Panic if transport.connectionlessEndpoint.baseEndpoint.receiver is mutated during save.

nixprime · gvisor-bot · commit 9fc4303aefe1 · 2025-11-14T20:23:31.000-08:00
PiperOrigin-RevId: 832558564
diff --git a/pkg/sentry/kernel/kernel.go b/pkg/sentry/kernel/kernel.go
@@ -704,7 +704,9 @@ func (k *Kernel) SaveTo(ctx context.Context, stateFile, pagesMetadata io.WriteCl
 
 	// Save the kernel state.
 	kernelStart := time.Now()
+	state.IsSaving.Store(true)
 	stats, err := state.Save(ctx, stateFile, k)
+	state.IsSaving.Store(false)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/sentry/socket/unix/transport/BUILD b/pkg/sentry/socket/unix/transport/BUILD
@@ -99,6 +99,7 @@ go_library(
         "//pkg/sentry/hostfd",
         "//pkg/sentry/kernel/auth",
         "//pkg/sentry/uniqueid",
+        "//pkg/state",
         "//pkg/sync",
         "//pkg/sync/locking",
         "//pkg/syserr",
diff --git a/pkg/sentry/socket/unix/transport/connectionless.go b/pkg/sentry/socket/unix/transport/connectionless.go
@@ -17,6 +17,7 @@ package transport
 import (
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/state"
 	"gvisor.dev/gvisor/pkg/syserr"
 	"gvisor.dev/gvisor/pkg/waiter"
 )
@@ -39,6 +40,9 @@ var (
 
 // NewConnectionless creates a new unbound dgram endpoint.
 func NewConnectionless(ctx context.Context) Endpoint {
+	if state.IsSaving.Load() {
+		panic("transport.connectionlessEndpoint being created during kernel save")
+	}
 	ep := &connectionlessEndpoint{baseEndpoint{Queue: &waiter.Queue{}}}
 	q := queue{ReaderQueue: ep.Queue, WriterQueue: &waiter.Queue{}, limit: defaultBufferSize}
 	q.InitRefs()
@@ -67,6 +71,9 @@ func (e *connectionlessEndpoint) Close(ctx context.Context) {
 
 	e.receiver.CloseRecv()
 	r := e.receiver
+	if state.IsSaving.Load() {
+		panic("transport.connectionlessEndpoint being closed during kernel save")
+	}
 	e.receiver = nil
 	e.Unlock()
 
diff --git a/pkg/state/BUILD b/pkg/state/BUILD
@@ -66,6 +66,7 @@ go_library(
     srcs = [
         "addr_range.go",
         "addr_set.go",
+        "debug.go",
         "decode.go",
         "decode_unsafe.go",
         "deferred_list.go",
diff --git a/pkg/state/debug.go b/pkg/state/debug.go
@@ -0,0 +1,22 @@
+// Copyright 2025 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package state
+
+import (
+	"sync/atomic"
+)
+
+// IsSaving is set to true during kernel object graph saving for debugging.
+var IsSaving atomic.Bool

Original file line number	Diff line number	Diff line change
`@@ -704,7 +704,9 @@ func (k *Kernel) SaveTo(ctx context.Context, stateFile, pagesMetadata io.WriteCl`
`704`	`704`
`705`	`705`	`// Save the kernel state.`
`706`	`706`	`kernelStart := time.Now()`
	`707`	`+ state.IsSaving.Store(true)`
`707`	`708`	`stats, err := state.Save(ctx, stateFile, k)`
	`709`	`+ state.IsSaving.Store(false)`
`708`	`710`	`if err != nil {`
`709`	`711`	`return err`
`710`	`712`	`}`