github/multus-cni
1
0
Fork 1
mirror of https://github.com/k8snetworkplumbingwg/multus-cni.git synced 2025-06-25 15:21:42 +00:00
Code Issues Projects Releases Wiki Activity

Add mutex lock for load confs in GetDefaultNetworks (#1073)

Browse Source 
Thick server's chroot mutex is missing in GetDefaultNetworks,
that touch the pod filesystem. This change adds mutex lock there
and prevent race condition.

Fix #1072
This commit is contained in:
Tomofumi Hayashi 2023-04-13 22:40:16 +09:00 committed by GitHub
parent 487c6fcec4
commit 7c22973f9f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/k8sclient/k8sclient.go
View File

@ -542,6 +542,13 @@ func getNetDelegate(client *ClientInfo, pod *v1.Pod, netname, confdir, namespace
} }
// option2) search CNI json config file, which has <netname> as CNI name, from confDir // option2) search CNI json config file, which has <netname> as CNI name, from confDir
// acquire lock to access file
if types.ChrootMutex != nil {
types.ChrootMutex.Lock()
defer types.ChrootMutex.Unlock()
}
configBytes, err = netutils.GetCNIConfigFromFile(netname, confdir) configBytes, err = netutils.GetCNIConfigFromFile(netname, confdir)
if err == nil { if err == nil {
delegate, err := types.LoadDelegateNetConf(configBytes, nil, "", "") delegate, err := types.LoadDelegateNetConf(configBytes, nil, "", "")
@ -551,6 +558,12 @@ func getNetDelegate(client *ClientInfo, pod *v1.Pod, netname, confdir, namespace
return delegate, resourceMap, nil return delegate, resourceMap, nil
} }
} else { } else {
// acquire lock to access file
if types.ChrootMutex != nil {
types.ChrootMutex.Lock()
defer types.ChrootMutex.Unlock()
}
fInfo, err := os.Stat(netname) fInfo, err := os.Stat(netname)
if err != nil { if err != nil {
return nil, resourceMap, err return nil, resourceMap, err

4
pkg/server/server.go
View File

@ -136,10 +136,12 @@ func NewCNIServer(daemonConfig *ControllerNetConf, serverConfig []byte) (*Server
exec := invoke.Exec(nil) exec := invoke.Exec(nil)
if daemonConfig.ChrootDir != "" { if daemonConfig.ChrootDir != "" {
exec = &ChrootExec{ chrootExec := &ChrootExec{
Stderr: os.Stderr, Stderr: os.Stderr,
chrootDir: daemonConfig.ChrootDir, chrootDir: daemonConfig.ChrootDir,
} }
types.ChrootMutex = &chrootExec.mu
exec = chrootExec
logging.Verbosef("server configured with chroot: %s", daemonConfig.ChrootDir) logging.Verbosef("server configured with chroot: %s", daemonConfig.ChrootDir)
} }

4
pkg/types/conf.go
View File

@ -21,6 +21,7 @@ import (
"net" "net"
"os" "os"
"strings" "strings"
"sync"
"github.com/containernetworking/cni/libcni" "github.com/containernetworking/cni/libcni"
"github.com/containernetworking/cni/pkg/skel" "github.com/containernetworking/cni/pkg/skel"
@ -39,6 +40,9 @@ const (
defaultNonIsolatedNamespace = "default" defaultNonIsolatedNamespace = "default"
) )
// ChrootMutex provides lock to access host filesystem
var ChrootMutex *sync.Mutex
// LoadDelegateNetConfList reads DelegateNetConf from bytes // LoadDelegateNetConfList reads DelegateNetConf from bytes
func LoadDelegateNetConfList(bytes []byte, delegateConf *DelegateNetConf) error { func LoadDelegateNetConfList(bytes []byte, delegateConf *DelegateNetConf) error {
logging.Debugf("LoadDelegateNetConfList: %s, %v", string(bytes), delegateConf) logging.Debugf("LoadDelegateNetConfList: %s, %v", string(bytes), delegateConf)