)
container_attach_request *crequest = NULL;
container_attach_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ContAttach");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -1206,6 +1230,8 @@ static void rest_remove_cb(evhtp_request_t *req, void *arg)
container_delete_request *crequest = NULL;
container_delete_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ContRemove");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -1241,6 +1267,8 @@ static void rest_list_cb(evhtp_request_t *req, void *arg)
container_list_request *crequest = NULL;
container_list_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ContList");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -1303,6 +1331,8 @@ static void rest_export_cb(evhtp_request_t *req, void *arg)
container_export_request *crequest = NULL;
container_export_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ContExport");
+
// only deal with post request
if (evhtp_request_get_method(req) != htp_method_POST) {
ERROR("Only deal with post request");
@@ -1367,6 +1397,8 @@ static void rest_pause_cb(evhtp_request_t *req, void *arg)
container_pause_request *crequest = NULL;
container_pause_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ContPause");
+
// only deal with post request
if (evhtp_request_get_method(req) != htp_method_POST) {
ERROR("Only deal with post request: pause()");
@@ -1431,6 +1463,8 @@ static void rest_resume_cb(evhtp_request_t *req, void *arg)
container_resume_request *crequest = NULL;
container_resume_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ContResume");
+
// only deal with post request
if (evhtp_request_get_method(req) != htp_method_POST) {
ERROR("Only deal with post request: resume()");
@@ -1501,6 +1535,8 @@ static void rest_rename_cb(evhtp_request_t *req, void *arg)
struct isulad_container_rename_request isuladreq = { 0 };
struct isulad_container_rename_response *isuladres = NULL;
+ prctl(PR_SET_NAME, "ContRename");
+
// only deal with post request
if (evhtp_request_get_method(req) != htp_method_POST) {
ERROR("Only deal with post request: rename()");
diff --git a/src/daemon/entry/connect/rest/rest_images_service.c b/src/daemon/entry/connect/rest/rest_images_service.c
index 7107d255..bd367f29 100644
--- a/src/daemon/entry/connect/rest/rest_images_service.c
+++ b/src/daemon/entry/connect/rest/rest_images_service.c
@@ -14,6 +14,7 @@
******************************************************************************/
#include "rest_images_service.h"
#include <unistd.h>
+#include <sys/prctl.h>
#include "isula_libutils/log.h"
#include "callback.h"
@@ -276,6 +277,8 @@ static void rest_image_load_cb(evhtp_request_t *req, void *arg)
image_load_image_request *crequest = NULL;
image_load_image_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ImageLoad");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -311,6 +314,8 @@ static void rest_image_list_cb(evhtp_request_t *req, void *arg)
image_list_images_request *crequest = NULL;
image_list_images_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ImageList");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -346,6 +351,8 @@ static void rest_image_delete_cb(evhtp_request_t *req, void *arg)
image_delete_image_request *crequest = NULL;
image_delete_image_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ImageDelete");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -381,6 +388,8 @@ static void rest_image_inspect_cb(evhtp_request_t *req, void *arg)
image_inspect_request *crequest = NULL;
image_inspect_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ImageInspect");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -481,6 +490,8 @@ static void rest_image_pull_cb(evhtp_request_t *req, void *arg)
image_pull_image_request *crequest = NULL;
image_pull_image_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ImagePull");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -592,6 +603,8 @@ static void rest_image_login_cb(evhtp_request_t *req, void *arg)
image_login_request *crequest = NULL;
image_login_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "RegistryLogin");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -686,6 +699,8 @@ static void rest_image_logout_cb(evhtp_request_t *req, void *arg)
image_logout_request *crequest = NULL;
image_logout_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "RegistryLogout");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -769,6 +784,8 @@ static void rest_image_tag_cb(evhtp_request_t *req, void *arg)
image_tag_image_request *crequest = NULL;
image_tag_image_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ImageTag");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
@@ -852,6 +869,8 @@ static void rest_image_import_cb(evhtp_request_t *req, void *arg)
image_import_request *crequest = NULL;
image_import_response *cresponse = NULL;
+ prctl(PR_SET_NAME, "ImageImport");
+
// only deal with POST request
if (evhtp_request_get_method(req) != htp_method_POST) {
evhtp_send_reply(req, RESTFUL_RES_NOTIMPL);
--
2.32.1 (Apple Git-133)

32
0023-fix-inspect-f-error-when-bionic.patch
View File

@ -1,32 +0,0 @@
From 59557dbd1b4d0bde973941d383a30a7b9e0d63d4 Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Thu, 16 Jun 2022 09:16:47 +0800
Subject: [PATCH 23/30] fix inspect -f error when bionic
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
src/cmd/isula/information/inspect.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/cmd/isula/information/inspect.c b/src/cmd/isula/information/inspect.c
index 5058fb95..55366551 100644
--- a/src/cmd/isula/information/inspect.c
+++ b/src/cmd/isula/information/inspect.c
@@ -667,12 +667,12 @@ static int inspect_check(const char *json_str, const char *regex)
static int inspect_check_format_f(const char *json_str, bool *json_format)
{
#ifdef __ANDROID__
-#define JSON_FORMAT_FIRST "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*(json[ \t\r\n\v\f]+)?(\\.\\w+)+[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$"
+#define JSON_FORMAT_FIRST "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*(json[ \t\r\n\v\f]+)?(\\.[a-zA-Z0-9_]+)+[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$"
#else
#define JSON_FORMAT_FIRST "^\\s*\\{\\s*\\{\\s*(json\\s+)?(\\.\\w+)+\\s*\\}\\s*\\}\\s*$"
#endif
#ifdef __ANDROID__
-#define JSON_FORMAT_SECOND "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*json[ \t\r\n\v\f]+(\\.\\w+)+[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$"
+#define JSON_FORMAT_SECOND "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*json[ \t\r\n\v\f]+(\\.[a-zA-Z0-9_]+)+[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$"
#else
#define JSON_FORMAT_SECOND "^\\s*\\{\\s*\\{\\s*json\\s+(\\.\\w+)+\\s*\\}\\s*\\}\\s*$"
#endif
--
2.32.1 (Apple Git-133)

289
0024-refactor-devmapper_parse_options-function.patch
View File

@ -1,289 +0,0 @@
From 4c945810da8c645eb048e5fbb3a195da855bdcf7 Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Sat, 14 May 2022 17:13:26 +0800
Subject: [PATCH 24/30] refactor devmapper_parse_options function
Signed-off-by: wujing <wujing50@huawei.com>
---
.../graphdriver/devmapper/deviceset.c | 242 ++++++++++++------
1 file changed, 157 insertions(+), 85 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
index d90dde50..868e3086 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
@@ -65,9 +65,147 @@ static char *util_trim_prefice_string(char *str, const char *prefix)
return str;
}
+typedef int (*devmapper_option_handle)(char *val, struct device_set *devset);
+
+struct devmapper_option_handler {
+ char *name;
+ devmapper_option_handle handle;
+};
+
+static int handle_dm_fs(char *val, struct device_set *devset)
+{
+ if (strcmp(val, "ext4") == 0) {
+ free(devset->filesystem);
+ devset->filesystem = util_strdup_s(val);
+ } else {
+ ERROR("Invalid filesystem: '%s': not supported", val);
+ isulad_set_error_message("Invalid filesystem: '%s': not supported", val);
+ return -1;
+ }
+
+ return 0;
+}
+
+static int handle_dm_thinpooldev(char *val, struct device_set *devset)
+{
+ char *tmp_val = NULL;
+
+ if (!util_valid_str(val)) {
+ ERROR("Invalid thinpool device, it must not be empty");
+ isulad_set_error_message("Invalid thinpool device, it must not be empty");
+ return -1;
+ }
+ tmp_val = util_trim_prefice_string(val, "/dev/mapper/");
+ devset->thin_pool_device = util_strdup_s(tmp_val);
+
+ return 0;
+}
+
+static int handle_dm_min_free_space(char *val, struct device_set *devset)
+{
+ long converted = 0;
+ int ret = util_parse_percent_string(val, &converted);
+
+ if (ret != 0 || converted >= 100) {
+ ERROR("Invalid min free space: '%s': %s", val, strerror(-ret));
+ isulad_set_error_message("Invalid min free space: '%s': %s", val, strerror(-ret));
+ return -1;
+ }
+ devset->min_free_space_percent = (uint32_t)converted;
+
+ return 0;
+}
+
+static int handle_dm_basesize(char *val, struct device_set *devset)
+{
+ int64_t converted = 0;
+ int ret = util_parse_byte_size_string(val, &converted);
+
+ if (ret != 0) {
+ ERROR("Invalid size: '%s': %s", val, strerror(-ret));
+ isulad_set_error_message("Invalid size: '%s': %s", val, strerror(-ret));
+ return -1;
+ }
+ if (converted <= 0) {
+ ERROR("dm.basesize is lower than zero");
+ isulad_set_error_message("dm.basesize is lower than zero");
+ return -1;
+ }
+ devset->user_base_size = true;
+ devset->base_fs_size = (uint64_t)converted;
+
+ return 0;
+}
+
+static int handle_dm_mkfsarg(char *val, struct device_set *devset)
+{
+ if (!util_valid_str(val)) {
+ ERROR("Invalid dm.mkfsarg value");
+ isulad_set_error_message("Invalid dm.mkfsarg value");
+ return -1;
+ }
+ if (util_array_append(&devset->mkfs_args, val) != 0) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ devset->mkfs_args_len++;
+
+ return 0;
+}
+
+static int handle_dm_mountopt(char *val, struct device_set *devset)
+{
+ if (!util_valid_str(val)) {
+ ERROR("Invalid dm.mountopt or devicemapper.mountopt value");
+ isulad_set_error_message("Invalid dm.mountopt or devicemapper.mountopt value");
+ return -1;
+ }
+ devset->mount_options = util_strdup_s(val);
+
+ return 0;
+}
+
+static int devmapper_option_exact(const char *name, char *val, struct device_set *devset)
+{
+ size_t i = 0;
+ bool found = false;
+
+ struct devmapper_option_handler handler_jump_table[] = {
+ { "dm.fs", handle_dm_fs },
+ { "dm.thinpooldev", handle_dm_thinpooldev },
+ { "dm.min_free_space", handle_dm_min_free_space },
+ { "dm.basesize", handle_dm_basesize },
+ { "dm.mkfsarg", handle_dm_mkfsarg },
+ { "dm.mountopt", handle_dm_mountopt },
+ { "devicemapper.mountopt", handle_dm_mountopt },
+ };
+
+ for (i = 0; i < sizeof(handler_jump_table)/sizeof(handler_jump_table[0]); i++) {
+ if (strcmp(handler_jump_table[i].name, name) != 0) {
+ continue;
+ }
+ found = true;
+ if (handler_jump_table[i].handle(val, devset) != 0) {
+ ERROR("Failed to handle %s option with %s", name, val);
+ return -1;
+ }
+ break;
+ }
+
+ if (!found) {
+ ERROR("devicemapper: unknown option: '%s'", name);
+ isulad_set_error_message("devicemapper: unknown option: '%s'", name);
+ return -1;
+ }
+
+ return 0;
+}
+
static int devmapper_parse_options(struct device_set *devset, const char **options, size_t options_len)
{
+ int ret = 0;
size_t i = 0;
+ char *dup_option = NULL;
if (devset == NULL) {
ERROR("Invalid input params");
@@ -75,104 +213,38 @@ static int devmapper_parse_options(struct device_set *devset, const char **optio
}
for (i = 0; options != NULL && i < options_len; i++) {
- char *dup = NULL;
char *val = NULL;
- char *tmp_val = NULL;
- int ret = 0;
- int nret = 0;
- dup = util_strdup_s(options[i]);
- if (dup == NULL) {
+ dup_option = util_strdup_s(options[i]);
+ if (dup_option == NULL) {
ERROR("Out of memory");
return -1;
}
- val = strchr(dup, '=');
+ val = strchr(dup_option, '=');
if (val == NULL) {
- ERROR("Unable to parse key/value option: '%s'", dup);
- isulad_set_error_message("Unable to parse key/value option: '%s'", dup);
- free(dup);
- return -1;
+ ERROR("Unable to parse key/value option: '%s'", dup_option);
+ isulad_set_error_message("Unable to parse key/value option: '%s'", dup_option);
+ ret = -1;
+ goto out;
}
+
*val = '\0';
val++;
- if (strcasecmp(dup, "dm.fs") == 0) {
- if (strcmp(val, "ext4") == 0) {
- free(devset->filesystem);
- devset->filesystem = util_strdup_s(val);
- } else {
- ERROR("Invalid filesystem: '%s': not supported", val);
- isulad_set_error_message("Invalid filesystem: '%s': not supported", val);
- ret = -1;
- }
- } else if (strcasecmp(dup, "dm.thinpooldev") == 0) {
- if (!util_valid_str(val)) {
- ERROR("Invalid thinpool device, it must not be empty");
- isulad_set_error_message("Invalid thinpool device, it must not be empty");
- ret = -1;
- goto out;
- }
- tmp_val = util_trim_prefice_string(val, "/dev/mapper/");
- devset->thin_pool_device = util_strdup_s(tmp_val);
- } else if (strcasecmp(dup, "dm.min_free_space") == 0) {
- long converted = 0;
- ret = util_parse_percent_string(val, &converted);
- if (ret != 0 || converted >= 100) {
- ERROR("Invalid min free space: '%s': %s", val, strerror(-ret));
- isulad_set_error_message("Invalid min free space: '%s': %s", val, strerror(-ret));
- ret = -1;
- goto out;
- }
- devset->min_free_space_percent = (uint32_t)converted;
- } else if (strcasecmp(dup, "dm.basesize") == 0) {
- int64_t converted = 0;
- ret = util_parse_byte_size_string(val, &converted);
- if (ret != 0) {
- ERROR("Invalid size: '%s': %s", val, strerror(-ret));
- isulad_set_error_message("Invalid size: '%s': %s", val, strerror(-ret));
- ret = -1;
- goto out;
- }
- if (converted <= 0) {
- ERROR("dm.basesize is lower than zero");
- isulad_set_error_message("dm.basesize is lower than zero");
- ret = -1;
- goto out;
- }
- devset->user_base_size = true;
- devset->base_fs_size = (uint64_t)converted;
- } else if (strcasecmp(dup, "dm.mkfsarg") == 0) {
- if (!util_valid_str(val)) {
- ERROR("Invalid dm.mkfsarg value");
- isulad_set_error_message("Invalid dm.mkfsarg value");
- ret = -1;
- goto out;
- }
- nret = util_array_append(&devset->mkfs_args, val);
- if (nret != 0) {
- ERROR("Out of memory");
- ret = -1;
- goto out;
- }
- devset->mkfs_args_len++;
- } else if (strcasecmp(dup, "dm.mountopt") == 0 || strcasecmp(dup, "devicemapper.mountopt") == 0) {
- if (!util_valid_str(val)) {
- ERROR("Invalid dm.mountopt or devicemapper.mountopt value");
- isulad_set_error_message("Invalid dm.mountopt or devicemapper.mountopt value");
- ret = -1;
- goto out;
- }
- devset->mount_options = util_strdup_s(val);
- } else {
- ERROR("devicemapper: unknown option: '%s'", dup);
- isulad_set_error_message("devicemapper: unknown option: '%s'", dup);
+
+ if (devmapper_option_exact(dup_option, val, devset) != 0) {
+ ERROR("Failed to exact devmapper option: %s", dup_option);
ret = -1;
+ goto out;
}
+
+ free(dup_option);
+ }
+
out:
- free(dup);
- if (ret != 0) {
- return ret;
- }
+ free(dup_option);
+ if (ret != 0) {
+ return ret;
}
return 0;
--
2.32.1 (Apple Git-133)

153
0025-refactor-parse_volume-function.patch
View File

@ -1,153 +0,0 @@
From 4df32783e4a665bd639f8b3ccd1b8860614eefb3 Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Sat, 14 May 2022 15:33:33 +0800
Subject: [PATCH 25/30] refactor parse_volume function
Signed-off-by: wujing <wujing50@huawei.com>
---
src/daemon/modules/spec/parse_volume.c | 91 ++++++++++++++------------
1 file changed, 50 insertions(+), 41 deletions(-)
diff --git a/src/daemon/modules/spec/parse_volume.c b/src/daemon/modules/spec/parse_volume.c
index ef2d58e4..3afa0962 100644
--- a/src/daemon/modules/spec/parse_volume.c
+++ b/src/daemon/modules/spec/parse_volume.c
@@ -341,22 +341,60 @@ static int check_volume_element(const char *volume)
return ret;
}
+static int set_volume_element_options(defs_mount *mount_element, const char **modes)
+{
+ const size_t max_options_len = 4;
+ size_t options_len = 0;
+ size_t i = 0;
+ bool with_rw = false;
+ bool with_pro = false;
+ bool with_label = false;
+
+ mount_element->options = util_common_calloc_s(max_options_len * sizeof(char *));
+ if (mount_element->options == NULL) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ options_len = util_array_len((const char **)modes);
+ if (options_len > max_options_len) {
+ ERROR("Invalid volume element options");
+ return -1;
+ }
+
+ for (i = 0; i < options_len; i++) {
+ if (util_valid_rw_mode(modes[i])) {
+ with_rw = true;
+ mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]);
+ } else if (util_valid_propagation_mode(modes[i])) {
+ with_pro = true;
+ mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]);
+ } else if (util_valid_label_mode(modes[i])) {
+ with_label = true;
+ mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]);
+ } else if (util_valid_copy_mode(modes[i])) {
+ mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]);
+ }
+ }
+
+ if (append_default_mount_options(mount_element, with_rw, with_pro, with_label) != 0) {
+ ERROR("Failed to append default mount options");
+ return -1;
+ }
+
+ return 0;
+}
+
defs_mount *parse_volume(const char *volume)
{
int ret = 0;
- size_t i = 0;
- size_t mlen = 0;
defs_mount *mount_element = NULL;
char **modes = NULL;
char path[PATH_MAX] = { 0x00 };
- char *rw = NULL;
- char *pro = NULL;
- char *label = NULL;
- size_t max_options_len = 4;
- char *nocopy = NULL;
ret = check_volume_element(volume);
if (ret != 0) {
+ ERROR("Invalid volume element");
goto free_out;
}
@@ -368,22 +406,10 @@ defs_mount *parse_volume(const char *volume)
ret = get_src_dst_mode_by_volume(volume, mount_element, &modes);
if (ret != 0) {
+ ERROR("Failed to parse volume");
goto free_out;
}
- mlen = util_array_len((const char **)modes);
- for (i = 0; i < mlen; i++) {
- if (util_valid_rw_mode(modes[i])) {
- rw = modes[i];
- } else if (util_valid_propagation_mode(modes[i])) {
- pro = modes[i];
- } else if (util_valid_label_mode(modes[i])) {
- label = modes[i];
- } else if (util_valid_copy_mode(modes[i])) {
- nocopy = modes[i];
- }
- }
-
if (!util_clean_path(mount_element->destination, path, sizeof(path))) {
ERROR("Failed to get clean path");
ret = -1;
@@ -402,25 +428,6 @@ defs_mount *parse_volume(const char *volume)
mount_element->source = util_strdup_s(path);
}
- mount_element->options = util_common_calloc_s(max_options_len * sizeof(char *));
- if (mount_element->options == NULL) {
- ERROR("Out of memory");
- mount_element->options_len = 0;
- ret = -1;
- goto free_out;
- }
- if (rw != NULL) {
- mount_element->options[mount_element->options_len++] = util_strdup_s(rw);
- }
- if (pro != NULL) {
- mount_element->options[mount_element->options_len++] = util_strdup_s(pro);
- }
- if (label != NULL) {
- mount_element->options[mount_element->options_len++] = util_strdup_s(label);
- }
- if (nocopy != NULL) {
- mount_element->options[mount_element->options_len++] = util_strdup_s(nocopy);
- }
if (mount_element->source != NULL && mount_element->source[0] == '/') {
mount_element->type = util_strdup_s(MOUNT_TYPE_BIND);
} else {
@@ -430,13 +437,15 @@ defs_mount *parse_volume(const char *volume)
}
}
- ret = check_mount_element(volume, mount_element);
+ ret = set_volume_element_options(mount_element, (const char **)modes);
if (ret != 0) {
+ ERROR("Failed to set volume element options");
goto free_out;
}
- ret = append_default_mount_options(mount_element, rw != NULL, pro != NULL, label != NULL);
+ ret = check_mount_element(volume, mount_element);
if (ret != 0) {
+ ERROR("Invalid mount element");
goto free_out;
}
--
2.32.1 (Apple Git-133)

93
0026-fix-parse-volume-failed.patch
View File

@ -1,93 +0,0 @@
From fdb731d7a272eb1574ef31b058beffbefffa1eb2 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Wed, 18 May 2022 10:30:35 +0800
Subject: [PATCH 26/30] fix parse volume failed
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/daemon/modules/spec/parse_volume.c | 28 ++++++++++++++------------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/src/daemon/modules/spec/parse_volume.c b/src/daemon/modules/spec/parse_volume.c
index 3afa0962..7b02f6ca 100644
--- a/src/daemon/modules/spec/parse_volume.c
+++ b/src/daemon/modules/spec/parse_volume.c
@@ -341,14 +341,12 @@ static int check_volume_element(const char *volume)
return ret;
}
-static int set_volume_element_options(defs_mount *mount_element, const char **modes)
+static int set_volume_element_options(defs_mount *mount_element, const char **modes, bool *with_rw,
+ bool *with_pro, bool *with_label)
{
const size_t max_options_len = 4;
size_t options_len = 0;
size_t i = 0;
- bool with_rw = false;
- bool with_pro = false;
- bool with_label = false;
mount_element->options = util_common_calloc_s(max_options_len * sizeof(char *));
if (mount_element->options == NULL) {
@@ -364,30 +362,28 @@ static int set_volume_element_options(defs_mount *mount_element, const char **mo
for (i = 0; i < options_len; i++) {
if (util_valid_rw_mode(modes[i])) {
- with_rw = true;
+ *with_rw = true;
mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]);
} else if (util_valid_propagation_mode(modes[i])) {
- with_pro = true;
+ *with_pro = true;
mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]);
} else if (util_valid_label_mode(modes[i])) {
- with_label = true;
+ *with_label = true;
mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]);
} else if (util_valid_copy_mode(modes[i])) {
mount_element->options[mount_element->options_len++] = util_strdup_s(modes[i]);
}
}
- if (append_default_mount_options(mount_element, with_rw, with_pro, with_label) != 0) {
- ERROR("Failed to append default mount options");
- return -1;
- }
-
return 0;
}
defs_mount *parse_volume(const char *volume)
{
int ret = 0;
+ bool with_rw = false;
+ bool with_pro = false;
+ bool with_label = false;
defs_mount *mount_element = NULL;
char **modes = NULL;
char path[PATH_MAX] = { 0x00 };
@@ -437,7 +433,7 @@ defs_mount *parse_volume(const char *volume)
}
}
- ret = set_volume_element_options(mount_element, (const char **)modes);
+ ret = set_volume_element_options(mount_element, (const char **)modes, &with_rw, &with_pro, &with_label);
if (ret != 0) {
ERROR("Failed to set volume element options");
goto free_out;
@@ -449,6 +445,12 @@ defs_mount *parse_volume(const char *volume)
goto free_out;
}
+ ret = append_default_mount_options(mount_element, with_rw, with_pro, with_label);
+ if (ret != 0) {
+ ERROR("Failed to append default mount options");
+ goto free_out;
+ }
+
free_out:
util_free_array(modes);
if (ret != 0) {
--
2.32.1 (Apple Git-133)

2106
0027-use-util_smart_calloc_t-to-prevent-overflow.patch
View File

File diff suppressed because it is too large Load Diff

41
0028-increase-websocket-lws_lookup-size.patch
View File

@ -1,41 +0,0 @@
From 2ca552a7faee850c6cfdccc4625b4459add56074 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 21 Jun 2022 17:34:23 +0800
Subject: [PATCH 28/30] increase websocket lws_lookup size
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/daemon/entry/cri/websocket/service/ws_server.cc | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc
index 0e462737..98c0fee0 100644
--- a/src/daemon/entry/cri/websocket/service/ws_server.cc
+++ b/src/daemon/entry/cri/websocket/service/ws_server.cc
@@ -187,7 +187,13 @@ void WebsocketServer::EmitLog(int level, const char *line)
int WebsocketServer::CreateContext()
{
- const size_t WS_ULIMIT_FDS { 1024 };
+ /*
+ context->lws_lookup is allocated ( sizeof(struct lws *) * max_fds ) spaces,
+ In general, max_fds should be the process maximum number of open file descriptor.
+ If WS_ULIMIT_FDS set too large, context->lws_lookup will cost too much memory.
+ If WS_ULIMIT_FDS set too small, maybe fd > max_fds and context->lws_lookup[fd] will overflow.
+ */
+ const size_t WS_ULIMIT_FDS { 10240 };
m_url.SetScheme("ws");
m_url.SetHost("localhost:" + std::to_string(m_listenPort));
@@ -208,7 +214,7 @@ int WebsocketServer::CreateContext()
/* daemon set RLIMIT_NOFILE to a large value at main.c,
* belowing lws_create_context limit the fds of websocket to RLIMIT_NOFILE,
- * and malloced memory according to it. To reduce memory, we recover it to 1024 before create m_context.
+ * and malloced memory according to it. To reduce memory, we recover it to WS_ULIMIT_FDS before create m_context.
*/
rlimit oldLimit, newLimit;
newLimit.rlim_cur = WS_ULIMIT_FDS;
--
2.32.1 (Apple Git-133)

88
0029-fix-misuse-of-BUFSIZ.patch
View File

@ -1,88 +0,0 @@
From 3bc72738519d6f38674c7ce8b9d89a9a5e160ae6 Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Tue, 21 Jun 2022 19:15:12 +0800
Subject: [PATCH 29/30] fix misuse of BUFSIZ
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
src/daemon/common/err_msg.c | 6 +++---
src/daemon/entry/cri/errors.cc | 3 +--
src/utils/cutils/error.h | 3 +--
src/utils/cutils/utils.c | 2 +-
4 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/src/daemon/common/err_msg.c b/src/daemon/common/err_msg.c
index 3e62fad6..531af82b 100644
--- a/src/daemon/common/err_msg.c
+++ b/src/daemon/common/err_msg.c
@@ -38,7 +38,7 @@ void isulad_set_error_message(const char *format, ...)
ret = vsnprintf(errbuf, BUFSIZ, format, argp);
va_end(argp);
- if (ret < 0 || ret >= BUFSIZ) {
+ if (ret < 0) {
return;
}
@@ -61,7 +61,7 @@ void isulad_try_set_error_message(const char *format, ...)
ret = vsnprintf(errbuf, BUFSIZ, format, argp);
va_end(argp);
- if (ret < 0 || ret >= BUFSIZ) {
+ if (ret < 0) {
return;
}
@@ -80,7 +80,7 @@ void isulad_append_error_message(const char *format, ...)
ret = vsnprintf(errbuf, BUFSIZ, format, argp);
va_end(argp);
- if (ret < 0 || ret >= BUFSIZ) {
+ if (ret < 0) {
return;
}
result = util_string_append(g_isulad_errmsg, errbuf);
diff --git a/src/daemon/entry/cri/errors.cc b/src/daemon/entry/cri/errors.cc
index a80ca433..3dc3bba6 100644
--- a/src/daemon/entry/cri/errors.cc
+++ b/src/daemon/entry/cri/errors.cc
@@ -117,8 +117,7 @@ void Errors::Errorf(const char *fmt, ...)
ret = vsnprintf(errbuf, BUFSIZ, fmt, argp);
va_end(argp);
- if (ret < 0 || ret >= BUFSIZ) {
- m_message = "Error message is too long";
+ if (ret < 0) {
return;
}
diff --git a/src/utils/cutils/error.h b/src/utils/cutils/error.h
index 28ad5dec..5a8dca99 100644
--- a/src/utils/cutils/error.h
+++ b/src/utils/cutils/error.h
@@ -64,8 +64,7 @@ static inline void format_errorf(char **err, const char *format, ...)
ret = vsnprintf(errbuf, BUFSIZ, format, argp);
va_end(argp);
- if (ret < 0 || ret >= BUFSIZ) {
- *err = util_strdup_s("Error is too long!!!");
+ if (ret < 0) {
return;
}
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index a47c5644..010f48b9 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -516,7 +516,7 @@ static void set_stderr_buf(char **stderr_buf, const char *format, ...)
int nret = vsnprintf(errbuf, BUFSIZ, format, argp);
va_end(argp);
- if (nret < 0 || nret >= BUFSIZ) {
+ if (nret < 0) {
return;
}
--
2.32.1 (Apple Git-133)

102
0030-gc-considers-stored-monitor-pid.patch
View File

@ -1,102 +0,0 @@
From 255208ba96242caed274a9659d6db2df51616d1b Mon Sep 17 00:00:00 2001
From: vegbir <yangjiaqi16@huawei.com>
Date: Tue, 21 Jun 2022 22:06:53 +0800
Subject: [PATCH 30/30] gc considers stored monitor pid
---
.../modules/container/restore/restore.c | 42 +++++++++++++++----
1 file changed, 34 insertions(+), 8 deletions(-)
diff --git a/src/daemon/modules/container/restore/restore.c b/src/daemon/modules/container/restore/restore.c
index a7ee11a2..aca17a15 100644
--- a/src/daemon/modules/container/restore/restore.c
+++ b/src/daemon/modules/container/restore/restore.c
@@ -98,12 +98,17 @@ out:
}
/* post stopped container to gc */
-static int post_stopped_container_to_gc(const char *id, const char *runtime, const char *statepath, uint32_t pid)
+static int post_stopped_container_to_gc(const char *id, const char *runtime, const char *statepath,
+ const pid_ppid_info_t *old_pid_info)
{
int ret = 0;
pid_ppid_info_t pid_info = { 0 };
- (void)util_read_pid_ppid_info(pid, &pid_info);
+ (void)util_read_pid_ppid_info(old_pid_info->pid, &pid_info);
+ if (pid_info.ppid == 0) {
+ pid_info.ppid = old_pid_info->ppid;
+ pid_info.pstart_time = old_pid_info->pstart_time;
+ }
if (gc_add_container(id, runtime, &pid_info)) {
ERROR("Failed to post container %s to garbage collector", id);
@@ -177,13 +182,17 @@ static void try_to_set_container_running(Container_Status status, container_t *c
static void restore_stopped_container(Container_Status status, const container_t *cont)
{
const char *id = cont->common_config->id;
- pid_t pid = 0;
+ pid_ppid_info_t pid_info = { 0 };
if (status != CONTAINER_STATUS_STOPPED && status != CONTAINER_STATUS_CREATED) {
if (util_process_alive(cont->state->state->pid, cont->state->state->start_time)) {
- pid = cont->state->state->pid;
+ pid_info.pid = cont->state->state->pid;
+ }
+ if (util_process_alive(cont->state->state->p_pid, cont->state->state->p_start_time)) {
+ pid_info.ppid = cont->state->state->p_pid;
+ pid_info.pstart_time = cont->state->state->p_start_time;
}
- int nret = post_stopped_container_to_gc(id, cont->runtime, cont->state_path, pid);
+ int nret = post_stopped_container_to_gc(id, cont->runtime, cont->state_path, &pid_info);
if (nret != 0) {
ERROR("Failed to post container %s to garbage"
"collector, that may lost some resources"
@@ -207,7 +216,13 @@ static void restore_running_container(Container_Status status, container_t *cont
container_state_reset_has_been_manual_stopped(cont->state);
} else {
ERROR("Failed to restore container:%s due to unable to read container pid information", id);
- nret = post_stopped_container_to_gc(id, cont->runtime, cont->state_path, 0);
+ pid_info.pid = 0;
+ pid_info.start_time = 0;
+ if (util_process_alive(cont->state->state->p_pid, cont->state->state->p_start_time)) {
+ pid_info.ppid = cont->state->state->p_pid;
+ pid_info.pstart_time = cont->state->state->p_start_time;
+ }
+ nret = post_stopped_container_to_gc(id, cont->runtime, cont->state_path, &pid_info);
if (nret != 0) {
ERROR("Failed to post container %s to garbage"
"collector, that may lost some resources"
@@ -233,7 +248,13 @@ static void restore_paused_container(Container_Status status, container_t *cont,
container_state_reset_has_been_manual_stopped(cont->state);
} else {
ERROR("Failed to restore container:%s due to unable to read container pid information", id);
- nret = post_stopped_container_to_gc(id, cont->runtime, cont->state_path, 0);
+ pid_info.pid = 0;
+ pid_info.start_time = 0;
+ if (util_process_alive(cont->state->state->p_pid, cont->state->state->p_start_time)) {
+ pid_info.ppid = cont->state->state->p_pid;
+ pid_info.pstart_time = cont->state->state->p_start_time;
+ }
+ nret = post_stopped_container_to_gc(id, cont->runtime, cont->state_path, &pid_info);
if (nret != 0) {
ERROR("Failed to post container %s to garbage"
"collector, that may lost some resources"
@@ -385,8 +406,13 @@ static void handle_restored_container()
if (container_is_running(cont->state)) {
if (restore_supervisor(cont) != 0) {
ERROR("Failed to restore %s supervisor, set state to stopped", id);
+ pid_ppid_info_t pid_info = { 0 };
+ if (util_process_alive(cont->state->state->p_pid, cont->state->state->p_start_time)) {
+ pid_info.ppid = cont->state->state->p_pid;
+ pid_info.pstart_time = cont->state->state->p_start_time;
+ }
container_state_set_stopped(cont->state, 255);
- if (post_stopped_container_to_gc(id, cont->runtime, cont->state_path, 0) != 0) {
+ if (post_stopped_container_to_gc(id, cont->runtime, cont->state_path, &pid_info) != 0) {
ERROR("Failed to post container %s to garbage"
"collector, that may lost some resources"
"used with container!",
--
2.32.1 (Apple Git-133)

40
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.0.14
%global _release 11
%global _version 2.0.15
%global _release 1
%global is_systemd 1
%global enable_shimv2 1
%global is_embedded 1
@ -13,36 +13,6 @@ URL: https://gitee.com/openeuler/iSulad
Source: https://gitee.com/openeuler/iSulad/repository/archive/v%{version}.tar.gz
BuildRoot: {_tmppath}/iSulad-%{version}
Patch0001: 0001-do-not-mkdir-of-isulad-if-no-controller-found.patch
Patch0002: 0002-fix-install-error-when-android.patch
Patch0003: 0003-imp-fuzz-for-pw-gr-parser.patch
Patch0004: 0004-improve-fuzz-test.patch
Patch0005: 0005-Seccomp-optimization.patch
Patch0006: 0006-fix-different-type-convert.patch
Patch0007: 0007-add-pointer-parameters-NULL-check.patch
Patch0008: 0008-add-check-to-arguments.patch
Patch0009: 0009-remove-static-of-strlncat.patch
Patch0010: 0010-remove-check-parameter-label_opts-in-init_label.patch
Patch0011: 0011-update-seccomp-to-Linux-5.10-syscall-list.patch
Patch0012: 0012-fix-invalid-convert-and-format.patch
Patch0013: 0013-fix-get_network_namespace_path-check.patch
Patch0014: 0014-bugfix-for-double-free-and-use-after-free.patch
Patch0015: 0015-fix-isulad-shim-coredump-when-remove-ioc-fd-node.patch
Patch0016: 0016-do-not-fail-if-pw-is-not-NULL.patch
Patch0017: 0017-do-not-fail-if-gr-is-NULL.patch
Patch0018: 0018-fix-memory-leak-of-remove-layer.patch
Patch0019: 0019-add-null-terminal-at-end-of-gr-mem-list.patch
Patch0020: 0020-fix-shm-size-set-invalid-when-reboot.patch
Patch0021: 0021-set-the-name-of-each-container-and-image-operation-t.patch
Patch0022: 0022-set-the-name-of-each-container-and-image-operation-t.patch
Patch0023: 0023-fix-inspect-f-error-when-bionic.patch
Patch0024: 0024-refactor-devmapper_parse_options-function.patch
Patch0025: 0025-refactor-parse_volume-function.patch
Patch0026: 0026-fix-parse-volume-failed.patch
Patch0027: 0027-use-util_smart_calloc_t-to-prevent-overflow.patch
Patch0028: 0028-increase-websocket-lws_lookup-size.patch
Patch0029: 0029-fix-misuse-of-BUFSIZ.patch
Patch0030: 0030-gc-considers-stored-monitor-pid.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -270,6 +240,12 @@ fi
%endif
%changelog
* Fri Jul 8 2022 haozi007 <liuhao27@huawei.com> - 2.0.15-1
- Type: enhancement
- ID: NA
- SUG: NA
- DESC: update version to v2.0.15
* Fri Jul 8 2022 haozi007 <liuhao27@huawei.com> - 2.0.14-11
- Type: enhancement
- ID: NA

BIN
v2.0.14.tar.gz → v2.0.15.tar.gz
View File

Binary file not shown.