From 95a9037aa0d166bedfabfded2b15bfb0c174a2b8 Mon Sep 17 00:00:00 2001 From: chenjiankun Date: Tue, 28 Jun 2022 17:32:17 +0800 Subject: [PATCH] fix status inconsistent after restart container fix #I5AIPF fix #I5AD5N (cherry picked from commit e72fc4bf764a9bca988612213a205c9534ca3c6f) --- VERSION-openeuler | 2 +- docker-engine-openeuler.spec | 8 ++++- ...int-with-name-container_xx-already-e.patch | 34 +++++++++--------- ...ayer-umountd-after-container-restart.patch | 36 +++++++++++++++++++ series.conf | 1 + 5 files changed, 63 insertions(+), 18 deletions(-) create mode 100644 patch/0223-fix-rwlayer-umountd-after-container-restart.patch diff --git a/VERSION-openeuler b/VERSION-openeuler index 1727964..ca0e22b 100644 --- a/VERSION-openeuler +++ b/VERSION-openeuler @@ -1 +1 @@ -18.09.0.233 +18.09.0.234 diff --git a/docker-engine-openeuler.spec b/docker-engine-openeuler.spec index e38452f..35eff43 100644 --- a/docker-engine-openeuler.spec +++ b/docker-engine-openeuler.spec @@ -1,6 +1,6 @@ Name: docker-engine Version: 18.09.0 -Release: 233 +Release: 234 Summary: The open-source application container engine Group: Tools/Docker @@ -198,6 +198,12 @@ fi %endif %changelog +* Thu Jun 28 2022 chenjiankun - 18.09.0-234 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix status inconsistent after restart container + * Thu Jun 16 2022 duyiwei - 18.09.0-233 - Type:bugfix - CVE:CVE-2022-24769 diff --git a/patch/0220-docker-fix-endpoint-with-name-container_xx-already-e.patch b/patch/0220-docker-fix-endpoint-with-name-container_xx-already-e.patch index 4ef7e8b..759c266 100644 --- a/patch/0220-docker-fix-endpoint-with-name-container_xx-already-e.patch +++ b/patch/0220-docker-fix-endpoint-with-name-container_xx-already-e.patch @@ -1,33 +1,35 @@ -From a7c1bbed0aed4c9a5c67871f7506646c07c34574 Mon Sep 17 00:00:00 2001 +From ba62de1350b25ec1d85eff67bd3c8c5be98d02a7 Mon Sep 17 00:00:00 2001 From: chenjiankun -Date: Thu, 9 Dec 2021 20:58:32 +0800 +Date: Thu, 17 Mar 2022 20:18:30 +0800 Subject: [PATCH] docker: fix "endpoint with name container_xx already exists in network none" error --- - components/engine/daemon/kill.go | 9 +++++++++ - 1 file changed, 9 insertions(+) + components/engine/daemon/kill.go | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/components/engine/daemon/kill.go b/components/engine/daemon/kill.go -index 2652f7ad2..0388b16c9 100644 +index 2652f7ad2..cb0ec61d1 100644 --- a/components/engine/daemon/kill.go +++ b/components/engine/daemon/kill.go -@@ -163,6 +163,15 @@ func (daemon *Daemon) Kill(container *containerpkg.Container) error { +@@ -162,7 +162,16 @@ func (daemon *Daemon) Kill(container *containerpkg.Container) error { + if isErrNoSuchProcess(err) { // there is a case where we hit here before the exit event is processed // So let's wait the container's stop timeout amount of time to see if the event is eventually processed - container.WaitForState(containerpkg.WaitConditionNotRunning, container.StopTimeout()) -+ // using mock exit event to handle container exit -+ ei := libcontainerd.EventInfo{ -+ ContainerID: container.ID, -+ ProcessID: container.ID, -+ Pid: uint32(container.GetPID()), -+ ExitCode: 137, -+ ExitedAt: time.Now(), +- container.WaitForState(containerpkg.WaitConditionNotRunning, container.StopTimeout()) ++ if err := container.WaitForState(containerpkg.WaitConditionNotRunning, container.StopTimeout()); err != nil { ++ ei := libcontainerd.EventInfo{ ++ ContainerID: container.ID, ++ ProcessID: container.ID, ++ Pid: uint32(container.GetPID()), ++ ExitCode: 137, ++ ExitedAt: time.Now(), ++ } ++ daemon.ProcessEvent(container.ID, libcontainerd.EventExit, ei) + } -+ daemon.ProcessEvent(container.ID, libcontainerd.EventExit, ei) return nil } return err -- -2.27.0 +2.23.0 diff --git a/patch/0223-fix-rwlayer-umountd-after-container-restart.patch b/patch/0223-fix-rwlayer-umountd-after-container-restart.patch new file mode 100644 index 0000000..17b3e2e --- /dev/null +++ b/patch/0223-fix-rwlayer-umountd-after-container-restart.patch @@ -0,0 +1,36 @@ +From e37f4e4f738b605fe5ea1030e39da8d723260007 Mon Sep 17 00:00:00 2001 +From: chenjiankun +Date: Fri, 18 Mar 2022 11:19:28 +0800 +Subject: [PATCH] docker: fix rwlayer umountd after container restart + +if exit event be handled to slow, then the exit event maybe handled again. +we need to add a check after the container lock acquired. +--- + components/engine/daemon/monitor.go | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go +index 0aadf33fd..0bf7f0379 100644 +--- a/components/engine/daemon/monitor.go ++++ b/components/engine/daemon/monitor.go +@@ -60,6 +60,17 @@ func (daemon *Daemon) ProcessEvent(id string, e libcontainerd.EventType, ei libc + if int(ei.Pid) == c.Pid { + logrus.Infof("handle container %s exit event pid=%d", c.ID, c.Pid) + c.Lock() ++ ++ // ProcessEvent could be called concurrently, and will execute serial ++ // for c.Lock(), but int(ei.Pid) == c.Pid has already pass. It will cause ++ // daemon.Cleanup be called twice. This will make rwlayer umount in docker ++ // restart, get "fork/exec /proc/self/exe: no such file or directory" err. ++ // Adding this under c.Lock(), could avaid daemon.Cleanup be called again. ++ if c.Pid == 0 || int(ei.Pid) != c.Pid { ++ c.Unlock() ++ return nil ++ } ++ + _, _, err := daemon.containerd.DeleteTask(context.Background(), c.ID) + if err != nil { + logrus.WithError(err).Warnf("failed to delete container %s from containerd", c.ID) +-- +2.23.0 + diff --git a/series.conf b/series.conf index eefac11..b0c76a1 100644 --- a/series.conf +++ b/series.conf @@ -216,4 +216,5 @@ patch/0219-docker-Fix-container-exited-after-docker-restart-whe.patch patch/0220-docker-fix-endpoint-with-name-container_xx-already-e.patch patch/0221-docker-fix-Up-292-years-in-status-in-docker-ps-a.patch patch/0222-docker-fix-CVE-2022-24769.patch +patch/0223-fix-rwlayer-umountd-after-container-restart.patch #end