Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
slice bounds and nil VM access fix
Browse files Browse the repository at this point in the history
Signed-off-by: Hamza El-Saawy <hamzaelsaawy@microsoft.com>
helsaawy committed May 4, 2023

Verified

This commit was signed with the committer’s verified signature.
xoxys Robert Kaussow
1 parent a8ec8c8 commit bcada4a
Showing 2 changed files with 12 additions and 5 deletions.
13 changes: 8 additions & 5 deletions cmd/containerd-shim-runhcs-v1/delete.go
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
package main

import (
gcontext "context"
"context"
"fmt"
"os"
"path/filepath"
@@ -50,16 +50,16 @@ This command allows containerd to delete any container resources created, mounte
The delete command will be executed in the container's bundle as its cwd.
`,
SkipArgReorder: true,
Action: func(context *cli.Context) (err error) {
Action: func(cCtx *cli.Context) (err error) {
// We cant write anything to stdout for this cmd other than the
// task.DeleteResponse by protocol. We can write to stderr which will be
// logged as a warning in containerd.

ctx, span := oc.StartSpan(gcontext.Background(), "delete")
ctx, span := oc.StartSpan(context.Background(), "delete")
defer span.End()
defer func() { oc.SetSpanStatus(span, err) }()

bundleFlag := context.GlobalString("bundle")
bundleFlag := cCtx.GlobalString("bundle")
if bundleFlag == "" {
return errors.New("bundle is required")
}
@@ -107,7 +107,10 @@ The delete command will be executed in the container's bundle as its cwd.
// be deleted, but if the shim crashed unexpectedly (panic, terminated etc.) then the account may still be around.
// The username will be the container ID so try and delete it here. The username character limit is 20, so we need to
// slice down the container ID a bit.
username := idFlag[:winapi.UserNameCharLimit]
username := idFlag
if len(username) > winapi.UserNameCharLimit {
username = username[:winapi.UserNameCharLimit]
}

// Always try and delete the user, if it doesn't exist we'll get a specific error code that we can use to
// not log any warnings.
4 changes: 4 additions & 0 deletions internal/layers/layers.go
Original file line number Diff line number Diff line change
@@ -65,6 +65,10 @@ func (lc *lcowLayersCloser) Release(ctx context.Context) (retErr error) {
// UVM at which container scratch directory is located. Usually, this path is the path at which the container
// scratch VHD is mounted. However, in case of scratch sharing this is a directory under the UVM scratch.
func MountLCOWLayers(ctx context.Context, containerID string, layerFolders []string, guestRoot string, vm *uvm.UtilityVM) (_, _ string, _ resources.ResourceCloser, err error) {
if vm == nil {
return "", "", nil, errors.New("MountLCOWLayers cannot be called for process-isolated containers")
}

if vm.OS() != "linux" {
return "", "", nil, errors.New("MountLCOWLayers should only be called for LCOW")
}

0 comments on commit bcada4a

Please sign in to comment.