Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make cgroup freezer only care about current control group (carry #3065) #3081

Merged
merged 2 commits into from
Jul 12, 2021
Merged

Make cgroup freezer only care about current control group (carry #3065) #3081

merged 2 commits into from
Jul 12, 2021

Conversation

kolyshkin
Copy link
Contributor

@kolyshkin kolyshkin commented Jul 9, 2021
edited
Loading

This is the same as #3065 with a few nitpicks and minor fixes on top.

Fixes the issue (frozen containers) that led to runc bump to 1.0.0 reverted in kubernetes.

Diff from #3065 (not including commit messages):

diff --git a/libcontainer/cgroups/fs/freezer.go b/libcontainer/cgroups/fs/freezer.go
index 734fc46a..4baa2798 100644
--- a/libcontainer/cgroups/fs/freezer.go
+++ b/libcontainer/cgroups/fs/freezer.go
@@ -129,8 +129,8 @@ func (s *FreezerGroup) GetState(path string) (configs.FreezerState, error) {
                case "THAWED":
                        return configs.Thawed, nil
                case "FROZEN":
-                       // Check freezer state for current control group to check
-                       // if it is frozen, or if it is one of its ancestors.
+                       // Find out whether the cgroup is frozen directly,
+                       // or indirectly via an ancestor.
                        self, err := cgroups.ReadFile(path, "freezer.self_freezing")
                        if err != nil {
                                // If the kernel is too old, then we just treat
@@ -146,7 +146,7 @@ func (s *FreezerGroup) GetState(path string) (configs.FreezerState, error) {
                        case "1\n":
                                return configs.Frozen, nil
                        default:
-                               return configs.Undefined, fmt.Errorf(`unknown "freezer.self_freezing" state: %q`, state)
+                               return configs.Undefined, fmt.Errorf(`unknown "freezer.self_freezing" state: %q`, self)
                        }
                case "FREEZING":
                        // Make sure we get a stable freezer state, so retry if the cgroup
diff --git a/libcontainer/cgroups/systemd/systemd_test.go b/libcontainer/cgroups/systemd/systemd_test.go
index 30957cdf..a444ff61 100644
--- a/libcontainer/cgroups/systemd/systemd_test.go
+++ b/libcontainer/cgroups/systemd/systemd_test.go
@@ -234,7 +234,6 @@ func TestFreezePodCgroup(t *testing.T) {
        if pf != configs.Frozen {
                t.Fatalf("expected pod to be frozen, got %v", pf)
        }
-       t.Log("pod frozen")
 
        // Create a "container" within the "pod" cgroup.
        // This is not a real container, just a process in the cgroup.
@@ -277,7 +276,6 @@ func TestFreezePodCgroup(t *testing.T) {
        if err != nil {
                t.Fatal(err)
        }
-       t.Log("container started")
        // Make sure to not leave a zombie.
        defer func() {
                // These may fail, we don't care.
@@ -295,21 +293,26 @@ func TestFreezePodCgroup(t *testing.T) {
        if err := cm.Set(containerConfig.Resources); err != nil {
                t.Fatal(err)
        }
-       t.Log("container pid added")
        // Check that we put the "container" into the "pod" cgroup.
        if !strings.HasPrefix(cm.Path("freezer"), pm.Path("freezer")) {
                t.Fatalf("expected container cgroup path %q to be under pod cgroup path %q",
                        cm.Path("freezer"), pm.Path("freezer"))
        }
+       // Check the container is not reported as frozen despite the frozen parent.
+       cf, err := cm.GetFreezerState()
+       if err != nil {
+               t.Fatal(err)
+       }
+       if cf != configs.Thawed {
+               t.Fatalf("expected container to be thawed, got %v", cf)
+       }
 
-       t.Log("pod is still frozen -- thawing")
        // Unfreeze the pod.
        if err := pm.Freeze(configs.Thawed); err != nil {
                t.Fatal(err)
        }
 
-       t.Log("check that container is thawed and working")
-       cf, err := cm.GetFreezerState()
+       cf, err = cm.GetFreezerState()
        if err != nil {
                t.Fatal(err)
        }

1.0 backport: #3085

odinuge and others added 2 commits July 8, 2021 19:32
@odinuge @kolyshkin
libct/cg/fs/freezer.GetState: report current cgroup state
294c486 
If a control group is frozen, all its descendants will report FROZEN
in freezer.state cgroup file.

OTOH cgroup v2 cgroup.freeze is not reporting the cgroup as frozen
unless it is frozen directly (i.e. not via an ancestor).

Fix the discrepancy between v1 and v2 drivers behavior by
looking into freezer.self_freezing cgroup file, which, according
to kernel documentation, will show 1 iff the cgroup was frozen directly.

Co-authored-by: Kir Kolyshkin <[email protected]>
Signed-off-by: Odin Ugedal <[email protected]>
Signed-off-by: Kir Kolyshkin <[email protected]>
@odinuge @kolyshkin
libct/cg/sd: Add freezer tests
3e5c199 
This test the issues fixed by the two preceding commits.

Co-Authored-By: Kir Kolyshkin <[email protected]>
Signed-off-by: Odin Ugedal <[email protected]>
Signed-off-by: Kir Kolyshkin <[email protected]>
This was referenced Jul 9, 2021
Closed
Closed
Merged
odinuge
odinuge approved these changes Jul 9, 2021
View reviewed changes
Copy link
Contributor

@odinuge odinuge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Thanks!

libcontainer/cgroups/systemd/systemd_test.go
t.Fatalf("expected container cgroup path %q to be under pod cgroup path %q",
cm.Path("freezer"), pm.Path("freezer"))
}
// Check the container is not reported as frozen despite the frozen parent.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@kolyshkin kolyshkin added this to the 1.1.0 milestone Jul 9, 2021
@kolyshkin kolyshkin added area/cgroupv1 area/systemd backport/1.0-todo A PR in main branch which needs to be backported to release-1.0 and removed area/cgroupv1 area/systemd labels Jul 9, 2021
@kolyshkin kolyshkin mentioned this pull request Jul 9, 2021
Closed
fuweid
fuweid approved these changes Jul 10, 2021
View reviewed changes
Copy link
Member

@fuweid fuweid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM(nb)

@AkihiroSuda AkihiroSuda merged commit 3a041e9 into opencontainers:master Jul 12, 2021
@kolyshkin kolyshkin mentioned this pull request Jul 12, 2021
Merged
@kolyshkin kolyshkin mentioned this pull request Jul 14, 2021
Closed
@kolyshkin kolyshkin added backport/1.0-done A PR in main branch which has been backported to release-1.0 and removed backport/1.0-todo A PR in main branch which needs to be backported to release-1.0 labels Nov 30, 2021
@kolyshkin kolyshkin mentioned this pull request May 18, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fuweid fuweid fuweid approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@odinuge odinuge odinuge approved these changes

@mrunalp mrunalp mrunalp approved these changes

@cyphar cyphar Awaiting requested review from cyphar

Assignees
No one assigned
Labels
area/cgroupv1 backport/1.0-done A PR in main branch which has been backported to release-1.0
Projects
None yet
Milestone
1.1.0
Development

Successfully merging this pull request may close these issues.
5 participants
@kolyshkin @mrunalp @odinuge @AkihiroSuda @fuweid