Skip to content

Commit

Permalink
libpod: unlock containers when removing pod
Browse files Browse the repository at this point in the history
It solves a race where a container cleanup process launched because of
the container process exiting normally would hang.

It also solves a problem when running as rootless on cgroup v1 since
it is not possible to force pids.max = 1 on conmon to limit spawning
the cleanup process.

Partially copied from containers#13403

Related to: containers#14057

[NO NEW TESTS NEEDED] it doesn't add any new functionality

Signed-off-by: Giuseppe Scrivano <[email protected]>
  • Loading branch information
giuseppe authored and mheon committed May 3, 2022
1 parent 159d597 commit 7249651
Showing 1 changed file with 13 additions and 2 deletions.
15 changes: 13 additions & 2 deletions libpod/runtime_pod_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -199,10 +199,15 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool,
// Go through and lock all containers so we can operate on them all at
// once.
// First loop also checks that we are ready to go ahead and remove.
containersLocked := true
for _, ctr := range ctrs {
ctrLock := ctr.lock
ctrLock.Lock()
defer ctrLock.Unlock()
defer func() {
if containersLocked {
ctrLock.Unlock()
}
}()

// If we're force-removing, no need to check status.
if force {
Expand Down Expand Up @@ -304,6 +309,12 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool,
}
}

// let's unlock the containers so if there is any cleanup process, it can terminate its execution
for _, ctr := range ctrs {
ctr.lock.Unlock()
}
containersLocked = false

// Remove pod cgroup, if present
if p.state.CgroupPath != "" {
logrus.Debugf("Removing pod cgroup %s", p.state.CgroupPath)
Expand Down Expand Up @@ -332,7 +343,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool,
}
}
if err == nil {
if err := conmonCgroup.Delete(); err != nil {
if err = conmonCgroup.Delete(); err != nil {
if removalErr == nil {
removalErr = errors.Wrapf(err, "error removing pod %s conmon cgroup", p.ID())
} else {
Expand Down

0 comments on commit 7249651

Please sign in to comment.