!231 runc:sync some patches

From: @zhong-jiawei-1 
Reviewed-by: @zhangsong234 
Signed-off-by: @zhangsong234

git-commit

@@ -1 +1 @@
-1e39039974846638765620aa4f73d1e0c11e1dec
+730142e84fa048db67ba7ea3f28a97735b98bb93

patch/0034-runc-Fix-File-to-Close.patch

@@ -0,0 +1,40 @@
+From 329422245586df752a020d3887cb0ee83cab7f59 Mon Sep 17 00:00:00 2001
+From: "hang.jiang" <hang.jiang@daocloud.io>
+Date: Fri, 1 Sep 2023 16:17:13 +0800
+Subject: [PATCH 1/4] Fix File to Close
+
+Reference:https://github.com/opencontainers/runc/commit/937ca107c3d22da77eb8e8030f2342253b980980
+
+Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
+---
+ libcontainer/cgroups/fs/paths.go | 1 +
+ update.go                        | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/libcontainer/cgroups/fs/paths.go b/libcontainer/cgroups/fs/paths.go
+index 1092331b..2cb970a3 100644
+--- a/libcontainer/cgroups/fs/paths.go
++++ b/libcontainer/cgroups/fs/paths.go
+@@ -83,6 +83,7 @@ func tryDefaultCgroupRoot() string {
+ 	if err != nil {
+ 		return ""
+ 	}
++	defer dir.Close()
+ 	names, err := dir.Readdirnames(1)
+ 	if err != nil {
+ 		return ""
+diff --git a/update.go b/update.go
+index 9ce5a2e8..6d582ddd 100644
+--- a/update.go
++++ b/update.go
+@@ -174,6 +174,7 @@ other options are ignored.
+ 				if err != nil {
+ 					return err
+ 				}
++				defer f.Close()
+ 			}
+ 			err = json.NewDecoder(f).Decode(&r)
+ 			if err != nil {
+-- 
+2.27.0
+

patch/0035-runc-Fix-undefined-behavior.patch

@@ -0,0 +1,68 @@
+From 04ee021566aa241792914782a68a8ba30383e738 Mon Sep 17 00:00:00 2001
+From: Kazuki Hasegawa <nanasi880@gmail.com>
+Date: Tue, 28 Mar 2023 19:54:11 +0900
+Subject: [PATCH 3/4] Fix undefined behavior.
+
+Do not accept setjmp return value as variable.
+
+Reference:https://github.com/opencontainers/runc/commit/6053aea46f18f86a3e1cdb0f18a1094079af4aeb
+
+Signed-off-by: Kazuki Hasegawa <nanasi880@gmail.com>
+---
+ libcontainer/nsenter/nsexec.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c
+index 52e4521c..96bf5b7d 100644
+--- a/libcontainer/nsenter/nsexec.c
++++ b/libcontainer/nsenter/nsexec.c
+@@ -958,8 +958,7 @@ void nsexec(void)
+ 	 * -- Aleksa "what has my life come to?" Sarai
+ 	 */
+ 
+-	current_stage = setjmp(env);
+-	switch (current_stage) {
++	switch (setjmp(env)) {
+ 		/*
+ 		 * Stage 0: We're in the parent. Our job is just to create a new child
+ 		 *          (stage 1: STAGE_CHILD) process and write its uid_map and
+@@ -973,6 +972,7 @@ void nsexec(void)
+ 			bool stage1_complete, stage2_complete;
+ 
+ 			/* For debugging. */
++			current_stage = STAGE_PARENT;
+ 			prctl(PR_SET_NAME, (unsigned long)"runc:[0:PARENT]", 0, 0, 0);
+ 			write_log(DEBUG, "~> nsexec stage-0");
+ 
+@@ -1130,6 +1130,9 @@ void nsexec(void)
+ 			pid_t stage2_pid = -1;
+ 			enum sync_t s;
+ 
++			/* For debugging. */
++			current_stage = STAGE_CHILD;
++
+ 			/* We're in a child and thus need to tell the parent if we die. */
+ 			syncfd = sync_child_pipe[0];
+ 			if (close(sync_child_pipe[1]) < 0)
+@@ -1310,6 +1313,9 @@ void nsexec(void)
+ 			 */
+ 			enum sync_t s;
+ 
++			/* For debugging. */
++			current_stage = STAGE_INIT;
++
+ 			/* We're in a child and thus need to tell the parent if we die. */
+ 			syncfd = sync_grandchild_pipe[0];
+ 			if (close(sync_grandchild_pipe[1]) < 0)
+@@ -1365,7 +1371,7 @@ void nsexec(void)
+ 		}
+ 		break;
+ 	default:
+-		bail("unknown stage '%d' for jump value", current_stage);
++		bail("unexpected jump value");
+ 	}
+ 
+ 	/* Should never be reached. */
+-- 
+2.27.0
+

patch/0036-runc-increase-the-number-of-cgroup-deletion-retries.patch

@@ -0,0 +1,25 @@
+From c1672b5e35bcc8f02bd1e1ad4964ad114bf28972 Mon Sep 17 00:00:00 2001
+From: zhongjiawei <zhongjiawei1@huawei.com>
+Date: Thu, 21 Dec 2023 19:38:04 +0800
+Subject: [PATCH] runc:increase the number of cgroup deletion retries
+
+---
+ libcontainer/cgroups/utils.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go
+index fc4ae44..a359740 100644
+--- a/libcontainer/cgroups/utils.go
++++ b/libcontainer/cgroups/utils.go
+@@ -270,7 +270,7 @@ func RemovePath(path string) error {
+ // If after all there are not removed cgroups - appropriate error will be
+ // returned.
+ func RemovePaths(paths map[string]string) (err error) {
+-	const retries = 5
++	const retries = 10
+ 	delay := 10 * time.Millisecond
+ 	for i := 0; i < retries; i++ {
+ 		if i != 0 {
+-- 
+2.33.0
+

runc.spec

@@ -3,7 +3,7 @@
 
 Name: runc
 Version: 1.1.8
-Release: 11
+Release: 12
 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
 
 License: ASL 2.0
@@ -54,6 +54,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
 %{_bindir}/runc
 
 %changelog
+* Thu Dec 21 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.8-12
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:sync some patches
+
 * Fri Dec 8 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.8-11
 - Type:bugfix
 - CVE:NA

series.conf

@@ -30,3 +30,6 @@ patch/0030-runc-Handle-kmem.limit_in_bytes-removal.patch
 patch/0031-runc-fix-update-rt-runtime-us-and-rt-period-us-faile.patch
 patch/0032-runc-delete-do-not-ignore-error-from-destroy.patch
 patch/0033-runc-libct-Destroy-don-t-proceed-in-case-of-errors.patch
+patch/0034-runc-Fix-File-to-Close.patch
+patch/0035-runc-Fix-undefined-behavior.patch
+patch/0036-runc-increase-the-number-of-cgroup-deletion-retries.patch