Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Try to use pidfd and epoll to wait init process exit #4517

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Try to use pidfd and epoll to wait init process exit #4517

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7824bc5
libct: replace unix.Kill with os.Process.Signal
lifubang Nov 8, 2024
794e633
libct: use pidfd and epoll to wait the init process exit
lifubang Nov 8, 2024
7833912
libct: reduce the delete delay
abel-von Nov 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 3 additions & 10 deletions delete.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,23 +5,16 @@ import (
"fmt"
"os"
"path/filepath"
"time"

"github.com/opencontainers/runc/libcontainer"
"github.com/urfave/cli"

"golang.org/x/sys/unix"
)

func killContainer(container *libcontainer.Container) error {
_ = container.Signal(unix.SIGKILL)
for i := 0; i < 100; i++ {
time.Sleep(100 * time.Millisecond)
if err := container.Signal(unix.Signal(0)); err != nil {
return container.Destroy()
}
if err := container.Kill(); err != nil {
return err
}
return errors.New("container init still running")
return container.Destroy()
}

var deleteCommand = cli.Command{
Expand Down
72 changes: 72 additions & 0 deletions libcontainer/container_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -423,6 +423,78 @@ func (c *Container) signal(s os.Signal) error {
return nil
}

func (c *Container) killViaPidfd() error {
pidfd, err := unix.PidfdOpen(c.initProcess.pid(), 0)
if err != nil {
return err
}
defer unix.Close(pidfd)

epollfd, err := unix.EpollCreate1(unix.EPOLL_CLOEXEC)
if err != nil {
return err
}
defer unix.Close(epollfd)

event := unix.EpollEvent{
Events: unix.EPOLLIN,
Fd: int32(pidfd),
}
if err := unix.EpollCtl(epollfd, unix.EPOLL_CTL_ADD, pidfd, &event); err != nil {
return err
}

// We don't need unix.PidfdSendSignal because go runtime will use it if possible.
_ = c.Signal(unix.SIGKILL)

events := make([]unix.EpollEvent, 1)
for {
// Set the timeout to 10s, the same as the traditional unix.Signal solution.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... the same as in kill below

n, err := unix.EpollWait(epollfd, events, 10000)
if err != nil {
if err == unix.EINTR {
continue
}
return err
}

if n == 0 {
return errors.New("container init still running")
}

if n > 0 {
event := events[0]
if event.Fd == int32(pidfd) {
return nil
}
}
}
}

func (c *Container) kill() error {
_ = c.Signal(unix.SIGKILL)
for i := 0; i < 100; i++ {
time.Sleep(100 * time.Millisecond)
if err := c.Signal(unix.Signal(0)); err != nil {
return nil
}
}
return errors.New("container init still running")
}

// Kill kills the container and wait the init process exit.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... and waits for the init process to exit.

func (c *Container) Kill() error {
if c.config.Namespaces.IsPrivate(configs.NEWPID) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might make sense to explain the reason for this "if". Something like "when the container doesn't have a private pidns, we have to kill every process in the cgroup, which killViaPidfd can't do".

err := c.killViaPidfd()
if err == nil {
return nil
}

logrus.Debugf("pidfd & epoll failed, falling back to unix.Signal: %v", err)
}
return c.kill()
}

func (c *Container) createExecFifo() (retErr error) {
rootuid, err := c.Config().HostRootUID()
if err != nil {
Expand Down
12 changes: 2 additions & 10 deletions libcontainer/process_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,11 +115,7 @@ func (p *setnsProcess) startTime() (uint64, error) {
}

func (p *setnsProcess) signal(sig os.Signal) error {
s, ok := sig.(unix.Signal)
if !ok {
return errors.New("os: unsupported signal type")
}
return unix.Kill(p.pid(), s)
return p.cmd.Process.Signal(sig)
}

func (p *setnsProcess) start() (retErr error) {
Expand Down Expand Up @@ -838,11 +834,7 @@ func (p *initProcess) createNetworkInterfaces() error {
}

func (p *initProcess) signal(sig os.Signal) error {
s, ok := sig.(unix.Signal)
if !ok {
return errors.New("os: unsupported signal type")
}
return unix.Kill(p.pid(), s)
return p.cmd.Process.Signal(sig)
}

func (p *initProcess) setExternalDescriptors(newFds []string) {
Expand Down