From be76f40f72c1c89c3a4347e7624d2edc3f99d6b6 Mon Sep 17 00:00:00 2001 From: chenjiankun Date: Thu, 10 Mar 2022 10:18:26 +0800 Subject: [PATCH 1/5] docker: fix dangling unpigz fix #I4X59E --- VERSION-openeuler | 2 +- docker-engine-openeuler.spec | 8 ++++++- patch/0210-docker-fix-dangling-unpigz.patch | 25 +++++++++++++++++++++ series.conf | 1 + 4 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 patch/0210-docker-fix-dangling-unpigz.patch diff --git a/VERSION-openeuler b/VERSION-openeuler index e6dba37..d6abdb5 100644 --- a/VERSION-openeuler +++ b/VERSION-openeuler @@ -1 +1 @@ -18.09.0.220 +18.09.0.221 diff --git a/docker-engine-openeuler.spec b/docker-engine-openeuler.spec index 70fea8e..a0b5389 100644 --- a/docker-engine-openeuler.spec +++ b/docker-engine-openeuler.spec @@ -1,6 +1,6 @@ Name: docker-engine Version: 18.09.0 -Release: 220 +Release: 221 Summary: The open-source application container engine Group: Tools/Docker @@ -201,6 +201,12 @@ fi %endif %changelog +* Wed Mar 10 2022 chenjiankun - 18.09.0-221 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix dangling unpigz + * Sat Mar 9 2022 chenjiankun - 18.09.0-220 - Type:bugfix - ID:NA diff --git a/patch/0210-docker-fix-dangling-unpigz.patch b/patch/0210-docker-fix-dangling-unpigz.patch new file mode 100644 index 0000000..9ad9917 --- /dev/null +++ b/patch/0210-docker-fix-dangling-unpigz.patch @@ -0,0 +1,25 @@ +From 372bbea9041ab101156c881232d83d3e3124fd25 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Sun, 29 Aug 2021 15:49:03 +0800 +Subject: [PATCH] fix dangling unpigz + +Signed-off-by: WangFengTu +--- + components/engine/builder/dockerfile/copy.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/components/engine/builder/dockerfile/copy.go b/components/engine/builder/dockerfile/copy.go +index ad9b08dfe..c323e7033 100644 +--- a/components/engine/builder/dockerfile/copy.go ++++ b/components/engine/builder/dockerfile/copy.go +@@ -527,6 +527,7 @@ func isArchivePath(driver containerfs.ContainerFS, path string) bool { + if err != nil { + return false + } ++ defer rdr.Close() + r := tar.NewReader(rdr) + _, err = r.Next() + return err == nil +-- +2.23.0 + diff --git a/series.conf b/series.conf index be11697..fb5a60f 100644 --- a/series.conf +++ b/series.conf @@ -203,4 +203,5 @@ patch/0206-docker-archive-fix-race-condition-in-cmdStream.patch patch/0207-docker-fix-runc-data-and-dm-left-when-periodically-kill-containerd.patch patch/0208-docker-fix-ProcessEvent-block-when-CloseStreams-block.patch patch/0209-docker-check-db-file-size-before-start-containerd.patch +patch/0210-docker-fix-dangling-unpigz.patch #end -- Gitee From a8c1251e4869c47f8b9b928b3e700069038d79cc Mon Sep 17 00:00:00 2001 From: chenjiankun Date: Thu, 10 Mar 2022 10:23:30 +0800 Subject: [PATCH 2/5] docker:add timeout for IO.Wait fix #I4X5BY --- VERSION-openeuler | 2 +- docker-engine-openeuler.spec | 8 +- .../0211-docker-add-timeout-for-IO.Wait.patch | 86 +++++++++++++++++++ series.conf | 1 + 4 files changed, 95 insertions(+), 2 deletions(-) create mode 100644 patch/0211-docker-add-timeout-for-IO.Wait.patch diff --git a/VERSION-openeuler b/VERSION-openeuler index d6abdb5..fc26e99 100644 --- a/VERSION-openeuler +++ b/VERSION-openeuler @@ -1 +1 @@ -18.09.0.221 +18.09.0.222 diff --git a/docker-engine-openeuler.spec b/docker-engine-openeuler.spec index a0b5389..1c45e43 100644 --- a/docker-engine-openeuler.spec +++ b/docker-engine-openeuler.spec @@ -1,6 +1,6 @@ Name: docker-engine Version: 18.09.0 -Release: 221 +Release: 222 Summary: The open-source application container engine Group: Tools/Docker @@ -201,6 +201,12 @@ fi %endif %changelog +* Wed Mar 10 2022 chenjiankun - 18.09.0-222 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:add timeout for IO.Wait + * Wed Mar 10 2022 chenjiankun - 18.09.0-221 - Type:bugfix - ID:NA diff --git a/patch/0211-docker-add-timeout-for-IO.Wait.patch b/patch/0211-docker-add-timeout-for-IO.Wait.patch new file mode 100644 index 0000000..78fb820 --- /dev/null +++ b/patch/0211-docker-add-timeout-for-IO.Wait.patch @@ -0,0 +1,86 @@ +From 0ebaeb1830b42642ae78920afafcadc381053a1e Mon Sep 17 00:00:00 2001 +From: chenjiankun +Date: Mon, 30 Aug 2021 20:44:36 +0800 +Subject: [PATCH] docker:add timeout for IO.Wait + +--- + .../containerd/containerd/process.go | 40 +++++++++++++------ + 1 file changed, 28 insertions(+), 12 deletions(-) + +diff --git a/components/engine/vendor/github.com/containerd/containerd/process.go b/components/engine/vendor/github.com/containerd/containerd/process.go +index 4d0dca9f7..a2aaa424b 100644 +--- a/components/engine/vendor/github.com/containerd/containerd/process.go ++++ b/components/engine/vendor/github.com/containerd/containerd/process.go +@@ -18,6 +18,7 @@ package containerd + + import ( + "context" ++ "fmt" + "strings" + "syscall" + "time" +@@ -105,6 +106,21 @@ func (p *process) Pid() uint32 { + return p.pid + } + ++func waitTimeout(io cio.IO, timeout time.Duration) error { ++ done := make(chan struct{}) ++ go func() { ++ io.Wait() ++ close(done) ++ }() ++ ++ select { ++ case <-done: ++ return nil ++ case <-time.After(timeout): ++ return fmt.Errorf("Wait IO timeout") ++ } ++} ++ + // Start starts the exec process + func (p *process) Start(ctx context.Context) error { + r, err := p.task.client.TaskService().Start(ctx, &tasks.StartRequest{ +@@ -112,19 +128,14 @@ func (p *process) Start(ctx context.Context) error { + ExecID: p.id, + }) + if err != nil { +- done := make(chan struct{}) +- go func() { +- p.io.Cancel() +- p.io.Wait() +- p.io.Close() +- close(done) +- }() +- select { +- case <-time.After(30 * time.Second): ++ p.io.Cancel() ++ ++ errWait := waitTimeout(p.io, 30*time.Second) ++ if errWait != nil { + logrus.Warnf("process start failed with error %v, wait io close timeout, some fifo io may be dropped.", err) +- case <-done: +- // ok + } ++ p.io.Close() ++ + return errdefs.FromGRPC(err) + } + p.pid = r.Pid +@@ -221,7 +232,12 @@ func (p *process) Delete(ctx context.Context, opts ...ProcessDeleteOpts) (*ExitS + } + if p.io != nil { + p.io.Cancel() +- p.io.Wait() ++ ++ err := waitTimeout(p.io, 3*time.Second) ++ if err != nil { ++ logrus.Warnf("Wait io close timeout, some fifo io may be dropped.") ++ } ++ + p.io.Close() + } + return &ExitStatus{code: r.ExitStatus, exitedAt: r.ExitedAt}, nil +-- +2.27.0 + diff --git a/series.conf b/series.conf index fb5a60f..437d623 100644 --- a/series.conf +++ b/series.conf @@ -204,4 +204,5 @@ patch/0207-docker-fix-runc-data-and-dm-left-when-periodically-kill-containerd.pa patch/0208-docker-fix-ProcessEvent-block-when-CloseStreams-block.patch patch/0209-docker-check-db-file-size-before-start-containerd.patch patch/0210-docker-fix-dangling-unpigz.patch +patch/0211-docker-add-timeout-for-IO.Wait.patch #end -- Gitee From 0791d0df1c8ef2e2d7acfb2ba824813063e4d9ef Mon Sep 17 00:00:00 2001 From: chenjiankun Date: Thu, 10 Mar 2022 10:28:48 +0800 Subject: [PATCH 3/5] docker:fix time Ticker leak fix #I4X5GA Tick's Ticker cannot be recovered by the garbage collector, it will leak and cause CPU usage high in this case. We should replace it with NewTicker and explicitly Stop it. --- VERSION-openeuler | 2 +- docker-engine-openeuler.spec | 8 ++++- patch/0212-docker-fix-time-Ticker-leak.patch | 38 ++++++++++++++++++++ series.conf | 1 + 4 files changed, 47 insertions(+), 2 deletions(-) create mode 100644 patch/0212-docker-fix-time-Ticker-leak.patch diff --git a/VERSION-openeuler b/VERSION-openeuler index fc26e99..7b80d0b 100644 --- a/VERSION-openeuler +++ b/VERSION-openeuler @@ -1 +1 @@ -18.09.0.222 +18.09.0.223 diff --git a/docker-engine-openeuler.spec b/docker-engine-openeuler.spec index 1c45e43..15bb17b 100644 --- a/docker-engine-openeuler.spec +++ b/docker-engine-openeuler.spec @@ -1,6 +1,6 @@ Name: docker-engine Version: 18.09.0 -Release: 222 +Release: 223 Summary: The open-source application container engine Group: Tools/Docker @@ -201,6 +201,12 @@ fi %endif %changelog +* Wed Mar 10 2022 chenjiankun - 18.09.0-223 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix time Ticker leak + * Wed Mar 10 2022 chenjiankun - 18.09.0-222 - Type:bugfix - ID:NA diff --git a/patch/0212-docker-fix-time-Ticker-leak.patch b/patch/0212-docker-fix-time-Ticker-leak.patch new file mode 100644 index 0000000..da9f6bb --- /dev/null +++ b/patch/0212-docker-fix-time-Ticker-leak.patch @@ -0,0 +1,38 @@ +From aa1e1d6caf6983e6242a13b4cf98497161a7abb5 Mon Sep 17 00:00:00 2001 +From: chenjiankun +Date: Sat, 11 Sep 2021 11:45:53 +0800 +Subject: [PATCH] docker:fix time Ticker leak + +Tick's Ticker cannot be recovered by the garbage collector, it will +leak and cause CPU usage high in this case. We should replace it with +NewTicker and explicitly Stop it. +--- + components/engine/daemon/freezer/freezer.go | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/components/engine/daemon/freezer/freezer.go b/components/engine/daemon/freezer/freezer.go +index 907c7aac2..6df176f2f 100644 +--- a/components/engine/daemon/freezer/freezer.go ++++ b/components/engine/daemon/freezer/freezer.go +@@ -184,7 +184,8 @@ func (f *freezer) updateCgroup(state string) error { + curState = strings.TrimSpace(curState) + + timeout := time.After(30 * time.Second) +- tick := time.Tick(1 * time.Millisecond) ++ ticker := time.NewTicker(1 * time.Millisecond) ++ defer ticker.Stop() + for { + select { + case <-timeout: +@@ -192,7 +193,7 @@ func (f *freezer) updateCgroup(state string) error { + return fmt.Errorf("cannot write %s to freezer for %#v", curState, err) + } + return fmt.Errorf("update freezer cgroup timeout for 30s") +- case <-tick: ++ case <-ticker.C: + // In case this loop does not exit because it doesn't get the expected + // state, let's write again this state, hoping it's going to be properly + // set this time. Otherwise, this loop could run infinitely, waiting for +-- +2.27.0 + diff --git a/series.conf b/series.conf index 437d623..d4210c3 100644 --- a/series.conf +++ b/series.conf @@ -205,4 +205,5 @@ patch/0208-docker-fix-ProcessEvent-block-when-CloseStreams-block.patch patch/0209-docker-check-db-file-size-before-start-containerd.patch patch/0210-docker-fix-dangling-unpigz.patch patch/0211-docker-add-timeout-for-IO.Wait.patch +patch/0212-docker-fix-time-Ticker-leak.patch #end -- Gitee From 90a85c1ade7a9fcc02924406ae0df10a36007157 Mon Sep 17 00:00:00 2001 From: chenjiankun Date: Thu, 10 Mar 2022 10:32:43 +0800 Subject: [PATCH 4/5] docker:fix bug where failed kills didnt fallback to unix kill fix #I4X5HK if killPossiblyDeadProcess fails, we expect to execute killProcessDirectly to direct kill the process. But container.Wait return err when the timeout deadline exceeded, and not execute the killProcessDirectly fucntion. Then docker stop will hang. --- VERSION-openeuler | 2 +- docker-engine-openeuler.spec | 8 ++- ...ed-kills-didnt-fallback-to-unix-kill.patch | 66 +++++++++++++++++++ series.conf | 1 + 4 files changed, 75 insertions(+), 2 deletions(-) create mode 100644 patch/0213-docker-fix-bug-where-failed-kills-didnt-fallback-to-unix-kill.patch diff --git a/VERSION-openeuler b/VERSION-openeuler index 7b80d0b..d0fada6 100644 --- a/VERSION-openeuler +++ b/VERSION-openeuler @@ -1 +1 @@ -18.09.0.223 +18.09.0.224 diff --git a/docker-engine-openeuler.spec b/docker-engine-openeuler.spec index 15bb17b..fd25724 100644 --- a/docker-engine-openeuler.spec +++ b/docker-engine-openeuler.spec @@ -1,6 +1,6 @@ Name: docker-engine Version: 18.09.0 -Release: 223 +Release: 224 Summary: The open-source application container engine Group: Tools/Docker @@ -201,6 +201,12 @@ fi %endif %changelog +* Wed Mar 10 2022 chenjiankun - 18.09.0-224 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix bug where failed kills didnt fallback to unix kill + * Wed Mar 10 2022 chenjiankun - 18.09.0-223 - Type:bugfix - ID:NA diff --git a/patch/0213-docker-fix-bug-where-failed-kills-didnt-fallback-to-unix-kill.patch b/patch/0213-docker-fix-bug-where-failed-kills-didnt-fallback-to-unix-kill.patch new file mode 100644 index 0000000..1968198 --- /dev/null +++ b/patch/0213-docker-fix-bug-where-failed-kills-didnt-fallback-to-unix-kill.patch @@ -0,0 +1,66 @@ +From 1cbe2e6c0865f11fa264c24378bb0180cce6d414 Mon Sep 17 00:00:00 2001 +From: chenjiankun +Date: Wed, 22 Sep 2021 16:09:44 +0800 +Subject: [PATCH] docker:fix bug where failed kills didnt fallback to unix kill + +if killPossiblyDeadProcess fails, we expect to execute killProcessDirectly to +direct kill the process. But container.Wait return err when the timeout deadline +exceeded, and not execute the killProcessDirectly fucntion. Then docker stop will +hang. +--- + components/engine/daemon/kill.go | 14 +++++++++----- + components/engine/daemon/stop.go | 6 ++++-- + 2 files changed, 13 insertions(+), 7 deletions(-) + +diff --git a/components/engine/daemon/kill.go b/components/engine/daemon/kill.go +index 4c8ccf93d..593275cf8 100644 +--- a/components/engine/daemon/kill.go ++++ b/components/engine/daemon/kill.go +@@ -153,8 +153,8 @@ func (daemon *Daemon) Kill(container *containerpkg.Container) error { + ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) + defer cancel() + +- if status := <-container.Wait(ctx, containerpkg.WaitConditionNotRunning); status.Err() != nil { +- return err ++ if status := <-container.Wait(ctx, containerpkg.WaitConditionNotRunning); status.Err() == nil { ++ return nil + } + } + +@@ -166,9 +166,13 @@ func (daemon *Daemon) Kill(container *containerpkg.Container) error { + return err + } + +- // Wait for exit with no timeout. +- // Ignore returned status. +- <-container.Wait3(context.Background(), containerpkg.WaitConditionNotRunning, waitStop) ++ // wait for container to exit one last time, if it doesn't then kill didnt work, so return error ++ ctx2, cancel2 := context.WithTimeout(context.Background(), 2*time.Second) ++ defer cancel2() ++ ++ if status := <-container.Wait3(ctx2, containerpkg.WaitConditionNotRunning, waitStop); status.Err() != nil { ++ return errors.New("tried to kill container, but did not receive an exit event") ++ } + + return nil + } +diff --git a/components/engine/daemon/stop.go b/components/engine/daemon/stop.go +index 40bc36dfd..741f5d5dd 100644 +--- a/components/engine/daemon/stop.go ++++ b/components/engine/daemon/stop.go +@@ -82,8 +82,10 @@ func (daemon *Daemon) containerStop(container *containerpkg.Container, seconds i + logrus.Infof("Container %v failed to exit within %d seconds of signal %d - using the force", container.ID, seconds, stopSignal) + // 3. If it doesn't, then send SIGKILL + if err := daemon.Kill(container); err != nil { +- // Wait without a timeout, ignore result. +- <-container.Wait(context.Background(), containerpkg.WaitConditionNotRunning) ++ ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) ++ defer cancel() ++ ++ <-container.Wait(ctx, containerpkg.WaitConditionNotRunning) + logrus.Warn(err) // Don't return error because we only care that container is stopped, not what function stopped it + } + } +-- +2.27.0 + diff --git a/series.conf b/series.conf index d4210c3..a9c2d12 100644 --- a/series.conf +++ b/series.conf @@ -206,4 +206,5 @@ patch/0209-docker-check-db-file-size-before-start-containerd.patch patch/0210-docker-fix-dangling-unpigz.patch patch/0211-docker-add-timeout-for-IO.Wait.patch patch/0212-docker-fix-time-Ticker-leak.patch +patch/0213-docker-fix-bug-where-failed-kills-didnt-fallback-to-unix-kill.patch #end -- Gitee From f13675bb1287efa1d503e7a2d7e2ab146293b39c Mon Sep 17 00:00:00 2001 From: chenjiankun Date: Thu, 10 Mar 2022 10:36:39 +0800 Subject: [PATCH 5/5] docker: do not check result of issueDiscard fix #I4X5KL If device not exist, issueDiscard will fail. We expect deleteDevice success if device not exist. --- VERSION-openeuler | 2 +- docker-engine-openeuler.spec | 8 ++++- ...-do-not-check-result-of-issueDiscard.patch | 31 +++++++++++++++++++ series.conf | 1 + 4 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 patch/0214-docker-do-not-check-result-of-issueDiscard.patch diff --git a/VERSION-openeuler b/VERSION-openeuler index d0fada6..b47a890 100644 --- a/VERSION-openeuler +++ b/VERSION-openeuler @@ -1 +1 @@ -18.09.0.224 +18.09.0.225 diff --git a/docker-engine-openeuler.spec b/docker-engine-openeuler.spec index fd25724..8c726e9 100644 --- a/docker-engine-openeuler.spec +++ b/docker-engine-openeuler.spec @@ -1,6 +1,6 @@ Name: docker-engine Version: 18.09.0 -Release: 224 +Release: 225 Summary: The open-source application container engine Group: Tools/Docker @@ -201,6 +201,12 @@ fi %endif %changelog +* Wed Mar 10 2022 chenjiankun - 18.09.0-225 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:do not check result of issueDiscard + * Wed Mar 10 2022 chenjiankun - 18.09.0-224 - Type:bugfix - ID:NA diff --git a/patch/0214-docker-do-not-check-result-of-issueDiscard.patch b/patch/0214-docker-do-not-check-result-of-issueDiscard.patch new file mode 100644 index 0000000..e485147 --- /dev/null +++ b/patch/0214-docker-do-not-check-result-of-issueDiscard.patch @@ -0,0 +1,31 @@ +From dd4eb547134482edc9d3248870480c3f24cab655 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Mon, 18 Oct 2021 16:14:15 +0800 +Subject: [PATCH] do not check result of issueDiscard + +If device not exist, issueDiscard will fail. +We expect deleteDevice success if device not exist. + +Signed-off-by: WangFengTu +--- + components/engine/daemon/graphdriver/devmapper/deviceset.go | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/components/engine/daemon/graphdriver/devmapper/deviceset.go b/components/engine/daemon/graphdriver/devmapper/deviceset.go +index 9b6cb0212..caa0a64cc 100644 +--- a/components/engine/daemon/graphdriver/devmapper/deviceset.go ++++ b/components/engine/daemon/graphdriver/devmapper/deviceset.go +@@ -2078,9 +2078,7 @@ func (devices *DeviceSet) deleteDevice(info *devInfo, syncDelete bool) error { + defer devices.closeTransaction() + + if devices.doBlkDiscard { +- if err := devices.issueDiscard(info); err != nil { +- return err +- } ++ devices.issueDiscard(info) + } + + // Try to deactivate device in case it is active. +-- +2.27.0 + diff --git a/series.conf b/series.conf index a9c2d12..6babed7 100644 --- a/series.conf +++ b/series.conf @@ -207,4 +207,5 @@ patch/0210-docker-fix-dangling-unpigz.patch patch/0211-docker-add-timeout-for-IO.Wait.patch patch/0212-docker-fix-time-Ticker-leak.patch patch/0213-docker-fix-bug-where-failed-kills-didnt-fallback-to-unix-kill.patch +patch/0214-docker-do-not-check-result-of-issueDiscard.patch #end -- Gitee