fix(executor/pns): panic of pidFileHandles concurrent writes (#6569)

Signed-off-by: Windfarer <[email protected]>
argoproj · Sep 3, 2021 · 2af306a · 2af306a
1 parent 1019a13
commit 2af306a
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/workflow/executor/pns/pns.go b/workflow/executor/pns/pns.go
@@ -33,6 +33,9 @@ type PNSExecutor struct {
  // mu for `containerNameToPID``
  mu sync.RWMutex
 
+ // mu for `pidFileHandles``
+ pmu sync.RWMutex
+
  containerNameToPID map[string]int
 
  // pidFileHandles holds file handles to all root containers
@@ -56,6 +59,7 @@ func NewPNSExecutor(clientset *kubernetes.Clientset, podName, namespace string)
  podName: podName,
  namespace: namespace,
  mu: sync.RWMutex{},
+ pmu: sync.RWMutex{},
  containerNameToPID: make(map[string]int),
  pidFileHandles: make(map[int]*os.File),
  thisPID: thisPID,
@@ -81,6 +85,8 @@ func (p *PNSExecutor) enterChroot(containerName string) error {
  if pid == 0 {
  return fmt.Errorf("cannot enter chroot for container named %q: no PID known - maybe short running container", containerName)
  }
+ p.pmu.RLock()
+ defer p.pmu.RUnlock()
  if err := p.pidFileHandles[pid].Chdir(); err != nil {
  return errors.InternalWrapErrorf(err, "failed to chdir to main filesystem: %v", err)
  }
@@ -319,6 +325,8 @@ func (p *PNSExecutor) secureRootFiles() error {
  return err
  }
 
+ p.pmu.Lock()
+ defer p.pmu.Unlock()
  if p.pidFileHandles[pid] != fs {
  // the main container may have switched (e.g. gone from busybox to the user's container)
  if prevInfo, ok := p.pidFileHandles[pid]; ok {