Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure we can always terminate the parent process on error #4355

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+45 −24
Open

Ensure we can always terminate the parent process on error #4355

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 44 additions & 10 deletions libcontainer/container_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,20 +201,31 @@ func (c *Container) Set(config configs.Config) error {
func (c *Container) Start(process *Process) error {
c.m.Lock()
defer c.m.Unlock()
return c.start(process)

if err := c.start(process); err != nil {
c.terminate(process)
return err
}
return nil
}

// Run immediately starts the process inside the container. Returns an error if
// the process fails to start. It does not block waiting for the exec fifo
// after start returns but opens the fifo after start returns.
func (c *Container) Run(process *Process) error {
func (c *Container) Run(process *Process) (retErr error) {
c.m.Lock()
defer c.m.Unlock()
lifubang marked this conversation as resolved.
Show resolved Hide resolved

if err := c.start(process); err != nil {
c.terminate(process)
return err
}
if process.Init {
return c.exec()
if !process.Init {
return nil
}
if err := c.exec(); err != nil {
c.terminate(process)
return err
}
return nil
}
Expand All @@ -226,6 +237,34 @@ func (c *Container) Exec() error {
return c.exec()
}

// terminate is to kill the container's init/exec process when got failure.
func (c *Container) terminate(process *Process) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it simple to add tests? Maybe for this function. We can fake the process interface and make it return an error, and test everything that needs to happen, indeed happens?

This might not add a lot of value now, but it will if we refactor this code in the future.

if process.ops == nil {
return
}
if process.Init {
if err := ignoreTerminateErrors(process.ops.terminate()); err != nil {
logrus.WithError(err).Warn("unable to terminate initProcess")
}
// If we haven't saved container's state yet, we need to destroy the
// cgroup & intelRdt manager manually.
if _, err := os.Stat(filepath.Join(c.stateDir, stateFilename)); os.IsNotExist(err) {
if err := c.cgroupManager.Destroy(); err != nil {
logrus.WithError(err).Warn("unable to destroy cgroupManager")
}
if c.intelRdtManager != nil {
if err := c.intelRdtManager.Destroy(); err != nil {
logrus.WithError(err).Warn("unable to destroy intelRdtManager")
}
}
}
return
}
if err := ignoreTerminateErrors(process.ops.terminate()); err != nil {
logrus.WithError(err).Warn("unable to terminate setnsProcess")
}
}

func (c *Container) exec() error {
path := filepath.Join(c.stateDir, execFifoFilename)
pid := c.initProcess.pid()
Expand Down Expand Up @@ -356,12 +395,7 @@ func (c *Container) start(process *Process) (retErr error) {
return err
}

if err := c.config.Hooks.Run(configs.Poststart, s); err != nil {
if err := ignoreTerminateErrors(parent.terminate()); err != nil {
logrus.Warn(fmt.Errorf("error running poststart hook: %w", err))
}
return err
}
return c.config.Hooks.Run(configs.Poststart, s)
}
}
return nil
Expand Down
1 change: 1 addition & 0 deletions libcontainer/process.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
var errInvalidProcess = errors.New("invalid process")

type processOperations interface {
terminate() error
wait() (*os.ProcessState, error)
signal(sig os.Signal) error
pid() int
Expand Down
14 changes: 0 additions & 14 deletions libcontainer/process_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,10 +146,6 @@ func (p *setnsProcess) start() (retErr error) {
// Someone in this cgroup was killed, this _might_ be us.
retErr = fmt.Errorf("%w (possibly OOM-killed)", retErr)
}
err := ignoreTerminateErrors(p.terminate())
lifubang marked this conversation as resolved.
Show resolved Hide resolved
if err != nil {
logrus.WithError(err).Warn("unable to terminate setnsProcess")
}
}
}()

Expand Down Expand Up @@ -548,16 +544,6 @@ func (p *initProcess) start() (retErr error) {
retErr = errors.New(oomError)
}
}

// Terminate the process to ensure we can remove cgroups.
if err := ignoreTerminateErrors(p.terminate()); err != nil {
logrus.WithError(err).Warn("unable to terminate initProcess")
}

_ = p.manager.Destroy()
if p.intelRdtManager != nil {
_ = p.intelRdtManager.Destroy()
}
}
}()

Expand Down
Loading