Skip to content

Commit 93b46c0

Browse files
LevovarLevovar
committed
Adding safeguards against a potential core situation in confman.
Both in Reserve() and Free() calls core can theoretically occur when the chosen interface profile does not have "Alloc". This practically can only occur if a network was created in env where webhook was not running.
1 parent b16fdef commit 93b46c0

File tree

2 files changed

+22
-3
lines changed

2 files changed

+22
-3
lines changed

Diff for: pkg/confman/confman.go

+7-1
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,9 @@ func GetTenantConfig(danmClient danmclientset.Interface) (*danmtypes.TenantConfi
2424

2525
func Reserve(danmClient danmclientset.Interface, tconf *danmtypes.TenantConfig, iface danmtypes.IfaceProfile) (int,error) {
2626
allocs := bitarray.NewBitArrayFromBase64(iface.Alloc)
27+
if allocs.Len() == 0 {
28+
return 0, errors.New("VNI allocations for interface:" + iface.Name + " is corrupt! Are you running without webhook?")
29+
}
2730
vnis, err := cpuset.Parse(iface.VniRange)
2831
if err != nil {
2932
return 0, errors.New("vniRange for interface:" + iface.Name + " cannot be parsed because:" + err.Error())
@@ -84,11 +87,14 @@ func Free(danmClient danmclientset.Interface, tconf *danmtypes.TenantConfig, dne
8487
" as the used network details (interface name, VNI type) doe not match any entries in TenantConfig. This means your APIs were possibly tampered with!")
8588
return nil
8689
}
87-
allocs := bitarray.NewBitArrayFromBase64(tconf.HostDevices[index].Alloc)
8890
vni := dnet.Spec.Options.Vlan
8991
if dnet.Spec.Options.Vxlan != 0 {
9092
vni = dnet.Spec.Options.Vxlan
9193
}
94+
allocs := bitarray.NewBitArrayFromBase64(tconf.HostDevices[index].Alloc)
95+
if allocs.Len() == 0 {
96+
return errors.New("VNI allocations for interface:" + tconf.HostDevices[index].Name + " is corrupt! Are you running without webhook?")
97+
}
9298
allocs.Reset(uint32(vni))
9399
tconf.HostDevices[index].Alloc = allocs.Encode()
94100
_, err := danmClient.DanmV1().TenantConfigs().Update(tconf)

Diff for: test/uts/confman_test/confman_test.go

+15-2
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ var (
3434
danmtypes.TenantConfig{ObjectMeta: meta_v1.ObjectMeta {Name: "secondConf"}},
3535
}
3636
reserveConfs = []danmtypes.TenantConfig {
37-
danmtypes.TenantConfig{
37+
danmtypes.TenantConfig {
3838
ObjectMeta: meta_v1.ObjectMeta {Name: "tconf"},
3939
HostDevices: []danmtypes.IfaceProfile {
4040
danmtypes.IfaceProfile{Name: "ens4", VniType: "vxlan", VniRange: "700-710", Alloc: utils.AllocFor5k},
@@ -44,18 +44,25 @@ var (
4444
danmtypes.IfaceProfile{Name: "nokia.k8s.io/sriov_ens1f0", VniType: "vxlan", VniRange: "1600-1650", Alloc: utils.AllocFor5k},
4545
},
4646
},
47-
danmtypes.TenantConfig{
47+
danmtypes.TenantConfig {
4848
ObjectMeta: meta_v1.ObjectMeta {Name: "error"},
4949
HostDevices: []danmtypes.IfaceProfile {
5050
danmtypes.IfaceProfile{Name: "ens4", VniType: "vxlan", VniRange: "800-810", Alloc: utils.AllocFor5k},
5151
},
5252
},
53+
danmtypes.TenantConfig {
54+
ObjectMeta: meta_v1.ObjectMeta {Name: "corrupt"},
55+
HostDevices: []danmtypes.IfaceProfile {
56+
danmtypes.IfaceProfile{Name: "corrupt", VniType: "vxlan", VniRange: "700-710", Alloc: ""},
57+
},
58+
},
5359
}
5460
reserveIfaces = []danmtypes.IfaceProfile {
5561
danmtypes.IfaceProfile{Name:"invalidVni", VniRange: "invalid"},
5662
danmtypes.IfaceProfile{Name: "ens4", VniType: "vxlan", VniRange: "700-710", Alloc: utils.AllocFor5k},
5763
danmtypes.IfaceProfile{Name: "ens4", VniType: "vlan", VniRange: "200,500-510", Alloc: utils.AllocFor5k},
5864
danmtypes.IfaceProfile{Name: "hupak", VniType: "vlan", VniRange: "1000,1001", Alloc: utils.AllocFor5k},
65+
danmtypes.IfaceProfile{Name: "corrupt", VniType: "vxlan", VniRange: "700-710", Alloc: ""},
5966
}
6067
tconfSets = []TconfSet {
6168
TconfSet{name: "emptyTcs", tconfs: emptyTconfs},
@@ -92,6 +99,10 @@ var (
9299
ObjectMeta: meta_v1.ObjectMeta {Name: "novni"},
93100
Spec: danmtypes.DanmNetSpec{NetworkID: "internal", NetworkType: "ipvlan", Options: danmtypes.DanmNetOption{Device: "ens4"}},
94101
},
102+
danmtypes.DanmNet {
103+
ObjectMeta: meta_v1.ObjectMeta {Name: "corrupt"},
104+
Spec: danmtypes.DanmNetSpec{NetworkID: "internal", NetworkType: "ipvlan", Options: danmtypes.DanmNetOption{Device: "corrupt", Vxlan: 700}},
105+
},
95106
}
96107
)
97108

@@ -120,6 +131,7 @@ var reserveTcs = []struct {
120131
{"noFreeVniInIface", "tconf", "ens4", "vlan", []int{200,510}, true, 0},
121132
{"errorUpdating", "error", "ens4", "vxlan", nil, true, 0},
122133
{"nonExistentProfile", "tconf", "hupak", "vlan", nil, true, 0},
134+
{"corruptedVniAllocation", "corrupt", "corrupt", "", nil, true, 0},
123135
}
124136

125137
var freeTcs = []struct {
@@ -139,6 +151,7 @@ var freeTcs = []struct {
139151
{"devicePoolWithVxlan", "tconf", "sriov_vxlan", "nokia.k8s.io/sriov_ens1f0", "vxlan", false, false},
140152
{"errorUpdating", "error", "ipvlan_vxlan", "ens4", "vxlan", false, true},
141153
{"noVnis", "tconf", "novni", "", "", false, false},
154+
{"corruptedVniAllocation", "corrupt", "corrupt", "", "", false, true},
142155
}
143156

144157
func TestGetTenantConfig(t *testing.T) {

0 commit comments

Comments
 (0)