Proper locking to fix OzInitPids-related crash conditions.

7 years ago · 35e7b07e43
parent 62713d74f0
commit 35e7b07e43
3 changed files with 18 additions and 2 deletions
--- a/2
+++ b/2
@ -5,8 +5,6 @@ fw-daemon:


 fw-prompt:
-	apply once rules still do not work because they the DBus invocation requires the guid to be passed
-
 	more nesting for similar prompts (by application, pid, target host, etc)


--- a/sgfw/ipc.go
+++ b/sgfw/ipc.go
@ -8,6 +8,7 @@ import (
 	"os"
 	"strconv"
 	"strings"
+	"sync"

 	"github.com/subgraph/oz/ipc"
 )
@ -21,9 +22,14 @@ type OzInitProc struct {
 }

 var OzInitPids []OzInitProc = []OzInitProc{}
+var OzInitPidsLock = sync.Mutex{}
+

 func addInitPid(pid int, name string, sboxid int) {
 	fmt.Println("::::::::::: init pid added: ", pid, " -> ", name)
+	OzInitPidsLock.Lock()
+	defer OzInitPidsLock.Unlock()
+
 	for i := 0; i < len(OzInitPids); i++ {
 		if OzInitPids[i].Pid == pid {
 			return
@ -36,6 +42,9 @@ func addInitPid(pid int, name string, sboxid int) {

 func removeInitPid(pid int) {
 	fmt.Println("::::::::::: removing PID: ", pid)
+	OzInitPidsLock.Lock()
+	defer OzInitPidsLock.Unlock()
+
 	for i := 0; i < len(OzInitPids); i++ {
 		if OzInitPids[i].Pid == pid {
 			OzInitPids = append(OzInitPids[:i], OzInitPids[i+1:]...)
--- a/sgfw/policy.go
+++ b/sgfw/policy.go
@ -656,6 +656,7 @@ func readFileDirect(filename string) ([]byte, error) {

 func getAllProcNetDataLocal() ([]string, error) {
 	data := ""
+	OzInitPidsLock.Lock()

 	for i := 0; i < len(OzInitPids); i++ {
 		fname := fmt.Sprintf("/proc/%d/net/tcp", OzInitPids[i])
@ -670,6 +671,8 @@ func getAllProcNetDataLocal() ([]string, error) {

 	}

+	OzInitPidsLock.Unlock()
+
 	lines := strings.Split(data, "\n")
 	rlines := make([]string, 0)
 	ctr := 1
@ -715,6 +718,7 @@ func LookupSandboxProc(srcip net.IP, srcp uint16, dstip net.IP, dstp uint16, pro
 	var res *procsnitch.Info = nil
 	var optstr string
 	removePids := make([]int, 0)
+	OzInitPidsLock.Lock()

 	for i := 0; i < len(OzInitPids); i++ {
 		data := ""
@ -769,6 +773,8 @@ func LookupSandboxProc(srcip net.IP, srcp uint16, dstip net.IP, dstp uint16, pro

 	}

+	OzInitPidsLock.Unlock()
+
 	for _, p := range removePids {
 		removeInitPid(p)
 	}
@ -820,6 +826,7 @@ func findProcessForPacket(pkt *nfqueue.NFQPacket, reverse bool, strictness int)

 	if res == nil {
 		removePids := make([]int, 0)
+		OzInitPidsLock.Lock()

 		for i := 0; i < len(OzInitPids); i++ {
 			data := ""
@ -868,6 +875,8 @@ func findProcessForPacket(pkt *nfqueue.NFQPacket, reverse bool, strictness int)

 		}

+		OzInitPidsLock.Unlock()
+
 		for _, p := range removePids {
 			removeInitPid(p)
 		}