Devlxd: Fix crash due to concurrent pidMapper map access (#14771)

Fixes #14706
canonical · Jan 13, 2025 · 42068ff · 42068ff
2 parents 3a04c57 + 7323980
commit 42068ff
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/lxd/devlxd.go b/lxd/devlxd.go
@@ -308,8 +308,9 @@ func hoistReq(f func(*Daemon, instance.Instance, http.ResponseWriter, *http.Requ
 		request.SetCtxValue(r, request.CtxProtocol, auth.AuthenticationMethodDevLXD)
 
 		conn := ucred.GetConnFromContext(r.Context())
-		cred, ok := pidMapper.m[conn.(*net.UnixConn)]
-		if !ok {
+
+		cred := pidMapper.GetConnUcred(conn.(*net.UnixConn))
+		if cred == nil {
 			http.Error(w, errPIDNotInContainer.Error(), http.StatusInternalServerError)
 			return
 		}
@@ -439,6 +440,14 @@ func (m *ConnPidMapper) ConnStateHandler(conn net.Conn, state http.ConnState) {
 	}
 }
 
+// GetConnUcred returns a previously stored ucred associated to a connection.
+// Returns nil if no ucred found for the connection.
+func (m *ConnPidMapper) GetConnUcred(conn *net.UnixConn) *unix.Ucred {
+	m.mLock.Lock()
+	defer m.mLock.Unlock()
+	return pidMapper.m[conn]
+}
+
 var errPIDNotInContainer = errors.New("Process ID not found in container")
 
 func findContainerForPid(pid int32, s *state.State) (instance.Container, error) {