Skip to content

L
lxc
Unverified Commit 3aa3407f by Stéphane Graber Committed by GitHub
Options

Merge pull request #3595 from brauner/2020-12-08/fixes

tree-wide: fixes
parents 0c9621be c3e48967
Showing with 185 additions and 223 deletions
src/lxc/cgroups/cgfsng.c
......@@ -2749,9 +2749,6 @@ static int device_cgroup_rule_parse_devpath(struct device_item *device,
if (device_cgroup_parse_access(device, mode) < 0)
return -1;
if (n_parts == 1)
return ret_set_errno(-1, EINVAL);
ret = stat(path, &sb);
if (ret < 0)
return ret_set_errno(-1, errno);
......
src/lxc/cmd/lxc_init.c
......@@ -479,7 +479,7 @@ int main(int argc, char *argv[])
break;
}
default:
ret = kill(pid, was_interrupted);
kill(pid, was_interrupted);
break;
}
ret = EXIT_SUCCESS;
......
src/lxc/conf.c
......@@ -1201,7 +1201,9 @@ static int lxc_fill_autodev(const struct lxc_rootfs *rootfs)
}
/* Fallback to bind-mounting the device from the host. */
snprintf(hostpath, sizeof(hostpath), "/dev/%s", device->name);
ret = snprintf(hostpath, sizeof(hostpath), "/dev/%s", device->name);
if (ret < 0 || (size_t)ret >= sizeof(hostpath))
return ret_errno(EIO);
ret = safe_mount_beneath_at(dev_dir_fd, hostpath, device->name, NULL, MS_BIND, NULL);
if (ret < 0) {
......
src/lxc/conf.h
......@@ -19,6 +19,7 @@
#include "config.h"
#include "list.h"
#include "lxcseccomp.h"
#include "memory_utils.h"
#include "ringbuf.h"
#include "start.h"
#include "terminal.h"
......@@ -69,6 +70,16 @@ struct lxc_cgroup {
};
};
static void free_lxc_cgroup(struct lxc_cgroup *ptr)
{
if (ptr) {
free(ptr->subsystem);
free(ptr->value);
free_disarm(ptr);
}
}
define_cleanup_function(struct lxc_cgroup *, free_lxc_cgroup);
#if !HAVE_SYS_RESOURCE_H
#define RLIM_INFINITY ((unsigned long)-1)
struct rlimit {
......@@ -87,6 +98,15 @@ struct lxc_limit {
struct rlimit limit;
};
static void free_lxc_limit(struct lxc_limit *ptr)
{
if (ptr) {
free(ptr->resource);
free_disarm(ptr);
}
}
define_cleanup_function(struct lxc_limit *, free_lxc_limit);
enum idtype {
ID_TYPE_UID,
ID_TYPE_GID
......@@ -102,6 +122,16 @@ struct lxc_sysctl {
char *value;
};
static void free_lxc_sysctl(struct lxc_sysctl *ptr)
{
if (ptr) {
free(ptr->key);
free(ptr->value);
free_disarm(ptr);
}
}
define_cleanup_function(struct lxc_sysctl *, free_lxc_sysctl);
/*
* Defines a structure to configure proc filesystem at runtime.
* @filename : the proc filesystem will be configured without the "lxc.proc" prefix
......@@ -112,6 +142,16 @@ struct lxc_proc {
char *value;
};
static void free_lxc_proc(struct lxc_proc *ptr)
{
if (ptr) {
free(ptr->filename);
free(ptr->value);
free_disarm(ptr);
}
}
define_cleanup_function(struct lxc_proc *, free_lxc_proc);
/*
* id_map is an id map entry. Form in confile is:
* lxc.idmap = u 0 9800 100
......
src/lxc/confile_utils.h
......@@ -9,24 +9,22 @@
#include "conf.h"
#include "confile_utils.h"
#define strprint(str, inlen, ...) \
do { \
if (str) \
len = snprintf(str, inlen, ##__VA_ARGS__); \
else \
len = snprintf((char *){""}, 0, ##__VA_ARGS__); \
if (len < 0) { \
SYSERROR("failed to create string"); \
return -1; \
}; \
fulllen += len; \
if (inlen > 0) { \
if (str) \
str += len; \
inlen -= len; \
if (inlen < 0) \
inlen = 0; \
} \
#define strprint(str, inlen, ...) \
do { \
if (str) \
len = snprintf(str, inlen, ##__VA_ARGS__); \
else \
len = snprintf((char *){""}, 0, ##__VA_ARGS__); \
if (len < 0) \
return log_error_errno(-EIO, EIO, "failed to create string"); \
fulllen += len; \
if (inlen > 0) { \
if (str) \
str += len; \
inlen -= len; \
if (inlen < 0) \
inlen = 0; \
} \
} while (0);
__hidden extern int parse_idmaps(const char *idmap, char *type, unsigned long *nsid,
......
src/lxc/criu.c
......@@ -79,36 +79,26 @@ struct criu_opts {
static int load_tty_major_minor(char *directory, char *output, int len)
{
FILE *f;
char path[PATH_MAX];
int ret;
ssize_t ret;
ret = snprintf(path, sizeof(path), "%s/tty.info", directory);
if (ret < 0 || ret >= sizeof(path)) {
ERROR("snprintf'd too many characters: %d", ret);
return -1;
}
if (ret < 0 || (size_t)ret >= sizeof(path))
return ret_errno(EIO);
f = fopen(path, "re");
if (!f) {
/* This means we're coming from a liblxc which didn't export
ret = lxc_read_from_file(path, output, len);
if (ret < 0) {
/*
* This means we're coming from a liblxc which didn't export
* the tty info. In this case they had to have lxc.console.path
* = * none, so there's no problem restoring.
*/
if (errno == ENOENT)
return 0;
SYSERROR("couldn't open %s", path);
return -1;
return log_error_errno(-errno, errno, "Failed to open \"%s\"", path);
}
if (!fgets(output, len, f)) {
fclose(f);
SYSERROR("couldn't read %s", path);
return -1;
}
fclose(f);
return 0;
}
......
src/lxc/lxc.h
......@@ -13,6 +13,7 @@ extern "C" {
#include <sys/types.h>
#include "compiler.h"
#include "memory_utils.h"
#include "state.h"
struct lxc_msg;
......@@ -94,6 +95,13 @@ extern int lxc_container_get(struct lxc_container *c);
* If it is the last reference, free the lxccontainer and return 1.
*/
extern int lxc_container_put(struct lxc_container *c);
static inline void put_lxc_container(struct lxc_container *c)
{
if (c)
lxc_container_put(c);
}
define_cleanup_function(struct lxc_container *, put_lxc_container);
#define __put_lxc_container call_cleaner(put_lxc_container)
/*
* Get a list of valid wait states.
......
src/lxc/lxclock.c
......@@ -17,6 +17,7 @@
#include "config.h"
#include "log.h"
#include "lxclock.h"
#include "memory_utils.h"
#include "utils.h"
#ifdef MUTEX_DEBUGGING
......@@ -35,7 +36,6 @@ static inline void dump_stacktrace(void)
void *array[MAX_STACKDEPTH];
size_t size;
char **strings;
size_t i;
size = backtrace(array, MAX_STACKDEPTH);
strings = backtrace_symbols(array, size);
......@@ -43,7 +43,7 @@ static inline void dump_stacktrace(void)
/* Using fprintf here as our logging module is not thread safe. */
fprintf(stderr, "\tObtained %zu stack frames\n", size);
for (i = 0; i < size; i++)
for (int i = 0; i < size; i++)
fprintf(stderr, "\t\t%s\n", strings[i]);
free(strings);
......@@ -80,9 +80,9 @@ static void unlock_mutex(pthread_mutex_t *l)
static char *lxclock_name(const char *p, const char *n)
{
__do_free char *dest = NULL, *rundir = NULL;
int ret;
size_t len;
char *dest, *rundir;
/* lockfile will be:
* "/run" + "/lxc/lock/$lxcpath/$lxcname + '\0' if root
......@@ -100,134 +100,96 @@ static char *lxclock_name(const char *p, const char *n)
len += strlen(rundir);
dest = malloc(len);
if (!dest) {
free(rundir);
if (!dest)
return NULL;
}
ret = snprintf(dest, len, "%s/lxc/lock/%s", rundir, p);
if (ret < 0 || (size_t)ret >= len) {
free(dest);
free(rundir);
return NULL;
}
if (ret < 0 || (size_t)ret >= len)
return ret_set_errno(NULL, EIO);
ret = mkdir_p(dest, 0755);
if (ret < 0) {
free(dest);
free(rundir);
if (ret < 0)
return NULL;
}
ret = snprintf(dest, len, "%s/lxc/lock/%s/.%s", rundir, p, n);
free(rundir);
if (ret < 0 || (size_t)ret >= len) {
free(dest);
return NULL;
}
if (ret < 0 || (size_t)ret >= len)
return ret_set_errno(NULL, EIO);
return dest;
return move_ptr(dest);
}
static sem_t *lxc_new_unnamed_sem(void)
{
__do_free sem_t *s = NULL;
int ret;
sem_t *s;
s = malloc(sizeof(*s));
if (!s)
return NULL;
return ret_set_errno(NULL, ENOMEM);
ret = sem_init(s, 0, 1);
if (ret < 0) {
free(s);
if (ret < 0)
return NULL;
}
return s;
return move_ptr(s);
}
struct lxc_lock *lxc_newlock(const char *lxcpath, const char *name)
{
struct lxc_lock *l;
__do_free struct lxc_lock *l = NULL;
l = malloc(sizeof(*l));
l = zalloc(sizeof(*l));
if (!l)
goto on_error;
if (!name) {
return ret_set_errno(NULL, ENOMEM);
if (name) {
l->type = LXC_LOCK_FLOCK;
l->u.f.fname = lxclock_name(lxcpath, name);
if (!l->u.f.fname)
return ret_set_errno(NULL, ENOMEM);
l->u.f.fd = -EBADF;
} else {
l->type = LXC_LOCK_ANON_SEM;
l->u.sem = lxc_new_unnamed_sem();
if (!l->u.sem) {
free(l);
l = NULL;
}
goto on_error;
if (!l->u.sem)
return ret_set_errno(NULL, ENOMEM);
}
l->type = LXC_LOCK_FLOCK;
l->u.f.fname = lxclock_name(lxcpath, name);
if (!l->u.f.fname) {
if (!name)
free(l->u.sem);
free(l);
l = NULL;
goto on_error;
}
l->u.f.fd = -1;
on_error:
return l;
return move_ptr(l);
}
int lxclock(struct lxc_lock *l, int timeout)
{
int ret = -1;
struct flock lk;
int ret = -1, saved_errno = errno;
switch(l->type) {
switch (l->type) {
case LXC_LOCK_ANON_SEM:
if (!timeout) {
ret = sem_wait(l->u.sem);
if (ret < 0)
saved_errno = errno;
} else {
struct timespec ts;
ret = clock_gettime(CLOCK_REALTIME, &ts);
if (ret < 0) {
ret = -2;
goto on_error;
}
if (ret < 0)
return -2;
ts.tv_sec += timeout;
ret = sem_timedwait(l->u.sem, &ts);
if (ret < 0)
saved_errno = errno;
}
break;
case LXC_LOCK_FLOCK:
ret = -2;
if (timeout) {
ERROR("Timeouts are not supported with file locks");
goto on_error;
}
if (timeout)
return log_error(-2, "Timeouts are not supported with file locks");
if (!l->u.f.fname) {
ERROR("No filename set for file lock");
goto on_error;
}
if (!l->u.f.fname)
return log_error(-2, "No filename set for file lock");
if (l->u.f.fd == -1) {
if (l->u.f.fd < 0) {
l->u.f.fd = open(l->u.f.fname, O_CREAT | O_RDWR | O_NOFOLLOW | O_CLOEXEC | O_NOCTTY, S_IWUSR | S_IRUSR);
if (l->u.f.fd == -1) {
SYSERROR("Failed to open \"%s\"", l->u.f.fname);
saved_errno = errno;
goto on_error;
}
if (l->u.f.fd < 0)
return log_error_errno(-2, errno, "Failed to open \"%s\"", l->u.f.fname);
}
memset(&lk, 0, sizeof(struct flock));
......@@ -236,59 +198,47 @@ int lxclock(struct lxc_lock *l, int timeout)
lk.l_whence = SEEK_SET;
ret = fcntl(l->u.f.fd, F_OFD_SETLKW, &lk);
if (ret < 0) {
if (errno == EINVAL)
ret = flock(l->u.f.fd, LOCK_EX);
saved_errno = errno;
}
if (ret < 0 && errno == EINVAL)
ret = flock(l->u.f.fd, LOCK_EX);
break;
default:
return ret_set_errno(-1, EINVAL);
}
on_error:
errno = saved_errno;
return ret;
}
int lxcunlock(struct lxc_lock *l)
{
struct flock lk;
int ret = 0, saved_errno = errno;
int ret = 0;
switch (l->type) {
case LXC_LOCK_ANON_SEM:
if (!l->u.sem) {
ret = -2;
} else {
ret = sem_post(l->u.sem);
saved_errno = errno;
}
if (!l->u.sem)
return -2;
ret = sem_post(l->u.sem);
break;
case LXC_LOCK_FLOCK:
if (l->u.f.fd != -1) {
memset(&lk, 0, sizeof(struct flock));
if (l->u.f.fd < 0)
return -2;
lk.l_type = F_UNLCK;
lk.l_whence = SEEK_SET;
memset(&lk, 0, sizeof(struct flock));
ret = fcntl(l->u.f.fd, F_OFD_SETLK, &lk);
if (ret < 0) {
if (errno == EINVAL)
ret = flock(l->u.f.fd, LOCK_EX | LOCK_NB);
saved_errno = errno;
}
lk.l_type = F_UNLCK;
lk.l_whence = SEEK_SET;
close(l->u.f.fd);
l->u.f.fd = -1;
} else {
ret = -2;
}
ret = fcntl(l->u.f.fd, F_OFD_SETLK, &lk);
if (ret < 0 && errno == EINVAL)
ret = flock(l->u.f.fd, LOCK_EX | LOCK_NB);
close_prot_errno_disarm(l->u.f.fd);
break;
default:
return ret_set_errno(-1, EINVAL);
}
errno = saved_errno;
return ret;
}
......@@ -304,24 +254,16 @@ void lxc_putlock(struct lxc_lock *l)
if (!l)
return;
switch(l->type) {
switch (l->type) {
case LXC_LOCK_ANON_SEM:
if (l->u.sem) {
sem_destroy(l->u.sem);
free(l->u.sem);
l->u.sem = NULL;
free_disarm(l->u.sem);
}
break;
case LXC_LOCK_FLOCK:
if (l->u.f.fd != -1) {
close(l->u.f.fd);
l->u.f.fd = -1;
}
free(l->u.f.fname);
l->u.f.fname = NULL;
close_prot_errno_disarm(l->u.f.fd);
free_disarm(l->u.f.fname);
break;
}
......
src/lxc/network.c
......@@ -3012,7 +3012,7 @@ static int lxc_delete_network_unpriv_exec(const char *lxcpath, const char *lxcna
int bytes, ret;
pid_t child;
int pipefd[2];
char buffer[PATH_MAX] = {0};
char buffer[PATH_MAX] = {};
if (netdev->type != LXC_NET_VETH)
return log_error_errno(-1, EINVAL, "Network type %d not support for unprivileged use", netdev->type);
......
src/lxc/storage/btrfs.c
......@@ -824,6 +824,7 @@ static int btrfs_lxc_rm_rf(const char *path)
ERROR("Out of memory");
free_btrfs_tree(tree);
close(fd);
return -ENOMEM;
}
memcpy(name, tmp, name_len);
......
src/lxc/storage/lvm.c
......@@ -97,41 +97,32 @@ static int lvm_snapshot_exec_wrapper(void *data)
*/
static int do_lvm_create(const char *path, uint64_t size, const char *thinpool)
{
__do_free char *pathdup = NULL;
int len, ret;
char *pathdup, *vg, *lv;
char *vg, *lv;
char cmd_output[PATH_MAX];
char sz[24];
__do_free char *tp = NULL;
struct lvcreate_args cmd_args = {0};
ret = snprintf(sz, 24, "%" PRIu64 "b", size);
if (ret < 0 || ret >= 24) {
ERROR("Failed to create string: %d", ret);
return -1;
}
if (ret < 0 || ret >= 24)
return log_error(-EIO, "Failed to create string: %d", ret);
pathdup = strdup(path);
if (!pathdup) {
ERROR("Failed to duplicate string \"%s\"", path);
return -1;
}
if (!pathdup)
return log_error(-ENOMEM, "Failed to duplicate string \"%s\"", path);
lv = strrchr(pathdup, '/');
if (!lv) {
ERROR("Failed to detect \"/\" in string \"%s\"", pathdup);
free(pathdup);
return -1;
}
if (!lv)
return log_error(-EINVAL, "Failed to detect \"/\" in string \"%s\"", pathdup);
*lv = '\0';
lv++;
TRACE("Parsed logical volume \"%s\"", lv);
vg = strrchr(pathdup, '/');
if (!vg) {
ERROR("Failed to detect \"/\" in string \"%s\"", pathdup);
free(pathdup);
return -1;
}
if (!vg)
return log_error(-EINVAL, "Failed to detect \"/\" in string \"%s\"", pathdup);
vg++;
TRACE("Parsed volume group \"%s\"", vg);
......@@ -140,18 +131,13 @@ static int do_lvm_create(const char *path, uint64_t size, const char *thinpool)
tp = must_realloc(NULL, len);
ret = snprintf(tp, len, "%s/%s", pathdup, thinpool);
if (ret < 0 || ret >= len) {
ERROR("Failed to create string: %d", ret);
free(pathdup);
return -1;
}
if (ret < 0 || ret >= len)
return log_error(-EIO, "Failed to create string: %d", ret);
ret = lvm_is_thin_pool(tp);
TRACE("got %d for thin pool at path: %s", ret, tp);
if (ret < 0) {
ERROR("Failed to detect whether \"%s\" is a thinpool", tp);
free(pathdup);
return -1;
return log_error(-EINVAL, "Failed to detect whether \"%s\" is a thinpool", tp);
} else if (!ret) {
TRACE("Detected that \"%s\" is not a thinpool", tp);
tp = NULL;
......@@ -165,30 +151,23 @@ static int do_lvm_create(const char *path, uint64_t size, const char *thinpool)
cmd_args.lv = lv;
cmd_args.size = sz;
cmd_args.sigwipe = true;
TRACE("Creating new lvm storage volume \"%s\" on volume group \"%s\" "
"of size \"%s\"", lv, vg, sz);
ret = run_command_status(cmd_output, sizeof(cmd_output),
lvm_create_exec_wrapper, (void *)&cmd_args);
TRACE("Creating new lvm storage volume \"%s\" on volume group \"%s\" of size \"%s\"", lv, vg, sz);
ret = run_command_status(cmd_output, sizeof(cmd_output), lvm_create_exec_wrapper,
(void *)&cmd_args);
/* If lvcreate is old and doesn't support signature wiping, try again without it.
* Test for exit code EINVALID_CMD_LINE(3) of lvcreate command.
*/
if (WIFEXITED(ret) && WEXITSTATUS(ret) == 3) {
cmd_args.sigwipe = false;
ret = run_command(cmd_output, sizeof(cmd_output),
lvm_create_exec_wrapper, (void *)&cmd_args);
ret = run_command(cmd_output, sizeof(cmd_output), lvm_create_exec_wrapper,
(void *)&cmd_args);
}
if (ret != 0) {
ERROR("Failed to create logical volume \"%s\": %s", lv,
cmd_output);
free(pathdup);
return -1;
}
TRACE("Created new lvm storage volume \"%s\" on volume group \"%s\" "
"of size \"%s\"", lv, vg, sz);
if (ret != 0)
return log_error(-1, "Failed to create logical volume \"%s\": %s", lv, cmd_output);
TRACE("Created new lvm storage volume \"%s\" on volume group \"%s\" of size \"%s\"", lv, vg, sz);
free(pathdup);
return ret;
}
......
src/lxc/string_utils.c
......@@ -907,21 +907,21 @@ int parse_byte_size_string(const char *s, int64_t *converted)
char suffix[3] = {0};
if (!s || !strcmp(s, ""))
return -EINVAL;
return ret_errno(EINVAL);
end = stpncpy(dup, s, sizeof(dup) - 1);
if (*end != '\0')
return -EINVAL;
return ret_errno(EINVAL);
if (isdigit(*(end - 1)))
suffix_len = 0;
else if (isalpha(*(end - 1)))
suffix_len = 1;
else
return -EINVAL;
return ret_errno(EINVAL);
if (suffix_len > 0 && (end - 2) == dup && !isdigit(*(end - 2)))
return -EINVAL;
return ret_errno(EINVAL);
if (suffix_len > 0 && isalpha(*(end - 2)))
suffix_len++;
......@@ -934,8 +934,8 @@ int parse_byte_size_string(const char *s, int64_t *converted)
dup[lxc_char_right_gc(dup, strlen(dup))] = '\0';
ret = lxc_safe_long_long(dup, &conv);
if (ret < 0)
return -ret;
if (ret)
return ret;
if (suffix_len != 2) {
*converted = conv;
......@@ -949,11 +949,11 @@ int parse_byte_size_string(const char *s, int64_t *converted)
else if (strcasecmp(suffix, "GB") == 0)
mltpl = 1024 * 1024 * 1024;
else
return -EINVAL;
return ret_errno(EINVAL);
overflow = conv * mltpl;
if (conv != 0 && (overflow / conv) != mltpl)
return -ERANGE;
return ret_errno(ERANGE);
*converted = overflow;
return 0;
......
src/lxc/utils.c
......@@ -240,7 +240,9 @@ int mkdir_p(const char *dir, mode_t mode)
char *get_rundir()
{
char *rundir;
__do_free char *rundir = NULL;
char *static_rundir;
int ret;
size_t len;
const char *homedir;
struct stat sb;
......@@ -251,9 +253,9 @@ char *get_rundir()
if (geteuid() == sb.st_uid || getegid() == sb.st_gid)
return strdup(RUNTIME_PATH);
rundir = getenv("XDG_RUNTIME_DIR");
if (rundir)
return strdup(rundir);
static_rundir = getenv("XDG_RUNTIME_DIR");
if (static_rundir)
return strdup(static_rundir);
INFO("XDG_RUNTIME_DIR isn't set in the environment");
homedir = getenv("HOME");
......@@ -265,8 +267,11 @@ char *get_rundir()
if (!rundir)
return NULL;
snprintf(rundir, len, "%s/.cache/lxc/run/", homedir);
return rundir;
ret = snprintf(rundir, len, "%s/.cache/lxc/run/", homedir);
if (ret < 0 || (size_t)ret >= len)
return ret_set_errno(NULL, EIO);
return move_ptr(rundir);
}
int wait_for_pid(pid_t pid)
......@@ -1089,7 +1094,9 @@ int __safe_mount_beneath_at(int beneath_fd, const char *src, const char *dst, co
source_fd = openat2(beneath_fd, src, &how, sizeof(how));
if (source_fd < 0)
return -errno;
snprintf(src_buf, sizeof(src_buf), "/proc/self/fd/%d", source_fd);
ret = snprintf(src_buf, sizeof(src_buf), "/proc/self/fd/%d", source_fd);
if (ret < 0 || ret >= sizeof(src_buf))
return -EIO;
} else {
src_buf[0] = '\0';
}
......@@ -1372,10 +1379,8 @@ int lxc_preserve_ns(const int pid, const char *ns)
ret = snprintf(path, __NS_PATH_LEN, "/proc/%d/ns%s%s", pid,
!ns || strcmp(ns, "") == 0 ? "" : "/",
!ns || strcmp(ns, "") == 0 ? "" : ns);
if (ret < 0 || (size_t)ret >= __NS_PATH_LEN) {
errno = EFBIG;
return -1;
}
if (ret < 0 || (size_t)ret >= __NS_PATH_LEN)
return ret_errno(EIO);
return open(path, O_RDONLY | O_CLOEXEC);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment