diff --git a/0020-fix-CRI-SetupPod-and-TearDownPod-deadlock.patch b/0020-fix-CRI-SetupPod-and-TearDownPod-deadlock.patch new file mode 100644 index 0000000..2cb2098 --- /dev/null +++ b/0020-fix-CRI-SetupPod-and-TearDownPod-deadlock.patch @@ -0,0 +1,220 @@ +From e3e5cf6d2a6858f9f83ee42f8ceeaaef4752ff1b Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Thu, 2 Mar 2023 14:27:01 +0800 +Subject: [PATCH 20/26] fix CRI SetupPod and TearDownPod deadlock + +Signed-off-by: zhangxiaoyu +--- + src/daemon/entry/cri/cni_network_plugin.cc | 44 +++++++++++++------ + .../cri_pod_sandbox_manager_service_impl.cc | 2 + + src/daemon/entry/cri/network_plugin.cc | 39 +++++++++++----- + 3 files changed, 61 insertions(+), 24 deletions(-) + +diff --git a/src/daemon/entry/cri/cni_network_plugin.cc b/src/daemon/entry/cri/cni_network_plugin.cc +index 9b03bea1..02e75ffe 100644 +--- a/src/daemon/entry/cri/cni_network_plugin.cc ++++ b/src/daemon/entry/cri/cni_network_plugin.cc +@@ -110,9 +110,12 @@ void CniNetworkPlugin::SetDefaultNetwork(std::unique_ptr network, st + if (network == nullptr) { + return; + } +- WLockNetworkMap(err); +- if (err.NotEmpty()) { +- ERROR("%s", err.GetCMessage()); ++ ++ Errors tmpErr; ++ WLockNetworkMap(tmpErr); ++ if (tmpErr.NotEmpty()) { ++ ERROR("%s", tmpErr.GetCMessage()); ++ err.AppendError(tmpErr.GetCMessage()); + return; + } + m_defaultNetwork = std::move(network); +@@ -120,9 +123,10 @@ void CniNetworkPlugin::SetDefaultNetwork(std::unique_ptr network, st + + DEBUG("Update new cni network: \"%s\"", m_defaultNetwork->GetName().c_str()); + +- UnlockNetworkMap(err); +- if (err.NotEmpty()) { +- ERROR("%s", err.GetCMessage()); ++ UnlockNetworkMap(tmpErr); ++ if (tmpErr.NotEmpty()) { ++ ERROR("%s", tmpErr.GetCMessage()); ++ err.AppendError(tmpErr.GetCMessage()); + } + } + +@@ -132,8 +136,11 @@ void CniNetworkPlugin::UpdateMutlNetworks(std::vectorGetName()] = std::move(*iter); + } + +- UnlockNetworkMap(err); ++ UnlockNetworkMap(tmpErr); ++ if (tmpErr.NotEmpty()) { ++ err.AppendError(tmpErr.GetCMessage()); ++ } + } + + CniNetworkPlugin::CniNetworkPlugin(std::vector &binDirs, const std::string &confDir, +@@ -336,13 +346,20 @@ free_out: + + void CniNetworkPlugin::CheckInitialized(Errors &err) + { +- RLockNetworkMap(err); +- if (err.NotEmpty()) { +- ERROR("%s", err.GetCMessage()); ++ Errors tmpErr; ++ RLockNetworkMap(tmpErr); ++ if (tmpErr.NotEmpty()) { ++ ERROR("%s", tmpErr.GetCMessage()); ++ err.AppendError(tmpErr.GetCMessage()); + return; + } + bool inited = (m_defaultNetwork != nullptr); +- UnlockNetworkMap(err); ++ ++ UnlockNetworkMap(tmpErr); ++ if (tmpErr.NotEmpty()) { ++ err.AppendError(tmpErr.GetCMessage()); ++ } ++ + if (!inited) { + err.AppendError("cni config uninitialized"); + } +@@ -527,6 +544,7 @@ void CniNetworkPlugin::SetUpPod(const std::string &ns, const std::string &name, + } + } + ++ err.Clear(); + RLockNetworkMap(err); + if (err.NotEmpty()) { + ERROR("%s", err.GetCMessage()); +diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc +index 2ebd800e..7ff545db 100644 +--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc ++++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc +@@ -642,6 +642,7 @@ auto PodSandboxManagerServiceImpl::GetRealSandboxIDToStop(const std::string &pod + if (status->linux().namespaces().has_options()) { + hostNetwork = (status->linux().namespaces().options().network() == runtime::v1alpha2::NamespaceMode::NODE); + } ++ // if metadata is invalid, don't return -1 and continue stopping pod + if (status->has_metadata()) { + name = status->metadata().name(); + ns = status->metadata().namespace_(); +@@ -779,6 +780,7 @@ auto PodSandboxManagerServiceImpl::ClearCniNetwork(const std::string &realSandbo + } + } + ++ pluginErr.Clear(); + m_pluginManager->TearDownPod(ns, name, Network::DEFAULT_NETWORK_INTERFACE_NAME, realSandboxID, stdAnnos, + pluginErr); + if (pluginErr.NotEmpty()) { +diff --git a/src/daemon/entry/cri/network_plugin.cc b/src/daemon/entry/cri/network_plugin.cc +index 7a957de3..9933b584 100644 +--- a/src/daemon/entry/cri/network_plugin.cc ++++ b/src/daemon/entry/cri/network_plugin.cc +@@ -422,21 +422,27 @@ void PluginManager::GetPodNetworkStatus(const std::string &ns, const std::string + const std::string &interfaceName, const std::string &podSandboxID, + PodNetworkStatus &status, Errors &error) + { ++ Errors tmpErr; + std::string fullName = name + "_" + ns; + +- Lock(fullName, error); +- if (error.NotEmpty()) { ++ Lock(fullName, tmpErr); ++ if (tmpErr.NotEmpty()) { ++ error.AppendError(tmpErr.GetCMessage()); + return; + } + if (m_plugin != nullptr) { +- Errors tmpErr; + m_plugin->GetPodNetworkStatus(ns, name, interfaceName, podSandboxID, status, tmpErr); + if (tmpErr.NotEmpty()) { + error.Errorf("NetworkPlugin %s failed on the status hook for pod %s: %s", m_plugin->Name().c_str(), + fullName.c_str(), tmpErr.GetCMessage()); + } + } +- Unlock(fullName, error); ++ ++ tmpErr.Clear(); ++ Unlock(fullName, tmpErr); ++ if (tmpErr.NotEmpty()) { ++ error.AppendError(tmpErr.GetCMessage()); ++ } + } + + void PluginManager::SetUpPod(const std::string &ns, const std::string &name, const std::string &interfaceName, +@@ -447,20 +453,26 @@ void PluginManager::SetUpPod(const std::string &ns, const std::string &name, con + return; + } + ++ Errors tmpErr; + std::string fullName = name + "_" + ns; +- Lock(fullName, error); +- if (error.NotEmpty()) { ++ Lock(fullName, tmpErr); ++ if (tmpErr.NotEmpty()) { ++ error.AppendError(tmpErr.GetCMessage()); + return; + } + INFO("Calling network plugin %s to set up pod %s", m_plugin->Name().c_str(), fullName.c_str()); + +- Errors tmpErr; + m_plugin->SetUpPod(ns, name, interfaceName, podSandboxID, annotations, options, tmpErr); + if (tmpErr.NotEmpty()) { + error.Errorf("NetworkPlugin %s failed to set up pod %s network: %s", m_plugin->Name().c_str(), fullName.c_str(), + tmpErr.GetCMessage()); + } +- Unlock(fullName, error); ++ ++ tmpErr.Clear(); ++ Unlock(fullName, tmpErr); ++ if (tmpErr.NotEmpty()) { ++ error.AppendError(tmpErr.GetCMessage()); ++ } + } + + void PluginManager::TearDownPod(const std::string &ns, const std::string &name, const std::string &interfaceName, +@@ -469,8 +481,9 @@ void PluginManager::TearDownPod(const std::string &ns, const std::string &name, + { + Errors tmpErr; + std::string fullName = name + "_" + ns; +- Lock(fullName, error); +- if (error.NotEmpty()) { ++ Lock(fullName, tmpErr); ++ if (tmpErr.NotEmpty()) { ++ error.AppendError(tmpErr.GetCMessage()); + return; + } + if (m_plugin == nullptr) { +@@ -484,7 +497,11 @@ void PluginManager::TearDownPod(const std::string &ns, const std::string &name, + fullName.c_str(), tmpErr.GetCMessage()); + } + unlock: +- Unlock(fullName, error); ++ tmpErr.Clear(); ++ Unlock(fullName, tmpErr); ++ if (tmpErr.NotEmpty()) { ++ error.AppendError(tmpErr.GetCMessage()); ++ } + } + + void NoopNetworkPlugin::Init(const std::string &hairpinMode, const std::string &nonMasqueradeCIDR, int mtu, +-- +2.25.1 + diff --git a/0021-support-pull-image-with-digest.patch b/0021-support-pull-image-with-digest.patch new file mode 100644 index 0000000..8c35f5f --- /dev/null +++ b/0021-support-pull-image-with-digest.patch @@ -0,0 +1,316 @@ +From ea3ffc300224b2fee31a5c9f761386cb830ce7bc Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Thu, 16 Feb 2023 18:22:02 +0800 +Subject: [PATCH 21/26] support pull image with digest + +usage: isula pull busybox@sha256:907ca53d7e2947e849b839b1cd258c98fd3916c60f2e6e70c30edbf741ab6754 + +Signed-off-by: haozi007 +--- + src/daemon/executor/container_cb/execution.c | 2 +- + src/daemon/executor/image_cb/image_cb.c | 8 ++++ + src/daemon/modules/image/oci/oci_pull.c | 23 ++++++---- + .../modules/image/oci/registry/registry.c | 2 +- + .../oci/storage/image_store/image_store.c | 7 +++ + src/daemon/modules/image/oci/utils_images.c | 45 +++++++++++++++---- + src/daemon/modules/image/oci/utils_images.h | 2 + + src/utils/cutils/utils_verify.c | 25 ++++++++--- + src/utils/cutils/utils_verify.h | 3 ++ + 9 files changed, 92 insertions(+), 25 deletions(-) + +diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c +index 735c1bff..92c34b09 100644 +--- a/src/daemon/executor/container_cb/execution.c ++++ b/src/daemon/executor/container_cb/execution.c +@@ -405,7 +405,7 @@ static int do_init_cpurt_cgroups_path(const char *path, int recursive_depth, con + return 0; + } + +-// TODO: maybe we should adapt to cgroup v2 ++// maybe we should adapt to cgroup v2 + static int cpurt_controller_init(const char *id, const host_config *host_spec) + { + int ret = 0; +diff --git a/src/daemon/executor/image_cb/image_cb.c b/src/daemon/executor/image_cb/image_cb.c +index 5beda5f4..c087a679 100644 +--- a/src/daemon/executor/image_cb/image_cb.c ++++ b/src/daemon/executor/image_cb/image_cb.c +@@ -556,6 +556,14 @@ static int trans_one_image(image_list_images_response *response, size_t image_in + out_image->name = util_strdup_s(im_image->repo_tags[repo_index]); + } + ++ if (out_image->name == NULL && im_image->repo_digests != NULL && im_image->repo_digests_len > 0) { ++ // repo digest must valid, so just get lastest @ ++ char *pod = strrchr(im_image->repo_digests[0], '@'); ++ if (pod != NULL) { ++ out_image->name = util_sub_string(im_image->repo_digests[0], 0, (size_t)(pod - im_image->repo_digests[0])); ++ } ++ } ++ + out_image->target = util_common_calloc_s(sizeof(image_descriptor)); + if (out_image->target == NULL) { + ERROR("Out of memory"); +diff --git a/src/daemon/modules/image/oci/oci_pull.c b/src/daemon/modules/image/oci/oci_pull.c +index d8c874a8..c39cab22 100644 +--- a/src/daemon/modules/image/oci/oci_pull.c ++++ b/src/daemon/modules/image/oci/oci_pull.c +@@ -119,10 +119,19 @@ static int pull_image(const im_pull_request *request, char **name) + options->skip_tls_verify = oci_image_data->insecure_skip_verify_enforce; + insecure_registries = oci_image_data->insecure_registries; + ++ // key of image which save in image-store ++ options->dest_image_name = oci_normalize_image_name(request->image); ++ ++ // add default tag if required ++ with_tag = oci_default_tag(request->image); ++ + host = oci_get_host(request->image); + if (host != NULL) { +- options->image_name = oci_default_tag(request->image); +- options->dest_image_name = oci_normalize_image_name(request->image); ++ // 1. image_name use for split host/tag/name ++ // 2. user for tag of log ++ options->image_name = with_tag; ++ with_tag = NULL; ++ + update_option_insecure_registry(options, insecure_registries, host); + ret = registry_pull(options); + if (ret != 0) { +@@ -143,13 +152,12 @@ static int pull_image(const im_pull_request *request, char **name) + } + host = oci_host_from_mirror(*mirror); + update_option_insecure_registry(options, insecure_registries, host); +- with_tag = oci_default_tag(request->image); ++ // add current mirror to image name ++ free(options->image_name); + options->image_name = oci_add_host(host, with_tag); +- free(with_tag); +- with_tag = NULL; + free(host); + host = NULL; +- options->dest_image_name = oci_normalize_image_name(request->image); ++ + ret = registry_pull(options); + if (ret != 0) { + continue; +@@ -161,10 +169,9 @@ static int pull_image(const im_pull_request *request, char **name) + *name = util_strdup_s(options->dest_image_name); + + out: ++ free(with_tag); + free(host); +- host = NULL; + free_registry_pull_options(options); +- options = NULL; + + return ret; + } +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index e3efbb7c..14e84f81 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -1855,7 +1855,7 @@ static int prepare_pull_desc(pull_descriptor *desc, registry_pull_options *optio + } + + if (!util_valid_image_name(options->dest_image_name)) { +- ERROR("Invalid dest image name %s", options->image_name); ++ ERROR("Invalid dest image name %s", options->dest_image_name); + isulad_try_set_error_message("Invalid image name"); + return -1; + } +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index 9dab66fd..7e1a5373 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -1980,6 +1980,7 @@ static int resort_image_names(const char **names, size_t names_len, char **first + MAX_IMAGE_NAME_LENGTH - MAX_IMAGE_DIGEST_LENGTH); + } + ++ // maybe should support other digest + if (prefix != NULL && strcmp(prefix, DIGEST_PREFIX) == 0) { + if (util_array_append(image_digests, names[i]) != 0) { + ERROR("Failed to append image to digest: %s", names[i]); +@@ -2173,6 +2174,7 @@ static int get_image_repo_digests(char ***old_repo_digests, char **image_tags, i + goto out; + } + ++ // get repo digest from images which with tag + if (pack_repo_digest(old_repo_digests, (const char **)image_tags, digest, repo_digests) != 0) { + ERROR("Failed to pack repo digest"); + ret = -1; +@@ -2195,12 +2197,17 @@ static int pack_image_tags_and_repo_digest(image_t *img, imagetool_image *info) + char *image_digest = NULL; + char **repo_digests = NULL; + ++ // get names from image-store names: ++ // 1. image names with tag; ++ // 2. image names with digests; ++ // 3. get first image name, current unused; + if (resort_image_names((const char **)img->simage->names, img->simage->names_len, &name, &tags, &digests) != 0) { + ERROR("Failed to resort image names"); + ret = -1; + goto out; + } + ++ // update repo digests from tags + if (get_image_repo_digests(&digests, tags, img, &image_digest, &repo_digests) != 0) { + ERROR("Failed to get image repo digests"); + ret = -1; +diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c +index 80a25502..794f0d16 100644 +--- a/src/daemon/modules/image/oci/utils_images.c ++++ b/src/daemon/modules/image/oci/utils_images.c +@@ -42,6 +42,26 @@ + // nanos of 2038-01-19T03:14:07, the max valid linux time + #define MAX_NANOS 2147483647000000000 + ++char *oci_image_digest_pos(const char *name) ++{ ++ char *pos = NULL; ++ ++ if (name == NULL) { ++ return NULL; ++ } ++ ++ pos = strrchr(name, '@'); ++ if (pos == NULL) { ++ return NULL; ++ } ++ ++ if (util_reg_match(__DIGESTPattern, pos) != 0) { ++ return NULL; ++ } ++ ++ return pos; ++} ++ + char *get_last_part(char **parts) + { + char *last_part = NULL; +@@ -98,6 +118,7 @@ char *oci_default_tag(const char *name) + } + + last_part = get_last_part(parts); ++ // will pass image name with digest and with tag + if (last_part != NULL && strrchr(last_part, ':') == NULL) { + add_default_tag = DEFAULT_TAG; + } +@@ -181,9 +202,9 @@ char *oci_normalize_image_name(const char *name) + return result; + } + +-int oci_split_image_name(const char *image_name, char **host, char **name, char **tag) ++int oci_split_image_name(const char *image_name, char **host, char **name, char **tag_digest) + { +- char *tag_pos = NULL; ++ char *tag_digest_pos = NULL; + char *name_pos = NULL; + char *tmp_image_name = NULL; + +@@ -193,18 +214,24 @@ int oci_split_image_name(const char *image_name, char **host, char **name, char + } + + tmp_image_name = util_strdup_s(image_name); +- tag_pos = util_tag_pos(tmp_image_name); +- if (tag_pos != NULL) { +- *tag_pos = 0; +- tag_pos++; +- if (tag != NULL) { +- *tag = util_strdup_s(tag_pos); ++ ++ // check digest first ++ tag_digest_pos = oci_image_digest_pos(tmp_image_name); ++ if (tag_digest_pos == NULL) { ++ tag_digest_pos = util_tag_pos(tmp_image_name); ++ } ++ ++ if (tag_digest_pos != NULL) { ++ *tag_digest_pos = '\0'; ++ tag_digest_pos++; ++ if (tag_digest != NULL) { ++ *tag_digest = util_strdup_s(tag_digest_pos); + } + } + + name_pos = strchr(tmp_image_name, '/'); + if (name_pos != NULL) { +- *name_pos = 0; ++ *name_pos = '\0'; + name_pos++; + if (name != NULL) { + *name = util_strdup_s(name_pos); +diff --git a/src/daemon/modules/image/oci/utils_images.h b/src/daemon/modules/image/oci/utils_images.h +index 2fa8b29d..53bce4e0 100644 +--- a/src/daemon/modules/image/oci/utils_images.h ++++ b/src/daemon/modules/image/oci/utils_images.h +@@ -56,6 +56,8 @@ char *oci_get_isulad_tmpdir(const char *root_dir); + int makesure_isulad_tmpdir_perm_right(const char *root_dir); + char *get_hostname_to_strip(); + ++char *oci_image_digest_pos(const char *name); ++ + #ifdef __cplusplus + } + #endif +diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c +index 713e72c3..ea43a40a 100644 +--- a/src/utils/cutils/utils_verify.c ++++ b/src/utils/cutils/utils_verify.c +@@ -359,7 +359,7 @@ cleanup: + bool util_valid_image_name(const char *name) + { + char *copy = NULL; +- char *tag_pos = NULL; ++ char *check_pos = NULL; + bool bret = false; + + if (name == NULL) { +@@ -372,13 +372,26 @@ bool util_valid_image_name(const char *name) + } + + copy = util_strdup_s(name); +- tag_pos = util_tag_pos(copy); +- if (tag_pos != NULL) { +- if (util_reg_match(__TagPattern, tag_pos)) { ++ ++ // 1. first, check digest or not ++ check_pos = strrchr(copy, '@'); ++ if (check_pos != NULL) { ++ // image name with digest ++ if (util_reg_match(__DIGESTPattern, check_pos)) { + goto cleanup; + } +- +- *tag_pos = '\0'; ++ *check_pos = '\0'; ++ } else { ++ // image name without digest ++ // 2. check tag or not ++ check_pos = util_tag_pos(copy); ++ if (check_pos != NULL) { ++ if (util_reg_match(__TagPattern, check_pos)) { ++ goto cleanup; ++ } ++ ++ *check_pos = '\0'; ++ } + } + + if (util_reg_match(__NamePattern, copy)) { +diff --git a/src/utils/cutils/utils_verify.h b/src/utils/cutils/utils_verify.h +index 87976299..7d954475 100644 +--- a/src/utils/cutils/utils_verify.h ++++ b/src/utils/cutils/utils_verify.h +@@ -33,6 +33,9 @@ extern "C" { + "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])" \ + "((\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(:[0-9]+)?/)?[a-z0-9]" \ + "+((([._]|__|[-]*)[a-z0-9]+)+)?((/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?)+)?$" ++ ++#define __DIGESTPattern "@[a-z0-9]+:[a-z0-9]{32,}" ++ + #define VALID_VOLUME_NAME "[a-zA-Z0-9][a-zA-Z0-9_.-]{1,63}" + + extern const char *g_all_caps[]; +-- +2.25.1 + diff --git a/0022-isulad-shim-support-execSync-with-timeout.patch b/0022-isulad-shim-support-execSync-with-timeout.patch new file mode 100644 index 0000000..80694ba --- /dev/null +++ b/0022-isulad-shim-support-execSync-with-timeout.patch @@ -0,0 +1,186 @@ +From 7d5be830bfae9f9908b3b7b323975b65fc7dd856 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Mon, 13 Feb 2023 15:36:58 +0800 +Subject: [PATCH 22/26] isulad-shim support execSync with timeout + +Signed-off-by: zhongtao +--- + .../executor/container_cb/execution_stream.c | 2 +- + .../modules/runtime/isula/isula_rt_ops.c | 37 +++++++++++++++--- + src/utils/cutils/utils.c | 39 +++++++++++++++++++ + src/utils/cutils/utils.h | 5 +++ + 4 files changed, 77 insertions(+), 6 deletions(-) + +diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c +index fde0335e..1a7353b5 100644 +--- a/src/daemon/executor/container_cb/execution_stream.c ++++ b/src/daemon/executor/container_cb/execution_stream.c +@@ -161,7 +161,7 @@ static int container_exec_cb(const container_exec_request *request, container_ex + + if (exec_container(cont, request, *response, stdinfd, stdout_handler, stderr_handler) != 0) { + ret = -1; +- goto out; ++ goto pack_err_response; + } + + goto out; +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index e80aa9a4..51a72c4f 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -205,6 +205,10 @@ static void show_shim_runtime_errlog(const char *workdir) + char buf1[SHIM_LOG_SIZE] = { 0 }; + char buf2[SHIM_LOG_SIZE] = { 0 }; + ++ if (g_isulad_errmsg != NULL) { ++ return; ++ } ++ + get_err_message(buf1, sizeof(buf1), workdir, "shim-log.json"); + get_err_message(buf2, sizeof(buf2), workdir, "log.json"); + ERROR("shim-log: %s", buf1); +@@ -678,8 +682,29 @@ static int status_to_exit_code(int status) + return exit_code; + } + ++static int try_wait_pid(pid_t pid) ++{ ++ if (waitpid(pid, NULL, WNOHANG) == pid) { ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static void kill_and_show_err(pid_t pid) ++{ ++ int nret = 0; ++ kill(pid, SIGKILL); ++ // wait atmost 0.5 seconds ++ DO_RETRY_CALL(5, 100000, nret, try_wait_pid, pid); ++ if (nret != 0) { ++ WARN("Fail to wait isulad-shim"); ++ } ++ isulad_set_error_message("Exec container error;exec timeout"); ++} ++ + static int shim_create(bool fg, const char *id, const char *workdir, const char *bundle, const char *runtime_cmd, +- int *exit_code) ++ int *exit_code, const int64_t timeout) + { + pid_t pid = 0; + int exec_fd[2] = { -1, -1 }; +@@ -770,7 +795,7 @@ realexec: + goto out; + } + +- status = util_wait_for_pid_status(pid); ++ status = util_waitpid_with_timeout(pid, timeout, kill_and_show_err); + if (status < 0) { + ERROR("failed wait shim-parent %d exit %s", pid, strerror(errno)); + ret = -1; +@@ -784,7 +809,9 @@ realexec: + out: + if (ret != 0) { + show_shim_runtime_errlog(workdir); +- kill(pid, SIGKILL); /* can kill other process? */ ++ if (timeout <= 0) { ++ kill(pid, SIGKILL); /* can kill other process? */ ++ } + } + + return ret; +@@ -893,7 +920,7 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_ + } + + get_runtime_cmd(runtime, &cmd); +- ret = shim_create(false, id, workdir, params->bundle, cmd, NULL); ++ ret = shim_create(false, id, workdir, params->bundle, cmd, NULL, -1); + if (ret != 0) { + runtime_call_delete_force(workdir, runtime, id); + ERROR("%s: failed create shim process", id); +@@ -1165,7 +1192,7 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p + } + + get_runtime_cmd(runtime, &cmd); +- ret = shim_create(fg_exec(params), id, workdir, bundle, cmd, exit_code); ++ ret = shim_create(fg_exec(params), id, workdir, bundle, cmd, exit_code, params->timeout); + if (ret != 0) { + ERROR("%s: failed create shim process for exec %s", id, exec_id); + goto errlog_out; +diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c +index 2c3709ad..9173cd14 100644 +--- a/src/utils/cutils/utils.c ++++ b/src/utils/cutils/utils.c +@@ -313,6 +313,45 @@ rep: + return 0; + } + ++/* ++ * If timeout <= 0, blocking wait pid. ++ * If timeout > 0, non-blocking wait pid with timeout. ++ * When waitpid timeout, calling handle_timeout_callback_t. ++ */ ++int util_waitpid_with_timeout(pid_t pid, const int64_t timeout, handle_timeout_callback_t cb) ++{ ++ int nret = 0; ++ time_t start_time = time(NULL); ++ time_t end_time; ++ double interval; ++ ++ if (timeout <= 0) { ++ return util_wait_for_pid_status(pid); ++ } ++ ++ for (;;) { ++ nret = waitpid(pid, NULL, WNOHANG); ++ if (nret == pid) { ++ break; ++ } ++ if (nret == -1 && errno != EINTR) { ++ return -1; ++ } ++ end_time = time(NULL); ++ interval = difftime(end_time, start_time); ++ if (nret == 0 && interval >= timeout) { ++ INFO("Wait %d timeout", pid); ++ if (cb != NULL) { ++ cb(pid); ++ } ++ return -1; ++ } ++ // sleep some time instead to avoid cpu full running and then retry. ++ sleep(0.1); ++ } ++ return 0; ++} ++ + int util_wait_for_pid_status(pid_t pid) + { + int st; +diff --git a/src/utils/cutils/utils.h b/src/utils/cutils/utils.h +index fec6d879..d14d048e 100644 +--- a/src/utils/cutils/utils.h ++++ b/src/utils/cutils/utils.h +@@ -301,6 +301,9 @@ typedef struct _proc_t { + processor; /* current (or most recent?) CPU */ + } proc_t; + ++// handle waitpid timeout. ++typedef void(*handle_timeout_callback_t)(pid_t pid); ++ + struct signame { + int num; + const char *name; +@@ -328,6 +331,8 @@ char *util_strdup_s(const char *src); + + int util_wait_for_pid(pid_t pid); + ++int util_waitpid_with_timeout(pid_t pid, const int64_t timeout, handle_timeout_callback_t cb); ++ + void util_contain_errmsg(const char *errmsg, int *exit_code); + + char *util_short_digest(const char *digest); +-- +2.25.1 + diff --git a/0023-change-sleep-to-usleep-to-avoid-lossing-of-accuracy.patch b/0023-change-sleep-to-usleep-to-avoid-lossing-of-accuracy.patch new file mode 100644 index 0000000..9a08535 --- /dev/null +++ b/0023-change-sleep-to-usleep-to-avoid-lossing-of-accuracy.patch @@ -0,0 +1,26 @@ +From e9bd090e5d6755eacaa1f8710c32386aba5190f2 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Mon, 6 Mar 2023 09:54:44 +0800 +Subject: [PATCH 23/26] change sleep() to usleep() to avoid lossing of accuracy + +Signed-off-by: zhongtao +--- + src/utils/cutils/utils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c +index 9173cd14..64d7e9f9 100644 +--- a/src/utils/cutils/utils.c ++++ b/src/utils/cutils/utils.c +@@ -347,7 +347,7 @@ int util_waitpid_with_timeout(pid_t pid, const int64_t timeout, handle_timeout_c + return -1; + } + // sleep some time instead to avoid cpu full running and then retry. +- sleep(0.1); ++ usleep(0.1); + } + return 0; + } +-- +2.25.1 + diff --git a/0024-adapt-to-repo-of-openeuler-url-changed.patch b/0024-adapt-to-repo-of-openeuler-url-changed.patch new file mode 100644 index 0000000..84a99ef --- /dev/null +++ b/0024-adapt-to-repo-of-openeuler-url-changed.patch @@ -0,0 +1,33 @@ +From 7a2f218550735403319a0bea6c47a0c334838a12 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Mon, 6 Mar 2023 14:38:58 +0800 +Subject: [PATCH 24/26] adapt to repo of openeuler url changed + +Signed-off-by: haozi007 +--- + CI/pr-gateway.sh | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/CI/pr-gateway.sh b/CI/pr-gateway.sh +index 604ec6cb..93b07c44 100755 +--- a/CI/pr-gateway.sh ++++ b/CI/pr-gateway.sh +@@ -18,7 +18,15 @@ if [ $# -eq 1 ]; then + tbranch=$1 + fi + ++sed -i "s#http://repo.openeuler.org#https://repo.huaweicloud.com/openeuler#g" /etc/yum.repos.d/openEuler.repo ++ ++dnf update -y ++ + dnf install -y gtest-devel gmock-devel diffutils cmake gcc-c++ yajl-devel patch make libtool libevent-devel libevhtp-devel grpc grpc-plugins grpc-devel protobuf-devel libcurl libcurl-devel sqlite-devel libarchive-devel device-mapper-devel http-parser-devel libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel systemd-devel git chrpath ++if [ $? -ne 0 ]; then ++ echo "install dependences failed" ++ exit 1 ++fi + + # dnf install -y cargo rust rust-packaging + +-- +2.25.1 + diff --git a/0025-modify-sleep-time.patch b/0025-modify-sleep-time.patch new file mode 100644 index 0000000..01f44e3 --- /dev/null +++ b/0025-modify-sleep-time.patch @@ -0,0 +1,26 @@ +From c2bf76c3b6af0d88d84a76cd5680caf0aa22e321 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Mon, 6 Mar 2023 15:34:05 +0800 +Subject: [PATCH 25/26] modify sleep time + +Signed-off-by: zhongtao +--- + src/utils/cutils/utils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c +index 64d7e9f9..7f36d019 100644 +--- a/src/utils/cutils/utils.c ++++ b/src/utils/cutils/utils.c +@@ -347,7 +347,7 @@ int util_waitpid_with_timeout(pid_t pid, const int64_t timeout, handle_timeout_c + return -1; + } + // sleep some time instead to avoid cpu full running and then retry. +- usleep(0.1); ++ usleep(100); + } + return 0; + } +-- +2.25.1 + diff --git a/0026-change-goto-branch.patch b/0026-change-goto-branch.patch new file mode 100644 index 0000000..f4075a7 --- /dev/null +++ b/0026-change-goto-branch.patch @@ -0,0 +1,27 @@ +From e0c800749961cf9f97b6a767ea3f7628a568a33d Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Mon, 6 Mar 2023 17:22:16 +0800 +Subject: [PATCH 26/26] change goto branch + +Signed-off-by: zhongtao +--- + src/daemon/executor/container_cb/execution_stream.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c +index 1a7353b5..7e928cf7 100644 +--- a/src/daemon/executor/container_cb/execution_stream.c ++++ b/src/daemon/executor/container_cb/execution_stream.c +@@ -161,7 +161,8 @@ static int container_exec_cb(const container_exec_request *request, container_ex + + if (exec_container(cont, request, *response, stdinfd, stdout_handler, stderr_handler) != 0) { + ret = -1; +- goto pack_err_response; ++ // pack err response in exec_container, there is no need to pack here. ++ goto out; + } + + goto out; +-- +2.25.1 + diff --git a/iSulad.spec b/iSulad.spec index 686ee2c..6f73309 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.0.18 -%global _release 3 +%global _release 4 %global is_systemd 1 %global enable_shimv2 1 %global is_embedded 1 @@ -32,6 +32,13 @@ Patch0016: 0016-fix-code-style.patch Patch0017: 0017-add-retry-for-read-write.patch Patch0018: 0018-add-crictl-timeout-and-sync-for-CI.patch Patch0019: 0019-unlock-m_podsLock-if-new-failed.patch +Patch0020: 0020-fix-CRI-SetupPod-and-TearDownPod-deadlock.patch +Patch0021: 0021-support-pull-image-with-digest.patch +Patch0022: 0022-isulad-shim-support-execSync-with-timeout.patch +Patch0023: 0023-change-sleep-to-usleep-to-avoid-lossing-of-accuracy.patch +Patch0024: 0024-adapt-to-repo-of-openeuler-url-changed.patch +Patch0025: 0025-modify-sleep-time.patch +Patch0026: 0026-change-goto-branch.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -276,6 +283,12 @@ fi %endif %changelog +* Wed Mar 09 2023 zhangxiaoyu - 2.0.18-4 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: upgrade from upstream + * Wed Feb 22 2023 zhangxiaoyu - 2.0.18-3 - Type: bugfix - ID: NA