mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-05-11 18:05:43 +00:00
grpc: fix the issue of potential crashes
It's better to check whether the sandbox's get_container result instead of unwrap it directly, otherwise it would crash the agent if the conainer id is invalid. Fixes: #178 Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
This commit is contained in:
fupan.lfp
parent
32431d701c
commit
ba3c732f86
@ -188,7 +188,12 @@ impl agentService {
|
|||||||
if req.timeout == 0 {
|
if req.timeout == 0 {
|
||||||
let s = Arc::clone(&self.sandbox);
|
let s = Arc::clone(&self.sandbox);
|
||||||
let mut sandbox = s.lock().unwrap();
|
let mut sandbox = s.lock().unwrap();
|
||||||
let ctr = sandbox.get_container(cid.as_str()).unwrap();
|
let ctr: &mut LinuxContainer = match sandbox.get_container(cid.as_str()) {
|
||||||
|
Some(cr) => cr,
|
||||||
|
None => {
|
||||||
|
return Err(ErrorKind::Nix(nix::Error::from_errno(Errno::EINVAL)).into());
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
ctr.destroy()?;
|
ctr.destroy()?;
|
||||||
|
|
||||||
@ -223,7 +228,12 @@ impl agentService {
|
|||||||
|
|
||||||
let handle = thread::spawn(move || {
|
let handle = thread::spawn(move || {
|
||||||
let mut sandbox = s.lock().unwrap();
|
let mut sandbox = s.lock().unwrap();
|
||||||
let ctr = sandbox.get_container(cid2.as_str()).unwrap();
|
let ctr: &mut LinuxContainer = match sandbox.get_container(cid2.as_str()) {
|
||||||
|
Some(cr) => cr,
|
||||||
|
None => {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
ctr.destroy().unwrap();
|
ctr.destroy().unwrap();
|
||||||
tx.send(1).unwrap();
|
tx.send(1).unwrap();
|
||||||
@ -371,7 +381,13 @@ impl agentService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
let mut sandbox = s.lock().unwrap();
|
let mut sandbox = s.lock().unwrap();
|
||||||
let ctr = sandbox.get_container(cid.as_str()).unwrap();
|
let ctr: &mut LinuxContainer = match sandbox.get_container(cid.as_str()) {
|
||||||
|
Some(cr) => cr,
|
||||||
|
None => {
|
||||||
|
return Err(ErrorKind::Nix(nix::Error::from_errno(Errno::EINVAL)).into());
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
// need to close all fds
|
// need to close all fds
|
||||||
let mut p = ctr.processes.get_mut(&pid).unwrap();
|
let mut p = ctr.processes.get_mut(&pid).unwrap();
|
||||||
|
|
||||||
@ -657,7 +673,20 @@ impl protocols::agent_grpc::AgentService for agentService {
|
|||||||
let s = Arc::clone(&self.sandbox);
|
let s = Arc::clone(&self.sandbox);
|
||||||
let mut sandbox = s.lock().unwrap();
|
let mut sandbox = s.lock().unwrap();
|
||||||
|
|
||||||
let ctr = sandbox.get_container(cid.as_str()).unwrap();
|
let ctr: &mut LinuxContainer = match sandbox.get_container(cid.as_str()) {
|
||||||
|
Some(cr) => cr,
|
||||||
|
None => {
|
||||||
|
let f = sink
|
||||||
|
.fail(RpcStatus::new(
|
||||||
|
RpcStatusCode::InvalidArgument,
|
||||||
|
Some(String::from("invalid container id")),
|
||||||
|
))
|
||||||
|
.map_err(|_e| error!(sl!(), "invalid container id!"));
|
||||||
|
ctx.spawn(f);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
let pids = ctr.processes().unwrap();
|
let pids = ctr.processes().unwrap();
|
||||||
|
|
||||||
match format.as_str() {
|
match format.as_str() {
|
||||||
@ -750,7 +779,19 @@ impl protocols::agent_grpc::AgentService for agentService {
|
|||||||
let s = Arc::clone(&self.sandbox);
|
let s = Arc::clone(&self.sandbox);
|
||||||
let mut sandbox = s.lock().unwrap();
|
let mut sandbox = s.lock().unwrap();
|
||||||
|
|
||||||
let ctr = sandbox.get_container(cid.as_str()).unwrap();
|
let ctr: &mut LinuxContainer = match sandbox.get_container(cid.as_str()) {
|
||||||
|
Some(cr) => cr,
|
||||||
|
None => {
|
||||||
|
let f = sink
|
||||||
|
.fail(RpcStatus::new(
|
||||||
|
RpcStatusCode::Internal,
|
||||||
|
Some("invalid container id".to_string()),
|
||||||
|
))
|
||||||
|
.map_err(|_e| error!(sl!(), "invalid container id!"));
|
||||||
|
ctx.spawn(f);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
let resp = Empty::new();
|
let resp = Empty::new();
|
||||||
|
|
||||||
@ -788,7 +829,19 @@ impl protocols::agent_grpc::AgentService for agentService {
|
|||||||
let s = Arc::clone(&self.sandbox);
|
let s = Arc::clone(&self.sandbox);
|
||||||
let mut sandbox = s.lock().unwrap();
|
let mut sandbox = s.lock().unwrap();
|
||||||
|
|
||||||
let ctr = sandbox.get_container(cid.as_str()).unwrap();
|
let ctr: &mut LinuxContainer = match sandbox.get_container(cid.as_str()) {
|
||||||
|
Some(cr) => cr,
|
||||||
|
None => {
|
||||||
|
let f = sink
|
||||||
|
.fail(RpcStatus::new(
|
||||||
|
RpcStatusCode::Internal,
|
||||||
|
Some("invalid container id!".to_string()),
|
||||||
|
))
|
||||||
|
.map_err(|_e| error!(sl!(), "invalid container id!"));
|
||||||
|
ctx.spawn(f);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
let resp = match ctr.stats() {
|
let resp = match ctr.stats() {
|
||||||
Err(_e) => {
|
Err(_e) => {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user