[lxc-devel] [lxd/master] lxd/instance/exec: Adds protection against clients reconnecting after exec has started

[tomponline on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/7089

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Should address https://discuss.linuxcontainers.org/t/lxd-crashed-via-panic/7198

Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>

From 186fc13bdd5d2ac16564c64eda53e374304f4154 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Thu, 26 Mar 2020 21:18:46 +0000
Subject: [PATCH] lxd/instance/exec: Adds protection against clients
 reconnecting after exec has started

Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
 lxd/instance_exec.go | 39 +++++++++++++++++++++++++++------------
 1 file changed, 27 insertions(+), 12 deletions(-)

diff --git a/lxd/instance_exec.go b/lxd/instance_exec.go
index 7107467ab3..72bde90ea8 100644
--- a/lxd/instance_exec.go
+++ b/lxd/instance_exec.go
@@ -33,14 +33,16 @@ import (
 type execWs struct {
        req api.InstanceExecPost
 
-       instance         instance.Instance
-       rootUid          int64
-       rootGid          int64
-       conns            map[int]*websocket.Conn
-       connsLock        sync.Mutex
-       allConnected     chan struct{}
-       controlConnected chan struct{}
-       fds              map[int]string
+       instance             instance.Instance
+       rootUid              int64
+       rootGid              int64
+       conns                map[int]*websocket.Conn
+       connsLock            sync.Mutex
+       allConnected         chan struct{}
+       allConnectedDone     bool
+       controlConnected     chan struct{}
+       controlConnectedDone bool
+       fds                  map[int]string
 }
 
 func (s *execWs) Metadata() interface{} {
@@ -76,23 +78,36 @@ func (s *execWs) Connect(op *operations.Operation, r 
*http.Request, w http.Respo
 
                        s.connsLock.Lock()
                        s.conns[fd] = conn
-                       s.connsLock.Unlock()
 
                        if fd == -1 {
-                               close(s.controlConnected) // Control WS is now 
connected.
+                               if s.controlConnectedDone {
+                                       return fmt.Errorf("Control websocket 
already connected")
+                               }
+
+                               // Control WS is now connected.
+                               s.controlConnectedDone = true
+                               close(s.controlConnected)
+                               s.connsLock.Unlock()
                                return nil
                        }
 
-                       s.connsLock.Lock()
+                       if s.allConnectedDone {
+                               return fmt.Errorf("All websockets already 
connected")
+                       }
+
                        for i, c := range s.conns {
                                if i != -1 && c == nil {
                                        s.connsLock.Unlock()
                                        return nil
                                }
                        }
+
+                       // All WS now connected.
+                       s.allConnectedDone = true
+                       close(s.allConnected)
+
                        s.connsLock.Unlock()
 
-                       close(s.allConnected) // All WS not connected.
                        return nil
                }
        }

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel