Skip to content

store: correctly remove incomplete layers on load.#2185

Merged
openshift-merge-bot[bot] merged 1 commit intocontainers:mainfrom
Luap99:layer-delete
Dec 3, 2024
Merged

store: correctly remove incomplete layers on load.#2185
openshift-merge-bot[bot] merged 1 commit intocontainers:mainfrom
Luap99:layer-delete

Conversation

@Luap99
Copy link
Member

@Luap99 Luap99 commented Dec 3, 2024

In go one should never modify a slice while also iterating over it at the same time. This causes weird side effects as the underlying array elements are shifted around without the range loop index knowing. So if you delete a element the loop will then actually skip the next one and theoretically access out of bounds on the last element which does not panic but rather return the default zero type, nil here which then causes the panic on layer.Flags == nil.

Here is a simple example to show the behavior:

func main() {
	slice := []int{1, 2, 3, 4, 5, 6, 7, 8, 9}
	for _, num := range slice {
		if num == 5 {
			slice = slices.DeleteFunc(slice, func(n int) bool {
				return n == 5
			})
		}
		fmt.Println(num)
	}
}

The loop will not print 6, but then as last number it prints 0 (the default zero type for an int).

Fixes #2184

@Luap99
Copy link
Member Author

Luap99 commented Dec 3, 2024

@giuseppe @mtrmac PTAL

Untested at this point as I am not familiar with the storage layout so I am not sure how I can corrupt my storage in such case to trigger this code path.

I have also not yet audited other code paths for a similar issues. I wonder if there is a linter for this thing.

cgwalters
cgwalters approved these changes Dec 3, 2024
View reviewed changes
Copy link
Contributor

@cgwalters cgwalters left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't resist noting this type of bug can't happen in Rust.

mtrmac
mtrmac reviewed Dec 3, 2024
View reviewed changes
Copy link
Collaborator

@mtrmac mtrmac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, great find!

@mtrmac
Copy link
Collaborator

mtrmac commented Dec 3, 2024

Untested at this point as I am not familiar with the storage layout so I am not sure how I can corrupt my storage in such case to trigger this code path.

In this case, probably by deleting an image (or a single layer): that marks layers as incomplete and proceeds to delete the layer files. If the deletion is aborted (by panic / reboot / SIGKILL) at that time, the layer remains as incomplete and triggers this late deletion. (It would also be necessary to arrange that the layer being deleted is not the last one in r.layers, or the loop would terminate.)

I don’t think there is a way to write a reliable test for this (using the stable API); the caller would have to trigger deletion of a layer in one thread, and abort the process in another, hoping that it aborts it during the filesystem deletion. (Alternatively, a hack would be to call SetFlag with the incomplete flag explicitly; that should not be too hard to trigger, but it’s not a public API, and it seems to me like a rather specific scenario to write a test for.)

@mtrmac
Copy link
Collaborator

mtrmac commented Dec 3, 2024

/approve

@openshift-ci openshift-ci bot added the approved label Dec 3, 2024
mtrmac
mtrmac reviewed Dec 3, 2024
View reviewed changes
@Luap99
store: correctly remove incomplete layers on load.
99b0d2d 
In go one should never modify a slice while also iterating over it at
the same time. This causes weird side effects as the underlying array
elements are shifted around without the range loop index knowing.
So if you delete a element the loop will then actually skip the next one
and theoretically access out of bounds on the last element which does
not panic but rather return the default zero type, nil here which then
causes the panic on layer.Flags == nil.

Here is a simple example to show the behavior:
func main() {
	slice := []int{1, 2, 3, 4, 5, 6, 7, 8, 9}
	for _, num := range slice {
		if num == 5 {
			slice = slices.DeleteFunc(slice, func(n int) bool {
				return n == 5
			})
		}
		fmt.Println(num)
	}
}

The loop will not print 6, but then as last number it prints 0 (the
default zero type for an int).

Fixes containers#2184

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
mtrmac
mtrmac reviewed Dec 3, 2024
View reviewed changes
Copy link
Collaborator

@mtrmac mtrmac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Dec 3, 2024
giuseppe
giuseppe approved these changes Dec 3, 2024
View reviewed changes
Copy link
Member

@giuseppe giuseppe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 3, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cgwalters, giuseppe, Luap99, mtrmac

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit dad7f91 into containers:main Dec 3, 2024
@Luap99 Luap99 deleted the layer-delete branch December 3, 2024 14:45
This was referenced Dec 12, 2024
Merged
Merged
Closed
Closed
Closed
Closed
Closed
@giuseppe giuseppe mentioned this pull request Dec 14, 2024
Closed
@EvVlF
Copy link

EvVlF commented Dec 22, 2024

link back on #24843
I delete all from $HOME/.local/share/containers/storage/ and $HOME/.local/share/containers/cache/ (sobbing with pain in one spot) - aaaand.. it didn't work(
Then, I built the program from the source code. Now, i have a version 5.4.0-dev.
Buuuuut,


podman.service: Failed with result 'exit-code'.
systemd

podman.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
systemd

/home/koshon/builds/podman/podman/cmd/podman/main.go:61 +0x4b2
podman

main.main()
podman

/home/koshon/builds/podman/podman/cmd/podman/root.go:116 +0xb4
podman

main.Execute()
podman

/home/koshon/builds/podman/podman/vendor/[github.com/spf13/cobra/command.go:1034](http://github.com/spf13/cobra/command.go:1034)
podman

[github.com/spf13/cobra.(*Command).ExecuteContext(...)](http://github.com/spf13/cobra.(*Command).ExecuteContext(...))
podman

/home/koshon/builds/podman/podman/vendor/[github.com/spf13/cobra/command.go:1041](http://github.com/spf13/cobra/command.go:1041)
podman

[github.com/spf13/cobra.(*Command).Execute(...](http://github.com/spf13/cobra.(*Command).Execute(...))
podman

(sorry, this log from cockpit web console)
but if you need some other logs - tell me which ones you want to output, by what command.

go version go1.23.4 linux/amd64

When I built from source, there were no errors (I mean with 'make')
Performed according to this manual
what are my next steps - I can't wait until February((

@kwilczynski kwilczynski mentioned this pull request Jan 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtrmac mtrmac mtrmac left review comments

@giuseppe giuseppe giuseppe approved these changes

+1 more reviewer

@cgwalters cgwalters cgwalters approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mtrmac mtrmac

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Can't run any podman command anymore - panic: runtime error: invalid memory address or nil pointer dereference

5 participants

@Luap99 @mtrmac @EvVlF @giuseppe @cgwalters