diff --git a/containerd.spec b/containerd.spec index e2d753237d2d2bde13b6dcf004467fedfd720250..78ad95559e27f750d3ec164fd3a5c59b5e2ecc3c 100644 --- a/containerd.spec +++ b/containerd.spec @@ -33,6 +33,9 @@ cp %{SOURCE3} . cp %{SOURCE4} . %build +%if "%toolchain" == "clang" +export LLVM=1 +%endif echo %{VERSION}.%{RELEASE} > containerd_version bash ./apply-patch diff --git a/patch.tar.gz b/patch.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..0ddb70ea93620995385741ad53753842d6f4c010 Binary files /dev/null and b/patch.tar.gz differ diff --git a/patch/0001-containerd-event-resend-exit-event-when-detect-containerd-resta.patch b/patch/0001-containerd-event-resend-exit-event-when-detect-containerd-resta.patch deleted file mode 100644 index 14faad2495b392c00f236c91cb2a358f53947fb8..0000000000000000000000000000000000000000 --- a/patch/0001-containerd-event-resend-exit-event-when-detect-containerd-resta.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 53122406aaf85c29cf70ca3b76a62580874ae9b5 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sun, 10 Feb 2019 18:40:59 +0800 -Subject: [PATCH] event: resend exit event when detect containerd restarted - -reason: fix docker stop no effect. And add init pid to start event log -because DFX support start event with init pid - -Change-Id: I024b2f6a03d74fcbb5623c696212dcbfb624b285 -Signed-off-by: jingrui ---- - cmd/containerd-shim/main_unix.go | 38 +++++++++++++++++++++++++++++++- - runtime/v1/linux/task.go | 2 ++ - 2 files changed, 39 insertions(+), 1 deletion(-) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index 024611b..942f354 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -25,11 +25,13 @@ import ( - "flag" - "fmt" - "io" -+ "io/ioutil" - "net" - "os" - "os/signal" - "runtime" - "runtime/debug" -+ "strconv" - "strings" - "sync" - "syscall" -@@ -284,7 +286,7 @@ type remoteEventsPublisher struct { - address string - } - --func (l *remoteEventsPublisher) Publish(ctx context.Context, topic string, event events.Event) error { -+func (l *remoteEventsPublisher) doPublish(ctx context.Context, topic string, event events.Event) error { - ns, _ := namespaces.Namespace(ctx) - encoded, err := typeurl.MarshalAny(event) - if err != nil { -@@ -316,3 +318,37 @@ func (l *remoteEventsPublisher) Publish(ctx context.Context, topic string, event - } - return nil - } -+ -+func getContainerdPid() int { -+ pidFile := "/var/run/docker/containerd/containerd.pid" -+ data, err := ioutil.ReadFile(pidFile) -+ if err != nil { -+ return -1 -+ } -+ pid, err := strconv.Atoi(string(data)) -+ if err != nil { -+ return -1 -+ } -+ return pid -+} -+ -+func (l *remoteEventsPublisher) Publish(ctx context.Context, topic string, event events.Event) error { -+ old := getContainerdPid() -+ for i := 1; i <= 10; i++ { -+ err := l.doPublish(ctx, topic, event) -+ logrus.Infof("try publish event(%d) %s %v %v", i, topic, event, err) -+ if err == nil { -+ new := getContainerdPid() -+ if old == new { -+ return nil -+ } -+ logrus.Warnf("containerd pid %d changed to %d", old, new) -+ old = new -+ } -+ if i == 10 { -+ return err -+ } -+ time.Sleep(time.Duration(i) * time.Second) -+ } -+ return nil -+} -diff --git a/runtime/v1/linux/task.go b/runtime/v1/linux/task.go -index 3ac7839..5a8dab1 100644 ---- a/runtime/v1/linux/task.go -+++ b/runtime/v1/linux/task.go -@@ -38,6 +38,7 @@ import ( - "github.com/containerd/ttrpc" - "github.com/containerd/typeurl" - "github.com/gogo/protobuf/types" -+ "github.com/sirupsen/logrus" - ) - - // Task on a linux based system -@@ -148,6 +149,7 @@ func (t *Task) Start(ctx context.Context) error { - } - t.mu.Unlock() - } -+ logrus.Infof("publish event %s for container %s with pid %d", runtime.TaskStartEventTopic, t.id, t.pid) - t.events.Publish(ctx, runtime.TaskStartEventTopic, &eventstypes.TaskStart{ - ContainerID: t.id, - Pid: uint32(t.pid), --- -2.33.0 - diff --git a/patch/0002-containerd-cleanup-container-when-containerd-dockerd.patch b/patch/0002-containerd-cleanup-container-when-containerd-dockerd.patch deleted file mode 100644 index 1da12b5ce252d0833f4e2cd0053a77b1bbb5ca55..0000000000000000000000000000000000000000 --- a/patch/0002-containerd-cleanup-container-when-containerd-dockerd.patch +++ /dev/null @@ -1,475 +0,0 @@ -From 49e88aa61dd8a99e17edf020faae2307b63858da Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sun, 10 Feb 2019 15:40:52 +0800 -Subject: [PATCH] containerd:cleanup container when containerd/dockerd is - killed - -when containerd killed during task create, see Runtime.Create(). the -defer function will not execute, so shim residual. cleanup shim for -container pid=-1 - -And kill dockerd during docker stop in post-stophook, containerd will load -task and treat as ok when shim response client. add init.exit to forbid -load exiting task. also exit event may lost, fix it - -Signed-off-by: jingrui ---- - events/events.go | 14 +++ - events/exchange/exchange.go | 12 +++ - events/exit.go | 108 ++++++++++++++++++++ - pkg/process/utils.go | 2 + - runtime/v1/linux/runtime.go | 63 ++++++++++-- - runtime/v1/linux/task.go | 27 ++++- - runtime/v1/shim/service.go | 4 + - vendor/github.com/docker/go-events/queue.go | 18 +++- - 8 files changed, 232 insertions(+), 16 deletions(-) - create mode 100644 events/exit.go - -diff --git a/events/events.go b/events/events.go -index b7eb86f..70ef315 100644 ---- a/events/events.go -+++ b/events/events.go -@@ -20,6 +20,7 @@ import ( - "context" - "time" - -+ apievents "github.com/containerd/containerd/api/events" - "github.com/containerd/typeurl" - "github.com/gogo/protobuf/types" - ) -@@ -32,6 +33,19 @@ type Envelope struct { - Event *types.Any - } - -+func (e *Envelope) ExitFile() string { -+ decoded, err := typeurl.UnmarshalAny(e.Event) -+ if err != nil { -+ return "" -+ } -+ -+ if e, ok := decoded.(*apievents.TaskExit); ok { -+ return ExitFile(e.ContainerID, e.Pid, e.ExitStatus) -+ } -+ -+ return "" -+} -+ - // Field returns the value for the given fieldpath as a string, if defined. - // If the value is not defined, the second value will be false. - func (e *Envelope) Field(fieldpath []string) (string, bool) { -diff --git a/events/exchange/exchange.go b/events/exchange/exchange.go -index a1f385d..162e7be 100644 ---- a/events/exchange/exchange.go -+++ b/events/exchange/exchange.go -@@ -49,6 +49,11 @@ func NewExchange() *Exchange { - var _ events.Publisher = &Exchange{} - var _ events.Forwarder = &Exchange{} - var _ events.Subscriber = &Exchange{} -+var mobySubcribed = false -+ -+func MobySubscribed() bool { -+ return mobySubcribed -+} - - // Forward accepts an envelope to be directly distributed on the exchange. - // -@@ -161,6 +166,13 @@ func (e *Exchange) Subscribe(ctx context.Context, fs ...string) (ch <-chan *even - } - - e.broadcaster.Add(dst) -+ logrus.Infof("subscribe ctx=%v fs=%v", ctx, fs) -+ for _, s := range fs { -+ if !MobySubscribed() && s == "namespace==moby,topic~=|^/tasks/|" { -+ queue.Namespace = "moby" -+ mobySubcribed = true -+ } -+ } - - go func() { - defer closeAll() -diff --git a/events/exit.go b/events/exit.go -new file mode 100644 -index 0000000..ee9d5a9 ---- /dev/null -+++ b/events/exit.go -@@ -0,0 +1,108 @@ -+/* -+Use of this source code is governed by Apache-2.0 -+license that can be found in the LICENSE file -+Description: common functions -+Author: jingrui -+Create: 2019-02-12 -+*/ -+ -+package events -+ -+import ( -+ "fmt" -+ "io/ioutil" -+ "os" -+ "path/filepath" -+ "strconv" -+ "strings" -+ -+ "github.com/sirupsen/logrus" -+) -+ -+const ExitDir = "/var/run/docker/containerd/exit" -+const ExitStatusDefault = 137 -+const InitExit = "init.exit" -+ -+func ExitFile(cid string, pid uint32, status uint32) string { -+ return fmt.Sprintf("%s.%d.%d", cid, pid, status) -+} -+ -+func ExitInfo(ef string) (string, uint32, uint32) { -+ s := strings.Split(ef, ".") -+ if len(s) != 3 { -+ return "", 0, 0 -+ } -+ -+ cid := s[0] -+ pid, err := strconv.ParseUint(s[1], 10, 32) -+ if err != nil { -+ return "", 0, 0 -+ } -+ status, err := strconv.ParseUint(s[2], 10, 32) -+ if err != nil { -+ return "", 0, 0 -+ } -+ -+ return cid, uint32(pid), uint32(status) -+} -+ -+func ExitAddFile(ns string, ef string, reason string) { -+ logrus.Devour(os.MkdirAll(filepath.Join(ExitDir, ns), 0700)) -+ err := ioutil.WriteFile(filepath.Join(ExitDir, ns, ef), []byte{}, 0600) -+ logrus.Infof("exit-add %s/%s [reason: %s] error=%v", ns, ef, reason, err) -+} -+ -+func ExitDelFile(ns string, ef string) { -+ err := os.RemoveAll(filepath.Join(ExitDir, ns, ef)) -+ logrus.Devour(err) -+ logrus.Infof("exit-del %s/%s error=%v", ns, ef, err) -+} -+ -+func ExitGetFile(ns string, cid string, pid uint32, status uint32) string { -+ ef := ExitFile(cid, pid, status) -+ if _, err := os.Stat(filepath.Join(ExitDir, ns, ef)); err == nil { -+ return ef -+ } -+ return "" -+} -+ -+func ExitGetFiles(ns string) []string { -+ files, err := ioutil.ReadDir(filepath.Join(ExitDir, ns)) -+ if err != nil { -+ return []string{} -+ } -+ -+ names := []string{} -+ for _, f := range files { -+ names = append(names, f.Name()) -+ } -+ -+ return names -+} -+ -+func ExitPending(ns string, cid string, pid uint32) bool { -+ for _, ef := range ExitGetFiles(ns) { -+ if strings.Contains(ef, fmt.Sprintf("%s.%d", cid, pid)) { -+ return true -+ } -+ } -+ return false -+} -+ -+func InitExitWrite(bundle string, pid int) { -+ if _, err := os.Stat(bundle); err != nil { -+ logrus.Infof("skip write init.exit %s error=%v", bundle, err) -+ return -+ } -+ err := ioutil.WriteFile(filepath.Join(bundle, InitExit), []byte(fmt.Sprintf("%d", pid)), 0600) -+ if err != nil { -+ logrus.Infof("failed write init.exit error=%s", bundle, err) -+ } -+} -+ -+func InitExitExist(bundle string) bool { -+ if _, err := os.Stat(filepath.Join(bundle, InitExit)); err == nil { -+ return true -+ } -+ return false -+} -diff --git a/pkg/process/utils.go b/pkg/process/utils.go -index afada02..5ff04ed 100644 ---- a/pkg/process/utils.go -+++ b/pkg/process/utils.go -@@ -41,6 +41,8 @@ const ( - RuncRoot = "/run/containerd/runc" - // InitPidFile name of the file that contains the init pid - InitPidFile = "init.pid" -+ -+ InitExit = "init.exit" - ) - - // safePid is a thread safe wrapper for pid. -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index b6d5382..a6efd81 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -32,6 +32,7 @@ import ( - "github.com/containerd/containerd/api/types" - "github.com/containerd/containerd/containers" - "github.com/containerd/containerd/errdefs" -+ "github.com/containerd/containerd/events" - "github.com/containerd/containerd/events/exchange" - "github.com/containerd/containerd/identifiers" - "github.com/containerd/containerd/log" -@@ -138,6 +139,7 @@ func New(ic *plugin.InitContext) (interface{}, error) { - return nil, err - } - } -+ go r.resendExitEvents(ic.Context, "moby") - return r, nil - } - -@@ -184,7 +186,8 @@ func (r *Runtime) Create(ctx context.Context, id string, opts runtime.CreateOpts - } - defer func() { - if err != nil { -- bundle.Delete() -+ errd := bundle.Delete() -+ log.G(ctx).WithError(err).Errorf("revert: delete bundle error=%v", errd) - } - }() - -@@ -225,9 +228,8 @@ func (r *Runtime) Create(ctx context.Context, id string, opts runtime.CreateOpts - deferCtx, deferCancel := context.WithTimeout( - namespaces.WithNamespace(context.TODO(), namespace), cleanupTimeout) - defer deferCancel() -- if kerr := s.KillShim(deferCtx); kerr != nil { -- log.G(ctx).WithError(kerr).Error("failed to kill shim") -- } -+ kerr := s.KillShim(deferCtx) -+ log.G(ctx).WithError(err).Errorf("revert: kill shim error=%v", kerr) - } - }() - -@@ -338,6 +340,41 @@ func (r *Runtime) Delete(ctx context.Context, id string) (*runtime.Exit, error) - return exit, nil - } - -+func (r *Runtime) resendExitEvents(ctx context.Context, ns string) { -+ for { -+ time.Sleep(time.Second) -+ efs := events.ExitGetFiles(ns) -+ if len(efs) == 0 { -+ break -+ } -+ -+ if !exchange.MobySubscribed() { -+ logrus.Infof("waiting moby event stream ...") -+ continue -+ } -+ time.Sleep(time.Second) -+ -+ for _, ef := range efs { -+ cid, pid, status := events.ExitInfo(ef) -+ if cid == "" { -+ continue -+ } -+ -+ e := &eventstypes.TaskExit{ -+ ContainerID: cid, -+ ID: cid, -+ ExitStatus: status, -+ ExitedAt: time.Now().UTC(), -+ Pid: uint32(pid), -+ } -+ -+ ctx := namespaces.WithNamespace(context.Background(), ns) -+ err := r.events.Publish(ctx, runtime.TaskExitEventTopic, e) -+ logrus.Infof("resend exit event %v error=%v", e, err) -+ } -+ } -+} -+ - func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - dir, err := os.ReadDir(filepath.Join(r.state, ns)) - if err != nil { -@@ -349,6 +386,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - continue - } - id := path.Name() -+ log.G(ctx).Infof("load-task %s", id) - // skip hidden directories - if len(id) > 0 && id[0] == '.' { - continue -@@ -435,6 +473,20 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - log.G(ctx).WithError(err).Error("loading task type") - continue - } -+ if pid <= 0 { -+ _, err := t.DeleteForce(ctx, 0) -+ log.G(ctx).Warnf("delete force %s Pid=%d error=%v", id, pid, err) -+ continue -+ } -+ if _, err := os.Stat(filepath.Join(bundle.path, process.InitExit)); err == nil { -+ if !events.ExitPending(ns, t.id, uint32(pid)) { -+ events.ExitAddFile(ns, events.ExitFile(t.id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") -+ } -+ _, err := t.DeleteForce(ctx, uint32(pid)) -+ log.G(ctx).Warnf("delete force %s Pid=%d(exiting) error=%v", id, pid, err) -+ continue -+ } -+ log.G(ctx).Infof("load-task %s Pid=%d done", id, pid) - o = append(o, t) - } - return o, nil -@@ -449,9 +501,6 @@ func (r *Runtime) cleanupAfterDeadShim(ctx context.Context, bundle *bundle, ns, - pid, _ := runc.ReadPidFile(filepath.Join(bundle.path, process.InitPidFile)) - ctx = namespaces.WithNamespace(ctx, ns) - if err := r.terminate(ctx, bundle, ns, id); err != nil { -- if r.config.ShimDebug { -- return fmt.Errorf("failed to terminate task, leaving bundle for debugging: %w", err) -- } - log.G(ctx).WithError(err).Warn("failed to terminate task") - } - -diff --git a/runtime/v1/linux/task.go b/runtime/v1/linux/task.go -index 5a8dab1..70908ae 100644 ---- a/runtime/v1/linux/task.go -+++ b/runtime/v1/linux/task.go -@@ -24,6 +24,7 @@ import ( - "errors" - "fmt" - "sync" -+ "time" - - "github.com/containerd/cgroups" - eventstypes "github.com/containerd/containerd/api/events" -@@ -39,6 +40,7 @@ import ( - "github.com/containerd/typeurl" - "github.com/gogo/protobuf/types" - "github.com/sirupsen/logrus" -+ "golang.org/x/sys/unix" - ) - - // Task on a linux based system -@@ -93,12 +95,12 @@ func (t *Task) PID(_ context.Context) (uint32, error) { - } - - // Delete the task and return the exit status --func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) { -+func (t *Task) delete(ctx context.Context, force bool, pid uint32) (*runtime.Exit, error) { - rsp, shimErr := t.shim.Delete(ctx, empty) - if shimErr != nil { -- shimErr = errdefs.FromGRPC(shimErr) -- if !errdefs.IsNotFound(shimErr) { -- return nil, shimErr -+ log.G(ctx).WithError(shimErr).Error("failed to delete container, force=%t", force) -+ if !force { -+ return nil, errdefs.FromGRPC(shimErr) - } - } - t.tasks.Delete(ctx, t.id) -@@ -108,6 +110,14 @@ func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) { - if err := t.bundle.Delete(); err != nil { - log.G(ctx).WithError(err).Error("failed to delete bundle") - } -+ -+ if rsp == nil { -+ rsp = &shim.DeleteResponse{} -+ rsp.ExitStatus = 128 + uint32(unix.SIGKILL) -+ rsp.ExitedAt = time.Now().UTC() -+ rsp.Pid = pid -+ } -+ - if shimErr != nil { - return nil, shimErr - } -@@ -124,6 +134,15 @@ func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) { - }, nil - } - -+// Delete the task and return the exit status -+func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) { -+ return t.delete(ctx, false, 0) -+} -+ -+func (t *Task) DeleteForce(ctx context.Context, pid uint32) (*runtime.Exit, error) { -+ return t.delete(ctx, true, pid) -+} -+ - // Start the task - func (t *Task) Start(ctx context.Context) error { - t.mu.Lock() -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index a08757d..b00ed9c 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -23,6 +23,7 @@ import ( - "context" - "encoding/json" - "fmt" -+ "io/ioutil" - "os" - "path/filepath" - "sync" -@@ -520,6 +521,9 @@ func (s *Service) checkProcesses(e runc.Exit) { - return - } - if ip, ok := p.(*process.Init); ok { -+ ns := filepath.Base(filepath.Dir(ip.Bundle)) -+ events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") -+ ioutil.WriteFile(filepath.Join(ip.Bundle, process.InitExit), []byte(fmt.Sprintf("%d", e.Pid)), 0600) - // Ensure all children are killed - if shouldKillAllOnExit(s.context, s.bundle) { - if err := ip.KillAll(s.context); err != nil { -diff --git a/vendor/github.com/docker/go-events/queue.go b/vendor/github.com/docker/go-events/queue.go -index 4bb770a..5e83b40 100644 ---- a/vendor/github.com/docker/go-events/queue.go -+++ b/vendor/github.com/docker/go-events/queue.go -@@ -4,6 +4,7 @@ import ( - "container/list" - "sync" - -+ topevents "github.com/containerd/containerd/events" - "github.com/sirupsen/logrus" - ) - -@@ -11,11 +12,12 @@ import ( - // by a sink. It is unbounded and thread safe but the sink must be reliable or - // events will be dropped. - type Queue struct { -- dst Sink -- events *list.List -- cond *sync.Cond -- mu sync.Mutex -- closed bool -+ Namespace string -+ dst Sink -+ events *list.List -+ cond *sync.Cond -+ mu sync.Mutex -+ closed bool - } - - // NewQueue returns a queue to the provided Sink dst. -@@ -83,6 +85,12 @@ func (eq *Queue) run() { - "event": event, - "sink": eq.dst, - }).WithError(err).Debug("eventqueue: dropped event") -+ } else { -+ if e, ok := event.(*topevents.Envelope); ok { -+ if ef := e.ExitFile(); ef != "" { -+ topevents.ExitDelFile(eq.Namespace, ef) -+ } -+ } - } - } - } --- -2.33.0 - diff --git a/patch/0003-containerd-cleanup-residual-runc-and-files-force.patch b/patch/0003-containerd-cleanup-residual-runc-and-files-force.patch deleted file mode 100644 index adec89b7d370f4a747a2a7bbf59080f2852efdba..0000000000000000000000000000000000000000 --- a/patch/0003-containerd-cleanup-residual-runc-and-files-force.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 05a237b82a23c5750d0b463f60504fea7a227493 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Mon, 11 Feb 2019 17:40:31 +0800 -Subject: [PATCH] containerd: cleanup residual runc and files force - -reason:kill -9 shim will generate residual runc files, cleanup runc files using -runc delete before create. And if container root path already exists -when call runtime.Create, we try to call runtime.Delete to cleanup it. -But in case runtime.Delete failed, root path will still exists -which causes Create failed with error "container with id exists". -So remove path directly if Delete failed. - -Signed-off-by: jingrui -Signed-off-by: xiadanni ---- - vendor/github.com/containerd/go-runc/runc.go | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index f5f03ae..0feedeb 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -31,6 +31,8 @@ import ( - "strings" - "time" - -+ "github.com/sirupsen/logrus" -+ - specs "github.com/opencontainers/runtime-spec/specs-go" - ) - -@@ -126,6 +128,14 @@ func (o *CreateOpts) args() (out []string, err error) { - - // Create creates a new container and returns its pid if it was created successfully - func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOpts) error { -+ if _, err := os.Stat(filepath.Join(r.Root, id)); err == nil { -+ logrus.Warnf("cleanup residue runtime with bundle %s root=%s", bundle, r.Root) -+ if dErr := r.Delete(context, id, &DeleteOpts{Force: true}); dErr != nil { -+ logrus.Errorf("runtime force delete return err: %v, remove container root err: %v", -+ dErr, os.RemoveAll(filepath.Join(r.Root, id))) -+ } -+ } -+ - args := []string{"create", "--bundle", bundle} - if opts != nil { - oargs, err := opts.args() --- -2.33.0 - diff --git a/patch/0004-containerd-shim-Dump-log-to-file-when-docker-receive.patch b/patch/0004-containerd-shim-Dump-log-to-file-when-docker-receive.patch deleted file mode 100644 index 23d04e8ec4a862072d452d4e8b94cbcd7cb8d459..0000000000000000000000000000000000000000 --- a/patch/0004-containerd-shim-Dump-log-to-file-when-docker-receive.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 3e25022a5aee939a73d67e0bcbd90dd1d343b9d4 Mon Sep 17 00:00:00 2001 -From: lixiang172 -Date: Tue, 12 Feb 2019 15:22:06 +0800 -Subject: [PATCH] containerd-shim: Dump log to file when docker received signal - -reason: Dump stack log to file when docker received "kill -SIGUSR1 -PID" signal -The name of log files is "shim-stack-[time].log". -The log file can be found at: -/run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/container-id/shim-stack-[time].log - -Change-Id: I6d7e03c9a0fd36e9a76f1dd45cfd5312985d03f8 -Signed-off-by: lixiang172 ---- - cmd/containerd-shim/main_unix.go | 3 +++ - vendor/github.com/sirupsen/logrus/exported.go | 4 ++++ - 2 files changed, 7 insertions(+) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index 942f354..6c3326f 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -267,6 +267,8 @@ func handleSignals(logger *logrus.Entry, signals chan os.Signal, server *ttrpc.S - } - } - -+const stacksLogNameTemplate = "shim-stacks-%s.log" -+ - func dumpStacks(logger *logrus.Entry) { - var ( - buf []byte -@@ -279,6 +281,7 @@ func dumpStacks(logger *logrus.Entry) { - bufferLen *= 2 - } - buf = buf[:stackSize] -+ logrus.Devour(ioutil.WriteFile(fmt.Sprintf(stacksLogNameTemplate, strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)), buf, 0600)) - logger.Infof("=== BEGIN goroutine stack dump ===\n%s\n=== END goroutine stack dump ===", buf) - } - -diff --git a/vendor/github.com/sirupsen/logrus/exported.go b/vendor/github.com/sirupsen/logrus/exported.go -index 017c30c..7acc41f 100644 ---- a/vendor/github.com/sirupsen/logrus/exported.go -+++ b/vendor/github.com/sirupsen/logrus/exported.go -@@ -179,6 +179,10 @@ func FatalFn(fn LogFunction) { - std.FatalFn(fn) - } - -+// Devour will do nothing and return directly -+func Devour(args ...interface{}) { -+} -+ - // Tracef logs a message at level Trace on the standard logger. - func Tracef(format string, args ...interface{}) { - std.Tracef(format, args...) --- -2.33.0 - diff --git a/patch/0005-containerd-check-shim-alive-when-containerd-is-resta.patch b/patch/0005-containerd-check-shim-alive-when-containerd-is-resta.patch deleted file mode 100644 index 283132f7e19073fc8c1af55d878b227237b14f84..0000000000000000000000000000000000000000 --- a/patch/0005-containerd-check-shim-alive-when-containerd-is-resta.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 94b1e21950631130c86be5572e8a89bd27d373bb Mon Sep 17 00:00:00 2001 -From: xueshaojia -Date: Thu, 14 Feb 2019 10:48:14 +0800 -Subject: [PATCH] containerd: check shim alive when containerd is restarted - -reason: When containerd is restarted, it will load all tasks.In some cases, the - containerd-shim is killed and the sock file will exist for a while. - Containerd should check the containerd-shim is available using the sock file. - If the containerd-shim server not responses, do r.cleanupAfterDeadShim - -If containerd-shim and containerd process is killed, container will exit, -however containerd exit event which generates when containerd restart to reload -tasks can not publish to dockerd, because at the time of loading tasks the connection -between dockerd and containerd isn't established. - -So we add this unpublish exit event to file and resend this event after grpc connection -is established. ---- - runtime/v1/linux/runtime.go | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index a6efd81..544b692 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -416,6 +416,9 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - "id": id, - "namespace": ns, - }).Error("connecting to shim") -+ if !events.ExitPending(ns, id, uint32(pid)) { -+ events.ExitAddFile(ns, events.ExitFile(id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") -+ } - err := r.cleanupAfterDeadShim(ctx, bundle, ns, id) - if err != nil { - log.G(ctx).WithError(err).WithField("bundle", bundle.path). -@@ -423,6 +426,24 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - } - continue - } -+ ctxContact, cancel := context.WithTimeout(ctx, 5*time.Second) -+ defer cancel() -+ alive, err := s.IsAlive(ctxContact) -+ if !alive { -+ log.G(ctx).WithError(err).WithFields(logrus.Fields{ -+ "id": id, -+ "namespace": ns, -+ }).Error("contacting to shim") -+ if !events.ExitPending(ns, id, uint32(pid)) { -+ events.ExitAddFile(ns, events.ExitFile(id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") -+ } -+ err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid) -+ if err != nil { -+ log.G(ctx).WithError(err).WithField("bundle", bundle.path). -+ Error("cleaning up after dead shim") -+ } -+ continue -+ } - - logDirPath := filepath.Join(r.root, ns, id) - --- -2.33.0 - diff --git a/patch/0006-containerd-Makefile-modify.patch b/patch/0006-containerd-Makefile-modify.patch deleted file mode 100644 index fc0b947864715f5b19c3595c8f90b2d94678c4e2..0000000000000000000000000000000000000000 --- a/patch/0006-containerd-Makefile-modify.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 55064f7d04cb58b7ca9914a96d9831270cdd6887 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 7 Aug 2023 17:26:12 +0800 -Subject: [PATCH] containerd:Makefile modify - ---- - Makefile | 37 +++++++++++++++++++++---------------- - version/version.go | 2 +- - 2 files changed, 22 insertions(+), 17 deletions(-) - -diff --git a/Makefile b/Makefile -index f1b28ce..5b5f54c 100644 ---- a/Makefile -+++ b/Makefile -@@ -30,8 +30,8 @@ MANDIR ?= $(DATADIR)/man - TEST_IMAGE_LIST ?= - - # Used to populate variables in version package. --VERSION ?= $(shell git describe --match 'v[0-9]*' --dirty='.m' --always) --REVISION=$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi) -+VERSION=$(shell cat ./containerd_version) -+REVISION=$(shell cat ./git-commit | head -c 40) - PACKAGE=github.com/containerd/containerd - SHIM_CGO_ENABLED ?= 0 - -@@ -94,13 +94,11 @@ ifneq ($(STATIC),) - endif - GO_TAGS=$(if $(GO_BUILDTAGS),-tags "$(strip $(GO_BUILDTAGS))",) - --GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) $(EXTRA_LDFLAGS) --ifneq ($(STATIC),) -- GO_LDFLAGS += -extldflags "-static" --endif --GO_LDFLAGS+=' -+BEP_DIR=/tmp/containerd-build-bep -+BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep - --SHIM_GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) -extldflags "-static" $(EXTRA_LDFLAGS)' -+GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' -+SHIM_GO_LDFLAGS=-ldflags '-extldflags=-static' -ldflags '-buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -linkmode=external -extldflags=-Wl,-z,relro,-z,now' - - # Project packages. - PACKAGES=$(shell $(GO) list ${GO_TAGS} ./... | grep -v /vendor/ | grep -v /integration) -@@ -203,7 +201,7 @@ build: ## build the go packages - - test: ## run tests, except integration tests and tests that require root - @echo "$(WHALE) $@" -- @$(GOTEST) ${TESTFLAGS} ${PACKAGES} -+ @go test ${TESTFLAGS} ./gc - - root-test: ## run tests, except integration tests - @echo "$(WHALE) $@" -@@ -239,18 +237,25 @@ benchmark: ## run benchmarks tests - - FORCE: - --define BUILD_BINARY --@echo "$(WHALE) $@" --@$(GO) build ${DEBUG_GO_GCFLAGS} ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@ ${GO_LDFLAGS} ${GO_TAGS} ./$< --endef -- - # Build a binary from a cmd. - bin/%: cmd/% FORCE -- $(call BUILD_BINARY) -+ mkdir -p $(BEP_DIR) -+ @echo "$(WHALE) $@${BINARY_SUFFIX}" -+ CGO_ENABLED=1 \ -+ CGO_CFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \ -+ CGO_CPPFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \ -+ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ -+ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ -+ go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< - - bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) $@" -- @CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim -+ CGO_ENABLED=1 \ -+ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ -+ CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ -+ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ -+ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ -+ go build -buildmode=pie ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim - - bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) $@" -diff --git a/version/version.go b/version/version.go -index de124ef..ab2dadc 100644 ---- a/version/version.go -+++ b/version/version.go -@@ -20,7 +20,7 @@ import "runtime" - - var ( - // Package is filled at linking time -- Package = "github.com/containerd/containerd" -+ Package = "" - - // Version holds the complete version number. Filled in at linking time. - Version = "1.6.22+unknown" --- -2.33.0 - diff --git a/patch/0007-containerd-set-create-and-exec-timeout-to-avild-bloc.patch b/patch/0007-containerd-set-create-and-exec-timeout-to-avild-bloc.patch deleted file mode 100644 index 016479f352b5c37c6ab0739d8d9b3875abb97828..0000000000000000000000000000000000000000 --- a/patch/0007-containerd-set-create-and-exec-timeout-to-avild-bloc.patch +++ /dev/null @@ -1,193 +0,0 @@ -From 907578c6d8421d340c353ad27503bbfdb7f422d1 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Fri, 15 Feb 2019 06:00:52 +0800 -Subject: [PATCH] containerd:set create and exec timeout to avild block when - command failed - ---- - cmd/containerd-shim/main_unix.go | 2 +- - sys/reaper/reaper_unix.go | 21 +++++++- - .../github.com/containerd/go-runc/monitor.go | 6 +++ - vendor/github.com/containerd/go-runc/runc.go | 54 +++++++++++++++++-- - 4 files changed, 77 insertions(+), 6 deletions(-) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index 6c3326f..8dfcd90 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -312,7 +312,7 @@ func (l *remoteEventsPublisher) doPublish(ctx context.Context, topic string, eve - if err != nil { - return err - } -- status, err := reaper.Default.WaitTimeout(cmd, c, 30*time.Second) -+ status, err := reaper.Default.WaitTimeout(cmd, c, 30) - if err != nil { - return fmt.Errorf("failed to publish event: %s: %w", b.String(), err) - } -diff --git a/sys/reaper/reaper_unix.go b/sys/reaper/reaper_unix.go -index 6c4f13b..bf42d21 100644 ---- a/sys/reaper/reaper_unix.go -+++ b/sys/reaper/reaper_unix.go -@@ -22,6 +22,10 @@ package reaper - import ( - "errors" - "fmt" -+ "io/ioutil" -+ "path/filepath" -+ "strconv" -+ "strings" - "sync" - "syscall" - "time" -@@ -119,7 +123,8 @@ func (m *Monitor) Wait(c *exec.Cmd, ec chan runc.Exit) (int, error) { - } - - // WaitTimeout is used to skip the blocked command and kill the left process. --func (m *Monitor) WaitTimeout(c *exec.Cmd, ec chan runc.Exit, timeout time.Duration) (int, error) { -+func (m *Monitor) WaitTimeout(c *exec.Cmd, ec chan runc.Exit, sec int64) (int, error) { -+ timeout := time.Duration(sec) * time.Second - type exitStatusWrapper struct { - status int - err error -@@ -281,3 +286,17 @@ func exitStatus(status unix.WaitStatus) int { - } - return status.ExitStatus() - } -+ -+func SameProcess(cmd *exec.Cmd, pid int) bool { -+ bytes, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "cmdline")) -+ if err != nil { -+ return false -+ } -+ for i := range bytes { -+ if bytes[i] == 0 { -+ bytes[i] = 32 -+ } -+ } -+ cmdline := string(bytes) -+ return strings.EqualFold(cmdline, strings.Join(cmd.Args, " ")+" ") -+} -diff --git a/vendor/github.com/containerd/go-runc/monitor.go b/vendor/github.com/containerd/go-runc/monitor.go -index ff06a3f..9756491 100644 ---- a/vendor/github.com/containerd/go-runc/monitor.go -+++ b/vendor/github.com/containerd/go-runc/monitor.go -@@ -40,6 +40,7 @@ type Exit struct { - type ProcessMonitor interface { - Start(*exec.Cmd) (chan Exit, error) - Wait(*exec.Cmd, chan Exit) (int, error) -+ WaitTimeout(*exec.Cmd, chan Exit, int64) (int, error) - } - - type defaultMonitor struct { -@@ -74,3 +75,8 @@ func (m *defaultMonitor) Wait(c *exec.Cmd, ec chan Exit) (int, error) { - e := <-ec - return e.Status, nil - } -+ -+func (m *defaultMonitor) WaitTimeout(c *exec.Cmd, ec chan Exit, sec int64) (int, error) { -+ e := <-ec -+ return e.Status, nil -+} -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index 0feedeb..15fc8e1 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -54,8 +54,20 @@ const ( - Text Format = "text" - // DefaultCommand is the default command for Runc - DefaultCommand = "runc" -+ execTimeout = 30 - ) - -+var ( -+ createTimeout int64 = 120 -+) -+ -+func init() { -+ runtimeTimeout, err := convertTime(os.Getenv("DOCKER_RUNTIME_START_TIMEOUT")) -+ if err == nil { -+ createTimeout = runtimeTimeout -+ } -+} -+ - // List returns all containers created inside the provided runc root directory - func (r *Runc) List(context context.Context) ([]*Container, error) { - data, err := cmdOutput(r.command(context, "list", "--format=json"), false, nil) -@@ -151,7 +165,7 @@ func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOp - cmd.ExtraFiles = opts.ExtraFiles - - if cmd.Stdout == nil && cmd.Stderr == nil { -- data, err := cmdOutput(cmd, true, nil) -+ data, err := cmdOutputTimeout(cmd, true, nil, createTimeout) - defer putBuf(data) - if err != nil { - return fmt.Errorf("%s: %s", err, data.String()) -@@ -169,7 +183,7 @@ func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOp - } - } - } -- status, err := Monitor.Wait(cmd, ec) -+ status, err := Monitor.WaitTimeout(cmd, ec, createTimeout) - if err == nil && status != 0 { - err = fmt.Errorf("%s did not terminate successfully: %w", cmd.Args[0], &ExitError{status}) - } -@@ -235,7 +249,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts - opts.Set(cmd) - } - if cmd.Stdout == nil && cmd.Stderr == nil { -- data, err := cmdOutput(cmd, true, opts.Started) -+ data, err := cmdOutputTimeout(cmd, true, opts.Started, createTimeout) - defer putBuf(data) - if err != nil { - return fmt.Errorf("%w: %s", err, data.String()) -@@ -256,7 +270,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts - } - } - } -- status, err := Monitor.Wait(cmd, ec) -+ status, err := Monitor.WaitTimeout(cmd, ec, execTimeout) - if err == nil && status != 0 { - err = fmt.Errorf("%s did not terminate successfully: %w", cmd.Args[0], &ExitError{status}) - } -@@ -742,6 +756,38 @@ func cmdOutput(cmd *exec.Cmd, combined bool, started chan<- int) (*bytes.Buffer, - return b, err - } - -+func cmdOutputTimeout(cmd *exec.Cmd, combined bool, started chan<- int, timeout int64) (*bytes.Buffer, error) { -+ b := getBuf() -+ defer putBuf(b) -+ -+ cmd.Stdout = b -+ if combined { -+ cmd.Stderr = b -+ } -+ ec, err := Monitor.Start(cmd) -+ if err != nil { -+ return nil, err -+ } -+ if started != nil { -+ started <- cmd.Process.Pid -+ } -+ -+ status, err := Monitor.WaitTimeout(cmd, ec, timeout) -+ if err == nil && status != 0 { -+ err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) -+ } -+ -+ return b, err -+} -+ -+func convertTime(timeout string) (int64, error) { -+ timeDura, err := time.ParseDuration(timeout) -+ if err != nil { -+ return 0, err -+ } -+ return timeDura.Nanoseconds() / 1e9, nil -+} -+ - type ExitError struct { - Status int - } --- -2.33.0 - diff --git a/patch/0008-containerd-skip-load-task-in-creating-and-optimize-i.patch b/patch/0008-containerd-skip-load-task-in-creating-and-optimize-i.patch deleted file mode 100644 index 8d92130687131a667bac7cc5e98527a289bafcfe..0000000000000000000000000000000000000000 --- a/patch/0008-containerd-skip-load-task-in-creating-and-optimize-i.patch +++ /dev/null @@ -1,107 +0,0 @@ -From f696193bd86e3656e328e6f46feb0ad5366ec017 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 23 Feb 2019 15:51:24 +0800 -Subject: [PATCH] containerd: skip load task in creating and optimize init.exit - record - -load task in creating will stuck containerd restore process. - -Change-Id: I2f8b77a88d78597ef2be5122708fc8ab16fad956 -Signed-off-by: jingrui ---- - pkg/process/utils.go | 2 -- - runtime/v1/linux/runtime.go | 7 +++---- - runtime/v1/shim/service.go | 10 ++++++++-- - 3 files changed, 11 insertions(+), 8 deletions(-) - -diff --git a/pkg/process/utils.go b/pkg/process/utils.go -index 5ff04ed..afada02 100644 ---- a/pkg/process/utils.go -+++ b/pkg/process/utils.go -@@ -41,8 +41,6 @@ const ( - RuncRoot = "/run/containerd/runc" - // InitPidFile name of the file that contains the init pid - InitPidFile = "init.pid" -- -- InitExit = "init.exit" - ) - - // safePid is a thread safe wrapper for pid. -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 544b692..421922e 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -386,7 +386,6 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - continue - } - id := path.Name() -- log.G(ctx).Infof("load-task %s", id) - // skip hidden directories - if len(id) > 0 && id[0] == '.' { - continue -@@ -398,6 +397,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - ) - ctx = namespaces.WithNamespace(ctx, ns) - pid, _ := runc.ReadPidFile(filepath.Join(bundle.path, process.InitPidFile)) -+ log.G(ctx).Infof("load-task %s/%s/%s Pid=%d", r.state, ns, id, pid) - shimExit := make(chan struct{}) - s, err := bundle.NewShimClient(ctx, ns, ShimConnect(r.config, func() { - defer close(shimExit) -@@ -495,11 +495,10 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - continue - } - if pid <= 0 { -- _, err := t.DeleteForce(ctx, 0) -- log.G(ctx).Warnf("delete force %s Pid=%d error=%v", id, pid, err) -+ log.G(ctx).Warnf("skip load task in creating %s", id) - continue - } -- if _, err := os.Stat(filepath.Join(bundle.path, process.InitExit)); err == nil { -+ if events.InitExitExist(bundle.path) { - if !events.ExitPending(ns, t.id, uint32(pid)) { - events.ExitAddFile(ns, events.ExitFile(t.id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") - } -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index b00ed9c..32431a4 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -23,10 +23,10 @@ import ( - "context" - "encoding/json" - "fmt" -- "io/ioutil" - "os" - "path/filepath" - "sync" -+ "time" - - "github.com/containerd/console" - eventstypes "github.com/containerd/containerd/api/events" -@@ -148,9 +148,15 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ * - } - defer func() { - if err != nil { -+ logrus.Errorf("create init %s failed error=%v", r.ID, err) - if err2 := mount.UnmountAll(rootfs, 0); err2 != nil { - log.G(ctx).WithError(err2).Warn("Failed to cleanup rootfs mount") - } -+ go func() { -+ time.Sleep(10 * time.Second) -+ os.Exit(0) -+ }() -+ - } - }() - for _, rm := range mounts { -@@ -523,7 +529,7 @@ func (s *Service) checkProcesses(e runc.Exit) { - if ip, ok := p.(*process.Init); ok { - ns := filepath.Base(filepath.Dir(ip.Bundle)) - events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") -- ioutil.WriteFile(filepath.Join(ip.Bundle, process.InitExit), []byte(fmt.Sprintf("%d", e.Pid)), 0600) -+ events.InitExitWrite(ip.Bundle, e.Pid) - // Ensure all children are killed - if shouldKillAllOnExit(s.context, s.bundle) { - if err := ip.KillAll(s.context); err != nil { --- -2.33.0 - diff --git a/patch/0009-containerd-support-kill-D-state-container.patch b/patch/0009-containerd-support-kill-D-state-container.patch deleted file mode 100644 index 9b97e3fcbaac0e90af792c59a3f95f17cd362b29..0000000000000000000000000000000000000000 --- a/patch/0009-containerd-support-kill-D-state-container.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 0e1503aea296e419ec219e36c56edb68f1abaf0f Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Tue, 18 Jun 2019 00:12:41 +0800 -Subject: [PATCH] containerd: support kill D state container - -Change-Id: I80a1c0c4f88530fe9732e6e9a2d1fb222ece118c -Signed-off-by: jingrui ---- - runtime/v1/shim/service.go | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 32431a4..a3b4a8f 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -26,6 +26,7 @@ import ( - "os" - "path/filepath" - "sync" -+ "syscall" - "time" - - "github.com/containerd/console" -@@ -47,6 +48,7 @@ import ( - ptypes "github.com/gogo/protobuf/types" - specs "github.com/opencontainers/runtime-spec/specs-go" - "github.com/sirupsen/logrus" -+ "golang.org/x/sys/unix" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - ) -@@ -375,11 +377,33 @@ func (s *Service) Resume(ctx context.Context, r *ptypes.Empty) (*ptypes.Empty, e - - // Kill a process with the provided signal - func (s *Service) Kill(ctx context.Context, r *shimapi.KillRequest) (*ptypes.Empty, error) { -+ delayKill := func(p process.Process) { -+ if s.id != p.ID() || r.Signal != uint32(syscall.SIGKILL) { -+ return -+ } -+ for i := 1; i < 5; i++ { -+ time.Sleep(10 * time.Second) -+ err := p.Kill(ctx, r.Signal, r.All) -+ logrus.Infof("delay kill %s retry %d error=%v", s.id, i, err) -+ if err != nil { -+ err := unix.Kill(p.Pid(), syscall.SIGKILL) -+ logrus.Infof("delay kill-direct %s retry %d error=%v", s.id, i, err) -+ } -+ } -+ -+ logrus.Infof("force exit shim %s ...", s.id) -+ p.SetExited(137) -+ err := p.Delete(ctx) -+ logrus.Infof("force exit shim %s error=%v", s.id, err) -+ os.Exit(0) -+ } -+ - if r.ID == "" { - p, err := s.getInitProcess() - if err != nil { - return nil, err - } -+ go delayKill(p) - if err := p.Kill(ctx, r.Signal, r.All); err != nil { - return nil, errdefs.ToGRPC(err) - } --- -2.33.0 - diff --git a/patch/0010-containerd-add-shim-exit-when-bundle-dir-does-not-ex.patch b/patch/0010-containerd-add-shim-exit-when-bundle-dir-does-not-ex.patch deleted file mode 100644 index 30d0f8f3ba8acb066245722e474e1fc66022294c..0000000000000000000000000000000000000000 --- a/patch/0010-containerd-add-shim-exit-when-bundle-dir-does-not-ex.patch +++ /dev/null @@ -1,39 +0,0 @@ -From a509386405646122da735e33e0b5e7f9d9e3aaae Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Sat, 13 Jul 2019 06:32:54 +0800 -Subject: [PATCH] containerd:add shim exit when bundle dir does not exist - -reason: when bundle dir is deleted, containerd-shim should exit to avoid -shim.sock is occupied when container restart next time. - -Change-Id: I956412598e17d15f25b91afe1cbb9e24463f04be -Signed-off-by: xiadanni1 ---- - runtime/v1/shim/service.go | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index a3b4a8f..4e9dfee 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -149,6 +149,17 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ * - Options: r.Options, - } - defer func() { -+ go func() { -+ for i := 0; i < 60; i++ { -+ time.Sleep(time.Second) -+ _, err := os.Stat(r.Bundle) -+ logrus.Devour(err) -+ if os.IsNotExist(err) { -+ logrus.Errorf("bundle dir: %v does not exist, containerd-shim exit", r.Bundle) -+ os.Exit(0) -+ } -+ } -+ }() - if err != nil { - logrus.Errorf("create init %s failed error=%v", r.ID, err) - if err2 := mount.UnmountAll(rootfs, 0); err2 != nil { --- -2.33.0 - diff --git a/patch/0011-containerd-change-tmpfile-directory-when-exec.patch b/patch/0011-containerd-change-tmpfile-directory-when-exec.patch deleted file mode 100644 index 237f340a4352aecf1f94caf3ee17f9192c2c2488..0000000000000000000000000000000000000000 --- a/patch/0011-containerd-change-tmpfile-directory-when-exec.patch +++ /dev/null @@ -1,44 +0,0 @@ -From db6e7286f573fa346b3e04f84968fc0bf15edee7 Mon Sep 17 00:00:00 2001 -From: wujibin -Date: Wed, 14 Aug 2019 17:18:24 +0800 -Subject: [PATCH] containerd:change tmpfile directory when exec - -reason: tmp file stored /tmp before change, if mountain of containers -are runing, the diretory will exist too many tmp file - -Change-Id: I1879ba9d09dca41a7571131d7447bf67356ea79c ---- - runtime/v1/linux/task.go | 3 --- - vendor/github.com/containerd/go-runc/runc.go | 2 +- - 2 files changed, 1 insertion(+), 4 deletions(-) - -diff --git a/runtime/v1/linux/task.go b/runtime/v1/linux/task.go -index 70908ae..b013466 100644 ---- a/runtime/v1/linux/task.go -+++ b/runtime/v1/linux/task.go -@@ -99,9 +99,6 @@ func (t *Task) delete(ctx context.Context, force bool, pid uint32) (*runtime.Exi - rsp, shimErr := t.shim.Delete(ctx, empty) - if shimErr != nil { - log.G(ctx).WithError(shimErr).Error("failed to delete container, force=%t", force) -- if !force { -- return nil, errdefs.FromGRPC(shimErr) -- } - } - t.tasks.Delete(ctx, t.id) - if err := t.shim.KillShim(ctx); err != nil { -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index 15fc8e1..20bb836 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -226,7 +226,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts - if opts.Started != nil { - defer close(opts.Started) - } -- f, err := ioutil.TempFile(os.Getenv("XDG_RUNTIME_DIR"), "runc-process") -+ f, err := ioutil.TempFile(".", "runc-process") - if err != nil { - return err - } --- -2.33.0 - diff --git a/patch/0012-containerd-stw-gc-sweep-for-arm64.patch b/patch/0012-containerd-stw-gc-sweep-for-arm64.patch deleted file mode 100644 index c5f01c30c3633e84102a0a04d38656f9b49408fe..0000000000000000000000000000000000000000 --- a/patch/0012-containerd-stw-gc-sweep-for-arm64.patch +++ /dev/null @@ -1,53 +0,0 @@ -From bd5ef07292289252531b73c371e95db1fc0a45c4 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Fri, 18 Oct 2019 14:49:47 +0800 -Subject: [PATCH] containerd: stw gc sweep for arm64 - -Change-Id: I855c13a21c72bf0e91563db7c11e1348a1a78d55 -Signed-off-by: jingrui ---- - cmd/containerd-shim/main_unix.go | 5 ----- - runtime/v1/shim/client/client.go | 4 ++++ - 2 files changed, 4 insertions(+), 5 deletions(-) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index 8dfcd90..8a05d70 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -87,11 +87,6 @@ func init() { - - func main() { - debug.SetGCPercent(40) -- go func() { -- for range time.Tick(30 * time.Second) { -- debug.FreeOSMemory() -- } -- }() - - if debugFlag { - logrus.SetLevel(logrus.DebugLevel) -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index 6e5eae5..fa145c8 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -27,6 +27,7 @@ import ( - "net" - "os" - "path/filepath" -+ "runtime" - "strconv" - "strings" - "sync" -@@ -218,6 +219,9 @@ func newCommand(binary, daemonAddress string, debug bool, config shim.Config, so - cmd.SysProcAttr = getSysProcAttr() - cmd.ExtraFiles = append(cmd.ExtraFiles, socket) - cmd.Env = append(os.Environ(), "GOMAXPROCS=2") -+ if runtime.GOARCH == "arm64" { -+ cmd.Env = append(cmd.Env, "GODEBUG=gcstoptheworld=2") -+ } - cmd.Stdout = stdout - cmd.Stderr = stderr - return cmd, nil --- -2.33.0 - diff --git a/patch/0013-containerd-modify-shim-initiative-exit-time-for-post.patch b/patch/0013-containerd-modify-shim-initiative-exit-time-for-post.patch deleted file mode 100644 index 877f5d4c84ee010854bbd6c6ba9fe72aad520a84..0000000000000000000000000000000000000000 --- a/patch/0013-containerd-modify-shim-initiative-exit-time-for-post.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 4f4fd234119a7ccf7ab9e7cc122f30727ba39b81 Mon Sep 17 00:00:00 2001 -From: liuzekun -Date: Thu, 21 Nov 2019 08:23:35 -0500 -Subject: [PATCH] containerd: modify shim initiative exit time for post hook - -reason: Modify shim initiative exit time for post hook. In consideration -of each post hook has a execution time with timeout(default 120s), we -should ensure enough time to call all post hook. - -Signed-off-by: liuzekun ---- - runtime/v1/shim/service.go | 32 ++++++++++++++++++++++++++------ - 1 file changed, 26 insertions(+), 6 deletions(-) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 4e9dfee..166b866 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -561,12 +561,32 @@ func (s *Service) checkProcesses(e runc.Exit) { - log.G(s.context).Debugf("process with id:%d wasn't found", e.Pid) - return - } -+ shouldKillAll, bundleSpec := shouldKillAllOnExit(s.context, s.bundle) - if ip, ok := p.(*process.Init); ok { - ns := filepath.Base(filepath.Dir(ip.Bundle)) - events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") - events.InitExitWrite(ip.Bundle, e.Pid) -+ go func() { -+ t := 30 -+ defer func() { -+ time.Sleep(time.Duration(t) * time.Second) -+ os.Exit(0) -+ }() -+ if bundleSpec.Hooks == nil { -+ return -+ } -+ postStopHooks := bundleSpec.Hooks.Poststop -+ for _, postStopHook := range postStopHooks { -+ hookTimeout := postStopHook.Timeout -+ if hookTimeout == nil { -+ t += 120 -+ } else { -+ t += *hookTimeout -+ } -+ } -+ }() - // Ensure all children are killed -- if shouldKillAllOnExit(s.context, s.bundle) { -+ if shouldKillAll { - if err := ip.KillAll(s.context); err != nil { - log.G(s.context).WithError(err).WithField("id", ip.ID()). - Error("failed to kill init's children") -@@ -584,25 +604,25 @@ func (s *Service) checkProcesses(e runc.Exit) { - } - } - --func shouldKillAllOnExit(ctx context.Context, bundlePath string) bool { -+func shouldKillAllOnExit(ctx context.Context, bundlePath string) (bool, specs.Spec) { - var bundleSpec specs.Spec - bundleConfigContents, err := os.ReadFile(filepath.Join(bundlePath, "config.json")) - if err != nil { - log.G(ctx).WithError(err).Error("shouldKillAllOnExit: failed to read config.json") -- return true -+ return true, specs.Spec{} - } - if err := json.Unmarshal(bundleConfigContents, &bundleSpec); err != nil { - log.G(ctx).WithError(err).Error("shouldKillAllOnExit: failed to unmarshal bundle json") -- return true -+ return true, specs.Spec{} - } - if bundleSpec.Linux != nil { - for _, ns := range bundleSpec.Linux.Namespaces { - if ns.Type == specs.PIDNamespace && ns.Path == "" { -- return false -+ return false, bundleSpec - } - } - } -- return true -+ return true, bundleSpec - } - - func (s *Service) getContainerPids(ctx context.Context, id string) ([]uint32, error) { --- -2.33.0 - diff --git a/patch/0014-containerd-wrap-and-process-return-errors.patch b/patch/0014-containerd-wrap-and-process-return-errors.patch deleted file mode 100644 index e5b53b93743765919c0b94b41a376eb35c65ac1c..0000000000000000000000000000000000000000 --- a/patch/0014-containerd-wrap-and-process-return-errors.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 648e59028cc546587e877784532cada50d62cfcb Mon Sep 17 00:00:00 2001 -From: liuzekun -Date: Mon, 23 Dec 2019 03:10:49 -0500 -Subject: [PATCH] containerd: wrap and process return errors - -reason: wrap and process return errors - -Signed-off-by: liuzekun ---- - sys/reaper/reaper_unix.go | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/sys/reaper/reaper_unix.go b/sys/reaper/reaper_unix.go -index bf42d21..007e1d0 100644 ---- a/sys/reaper/reaper_unix.go -+++ b/sys/reaper/reaper_unix.go -@@ -31,6 +31,7 @@ import ( - "time" - - runc "github.com/containerd/go-runc" -+ "github.com/sirupsen/logrus" - exec "golang.org/x/sys/execabs" - "golang.org/x/sys/unix" - ) -@@ -112,7 +113,7 @@ func (m *Monitor) Wait(c *exec.Cmd, ec chan runc.Exit) (int, error) { - for e := range ec { - if e.Pid == c.Process.Pid { - // make sure we flush all IO -- c.Wait() -+ logrus.Devour(c.Wait()) - m.Unsubscribe(ec) - return e.Status, nil - } --- -2.33.0 - diff --git a/patch/0015-containerd-add-timeout-for-shim.patch b/patch/0015-containerd-add-timeout-for-shim.patch deleted file mode 100644 index 1769df3651fe24d998c3fe63667df3b351434a84..0000000000000000000000000000000000000000 --- a/patch/0015-containerd-add-timeout-for-shim.patch +++ /dev/null @@ -1,140 +0,0 @@ -From db530829309f6f37184748cd6823868b41f0be3c Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Fri, 3 Jan 2020 03:06:00 +0800 -Subject: [PATCH] containerd:add timeout for shim - ---- - runtime/v1/linux/runtime.go | 2 +- - .../containerd/go-runc/command_other.go | 1 + - vendor/github.com/containerd/go-runc/runc.go | 37 +++++++++++++++---- - 3 files changed, 31 insertions(+), 9 deletions(-) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index ff8de53..c2b146d 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -437,7 +437,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - if !events.ExitPending(ns, id, uint32(pid)) { - events.ExitAddFile(ns, events.ExitFile(id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") - } -- err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid) -+ err := r.cleanupAfterDeadShim(ctx, bundle, ns, id) - if err != nil { - log.G(ctx).WithError(err).WithField("bundle", bundle.path). - Error("cleaning up after dead shim") -diff --git a/vendor/github.com/containerd/go-runc/command_other.go b/vendor/github.com/containerd/go-runc/command_other.go -index b8fd4b8..75d41be 100644 ---- a/vendor/github.com/containerd/go-runc/command_other.go -+++ b/vendor/github.com/containerd/go-runc/command_other.go -@@ -1,3 +1,4 @@ -+//go:build !linux - // +build !linux - - /* -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index 20bb836..ccf3d42 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -54,7 +54,9 @@ const ( - Text Format = "text" - // DefaultCommand is the default command for Runc - DefaultCommand = "runc" -- execTimeout = 30 -+ defaultTimeout = 30 -+ startTimeout = 120 -+ updateTimeout = 60 - ) - - var ( -@@ -86,7 +88,7 @@ func (r *Runc) List(context context.Context) ([]*Container, error) { - - // State returns the state for the container provided by id - func (r *Runc) State(context context.Context, id string) (*Container, error) { -- data, err := cmdOutput(r.command(context, "state", id), true, nil) -+ data, err := cmdOutputTimeout(r.command(context, "state", id), true, nil, defaultTimeout) - defer putBuf(data) - if err != nil { - return nil, fmt.Errorf("%s: %s", err, data.String()) -@@ -192,7 +194,7 @@ func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOp - - // Start will start an already created container - func (r *Runc) Start(context context.Context, id string) error { -- return r.runOrError(r.command(context, "start", id)) -+ return r.runOrErrorTimeout(r.command(context, "start", id), startTimeout) - } - - type ExecOpts struct { -@@ -249,7 +251,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts - opts.Set(cmd) - } - if cmd.Stdout == nil && cmd.Stderr == nil { -- data, err := cmdOutputTimeout(cmd, true, opts.Started, createTimeout) -+ data, err := cmdOutputTimeout(cmd, true, opts.Started, defaultTimeout) - defer putBuf(data) - if err != nil { - return fmt.Errorf("%w: %s", err, data.String()) -@@ -270,7 +272,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts - } - } - } -- status, err := Monitor.WaitTimeout(cmd, ec, execTimeout) -+ status, err := Monitor.WaitTimeout(cmd, ec, defaultTimeout) - if err == nil && status != 0 { - err = fmt.Errorf("%s did not terminate successfully: %w", cmd.Args[0], &ExitError{status}) - } -@@ -349,7 +351,7 @@ func (r *Runc) Kill(context context.Context, id string, sig int, opts *KillOpts) - if opts != nil { - args = append(args, opts.args()...) - } -- return r.runOrError(r.command(context, append(args, id, strconv.Itoa(sig))...)) -+ return r.runOrErrorTimeout(r.command(context, append(args, id, strconv.Itoa(sig))...), defaultTimeout) - } - - // Stats return the stats for a container like cpu, memory, and io -@@ -425,7 +427,7 @@ func (r *Runc) Resume(context context.Context, id string) error { - - // Ps lists all the processes inside the container returning their pids - func (r *Runc) Ps(context context.Context, id string) ([]int, error) { -- data, err := cmdOutput(r.command(context, "ps", "--format", "json", id), true, nil) -+ data, err := cmdOutputTimeout(r.command(context, "ps", "--format", "json", id), true, nil, defaultTimeout) - defer putBuf(data) - if err != nil { - return nil, fmt.Errorf("%s: %s", err, data.String()) -@@ -638,7 +640,7 @@ func (r *Runc) Update(context context.Context, id string, resources *specs.Linux - args := []string{"update", "--resources", "-", id} - cmd := r.command(context, args...) - cmd.Stdin = buf -- return r.runOrError(cmd) -+ return r.runOrErrorTimeout(cmd, updateTimeout) - } - - var ErrParseRuncVersion = errors.New("unable to parse runc version") -@@ -731,6 +733,25 @@ func (r *Runc) runOrError(cmd *exec.Cmd) error { - return nil - } - -+func (r *Runc) runOrErrorTimeout(cmd *exec.Cmd, runTimeout int64) error { -+ if cmd.Stdout != nil || cmd.Stderr != nil { -+ ec, err := Monitor.Start(cmd) -+ if err != nil { -+ return err -+ } -+ status, err := Monitor.WaitTimeout(cmd, ec, runTimeout) -+ if err == nil && status != 0 { -+ err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) -+ } -+ return err -+ } -+ data, err := cmdOutputTimeout(cmd, true, nil, runTimeout) -+ if err != nil { -+ return fmt.Errorf("%s: %s", err, data) -+ } -+ return nil -+} -+ - // callers of cmdOutput are expected to call putBuf on the returned Buffer - // to ensure it is released back to the shared pool after use. - func cmdOutput(cmd *exec.Cmd, combined bool, started chan<- int) (*bytes.Buffer, error) { --- -2.33.0 - diff --git a/patch/0016-containerd-clean-up-residual-container-after-shim-ab.patch b/patch/0016-containerd-clean-up-residual-container-after-shim-ab.patch deleted file mode 100644 index cd60acddee98d3d280ea6bd936e283dd2aaf8136..0000000000000000000000000000000000000000 --- a/patch/0016-containerd-clean-up-residual-container-after-shim-ab.patch +++ /dev/null @@ -1,88 +0,0 @@ -From f098df67f8b57c0dfce5d2177e7c3c51eee23b7a Mon Sep 17 00:00:00 2001 -From: zhangtianyang -Date: Thu, 27 Feb 2020 16:51:59 +0800 -Subject: [PATCH] containerd: clean up residual container after shim abnormal - exit - -reason:from update/revert test an occasional failure has been found that -shim process has exited but container is still running, then following exec -call all report ttrpc close error. -the triggering condition is uncertain. this patch will make up the clean -work of the residual container after such failure occurred to avoid -subsequent call errors. - -Change-Id: I0da9d4e46010cbe58f2fda21895caeb301936c47 -Signed-off-by: zhangtianyang ---- - runtime/v1/linux/runtime.go | 7 +++++++ - services/tasks/local.go | 24 ++++++++++++++++++++++++ - 2 files changed, 31 insertions(+) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index c2b146d..fa03e5c 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -560,6 +560,13 @@ func (r *Runtime) cleanupAfterDeadShim(ctx context.Context, bundle *bundle, ns, - return nil - } - -+func (r *Runtime) CleanupAfterDeadShim(ctx context.Context, ns, id string) error { -+ bund := &bundle{id: id, -+ path: filepath.Join(r.state, ns, id), -+ workDir: filepath.Join(r.root, ns, id)} -+ return r.cleanupAfterDeadShim(ctx, bund, ns, id) -+} -+ - func (r *Runtime) terminate(ctx context.Context, bundle *bundle, ns, id string) error { - rt, err := r.getRuntime(ctx, ns, id) - if err != nil { -diff --git a/services/tasks/local.go b/services/tasks/local.go -index 96ed36c..7f60d25 100644 ---- a/services/tasks/local.go -+++ b/services/tasks/local.go -@@ -43,6 +43,7 @@ import ( - "github.com/containerd/containerd/plugin" - "github.com/containerd/containerd/runtime" - "github.com/containerd/containerd/runtime/linux/runctypes" -+ "github.com/containerd/containerd/runtime/v1/linux" - "github.com/containerd/containerd/runtime/v2/runc/options" - "github.com/containerd/containerd/services" - "github.com/containerd/typeurl" -@@ -441,11 +442,34 @@ func (l *local) Kill(ctx context.Context, r *api.KillRequest, _ ...grpc.CallOpti - } - } - if err := p.Kill(ctx, r.Signal, r.All); err != nil { -+ if (r.Signal == 9 || r.Signal == 15) && strings.Contains(err.Error(), "ttrpc: client shutting down") { -+ // not sure under what conditions will cause such ttrpc error. since the error has -+ // happened, we have to make up the clean up work to avoid container residue. -+ cleanErr := l.cleanupResidualContainer(ctx, r, t.Namespace()) -+ log.G(ctx).WithField("clean error", cleanErr).Warnf( -+ "previous actions might encounter failure, try clean up the dead container.") -+ } - return nil, errdefs.ToGRPC(err) - } - return empty, nil - } - -+func (l *local) cleanupResidualContainer(ctx context.Context, r *api.KillRequest, namespace string) error { -+ container, err := l.getContainer(ctx, r.ContainerID) -+ if err != nil { -+ return fmt.Errorf("failed to get container %s, %v", r.ContainerID, err) -+ } -+ rt, err := l.getRuntime(container.Runtime.Name) -+ if err != nil { -+ return fmt.Errorf("failed to get runtime %s, %v", container.Runtime.Name, err) -+ } -+ lRuntime, ok := rt.(*linux.Runtime) -+ if !ok { -+ return fmt.Errorf("no clean work for runtime other than linux ones") -+ } -+ return lRuntime.CleanupAfterDeadShim(ctx, namespace, r.ContainerID) -+} -+ - func (l *local) ListPids(ctx context.Context, r *api.ListPidsRequest, _ ...grpc.CallOption) (*api.ListPidsResponse, error) { - t, err := l.getTask(ctx, r.ContainerID) - if err != nil { --- -2.33.0 - diff --git a/patch/0017-containerd-add-LLT-for-containerd-shim-timeout-requi.patch b/patch/0017-containerd-add-LLT-for-containerd-shim-timeout-requi.patch deleted file mode 100644 index 1671a92d8dbcf73598496666b9ba348e322e7cff..0000000000000000000000000000000000000000 --- a/patch/0017-containerd-add-LLT-for-containerd-shim-timeout-requi.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 454edc405b301dad778114c5669db618d6c0770e Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Tue, 3 Mar 2020 06:29:56 +0800 -Subject: [PATCH] containerd:add LLT for containerd-shim timeout requirement - -reason:add LLT testcases for containerd-shim timeout requirement. - -Change-Id: If422542b72f3550d86a6eba6b19d0cdea2d2a660 -Signed-off-by: xiadanni1 ---- - .../containerd/go-runc/runc_test.go | 90 +++++++++++++++++++ - 1 file changed, 90 insertions(+) - create mode 100644 vendor/github.com/containerd/go-runc/runc_test.go - -diff --git a/vendor/github.com/containerd/go-runc/runc_test.go b/vendor/github.com/containerd/go-runc/runc_test.go -new file mode 100644 -index 0000000..8f9212d ---- /dev/null -+++ b/vendor/github.com/containerd/go-runc/runc_test.go -@@ -0,0 +1,90 @@ -+package runc -+ -+import ( -+ "context" -+ "os" -+ "os/exec" -+ "testing" -+ -+ specs "github.com/opencontainers/runtime-spec/specs-go" -+) -+ -+func TestRuncCommandInvoke(t *testing.T) { -+ rc := &Runc{ -+ Command: "/bin/true", -+ } -+ ctx := context.Background() -+ id := "containerid" -+ bundle := "bundlepath" -+ -+ createOpts := CreateOpts{} -+ err := rc.Create(ctx, id, bundle, &createOpts) -+ if err != nil { -+ t.Errorf("Create command invoke error, %v", err) -+ } -+ -+ err = rc.Start(ctx, id) -+ if err != nil { -+ t.Errorf("Start command invoke error, %v", err) -+ } -+ -+ execSpec := specs.Process{} -+ nullIO, _ := NewNullIO() -+ execOpts := ExecOpts{IO: nullIO} -+ err = rc.Exec(ctx, id, execSpec, &execOpts) -+ if err != nil { -+ t.Errorf("Exec command invoke error, %v", err) -+ } -+ -+ execOptsnil := ExecOpts{} -+ err = rc.Exec(ctx, id, execSpec, &execOptsnil) -+ if err != nil { -+ t.Errorf("Exec command invoke error, %v", err) -+ } -+ -+ killOpts := KillOpts{} -+ err = rc.Kill(ctx, id, 9, &killOpts) -+ if err != nil { -+ t.Errorf("Kill command invoke error, %v", err) -+ } -+ -+ resource := specs.LinuxResources{} -+ err = rc.Update(ctx, id, &resource) -+ if err != nil { -+ t.Errorf("Update command invoke error, %v", err) -+ } -+ -+ _, err = rc.State(ctx, id) -+ if err == nil { -+ t.Errorf("State command invoke should return error") -+ } -+ -+ _, err = rc.Ps(ctx, id) -+ if err == nil { -+ t.Errorf("Ps command invoke should return error") -+ } -+} -+ -+func TestRunOrErrorTimeout(t *testing.T) { -+ rc := &Runc{} -+ -+ cmd := exec.Cmd{Path: "/bin/bash2"} -+ cmd.Stdout = os.Stdout -+ err := rc.runOrErrorTimeout(&cmd, 10) -+ if err == nil { -+ t.Errorf("runOrErrorTimeout should return error") -+ } -+ -+ cmd = exec.Cmd{Path: "/usr/bin/sleep", Args: []string{"2"}} -+ cmd.Stdout = os.Stdout -+ rc.runOrErrorTimeout(&cmd, 1) -+ if err == nil { -+ t.Errorf("runOrErrorTimeout should return error") -+ } -+ -+ cmd = exec.Cmd{Path: "/usr/bin/sleep", Args: []string{"2"}} -+ rc.runOrErrorTimeout(&cmd, 1) -+ if err == nil { -+ t.Errorf("runOrErrorTimeout should return error") -+ } -+} --- -2.33.0 - diff --git a/patch/0018-containerd-save-dumpstack-to-file.patch b/patch/0018-containerd-save-dumpstack-to-file.patch deleted file mode 100644 index da02bbddbf3995402ac55a8091b553e19fb0fb2f..0000000000000000000000000000000000000000 --- a/patch/0018-containerd-save-dumpstack-to-file.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 67bf28cc777513cb52c39d0e7961420c1690173b Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Tue, 3 Mar 2020 09:01:22 +0800 -Subject: [PATCH] containerd:save dumpstack to file - -Change-Id: I54a41a13b4523de279337a9ff208347859c0fb4d -Signed-off-by: xiadanni1 ---- - cmd/containerd/command/main.go | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/cmd/containerd/command/main.go b/cmd/containerd/command/main.go -index 9897dff..3d54b50 100644 ---- a/cmd/containerd/command/main.go -+++ b/cmd/containerd/command/main.go -@@ -20,11 +20,13 @@ import ( - gocontext "context" - "fmt" - "io" -+ "io/ioutil" - "net" - "os" - "os/signal" - "path/filepath" - "runtime" -+ "strings" - "time" - - "github.com/containerd/containerd/defaults" -@@ -376,6 +378,7 @@ func dumpStacks(writeToFile bool) { - bufferLen *= 2 - } - buf = buf[:stackSize] -+ logrus.Devour(ioutil.WriteFile(fmt.Sprintf("/var/run/docker/containerd/containerd-stacks-%s.log", strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)), buf, 0600)) - log.L.Infof("=== BEGIN goroutine stack dump ===\n%s\n=== END goroutine stack dump ===", buf) - - if writeToFile { --- -2.33.0 - diff --git a/patch/0019-containerd-add-timeout-for-delete-command.patch b/patch/0019-containerd-add-timeout-for-delete-command.patch deleted file mode 100644 index b360f9f5403f58b510457f35119f7793f843cc52..0000000000000000000000000000000000000000 --- a/patch/0019-containerd-add-timeout-for-delete-command.patch +++ /dev/null @@ -1,135 +0,0 @@ -From fea270498ee58eb1a3632f564d4f3b72e9e713e7 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Tue, 3 Mar 2020 06:31:18 +0800 -Subject: [PATCH] containerd:add timeout for delete command - -Change-Id: I620d2f19a8ac9086b5c83792a6fe49b0389da87d -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/task.go | 2 +- - sys/reaper/reaper_unix.go | 18 ----------- - .../github.com/containerd/go-runc/monitor.go | 32 +++++++++++++++++-- - vendor/github.com/containerd/go-runc/runc.go | 3 +- - 4 files changed, 33 insertions(+), 22 deletions(-) - -diff --git a/runtime/v1/linux/task.go b/runtime/v1/linux/task.go -index b013466..4145846 100644 ---- a/runtime/v1/linux/task.go -+++ b/runtime/v1/linux/task.go -@@ -98,7 +98,7 @@ func (t *Task) PID(_ context.Context) (uint32, error) { - func (t *Task) delete(ctx context.Context, force bool, pid uint32) (*runtime.Exit, error) { - rsp, shimErr := t.shim.Delete(ctx, empty) - if shimErr != nil { -- log.G(ctx).WithError(shimErr).Error("failed to delete container, force=%t", force) -+ log.G(ctx).WithError(shimErr).Errorf("failed to delete container, force=%t", force) - } - t.tasks.Delete(ctx, t.id) - if err := t.shim.KillShim(ctx); err != nil { -diff --git a/sys/reaper/reaper_unix.go b/sys/reaper/reaper_unix.go -index 007e1d0..61c2e8a 100644 ---- a/sys/reaper/reaper_unix.go -+++ b/sys/reaper/reaper_unix.go -@@ -22,10 +22,6 @@ package reaper - import ( - "errors" - "fmt" -- "io/ioutil" -- "path/filepath" -- "strconv" -- "strings" - "sync" - "syscall" - "time" -@@ -287,17 +283,3 @@ func exitStatus(status unix.WaitStatus) int { - } - return status.ExitStatus() - } -- --func SameProcess(cmd *exec.Cmd, pid int) bool { -- bytes, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "cmdline")) -- if err != nil { -- return false -- } -- for i := range bytes { -- if bytes[i] == 0 { -- bytes[i] = 32 -- } -- } -- cmdline := string(bytes) -- return strings.EqualFold(cmdline, strings.Join(cmd.Args, " ")+" ") --} -diff --git a/vendor/github.com/containerd/go-runc/monitor.go b/vendor/github.com/containerd/go-runc/monitor.go -index 9756491..73c8ac1 100644 ---- a/vendor/github.com/containerd/go-runc/monitor.go -+++ b/vendor/github.com/containerd/go-runc/monitor.go -@@ -17,9 +17,16 @@ - package runc - - import ( -+ "io/ioutil" - "os/exec" -+ "path/filepath" -+ "strconv" -+ "strings" - "syscall" - "time" -+ -+ "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - var Monitor ProcessMonitor = &defaultMonitor{} -@@ -77,6 +84,27 @@ func (m *defaultMonitor) Wait(c *exec.Cmd, ec chan Exit) (int, error) { - } - - func (m *defaultMonitor) WaitTimeout(c *exec.Cmd, ec chan Exit, sec int64) (int, error) { -- e := <-ec -- return e.Status, nil -+ select { -+ case <-time.After(time.Duration(sec) * time.Second): -+ if SameProcess(c, c.Process.Pid) { -+ logrus.Devour(syscall.Kill(c.Process.Pid, syscall.SIGKILL)) -+ } -+ return 0, errors.Errorf("timeout %ds for cmd(pid=%d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) -+ case e := <-ec: -+ return e.Status, nil -+ } -+} -+ -+func SameProcess(cmd *exec.Cmd, pid int) bool { -+ bytes, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "cmdline")) -+ if err != nil { -+ return false -+ } -+ for i := range bytes { -+ if bytes[i] == 0 { -+ bytes[i] = 32 -+ } -+ } -+ cmdline := string(bytes) -+ return strings.EqualFold(cmdline, strings.Join(cmd.Args, " ")+" ") - } -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index ccf3d42..552515c 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -57,6 +57,7 @@ const ( - defaultTimeout = 30 - startTimeout = 120 - updateTimeout = 60 -+ deleteTimeout = 120 - ) - - var ( -@@ -328,7 +329,7 @@ func (r *Runc) Delete(context context.Context, id string, opts *DeleteOpts) erro - if opts != nil { - args = append(args, opts.args()...) - } -- return r.runOrError(r.command(context, append(args, id)...)) -+ return r.runOrErrorTimeout(r.command(context, append(args, id)...), deleteTimeout) - } - - // KillOpts specifies options for killing a container and its processes --- -2.33.0 - diff --git a/patch/0020-containerd-check-if-bundle-exists-before-create-bund.patch b/patch/0020-containerd-check-if-bundle-exists-before-create-bund.patch deleted file mode 100644 index 5181256b60757e888efefce374a10e756a2d4a1e..0000000000000000000000000000000000000000 --- a/patch/0020-containerd-check-if-bundle-exists-before-create-bund.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 9d29bd060a8a0fa5783d6bbaff6ce57326b2c065 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Fri, 6 Nov 2020 10:19:26 +0800 -Subject: [PATCH] containerd: check if bundle exists before create bundle - -reason: If container starts following tightly the last stop, bundle -directory may be deleted by the not yet completed stop, which may cause -container start fail. So we add bundle check during start to avoid this, -if bundle exists, wait for it to clean up. - -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/bundle.go | 17 ++++++++++++++++- - 1 file changed, 16 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/linux/bundle.go b/runtime/v1/linux/bundle.go -index b1830d0..d01d41b 100644 ---- a/runtime/v1/linux/bundle.go -+++ b/runtime/v1/linux/bundle.go -@@ -26,12 +26,14 @@ import ( - "fmt" - "os" - "path/filepath" -+ "time" - - "github.com/containerd/containerd/events/exchange" - "github.com/containerd/containerd/runtime/linux/runctypes" - "github.com/containerd/containerd/runtime/v1/shim" - "github.com/containerd/containerd/runtime/v1/shim/client" - "github.com/opencontainers/runtime-spec/specs-go" -+ "github.com/sirupsen/logrus" - ) - - // loadBundle loads an existing bundle from disk -@@ -49,6 +51,19 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) { - return nil, err - } - path = filepath.Join(path, id) -+ workDir = filepath.Join(workDir, id) -+ -+ for waitTime := 10 * time.Millisecond; ; waitTime *= 2 { -+ if _, err = os.Stat(workDir); err != nil { -+ break -+ } -+ logrus.Debugf("bundle-check: wait time %v", waitTime) -+ if waitTime > 2*time.Second { -+ logrus.Warnf("bundle-check: waiting cleanup bundle timeout, start anyway") -+ break -+ } -+ time.Sleep(waitTime) -+ } - if err := os.Mkdir(path, 0700); err != nil { - return nil, err - } -@@ -60,7 +75,7 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) { - if err := prepareBundleDirectoryPermissions(path, spec); err != nil { - return nil, err - } -- workDir = filepath.Join(workDir, id) -+ - if err := os.MkdirAll(workDir, 0711); err != nil { - return nil, err - } --- -2.33.0 - diff --git a/patch/0021-containerd-kill-container-init-process-if-runc-start.patch b/patch/0021-containerd-kill-container-init-process-if-runc-start.patch deleted file mode 100644 index ce36533f49305c58b0af2e363870ce25c8efccaa..0000000000000000000000000000000000000000 --- a/patch/0021-containerd-kill-container-init-process-if-runc-start.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 4cb4c0ce6500539b4c6e4bf83a4ed1510d698338 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Mon, 1 Feb 2021 19:36:53 +0800 -Subject: [PATCH] containerd: kill container init process if runc start returns - error - -Signed-off-by: xiadanni ---- - pkg/process/init.go | 4 +++ - utils/utils.go | 60 +++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 64 insertions(+) - create mode 100644 utils/utils.go - -diff --git a/pkg/process/init.go b/pkg/process/init.go -index 26aebdc..d373851 100644 ---- a/pkg/process/init.go -+++ b/pkg/process/init.go -@@ -34,6 +34,7 @@ import ( - "github.com/containerd/containerd/log" - "github.com/containerd/containerd/mount" - "github.com/containerd/containerd/pkg/stdio" -+ "github.com/containerd/containerd/utils" - "github.com/containerd/fifo" - runc "github.com/containerd/go-runc" - google_protobuf "github.com/gogo/protobuf/types" -@@ -262,6 +263,9 @@ func (p *Init) Start(ctx context.Context) error { - - func (p *Init) start(ctx context.Context) error { - err := p.runtime.Start(ctx, p.id) -+ if err != nil { -+ utils.KillInitProcess(p.id, p.pid) -+ } - return p.runtimeError(err, "OCI runtime start failed") - } - -diff --git a/utils/utils.go b/utils/utils.go -new file mode 100644 -index 0000000..772b15d ---- /dev/null -+++ b/utils/utils.go -@@ -0,0 +1,60 @@ -+/* -+Use of this source code is governed by Apache-2.0 -+license that can be found in the LICENSE file. -+Description: common functions -+Author: Danni Xia -+Create: 2021-01-30 -+*/ -+ -+package utils -+ -+import ( -+ "encoding/json" -+ "io/ioutil" -+ "path/filepath" -+ "strconv" -+ "strings" -+ "syscall" -+ -+ "github.com/sirupsen/logrus" -+) -+ -+type baseState struct { -+ InitProcessStartTime string `json:"init_process_start"` -+} -+ -+func KillInitProcess(cid string, pid int) { -+ if IsInitProcess(cid, pid) { -+ syscall.Kill(pid, syscall.SIGKILL) -+ } -+} -+ -+func IsInitProcess(cid string, pid int) bool { -+ stateBytes, err1 := ioutil.ReadFile(filepath.Join("/var/run/docker/runtime-runc/moby", cid, "state.json")) -+ statBytes, err2 := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "stat")) -+ if err1 != nil || err2 != nil { -+ return true -+ } -+ -+ s := strings.Split(string(statBytes), ")") -+ if len(s) < 1 { -+ return true -+ } -+ -+ statFields := strings.Split(strings.TrimSpace(s[len(s)-1]), " ") -+ if len(statFields) < 20 { -+ return true -+ } -+ -+ var baseState baseState -+ if err := json.Unmarshal(stateBytes, &baseState); err != nil { -+ return true -+ } -+ -+ if baseState.InitProcessStartTime == statFields[19] { -+ return true -+ } -+ -+ logrus.Warnf("process(pid:%d, start time:%s) is not container %s init process", pid, statFields[19], cid) -+ return false -+} --- -2.33.0 - diff --git a/patch/0022-containerd-fix-containerd-shim-residual-when-kill-co.patch b/patch/0022-containerd-fix-containerd-shim-residual-when-kill-co.patch deleted file mode 100644 index 4a37f16b0c6b74a5ef229b58da2d9d8a51729e91..0000000000000000000000000000000000000000 --- a/patch/0022-containerd-fix-containerd-shim-residual-when-kill-co.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 246fa098a96a14321da47d5df491ead7800b9c92 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Fri, 19 Feb 2021 16:37:48 +0800 -Subject: [PATCH] containerd: fix containerd-shim residual when kill containerd - during starting container - -after shim process started, containerd will write shim socket address -to address file, but if containerd is killed before write file, new -containerd process could not get shim socket address, and will not -kill it even if that shim could not work. -so we write address file ahead of starting shim process. - -Signed-off-by: xiadanni ---- - runtime/v1/shim/client/client.go | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index fa145c8..64a9aa2 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -93,6 +93,10 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - go io.Copy(stdoutCopy, stdoutLog) - go io.Copy(stderrCopy, stderrLog) - -+ if err := writeFile(filepath.Join(config.Path, "address"), address); err != nil { -+ return nil, nil, err -+ } -+ - cmd, err := newCommand(binary, daemonAddress, debug, config, f, stdoutLog, stderrLog) - if err != nil { - return nil, nil, err -@@ -123,9 +127,6 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - "debug": debug, - }).Infof("shim %s started", binary) - -- if err := writeFile(filepath.Join(config.Path, "address"), address); err != nil { -- return nil, nil, err -- } - if err := writeFile(filepath.Join(config.Path, "shim.pid"), strconv.Itoa(cmd.Process.Pid)); err != nil { - return nil, nil, err - } --- -2.33.0 - diff --git a/patch/0023-containerd-fix-exec-event-missing-due-to-pid-reuse.patch b/patch/0023-containerd-fix-exec-event-missing-due-to-pid-reuse.patch deleted file mode 100644 index 692e21f315434de72acce1d5584b0d234d54bdbb..0000000000000000000000000000000000000000 --- a/patch/0023-containerd-fix-exec-event-missing-due-to-pid-reuse.patch +++ /dev/null @@ -1,156 +0,0 @@ -From fab5e09d4bdcce7748e036a8820078d826d00d49 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 20 Feb 2021 09:06:22 +0800 -Subject: [PATCH] containerd: fix exec event missing due to pid reuse - -When many exec request exit at nearly sametime, the Exit can match with -wrong process and return directly, the event for right process will lost -in this case. - -time="2021-02-19T21:10:12.250841280+08:00" level=info msg=event Pid=11623 containerID=a32a1b7923db55ebdc7483e2b9cd986e5efc750b989ad3507eb866835e8e37f4 execID=0b412ecaed98f9ea71168599a9363b8aa3b047187eadaa74973bb6c63a66118d module=libcontainerd namespace=moby topic=/tasks/exec-started -time="2021-02-19T21:10:12+08:00" level=info msg="try publish event(1) /tasks/exit &TaskExit{ContainerID:a32a1b7923db55ebdc7483e2b9cd986e5efc750b989ad3507eb866835e8e37f4,ID:0b412ecaed98f9ea71168599a9363b8aa3b047187eadaa74973bb6c63a66118d,Pid:11623,ExitStatus:0,ExitedAt:2021-02-19 21:10:12.27697416 +0800 CST m=+1893.164673481,} " -time="2021-02-19T21:11:02.944643980+08:00" level=debug msg="starting exec command 64cd335311e9b3c1c11e7360a374e3218efeb02e6578d7bc0811bad3f1820e16 in container a32a1b7923db55ebdc7483e2b9cd986e5efc750b989ad3507eb866835e8e37f4" -time="2021-02-19T21:11:06.201162360+08:00" level=debug msg="event published" ns=moby topic="/tasks/exec-started" type=containerd.events.TaskExecStarted -time="2021-02-19T21:11:57.961615320+08:00" level=warning msg="Ignoring Exit Event, no such exec command found" container=a32a1b7923db55ebdc7483e2b9cd986e5efc750b989ad3507eb866835e8e37f4 exec-id=0b412ecaed98f9ea71168599a9363b8aa3b047187eadaa74973bb6c63a66118d exec-pid=11623 - -From logs above, execID=0b412ecae with Pid=11623 exit and event -published, but new exec execID=64cd335 command reuse the Pid, but Exit -event still match previous execID=0b412ecae. so exit event for -execID=64cd335 will lost. - -Change-Id: If591a282a1cc0305758130a936ee8b92c88acc6c -Signed-off-by: jingrui ---- - pkg/process/exec.go | 4 ++ - runtime/v1/shim/service.go | 92 +++++++++++++++++++------------------- - 2 files changed, 50 insertions(+), 46 deletions(-) - -diff --git a/pkg/process/exec.go b/pkg/process/exec.go -index dcd7592..9916042 100644 ---- a/pkg/process/exec.go -+++ b/pkg/process/exec.go -@@ -90,6 +90,10 @@ func (e *execProcess) SetExited(status int) { - defer e.mu.Unlock() - - e.execState.SetExited(status) -+ -+ e.pid.Lock() -+ e.pid.pid = -1 -+ e.pid.Unlock() - } - - func (e *execProcess) setExited(status int) { -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 166b866..dd1a935 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -548,60 +548,60 @@ func (s *Service) processExits() { - } - - func (s *Service) checkProcesses(e runc.Exit) { -- var p process.Process - s.mu.Lock() -- for _, proc := range s.processes { -- if proc.Pid() == e.Pid { -- p = proc -- break -- } -- } -- s.mu.Unlock() -- if p == nil { -- log.G(s.context).Debugf("process with id:%d wasn't found", e.Pid) -- return -- } -+ defer s.mu.Unlock() -+ -+ match := 0 - shouldKillAll, bundleSpec := shouldKillAllOnExit(s.context, s.bundle) -- if ip, ok := p.(*process.Init); ok { -- ns := filepath.Base(filepath.Dir(ip.Bundle)) -- events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") -- events.InitExitWrite(ip.Bundle, e.Pid) -- go func() { -- t := 30 -- defer func() { -- time.Sleep(time.Duration(t) * time.Second) -- os.Exit(0) -- }() -- if bundleSpec.Hooks == nil { -- return -+ -+ for _, p := range s.processes { -+ if p.Pid() == e.Pid { -+ match++ -+ if match > 1 { -+ logrus.Warnf("exit for pid=%d match %d processes", e.Pid, match) - } -- postStopHooks := bundleSpec.Hooks.Poststop -- for _, postStopHook := range postStopHooks { -- hookTimeout := postStopHook.Timeout -- if hookTimeout == nil { -- t += 120 -- } else { -- t += *hookTimeout -+ if ip, ok := p.(*process.Init); ok { -+ ns := filepath.Base(filepath.Dir(ip.Bundle)) -+ events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") -+ events.InitExitWrite(ip.Bundle, e.Pid) -+ go func() { -+ t := 30 -+ defer func() { -+ time.Sleep(time.Duration(t) * time.Second) -+ os.Exit(0) -+ }() -+ if bundleSpec.Hooks == nil { -+ return -+ } -+ postStopHooks := bundleSpec.Hooks.Poststop -+ for _, postStopHook := range postStopHooks { -+ hookTimeout := postStopHook.Timeout -+ if hookTimeout == nil { -+ t += 120 -+ } else { -+ t += *hookTimeout -+ } -+ } -+ }() -+ // Ensure all children are killed -+ if shouldKillAll { -+ if err := ip.KillAll(s.context); err != nil { -+ log.G(s.context).WithError(err).WithField("id", ip.ID()). -+ Error("failed to kill init's children") -+ } - } - } -- }() -- // Ensure all children are killed -- if shouldKillAll { -- if err := ip.KillAll(s.context); err != nil { -- log.G(s.context).WithError(err).WithField("id", ip.ID()). -- Error("failed to kill init's children") -+ -+ p.SetExited(e.Status) -+ s.events <- &eventstypes.TaskExit{ -+ ContainerID: s.id, -+ ID: p.ID(), -+ Pid: uint32(e.Pid), -+ ExitStatus: uint32(e.Status), -+ ExitedAt: p.ExitedAt(), - } - } - } -- -- p.SetExited(e.Status) -- s.events <- &eventstypes.TaskExit{ -- ContainerID: s.id, -- ID: p.ID(), -- Pid: uint32(e.Pid), -- ExitStatus: uint32(e.Status), -- ExitedAt: p.ExitedAt(), -- } - } - - func shouldKillAllOnExit(ctx context.Context, bundlePath string) (bool, specs.Spec) { --- -2.33.0 - diff --git a/patch/0024-containerd-fix-dm-left-when-pause-contaienr-and-kill.patch b/patch/0024-containerd-fix-dm-left-when-pause-contaienr-and-kill.patch deleted file mode 100644 index 1f80391ddc4207d7cf21eb61b0df0e4b59cedb8d..0000000000000000000000000000000000000000 --- a/patch/0024-containerd-fix-dm-left-when-pause-contaienr-and-kill.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 2a40033d0fa4ae8cf843631c25562163edffc02d Mon Sep 17 00:00:00 2001 -From: chenjiankun -Date: Mon, 19 Apr 2021 17:08:09 +0800 -Subject: [PATCH] containerd: fix dm left when pause contaienr and kill shim - - -when shim process be killed, we will delete the runtime, but if the -status is paused, it can't be delete. So we need to resume the shim -process before delete it. ---- - runtime/v1/linux/runtime.go | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index fa03e5c..18a0a40 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -572,6 +572,14 @@ func (r *Runtime) terminate(ctx context.Context, bundle *bundle, ns, id string) - if err != nil { - return err - } -+ state, err := rt.State(ctx, id) -+ if err == nil && state.Status == "paused" { -+ logrus.Warnf("container %s status is paused, try to resume before delete", id) -+ err := rt.Resume(ctx, id) -+ if err != nil { -+ log.G(ctx).WithError(err).Errorf("runtime resume %s error", id) -+ } -+ } - if err := rt.Delete(ctx, id, &runc.DeleteOpts{ - Force: true, - }); err != nil { --- -2.33.0 - diff --git a/patch/0025-containerd-drop-opt-package.patch b/patch/0025-containerd-drop-opt-package.patch deleted file mode 100644 index 80ec6456333dcb5aa2c856606bbfd393a8c78eea..0000000000000000000000000000000000000000 --- a/patch/0025-containerd-drop-opt-package.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 4fedcedb0c8cc293ee45959d64d68377b720b8fa Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Thu, 5 Aug 2021 15:24:21 +0800 -Subject: [PATCH] containerd: drop opt package - -Signed-off-by: xiadanni ---- - cmd/containerd/builtins.go | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/cmd/containerd/builtins.go b/cmd/containerd/builtins.go -index 8c6f1fe..5c67768 100644 ---- a/cmd/containerd/builtins.go -+++ b/cmd/containerd/builtins.go -@@ -32,7 +32,6 @@ import ( - _ "github.com/containerd/containerd/services/introspection" - _ "github.com/containerd/containerd/services/leases" - _ "github.com/containerd/containerd/services/namespaces" -- _ "github.com/containerd/containerd/services/opt" - _ "github.com/containerd/containerd/services/snapshots" - _ "github.com/containerd/containerd/services/tasks" - _ "github.com/containerd/containerd/services/version" --- -2.33.0 - diff --git a/patch/0026-containerd-fix-race-access-for-mobySubcribed.patch b/patch/0026-containerd-fix-race-access-for-mobySubcribed.patch deleted file mode 100644 index 77dbbe00b1ee8e8085054345d9ec9ec7da5532c6..0000000000000000000000000000000000000000 --- a/patch/0026-containerd-fix-race-access-for-mobySubcribed.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 23c28aca8fbb161c69836b76d03a826fb339421b Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Thu, 10 Aug 2023 20:49:32 +0800 -Subject: [PATCH] containerd:fix race access for mobySubcribed - -Signed-off-by: zhongjiawei ---- - events/exchange/exchange.go | 7 ++++--- - runtime/v1/shim/client/client.go | 3 +++ - 2 files changed, 7 insertions(+), 3 deletions(-) - -diff --git a/events/exchange/exchange.go b/events/exchange/exchange.go -index 162e7be..0c2337f 100644 ---- a/events/exchange/exchange.go -+++ b/events/exchange/exchange.go -@@ -20,6 +20,7 @@ import ( - "context" - "fmt" - "strings" -+ "sync/atomic" - "time" - - "github.com/containerd/containerd/errdefs" -@@ -49,10 +50,10 @@ func NewExchange() *Exchange { - var _ events.Publisher = &Exchange{} - var _ events.Forwarder = &Exchange{} - var _ events.Subscriber = &Exchange{} --var mobySubcribed = false -+var mobySubcribed = int32(0) - - func MobySubscribed() bool { -- return mobySubcribed -+ return atomic.LoadInt32(&mobySubcribed) == 1 - } - - // Forward accepts an envelope to be directly distributed on the exchange. -@@ -170,7 +171,7 @@ func (e *Exchange) Subscribe(ctx context.Context, fs ...string) (ch <-chan *even - for _, s := range fs { - if !MobySubscribed() && s == "namespace==moby,topic~=|^/tasks/|" { - queue.Namespace = "moby" -- mobySubcribed = true -+ atomic.StoreInt32(&mobySubcribed, 1) - } - } - -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index 64a9aa2..965a5cf 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -70,6 +70,9 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - - f, err := socket.File() - if err != nil { -+ if err1 := RemoveSocket(address); err1 != nil { -+ logrus.Warningf("failed to remove socket %s: %w", address, err1) -+ } - return nil, nil, fmt.Errorf("failed to get fd for socket %s: %w", address, err) - } - defer f.Close() --- -2.33.0 - diff --git a/patch/0027-containerd-fix-allow-attaching-to-any-combination-of-stdin-stdo.patch b/patch/0027-containerd-fix-allow-attaching-to-any-combination-of-stdin-stdo.patch deleted file mode 100644 index 87d6799a0c6343c94379ad1499bfdab40ee927ae..0000000000000000000000000000000000000000 --- a/patch/0027-containerd-fix-allow-attaching-to-any-combination-of-stdin-stdo.patch +++ /dev/null @@ -1,250 +0,0 @@ -From fe6bf665fd2c990a4c9db8323ee7e1a43eda7b4b Mon Sep 17 00:00:00 2001 -From: "Hsing-Yu (David) Chen" -Date: Tue, 28 Mar 2023 17:13:28 -0700 -Subject: [PATCH] fix: allow attaching to any combination of - stdin/stdout/stderr - -Before this PR, if a stdin/stdout/stderr stream is nil, -and the corresponding FIFO is not an empty string, -a panic will occur when Read/Write of the nil stream is invoked in io.CopyBuffer. - -Signed-off-by: Hsing-Yu (David) Chen ---- - cio/io.go | 9 ++ - cio/io_unix_test.go | 203 ++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 212 insertions(+) - -diff --git a/cio/io.go b/cio/io.go -index 8ee13edda..917684189 100644 ---- a/cio/io.go -+++ b/cio/io.go -@@ -167,6 +167,15 @@ func NewAttach(opts ...Opt) Attach { - if fifos == nil { - return nil, fmt.Errorf("cannot attach, missing fifos") - } -+ if streams.Stdin == nil { -+ fifos.Stdin = "" -+ } -+ if streams.Stdout == nil { -+ fifos.Stdout = "" -+ } -+ if streams.Stderr == nil { -+ fifos.Stderr = "" -+ } - return copyIO(fifos, streams) - } - } -diff --git a/cio/io_unix_test.go b/cio/io_unix_test.go -index d4e0a70bf..cdaeb7738 100644 ---- a/cio/io_unix_test.go -+++ b/cio/io_unix_test.go -@@ -95,3 +95,206 @@ func TestOpenFifosWithTerminal(t *testing.T) { - } - } - } -+ -+func assertHasPrefix(t *testing.T, s, prefix string) { -+ t.Helper() -+ if !strings.HasPrefix(s, prefix) { -+ t.Fatalf("expected %s to start with %s", s, prefix) -+ } -+} -+ -+func TestNewFIFOSetInDir(t *testing.T) { -+ root := t.TempDir() -+ -+ fifos, err := NewFIFOSetInDir(root, "theid", true) -+ assert.NoError(t, err) -+ -+ dir := filepath.Dir(fifos.Stdin) -+ assertHasPrefix(t, dir, root) -+ expected := &FIFOSet{ -+ Config: Config{ -+ Stdin: filepath.Join(dir, "theid-stdin"), -+ Stdout: filepath.Join(dir, "theid-stdout"), -+ Stderr: filepath.Join(dir, "theid-stderr"), -+ Terminal: true, -+ }, -+ } -+ -+ assert.Equal(t, fifos.Config, expected.Config) -+ -+ files, err := os.ReadDir(root) -+ assert.NoError(t, err) -+ assert.Len(t, files, 1) -+ -+ assert.Nil(t, fifos.Close()) -+ files, err = os.ReadDir(root) -+ assert.NoError(t, err) -+ assert.Len(t, files, 0) -+} -+ -+func TestNewAttach(t *testing.T) { -+ testCases := []struct { -+ name string -+ expectedStdin, expectedStdout, expectedStderr string -+ }{ -+ { -+ name: "attach to all streams (stdin, stdout, and stderr)", -+ expectedStdin: "this is the stdin", -+ expectedStdout: "this is the stdout", -+ expectedStderr: "this is the stderr", -+ }, -+ { -+ name: "don't attach to stdin", -+ expectedStdout: "this is the stdout", -+ expectedStderr: "this is the stderr", -+ }, -+ { -+ name: "don't attach to stdout", -+ expectedStdin: "this is the stdin", -+ expectedStderr: "this is the stderr", -+ }, -+ { -+ name: "don't attach to stderr", -+ expectedStdin: "this is the stdin", -+ expectedStdout: "this is the stdout", -+ }, -+ } -+ -+ for _, tc := range testCases { -+ t.Run(tc.name, func(t *testing.T) { -+ var ( -+ stdin = bytes.NewBufferString(tc.expectedStdin) -+ stdout = new(bytes.Buffer) -+ stderr = new(bytes.Buffer) -+ -+ // The variables below have to be of the interface type (i.e., io.Reader/io.Writer) -+ // instead of the concrete type (i.e., *bytes.Buffer) *before* being passed to NewAttach. -+ // Otherwise, in NewAttach, the interface value won't be nil -+ // (it's just that the concrete value inside the interface itself is nil. [1]), -+ // which means that the corresponding FIFO path won't be set to be an empty string, -+ // and that's not what we want. -+ // -+ // [1] https://go.dev/tour/methods/12 -+ stdinArg io.Reader -+ stdoutArg, stderrArg io.Writer -+ ) -+ if tc.expectedStdin != "" { -+ stdinArg = stdin -+ } -+ if tc.expectedStdout != "" { -+ stdoutArg = stdout -+ } -+ if tc.expectedStderr != "" { -+ stderrArg = stderr -+ } -+ -+ attacher := NewAttach(WithStreams(stdinArg, stdoutArg, stderrArg)) -+ -+ fifos, err := NewFIFOSetInDir("", "theid", false) -+ assert.NoError(t, err) -+ -+ attachedFifos, err := attacher(fifos) -+ assert.NoError(t, err) -+ defer attachedFifos.Close() -+ -+ producers := setupFIFOProducers(t, attachedFifos.Config()) -+ initProducers(t, producers, tc.expectedStdout, tc.expectedStderr) -+ -+ var actualStdin []byte -+ if producers.Stdin != nil { -+ actualStdin, err = io.ReadAll(producers.Stdin) -+ assert.NoError(t, err) -+ } -+ -+ attachedFifos.Wait() -+ attachedFifos.Cancel() -+ assert.Nil(t, attachedFifos.Close()) -+ -+ assert.Equal(t, tc.expectedStdout, stdout.String()) -+ assert.Equal(t, tc.expectedStderr, stderr.String()) -+ assert.Equal(t, tc.expectedStdin, string(actualStdin)) -+ }) -+ } -+} -+ -+type producers struct { -+ Stdin io.ReadCloser -+ Stdout io.WriteCloser -+ Stderr io.WriteCloser -+} -+ -+func setupFIFOProducers(t *testing.T, fifos Config) producers { -+ var ( -+ err error -+ pipes producers -+ ctx = context.Background() -+ ) -+ -+ if fifos.Stdin != "" { -+ pipes.Stdin, err = fifo.OpenFifo(ctx, fifos.Stdin, syscall.O_RDONLY, 0) -+ assert.NoError(t, err) -+ } -+ -+ if fifos.Stdout != "" { -+ pipes.Stdout, err = fifo.OpenFifo(ctx, fifos.Stdout, syscall.O_WRONLY, 0) -+ assert.NoError(t, err) -+ } -+ -+ if fifos.Stderr != "" { -+ pipes.Stderr, err = fifo.OpenFifo(ctx, fifos.Stderr, syscall.O_WRONLY, 0) -+ assert.NoError(t, err) -+ } -+ -+ return pipes -+} -+ -+func initProducers(t *testing.T, producers producers, stdout, stderr string) { -+ if producers.Stdout != nil { -+ _, err := producers.Stdout.Write([]byte(stdout)) -+ assert.NoError(t, err) -+ assert.Nil(t, producers.Stdout.Close()) -+ } -+ -+ if producers.Stderr != nil { -+ _, err := producers.Stderr.Write([]byte(stderr)) -+ assert.NoError(t, err) -+ assert.Nil(t, producers.Stderr.Close()) -+ } -+} -+ -+func TestLogURIGenerator(t *testing.T) { -+ baseTestLogURIGenerator(t, []LogURIGeneratorTestCase{ -+ { -+ scheme: "fifo", -+ path: "/full/path/pipe.fifo", -+ expected: "fifo:///full/path/pipe.fifo", -+ }, -+ { -+ scheme: "file", -+ path: "/full/path/file.txt", -+ args: map[string]string{ -+ "maxSize": "100MB", -+ }, -+ expected: "file:///full/path/file.txt?maxSize=100MB", -+ }, -+ { -+ scheme: "binary", -+ path: "/full/path/bin", -+ args: map[string]string{ -+ "id": "testing", -+ }, -+ expected: "binary:///full/path/bin?id=testing", -+ }, -+ { -+ scheme: "unknown", -+ path: "nowhere", -+ err: "must be absolute", -+ }, -+ { -+ scheme: "binary", -+ path: "C:\\path\\to\\binary", -+ // NOTE: Windows paths should not be parse-able outside of Windows: -+ err: "must be absolute", -+ }, -+ }) -+} --- -2.33.0 - diff --git a/patch/0028-containerd-bugfix-add-nil-pointer-check-for-cgroup-v1-mem-usage.patch b/patch/0028-containerd-bugfix-add-nil-pointer-check-for-cgroup-v1-mem-usage.patch deleted file mode 100644 index cc6b10f585bcdb1a75b60cb8a4723dfc21169771..0000000000000000000000000000000000000000 --- a/patch/0028-containerd-bugfix-add-nil-pointer-check-for-cgroup-v1-mem-usage.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 2cf8b902f59636b35f187165637d2660d905ce54 Mon Sep 17 00:00:00 2001 -From: "Cardy.Tang" -Date: Fri, 19 May 2023 09:49:58 +0800 -Subject: [PATCH] bugfix: add nil pointer check for cgroup v1 mem usage - -Signed-off-by: Cardy.Tang ---- - metrics/cgroups/v1/memory.go | 32 ++++++++++++++++---------------- - 1 file changed, 16 insertions(+), 16 deletions(-) - -diff --git a/metrics/cgroups/v1/memory.go b/metrics/cgroups/v1/memory.go -index 86f6196ce..90ccc16ea 100644 ---- a/metrics/cgroups/v1/memory.go -+++ b/metrics/cgroups/v1/memory.go -@@ -544,7 +544,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Total, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.Usage == nil { - return nil - } - return []value{ -@@ -560,7 +560,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Bytes, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.Usage == nil { - return nil - } - return []value{ -@@ -576,7 +576,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Bytes, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.Usage == nil { - return nil - } - return []value{ -@@ -592,7 +592,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Bytes, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.Usage == nil { - return nil - } - return []value{ -@@ -608,7 +608,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Total, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.Swap == nil { - return nil - } - return []value{ -@@ -624,7 +624,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Bytes, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.Swap == nil { - return nil - } - return []value{ -@@ -640,7 +640,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Bytes, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.Swap == nil { - return nil - } - return []value{ -@@ -656,7 +656,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Bytes, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.Swap == nil { - return nil - } - return []value{ -@@ -672,7 +672,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Total, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.Kernel == nil { - return nil - } - return []value{ -@@ -688,7 +688,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Bytes, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.Kernel == nil { - return nil - } - return []value{ -@@ -704,7 +704,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Bytes, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.Kernel == nil { - return nil - } - return []value{ -@@ -720,7 +720,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Bytes, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.Kernel == nil { - return nil - } - return []value{ -@@ -736,7 +736,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Total, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.KernelTCP == nil { - return nil - } - return []value{ -@@ -752,7 +752,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Bytes, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.KernelTCP == nil { - return nil - } - return []value{ -@@ -768,7 +768,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Bytes, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.KernelTCP == nil { - return nil - } - return []value{ -@@ -784,7 +784,7 @@ var memoryMetrics = []*metric{ - unit: metrics.Bytes, - vt: prometheus.GaugeValue, - getValues: func(stats *v1.Metrics) []value { -- if stats.Memory == nil { -+ if stats.Memory == nil || stats.Memory.KernelTCP == nil { - return nil - } - return []value{ --- -2.33.0 - diff --git a/patch/0029-containerd-fix-unable-to-checkpoint-the-container-more-than-onc.patch b/patch/0029-containerd-fix-unable-to-checkpoint-the-container-more-than-onc.patch deleted file mode 100644 index c3fabc79dbcb6758d9a5cefccbfcde8b43765dc1..0000000000000000000000000000000000000000 --- a/patch/0029-containerd-fix-unable-to-checkpoint-the-container-more-than-onc.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 26c96255462ea2abc3ec702b8303225c5a71a4a3 Mon Sep 17 00:00:00 2001 -From: Iceber Gu -Date: Mon, 17 Apr 2023 14:02:18 +0800 -Subject: [PATCH] fix unable to checkpoint the container more than once - -Signed-off-by: Iceber Gu ---- - services/tasks/local.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/services/tasks/local.go b/services/tasks/local.go -index 7f60d253a..d09fca200 100644 ---- a/services/tasks/local.go -+++ b/services/tasks/local.go -@@ -707,7 +707,7 @@ func (l *local) writeContent(ctx context.Context, mediaType, ref string, r io.Re - if err != nil { - return nil, err - } -- if err := writer.Commit(ctx, 0, ""); err != nil { -+ if err := writer.Commit(ctx, 0, ""); err != nil && !errdefs.IsAlreadyExists(err) { - return nil, err - } - return &types.Descriptor{ --- -2.33.0 - diff --git a/patch/0030-containerd-fix-cio.Cancel-should-close-the-pipes.patch b/patch/0030-containerd-fix-cio.Cancel-should-close-the-pipes.patch deleted file mode 100644 index 9fe5d0f4dcdaa618f27b8fb6d142e7bddf0b1e22..0000000000000000000000000000000000000000 --- a/patch/0030-containerd-fix-cio.Cancel-should-close-the-pipes.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 4789ed1a8f4e846400be9a0d5cd28643b1b9b6e4 Mon Sep 17 00:00:00 2001 -From: "Hsing-Yu (David) Chen" -Date: Thu, 30 Mar 2023 18:38:54 -0700 -Subject: [PATCH] fix: cio.Cancel() should close the pipes - -PR fixes #8326. - -Signed-off-by: Hsing-Yu (David) Chen ---- - cio/io_unix.go | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/cio/io_unix.go b/cio/io_unix.go -index 5606cc88a..f7a12cf8d 100644 ---- a/cio/io_unix.go -+++ b/cio/io_unix.go -@@ -99,7 +99,14 @@ func copyIO(fifos *FIFOSet, ioset *Streams) (*cio, error) { - config: fifos.Config, - wg: wg, - closers: append(pipes.closers(), fifos), -- cancel: cancel, -+ cancel: func() { -+ cancel() -+ for _, c := range pipes.closers() { -+ if c != nil { -+ c.Close() -+ } -+ } -+ }, - }, nil - } - --- -2.33.0 - diff --git a/patch/0031-containerd-fix-some-containerd-bug.patch b/patch/0031-containerd-fix-some-containerd-bug.patch deleted file mode 100644 index 624f6e9e0742557fd46665cda15c968b2450f7f1..0000000000000000000000000000000000000000 --- a/patch/0031-containerd-fix-some-containerd-bug.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 086561d24d39af5cbc4d0d830e56c36e37e06df9 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Thu, 19 Oct 2023 10:08:49 +0800 -Subject: [PATCH] containerd:fix some containerd bug - -First,fix the bug the container status is not returned correctly -when executing the docker ps command. -Second,fix the bug executing the docker top command does not return correct data - -Signed-off-by: zhongjiawei ---- - pkg/process/init.go | 9 ++++++++- - vendor/github.com/containerd/go-runc/runc.go | 2 +- - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/pkg/process/init.go b/pkg/process/init.go -index d373851..d48e5c6 100644 ---- a/pkg/process/init.go -+++ b/pkg/process/init.go -@@ -250,7 +250,14 @@ func (p *Init) Status(ctx context.Context) (string, error) { - p.mu.Lock() - defer p.mu.Unlock() - -- return p.initState.Status(ctx) -+ c, err := p.runtime.State(ctx, p.id) -+ if err != nil { -+ if strings.Contains(err.Error(), "does not exist") { -+ return "stopped", nil -+ } -+ return "", p.runtimeError(err, "OCI runtime state failed") -+ } -+ return c.Status, nil - } - - // Start the init process -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index 6042b72..5804f5a 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -747,6 +747,7 @@ func (r *Runc) runOrErrorTimeout(cmd *exec.Cmd, runTimeout int64) error { - return err - } - data, err := cmdOutputTimeout(cmd, true, nil, runTimeout) -+ defer putBuf(data) - if err != nil { - return fmt.Errorf("%s: %s", err, data) - } -@@ -780,7 +781,6 @@ func cmdOutput(cmd *exec.Cmd, combined bool, started chan<- int) (*bytes.Buffer, - - func cmdOutputTimeout(cmd *exec.Cmd, combined bool, started chan<- int, timeout int64) (*bytes.Buffer, error) { - b := getBuf() -- defer putBuf(b) - - cmd.Stdout = b - if combined { --- -2.33.0 - diff --git a/patch/0032-containerd-vendor-golang.org-x-net-v0.17.0.patch b/patch/0032-containerd-vendor-golang.org-x-net-v0.17.0.patch deleted file mode 100644 index 3938bf22b4c8a03d60dab7096e05f745896ea7e6..0000000000000000000000000000000000000000 --- a/patch/0032-containerd-vendor-golang.org-x-net-v0.17.0.patch +++ /dev/null @@ -1,336 +0,0 @@ -From 96e6b8f40551e44f3d82d5e03cb9bd6d72d3191b Mon Sep 17 00:00:00 2001 -From: Sebastiaan van Stijn -Date: Mon, 16 Oct 2023 21:50:24 +0200 -Subject: [PATCH] vendor: golang.org/x/net v0.17.0 - -full diff: https://github.com/golang/text/compare/v0.13.0...v0.17.0 - -This fixes the same CVE as go1.21.3 and go1.20.10; - -- net/http: rapid stream resets can cause excessive work - - A malicious HTTP/2 client which rapidly creates requests and - immediately resets them can cause excessive server resource consumption. - While the total number of requests is bounded to the - http2.Server.MaxConcurrentStreams setting, resetting an in-progress - request allows the attacker to create a new request while the existing - one is still executing. - - HTTP/2 servers now bound the number of simultaneously executing - handler goroutines to the stream concurrency limit. New requests - arriving when at the limit (which can only happen after the client - has reset an existing, in-flight request) will be queued until a - handler exits. If the request queue grows too large, the server - will terminate the connection. - - This issue is also fixed in golang.org/x/net/http2 v0.17.0, - for users manually configuring HTTP/2. - - The default stream concurrency limit is 250 streams (requests) - per HTTP/2 connection. This value may be adjusted using the - golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams - setting and the ConfigureServer function. - - This is CVE-2023-39325 and Go issue https://go.dev/issue/63417. - This is also tracked by CVE-2023-44487. - -Signed-off-by: Sebastiaan van Stijn ---- - vendor/golang.org/x/net/http2/Dockerfile | 51 ------------- - vendor/golang.org/x/net/http2/Makefile | 3 - - vendor/golang.org/x/net/http2/server.go | 86 ++++++++++++++++++---- - vendor/golang.org/x/net/http2/transport.go | 33 +++++++-- - 4 files changed, 97 insertions(+), 76 deletions(-) - delete mode 100644 vendor/golang.org/x/net/http2/Dockerfile - delete mode 100644 vendor/golang.org/x/net/http2/Makefile - -diff --git a/vendor/golang.org/x/net/http2/Dockerfile b/vendor/golang.org/x/net/http2/Dockerfile -deleted file mode 100644 -index 851224595..000000000 ---- a/vendor/golang.org/x/net/http2/Dockerfile -+++ /dev/null -@@ -1,51 +0,0 @@ --# --# This Dockerfile builds a recent curl with HTTP/2 client support, using --# a recent nghttp2 build. --# --# See the Makefile for how to tag it. If Docker and that image is found, the --# Go tests use this curl binary for integration tests. --# -- --FROM ubuntu:trusty -- --RUN apt-get update && \ -- apt-get upgrade -y && \ -- apt-get install -y git-core build-essential wget -- --RUN apt-get install -y --no-install-recommends \ -- autotools-dev libtool pkg-config zlib1g-dev \ -- libcunit1-dev libssl-dev libxml2-dev libevent-dev \ -- automake autoconf -- --# The list of packages nghttp2 recommends for h2load: --RUN apt-get install -y --no-install-recommends make binutils \ -- autoconf automake autotools-dev \ -- libtool pkg-config zlib1g-dev libcunit1-dev libssl-dev libxml2-dev \ -- libev-dev libevent-dev libjansson-dev libjemalloc-dev \ -- cython python3.4-dev python-setuptools -- --# Note: setting NGHTTP2_VER before the git clone, so an old git clone isn't cached: --ENV NGHTTP2_VER 895da9a --RUN cd /root && git clone https://github.com/tatsuhiro-t/nghttp2.git -- --WORKDIR /root/nghttp2 --RUN git reset --hard $NGHTTP2_VER --RUN autoreconf -i --RUN automake --RUN autoconf --RUN ./configure --RUN make --RUN make install -- --WORKDIR /root --RUN wget https://curl.se/download/curl-7.45.0.tar.gz --RUN tar -zxvf curl-7.45.0.tar.gz --WORKDIR /root/curl-7.45.0 --RUN ./configure --with-ssl --with-nghttp2=/usr/local --RUN make --RUN make install --RUN ldconfig -- --CMD ["-h"] --ENTRYPOINT ["/usr/local/bin/curl"] -- -diff --git a/vendor/golang.org/x/net/http2/Makefile b/vendor/golang.org/x/net/http2/Makefile -deleted file mode 100644 -index 55fd826f7..000000000 ---- a/vendor/golang.org/x/net/http2/Makefile -+++ /dev/null -@@ -1,3 +0,0 @@ --curlimage: -- docker build -t gohttp2/curl . -- -diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go -index 8cb14f3c9..a4ba54faf 100644 ---- a/vendor/golang.org/x/net/http2/server.go -+++ b/vendor/golang.org/x/net/http2/server.go -@@ -581,9 +581,11 @@ type serverConn struct { - advMaxStreams uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client - curClientStreams uint32 // number of open streams initiated by the client - curPushedStreams uint32 // number of open streams initiated by server push -+ curHandlers uint32 // number of running handler goroutines - maxClientStreamID uint32 // max ever seen from client (odd), or 0 if there have been no client requests - maxPushPromiseID uint32 // ID of the last push promise (even), or 0 if there have been no pushes - streams map[uint32]*stream -+ unstartedHandlers []unstartedHandler - initialStreamSendWindowSize int32 - maxFrameSize int32 - peerMaxHeaderListSize uint32 // zero means unknown (default) -@@ -981,6 +983,8 @@ func (sc *serverConn) serve() { - return - case gracefulShutdownMsg: - sc.startGracefulShutdownInternal() -+ case handlerDoneMsg: -+ sc.handlerDone() - default: - panic("unknown timer") - } -@@ -1012,14 +1016,6 @@ func (sc *serverConn) serve() { - } - } - --func (sc *serverConn) awaitGracefulShutdown(sharedCh <-chan struct{}, privateCh chan struct{}) { -- select { -- case <-sc.doneServing: -- case <-sharedCh: -- close(privateCh) -- } --} -- - type serverMessage int - - // Message values sent to serveMsgCh. -@@ -1028,6 +1024,7 @@ var ( - idleTimerMsg = new(serverMessage) - shutdownTimerMsg = new(serverMessage) - gracefulShutdownMsg = new(serverMessage) -+ handlerDoneMsg = new(serverMessage) - ) - - func (sc *serverConn) onSettingsTimer() { sc.sendServeMsg(settingsTimerMsg) } -@@ -1897,9 +1894,11 @@ func (st *stream) copyTrailersToHandlerRequest() { - // onReadTimeout is run on its own goroutine (from time.AfterFunc) - // when the stream's ReadTimeout has fired. - func (st *stream) onReadTimeout() { -- // Wrap the ErrDeadlineExceeded to avoid callers depending on us -- // returning the bare error. -- st.body.CloseWithError(fmt.Errorf("%w", os.ErrDeadlineExceeded)) -+ if st.body != nil { -+ // Wrap the ErrDeadlineExceeded to avoid callers depending on us -+ // returning the bare error. -+ st.body.CloseWithError(fmt.Errorf("%w", os.ErrDeadlineExceeded)) -+ } - } - - // onWriteTimeout is run on its own goroutine (from time.AfterFunc) -@@ -2017,13 +2016,10 @@ func (sc *serverConn) processHeaders(f *MetaHeadersFrame) error { - // (in Go 1.8), though. That's a more sane option anyway. - if sc.hs.ReadTimeout != 0 { - sc.conn.SetReadDeadline(time.Time{}) -- if st.body != nil { -- st.readDeadline = time.AfterFunc(sc.hs.ReadTimeout, st.onReadTimeout) -- } -+ st.readDeadline = time.AfterFunc(sc.hs.ReadTimeout, st.onReadTimeout) - } - -- go sc.runHandler(rw, req, handler) -- return nil -+ return sc.scheduleHandler(id, rw, req, handler) - } - - func (sc *serverConn) upgradeRequest(req *http.Request) { -@@ -2043,6 +2039,10 @@ func (sc *serverConn) upgradeRequest(req *http.Request) { - sc.conn.SetReadDeadline(time.Time{}) - } - -+ // This is the first request on the connection, -+ // so start the handler directly rather than going -+ // through scheduleHandler. -+ sc.curHandlers++ - go sc.runHandler(rw, req, sc.handler.ServeHTTP) - } - -@@ -2283,8 +2283,62 @@ func (sc *serverConn) newResponseWriter(st *stream, req *http.Request) *response - return &responseWriter{rws: rws} - } - -+type unstartedHandler struct { -+ streamID uint32 -+ rw *responseWriter -+ req *http.Request -+ handler func(http.ResponseWriter, *http.Request) -+} -+ -+// scheduleHandler starts a handler goroutine, -+// or schedules one to start as soon as an existing handler finishes. -+func (sc *serverConn) scheduleHandler(streamID uint32, rw *responseWriter, req *http.Request, handler func(http.ResponseWriter, *http.Request)) error { -+ sc.serveG.check() -+ maxHandlers := sc.advMaxStreams -+ if sc.curHandlers < maxHandlers { -+ sc.curHandlers++ -+ go sc.runHandler(rw, req, handler) -+ return nil -+ } -+ if len(sc.unstartedHandlers) > int(4*sc.advMaxStreams) { -+ return sc.countError("too_many_early_resets", ConnectionError(ErrCodeEnhanceYourCalm)) -+ } -+ sc.unstartedHandlers = append(sc.unstartedHandlers, unstartedHandler{ -+ streamID: streamID, -+ rw: rw, -+ req: req, -+ handler: handler, -+ }) -+ return nil -+} -+ -+func (sc *serverConn) handlerDone() { -+ sc.serveG.check() -+ sc.curHandlers-- -+ i := 0 -+ maxHandlers := sc.advMaxStreams -+ for ; i < len(sc.unstartedHandlers); i++ { -+ u := sc.unstartedHandlers[i] -+ if sc.streams[u.streamID] == nil { -+ // This stream was reset before its goroutine had a chance to start. -+ continue -+ } -+ if sc.curHandlers >= maxHandlers { -+ break -+ } -+ sc.curHandlers++ -+ go sc.runHandler(u.rw, u.req, u.handler) -+ sc.unstartedHandlers[i] = unstartedHandler{} // don't retain references -+ } -+ sc.unstartedHandlers = sc.unstartedHandlers[i:] -+ if len(sc.unstartedHandlers) == 0 { -+ sc.unstartedHandlers = nil -+ } -+} -+ - // Run on its own goroutine. - func (sc *serverConn) runHandler(rw *responseWriter, req *http.Request, handler func(http.ResponseWriter, *http.Request)) { -+ defer sc.sendServeMsg(handlerDoneMsg) - didPanic := true - defer func() { - rw.rws.stream.cancelCtx() -diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go -index 05ba23d3d..e909040d9 100644 ---- a/vendor/golang.org/x/net/http2/transport.go -+++ b/vendor/golang.org/x/net/http2/transport.go -@@ -19,6 +19,7 @@ import ( - "io/fs" - "log" - "math" -+ "math/bits" - mathrand "math/rand" - "net" - "net/http" -@@ -290,8 +291,7 @@ func (t *Transport) initConnPool() { - // HTTP/2 server. - type ClientConn struct { - t *Transport -- tconn net.Conn // usually *tls.Conn, except specialized impls -- tconnClosed bool -+ tconn net.Conn // usually *tls.Conn, except specialized impls - tlsState *tls.ConnectionState // nil only for specialized impls - reused uint32 // whether conn is being reused; atomic - singleUse bool // whether being used for a single http.Request -@@ -1653,7 +1653,27 @@ func (cs *clientStream) frameScratchBufferLen(maxFrameSize int) int { - return int(n) // doesn't truncate; max is 512K - } - --var bufPool sync.Pool // of *[]byte -+// Seven bufPools manage different frame sizes. This helps to avoid scenarios where long-running -+// streaming requests using small frame sizes occupy large buffers initially allocated for prior -+// requests needing big buffers. The size ranges are as follows: -+// {0 KB, 16 KB], {16 KB, 32 KB], {32 KB, 64 KB], {64 KB, 128 KB], {128 KB, 256 KB], -+// {256 KB, 512 KB], {512 KB, infinity} -+// In practice, the maximum scratch buffer size should not exceed 512 KB due to -+// frameScratchBufferLen(maxFrameSize), thus the "infinity pool" should never be used. -+// It exists mainly as a safety measure, for potential future increases in max buffer size. -+var bufPools [7]sync.Pool // of *[]byte -+func bufPoolIndex(size int) int { -+ if size <= 16384 { -+ return 0 -+ } -+ size -= 1 -+ bits := bits.Len(uint(size)) -+ index := bits - 14 -+ if index >= len(bufPools) { -+ return len(bufPools) - 1 -+ } -+ return index -+} - - func (cs *clientStream) writeRequestBody(req *http.Request) (err error) { - cc := cs.cc -@@ -1671,12 +1691,13 @@ func (cs *clientStream) writeRequestBody(req *http.Request) (err error) { - // Scratch buffer for reading into & writing from. - scratchLen := cs.frameScratchBufferLen(maxFrameSize) - var buf []byte -- if bp, ok := bufPool.Get().(*[]byte); ok && len(*bp) >= scratchLen { -- defer bufPool.Put(bp) -+ index := bufPoolIndex(scratchLen) -+ if bp, ok := bufPools[index].Get().(*[]byte); ok && len(*bp) >= scratchLen { -+ defer bufPools[index].Put(bp) - buf = *bp - } else { - buf = make([]byte, scratchLen) -- defer bufPool.Put(&buf) -+ defer bufPools[index].Put(&buf) - } - - var sawEOF bool --- -2.33.0 - diff --git a/patch/0033-containerd-Fix-missing-closed-fifo.patch b/patch/0033-containerd-Fix-missing-closed-fifo.patch deleted file mode 100644 index cc8efcd0987b15a0b1b02cbee32d2b9daf1f00de..0000000000000000000000000000000000000000 --- a/patch/0033-containerd-Fix-missing-closed-fifo.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 1c93da5ded1b80338ae4014084ce005f89e20a94 Mon Sep 17 00:00:00 2001 -From: Shiming Zhang -Date: Mon, 31 Oct 2022 17:18:27 +0800 -Subject: [PATCH] Fix missing closed fifo - -Signed-off-by: Shiming Zhang ---- - runtime/v1/shim/service_linux.go | 1 + - runtime/v2/runc/platform.go | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/runtime/v1/shim/service_linux.go b/runtime/v1/shim/service_linux.go -index 499490601..d6a07e04d 100644 ---- a/runtime/v1/shim/service_linux.go -+++ b/runtime/v1/shim/service_linux.go -@@ -61,6 +61,7 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console - // we need to shutdown epollConsole when pipe broken - epollConsole.Shutdown(p.epoller.CloseConsole) - epollConsole.Close() -+ in.Close() - }() - } - -diff --git a/runtime/v2/runc/platform.go b/runtime/v2/runc/platform.go -index c08d32912..65c017149 100644 ---- a/runtime/v2/runc/platform.go -+++ b/runtime/v2/runc/platform.go -@@ -86,6 +86,7 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console - // we need to shutdown epollConsole when pipe broken - epollConsole.Shutdown(p.epoller.CloseConsole) - epollConsole.Close() -+ in.Close() - }() - } - --- -2.33.0 - diff --git a/patch/0034-containerd-disable-Transparent-HugePage-for-shim-pro.patch b/patch/0034-containerd-disable-Transparent-HugePage-for-shim-pro.patch deleted file mode 100644 index 786c0b586f9abbb6b55daabab818f82831b55e40..0000000000000000000000000000000000000000 --- a/patch/0034-containerd-disable-Transparent-HugePage-for-shim-pro.patch +++ /dev/null @@ -1,233 +0,0 @@ -From e70824074dc2c73a463c85ea3b5bd24f66f25624 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Fri, 23 Feb 2024 14:58:08 +0800 -Subject: [PATCH] containerd:disable Transparent HugePage for shim process if - SHIM_DISABLE_THP is set - ---- - runtime/v1/shim/client/client.go | 13 +++++ - sys/reaper/reaper_unix.go | 14 +++++ - sys/thp.go | 34 ++++++++++++ - sys/thp_amd64.go | 3 ++ - sys/thp_arm64.go | 3 ++ - sys/thp_riscv64.go | 3 ++ - .../github.com/containerd/go-runc/monitor.go | 54 ++++++++++++------- - 7 files changed, 104 insertions(+), 20 deletions(-) - create mode 100644 sys/thp.go - create mode 100644 sys/thp_amd64.go - create mode 100644 sys/thp_arm64.go - create mode 100644 sys/thp_riscv64.go - -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index 965a5cf..af4917c 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -104,9 +104,22 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - if err != nil { - return nil, nil, err - } -+ // Set THP disabled for shim process -+ if err := sys.SetTHPState(1, false); err != nil { -+ if err := sys.SetTHPState(0, true); err != nil { -+ return nil, nil, err -+ } -+ return nil, nil, err -+ } - if err := cmd.Start(); err != nil { -+ if err := sys.SetTHPState(0, true); err != nil { -+ return nil, nil, err -+ } - return nil, nil, fmt.Errorf("failed to start shim: %w", err) - } -+ if err := sys.SetTHPState(0, true); err != nil { -+ return nil, nil, err -+ } - defer func() { - if err != nil { - cmd.Process.Kill() -diff --git a/sys/reaper/reaper_unix.go b/sys/reaper/reaper_unix.go -index 61c2e8a..2181432 100644 ---- a/sys/reaper/reaper_unix.go -+++ b/sys/reaper/reaper_unix.go -@@ -26,6 +26,7 @@ import ( - "syscall" - "time" - -+ "github.com/containerd/containerd/sys" - runc "github.com/containerd/go-runc" - "github.com/sirupsen/logrus" - exec "golang.org/x/sys/execabs" -@@ -94,9 +95,22 @@ type Monitor struct { - - // Start starts the command a registers the process with the reaper - func (m *Monitor) Start(c *exec.Cmd) (chan runc.Exit, error) { -+ // Set THP enabled for subprocess. -+ if err := sys.SetTHPState(0, false); err != nil { -+ if err := sys.SetTHPState(1, true); err != nil { -+ return nil, err -+ } -+ return nil, err -+ } - ec := m.Subscribe() - if err := c.Start(); err != nil { - m.Unsubscribe(ec) -+ if err := sys.SetTHPState(1, true); err != nil { -+ return nil, err -+ } -+ return nil, err -+ } -+ if err := sys.SetTHPState(1, true); err != nil { - return nil, err - } - return ec, nil -diff --git a/sys/thp.go b/sys/thp.go -new file mode 100644 -index 0000000..25c97a6 ---- /dev/null -+++ b/sys/thp.go -@@ -0,0 +1,34 @@ -+package sys -+ -+import ( -+ "os" -+ "runtime" -+ "syscall" -+ -+ "github.com/sirupsen/logrus" -+) -+ -+const ( -+ PR_SET_THP_DISABLE = 41 -+) -+ -+func SetTHPState(flag int, resume bool) error { -+ logrus.Debug("start to set THP") -+ if os.Getenv("SHIM_DISABLE_THP") != "1" { -+ logrus.Debug("skip set THP") -+ return nil -+ } -+ -+ if resume { -+ defer runtime.UnlockOSThread() -+ } else { -+ runtime.LockOSThread() -+ } -+ -+ _, _, errno := syscall.RawSyscall6(uintptr(PRCTL_SYSCALL), uintptr(PR_SET_THP_DISABLE), uintptr(flag), 0, 0, 0, 0) -+ if errno != 0 { -+ logrus.Errorf("disable THP failed: %v", errno) -+ return errno -+ } -+ return nil -+} -diff --git a/sys/thp_amd64.go b/sys/thp_amd64.go -new file mode 100644 -index 0000000..e1e977e ---- /dev/null -+++ b/sys/thp_amd64.go -@@ -0,0 +1,3 @@ -+package sys -+ -+const PRCTL_SYSCALL = 157 -diff --git a/sys/thp_arm64.go b/sys/thp_arm64.go -new file mode 100644 -index 0000000..a6db8d6 ---- /dev/null -+++ b/sys/thp_arm64.go -@@ -0,0 +1,3 @@ -+package sys -+ -+const PRCTL_SYSCALL = 167 -diff --git a/sys/thp_riscv64.go b/sys/thp_riscv64.go -new file mode 100644 -index 0000000..a6db8d6 ---- /dev/null -+++ b/sys/thp_riscv64.go -@@ -0,0 +1,3 @@ -+package sys -+ -+const PRCTL_SYSCALL = 167 -diff --git a/vendor/github.com/containerd/go-runc/monitor.go b/vendor/github.com/containerd/go-runc/monitor.go -index 73c8ac1..c7b4451 100644 ---- a/vendor/github.com/containerd/go-runc/monitor.go -+++ b/vendor/github.com/containerd/go-runc/monitor.go -@@ -25,6 +25,7 @@ import ( - "syscall" - "time" - -+ "github.com/containerd/containerd/sys" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" - ) -@@ -54,7 +55,20 @@ type defaultMonitor struct { - } - - func (m *defaultMonitor) Start(c *exec.Cmd) (chan Exit, error) { -+ // Set THP enabled for runc process. -+ if err := sys.SetTHPState(0, false); err != nil { -+ if err := sys.SetTHPState(1, true); err != nil { -+ return nil, err -+ } -+ return nil, err -+ } - if err := c.Start(); err != nil { -+ if err := sys.SetTHPState(1, true); err != nil { -+ return nil, err -+ } -+ return nil, err -+ } -+ if err := sys.SetTHPState(1, true); err != nil { - return nil, err - } - ec := make(chan Exit, 1) -@@ -84,27 +98,27 @@ func (m *defaultMonitor) Wait(c *exec.Cmd, ec chan Exit) (int, error) { - } - - func (m *defaultMonitor) WaitTimeout(c *exec.Cmd, ec chan Exit, sec int64) (int, error) { -- select { -- case <-time.After(time.Duration(sec) * time.Second): -- if SameProcess(c, c.Process.Pid) { -- logrus.Devour(syscall.Kill(c.Process.Pid, syscall.SIGKILL)) -- } -- return 0, errors.Errorf("timeout %ds for cmd(pid=%d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) -- case e := <-ec: -- return e.Status, nil -- } -+ select { -+ case <-time.After(time.Duration(sec) * time.Second): -+ if SameProcess(c, c.Process.Pid) { -+ logrus.Devour(syscall.Kill(c.Process.Pid, syscall.SIGKILL)) -+ } -+ return 0, errors.Errorf("timeout %ds for cmd(pid=%d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) -+ case e := <-ec: -+ return e.Status, nil -+ } - } - - func SameProcess(cmd *exec.Cmd, pid int) bool { -- bytes, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "cmdline")) -- if err != nil { -- return false -- } -- for i := range bytes { -- if bytes[i] == 0 { -- bytes[i] = 32 -- } -- } -- cmdline := string(bytes) -- return strings.EqualFold(cmdline, strings.Join(cmd.Args, " ")+" ") -+ bytes, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "cmdline")) -+ if err != nil { -+ return false -+ } -+ for i := range bytes { -+ if bytes[i] == 0 { -+ bytes[i] = 32 -+ } -+ } -+ cmdline := string(bytes) -+ return strings.EqualFold(cmdline, strings.Join(cmd.Args, " ")+" ") - } --- -2.33.0 -