docker: ensure layer digest folder removed if ls.driver.Remove fails

If image pull fails of context canceled, image layer will perform a rollback operation. When image layer is released, the diff folder of layer will be removed first, and then the digest folder will be removed. If the diff folder fails to be removed, such as operation not permitted or interrupted by others, both the digest folder and diff folder will remain on the disk, this will cause image not be complete and not repairable. So we should remove the digest folder first for image layers rollback and ensure image can be re-pulled completely.
2022-09-15 17:31:01 +08:00 · 2022-09-15 17:31:01 +08:00 · 54c9d1260f
commit 54c9d1260f
parent b0813e64ca
5 changed files with 78 additions and 3 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-18.09.0.309
+18.09.0.310
--- a/docker.spec
+++ b/docker.spec
@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 309
+Release: 310
 Summary: The open-source application container engine
 Group: Tools/Docker

@ -212,6 +212,12 @@ fi
 %endif

 %changelog
+* Thu Sep 15 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-310
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:ensure layer digest folder removed if ls.driver.Remove fails
+
 * Thu Sep 15 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-309
 - Type:CVE
 - CVE:CVE-2022-36109
--- a/2
+++ b/2
@ -1 +1 @@
-1f53e790e570d524f6ebf5b81c914ddda97f0924
+faa0fdd6145546a28a82b18855466b66b5bb77f5
--- a/patch/0232-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch
+++ b/patch/0232-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch
@ -0,0 +1,68 @@
+From ef17936c73849e17039f0b1558f6a87f70a35890 Mon Sep 17 00:00:00 2001
+From: zhangsong <zhangsong34@huawei.com>
+Date: Mon, 29 Aug 2022 11:41:15 +0800
+Subject: [PATCH] docker: ensure layer digest folder removed if
+ ls.driver.Remove fails
+
+If image pull fails of context canceled, image layer will perform a
+rollback operation. When image layer is released, the diff folder
+of layer will be removed first, and then the digest folder will be
+removed. If the diff folder fails to be removed, such as operation
+not permitted or interrupted by others, both the digest folder and diff
+folder will remain on the disk, this will cause image not be complete
+and not repairable.
+
+So we should remove the digest folder first for image layers rollback
+and ensure image can be re-pulled completely.
+
+Signed-off-by: zhangsong <zhangsong34@huawei.com>
+---
+ components/engine/layer/layer_store.go | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/components/engine/layer/layer_store.go b/components/engine/layer/layer_store.go
+index c514ed80..e3030c3c 100644
+--- a/components/engine/layer/layer_store.go
+++ b/components/engine/layer/layer_store.go
+@@ -311,6 +311,8 @@ func (ls *layerStore) registerWithDescriptor(ts io.Reader, parent ChainID, descr
+ 		// Release parent chain if error
+ 		defer func() {
+ 			if err != nil {
+				logrus.Errorf("Create layer cache id: %s, diff id: %s, chain id: %s, error: %v",
+					p.cacheID, p.diffID, p.chainID, err)
+ 				ls.layerL.Lock()
+ 				ls.releaseLayer(p)
+ 				ls.layerL.Unlock()
+@@ -428,12 +430,18 @@ func (ls *layerStore) Map() map[ChainID]Layer {
+ }
+ 
+ func (ls *layerStore) deleteLayer(layer *roLayer, metadata *Metadata) error {
+-	err := ls.driver.Remove(layer.cacheID)
+	logrus.Debugf("Deleting layer cache id: %s, diff id: %s, chain id: %s",
+		layer.cacheID, layer.diffID, layer.chainID)
+	err := ls.store.Remove(layer.chainID)
+ 	if err != nil {
+		logrus.Errorf("Remove layer store: cache id: %s, diff id: %s, chain id: %s, error: %v",
+			layer.cacheID, layer.diffID, layer.chainID, err)
+ 		return err
+ 	}
+-	err = ls.store.Remove(layer.chainID)
+	err = ls.driver.Remove(layer.cacheID)
+ 	if err != nil {
+		logrus.Errorf("Remove driver store: cache id: %s, diff id: %s, chain id: %s, error: %v",
+			layer.cacheID, layer.diffID, layer.chainID, err)
+ 		return err
+ 	}
+ 	metadata.DiffID = layer.diffID
+@@ -444,6 +452,8 @@ func (ls *layerStore) deleteLayer(layer *roLayer, metadata *Metadata) error {
+ 	}
+ 	metadata.DiffSize = layer.size
+ 
+	logrus.Debugf("Delete layer cache id: %s, diff id: %s, chain id: %s done",
+		layer.cacheID, layer.diffID, layer.chainID)
+ 	return nil
+ }
+ 
+-- 
+2.27.0
+
--- a/series.conf
+++ b/series.conf
@ -229,4 +229,5 @@ patch/0228-docker-registry-ensure-default-auth-config-has-address.patch
 patch/0229-docker-fix-terminal-abnormal-after-docker-run.patch
 patch/0230-docker-Add-an-ExitPid-field-for-State-struct-to-reco.patch
 patch/0231-docker-AdditionalGids-must-include-effective-group-I.patch
+patch/0232-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch
 #end