!17 containerd: compile option compliance

From: @Vanient Reviewed-by: @jing-rui,@caihaomin Signed-off-by: @caihaomin
2021-03-18 15:12:28 +08:00 · 2021-03-18 15:12:28 +08:00 · 92442044c0
commit 92442044c0
parent 9a29a38c55 9c4ff3a46f
9 changed files with 270 additions and 2 deletions
--- a/containerd.spec
+++ b/containerd.spec
@ -2,7 +2,7 @@
 %global debug_package %{nil}
 Version:        1.2.0
 Name:           containerd
-Release:        106
+Release:        108
 Summary:        An industry-standard container runtime
 License:        ASL 2.0
 URL:            https://containerd.io
@ -39,6 +39,7 @@ cd $GO_BUILD_PATH/src/%{goipath}
 export GOPATH=$GO_BUILD_PATH:%{gopath}
 export BUILDTAGS="no_btrfs no_cri"
 make
+strip ./bin/containerd ./bin/containerd-shim

 %install
 install -d $RPM_BUILD_ROOT/%{_bindir}
@ -50,6 +51,22 @@ install -p -m 755 bin/containerd-shim $RPM_BUILD_ROOT/%{_bindir}/containerd-shim
 %{_bindir}/containerd-shim

 %changelog
+* Thu Mar 18 2021 xiadanni<xiadanni1@huawei.com> - 1.2.0-108
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:compile option compliance
+
+* Thu Mar 18 2021 xiadanni<xiadanni1@huawei.com> - 1.2.0-107
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:sync bugfix, include
+       1. check task list to avoid unnecessary cleanup.
+       2. fix dead loop
+       3. cleanup dangling shim by brand new context
+       4. fix potential panic for task in unknown state
+
 * Fri Dec 11 2020 yangyanchao <yangyanchao6@huawei.com> 1.2.0-106
 - Type:requirement
 - ID:NA
--- a/gen-commit.sh
+++ b/gen-commit.sh
--- a/2
+++ b/2
@ -1 +1 @@
-3b91554d97fcb60c607896100a1ae8abb339d715
+aec25f8e033c265f30268f7170d83095404adcef
--- a/patch/0064-containerd-check-task-list-to-avoid-unnecessary-clea.patch
+++ b/patch/0064-containerd-check-task-list-to-avoid-unnecessary-clea.patch
@ -0,0 +1,30 @@
+From 53111d2f094b738a4b3a35bcec85f78324ca8509 Mon Sep 17 00:00:00 2001
+From: xiadanni1 <xiadanni1@huawei.com>
+Date: Tue, 24 Nov 2020 11:00:32 +0800
+Subject: [PATCH] containerd: check task list to avoid unnecessary cleanup
+
+Signed-off-by: Lantao Liu <lantaol@google.com>
+Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
+---
+ runtime/v1/linux/runtime.go | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go
+index 5be785d..0feb587 100644
+--- a/runtime/v1/linux/runtime.go
+++ b/runtime/v1/linux/runtime.go
+@@ -374,6 +374,11 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) {
+ 		shimExit := make(chan struct{})
+ 		s, err := bundle.NewShimClient(ctx, ns, ShimConnect(r.config, func() {
+ 			close(shimExit)
+			if _, err := r.tasks.Get(ctx, id); err != nil {
+				// Task was never started or was already successfully deleted
+				return
+			}
+
+ 			err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid)
+ 			if err != nil {
+ 				log.G(ctx).WithError(err).WithField("bundle", bundle.path).
+-- 
+1.8.3.1
+
--- a/patch/0065-containerd-fix-dead-loop.patch
+++ b/patch/0065-containerd-fix-dead-loop.patch
@ -0,0 +1,37 @@
+From b315a85a6695dfbe67767f21713c3ccfc7cae73e Mon Sep 17 00:00:00 2001
+From: jingrui <jingrui@huawei.com>
+Date: Mon, 1 Feb 2021 09:48:07 +0800
+Subject: [PATCH] containerd: fix dead loop
+
+Change-Id: I6b2ce4456ca8fe197683692721d150f4e5d7e3fe
+Signed-off-by: jingrui <jingrui@huawei.com>
+---
+ runtime/v1/shim/client/client.go | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go
+index 06453b35a..9e63af4ea 100644
+--- a/runtime/v1/shim/client/client.go
+++ b/runtime/v1/shim/client/client.go
+@@ -393,15 +393,15 @@ func (c *Client) signalShim(ctx context.Context, sig syscall.Signal) error {
+ 
+ func (c *Client) waitForExit(pid int) <-chan struct{} {
+ 	c.exitOnce.Do(func() {
+-		for {
+		for i := 0; i < 1000; i++ {
+ 			// use kill(pid, 0) here because the shim could have been reparented
+ 			// and we are no longer able to waitpid(pid, ...) on the shim
+ 			if err := unix.Kill(pid, 0); err == unix.ESRCH {
+-				close(c.exitCh)
+-				return
+				break
+ 			}
+ 			time.Sleep(10 * time.Millisecond)
+ 		}
+		close(c.exitCh)
+ 	})
+ 	return c.exitCh
+ }
+-- 
+2.17.1
+
--- a/patch/0066-containerd-cleanup-dangling-shim-by-brand-new-context.patch
+++ b/patch/0066-containerd-cleanup-dangling-shim-by-brand-new-context.patch
@ -0,0 +1,41 @@
+From a530cb668134335d4e5d6595d5d5a9cb74e16428 Mon Sep 17 00:00:00 2001
+From: xiadanni <xiadanni1@huawei.com>
+Date: Tue, 19 Jan 2021 15:01:00 +0800
+Subject: [PATCH] containerd: cleanup dangling shim by brand new context
+
+Upstream:https://github.com/containerd/containerd/pull/4048
+
+Signed-off-by: xiadanni <xiadanni1@huawei.com>
+---
+ runtime/v1/linux/runtime.go | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go
+index 0feb587..66f959d 100644
+--- a/runtime/v1/linux/runtime.go
+++ b/runtime/v1/linux/runtime.go
+@@ -66,6 +66,9 @@ const (
+ 	configFilename = "config.json"
+ 	defaultRuntime = "runc"
+ 	defaultShim    = "containerd-shim"
+
+	// cleanupTimeout is default timeout for cleanup operations
+	cleanupTimeout = 1 * time.Minute
+ )
+ 
+ func init() {
+@@ -226,7 +229,10 @@ func (r *Runtime) Create(ctx context.Context, id string, opts runtime.CreateOpts
+ 	}
+ 	defer func() {
+ 		if err != nil {
+-			kerr := s.KillShim(ctx)
+			deferCtx, deferCancel := context.WithTimeout(
+				namespaces.WithNamespace(context.TODO(), namespace), cleanupTimeout)
+			defer deferCancel()
+			kerr := s.KillShim(deferCtx)
+ 			log.G(ctx).WithError(err).Errorf("revert: kill shim error=%v", kerr)
+ 		}
+ 	}()
+-- 
+1.8.3.1
+
--- a/patch/0067-containerd-fix-potential-panic-for-task-in-unknown-state.patch
+++ b/patch/0067-containerd-fix-potential-panic-for-task-in-unknown-state.patch
@ -0,0 +1,89 @@
+From 4c9ec5f1eece90929eb3b525c28f3713b7153d7d Mon Sep 17 00:00:00 2001
+From: xiadanni <xiadanni1@huawei.com>
+Date: Tue, 19 Jan 2021 20:34:45 +0800
+Subject: [PATCH] containerd:fix potential panic for task in unknown state
+
+Upstream:https://github.com/containerd/containerd/pull/3611
+
+Signed-off-by: xiadanni <xiadanni1@huawei.com>
+---
+ cio/io_unix.go | 22 ++++++++++++----------
+ container.go   | 13 +++++++++++--
+ 2 files changed, 23 insertions(+), 12 deletions(-)
+
+diff --git a/cio/io_unix.go b/cio/io_unix.go
+index 3ab2a30..53b6b2d 100644
+--- a/cio/io_unix.go
+++ b/cio/io_unix.go
+@@ -72,17 +72,19 @@ func copyIO(fifos *FIFOSet, ioset *Streams) (*cio, error) {
+ 	}
+ 
+ 	var wg = &sync.WaitGroup{}
+-	wg.Add(1)
+-	go func() {
+-		p := bufPool.Get().(*[]byte)
+-		defer bufPool.Put(p)
+-
+-		io.CopyBuffer(ioset.Stdout, pipes.Stdout, *p)
+-		pipes.Stdout.Close()
+-		wg.Done()
+-	}()
+	if fifos.Stdout != "" {
+		wg.Add(1)
+		go func() {
+			p := bufPool.Get().(*[]byte)
+			defer bufPool.Put(p)
+
+			io.CopyBuffer(ioset.Stdout, pipes.Stdout, *p)
+			pipes.Stdout.Close()
+			wg.Done()
+		}()
+	}
+ 
+-	if !fifos.Terminal {
+	if !fifos.Terminal && fifos.Stderr != "" {
+ 		wg.Add(1)
+ 		go func() {
+ 			p := bufPool.Get().(*[]byte)
+diff --git a/container.go b/container.go
+index 3c09b2d..63b074a 100644
+--- a/container.go
+++ b/container.go
+@@ -25,6 +25,7 @@ import (
+ 
+ 	"github.com/containerd/containerd/api/services/tasks/v1"
+ 	"github.com/containerd/containerd/api/types"
+	tasktypes "github.com/containerd/containerd/api/types/task"
+ 	"github.com/containerd/containerd/cio"
+ 	"github.com/containerd/containerd/containers"
+ 	"github.com/containerd/containerd/errdefs"
+@@ -32,6 +33,7 @@ import (
+ 	"github.com/containerd/typeurl"
+ 	prototypes "github.com/gogo/protobuf/types"
+ 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+ )
+ 
+ // Container is a metadata object for container resources and task creation
+@@ -284,9 +286,16 @@ func (c *container) loadTask(ctx context.Context, ioAttach cio.Attach) (Task, er
+ 		return nil, err
+ 	}
+ 	var i cio.IO
+
+ 	if ioAttach != nil {
+-		if i, err = attachExistingIO(response, ioAttach); err != nil {
+-			return nil, err
+		if response.Process.Status == tasktypes.StatusUnknown {
+			logrus.Warnf("container %v loadTask: task get returns process status unknown", c.id)
+		} else {
+			// Do not attach IO for task in unknown state, because there
+			// are no fifo paths anyway.
+			if i, err = attachExistingIO(response, ioAttach); err != nil {
+				return nil, err
+			}
+ 		}
+ 	}
+ 	t := &task{
+-- 
+1.8.3.1
+
--- a/patch/0068-containerd-compile-option-compliance.patch
+++ b/patch/0068-containerd-compile-option-compliance.patch
@ -0,0 +1,49 @@
+From 0cda15b8d0241f9c15c0efe12d19877761f7b387 Mon Sep 17 00:00:00 2001
+From: xiadanni <xiadanni1@huawei.com>
+Date: Thu, 18 Mar 2021 10:29:02 +0800
+Subject: [PATCH] containerd: compile option compliance
+
+Signed-off-by: xiadanni <xiadanni1@huawei.com>
+---
+ Makefile | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index f69559b..102db9f 100644
+--- a/Makefile
+++ b/Makefile
+@@ -82,7 +82,7 @@ BEP_DIR=/tmp/containerd-build-bep
+ BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep
+ 
+ GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)'
+-SHIM_GO_LDFLAGS=-ldflags ' -buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"'
+SHIM_GO_LDFLAGS=-ldflags '-extldflags=-static' -ldflags '-buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -linkmode=external -extldflags=-Wl,-z,relro,-z,now'
+ 
+ #Replaces ":" (*nix), ";" (windows) with newline for easy parsing
+ GOPATHS=$(shell echo ${GOPATH} | tr ":" "\n" | tr ";" "\n")
+@@ -171,11 +171,21 @@ FORCE:
+ bin/%: cmd/% FORCE
+ 	mkdir -p $(BEP_DIR)
+ 	@echo "$(WHALE) $@${BINARY_SUFFIX}"
+	CGO_ENABLED=1 \
+	CGO_CFLAGS="-fstack-protector-strong -fPIE" \
+	CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \
+	CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
+	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+ 	go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS}  ./$<
+ 
+ bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
+ 	@echo "$(WHALE) bin/containerd-shim"
+-	go build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim
+	CGO_ENABLED=1 \
+	CGO_CFLAGS="-fstack-protector-strong -fPIE" \
+	CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \
+	CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
+	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+	go build -buildmode=pie ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim
+ 
+ bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
+ 	@echo "$(WHALE) bin/containerd-shim-runc-v1"
+-- 
+1.8.3.1
+
--- a/series.conf
+++ b/series.conf
@ -68,4 +68,9 @@ patch/0062-containerd-use-path-based-socket-for-shims.patch
 patch/0063-containerd-kill-init-directly-if-runtime-kill-failed.patch
 patch/0064-containerd-add-sys-symbol-to-support-riscv.patch
 patch/0065-containerd-add-blot-symbol-to-support-riscv.patch
+patch/0064-containerd-check-task-list-to-avoid-unnecessary-clea.patch
+patch/0065-containerd-fix-dead-loop.patch
+patch/0066-containerd-cleanup-dangling-shim-by-brand-new-context.patch
+patch/0067-containerd-fix-potential-panic-for-task-in-unknown-state.patch
+patch/0068-containerd-compile-option-compliance.patch
 # end