Try to use pidfd and epoll to wait init process exit #4517
Conversation
lifubang
force-pushed
the
kill-via-pidfd
branch
from
bcddc62 to
8126a8d
Compare
|
@abel-von PTAL |
|
It seems that the first commit can be merged now and is definitely an improvement. For the rest of it, give me a few days to review. |
|
Reviewing this reminded me the next step needed for pidfd support in Go, so I wrote this proposal: golang/go#70352 |
Wonderful proposal, I used to think that golang wouldn't support similar interfaces, but I think it's very useful, looking forward its coming. |
lifubang
force-pushed
the
kill-via-pidfd
branch
from
8126a8d to
7833912
Compare
|
LGTM |
|
@lifubang are you going to keep working on it? This looks very good overall |
Thanks, I'll work on it later. |
lifubang
force-pushed
the
kill-via-pidfd
branch
2 times, most recently
from
cc64599 to
16ae7fc
Compare
There was a problem hiding this comment.
Frankly, I'm having a hard time reviewing this because it's hard to wrap around all the kill/destroy logic that we already have in place:
container.Signal;terminatemethod ofparentProcess;destroy(c *Container);- etc.
All this seem like a bunch of code full of special cases and kludges, and (in my eyes) it cries to be refactored to be more straightforward and clean. Maybe I'm wrong but this stands in the way of me reviewing this.
As I can't finish this, here's my WIP review bits and pieces:
-
The logic added might also be useful from
func destroy(c *Container) error. -
Using epoll on pidfd can also be used when there are multiple pids (i.e. from signalAllProcesses, in the current code).
-
This adds a new public method (
container.Kill) when we already havecontainer.Signal. I understand why, but maybe we should call itcontainer.KillSync(orcontainer.EnsureKilled) instead (so it's clear it not just sends the SIGKILL but also waits for the container to be killed). A note tocontainer.Signalshould be added referencing the new method. It should also be described in libcontainer's README.
|
This would be very nice to have in 1.3 but we might not have enough time to have it ready by 1.3-rc1. |
I think it's not worth to do:
If we don't want to introduce a wait mechanism in |
lifubang
force-pushed
the
kill-via-pidfd
branch
2 times, most recently
from
edc621d to
5f102d8
Compare
I agree, let's drop the 'signalAllProcesses` (frankly I don't remember why I thought it would be useful in there). |
|
Will try to review the rest of it tomorrow. |
lifubang
force-pushed
the
kill-via-pidfd
branch
from
5f102d8 to
74e9927
Compare
libcontainer/container_linux.go
Outdated
| // KillAndWaitExit kills the container and waits for the init process to exit. | ||
| func (c *Container) KillAndWaitExit() error { |
There was a problem hiding this comment.
After some consideration, I don't like the KillAndWaitExit name, because
- when a process is being killed, it does not exit;
- we're not waiting for a process to exit -- we're waiting for the kernel to finish killing it.
The KillAndWait name is not good either, as I said earlier (it implies wait syscall, which we don't call as it's not our child).
This is why I've suggested something like KillSync or EnsureKilled before.
libcontainer/container_linux.go
Outdated
| // We don't need unix.PidfdSendSignal because go runtime will use it if possible. | ||
| _ = c.Signal(unix.SIGKILL) |
There was a problem hiding this comment.
Maybe use c.signal here as we made sure that we have private pidns.
Maybe don't ignore error, because otherwise you might be waiting for 10 seconds for something that will never happen.
Or, you can be explicit and use PidfdSendSignal here to be 100% sure that it succeeded.
Signed-off-by: lifubang <lifubang@acmcoder.com>
When using unix.Kill to kill the container, we need a for loop to detect the init process exited or not manually, we sleep 100ms each time in the current, but for stopped containers or containers running in a low load machine, we don't need to wait so long time. This change will reduce the delete delay in some situations, especially for those pods with many containers in. Co-authored-by: Abel Feng <fshb1988@gmail.com> Signed-off-by: lifubang <lifubang@acmcoder.com>
This PR does some optimizations for
runc delete -f.unix.PidFDSendSignalto send signal to the process,this is helpful to reduce the risk of pid reuse attack. So we should replace
unix.Killwithos.Process.Signalin runc when possible.os.Process.Waitis used to wait the child process, to wait a unrelated process, weshould introduce pidfd & epoll to reduce the sleep time when we want to detect the init
process exited or not.
unix.Killsolution, but for stopped containers or containers running in a low load machine,we don't need to wait 100ms to do the next detection.
Close: #4512