Commit graph

44894 commits

Author SHA1 Message Date
Cory Snider
6ac39568ee
libnet/ipam: fix racy, flaky unit test
TestRequestReleaseAddressDuplicate gets flagged by go test -race because
the same err variable inside the test is assigned to from multiple
goroutines without synchronization, which obscures whether or not there
are any data races in the code under test.

Trouble is, the test _depends on_ the data race to exit the loop if an
error occurs inside a spawned goroutine. And the test contains a logical
concurrency bug (not flagged by the Go race detector) which can result
in false-positive test failures. Because a release operation is logged
after the IP is released, the other goroutine could reacquire the
address and log that it was reacquired before the release is logged.

Fix up the test so it is no longer subject to data races or
false-positive test failures, i.e. flakes.

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit b62445871e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-03 14:55:30 +01:00
Sebastiaan van Stijn
9401313448
Merge pull request #45084 from thaJeztah/23.0_update_containerd_vendor_1.6.19
[23.0] update containerd binary to v1.6.19
2023-03-01 12:25:12 +01:00
Sebastiaan van Stijn
3125aa0aef
[23.0] update containerd binary to v1.6.19
Update hcsshim to v0.9.7 to include fix for graceful termination and pause containers

- release notes: https://github.com/containerd/containerd/releases/tag/v1.6.19
- full diff: https://github.com/containerd/containerd/compare/v1.6.18...v1.6.19

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-28 22:56:02 +01:00
Cory Snider
fc59ac02ff
Merge pull request #45078 from corhere/backport-23.0/bump-exit-timeouts-for-runhcs
[23.0 backport] Wait longer for exit events on Windows
2023-02-28 12:22:34 -05:00
Cory Snider
b1d9012969 Wait longer for exit events on Windows
The latest version of containerd-shim-runhcs-v1 (v0.10.0-rc.4) pulled in
with the bump to ContainerD v1.7.0-rc.3 had several changes to make it
more robust, which had the side effect of increasing the worst-case
amount of time it takes for a container to exit in the worst case.
Notably, the total timeout for shutting down a task increased from 30
seconds to 60! Increase the timeouts hardcoded in the daemon and
integration tests so that they don't give up too soon.

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit d634ae9b60)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 17:41:37 -05:00
Cory Snider
bfc8e1ae36
Merge pull request #45071 from corhere/backport-23.0/libnet/fix-networkdb-test-panic
[23.0 backport] libnet/networkdb: fix nil-dereference panic in test
2023-02-23 19:14:27 -05:00
Cory Snider
2337258d28 libnet/networkdb: fix nil-dereference panic in test
Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit 88f6b637a0)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-23 18:07:21 -05:00
Bjorn Neergaard
bb063342ca
Merge pull request #45009 from corhere/backport-23.0/runtime-eisdir
[23.0 backport] Go 1.20 enablement
2023-02-22 20:43:56 -07:00
Cory Snider
d6d48dd95d Upgrade to golangci-lint v1.51.2
Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit 3606d6a7cd)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-22 16:33:13 -05:00
Cory Snider
c4b655830d Migrate away from things deprecated in Go 1.20
"math/rand".Seed
  - Migrate to using local RNG instances.

"archive/tar".TypeRegA
  - The deprecated constant tar.TypeRegA is the same value as
    tar.TypeReg and so is not needed at all.

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit dea3f2b417)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-22 16:32:33 -05:00
Cory Snider
c6bf777eae d/l/awslogs: fix ineffective Add in test
...flagged by golangci-lint v1.51.1 (staticcheck).

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit e66995d840)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-22 16:32:32 -05:00
Cory Snider
da10937926 daemon: handle EISDIR error from runtime
Go 1.20 made a change to the behaviour of package "os/exec" which was
not mentioned in the release notes:
2b8f214094
Attempts to execute a directory now return syscall.EISDIR instead of
syscall.EACCESS. Check for EISDIR errors from the runtime and fudge the
returned error message to maintain compatibility with existing versions
of docker/cli when using a version of runc compiled with Go 1.20+.

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit 713e02e03e)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-22 16:32:32 -05:00
Cory Snider
d74ef58c59
Merge pull request #45062 from corhere/backport-23.0/fix-loopclosure-test-bugs
[23.0 backport] Fix loop-closure bugs in tests
2023-02-22 16:31:13 -05:00
Sebastiaan van Stijn
0497993aba
Merge pull request #45051 from corhere/backport-23.0/containerd-fifo_v1.1
[23.0 backport] Upgrade containerd/fifo to v1.1.0
2023-02-22 19:35:29 +01:00
Cory Snider
938ed9a1ed distribution/xfer: make off-by-one error a feature
maxDownloadAttempts maps to the daemon configuration flag

    --max-download-attempts int
      Set the max download attempts for each pull (default 5)

and the daemon configuration machinery interprets a value of 0 as "apply
the default value" and not a valid user value (config validation/
normalization bugs notwithstanding). The intention is clearly that this
configuration value should be an upper limit on the number of times the
daemon should try to download a particular layer before giving up. So it
is surprising to have the configuration value interpreted as a _retry_
limit. The daemon will make up to N+1 attempts to download a layer! This
also means users cannot disable retries even if they wanted to.

As this is a longstanding bug, not a recent regression, it would not be
appropriate to backport the fix (97921915a8)
in a patch release. Update the test to assert on the buggy behaviour so
it passes again.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-22 12:34:59 -05:00
Cory Snider
ca712d6947 Fix loop-closure bugs in tests
...which were flagged by golangci-lint v1.51.

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit 0c68b655f6)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-22 12:26:38 -05:00
Cory Snider
2c55b264f7
Upgrade containerd/fifo to v1.1.0
Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit d6c4e17411)
Signed-off-by: Cory Snider <csnider@mirantis.com>
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2023-02-22 10:08:15 -07:00
Bjorn Neergaard
3627bac886
Merge pull request #45058 from thaJeztah/23.0_backport_bump_bbolt_1.3.7_20230217
[23.0 backport] dependency: bump go.etcd.io/bbolt to v1.3.7
2023-02-22 10:08:04 -07:00
Benjamin Wang
8fd038fb71
dependency: bump go.etcd.io/bbolt to v1.3.7
Please refer to link below to get more detailed info on bbolt@v1.3.7,
- https://github.com/etcd-io/bbolt/blob/master/CHANGELOG/CHANGELOG-1.3.md#v1372023-01-31

Signed-off-by: Benjamin Wang <wachao@vmware.com>
(cherry picked from commit 4a886a3e8f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-22 17:12:50 +01:00
Bjorn Neergaard
ab7dd5934e
Merge pull request #45056 from thaJeztah/23.0_backport_bump_golang_net
[23.0 backport] vendor: golang.org/x/net v0.7.0, golang.org/x/sys v0.5.0, golang.org/x/text v0.7.0
2023-02-22 08:35:12 -07:00
Sebastiaan van Stijn
87a1517f8f
vendor: golang.org/x/net v0.7.0
This addresses the same CVE as is patched in go1.19.6. From that announcement:

> net/http: avoid quadratic complexity in HPACK decoding
>
> A maliciously crafted HTTP/2 stream could cause excessive CPU consumption
> in the HPACK decoder, sufficient to cause a denial of service from a small
> number of small requests.
>
> This issue is also fixed in golang.org/x/net/http2 v0.7.0, for users manually
> configuring HTTP/2.
>
> This is CVE-2022-41723 and Go issue https://go.dev/issue/57855.

full diff: https://github.com/golang/net/compare/v0.5.0...v0.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a36286cf89)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-22 13:33:56 +01:00
Sebastiaan van Stijn
d15010643c
vendor: golang.org/x/text v0.7.0
full diff: https://github.com/golang/text/compare/v0.6.0...v0.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c7de76569e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-22 13:33:46 +01:00
Sebastiaan van Stijn
0727310950
vendor: golang.org/x/sys v0.5.0
full diff: https://github.com/golang/sys/compare/v0.4.0...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a53b44a266)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-22 13:33:32 +01:00
Bjorn Neergaard
9f496914d0
Merge pull request #45043 from neersighted/backport/44982/23.0
[23.0 backport] daemon: fully resolve `apparmor_parser` regression
2023-02-21 08:19:04 -07:00
Brian Goff
bb687c160a
Merge pull request #45022 from thaJeztah/23.0_containerd_binary_1.6.18
[23.0] update containerd binary to v1.6.18
2023-02-20 18:33:11 +00:00
Bjorn Neergaard
b8c448ef24
Revert "apparmor: Check if apparmor_parser is available"
This reverts commit ab3fa46502.

This fix was partial, and is not needed with the proper fix in
containerd.

Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
(cherry picked from commit c4c54683a9)
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2023-02-20 08:59:24 -07:00
Bjorn Neergaard
a3f5319563
vendor: github.com/containerd/containerd v1.6.18
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
(cherry picked from commit 174802e15f)
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2023-02-20 08:59:20 -07:00
Sebastiaan van Stijn
d7d4866d70
Merge pull request #45021 from thaJeztah/23.0_backport_bump_go_1.19.6
[23.0 backport] update to go1.19.6
2023-02-17 13:51:09 +01:00
Bjorn Neergaard
a4e9b25461
Merge pull request #45020 from corhere/backport-23.0/libnetwork-test-race
[23.0 backport] libnetwork/networkdb: make go test -race ./libnetwork/networkdb pass
2023-02-16 18:15:37 -07:00
Sebastiaan van Stijn
52d667794f
[23.0] update containerd binary to v1.6.18
update containerd binary to v1.6.18, which includes fixes for CVE-2023-25153
and CVE-2023-25173.

1.6.18 release notes: https://github.com/containerd/containerd/releases/tag/v1.6.18

> - Fix OCI image importer memory exhaustion (GHSA-259w-8hf6-59c2)
> - Fix supplementary groups not being set up properly (GHSA-hmfx-3pcx-653p)
> - Revert removal of /sbin/apparmor_parser check
> - Update Go to 1.19.6

full diff: https://github.com/containerd/containerd/compare/v1.6.17...v1.6.18

1.6.17 release notes: https://github.com/containerd/containerd/releases/tag/v1.6.17

> - Add network plugin metrics
> - Update mkdir permission on /etc/cni to 0755 instead of 0700
> - Export remote snapshotter label handler
> - Add support for default hosts.toml configuration

full diff: https://github.com/containerd/containerd/compare/v1.6.16...v1.6.17

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-17 01:23:43 +01:00
Sebastiaan van Stijn
11715a05ca
update to go1.19.6
go1.19.6 (released 2023-02-14) includes security fixes to the crypto/tls,
mime/multipart, net/http, and path/filepath packages, as well as bug fixes to
the go command, the linker, the runtime, and the crypto/x509, net/http, and
time packages. See the Go 1.19.6 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.19.6+label%3ACherryPickApproved

From the announcement on the security mailing:

We have just released Go versions 1.20.1 and 1.19.6, minor point releases.

These minor releases include 4 security fixes following the security policy:

- path/filepath: path traversal in filepath.Clean on Windows

  On Windows, the filepath.Clean function could transform an invalid path such
  as a/../c:/b into the valid path c:\b. This transformation of a relative (if
  invalid) path into an absolute path could enable a directory traversal attack.
  The filepath.Clean function will now transform this path into the relative
  (but still invalid) path .\c:\b.

  This is CVE-2022-41722 and Go issue https://go.dev/issue/57274.

- net/http, mime/multipart: denial of service from excessive resource
  consumption

  Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely
  unlimited amounts of memory and disk files. This also affects form parsing in
  the net/http package with the Request methods FormFile, FormValue,
  ParseMultipartForm, and PostFormValue.

  ReadForm takes a maxMemory parameter, and is documented as storing "up to
  maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts
  which cannot be stored in memory are stored on disk in temporary files. The
  unconfigurable 10MB reserved for non-file parts is excessively large and can
  potentially open a denial of service vector on its own. However, ReadForm did
  not properly account for all memory consumed by a parsed form, such as map
  ntry overhead, part names, and MIME headers, permitting a maliciously crafted
  form to consume well over 10MB. In addition, ReadForm contained no limit on
  the number of disk files created, permitting a relatively small request body
  to create a large number of disk temporary files.

  ReadForm now properly accounts for various forms of memory overhead, and
  should now stay within its documented limit of 10MB + maxMemory bytes of
  memory consumption. Users should still be aware that this limit is high and
  may still be hazardous.

  ReadForm now creates at most one on-disk temporary file, combining multiple
  form parts into a single temporary file. The mime/multipart.File interface
  type's documentation states, "If stored on disk, the File's underlying
  concrete type will be an *os.File.". This is no longer the case when a form
  contains more than one file part, due to this coalescing of parts into a
  single file. The previous behavior of using distinct files for each form part
  may be reenabled with the environment variable
  GODEBUG=multipartfiles=distinct.

  Users should be aware that multipart.ReadForm and the http.Request methods
  that call it do not limit the amount of disk consumed by temporary files.
  Callers can limit the size of form data with http.MaxBytesReader.

  This is CVE-2022-41725 and Go issue https://go.dev/issue/58006.

- crypto/tls: large handshake records may cause panics

  Both clients and servers may send large TLS handshake records which cause
  servers and clients, respectively, to panic when attempting to construct
  responses.

  This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable
  session resumption (by setting Config.ClientSessionCache to a non-nil value),
  and TLS 1.3 servers which request client certificates (by setting
  Config.ClientAuth
  > = RequestClientCert).

  This is CVE-2022-41724 and Go issue https://go.dev/issue/58001.

- net/http: avoid quadratic complexity in HPACK decoding

  A maliciously crafted HTTP/2 stream could cause excessive CPU consumption
  in the HPACK decoder, sufficient to cause a denial of service from a small
  number of small requests.

  This issue is also fixed in golang.org/x/net/http2 v0.7.0, for users manually
  configuring HTTP/2.

  This is CVE-2022-41723 and Go issue https://go.dev/issue/57855.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 94feb31516)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-17 01:17:42 +01:00
Cory Snider
962c238c17 libnet/networkdb: use atomics for stats counters
The per-network statistics counters are loaded and incremented without
any concurrency control. Use atomic integers to prevent data races
without having to add any synchronization.

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit d31fa84c7c)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-16 19:16:36 -05:00
Tibor Vass
20d05e235e libnetwork/networkdb: make go test -race ./libnetwork/networkdb pass
Signed-off-by: Tibor Vass <teabee89@gmail.com>
Co-authored-by: Cory Snider <csnider@mirantis.com>
Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit 3539452ef0)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-16 19:16:36 -05:00
Bjorn Neergaard
6bf50c09a4
Merge pull request #45016 from corhere/backport-23.0/fix-spammy-cluster-api-logs
[23.0 backport] api/s/r/swarm: log backend errors at Debug level
2023-02-16 16:23:01 -07:00
Cory Snider
c2d69d06b0 api/s/r/swarm: log backend errors at Debug level
The errors are already returned to the client in the API response, so
logging them to the daemon log is redundant. Log the errors at level
Debug so as not to pollute the end-users' daemon logs with noise.

Refactor the logs to use structured fields. Add the request context to
the log entry so that logrus hooks could annotate the log entries with
contextual information about the API request in the hypothetical future.

Fixes #44997

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit a4e3c67e44)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-16 11:30:06 -05:00
Cory Snider
111658c7f0
Merge pull request #45000 from corhere/backport-23.0/fix-dns-opt-host-loopback
[23.0 backport] libnetwork: check DNS loopback with user DNS opts
2023-02-14 16:16:49 -05:00
Cory Snider
7c09feb58c libnetwork: check DNS loopback with user DNS opts
DNS servers in the loopback address range should always be resolved in
the host network namespace when the servers are configured by reading
from the host's /etc/resolv.conf. The daemon mistakenly conflated the
presence of DNS options (docker run --dns-opt) with user-supplied DNS
servers, treating the list of servers loaded from the host as a user-
supplied list and attempting to resolve in the container's network
namespace. Correct this oversight so that loopback DNS servers are only
resolved in the container's network namespace when the user provides the
DNS server list, irrespective of other DNS configuration.

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit 046cc9e776)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-14 14:51:12 -05:00
Cory Snider
ecd940a0c6
Merge pull request #44980 from er0k/bad-dns
[23.0] Fix nil pointer dereference when attempting to log DNS errors
2023-02-14 12:25:20 -05:00
er0k
6c2637be11
Do not log connection info before the connection exists
If the resolver encounters an error before it attempts to forward the
request to external DNS, do not try to log information about the
external connection, because at this point `extConn` is `nil`. This
makes sure `dockerd` won't panic and crash from a nil pointer
dereference when it sees an invalid DNS query.

fixes #44979

Signed-off-by: er0k <er0k@er0k.net>
2023-02-13 12:48:41 -05:00
Bjorn Neergaard
bc3805a0a0
Merge pull request #44959 from tonistiigi/23.0-buildkit-update-0208
[23.0] vendor: update buildkit to latest v0.10
2023-02-09 12:11:28 -07:00
Tonis Tiigi
4002fa877b
vendor: update buildkit to latest v0.10
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2023-02-08 07:57:57 -08:00
Bjorn Neergaard
77f3d31ed6
Merge pull request #44944 from thaJeztah/23.0_backport_worker_getremotes
[23.0 backport] builder: define GetRemotes for the worker
2023-02-08 08:44:21 -07:00
Tonis Tiigi
e697c9365f
builder: define GetRemotes for the worker
The function signature has changed since v0.10.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 335907d187)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-08 01:01:18 +01:00
Sebastiaan van Stijn
1141704bc9
Merge pull request #44952 from thaJeztah/23.0_backport_ci_fix_workflows
[23.0 backport] ci: fix branch filter pattern in buildkit workflow
2023-02-08 00:59:40 +01:00
CrazyMax
4c544c3d5f
ci: fix branch filter pattern in buildkit workflow
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 80f8432b52)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-07 23:45:04 +01:00
Bjorn Neergaard
f7e2cbaf1b
Merge pull request #44948 from crazy-max/23.0_backport_ci-itg-cli-split
[23.0 backport] ci: enhance tests distribution
2023-02-07 12:43:42 -07:00
CrazyMax
06aca27cc1
ci: enhance tests distribution
Adds overrides with specific tests suites in our tests
matrix so we can reduce build time significantly.

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 22776f8fdb)
2023-02-07 16:50:50 +01:00
Kevin Alvarez
001b2e778a
ci: update gotestlist to 0.3.1
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit e304e82b66)
2023-02-07 16:50:49 +01:00
Sebastiaan van Stijn
e664cc2239
Merge pull request #44942 from vvoland/apparmor-check-binary-23
[23.0 backport] apparmor: Check if apparmor_parser is available
2023-02-07 13:13:18 +01:00
Sebastiaan van Stijn
a25ab9224a
Merge pull request #44936 from thaJeztah/23.0_update_buildkit
[23.0] vendor: github.com/moby/buildkit v0.10.7-0.20230206124303-b8fdb4b78da0
2023-02-07 11:29:35 +01:00