github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-28 08:17:37 +00:00
Code Issues Projects Releases Wiki Activity

agent: fix panic on malformed device resource in container update

Browse Source 
Somehow containerd is sending a malformed device in update API. While it
should not happen, we should not panic either.

Fixes: #946
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
This commit is contained in:
Peng Tao 2020-10-14 12:50:38 +08:00
parent 183823398d
commit b33d4fe708
1 changed files with 23 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/agent/rustjail/src/cgroups/fs/mod.rs
View File

@ -266,18 +266,21 @@ fn set_devices_resources(
let mut devices = vec![]; let mut devices = vec![];
for d in device_resources.iter() { for d in device_resources.iter() {
let dev = linux_device_group_to_cgroup_device(&d); if let Some(dev) = linux_device_group_to_cgroup_device(&d) {
devices.push(dev); devices.push(dev);
}
} }
for d in DEFAULT_DEVICES.iter() { for d in DEFAULT_DEVICES.iter() {
let dev = linux_device_to_cgroup_device(&d); if let Some(dev) = linux_device_to_cgroup_device(&d) {
devices.push(dev); devices.push(dev);
}
} }
for d in DEFAULT_ALLOWED_DEVICES.iter() { for d in DEFAULT_ALLOWED_DEVICES.iter() {
let dev = linux_device_group_to_cgroup_device(&d); if let Some(dev) = linux_device_group_to_cgroup_device(&d) {
devices.push(dev); devices.push(dev);
}
} }
res.devices.update_values = true; res.devices.update_values = true;
@ -465,8 +468,11 @@ fn build_blk_io_device_throttle_resource(
blk_io_device_throttle_resources blk_io_device_throttle_resources
} }
fn linux_device_to_cgroup_device(d: &LinuxDevice) -> DeviceResource { fn linux_device_to_cgroup_device(d: &LinuxDevice) -> Option<DeviceResource> {
let dev_type = DeviceType::from_char(d.r#type.chars().next()).unwrap(); let dev_type = match DeviceType::from_char(d.r#type.chars().next()) {
Some(t) => t,
None => return None,
};
let permissions = vec![ let permissions = vec![
DevicePermissions::Read, DevicePermissions::Read,
@ -474,17 +480,20 @@ fn linux_device_to_cgroup_device(d: &LinuxDevice) -> DeviceResource {
DevicePermissions::MkNod, DevicePermissions::MkNod,
]; ];
DeviceResource { Some(DeviceResource {
allow: true, allow: true,
devtype: dev_type, devtype: dev_type,
major: d.major, major: d.major,
minor: d.minor, minor: d.minor,
access: permissions, access: permissions,
} })
} }
fn linux_device_group_to_cgroup_device(d: &LinuxDeviceCgroup) -> DeviceResource { fn linux_device_group_to_cgroup_device(d: &LinuxDeviceCgroup) -> Option<DeviceResource> {
let dev_type = DeviceType::from_char(d.r#type.chars().next()).unwrap(); let dev_type = match DeviceType::from_char(d.r#type.chars().next()) {
Some(t) => t,
None => return None,
};
let mut permissions: Vec<DevicePermissions> = vec![]; let mut permissions: Vec<DevicePermissions> = vec![];
for p in d.access.chars().collect::<Vec<char>>() { for p in d.access.chars().collect::<Vec<char>>() {
@ -496,13 +505,13 @@ fn linux_device_group_to_cgroup_device(d: &LinuxDeviceCgroup) -> DeviceResource
} }
} }
DeviceResource { Some(DeviceResource {
allow: d.allow, allow: d.allow,
devtype: dev_type, devtype: dev_type,
major: d.major.unwrap_or(0), major: d.major.unwrap_or(0),
minor: d.minor.unwrap_or(0), minor: d.minor.unwrap_or(0),
access: permissions, access: permissions,
} })
} }
// split space separated values into an vector of u64 // split space separated values into an vector of u64