Merge pull request #5221 from fuweid/cp-5195

[release/1.4] runtime/v2/runc: fix leaking socket path
containerd · Mar 18, 2021 · b053780 · b053780
2 parents 6bcbb68 + f9d6a76
commit b053780
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 19 deletions.
diff --git a/runtime/v2/runc/v1/service.go b/runtime/v2/runc/v1/service.go
@@ -126,7 +126,7 @@ func newCommand(ctx context.Context, id, containerdBinary, containerdAddress, co
 	return cmd, nil
 }
 
-func (s *service) StartShim(ctx context.Context, id, containerdBinary, containerdAddress, containerdTTRPCAddress string) (string, error) {
+func (s *service) StartShim(ctx context.Context, id, containerdBinary, containerdAddress, containerdTTRPCAddress string) (_ string, retErr error) {
 	cmd, err := newCommand(ctx, id, containerdBinary, containerdAddress, containerdTTRPCAddress)
 	if err != nil {
 		return "", err
@@ -147,6 +147,17 @@ func (s *service) StartShim(ctx context.Context, id, containerdBinary, container
 			return "", err
 		}
 	}
+	defer func() {
+		if retErr != nil {
+			socket.Close()
+			_ = shim.RemoveSocket(address)
+		}
+	}()
+	// make sure that reexec shim-v2 binary use the value if need
+	if err := shim.WriteAddress("address", address); err != nil {
+		return "", err
+	}
+
 	f, err := socket.File()
 	if err != nil {
 		return "", err
@@ -155,11 +166,11 @@ func (s *service) StartShim(ctx context.Context, id, containerdBinary, container
 	cmd.ExtraFiles = append(cmd.ExtraFiles, f)
 
 	if err := cmd.Start(); err != nil {
+		f.Close()
 		return "", err
 	}
 	defer func() {
-		if err != nil {
-			_ = shim.RemoveSocket(address)
+		if retErr != nil {
 			cmd.Process.Kill()
 		}
 	}()
@@ -168,9 +179,6 @@ func (s *service) StartShim(ctx context.Context, id, containerdBinary, container
 	if err := shim.WritePidFile("shim.pid", cmd.Process.Pid); err != nil {
 		return "", err
 	}
-	if err := shim.WriteAddress("address", address); err != nil {
-		return "", err
-	}
 	if data, err := ioutil.ReadAll(os.Stdin); err == nil {
 		if len(data) > 0 {
 			var any ptypes.Any
@@ -203,6 +211,12 @@ func (s *service) StartShim(ctx context.Context, id, containerdBinary, container
 }
 
 func (s *service) Cleanup(ctx context.Context) (*taskAPI.DeleteResponse, error) {
+	if address, err := shim.ReadAddress("address"); err == nil {
+		if err = shim.RemoveSocket(address); err != nil {
+			return nil, err
+		}
+	}
+
 	path, err := os.Getwd()
 	if err != nil {
 		return nil, err
@@ -556,11 +570,10 @@ func (s *service) Connect(ctx context.Context, r *taskAPI.ConnectRequest) (*task
 }
 
 func (s *service) Shutdown(ctx context.Context, r *taskAPI.ShutdownRequest) (*ptypes.Empty, error) {
+	// please make sure that temporary resource has been cleanup
+	// before shutdown service.
 	s.cancel()
 	close(s.events)
-	if address, err := shim.ReadAddress("address"); err == nil {
-		_ = shim.RemoveSocket(address)
-	}
 	return empty, nil
 }
 

diff --git a/runtime/v2/runc/v2/service.go b/runtime/v2/runc/v2/service.go
@@ -220,6 +220,12 @@ func (s *service) StartShim(ctx context.Context, id, containerdBinary, container
 			_ = shim.RemoveSocket(address)
 		}
 	}()
+
+	// make sure that reexec shim-v2 binary use the value if need
+	if err := shim.WriteAddress("address", address); err != nil {
+		return "", err
+	}
+
 	f, err := socket.File()
 	if err != nil {
 		return "", err
@@ -238,9 +244,6 @@ func (s *service) StartShim(ctx context.Context, id, containerdBinary, container
 	}()
 	// make sure to wait after start
 	go cmd.Wait()
-	if err := shim.WriteAddress("address", address); err != nil {
-		return "", err
-	}
 	if data, err := ioutil.ReadAll(os.Stdin); err == nil {
 		if len(data) > 0 {
 			var any ptypes.Any
@@ -290,6 +293,7 @@ func (s *service) Cleanup(ctx context.Context) (*taskAPI.DeleteResponse, error)
 	if err != nil {
 		return nil, err
 	}
+
 	path := filepath.Join(filepath.Dir(cwd), s.id)
 	ns, err := namespaces.NamespaceRequired(ctx)
 	if err != nil {
@@ -668,15 +672,19 @@ func (s *service) Shutdown(ctx context.Context, r *taskAPI.ShutdownRequest) (*pt
 	if len(s.containers) > 0 {
 		return empty, nil
 	}
-	s.cancel()
-	close(s.events)
 
 	if s.platform != nil {
 		s.platform.Close()
 	}
+
 	if s.shimAddress != "" {
 		_ = shim.RemoveSocket(s.shimAddress)
 	}
+
+	// please make sure that temporary resource has been cleanup
+	// before shutdown service.
+	s.cancel()
+	close(s.events)
 	return empty, nil
 }
 

diff --git a/runtime/v2/shim/shim.go b/runtime/v2/shim/shim.go
@@ -239,6 +239,13 @@ func run(id string, initFunc Init, config Config) error {
 				return err
 			}
 		}
+
+		// NOTE: If the shim server is down(like oom killer), the address
+		// socket might be leaking.
+		if address, err := ReadAddress("address"); err == nil {
+			_ = RemoveSocket(address)
+		}
+
 		select {
 		case <-publisher.Done():
 			return nil
@@ -299,15 +306,11 @@ func serve(ctx context.Context, server *ttrpc.Server, path string) error {
 		return err
 	}
 	go func() {
+		defer l.Close()
 		if err := server.Serve(ctx, l); err != nil &&
 			!strings.Contains(err.Error(), "use of closed network connection") {
 			logrus.WithError(err).Fatal("containerd-shim: ttrpc server failure")
 		}
-		l.Close()
-		if address, err := ReadAddress("address"); err == nil {
-			_ = RemoveSocket(address)
-		}
-
 	}()
 	return nil
 }