开源软件构建与测试

Changes of Revision 4

_service:tar_scm:lxc.spec Changed

@@ -1,4 +1,4 @@
-%global _release 9
+%global _release 12
 %global enable_isulad 1
 
 Name:           lxc
@@ -21,6 +21,9 @@
 Patch0010:	0010-add-storage-block-code-for-embedded-image.patch
 Patch0011:	0011-skip-setup-console-if-disable-pty-and-fix-syscontain.patch
 Patch0012:	0012-fix-dev-mount-failed-and-skip-send-recv-devpts_fd-if.patch
+Patch0013:	0013-ensure-cpuset-cgroup-built-while-writing-cgroup.proc.patch
+Patch0014:	0014-fix-cpuset-cgroup-error.patch
+Patch0015:	0015-append-mntopt-to-mntdata-if-not-found-in-mount_opt.patch
 
 BuildRequires:  systemd-units git libtool graphviz docbook2X doxygen chrpath
 BuildRequires:  pkgconfig(libseccomp)
@@ -208,6 +211,24 @@
 %endif
 
 %changelog
+* Thu Feb 22 2024 jikai<jikai11@huawei.com> - 5.0.2-12
+- Type: bugfix
+- ID:NA
+- SUG:NA
+- DESC: append mntopt to mntdata if not found in mount_opt
+
+* Wed Feb 07 2024 jikai<jikai11@huawei.com> - 5.0.2-11
+- Type: bugfix
+- ID:NA
+- SUG:NA
+- DESC: fix cpuset cgroup set error
+
+* Mon Feb 05 2024 jikai<jikai11@huawei.com> - 5.0.2-10
+- Type: bugfix
+- ID:NA
+- SUG:NA
+- DESC: ensure cpuset cgroup built while writing cgroup.procs
+
 * Fri Jan 12 2024 zhangxiaoyu<zhangxiaoyu58@huawei.com> - 5.0.2-9
 - Type: bugfix
 - ID:NA

_service:tar_scm:0013-ensure-cpuset-cgroup-built-while-writing-cgroup.proc.patch Added

@@ -0,0 +1,486 @@
+From a17fa0f10ec2f0f0a19d080c2ffe258192fc6cc1 Mon Sep 17 00:00:00 2001
+From: jikai <jikai11@huawei.com>
+Date: Mon, 5 Feb 2024 18:29:15 +0800
+Subject: PATCH ensure cpuset cgroup built while writing cgroup.procs
+
+Signed-off-by: jikai <jikai11@huawei.com>
+---
+ src/lxc/cgroups/cgfsng.c | 433 +++++++++++++++++++++------------------
+ 1 file changed, 232 insertions(+), 201 deletions(-)
+
+diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
+index 5fd12ff..984e969 100644
+--- a/src/lxc/cgroups/cgfsng.c
++++ b/src/lxc/cgroups/cgfsng.c
+@@ -535,6 +535,207 @@ static int cgroup_tree_remove_wrapper(void *data)
+ 	return cgroup_tree_remove(arg->hierarchies, arg->path_prune);
+ }
+ 
++#ifdef HAVE_ISULAD
++#define BATCH_SIZE 50
++static void batch_realloc(char **mem, size_t oldlen, size_t newlen)
++{
++	int newbatches = (newlen / BATCH_SIZE) + 1;
++	int oldbatches = (oldlen / BATCH_SIZE) + 1;
++
++	if (!*mem || newbatches > oldbatches)
++		*mem = must_realloc(*mem, newbatches * BATCH_SIZE);
++}
++
++static void append_line(char **dest, size_t oldlen, char *new, size_t newlen)
++{
++	size_t full = oldlen + newlen;
++
++	batch_realloc(dest, oldlen, full + 1);
++
++	memcpy(*dest + oldlen, new, newlen + 1);
++}
++
++/* Slurp in a whole file */
++static char *read_file(const char *fnam)
++{
++	__do_free char *buf = NULL, *line = NULL;
++	__do_fclose FILE *f = NULL;
++	size_t len = 0, fulllen = 0;
++	int linelen;
++
++	f = fopen(fnam, "re");
++	if (!f)
++		return NULL;
++
++	while ((linelen = getline(&line, &len, f)) != -1) {
++		append_line(&buf, fulllen, line, linelen);
++		fulllen += linelen;
++	}
++
++	return move_ptr(buf);
++}
++
++static bool isulad_copy_parent_file(char *path, char *file)
++{
++	int ret;
++	int len = 0;
++	char *value = NULL;
++	char *current = NULL;
++	char *fpath = NULL;
++	char *lastslash = NULL;
++	char oldv;
++
++	fpath = must_make_path(path, file, NULL);
++	current = read_file(fpath);
++
++	if (current == NULL) {
++		SYSERROR("Failed to read file \"%s\"", fpath);
++		free(fpath);
++		return false;
++	}
++
++	if (strcmp(current, "\n") != 0) {
++		free(fpath);
++		free(current);
++		return true;
++	}
++
++	free(fpath);
++	free(current);
++
++	lastslash = strrchr(path, '/');
++	if (lastslash == NULL) {
++		ERROR("Failed to detect \"/\" in \"%s\"", path);
++		return false;
++	}
++	oldv = *lastslash;
++	*lastslash = '\0';
++	fpath = must_make_path(path, file, NULL);
++	*lastslash = oldv;
++	len = lxc_read_from_file(fpath, NULL, 0);
++	if (len <= 0)
++		goto on_error;
++
++	value = must_realloc(NULL, len + 1);
++	ret = lxc_read_from_file(fpath, value, len);
++	if (ret != len)
++		goto on_error;
++	free(fpath);
++
++	fpath = must_make_path(path, file, NULL);
++	ret = lxc_write_to_file(fpath, value, len, false, 0666);
++	if (ret < 0)
++		SYSERROR("Failed to write \"%s\" to file \"%s\"", value, fpath);
++	free(fpath);
++	free(value);
++	return ret >= 0;
++
++on_error:
++	SYSERROR("Failed to read file \"%s\"", fpath);
++	free(fpath);
++	free(value);
++	return false;
++}
++
++static bool build_sub_cpuset_cgroup_dir(char *cgpath)
++{
++	int ret;
++
++	ret = mkdir_p(cgpath, 0755);
++	if (ret < 0) {
++		if (errno != EEXIST) {
++			SYSERROR("Failed to create directory \"%s\"", cgpath);
++			return false;
++		}
++	}
++
++	/* copy parent's settings */
++	if (!isulad_copy_parent_file(cgpath, "cpuset.cpus")) {
++		SYSERROR("Failed to copy \"cpuset.cpus\" settings");
++		return false;
++	}
++
++	/* copy parent's settings */
++	if (!isulad_copy_parent_file(cgpath, "cpuset.mems")) {
++		SYSERROR("Failed to copy \"cpuset.mems\" settings");
++		return false;
++	}
++
++	return true;
++}
++
++static bool isulad_cg_legacy_handle_cpuset_hierarchy(struct hierarchy *h, char *cgname)
++{
++	char *cgpath, *slash;
++	bool sub_mk_success = false;
++
++	if (is_unified_hierarchy(h))
++		return true;
++
++	if (!string_in_list(h->controllers, "cpuset"))
++		return true;
++
++	slash = strchr(cgname, '/');
++
++	if (slash != NULL) {
++		while (slash) {
++			*slash = '\0';
++			cgpath = make_cgroup_path(h, h->at_base, cgname, NULL);
++			sub_mk_success = build_sub_cpuset_cgroup_dir(cgpath);
++			free(cgpath);
++			*slash = '/';
++			if (!sub_mk_success) {
++				return false;
++			}
++			slash = strchr(slash + 1, '/');
++		}
++	}
++
++	cgpath = make_cgroup_path(h, h->at_base, cgname, NULL);
++	sub_mk_success = build_sub_cpuset_cgroup_dir(cgpath);
++	free(cgpath);
++	if (!sub_mk_success) {
++		return false;
++	}
++
++	return true;
++}
++
++static int isulad_mkdir_eexist_on_last(const char *dir, mode_t mode)
++{
++	const char *tmp = dir;
++	const char *orig = dir;
++
++	do {
++		int ret;
++		size_t cur_len;
++		char *makeme;
++
++		dir = tmp + strspn(tmp, "/");
++		tmp = dir + strcspn(dir, "/");
++
++		errno = ENOMEM;
++		cur_len = dir - orig;
++		makeme = strndup(orig, cur_len);
++		if (!makeme)
++			return -1;
++
++		ret = mkdir(makeme, mode);
++		if (ret < 0) {
++			if (errno != EEXIST) {
++				SYSERROR("Failed to create directory \"%s\"", makeme);
++				free(makeme);
++				return -1;
++			}
++		}
++		free(makeme);
++
++	} while (tmp != dir);
++
++	return 0;
++}
++#endif
++
+ #ifdef HAVE_ISULAD
+ __cgfsng_ops static bool cgfsng_payload_destroy(struct cgroup_ops *ops,
+ 						struct lxc_handler *handler)
+@@ -806,6 +1007,18 @@ static bool cgroup_tree_create(struct cgroup_ops *ops, struct lxc_conf *conf,
+ 	 */
+ 	cpuset_v1 = !is_unified_hierarchy(h) && string_in_list(h->controllers, "cpuset");
+ 
++#ifdef HAVE_ISULAD
++	/* ensure that cpuset cgroup was set in the whole cgroup path, though lxc does
++	 * cpuset1_initialize(set cgroup.clone_children to 1 and cpuset.cpus and cpuset.mems)
++	 * but it only does so for the first layer of the cgroup path.
++	 * Since K8S could create the path already, so we need to ensure the cpuset cgroup was set
++	 */
++	if (cpuset_v1 && !isulad_cg_legacy_handle_cpuset_hierarchy(h, ops->container_cgroup)) {
++		ERROR("Failed to handle legacy cpuset controller");
++		return false;
++	}
++#endif
++
+ 	if (payload && cgroup_leaf) {
+ 		/* With isolation both parts need to not already exist. */
+ 		fd_limit = __cgroup_tree_create(h->dfd_base, cgroup_limit_dir, 0755, cpuset_v1, false);
+@@ -1662,14 +1875,33 @@ __cgfsng_ops static bool cgfsng_payload_enter(struct cgroup_ops *ops,
+ 	for (int i = 0; ops->hierarchiesi; i++) {
+ 		struct hierarchy *h = ops->hierarchiesi;
+ 		int ret;
++#ifdef HAVE_ISULAD
++		int retry_count = 0;
++		int max_retry = 10;
++#endif
+ 
+ 		if (is_unified_hierarchy(h) &&
+ 		    (handler->clone_flags & CLONE_INTO_CGROUP))
+ 			continue;
+ 
++#ifdef HAVE_ISULAD
++retry:
++		ret = lxc_writeat(h->dfd_con, "cgroup.procs", pidstr, len);
++		if (ret != 0) {
++			if (retry_count < max_retry) {
++				SYSERROR("Failed to enter cgroup \"%s/cgroup.procs\" with retry count:%d", h->path_con, retry_count);
++				(void)isulad_cg_legacy_handle_cpuset_hierarchy(h, ops->container_cgroup);
++				(void)isulad_mkdir_eexist_on_last(h->path_con, 0755);
++				usleep(100 * 1000);
++				retry_count++;
++				goto retry;
++			}
++		}
++#else
+ 		ret = lxc_writeat(h->dfd_con, "cgroup.procs", pidstr, len);
+ 		if (ret != 0)
+ 			return log_error_errno(false, errno, "Failed to enter cgroup \"%s\"", h->path_con);
++#endif
+ 
+ 		TRACE("Moved container into %s cgroup via %d", h->path_con, h->dfd_con);
+ 	}
+@@ -3234,207 +3466,6 @@ static int convert_devpath(const char *invalue, char *dest)
+ 	return 0;
+ }
+ 
+-#ifdef HAVE_ISULAD
+-#define BATCH_SIZE 50
+-static void batch_realloc(char **mem, size_t oldlen, size_t newlen)
+-{
+-	int newbatches = (newlen / BATCH_SIZE) + 1;
+-	int oldbatches = (oldlen / BATCH_SIZE) + 1;
+-
+-	if (!*mem || newbatches > oldbatches)
+-		*mem = must_realloc(*mem, newbatches * BATCH_SIZE);
+-}
+-
+-static void append_line(char **dest, size_t oldlen, char *new, size_t newlen)
+-{
+-	size_t full = oldlen + newlen;
+-
+-	batch_realloc(dest, oldlen, full + 1);
+-
+-	memcpy(*dest + oldlen, new, newlen + 1);
+-}
+-
+-/* Slurp in a whole file */
+-static char *read_file(const char *fnam)
+-{
+-	__do_free char *buf = NULL, *line = NULL;
+-	__do_fclose FILE *f = NULL;
+-	size_t len = 0, fulllen = 0;
+-	int linelen;
+-
+-	f = fopen(fnam, "re");
+-	if (!f)
+-		return NULL;
+-
+-	while ((linelen = getline(&line, &len, f)) != -1) {
+-		append_line(&buf, fulllen, line, linelen);
+-		fulllen += linelen;
+-	}
+-
+-	return move_ptr(buf);
+-}
+-
+-static bool isulad_copy_parent_file(char *path, char *file)
+-{
+-	int ret;
+-	int len = 0;
+-	char *value = NULL;
+-	char *current = NULL;
+-	char *fpath = NULL;
+-	char *lastslash = NULL;
+-	char oldv;
+-
+-	fpath = must_make_path(path, file, NULL);
+-	current = read_file(fpath);
+-
+-	if (current == NULL) {
+-		SYSERROR("Failed to read file \"%s\"", fpath);
+-		free(fpath);
+-		return false;
+-	}
+-
+-	if (strcmp(current, "\n") != 0) {
+-		free(fpath);
+-		free(current);
+-		return true;
+-	}
+-
+-	free(fpath);
+-	free(current);
+-
+-	lastslash = strrchr(path, '/');
+-	if (lastslash == NULL) {
+-		ERROR("Failed to detect \"/\" in \"%s\"", path);
+-		return false;
+-	}
+-	oldv = *lastslash;
+-	*lastslash = '\0';
+-	fpath = must_make_path(path, file, NULL);
+-	*lastslash = oldv;
+-	len = lxc_read_from_file(fpath, NULL, 0);
+-	if (len <= 0)
+-		goto on_error;
+-
+-	value = must_realloc(NULL, len + 1);
+-	ret = lxc_read_from_file(fpath, value, len);
+-	if (ret != len)
+-		goto on_error;
+-	free(fpath);
+-
+-	fpath = must_make_path(path, file, NULL);
+-	ret = lxc_write_to_file(fpath, value, len, false, 0666);
+-	if (ret < 0)
+-		SYSERROR("Failed to write \"%s\" to file \"%s\"", value, fpath);
+-	free(fpath);
+-	free(value);
+-	return ret >= 0;
+-
+-on_error:
+-	SYSERROR("Failed to read file \"%s\"", fpath);
+-	free(fpath);
+-	free(value);
+-	return false;
+-}
+-
+-static bool build_sub_cpuset_cgroup_dir(char *cgpath)
+-{
+-	int ret;
+-
+-	ret = mkdir_p(cgpath, 0755);
+-	if (ret < 0) {
+-		if (errno != EEXIST) {
+-			SYSERROR("Failed to create directory \"%s\"", cgpath);
+-			return false;
+-		}
+-	}
+-
+-	/* copy parent's settings */
+-	if (!isulad_copy_parent_file(cgpath, "cpuset.cpus")) {
+-		SYSERROR("Failed to copy \"cpuset.cpus\" settings");
+-		return false;
+-	}
+-
+-	/* copy parent's settings */
+-	if (!isulad_copy_parent_file(cgpath, "cpuset.mems")) {
+-		SYSERROR("Failed to copy \"cpuset.mems\" settings");
+-		return false;
+-	}
+-
+-	return true;
+-}
+-
+-static bool isulad_cg_legacy_handle_cpuset_hierarchy(struct hierarchy *h, char *cgname)
+-{
+-	char *cgpath, *slash;
+-	bool sub_mk_success = false;
+-
+-	if (is_unified_hierarchy(h))
+-		return true;
+-
+-	if (!string_in_list(h->controllers, "cpuset"))
+-		return true;
+-
+-	slash = strchr(cgname, '/');
+-
+-	if (slash != NULL) {
+-		while (slash) {
+-			*slash = '\0';
+-			cgpath = must_make_path(h->at_mnt, h->at_base, cgname, NULL);
+-			sub_mk_success = build_sub_cpuset_cgroup_dir(cgpath);
+-			free(cgpath);
+-			*slash = '/';
+-			if (!sub_mk_success) {
+-				return false;
+-			}
+-			slash = strchr(slash + 1, '/');
+-		}
+-	}
+-
+-	cgpath = must_make_path(h->at_mnt, h->at_base, cgname, NULL);
+-	sub_mk_success = build_sub_cpuset_cgroup_dir(cgpath);
+-	free(cgpath);
+-	if (!sub_mk_success) {
+-		return false;
+-	}
+-
+-	return true;
+-}
+-
+-static int isulad_mkdir_eexist_on_last(const char *dir, mode_t mode)
+-{
+-	const char *tmp = dir;
+-	const char *orig = dir;
+-
+-	do {
+-		int ret;
+-		size_t cur_len;
+-		char *makeme;
+-
+-		dir = tmp + strspn(tmp, "/");
+-		tmp = dir + strcspn(dir, "/");
+-
+-		errno = ENOMEM;
+-		cur_len = dir - orig;
+-		makeme = strndup(orig, cur_len);
+-		if (!makeme)
+-			return -1;
+-
+-		ret = mkdir(makeme, mode);
+-		if (ret < 0) {
+-			if (errno != EEXIST) {
+-				SYSERROR("Failed to create directory \"%s\"", makeme);
+-				free(makeme);
+-				return -1;
+-			}
+-		}
+-		free(makeme);
+-
+-	} while (tmp != dir);
+-
+-	return 0;
+-}
+-#endif
+-
+ /* Called from setup_limits - here we have the container's cgroup_data because
+  * we created the cgroups.
+  */
+-- 
+2.33.0
+

_service:tar_scm:0014-fix-cpuset-cgroup-error.patch Added

@@ -0,0 +1,60 @@
+From 63945e7f907d7c2943505fffeca606a1c96121fb Mon Sep 17 00:00:00 2001
+From: jikai <jikai11@huawei.com>
+Date: Wed, 7 Feb 2024 17:36:44 +0800
+Subject: PATCH fix cpuset cgroup error
+
+Signed-off-by: jikai <jikai11@huawei.com>
+---
+ src/lxc/cgroups/cgfsng.c | 22 ++++++++++------------
+ 1 file changed, 10 insertions(+), 12 deletions(-)
+
+diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
+index 984e969..471c281 100644
+--- a/src/lxc/cgroups/cgfsng.c
++++ b/src/lxc/cgroups/cgfsng.c
+@@ -1007,18 +1007,6 @@ static bool cgroup_tree_create(struct cgroup_ops *ops, struct lxc_conf *conf,
+ 	 */
+ 	cpuset_v1 = !is_unified_hierarchy(h) && string_in_list(h->controllers, "cpuset");
+ 
+-#ifdef HAVE_ISULAD
+-	/* ensure that cpuset cgroup was set in the whole cgroup path, though lxc does
+-	 * cpuset1_initialize(set cgroup.clone_children to 1 and cpuset.cpus and cpuset.mems)
+-	 * but it only does so for the first layer of the cgroup path.
+-	 * Since K8S could create the path already, so we need to ensure the cpuset cgroup was set
+-	 */
+-	if (cpuset_v1 && !isulad_cg_legacy_handle_cpuset_hierarchy(h, ops->container_cgroup)) {
+-		ERROR("Failed to handle legacy cpuset controller");
+-		return false;
+-	}
+-#endif
+-
+ 	if (payload && cgroup_leaf) {
+ 		/* With isolation both parts need to not already exist. */
+ 		fd_limit = __cgroup_tree_create(h->dfd_base, cgroup_limit_dir, 0755, cpuset_v1, false);
+@@ -1886,6 +1874,11 @@ __cgfsng_ops static bool cgfsng_payload_enter(struct cgroup_ops *ops,
+ 
+ #ifdef HAVE_ISULAD
+ retry:
++		/* ensure that cpuset cgroup was set in the whole cgroup path, though lxc does
++		 * cpuset1_initialize(set cgroup.clone_children to 1 and cpuset.cpus and cpuset.mems)
++		 * but it only does so for the first layer of the cgroup path.
++		 * Since K8S could create the path already, so we need to ensure the cpuset cgroup was set
++		 */
+ 		ret = lxc_writeat(h->dfd_con, "cgroup.procs", pidstr, len);
+ 		if (ret != 0) {
+ 			if (retry_count < max_retry) {
+@@ -3509,6 +3502,11 @@ static int cg_legacy_set_data(struct cgroup_ops *ops, const char *filename,
+ #ifdef HAVE_ISULAD
+ 	fullpath = must_make_path(h->path_con, filename, NULL);
+ retry:
++	/* ensure that cpuset cgroup was set in the whole cgroup path, though lxc does
++	 * cpuset1_initialize(set cgroup.clone_children to 1 and cpuset.cpus and cpuset.mems)
++	 * but it only does so for the first layer of the cgroup path.
++	 * Since K8S could create the path already, so we need to ensure the cpuset cgroup was set
++	 */
+ 	nret = lxc_write_to_file(fullpath, value, strlen(value), false, 0666);
+ 	if (nret != 0) {
+ 		if (retry_count < max_retry) {
+-- 
+2.33.0
+

_service:tar_scm:0015-append-mntopt-to-mntdata-if-not-found-in-mount_opt.patch Added

@@ -0,0 +1,60 @@
+From 1d885dd392eb84816050b6ecffcfcccdfb8e812c Mon Sep 17 00:00:00 2001
+From: jikai <jikai11@huawei.com>
+Date: Thu, 22 Feb 2024 17:22:12 +0800
+Subject: PATCH append mntopt to mntdata if not found in mount_opt
+
+Signed-off-by: jikai <jikai11@huawei.com>
+---
+ src/lxc/conf.c | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/src/lxc/conf.c b/src/lxc/conf.c
+index c73ba04..595e605 100644
+--- a/src/lxc/conf.c
++++ b/src/lxc/conf.c
+@@ -2469,7 +2469,11 @@ int parse_mntopts_legacy(const char *mntopts, unsigned long *mntflags, char **mn
+ 	return 0;
+ }
+ 
++#ifdef HAVE_ISULAD
++static int parse_vfs_attr(struct lxc_mount_options *opts, char *opt, size_t size, char **end, char *mntopts_new)
++#else
+ static int parse_vfs_attr(struct lxc_mount_options *opts, char *opt, size_t size)
++#endif
+ {
+ 	/*
+ 	 * If opt is found in mount_opt, set or clear flags.
+@@ -2525,6 +2529,18 @@ static int parse_vfs_attr(struct lxc_mount_options *opts, char *opt, size_t size
+ 		return 0;
+ 	}
+ 
++#ifdef HAVE_ISULAD
++	/* Add opt to opts->data if not found in mount_opt and propagation_opt.
++	 * Since in safe_mount, if 'z' option was set and selinux was enabled
++	 * isulad should relabel the mount point as share using opts->data.
++	 */
++	if (!*end) {
++		*end = stpcpy(mntopts_new, opt);
++	} else {
++		*end = stpcpy(*end, ",");
++		*end = stpcpy(*end, opt);
++	}
++#endif
+ 	return 0;
+ }
+ 
+@@ -2564,7 +2580,11 @@ int parse_mount_attrs(struct lxc_mount_options *opts, const char *mntopts)
+ 		}
+ 
+ 		/* This is a generic vfs option. */
++#ifdef HAVE_ISULAD
++		ret = parse_vfs_attr(opts, mntopt_cur, size, &end, mntopts_new);
++#else
+ 		ret = parse_vfs_attr(opts, mntopt_cur, size);
++#endif
+ 		if (ret < 0)
+ 			return syserror("Failed to parse mount attributes: \"%s\"", mntopt_cur);
+ 	}
+-- 
+2.33.0
+