2015-05-14 18:08:00 -04:00
|
|
|
// +build !windows
|
|
|
|
|
|
|
|
package chrootarchive
|
|
|
|
|
|
|
|
import (
|
2015-06-01 19:42:27 -04:00
|
|
|
"bytes"
|
|
|
|
"encoding/json"
|
|
|
|
"flag"
|
|
|
|
"fmt"
|
|
|
|
"io"
|
fix a race crash when building with "ADD some-broken.tar.xz ..."
The race is between pools.Put which calls buf.Reset and exec.Cmd
doing io.Copy from the buffer; it caused a runtime crash, as
described in #16924:
``` docker-daemon cat the-tarball.xz | xz -d -c -q | docker-untar /path/to/... (aufs ) ```
When docker-untar side fails (like try to set xattr on aufs, or a broken
tar), invokeUnpack will be responsible to exhaust all input, otherwise
`xz` will be write pending for ever.
this change add a receive only channel to cmdStream, and will close it
to notify it's now safe to close the input stream;
in CmdStream the change to use Stdin / Stdout / Stderr keeps the
code simple, os/exec.Cmd will spawn goroutines and call io.Copy automatically.
the CmdStream is actually called in the same file only, change it
lowercase to mark as private.
[...]
INFO[0000] Docker daemon commit=0a8c2e3 execdriver=native-0.2 graphdriver=aufs version=1.8.2
DEBU[0006] Calling POST /build
INFO[0006] POST /v1.20/build?cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&memory=0&memswap=0&rm=1&t=gentoo-x32&ulimits=null
DEBU[0008] [BUILDER] Cache miss
DEBU[0009] Couldn't untar /home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz to /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537: Untar re-exec error: exit status 1: output: operation not supported
DEBU[0009] CopyFileWithTar(/home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz, /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537/)
panic: runtime error: slice bounds out of range
goroutine 42 [running]:
bufio.(*Reader).fill(0xc208187800)
/usr/local/go/src/bufio/bufio.go:86 +0x2db
bufio.(*Reader).WriteTo(0xc208187800, 0x7ff39602d150, 0xc2083f11a0, 0x508000, 0x0, 0x0)
/usr/local/go/src/bufio/bufio.go:449 +0x27e
io.Copy(0x7ff39602d150, 0xc2083f11a0, 0x7ff3960261f8, 0xc208187800, 0x0, 0x0, 0x0)
/usr/local/go/src/io/io.go:354 +0xb2
github.com/docker/docker/pkg/archive.func·006()
/go/src/github.com/docker/docker/pkg/archive/archive.go:817 +0x71
created by github.com/docker/docker/pkg/archive.CmdStream
/go/src/github.com/docker/docker/pkg/archive/archive.go:819 +0x1ec
goroutine 1 [chan receive]:
main.(*DaemonCli).CmdDaemon(0xc20809da30, 0xc20800a020, 0xd, 0xd, 0x0, 0x0)
/go/src/github.com/docker/docker/docker/daemon.go:289 +0x1781
reflect.callMethod(0xc208140090, 0xc20828fce0)
/usr/local/go/src/reflect/value.go:605 +0x179
reflect.methodValueCall(0xc20800a020, 0xd, 0xd, 0x1, 0xc208140090, 0x0, 0x0, 0xc208140090, 0x0, 0x45343f, ...)
/usr/local/go/src/reflect/asm_amd64.s:29 +0x36
github.com/docker/docker/cli.(*Cli).Run(0xc208129fb0, 0xc20800a010, 0xe, 0xe, 0x0, 0x0)
/go/src/github.com/docker/docker/cli/cli.go:89 +0x38e
main.main()
/go/src/github.com/docker/docker/docker/docker.go:69 +0x428
goroutine 5 [syscall]:
os/signal.loop()
/usr/local/go/src/os/signal/signal_unix.go:21 +0x1f
created by os/signal.init·1
/usr/local/go/src/os/signal/signal_unix.go:27 +0x35
Signed-off-by: Derek Ch <denc716@gmail.com>
2015-10-09 15:54:21 -04:00
|
|
|
"io/ioutil"
|
2015-06-01 19:42:27 -04:00
|
|
|
"os"
|
|
|
|
"runtime"
|
2015-05-14 18:08:00 -04:00
|
|
|
"syscall"
|
2015-06-01 19:42:27 -04:00
|
|
|
|
|
|
|
"github.com/docker/docker/pkg/archive"
|
|
|
|
"github.com/docker/docker/pkg/reexec"
|
2015-05-14 18:08:00 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
func chroot(path string) error {
|
|
|
|
if err := syscall.Chroot(path); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return syscall.Chdir("/")
|
|
|
|
}
|
2015-06-01 19:42:27 -04:00
|
|
|
|
|
|
|
// untar is the entry-point for docker-untar on re-exec. This is not used on
|
|
|
|
// Windows as it does not support chroot, hence no point sandboxing through
|
|
|
|
// chroot and rexec.
|
|
|
|
func untar() {
|
|
|
|
runtime.LockOSThread()
|
|
|
|
flag.Parse()
|
|
|
|
|
|
|
|
var options *archive.TarOptions
|
|
|
|
|
|
|
|
//read the options from the pipe "ExtraFiles"
|
|
|
|
if err := json.NewDecoder(os.NewFile(3, "options")).Decode(&options); err != nil {
|
|
|
|
fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := chroot(flag.Arg(0)); err != nil {
|
|
|
|
fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := archive.Unpack(os.Stdin, "/", options); err != nil {
|
|
|
|
fatal(err)
|
|
|
|
}
|
|
|
|
// fully consume stdin in case it is zero padded
|
2016-03-14 16:22:05 -04:00
|
|
|
if _, err := flush(os.Stdin); err != nil {
|
|
|
|
fatal(err)
|
|
|
|
}
|
|
|
|
|
2015-06-01 19:42:27 -04:00
|
|
|
os.Exit(0)
|
|
|
|
}
|
|
|
|
|
2015-07-27 09:46:20 -04:00
|
|
|
func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.TarOptions) error {
|
2015-06-01 19:42:27 -04:00
|
|
|
|
|
|
|
// We can't pass a potentially large exclude list directly via cmd line
|
|
|
|
// because we easily overrun the kernel's max argument/environment size
|
|
|
|
// when the full image list is passed (e.g. when this is used by
|
|
|
|
// `docker load`). We will marshall the options via a pipe to the
|
|
|
|
// child
|
|
|
|
r, w, err := os.Pipe()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Untar pipe failure: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
cmd := reexec.Command("docker-untar", dest)
|
|
|
|
cmd.Stdin = decompressedArchive
|
|
|
|
|
|
|
|
cmd.ExtraFiles = append(cmd.ExtraFiles, r)
|
|
|
|
output := bytes.NewBuffer(nil)
|
|
|
|
cmd.Stdout = output
|
|
|
|
cmd.Stderr = output
|
|
|
|
|
|
|
|
if err := cmd.Start(); err != nil {
|
|
|
|
return fmt.Errorf("Untar error on re-exec cmd: %v", err)
|
|
|
|
}
|
|
|
|
//write the options to the pipe for the untar exec to read
|
|
|
|
if err := json.NewEncoder(w).Encode(options); err != nil {
|
|
|
|
return fmt.Errorf("Untar json encode to pipe failed: %v", err)
|
|
|
|
}
|
|
|
|
w.Close()
|
|
|
|
|
|
|
|
if err := cmd.Wait(); err != nil {
|
fix a race crash when building with "ADD some-broken.tar.xz ..."
The race is between pools.Put which calls buf.Reset and exec.Cmd
doing io.Copy from the buffer; it caused a runtime crash, as
described in #16924:
``` docker-daemon cat the-tarball.xz | xz -d -c -q | docker-untar /path/to/... (aufs ) ```
When docker-untar side fails (like try to set xattr on aufs, or a broken
tar), invokeUnpack will be responsible to exhaust all input, otherwise
`xz` will be write pending for ever.
this change add a receive only channel to cmdStream, and will close it
to notify it's now safe to close the input stream;
in CmdStream the change to use Stdin / Stdout / Stderr keeps the
code simple, os/exec.Cmd will spawn goroutines and call io.Copy automatically.
the CmdStream is actually called in the same file only, change it
lowercase to mark as private.
[...]
INFO[0000] Docker daemon commit=0a8c2e3 execdriver=native-0.2 graphdriver=aufs version=1.8.2
DEBU[0006] Calling POST /build
INFO[0006] POST /v1.20/build?cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&memory=0&memswap=0&rm=1&t=gentoo-x32&ulimits=null
DEBU[0008] [BUILDER] Cache miss
DEBU[0009] Couldn't untar /home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz to /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537: Untar re-exec error: exit status 1: output: operation not supported
DEBU[0009] CopyFileWithTar(/home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz, /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537/)
panic: runtime error: slice bounds out of range
goroutine 42 [running]:
bufio.(*Reader).fill(0xc208187800)
/usr/local/go/src/bufio/bufio.go:86 +0x2db
bufio.(*Reader).WriteTo(0xc208187800, 0x7ff39602d150, 0xc2083f11a0, 0x508000, 0x0, 0x0)
/usr/local/go/src/bufio/bufio.go:449 +0x27e
io.Copy(0x7ff39602d150, 0xc2083f11a0, 0x7ff3960261f8, 0xc208187800, 0x0, 0x0, 0x0)
/usr/local/go/src/io/io.go:354 +0xb2
github.com/docker/docker/pkg/archive.func·006()
/go/src/github.com/docker/docker/pkg/archive/archive.go:817 +0x71
created by github.com/docker/docker/pkg/archive.CmdStream
/go/src/github.com/docker/docker/pkg/archive/archive.go:819 +0x1ec
goroutine 1 [chan receive]:
main.(*DaemonCli).CmdDaemon(0xc20809da30, 0xc20800a020, 0xd, 0xd, 0x0, 0x0)
/go/src/github.com/docker/docker/docker/daemon.go:289 +0x1781
reflect.callMethod(0xc208140090, 0xc20828fce0)
/usr/local/go/src/reflect/value.go:605 +0x179
reflect.methodValueCall(0xc20800a020, 0xd, 0xd, 0x1, 0xc208140090, 0x0, 0x0, 0xc208140090, 0x0, 0x45343f, ...)
/usr/local/go/src/reflect/asm_amd64.s:29 +0x36
github.com/docker/docker/cli.(*Cli).Run(0xc208129fb0, 0xc20800a010, 0xe, 0xe, 0x0, 0x0)
/go/src/github.com/docker/docker/cli/cli.go:89 +0x38e
main.main()
/go/src/github.com/docker/docker/docker/docker.go:69 +0x428
goroutine 5 [syscall]:
os/signal.loop()
/usr/local/go/src/os/signal/signal_unix.go:21 +0x1f
created by os/signal.init·1
/usr/local/go/src/os/signal/signal_unix.go:27 +0x35
Signed-off-by: Derek Ch <denc716@gmail.com>
2015-10-09 15:54:21 -04:00
|
|
|
// when `xz -d -c -q | docker-untar ...` failed on docker-untar side,
|
|
|
|
// we need to exhaust `xz`'s output, otherwise the `xz` side will be
|
|
|
|
// pending on write pipe forever
|
|
|
|
io.Copy(ioutil.Discard, decompressedArchive)
|
|
|
|
|
2015-06-01 19:42:27 -04:00
|
|
|
return fmt.Errorf("Untar re-exec error: %v: output: %s", err, output)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|