diff --git a/apply-patch b/apply-patch index 3a9f525b14a0df1e11583583db87bcd72e988e41..24d7d0bbbff842aea87427f95c897dce94cd79e6 100755 --- a/apply-patch +++ b/apply-patch @@ -7,14 +7,11 @@ set -ex -pkg=containerd-1.2.0 +pkg=containerd-1.6.20 cwd=$PWD src=$cwd/$pkg -unzip v1.2.0.zip -if [[ ! -d patch ]]; then - tar zxf patch.tar.gz -fi +unzip v1.6.20.zip cd $src git init @@ -24,16 +21,6 @@ git config user.email 'build@obs.com' git commit -m 'init build' cd $cwd -series=$cwd/series.conf -while IPF= read -r line -do - if [[ "$line" =~ ^patch* ]]; then - echo git apply $cwd/$line - cd $src && git apply $cwd/$line - fi -done <"$series" - -cd $cwd cp -rf $src/* . mv $src/.git $src/git -rm -rf containerd-1.2.0 +rm -rf containerd-1.6.18 diff --git a/containerd.spec b/containerd.spec index afd5548b1fc76377aa379e101cf62cab9607564a..df6ba7b9f3f8af5d6eb686b8f6aa92ae8144d519 100644 --- a/containerd.spec +++ b/containerd.spec @@ -1,17 +1,13 @@ %global goipath github.com/containerd/containerd %global debug_package %{nil} -Version: 1.2.0 +Version: 1.6.20 Name: containerd -Release: 309 +Release: 1 Summary: An industry-standard container runtime License: ASL 2.0 URL: https://containerd.io -Source0: https://github.com/containerd/containerd/archive/v1.2.0.zip -Source1: patch.tar.gz -Source2: apply-patch -Source3: series.conf -Source4: git-commit -Source5: gen-commit.sh +Source0: https://github.com/containerd/containerd/archive/v1.6.20.zip +Source1: apply-patch BuildRequires: golang glibc-static make btrfs-progs-devel git @@ -25,9 +21,6 @@ low-level storage and network attachments, etc. %prep cp %{SOURCE0} . cp %{SOURCE1} . -cp %{SOURCE2} . -cp %{SOURCE3} . -cp %{SOURCE4} . %build echo %{VERSION}.%{RELEASE} > containerd_version @@ -55,6 +48,12 @@ install -p -m 755 bin/ctr $RPM_BUILD_ROOT/%{_bindir}/ctr %{_bindir}/ctr %changelog +* Wed Apr 19 2023 xulei - 1.6.20-1 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:update to 1.6.20 + * Mon Feb 27 2023 zhongjiawei - 1.2.0-309 - Type:CVE - ID:NA diff --git a/patch/0001-grpc-vendor-grpc-fix-grpc-map-panic.patch b/patch/0001-grpc-vendor-grpc-fix-grpc-map-panic.patch deleted file mode 100644 index d350d2414e8e72733e9d39edf1931a257ae1f09f..0000000000000000000000000000000000000000 --- a/patch/0001-grpc-vendor-grpc-fix-grpc-map-panic.patch +++ /dev/null @@ -1,63 +0,0 @@ -From fe090d706a522392e30dd4c44447f915ec99c1a0 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 22 Dec 2018 15:16:53 +0800 -Subject: [PATCH 01/27] vendor: grpc: fix grpc map panic - -reason: Fix grpc map panic - -cherry-pick from containerd-0.2.8 - -a8cdda827867cec97568318368a7aa40097d0487 - -Fix grpc map panic - -Description: - In golang, if we read/write map in different goroutine, it may panic. - We need to add lock to protect the map data when read/write the map. - -Now the grpc map is only protected by a mutex while register, not -protected in reading process(handleStream function). - -This MR will use a RWMutex to protect this map. - -Change-Id: I786bd99234461c40fcb57621fd7c1fb4faa0c208 -Signed-off-by: jingrui ---- - vendor/google.golang.org/grpc/server.go | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/vendor/google.golang.org/grpc/server.go b/vendor/google.golang.org/grpc/server.go -index 4969331..77f7840 100644 ---- a/vendor/google.golang.org/grpc/server.go -+++ b/vendor/google.golang.org/grpc/server.go -@@ -90,7 +90,7 @@ type service struct { - type Server struct { - opts options - -- mu sync.Mutex // guards following -+ mu sync.RWMutex // guards following - lis map[net.Listener]bool - conns map[io.Closer]bool - serve bool -@@ -438,6 +438,8 @@ type ServiceInfo struct { - // Service names include the package names, in the form of .. - func (s *Server) GetServiceInfo() map[string]ServiceInfo { - ret := make(map[string]ServiceInfo) -+ s.mu.RLock() -+ defer s.mu.RUnlock() - for n, srv := range s.m { - methods := make([]MethodInfo, 0, len(srv.md)+len(srv.sd)) - for m := range srv.md { -@@ -1221,7 +1223,9 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str - } - service := sm[:pos] - method := sm[pos+1:] -+ s.mu.RLock() - srv, ok := s.m[service] -+ s.mu.RUnlock() - if !ok { - if unknownDesc := s.opts.unknownStreamDesc; unknownDesc != nil { - s.processStreamingRPC(t, stream, nil, unknownDesc, trInfo) --- -2.7.4.3 - diff --git a/patch/0002-sys-sys-count-steal-time-when-calculating-Sys.patch b/patch/0002-sys-sys-count-steal-time-when-calculating-Sys.patch deleted file mode 100644 index 57dc16bdd680a05d10ff397a623bea952c6cf35c..0000000000000000000000000000000000000000 --- a/patch/0002-sys-sys-count-steal-time-when-calculating-Sys.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 003dc7956765712fdf4a893c2d541af2e2d0f300 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 22 Dec 2018 15:44:50 +0800 -Subject: [PATCH 02/27] sys: sys: count steal time when calculating - SystemCPUUsage - -reason: count steal time when calculating SystemCPUUsage - -cherry-pick from containerd-0.2.8 - -13f22eecd33d30520ace277822ac5f0acb387e75 - -containerd: count steal time when calculating SystemCPUUsage - -[Changelog]: when counting docker stat in virtual machines, now containerd do not count steal time when calculating SystemCPUUsage, which causes that cpuusage value larger than its actua$ -[Author]git - -Change-Id: I2b62c9508cbdc444d514116f4bea5aad3d292af5 -Signed-off-by: jingrui ---- - sys/proc.go | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/sys/proc.go b/sys/proc.go -index 496eb1f..82a6351 100644 ---- a/sys/proc.go -+++ b/sys/proc.go -@@ -61,11 +61,11 @@ func GetSystemCPUUsage() (uint64, error) { - parts := strings.Fields(line) - switch parts[0] { - case "cpu": -- if len(parts) < 8 { -+ if len(parts) < 9 { - return 0, fmt.Errorf("bad format of cpu stats") - } - var totalClockTicks uint64 -- for _, i := range parts[1:8] { -+ for _, i := range parts[1:9] { - v, err := strconv.ParseUint(i, 10, 64) - if err != nil { - return 0, fmt.Errorf("error parsing cpu stats") --- -2.7.4.3 - diff --git a/patch/0003-oci-oci-add-files-cgroups-support.patch b/patch/0003-oci-oci-add-files-cgroups-support.patch deleted file mode 100644 index 41c89e942cf688f6e455d08606a68c6540112cf2..0000000000000000000000000000000000000000 --- a/patch/0003-oci-oci-add-files-cgroups-support.patch +++ /dev/null @@ -1,51 +0,0 @@ -From c9cc468949d80c663524f5b764e2c661af13bca2 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 22 Dec 2018 16:25:07 +0800 -Subject: [PATCH 03/27] oci: oci: add files cgroups support - -reason: Add file fds limit - -cherry-pick from containerd-0.2.8 - -29b822599b86f823d5a9f94df1cdceea485e0b19 - -Add file fds limit - -With the patch(https://lwn.net/Articles/604129/),we can limit the -num of open files in container. - -Change-Id: I72b45430dd7535727c4af9e190bbb345ba8ee316 -Signed-off-by: jingrui ---- - vendor/github.com/opencontainers/runtime-spec/specs-go/config.go | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go -index f32698c..ac24cde 100644 ---- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go -+++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go -@@ -314,6 +314,12 @@ type LinuxPids struct { - Limit int64 `json:"limit"` - } - -+// Files for Linux cgroup 'files' resource management (https://lwn.net/Articles/604129/) -+type Files struct { -+ // Maximum number of open files". -+ Limit *int64 `json:"limit,omitempty"` -+} -+ - // LinuxNetwork identification and priority configuration - type LinuxNetwork struct { - // Set class identifier for container's network packets -@@ -340,6 +346,8 @@ type LinuxResources struct { - CPU *LinuxCPU `json:"cpu,omitempty"` - // Task resource restriction configuration. - Pids *LinuxPids `json:"pids,omitempty"` -+ // Files resource restriction configuration. -+ Files *Files `json:"files,omitempty"` - // BlockIO restriction configuration - BlockIO *LinuxBlockIO `json:"blockIO,omitempty"` - // Hugetlb limit (in bytes) --- -2.7.4.3 - diff --git a/patch/0004-runv-vendor-runv-compatibility.patch b/patch/0004-runv-vendor-runv-compatibility.patch deleted file mode 100644 index d86faddacaf2f934ad913239b2b95eb6842e97c6..0000000000000000000000000000000000000000 --- a/patch/0004-runv-vendor-runv-compatibility.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 5fa863a6ea74ed24cfcc0c16eaa5e5a4e77387ec Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Wed, 26 Dec 2018 12:08:20 +0800 -Subject: [PATCH 04/27] runv: vendor: runv compatibility - -reason: fix manslaughter of runtime delete process - -cherry-pick from containerd-0.2.8 - -reference: - -7906753998667b5a9fa9a996f4a0e41d4736d5c1 - -contaierd-17: fix manslaughter of runtime delete process - -fix manslaughter of runtime delete process - -f82956a89ca7d7cea3bdd5fcd4d4fd70c313f378 - -containerd-17: fix qemu remaining when dockerd restart - -fix qemu remaining when dockerd restart and container start concurrency - -Change-Id: Id23456e90961041194c946a289ae790327b874c8 -Signed-off-by: jingrui ---- - vendor/github.com/containerd/go-runc/command_linux.go | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/vendor/github.com/containerd/go-runc/command_linux.go b/vendor/github.com/containerd/go-runc/command_linux.go -index 71b52f9..6ad27be 100644 ---- a/vendor/github.com/containerd/go-runc/command_linux.go -+++ b/vendor/github.com/containerd/go-runc/command_linux.go -@@ -20,9 +20,17 @@ import ( - "context" - "os" - "os/exec" -+ "strings" - "syscall" - ) - -+func (r *Runc) isrunv() bool { -+ if strings.Contains(r.Command, "runv") { -+ return true -+ } -+ return false -+} -+ - func (r *Runc) command(context context.Context, args ...string) *exec.Cmd { - command := r.Command - if command == "" { -@@ -33,7 +41,7 @@ func (r *Runc) command(context context.Context, args ...string) *exec.Cmd { - Setpgid: r.Setpgid, - } - cmd.Env = os.Environ() -- if r.PdeathSignal != 0 { -+ if r.PdeathSignal != 0 && !r.isrunv() { - cmd.SysProcAttr.Pdeathsig = r.PdeathSignal - } - --- -2.7.4.3 - diff --git a/patch/0005-containerd-add-spec-for-build.patch b/patch/0005-containerd-add-spec-for-build.patch deleted file mode 100644 index 3a67a028fe3f22ec0226ee07438a051eb2c14c14..0000000000000000000000000000000000000000 --- a/patch/0005-containerd-add-spec-for-build.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 8e46f370733951e6decec6dd36b0c13308ced2c2 Mon Sep 17 00:00:00 2001 -From: caihaomin -Date: Mon, 21 Jan 2019 22:31:05 +0800 -Subject: [PATCH 05/27] containerd: add spec for build - -reason:add spec for build - -Change-Id: I42d9d32e4898c006194df1ead4735155b4785584 -Signed-off-by: caihaomin ---- - hack/containerd.spec | 46 ++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 46 insertions(+) - create mode 100644 hack/containerd.spec - -diff --git a/hack/containerd.spec b/hack/containerd.spec -new file mode 100644 -index 0000000..f53c37b ---- /dev/null -+++ b/hack/containerd.spec -@@ -0,0 +1,46 @@ -+%global goipath github.com/containerd/containerd -+%global debug_package %{nil} -+Version: 1.2.0 -+ -+Name: containerd -+Release: 1%{?dist} -+Summary: An industry-standard container runtime -+License: ASL 2.0 -+URL: https://containerd.io -+Source0: containerd-1.2.0.tar.gz -+ -+BuildRequires: golang glibc-static make -+BuildRequires: btrfs-progs-devel -+ -+ -+%description -+containerd is an industry-standard container runtime with an emphasis on -+simplicity, robustness and portability. It is available as a daemon for Linux -+and Windows, which can manage the complete container lifecycle of its host -+system: image transfer and storage, container execution and supervision, -+low-level storage and network attachments, etc. -+ -+ -+%prep -+%setup -c -n containerd -+ -+%build -+GO_BUILD_PATH=$PWD/_build -+install -m 0755 -vd $(dirname $GO_BUILD_PATH/src/%{goipath}) -+ln -fs $PWD $GO_BUILD_PATH/src/%{goipath} -+cd $GO_BUILD_PATH/src/%{goipath} -+export GOPATH=$GO_BUILD_PATH:%{gopath} -+export BUILDTAGS="no_btrfs no_cri" -+make -+ -+%install -+install -d $RPM_BUILD_ROOT/%{_bindir} -+install -p -m 755 bin/containerd $RPM_BUILD_ROOT/%{_bindir}/containerd -+install -p -m 755 bin/containerd-shim $RPM_BUILD_ROOT/%{_bindir}/containerd-shim -+ -+%files -+%{_bindir}/containerd -+%{_bindir}/containerd-shim -+ -+ -+%changelog --- -2.7.4.3 - diff --git a/patch/0006-shim-optimize-shim-lock-in-runtime-v1.patch b/patch/0006-shim-optimize-shim-lock-in-runtime-v1.patch deleted file mode 100644 index 5b46980e80a939fa13badd0ee93191ada8e9ce38..0000000000000000000000000000000000000000 --- a/patch/0006-shim-optimize-shim-lock-in-runtime-v1.patch +++ /dev/null @@ -1,320 +0,0 @@ -From 31621148229d56835575189c71e80339fba9f1fc Mon Sep 17 00:00:00 2001 -From: lujingxiao -Date: Wed, 23 Jan 2019 14:55:27 +0800 -Subject: [PATCH 06/27] shim: optimize shim lock in runtime v1 - -reason: apply lock only around process map of shim service, -avoid lock affect other procs operations. - -Cherry-pick from upstream c206da795 - -Change-Id: I33f0f6b3537673533fdb60afb7a0295ac9665f11 -Signed-off-by: Ace-Tang -Signed-off-by: lujingxiao ---- - runtime/v1/shim/service.go | 144 +++++++++++++++++++++++---------------------- - 1 file changed, 75 insertions(+), 69 deletions(-) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index d76d580..679982a 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -114,9 +114,6 @@ type Service struct { - - // Create a new initial process and container with the underlying OCI runtime - func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ *shimapi.CreateTaskResponse, err error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- - var mounts []proc.Mount - for _, m := range r.Rootfs { - mounts = append(mounts, proc.Mount{ -@@ -158,6 +155,10 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ * - return nil, errors.Wrapf(err, "failed to mount rootfs component %v", m) - } - } -+ -+ s.mu.Lock() -+ defer s.mu.Unlock() -+ - process, err := newInit( - ctx, - s.config.Path, -@@ -187,11 +188,9 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ * - - // Start a process - func (s *Service) Start(ctx context.Context, r *shimapi.StartRequest) (*shimapi.StartResponse, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[r.ID] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrNotFound, "process %s", r.ID) -+ p, err := s.getExecProcess(r.ID) -+ if err != nil { -+ return nil, err - } - if err := p.Start(ctx); err != nil { - return nil, err -@@ -204,16 +203,16 @@ func (s *Service) Start(ctx context.Context, r *shimapi.StartRequest) (*shimapi. - - // Delete the initial process and container - func (s *Service) Delete(ctx context.Context, r *ptypes.Empty) (*shimapi.DeleteResponse, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[s.id] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getInitProcess() -+ if err != nil { -+ return nil, err - } - if err := p.Delete(ctx); err != nil { - return nil, err - } -+ s.mu.Lock() - delete(s.processes, s.id) -+ s.mu.Unlock() - s.platform.Close() - return &shimapi.DeleteResponse{ - ExitStatus: uint32(p.ExitStatus()), -@@ -227,11 +226,9 @@ func (s *Service) DeleteProcess(ctx context.Context, r *shimapi.DeleteProcessReq - if r.ID == s.id { - return nil, status.Errorf(codes.InvalidArgument, "cannot delete init process with DeleteProcess") - } -- s.mu.Lock() -- p := s.processes[r.ID] -- s.mu.Unlock() -- if p == nil { -- return nil, errors.Wrapf(errdefs.ErrNotFound, "process %s", r.ID) -+ p, err := s.getExecProcess(r.ID) -+ if err != nil { -+ return nil, err - } - if err := p.Delete(ctx); err != nil { - return nil, err -@@ -249,13 +246,14 @@ func (s *Service) DeleteProcess(ctx context.Context, r *shimapi.DeleteProcessReq - // Exec an additional process inside the container - func (s *Service) Exec(ctx context.Context, r *shimapi.ExecProcessRequest) (*ptypes.Empty, error) { - s.mu.Lock() -- defer s.mu.Unlock() - - if p := s.processes[r.ID]; p != nil { -+ s.mu.Unlock() - return nil, errdefs.ToGRPCf(errdefs.ErrAlreadyExists, "id %s", r.ID) - } - - p := s.processes[s.id] -+ s.mu.Unlock() - if p == nil { - return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") - } -@@ -271,14 +269,14 @@ func (s *Service) Exec(ctx context.Context, r *shimapi.ExecProcessRequest) (*pty - if err != nil { - return nil, errdefs.ToGRPC(err) - } -+ s.mu.Lock() - s.processes[r.ID] = process -+ s.mu.Unlock() - return empty, nil - } - - // ResizePty of a process - func (s *Service) ResizePty(ctx context.Context, r *shimapi.ResizePtyRequest) (*ptypes.Empty, error) { -- s.mu.Lock() -- defer s.mu.Unlock() - if r.ID == "" { - return nil, errdefs.ToGRPCf(errdefs.ErrInvalidArgument, "id not provided") - } -@@ -286,7 +284,9 @@ func (s *Service) ResizePty(ctx context.Context, r *shimapi.ResizePtyRequest) (* - Width: uint16(r.Width), - Height: uint16(r.Height), - } -+ s.mu.Lock() - p := s.processes[r.ID] -+ s.mu.Unlock() - if p == nil { - return nil, errors.Errorf("process does not exist %s", r.ID) - } -@@ -298,11 +298,9 @@ func (s *Service) ResizePty(ctx context.Context, r *shimapi.ResizePtyRequest) (* - - // State returns runtime state information for a process - func (s *Service) State(ctx context.Context, r *shimapi.StateRequest) (*shimapi.StateResponse, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[r.ID] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrNotFound, "process id %s", r.ID) -+ p, err := s.getExecProcess(r.ID) -+ if err != nil { -+ return nil, err - } - st, err := p.Status(ctx) - if err != nil { -@@ -338,11 +336,9 @@ func (s *Service) State(ctx context.Context, r *shimapi.StateRequest) (*shimapi. - - // Pause the container - func (s *Service) Pause(ctx context.Context, r *ptypes.Empty) (*ptypes.Empty, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[s.id] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getInitProcess() -+ if err != nil { -+ return nil, err - } - if err := p.(*proc.Init).Pause(ctx); err != nil { - return nil, err -@@ -352,11 +348,9 @@ func (s *Service) Pause(ctx context.Context, r *ptypes.Empty) (*ptypes.Empty, er - - // Resume the container - func (s *Service) Resume(ctx context.Context, r *ptypes.Empty) (*ptypes.Empty, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[s.id] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getInitProcess() -+ if err != nil { -+ return nil, err - } - if err := p.(*proc.Init).Resume(ctx); err != nil { - return nil, err -@@ -366,12 +360,10 @@ func (s *Service) Resume(ctx context.Context, r *ptypes.Empty) (*ptypes.Empty, e - - // Kill a process with the provided signal - func (s *Service) Kill(ctx context.Context, r *shimapi.KillRequest) (*ptypes.Empty, error) { -- s.mu.Lock() -- defer s.mu.Unlock() - if r.ID == "" { -- p := s.processes[s.id] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getInitProcess() -+ if err != nil { -+ return nil, err - } - if err := p.Kill(ctx, r.Signal, r.All); err != nil { - return nil, errdefs.ToGRPC(err) -@@ -379,9 +371,9 @@ func (s *Service) Kill(ctx context.Context, r *shimapi.KillRequest) (*ptypes.Emp - return empty, nil - } - -- p := s.processes[r.ID] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrNotFound, "process id %s not found", r.ID) -+ p, err := s.getExecProcess(r.ID) -+ if err != nil { -+ return nil, err - } - if err := p.Kill(ctx, r.Signal, r.All); err != nil { - return nil, errdefs.ToGRPC(err) -@@ -422,11 +414,9 @@ func (s *Service) ListPids(ctx context.Context, r *shimapi.ListPidsRequest) (*sh - - // CloseIO of a process - func (s *Service) CloseIO(ctx context.Context, r *shimapi.CloseIORequest) (*ptypes.Empty, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[r.ID] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrNotFound, "process does not exist %s", r.ID) -+ p, err := s.getExecProcess(r.ID) -+ if err != nil { -+ return nil, err - } - if stdin := p.Stdin(); stdin != nil { - if err := stdin.Close(); err != nil { -@@ -438,11 +428,9 @@ func (s *Service) CloseIO(ctx context.Context, r *shimapi.CloseIORequest) (*ptyp - - // Checkpoint the container - func (s *Service) Checkpoint(ctx context.Context, r *shimapi.CheckpointTaskRequest) (*ptypes.Empty, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[s.id] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getInitProcess() -+ if err != nil { -+ return nil, err - } - var options runctypes.CheckpointOptions - if r.Options != nil { -@@ -475,11 +463,9 @@ func (s *Service) ShimInfo(ctx context.Context, r *ptypes.Empty) (*shimapi.ShimI - - // Update a running container - func (s *Service) Update(ctx context.Context, r *shimapi.UpdateTaskRequest) (*ptypes.Empty, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[s.id] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getInitProcess() -+ if err != nil { -+ return nil, err - } - if err := p.(*proc.Init).Update(ctx, r.Resources); err != nil { - return nil, errdefs.ToGRPC(err) -@@ -489,11 +475,9 @@ func (s *Service) Update(ctx context.Context, r *shimapi.UpdateTaskRequest) (*pt - - // Wait for a process to exit - func (s *Service) Wait(ctx context.Context, r *shimapi.WaitRequest) (*shimapi.WaitResponse, error) { -- s.mu.Lock() -- p := s.processes[r.ID] -- s.mu.Unlock() -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getExecProcess(r.ID) -+ if err != nil { -+ return nil, err - } - p.Wait() - -@@ -563,11 +547,9 @@ func shouldKillAllOnExit(bundlePath string) (bool, error) { - } - - func (s *Service) getContainerPids(ctx context.Context, id string) ([]uint32, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[s.id] -- if p == nil { -- return nil, errors.Wrapf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getInitProcess() -+ if err != nil { -+ return nil, err - } - - ps, err := p.(*proc.Init).Runtime().Ps(ctx, id) -@@ -589,6 +571,30 @@ func (s *Service) forward(publisher events.Publisher) { - } - } - -+// getInitProcess returns initial process -+func (s *Service) getInitProcess() (rproc.Process, error) { -+ s.mu.Lock() -+ defer s.mu.Unlock() -+ -+ p := s.processes[s.id] -+ if p == nil { -+ return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ } -+ return p, nil -+} -+ -+// getExecProcess returns exec process -+func (s *Service) getExecProcess(id string) (rproc.Process, error) { -+ s.mu.Lock() -+ defer s.mu.Unlock() -+ -+ p := s.processes[id] -+ if p == nil { -+ return nil, errdefs.ToGRPCf(errdefs.ErrNotFound, "process %s does not exist", id) -+ } -+ return p, nil -+} -+ - func getTopic(ctx context.Context, e interface{}) string { - switch e.(type) { - case *eventstypes.TaskCreate: --- -2.7.4.3 - diff --git a/patch/0007-shim-Increase-reaper-buffer-size-and-non-bl.patch b/patch/0007-shim-Increase-reaper-buffer-size-and-non-bl.patch deleted file mode 100644 index 5f17e233e8c095e3c91a36b39e7d7b1747489775..0000000000000000000000000000000000000000 --- a/patch/0007-shim-Increase-reaper-buffer-size-and-non-bl.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 2e143a25ff02800afb569352c407cf71a9c0312b Mon Sep 17 00:00:00 2001 -From: lujingxiao -Date: Wed, 23 Jan 2019 14:56:19 +0800 -Subject: [PATCH 07/27] shim: Increase reaper buffer size and - non-blocking send - -reason: Fixes #2709 - -This increases the buffer size for process exit subscribers. It also -implements a non-blocking send on the subscriber channel. It is better -to drop an exit even than it is to block a shim for one slow subscriber. - -Cherry-pick from upstream 232a063496 - -Change-Id: Ibf9f06cc82945a8592fb02a87816d69d5dac2b6b -Signed-off-by: Michael Crosby -Signed-off-by: lujingxiao ---- - runtime/v1/shim/reaper.go | 14 +++++++++++--- - runtime/v2/shim/reaper_unix.go | 14 +++++++++++--- - 2 files changed, 22 insertions(+), 6 deletions(-) - -diff --git a/runtime/v1/shim/reaper.go b/runtime/v1/shim/reaper.go -index 2937f1a..10d5c30 100644 ---- a/runtime/v1/shim/reaper.go -+++ b/runtime/v1/shim/reaper.go -@@ -26,12 +26,13 @@ import ( - "github.com/containerd/containerd/sys" - runc "github.com/containerd/go-runc" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - // ErrNoSuchProcess is returned when the process no longer exists - var ErrNoSuchProcess = errors.New("no such process") - --const bufferSize = 32 -+const bufferSize = 2048 - - // Reap should be called when the process receives an SIGCHLD. Reap will reap - // all exited processes and close their wait channels -@@ -41,13 +42,20 @@ func Reap() error { - Default.Lock() - for c := range Default.subscribers { - for _, e := range exits { -- c <- runc.Exit{ -+ select { -+ case c <- runc.Exit{ - Timestamp: now, - Pid: e.Pid, - Status: e.Status, -+ }: -+ default: -+ logrus.WithFields(logrus.Fields{ -+ "subscriber": c, -+ "pid": e.Pid, -+ "status": e.Status, -+ }).Warn("failed to send exit to subscriber") - } - } -- - } - Default.Unlock() - return err -diff --git a/runtime/v2/shim/reaper_unix.go b/runtime/v2/shim/reaper_unix.go -index 2937f1a..10d5c30 100644 ---- a/runtime/v2/shim/reaper_unix.go -+++ b/runtime/v2/shim/reaper_unix.go -@@ -26,12 +26,13 @@ import ( - "github.com/containerd/containerd/sys" - runc "github.com/containerd/go-runc" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - // ErrNoSuchProcess is returned when the process no longer exists - var ErrNoSuchProcess = errors.New("no such process") - --const bufferSize = 32 -+const bufferSize = 2048 - - // Reap should be called when the process receives an SIGCHLD. Reap will reap - // all exited processes and close their wait channels -@@ -41,13 +42,20 @@ func Reap() error { - Default.Lock() - for c := range Default.subscribers { - for _, e := range exits { -- c <- runc.Exit{ -+ select { -+ case c <- runc.Exit{ - Timestamp: now, - Pid: e.Pid, - Status: e.Status, -+ }: -+ default: -+ logrus.WithFields(logrus.Fields{ -+ "subscriber": c, -+ "pid": e.Pid, -+ "status": e.Status, -+ }).Warn("failed to send exit to subscriber") - } - } -- - } - Default.Unlock() - return err --- -2.7.4.3 - diff --git a/patch/0008-runtime-Use-named-pipes-for-shim-logs.patch b/patch/0008-runtime-Use-named-pipes-for-shim-logs.patch deleted file mode 100644 index ba947856ca5a7c7c6c6ea63d09ff642e6aa34257..0000000000000000000000000000000000000000 --- a/patch/0008-runtime-Use-named-pipes-for-shim-logs.patch +++ /dev/null @@ -1,578 +0,0 @@ -From 9bdd5d485c6796c44356ae9482df8de467463feb Mon Sep 17 00:00:00 2001 -From: lujingxiao -Date: Wed, 23 Jan 2019 14:57:41 +0800 -Subject: [PATCH 08/27] runtime: Use named pipes for shim logs - -reason: TestDaemonRestart hangs if shim_debug is enabled -Relating to issue [#2606](https://github.com/containerd/containerd/issues/2606) - -Co-authored-by: Oliver Stenbom -Co-authored-by: Georgi Sabev -Co-authored-by: Giuseppe Capizzi -Co-authored-by: Danail Branekov - -Cherry-pick from upstream 1d4105cacf - -Change-Id: I0038401dda88c234750e8d1378a4dd97230400b0 -Signed-off-by: Oliver Stenbom -Signed-off-by: Georgi Sabev -Signed-off-by: Giuseppe Capizzi -Signed-off-by: Danail Branekov -Signed-off-by: lujingxiao ---- - client_test.go | 49 +++++++-- - cmd/containerd-shim/main_unix.go | 28 ++++++ - container_linux_test.go | 209 +++++++++++++++++++++++++++++++++++++++ - runtime/v1/linux/runtime.go | 26 +++++ - runtime/v1/shim.go | 38 +++++++ - runtime/v1/shim/client/client.go | 34 +++++-- - 6 files changed, 370 insertions(+), 14 deletions(-) - create mode 100644 runtime/v1/shim.go - -diff --git a/client_test.go b/client_test.go -index a6b1d59..1a4cf39 100644 ---- a/client_test.go -+++ b/client_test.go -@@ -21,6 +21,8 @@ import ( - "context" - "flag" - "fmt" -+ "io" -+ "io/ioutil" - "os" - "os/exec" - "testing" -@@ -36,11 +38,12 @@ import ( - ) - - var ( -- address string -- noDaemon bool -- noCriu bool -- supportsCriu bool -- testNamespace = "testing" -+ address string -+ noDaemon bool -+ noCriu bool -+ supportsCriu bool -+ testNamespace = "testing" -+ ctrdStdioFilePath string - - ctrd = &daemon{} - ) -@@ -76,13 +79,26 @@ func TestMain(m *testing.M) { - if !noDaemon { - sys.ForceRemoveAll(defaultRoot) - -- err := ctrd.start("containerd", address, []string{ -+ stdioFile, err := ioutil.TempFile("", "") -+ if err != nil { -+ fmt.Fprintf(os.Stderr, "could not create a new stdio temp file: %s\n", err) -+ os.Exit(1) -+ } -+ defer func() { -+ stdioFile.Close() -+ os.Remove(stdioFile.Name()) -+ }() -+ ctrdStdioFilePath = stdioFile.Name() -+ stdioWriter := io.MultiWriter(stdioFile, buf) -+ -+ err = ctrd.start("containerd", address, []string{ - "--root", defaultRoot, - "--state", defaultState, - "--log-level", "debug", -- }, buf, buf) -+ "--config", createShimDebugConfig(), -+ }, stdioWriter, stdioWriter) - if err != nil { -- fmt.Fprintf(os.Stderr, "%s: %s", err, buf.String()) -+ fmt.Fprintf(os.Stderr, "%s: %s\n", err, buf.String()) - os.Exit(1) - } - } -@@ -137,6 +153,7 @@ func TestMain(m *testing.M) { - fmt.Fprintln(os.Stderr, "failed to wait for containerd", err) - } - } -+ - if err := sys.ForceRemoveAll(defaultRoot); err != nil { - fmt.Fprintln(os.Stderr, "failed to remove test root dir", err) - os.Exit(1) -@@ -343,3 +360,19 @@ func TestClientReconnect(t *testing.T) { - t.Errorf("client closed returned error %v", err) - } - } -+ -+func createShimDebugConfig() string { -+ f, err := ioutil.TempFile("", "containerd-config-") -+ if err != nil { -+ fmt.Fprintf(os.Stderr, "Failed to create config file: %s\n", err) -+ os.Exit(1) -+ } -+ defer f.Close() -+ -+ if _, err := f.WriteString("[plugins.linux]\n\tshim_debug = true\n"); err != nil { -+ fmt.Fprintf(os.Stderr, "Failed to write to config file %s: %s\n", f.Name(), err) -+ os.Exit(1) -+ } -+ -+ return f.Name() -+} -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index ca0a90a..6c59cd1 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -23,6 +23,7 @@ import ( - "context" - "flag" - "fmt" -+ "io" - "net" - "os" - "os/exec" -@@ -36,6 +37,7 @@ import ( - - "github.com/containerd/containerd/events" - "github.com/containerd/containerd/namespaces" -+ shimlog "github.com/containerd/containerd/runtime/v1" - "github.com/containerd/containerd/runtime/v1/linux/proc" - "github.com/containerd/containerd/runtime/v1/shim" - shimapi "github.com/containerd/containerd/runtime/v1/shim/v1" -@@ -92,12 +94,38 @@ func main() { - runtime.GOMAXPROCS(2) - } - -+ stdout, stderr, err := openStdioKeepAlivePipes(workdirFlag) -+ if err != nil { -+ fmt.Fprintf(os.Stderr, "containerd-shim: %s\n", err) -+ os.Exit(1) -+ } -+ defer func() { -+ stdout.Close() -+ stderr.Close() -+ }() -+ - if err := executeShim(); err != nil { - fmt.Fprintf(os.Stderr, "containerd-shim: %s\n", err) - os.Exit(1) - } - } - -+// If containerd server process dies, we need the shim to keep stdout/err reader -+// FDs so that Linux does not SIGPIPE the shim process if it tries to use its end of -+// these pipes. -+func openStdioKeepAlivePipes(dir string) (io.ReadCloser, io.ReadCloser, error) { -+ background := context.Background() -+ keepStdoutAlive, err := shimlog.OpenShimStdoutLog(background, dir) -+ if err != nil { -+ return nil, nil, err -+ } -+ keepStderrAlive, err := shimlog.OpenShimStderrLog(background, dir) -+ if err != nil { -+ return nil, nil, err -+ } -+ return keepStdoutAlive, keepStderrAlive, nil -+} -+ - func executeShim() error { - // start handling signals as soon as possible so that things are properly reaped - // or if runtime exits before we hit the handler -diff --git a/container_linux_test.go b/container_linux_test.go -index 60b0336..fa764d7 100644 ---- a/container_linux_test.go -+++ b/container_linux_test.go -@@ -24,7 +24,9 @@ import ( - "fmt" - "io" - "io/ioutil" -+ "os" - "os/exec" -+ "path/filepath" - "runtime" - "strings" - "sync" -@@ -258,6 +260,213 @@ func TestDaemonRestart(t *testing.T) { - <-statusC - } - -+func TestShimDoesNotLeakPipes(t *testing.T) { -+ containerdPid := ctrd.cmd.Process.Pid -+ initialPipes, err := numPipes(containerdPid) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ client, err := newClient(t, address) -+ if err != nil { -+ t.Fatal(err) -+ } -+ defer client.Close() -+ -+ var ( -+ image Image -+ ctx, cancel = testContext() -+ id = t.Name() -+ ) -+ defer cancel() -+ -+ image, err = client.GetImage(ctx, testImage) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ container, err := client.NewContainer(ctx, id, WithNewSnapshot(id, image), WithNewSpec(oci.WithImageConfig(image), withProcessArgs("sleep", "30"))) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ task, err := container.NewTask(ctx, empty()) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ exitChannel, err := task.Wait(ctx) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ if err := task.Start(ctx); err != nil { -+ t.Fatal(err) -+ } -+ -+ if err := task.Kill(ctx, syscall.SIGKILL); err != nil { -+ t.Fatal(err) -+ } -+ -+ <-exitChannel -+ -+ if _, err := task.Delete(ctx); err != nil { -+ t.Fatal(err) -+ } -+ -+ if err := container.Delete(ctx, WithSnapshotCleanup); err != nil { -+ t.Fatal(err) -+ } -+ -+ currentPipes, err := numPipes(containerdPid) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ if initialPipes != currentPipes { -+ t.Errorf("Pipes have leaked after container has been deleted. Initially there were %d pipes, after container deletion there were %d pipes", initialPipes, currentPipes) -+ } -+} -+ -+func numPipes(pid int) (int, error) { -+ cmd := exec.Command("sh", "-c", fmt.Sprintf("lsof -p %d | grep pipe", pid)) -+ -+ var stdout bytes.Buffer -+ cmd.Stdout = &stdout -+ if err := cmd.Run(); err != nil { -+ return 0, err -+ } -+ return strings.Count(stdout.String(), "\n"), nil -+} -+ -+func TestDaemonReconnectsToShimIOPipesOnRestart(t *testing.T) { -+ client, err := newClient(t, address) -+ if err != nil { -+ t.Fatal(err) -+ } -+ defer client.Close() -+ -+ var ( -+ image Image -+ ctx, cancel = testContext() -+ id = t.Name() -+ ) -+ defer cancel() -+ -+ image, err = client.GetImage(ctx, testImage) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ container, err := client.NewContainer(ctx, id, WithNewSnapshot(id, image), WithNewSpec(oci.WithImageConfig(image), withProcessArgs("sleep", "30"))) -+ if err != nil { -+ t.Fatal(err) -+ } -+ defer container.Delete(ctx, WithSnapshotCleanup) -+ -+ task, err := container.NewTask(ctx, empty()) -+ if err != nil { -+ t.Fatal(err) -+ } -+ defer task.Delete(ctx) -+ -+ _, err = task.Wait(ctx) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ if err := task.Start(ctx); err != nil { -+ t.Fatal(err) -+ } -+ -+ if err := ctrd.Restart(nil); err != nil { -+ t.Fatal(err) -+ } -+ -+ waitCtx, waitCancel := context.WithTimeout(ctx, 2*time.Second) -+ serving, err := client.IsServing(waitCtx) -+ waitCancel() -+ if !serving { -+ t.Fatalf("containerd did not start within 2s: %v", err) -+ } -+ -+ // After we restared containerd we write some messages to the log pipes, simulating shim writing stuff there. -+ // Then we make sure that these messages are available on the containerd log thus proving that the server reconnected to the log pipes -+ runtimeVersion := getRuntimeVersion() -+ logDirPath := getLogDirPath(runtimeVersion, id) -+ -+ switch runtimeVersion { -+ case "v1": -+ writeToFile(t, filepath.Join(logDirPath, "shim.stdout.log"), fmt.Sprintf("%s writing to stdout\n", id)) -+ writeToFile(t, filepath.Join(logDirPath, "shim.stderr.log"), fmt.Sprintf("%s writing to stderr\n", id)) -+ case "v2": -+ writeToFile(t, filepath.Join(logDirPath, "log"), fmt.Sprintf("%s writing to log\n", id)) -+ } -+ -+ statusC, err := task.Wait(ctx) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ if err := task.Kill(ctx, syscall.SIGKILL); err != nil { -+ t.Fatal(err) -+ } -+ -+ <-statusC -+ -+ stdioContents, err := ioutil.ReadFile(ctrdStdioFilePath) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ switch runtimeVersion { -+ case "v1": -+ if !strings.Contains(string(stdioContents), fmt.Sprintf("%s writing to stdout", id)) { -+ t.Fatal("containerd did not connect to the shim stdout pipe") -+ } -+ if !strings.Contains(string(stdioContents), fmt.Sprintf("%s writing to stderr", id)) { -+ t.Fatal("containerd did not connect to the shim stderr pipe") -+ } -+ case "v2": -+ if !strings.Contains(string(stdioContents), fmt.Sprintf("%s writing to log", id)) { -+ t.Fatal("containerd did not connect to the shim log pipe") -+ } -+ } -+} -+ -+func writeToFile(t *testing.T, filePath, message string) { -+ writer, err := os.OpenFile(filePath, os.O_WRONLY, 0600) -+ if err != nil { -+ t.Fatal(err) -+ } -+ if _, err := writer.WriteString(message); err != nil { -+ t.Fatal(err) -+ } -+ if err := writer.Close(); err != nil { -+ t.Fatal(err) -+ } -+} -+ -+func getLogDirPath(runtimeVersion, id string) string { -+ switch runtimeVersion { -+ case "v1": -+ return filepath.Join(defaultRoot, "io.containerd.runtime.v1.linux", testNamespace, id) -+ case "v2": -+ return filepath.Join(defaultState, "io.containerd.runtime.v2.task", testNamespace, id) -+ default: -+ panic(fmt.Errorf("Unsupported runtime version %s", runtimeVersion)) -+ } -+} -+ -+func getRuntimeVersion() string { -+ switch rt := os.Getenv("TEST_RUNTIME"); rt { -+ case "io.containerd.runc.v1": -+ return "v2" -+ default: -+ return "v1" -+ } -+} -+ - func TestContainerPTY(t *testing.T) { - t.Parallel() - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index d19b8e5..e1b3cac 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -21,6 +21,7 @@ package linux - import ( - "context" - "fmt" -+ "io" - "io/ioutil" - "os" - "path/filepath" -@@ -40,6 +41,7 @@ import ( - "github.com/containerd/containerd/plugin" - "github.com/containerd/containerd/runtime" - "github.com/containerd/containerd/runtime/linux/runctypes" -+ "github.com/containerd/containerd/runtime/v1" - "github.com/containerd/containerd/runtime/v1/linux/proc" - shim "github.com/containerd/containerd/runtime/v1/shim/v1" - runc "github.com/containerd/go-runc" -@@ -341,6 +343,30 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - continue - } - -+ logDirPath := filepath.Join(r.root, ns, id) -+ -+ shimStdoutLog, err := v1.OpenShimStdoutLog(ctx, logDirPath) -+ if err != nil { -+ log.G(ctx).WithError(err).WithFields(logrus.Fields{ -+ "id": id, -+ "namespace": ns, -+ "logDirPath": logDirPath, -+ }).Error("opening shim stdout log pipe") -+ continue -+ } -+ go io.Copy(os.Stdout, shimStdoutLog) -+ -+ shimStderrLog, err := v1.OpenShimStderrLog(ctx, logDirPath) -+ if err != nil { -+ log.G(ctx).WithError(err).WithFields(logrus.Fields{ -+ "id": id, -+ "namespace": ns, -+ "logDirPath": logDirPath, -+ }).Error("opening shim stderr log pipe") -+ continue -+ } -+ go io.Copy(os.Stderr, shimStderrLog) -+ - t, err := newTask(id, ns, pid, s, r.events, r.tasks, bundle) - if err != nil { - log.G(ctx).WithError(err).Error("loading task type") -diff --git a/runtime/v1/shim.go b/runtime/v1/shim.go -new file mode 100644 -index 0000000..3942968 ---- /dev/null -+++ b/runtime/v1/shim.go -@@ -0,0 +1,38 @@ -+// +build !windows -+ -+/* -+ Copyright The containerd Authors. -+ -+ Licensed under the Apache License, Version 2.0 (the "License"); -+ you may not use this file except in compliance with the License. -+ You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+ Unless required by applicable law or agreed to in writing, software -+ distributed under the License is distributed on an "AS IS" BASIS, -+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ See the License for the specific language governing permissions and -+ limitations under the License. -+*/ -+ -+package v1 -+ -+import ( -+ "context" -+ "io" -+ "path/filepath" -+ -+ "github.com/containerd/fifo" -+ "golang.org/x/sys/unix" -+) -+ -+// OpenShimStdoutLog opens the shim log for reading -+func OpenShimStdoutLog(ctx context.Context, logDirPath string) (io.ReadWriteCloser, error) { -+ return fifo.OpenFifo(ctx, filepath.Join(logDirPath, "shim.stdout.log"), unix.O_RDWR|unix.O_CREAT|unix.O_NONBLOCK, 0700) -+} -+ -+// OpenShimStderrLog opens the shim log -+func OpenShimStderrLog(ctx context.Context, logDirPath string) (io.ReadWriteCloser, error) { -+ return fifo.OpenFifo(ctx, filepath.Join(logDirPath, "shim.stderr.log"), unix.O_RDWR|unix.O_CREAT|unix.O_NONBLOCK, 0700) -+} -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index 015d88c..ef74030 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -37,6 +37,7 @@ import ( - - "github.com/containerd/containerd/events" - "github.com/containerd/containerd/log" -+ v1 "github.com/containerd/containerd/runtime/v1" - "github.com/containerd/containerd/runtime/v1/shim" - shimapi "github.com/containerd/containerd/runtime/v1/shim/v1" - "github.com/containerd/containerd/sys" -@@ -62,7 +63,24 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - } - defer f.Close() - -- cmd, err := newCommand(binary, daemonAddress, debug, config, f) -+ var stdoutLog io.ReadWriteCloser -+ var stderrLog io.ReadWriteCloser -+ if debug { -+ stdoutLog, err = v1.OpenShimStdoutLog(ctx, config.WorkDir) -+ if err != nil { -+ return nil, nil, errors.Wrapf(err, "failed to create stdout log") -+ } -+ -+ stderrLog, err = v1.OpenShimStderrLog(ctx, config.WorkDir) -+ if err != nil { -+ return nil, nil, errors.Wrapf(err, "failed to create stderr log") -+ } -+ -+ go io.Copy(os.Stdout, stdoutLog) -+ go io.Copy(os.Stderr, stderrLog) -+ } -+ -+ cmd, err := newCommand(binary, daemonAddress, debug, config, f, stdoutLog, stderrLog) - if err != nil { - return nil, nil, err - } -@@ -77,6 +95,12 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - go func() { - cmd.Wait() - exitHandler() -+ if stdoutLog != nil { -+ stderrLog.Close() -+ } -+ if stdoutLog != nil { -+ stderrLog.Close() -+ } - }() - log.G(ctx).WithFields(logrus.Fields{ - "pid": cmd.Process.Pid, -@@ -104,7 +128,7 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - } - } - --func newCommand(binary, daemonAddress string, debug bool, config shim.Config, socket *os.File) (*exec.Cmd, error) { -+func newCommand(binary, daemonAddress string, debug bool, config shim.Config, socket *os.File, stdout, stderr io.Writer) (*exec.Cmd, error) { - selfExe, err := os.Executable() - if err != nil { - return nil, err -@@ -137,10 +161,8 @@ func newCommand(binary, daemonAddress string, debug bool, config shim.Config, so - cmd.SysProcAttr = getSysProcAttr() - cmd.ExtraFiles = append(cmd.ExtraFiles, socket) - cmd.Env = append(os.Environ(), "GOMAXPROCS=2") -- if debug { -- cmd.Stdout = os.Stdout -- cmd.Stderr = os.Stderr -- } -+ cmd.Stdout = stdout -+ cmd.Stderr = stderr - return cmd, nil - } - --- -2.7.4.3 - diff --git a/patch/0009-runtime-fix-pipe-in-broken-may-cause-shim-l.patch b/patch/0009-runtime-fix-pipe-in-broken-may-cause-shim-l.patch deleted file mode 100644 index e8f2b8640747467c384b69dc8f43dc080d0341e8..0000000000000000000000000000000000000000 --- a/patch/0009-runtime-fix-pipe-in-broken-may-cause-shim-l.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 77b025a48d9dc89666ef7c03709ef1fc2a4d0b34 Mon Sep 17 00:00:00 2001 -From: lujingxiao -Date: Wed, 23 Jan 2019 15:00:12 +0800 -Subject: [PATCH 09/27] runtime: fix pipe in broken may cause shim - lock forever for runtime v2 - -reason: fix pipe in broken may cause shim lock forever for runtime v2 - -Cherry-pick from upstream b3438f7a6f - -Change-Id: I3c324050531a1e68a5c3a688a51408a121a3f9f1 -Signed-off-by: Lifubang -Signed-off-by: lujingxiao ---- - runtime/v2/runc/service_linux.go | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/runtime/v2/runc/service_linux.go b/runtime/v2/runc/service_linux.go -index 5e30cfc..19d1fec 100644 ---- a/runtime/v2/runc/service_linux.go -+++ b/runtime/v2/runc/service_linux.go -@@ -49,9 +49,10 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console - cwg.Add(1) - go func() { - cwg.Done() -- p := bufPool.Get().(*[]byte) -- defer bufPool.Put(p) -- io.CopyBuffer(epollConsole, in, *p) -+ bp := bufPool.Get().(*[]byte) -+ defer bufPool.Put(bp) -+ io.CopyBuffer(epollConsole, in, *bp) -+ epollConsole.Shutdown(p.epoller.CloseConsole) - }() - } - --- -2.7.4.3 - diff --git a/patch/0010-runtime-fix-pipe-in-broken-may-cause-shim-l.patch b/patch/0010-runtime-fix-pipe-in-broken-may-cause-shim-l.patch deleted file mode 100644 index e1a283c7026cc4c27a77ec038f33504dbeb2efe5..0000000000000000000000000000000000000000 --- a/patch/0010-runtime-fix-pipe-in-broken-may-cause-shim-l.patch +++ /dev/null @@ -1,52 +0,0 @@ -From d0e57aafce7c98b3c9b3004c862d5a15180df86c Mon Sep 17 00:00:00 2001 -From: lujingxiao -Date: Wed, 23 Jan 2019 15:03:08 +0800 -Subject: [PATCH 10/27] runtime: fix pipe in broken may cause shim - lock forever for runtime v1 - -reason: fix pipe in broken may cause shim lock forever for runtime v1 - -Cherry-pick from upstream e76a8879eb - -Change-Id: Ie603b36f92c4a6cc41777a9cd1e6a19b8584eaf1 -Signed-off-by: Lifubang -Signed-off-by: lujingxiao ---- - runtime/v1/shim/service_linux.go | 8 +++++--- - runtime/v2/runc/service_linux.go | 1 + - 2 files changed, 6 insertions(+), 3 deletions(-) - -diff --git a/runtime/v1/shim/service_linux.go b/runtime/v1/shim/service_linux.go -index 18ae650..307e20d 100644 ---- a/runtime/v1/shim/service_linux.go -+++ b/runtime/v1/shim/service_linux.go -@@ -49,9 +49,11 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console - cwg.Add(1) - go func() { - cwg.Done() -- p := bufPool.Get().(*[]byte) -- defer bufPool.Put(p) -- io.CopyBuffer(epollConsole, in, *p) -+ bp := bufPool.Get().(*[]byte) -+ defer bufPool.Put(bp) -+ io.CopyBuffer(epollConsole, in, *bp) -+ // we need to shutdown epollConsole when pipe broken -+ epollConsole.Shutdown(p.epoller.CloseConsole) - }() - } - -diff --git a/runtime/v2/runc/service_linux.go b/runtime/v2/runc/service_linux.go -index 19d1fec..1161673 100644 ---- a/runtime/v2/runc/service_linux.go -+++ b/runtime/v2/runc/service_linux.go -@@ -52,6 +52,7 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console - bp := bufPool.Get().(*[]byte) - defer bufPool.Put(bp) - io.CopyBuffer(epollConsole, in, *bp) -+ // we need to shutdown epollConsole when pipe broken - epollConsole.Shutdown(p.epoller.CloseConsole) - }() - } --- -2.7.4.3 - diff --git a/patch/0011-runtime-Add-timeout-and-cancel-to-shim-fifo.patch b/patch/0011-runtime-Add-timeout-and-cancel-to-shim-fifo.patch deleted file mode 100644 index 79b4204e401d1fe61b44b01b806ff4b452c34189..0000000000000000000000000000000000000000 --- a/patch/0011-runtime-Add-timeout-and-cancel-to-shim-fifo.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 8eb1ab31006f3079d1bf95b4ab089e049a4f45f2 Mon Sep 17 00:00:00 2001 -From: lujingxiao -Date: Wed, 23 Jan 2019 15:04:03 +0800 -Subject: [PATCH 11/27] runtime: Add timeout and cancel to shim fifo - open - -reason: Add timeout and cancel to shim fifo open -There is still a special case where the client side fails to open or -load causes things to be slow and the shim can lock up when this -happens. This adds a timeout to the context for this case to abort fifo -creation. - -Cherry-pick from upstream 18f57e20b0 - -Signed-off-by: Michael Crosby -(cherry picked from commit a2a4241979f615eb0a1084c7638c21f830f48ac5) -Signed-off-by: Andrew Hsu -Signed-off-by: lujingxiao - -Change-Id: Ic7f285b149f97f4d6526b3f2c28b6ac6790332b0 ---- - runtime/v1/linux/proc/exec.go | 5 +++++ - runtime/v1/linux/proc/init.go | 5 +++++ - 2 files changed, 10 insertions(+) - -diff --git a/runtime/v1/linux/proc/exec.go b/runtime/v1/linux/proc/exec.go -index 96c425d..715a977 100644 ---- a/runtime/v1/linux/proc/exec.go -+++ b/runtime/v1/linux/proc/exec.go -@@ -172,22 +172,27 @@ func (e *execProcess) start(ctx context.Context) (err error) { - e.stdin = sc - } - var copyWaitGroup sync.WaitGroup -+ ctx, cancel := context.WithTimeout(ctx, 30*time.Second) - if socket != nil { - console, err := socket.ReceiveMaster() - if err != nil { -+ cancel() - return errors.Wrap(err, "failed to retrieve console master") - } - if e.console, err = e.parent.Platform.CopyConsole(ctx, console, e.stdio.Stdin, e.stdio.Stdout, e.stdio.Stderr, &e.wg, ©WaitGroup); err != nil { -+ cancel() - return errors.Wrap(err, "failed to start console copy") - } - } else if !e.stdio.IsNull() { - if err := copyPipes(ctx, e.io, e.stdio.Stdin, e.stdio.Stdout, e.stdio.Stderr, &e.wg, ©WaitGroup); err != nil { -+ cancel() - return errors.Wrap(err, "failed to start io pipe copy") - } - } - copyWaitGroup.Wait() - pid, err := runc.ReadPidFile(opts.PidFile) - if err != nil { -+ cancel() - return errors.Wrap(err, "failed to retrieve OCI runtime exec pid") - } - e.pid = pid -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index 5bf5f83..5b23671 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -168,18 +168,22 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - p.closers = append(p.closers, sc) - } - var copyWaitGroup sync.WaitGroup -+ ctx, cancel := context.WithTimeout(ctx, 30*time.Second) - if socket != nil { - console, err := socket.ReceiveMaster() - if err != nil { -+ cancel() - return errors.Wrap(err, "failed to retrieve console master") - } - console, err = p.Platform.CopyConsole(ctx, console, r.Stdin, r.Stdout, r.Stderr, &p.wg, ©WaitGroup) - if err != nil { -+ cancel() - return errors.Wrap(err, "failed to start console copy") - } - p.console = console - } else if !hasNoIO(r) { - if err := copyPipes(ctx, p.io, r.Stdin, r.Stdout, r.Stderr, &p.wg, ©WaitGroup); err != nil { -+ cancel() - return errors.Wrap(err, "failed to start io pipe copy") - } - } -@@ -187,6 +191,7 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - copyWaitGroup.Wait() - pid, err := runc.ReadPidFile(pidFile) - if err != nil { -+ cancel() - return errors.Wrap(err, "failed to retrieve OCI runtime container pid") - } - p.pid = pid --- -2.7.4.3 - diff --git a/patch/0012-bump-bump-containerd-to-1.2.0.2.patch b/patch/0012-bump-bump-containerd-to-1.2.0.2.patch deleted file mode 100644 index 2f8ac244bc1eea30d2fb3d114d0a9ee8986b9d3f..0000000000000000000000000000000000000000 --- a/patch/0012-bump-bump-containerd-to-1.2.0.2.patch +++ /dev/null @@ -1,36 +0,0 @@ -From ea92cca7c1d4dfbd6a563588a6ea9b56a764fc39 Mon Sep 17 00:00:00 2001 -From: lujingxiao -Date: Wed, 23 Jan 2019 15:31:56 +0800 -Subject: [PATCH 12/27] bump: bump containerd to 1.2.0.2 - -reason: bump containerd to 1.2.0.2 after cherry-picked patches from -upstream: -- runtime: Add timeout and cancel to shim fifo open -- runtime: fix pipe in broken may cause shim lock forever for runtime v1 -- runtime: fix pipe in broken may cause shim lock forever for runtime v2 -- runtime: Use named pipes for shim logs -- shim: Increase reaper buffer size and non-blocking send -- shim: optimize shim lock in runtime v1 - -Change-Id: Ibd7574e2ab18a2f783c694931101e1459bc779ad -Signed-off-by: lujingxiao ---- - hack/containerd.spec | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hack/containerd.spec b/hack/containerd.spec -index f53c37b..c7d358d 100644 ---- a/hack/containerd.spec -+++ b/hack/containerd.spec -@@ -3,7 +3,7 @@ - Version: 1.2.0 - - Name: containerd --Release: 1%{?dist} -+Release: 2%{?dist} - Summary: An industry-standard container runtime - License: ASL 2.0 - URL: https://containerd.io --- -2.7.4.3 - diff --git a/patch/0013-log-support-log-init-pid-to-start-event-log.patch b/patch/0013-log-support-log-init-pid-to-start-event-log.patch deleted file mode 100644 index da79fdd12cda053aedf9cc007ae51a4a9ada62f1..0000000000000000000000000000000000000000 --- a/patch/0013-log-support-log-init-pid-to-start-event-log.patch +++ /dev/null @@ -1,50 +0,0 @@ -From d4d3f8a239f4b4afd009d954453e585704ddb112 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Thu, 24 Jan 2019 11:55:10 +0800 -Subject: [PATCH 13/27] log: support log init pid to start event log - -reason: DFX support start event with init pid - -Change-Id: I8ae9c7a9652f694680979965829682416aed4055 -Signed-off-by: jingrui ---- - hack/containerd.spec | 2 +- - runtime/v1/linux/task.go | 2 ++ - 2 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/hack/containerd.spec b/hack/containerd.spec -index c7d358d..462d35e 100644 ---- a/hack/containerd.spec -+++ b/hack/containerd.spec -@@ -3,7 +3,7 @@ - Version: 1.2.0 - - Name: containerd --Release: 2%{?dist} -+Release: 3%{?dist} - Summary: An industry-standard container runtime - License: ASL 2.0 - URL: https://containerd.io -diff --git a/runtime/v1/linux/task.go b/runtime/v1/linux/task.go -index 38da35c..1c650c4 100644 ---- a/runtime/v1/linux/task.go -+++ b/runtime/v1/linux/task.go -@@ -36,6 +36,7 @@ import ( - "github.com/containerd/typeurl" - "github.com/gogo/protobuf/types" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - // Task on a linux based system -@@ -131,6 +132,7 @@ func (t *Task) Start(ctx context.Context) error { - t.cg = cg - t.mu.Unlock() - } -+ logrus.Infof("publish event %s for container %s with pid %d", runtime.TaskStartEventTopic, t.id, t.pid) - t.events.Publish(ctx, runtime.TaskStartEventTopic, &eventstypes.TaskStart{ - ContainerID: t.id, - Pid: uint32(t.pid), --- -2.7.4.3 - diff --git a/patch/0014-event-resend-exit-event-when-detect-container.patch b/patch/0014-event-resend-exit-event-when-detect-container.patch deleted file mode 100644 index de4a80265327cc81e7ee6ff91d48dd8a5985a8d6..0000000000000000000000000000000000000000 --- a/patch/0014-event-resend-exit-event-when-detect-container.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 200ae6f4b733f8a869aac36a730da90e79213387 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sun, 10 Feb 2019 18:40:59 +0800 -Subject: [PATCH 14/27] event: resend exit event when detect - containerd restarted - -reason: testCE_docker_containerd_ABN.026.sh -fix docker stop no effect. - -Change-Id: I024b2f6a03d74fcbb5623c696212dcbfb624b285 -Signed-off-by: jingrui ---- - cmd/containerd-shim/main_unix.go | 38 +++++++++++++++++++++++++++++++++++++- - 1 file changed, 37 insertions(+), 1 deletion(-) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index 6c59cd1..d1f41b0 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -24,12 +24,14 @@ import ( - "flag" - "fmt" - "io" -+ "io/ioutil" - "net" - "os" - "os/exec" - "os/signal" - "runtime" - "runtime/debug" -+ "strconv" - "strings" - "sync" - "syscall" -@@ -263,7 +265,7 @@ type remoteEventsPublisher struct { - address string - } - --func (l *remoteEventsPublisher) Publish(ctx context.Context, topic string, event events.Event) error { -+func (l *remoteEventsPublisher) doPublish(ctx context.Context, topic string, event events.Event) error { - ns, _ := namespaces.Namespace(ctx) - encoded, err := typeurl.MarshalAny(event) - if err != nil { -@@ -288,3 +290,37 @@ func (l *remoteEventsPublisher) Publish(ctx context.Context, topic string, event - } - return nil - } -+ -+func getContainerdPid() int { -+ pidFile := "/var/run/docker/containerd/containerd.pid" -+ data, err := ioutil.ReadFile(pidFile) -+ if err != nil { -+ return -1 -+ } -+ pid, err := strconv.Atoi(string(data)) -+ if err != nil { -+ return -1 -+ } -+ return pid -+} -+ -+func (l *remoteEventsPublisher) Publish(ctx context.Context, topic string, event events.Event) error { -+ old := getContainerdPid() -+ for i := 1; i <= 10; i++ { -+ err := l.doPublish(ctx, topic, event) -+ logrus.Infof("try publish event(%d) %s %v %v", i, topic, event, err) -+ if err == nil { -+ new := getContainerdPid() -+ if old == new { -+ return nil -+ } -+ logrus.Warnf("containerd pid %d changed to %d", old, new) -+ old = new -+ } -+ if i == 10 { -+ return err -+ } -+ time.Sleep(time.Duration(i) * time.Second) -+ } -+ return nil -+} --- -2.7.4.3 - diff --git a/patch/0015-restore-cleanup-container-pid-1.patch b/patch/0015-restore-cleanup-container-pid-1.patch deleted file mode 100644 index 1cdfd2282e9260b77a3ceb7bbb5cc484fa574827..0000000000000000000000000000000000000000 --- a/patch/0015-restore-cleanup-container-pid-1.patch +++ /dev/null @@ -1,122 +0,0 @@ -From fd1c8dda8cc02b9aef28f1e3e4e51ab216338e2b Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sun, 10 Feb 2019 15:40:52 +0800 -Subject: [PATCH 15/27] restore: cleanup container pid=-1 - -reason: fix testCE_docker_hook_spec_ABN.050.sh -when containerd killed during task create, see Runtime.Create(). the -defer function will not execute, so shim residual. cleanup shim for -container pid=-1 - -Change-Id: Ie9a7f6dff5f8a922cc97c5fcf44664ab60ac1a7a -Signed-off-by: jingrui ---- - runtime/v1/linux/runtime.go | 10 +++++++--- - runtime/v1/linux/task.go | 26 ++++++++++++++++++++++++-- - 2 files changed, 31 insertions(+), 5 deletions(-) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index e1b3cac..3b66304 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -316,6 +316,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - continue - } - id := path.Name() -+ log.G(ctx).Infof("load-task %s", id) - bundle := loadBundle( - id, - filepath.Join(r.state, ns, id), -@@ -372,6 +373,12 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - log.G(ctx).WithError(err).Error("loading task type") - continue - } -+ if pid == -1 { -+ _, err := t.DeleteForce(ctx) -+ log.G(ctx).Warnf("delete force %s Pid=-1 error=%v", id, err) -+ continue -+ } -+ log.G(ctx).Infof("load-task %s Pid=%d done", id, pid) - o = append(o, t) - } - return o, nil -@@ -380,9 +387,6 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - func (r *Runtime) cleanupAfterDeadShim(ctx context.Context, bundle *bundle, ns, id string, pid int) error { - ctx = namespaces.WithNamespace(ctx, ns) - if err := r.terminate(ctx, bundle, ns, id); err != nil { -- if r.config.ShimDebug { -- return errors.Wrap(err, "failed to terminate task, leaving bundle for debugging") -- } - log.G(ctx).WithError(err).Warn("failed to terminate task") - } - -diff --git a/runtime/v1/linux/task.go b/runtime/v1/linux/task.go -index 1c650c4..6995156 100644 ---- a/runtime/v1/linux/task.go -+++ b/runtime/v1/linux/task.go -@@ -21,6 +21,7 @@ package linux - import ( - "context" - "sync" -+ "time" - - "github.com/containerd/cgroups" - eventstypes "github.com/containerd/containerd/api/events" -@@ -37,6 +38,7 @@ import ( - "github.com/gogo/protobuf/types" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" -+ "golang.org/x/sys/unix" - ) - - // Task on a linux based system -@@ -86,10 +88,13 @@ func (t *Task) Namespace() string { - } - - // Delete the task and return the exit status --func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) { -+func (t *Task) delete(ctx context.Context, force bool) (*runtime.Exit, error) { - rsp, err := t.shim.Delete(ctx, empty) - if err != nil { -- return nil, errdefs.FromGRPC(err) -+ log.G(ctx).WithError(err).Error("failed to delete container, force=%t", force) -+ if !force { -+ return nil, errdefs.FromGRPC(err) -+ } - } - t.tasks.Delete(ctx, t.id) - if err := t.shim.KillShim(ctx); err != nil { -@@ -98,6 +103,14 @@ func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) { - if err := t.bundle.Delete(); err != nil { - log.G(ctx).WithError(err).Error("failed to delete bundle") - } -+ -+ if rsp == nil { -+ rsp = &shim.DeleteResponse{} -+ rsp.ExitStatus = 128 + uint32(unix.SIGKILL) -+ rsp.ExitedAt = time.Now().UTC() -+ rsp.Pid = 0 -+ } -+ - t.events.Publish(ctx, runtime.TaskDeleteEventTopic, &eventstypes.TaskDelete{ - ContainerID: t.id, - ExitStatus: rsp.ExitStatus, -@@ -111,6 +124,15 @@ func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) { - }, nil - } - -+// Delete the task and return the exit status -+func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) { -+ return t.delete(ctx, false) -+} -+ -+func (t *Task) DeleteForce(ctx context.Context) (*runtime.Exit, error) { -+ return t.delete(ctx, true) -+} -+ - // Start the task - func (t *Task) Start(ctx context.Context) error { - t.mu.Lock() --- -2.7.4.3 - diff --git a/patch/0016-create-runc-delete-force-before-create.patch b/patch/0016-create-runc-delete-force-before-create.patch deleted file mode 100644 index 3aa5ece7aa59307d8e5f6134d6c4185739d328ca..0000000000000000000000000000000000000000 --- a/patch/0016-create-runc-delete-force-before-create.patch +++ /dev/null @@ -1,31 +0,0 @@ -From e7827a737c42861afd6b41e2e7dc953c249278fc Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Mon, 11 Feb 2019 17:40:31 +0800 -Subject: [PATCH 16/27] create: runc delete force before create - -reason: testCE_docker_hook_spec_ABN.051.sh -kill -9 shim will generate residual runc files, cleanup runc files using -runc delete before create. - -Change-Id: I3efa3c4d0989ba8d688bcb6f35ba543b6ab91b2d -Signed-off-by: jingrui ---- - vendor/github.com/containerd/go-runc/runc.go | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index 96262af..e688881 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -138,6 +138,8 @@ func (o *CreateOpts) args() (out []string, err error) { - - // Create creates a new container and returns its pid if it was created successfully - func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOpts) error { -+ r.Delete(context, id, &DeleteOpts{Force: true}) -+ - args := []string{"create", "--bundle", bundle} - if opts != nil { - oargs, err := opts.args() --- -2.7.4.3 - diff --git a/patch/0017-exit-using-init.exit-indicate-container-is-ex.patch b/patch/0017-exit-using-init.exit-indicate-container-is-ex.patch deleted file mode 100644 index 92c6ef49f470d0629faa4d7c99578de91cb93b3a..0000000000000000000000000000000000000000 --- a/patch/0017-exit-using-init.exit-indicate-container-is-ex.patch +++ /dev/null @@ -1,65 +0,0 @@ -From f83e391aef03283b30431a960b66f720cf0d9dd3 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Mon, 11 Feb 2019 20:12:15 +0800 -Subject: [PATCH 17/27] exit: using init.exit indicate container is - exiting - -reason: testCE_docker_hook_spec_ABN.053.sh -kill dockerd during docker stop in post-stophook, containerd will load -task and treat as ok when shim response client. add init.exit to forbid -load exiting task. - -Change-Id: I8f03cd51088d43d4fb457b32981f3eebd8558f84 -Signed-off-by: jingrui ---- - runtime/v1/linux/proc/init.go | 1 + - runtime/v1/linux/runtime.go | 5 +++++ - runtime/v1/shim/service.go | 4 +++- - 3 files changed, 9 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index 5b23671..caa31c3 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -43,6 +43,7 @@ import ( - - // InitPidFile name of the file that contains the init pid - const InitPidFile = "init.pid" -+const InitExit = "init.exit" - - // Init represents an initial process for a container - type Init struct { -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 3b66304..123d675 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -378,6 +378,11 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - log.G(ctx).Warnf("delete force %s Pid=-1 error=%v", id, err) - continue - } -+ if _, err := os.Stat(filepath.Join(bundle.path, proc.InitExit)); err == nil { -+ _, err := t.DeleteForce(ctx) -+ log.G(ctx).Warnf("delete force %s Pid=%d(exiting) error=%v", id, pid, err) -+ continue -+ } - log.G(ctx).Infof("load-task %s Pid=%d done", id, pid) - o = append(o, t) - } -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 679982a..8c7984f 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -504,7 +504,9 @@ func (s *Service) checkProcesses(e runc.Exit) { - - for _, p := range s.processes { - if p.Pid() == e.Pid { -- -+ if ip, ok := p.(*proc.Init); ok { -+ ioutil.WriteFile(filepath.Join(ip.Bundle, proc.InitExit), []byte(fmt.Sprintf("%d", e.Pid)), 0600) -+ } - if shouldKillAll { - if ip, ok := p.(*proc.Init); ok { - // Ensure all children are killed --- -2.7.4.3 - diff --git a/patch/0018-containerd-shim-Dump-log-to-file-when-docker-.patch b/patch/0018-containerd-shim-Dump-log-to-file-when-docker-.patch deleted file mode 100644 index e9115139e85ec556819f8b355e50a27732cc750e..0000000000000000000000000000000000000000 --- a/patch/0018-containerd-shim-Dump-log-to-file-when-docker-.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 7f483b7d5a6bd88ea35f5dcf1a5fea5d165044fe Mon Sep 17 00:00:00 2001 -From: lixiang172 -Date: Tue, 12 Feb 2019 15:22:06 +0800 -Subject: [PATCH 18/27] containerd-shim: Dump log to file when docker - received signal - -reason: Dump stack log to file when docker received "kill -SIGUSR1 -PID" signal -The name of log files is "shim-stack-[time].log". -The log file can be found at: -/run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/container-id/shim-stack-[time].log - -Change-Id: I6d7e03c9a0fd36e9a76f1dd45cfd5312985d03f8 -Signed-off-by: lixiang172 ---- - cmd/containerd-shim/main_unix.go | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index d1f41b0..38b3eb4 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -246,6 +246,8 @@ func handleSignals(logger *logrus.Entry, signals chan os.Signal, server *ttrpc.S - } - } - -+const stacksLogNameTemplate = "shim-stacks-%s.log" -+ - func dumpStacks(logger *logrus.Entry) { - var ( - buf []byte -@@ -258,6 +260,7 @@ func dumpStacks(logger *logrus.Entry) { - bufferLen *= 2 - } - buf = buf[:stackSize] -+ ioutil.WriteFile(fmt.Sprintf(stacksLogNameTemplate, strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)), buf, 0600) - logger.Infof("=== BEGIN goroutine stack dump ===\n%s\n=== END goroutine stack dump ===", buf) - } - --- -2.7.4.3 - diff --git a/patch/0019-restore-check-shim-alive-when-containerd-is-r.patch b/patch/0019-restore-check-shim-alive-when-containerd-is-r.patch deleted file mode 100644 index 4557c56fb78dc49cd1d0c89e00e71d4797597ebc..0000000000000000000000000000000000000000 --- a/patch/0019-restore-check-shim-alive-when-containerd-is-r.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 112c2ef89b1085e95959285ce5328af5d74ba8db Mon Sep 17 00:00:00 2001 -From: xueshaojia -Date: Thu, 14 Feb 2019 10:48:14 +0800 -Subject: [PATCH 19/27] restore: check shim alive when containerd is - restarted - -reason: fix docker_containerd-shim:testCE_docker_containerd_shim_ABN.021.sh - When containerd is restarted, it will load all tasks.In some cases, the - containerd-shim is killed and the sock file will exist for a while. - Containerd should check the containerd-shim is available using the sock file. - If the containerd-shim server not responses, do r.cleanupAfterDeadShim - -Change-Id: I448c8caefa8c1252bd5cdcff79deb8eff1005903 -Signed-off-by: xueshaojia ---- - runtime/v1/linux/runtime.go | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 123d675..477cda0 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -343,6 +343,21 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - } - continue - } -+ ctxContact, cancel := context.WithTimeout(ctx, 5*time.Second) -+ defer cancel() -+ alive, err := s.IsAlive(ctxContact) -+ if !alive { -+ log.G(ctx).WithError(err).WithFields(logrus.Fields{ -+ "id": id, -+ "namespace": ns, -+ }).Error("contacting to shim") -+ err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid) -+ if err != nil { -+ log.G(ctx).WithError(err).WithField("bundle", bundle.path). -+ Error("cleaning up after dead shim") -+ } -+ continue -+ } - - logDirPath := filepath.Join(r.root, ns, id) - --- -2.7.4.3 - diff --git a/patch/0020-events-resend-pending-exit-events-on-restore.patch b/patch/0020-events-resend-pending-exit-events-on-restore.patch deleted file mode 100644 index 8d2b63b669fbaf0b7204e9dbc8dfc135917fcdd8..0000000000000000000000000000000000000000 --- a/patch/0020-events-resend-pending-exit-events-on-restore.patch +++ /dev/null @@ -1,357 +0,0 @@ -From 27762e8d75c00c8898c725873c17a23105ba5b7c Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Tue, 12 Feb 2019 17:03:11 +0800 -Subject: [PATCH 20/27] events: resend pending exit events on restore - -reason: fix exit event may lost. -testCE_docker_containerd_ABN.026.sh - -Change-Id: I5bcdf06ad4ee7b8a0ca782e610186f52e3d79bbd -Signed-off-by: jingrui ---- - events/events.go | 13 +++++ - events/exchange/exchange.go | 12 +++++ - events/exit.go | 79 +++++++++++++++++++++++++++++ - runtime/v1/linux/runtime.go | 56 +++++++++++++++++--- - runtime/v1/linux/task.go | 10 ++-- - runtime/v1/shim/service.go | 2 + - vendor/github.com/docker/go-events/queue.go | 8 +++ - 7 files changed, 167 insertions(+), 13 deletions(-) - create mode 100644 events/exit.go - -diff --git a/events/events.go b/events/events.go -index b7eb86f..aa07236 100644 ---- a/events/events.go -+++ b/events/events.go -@@ -22,6 +22,7 @@ import ( - - "github.com/containerd/typeurl" - "github.com/gogo/protobuf/types" -+ apievents "github.com/containerd/containerd/api/events" - ) - - // Envelope provides the packaging for an event. -@@ -32,6 +33,18 @@ type Envelope struct { - Event *types.Any - } - -+func (e *Envelope) ExitFile() string { -+ decoded, err := typeurl.UnmarshalAny(e.Event) -+ if err != nil { -+ return "" -+ } -+ -+ if e, ok := decoded.(*apievents.TaskExit); ok { -+ return ExitFile(e.ContainerID, e.Pid, e.ExitStatus) -+ } -+ -+ return "" -+} - // Field returns the value for the given fieldpath as a string, if defined. - // If the value is not defined, the second value will be false. - func (e *Envelope) Field(fieldpath []string) (string, bool) { -diff --git a/events/exchange/exchange.go b/events/exchange/exchange.go -index 95d21b7..540f180 100644 ---- a/events/exchange/exchange.go -+++ b/events/exchange/exchange.go -@@ -49,6 +49,11 @@ func NewExchange() *Exchange { - var _ events.Publisher = &Exchange{} - var _ events.Forwarder = &Exchange{} - var _ events.Subscriber = &Exchange{} -+var mobySubcribed = false -+ -+func MobySubscribed() bool { -+ return mobySubcribed -+} - - // Forward accepts an envelope to be direcly distributed on the exchange. - // -@@ -161,6 +166,13 @@ func (e *Exchange) Subscribe(ctx context.Context, fs ...string) (ch <-chan *even - } - - e.broadcaster.Add(dst) -+ logrus.Infof("subscribe ctx=%v fs=%v", ctx, fs) -+ for _, s := range fs { -+ if !MobySubscribed() && s == "namespace==moby,topic~=|^/tasks/|" { -+ queue.Namespace = "moby" -+ mobySubcribed = true -+ } -+ } - - go func() { - defer closeAll() -diff --git a/events/exit.go b/events/exit.go -new file mode 100644 -index 0000000..e1ce089 ---- /dev/null -+++ b/events/exit.go -@@ -0,0 +1,79 @@ -+package events -+ -+import ( -+ "fmt" -+ "io/ioutil" -+ "os" -+ "path/filepath" -+ "strconv" -+ "strings" -+ "github.com/sirupsen/logrus" -+) -+ -+const ExitDir = "/var/run/docker/containerd/exit" -+const ExitStatusDefault = 137 -+ -+func ExitFile(cid string, pid uint32, status uint32) string { -+ return fmt.Sprintf("%s.%d.%d", cid, pid, status) -+} -+ -+func ExitInfo(ef string) (string, uint32, uint32) { -+ s := strings.Split(ef, ".") -+ if len(s) != 3 { -+ return "", 0, 0 -+ } -+ -+ cid := s[0] -+ pid, err := strconv.ParseUint(s[1], 10, 32) -+ if err != nil { -+ return "", 0, 0 -+ } -+ status, err := strconv.ParseUint(s[2], 10, 32) -+ if err != nil { -+ return "", 0, 0 -+ } -+ -+ return cid, uint32(pid), uint32(status) -+} -+ -+func ExitAddFile(ns string, ef string, reason string) { -+ os.MkdirAll(filepath.Join(ExitDir, ns), 0700) -+ err := ioutil.WriteFile(filepath.Join(ExitDir, ns, ef), []byte{}, 0600) -+ logrus.Infof("exit-add %s/%s [reason: %s] error=%v", ns, ef, reason, err) -+} -+ -+func ExitDelFile(ns string, ef string) { -+ err := os.RemoveAll(filepath.Join(ExitDir, ns, ef)) -+ logrus.Infof("exit-del %s/%s error=%v", ns, ef, err) -+} -+ -+func ExitGetFile(ns string, cid string, pid uint32, status uint32) string { -+ ef := ExitFile(cid, pid, status) -+ if _, err := os.Stat(filepath.Join(ExitDir, ns, ef)); err == nil { -+ return ef -+ } -+ return "" -+} -+ -+func ExitGetFiles(ns string) []string { -+ files, err := ioutil.ReadDir(filepath.Join(ExitDir, ns)) -+ if err != nil { -+ return []string{} -+ } -+ -+ names := []string{} -+ for _, f := range files { -+ names = append(names, f.Name()) -+ } -+ -+ return names -+} -+ -+func ExitPending(ns string, cid string, pid uint32) bool { -+ for _, ef := range ExitGetFiles(ns) { -+ if strings.Contains(ef, fmt.Sprintf("%s.%d", cid, pid)) { -+ return true -+ } -+ } -+ return false -+} -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 477cda0..add4d52 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -31,6 +31,7 @@ import ( - "github.com/containerd/containerd/api/types" - "github.com/containerd/containerd/containers" - "github.com/containerd/containerd/errdefs" -+ "github.com/containerd/containerd/events" - "github.com/containerd/containerd/events/exchange" - "github.com/containerd/containerd/identifiers" - "github.com/containerd/containerd/log" -@@ -129,6 +130,7 @@ func New(ic *plugin.InitContext) (interface{}, error) { - return nil, err - } - } -+ go r.resendExitEvents(ic.Context, "moby") - return r, nil - } - -@@ -175,7 +177,8 @@ func (r *Runtime) Create(ctx context.Context, id string, opts runtime.CreateOpts - } - defer func() { - if err != nil { -- bundle.Delete() -+ errd := bundle.Delete() -+ log.G(ctx).WithError(err).Errorf("revert: delete bundle error=%v", errd) - } - }() - -@@ -218,9 +221,8 @@ func (r *Runtime) Create(ctx context.Context, id string, opts runtime.CreateOpts - } - defer func() { - if err != nil { -- if kerr := s.KillShim(ctx); kerr != nil { -- log.G(ctx).WithError(err).Error("failed to kill shim") -- } -+ kerr := s.KillShim(ctx) -+ log.G(ctx).WithError(err).Errorf("revert: kill shim error=%v", kerr) - } - }() - -@@ -305,6 +307,41 @@ func (r *Runtime) Get(ctx context.Context, id string) (runtime.Task, error) { - return r.tasks.Get(ctx, id) - } - -+func (r *Runtime) resendExitEvents(ctx context.Context, ns string) { -+ for { -+ time.Sleep(time.Second) -+ efs := events.ExitGetFiles(ns) -+ if len(efs) == 0 { -+ break -+ } -+ -+ if !exchange.MobySubscribed() { -+ logrus.Infof("waiting moby event stream ...") -+ continue -+ } -+ time.Sleep(time.Second) -+ -+ for _, ef := range efs { -+ cid, pid, status := events.ExitInfo(ef) -+ if cid == "" { -+ continue -+ } -+ -+ e := &eventstypes.TaskExit{ -+ ContainerID: cid, -+ ID: cid, -+ ExitStatus: status, -+ ExitedAt: time.Now().UTC(), -+ Pid: uint32(pid), -+ } -+ -+ ctx := namespaces.WithNamespace(context.Background(), ns) -+ err := r.events.Publish(ctx, runtime.TaskExitEventTopic, e) -+ logrus.Infof("resend exit event %v error=%v", e, err) -+ } -+ } -+} -+ - func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - dir, err := ioutil.ReadDir(filepath.Join(r.state, ns)) - if err != nil { -@@ -388,13 +425,16 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - log.G(ctx).WithError(err).Error("loading task type") - continue - } -- if pid == -1 { -- _, err := t.DeleteForce(ctx) -- log.G(ctx).Warnf("delete force %s Pid=-1 error=%v", id, err) -+ if pid <= 0 { -+ _, err := t.DeleteForce(ctx, 0) -+ log.G(ctx).Warnf("delete force %s Pid=%d error=%v", id, pid, err) - continue - } - if _, err := os.Stat(filepath.Join(bundle.path, proc.InitExit)); err == nil { -- _, err := t.DeleteForce(ctx) -+ if !events.ExitPending(ns, t.id, uint32(pid)) { -+ events.ExitAddFile(ns, events.ExitFile(t.id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") -+ } -+ _, err := t.DeleteForce(ctx, uint32(pid)) - log.G(ctx).Warnf("delete force %s Pid=%d(exiting) error=%v", id, pid, err) - continue - } -diff --git a/runtime/v1/linux/task.go b/runtime/v1/linux/task.go -index 6995156..b692ae7 100644 ---- a/runtime/v1/linux/task.go -+++ b/runtime/v1/linux/task.go -@@ -88,7 +88,7 @@ func (t *Task) Namespace() string { - } - - // Delete the task and return the exit status --func (t *Task) delete(ctx context.Context, force bool) (*runtime.Exit, error) { -+func (t *Task) delete(ctx context.Context, force bool, pid uint32) (*runtime.Exit, error) { - rsp, err := t.shim.Delete(ctx, empty) - if err != nil { - log.G(ctx).WithError(err).Error("failed to delete container, force=%t", force) -@@ -108,7 +108,7 @@ func (t *Task) delete(ctx context.Context, force bool) (*runtime.Exit, error) { - rsp = &shim.DeleteResponse{} - rsp.ExitStatus = 128 + uint32(unix.SIGKILL) - rsp.ExitedAt = time.Now().UTC() -- rsp.Pid = 0 -+ rsp.Pid = pid - } - - t.events.Publish(ctx, runtime.TaskDeleteEventTopic, &eventstypes.TaskDelete{ -@@ -126,11 +126,11 @@ func (t *Task) delete(ctx context.Context, force bool) (*runtime.Exit, error) { - - // Delete the task and return the exit status - func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) { -- return t.delete(ctx, false) -+ return t.delete(ctx, false, 0) - } - --func (t *Task) DeleteForce(ctx context.Context) (*runtime.Exit, error) { -- return t.delete(ctx, true) -+func (t *Task) DeleteForce(ctx context.Context, pid uint32) (*runtime.Exit, error) { -+ return t.delete(ctx, true, pid) - } - - // Start the task -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 8c7984f..a2eb35b 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -505,6 +505,8 @@ func (s *Service) checkProcesses(e runc.Exit) { - for _, p := range s.processes { - if p.Pid() == e.Pid { - if ip, ok := p.(*proc.Init); ok { -+ ns := filepath.Base(filepath.Dir(ip.Bundle)) -+ events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") - ioutil.WriteFile(filepath.Join(ip.Bundle, proc.InitExit), []byte(fmt.Sprintf("%d", e.Pid)), 0600) - } - if shouldKillAll { -diff --git a/vendor/github.com/docker/go-events/queue.go b/vendor/github.com/docker/go-events/queue.go -index 4bb770a..0608e7e 100644 ---- a/vendor/github.com/docker/go-events/queue.go -+++ b/vendor/github.com/docker/go-events/queue.go -@@ -5,12 +5,14 @@ import ( - "sync" - - "github.com/sirupsen/logrus" -+ topevents "github.com/containerd/containerd/events" - ) - - // Queue accepts all messages into a queue for asynchronous consumption - // by a sink. It is unbounded and thread safe but the sink must be reliable or - // events will be dropped. - type Queue struct { -+ Namespace string - dst Sink - events *list.List - cond *sync.Cond -@@ -83,6 +85,12 @@ func (eq *Queue) run() { - "event": event, - "sink": eq.dst, - }).WithError(err).Debug("eventqueue: dropped event") -+ } else { -+ if e, ok := event.(*topevents.Envelope); ok { -+ if ef := e.ExitFile(); ef != "" { -+ topevents.ExitDelFile(eq.Namespace, ef) -+ } -+ } - } - } - } --- -2.7.4.3 - diff --git a/patch/0021-containerd-Update-the-version-info-of-contain.patch b/patch/0021-containerd-Update-the-version-info-of-contain.patch deleted file mode 100644 index c1db6686804f5cf20e0d2697e207d4ee55fc111b..0000000000000000000000000000000000000000 --- a/patch/0021-containerd-Update-the-version-info-of-contain.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 818ef5fe43d3b9b4c53301800d545ce4c775afff Mon Sep 17 00:00:00 2001 -From: lixiang172 -Date: Tue, 12 Feb 2019 11:37:37 +0800 -Subject: [PATCH 21/27] containerd: Update the version info of - containerd - -reason: Update the version info after type "containerd -v" -The version info now is defined by "containerd.spec" rather than -"version.go" - -Change-Id: I04c6b78737e09f93a3e84a100c88be19294a5c4f -Signed-off-by: lixiang172 ---- - Makefile | 8 ++++---- - version/version.go | 2 +- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/Makefile b/Makefile -index 35021fd..e38dfb3 100644 ---- a/Makefile -+++ b/Makefile -@@ -20,8 +20,8 @@ ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST)))) - DESTDIR=/usr/local - - # Used to populate variables in version package. --VERSION=$(shell git describe --match 'v[0-9]*' --dirty='.m' --always) --REVISION=$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi) -+VERSION=$(shell echo version:)$(shell grep '^Version' ${ROOTDIR}/hack/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/').$(shell grep '^Release:' ${ROOTDIR}/hack/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/') -+REVISION=$(shell echo commit:)$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi) - - ifneq "$(strip $(shell command -v go 2>/dev/null))" "" - GOOS ?= $(shell go env GOOS) -@@ -77,8 +77,8 @@ MANPAGES=ctr.1 containerd.1 containerd-config.1 containerd-config.toml.5 - # Build tags seccomp and apparmor are needed by CRI plugin. - BUILDTAGS ?= seccomp apparmor - GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",) --GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PKG) $(EXTRA_LDFLAGS)' --SHIM_GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PKG) -extldflags "-static"' -+GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' -+SHIM_GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' - - #Replaces ":" (*nix), ";" (windows) with newline for easy parsing - GOPATHS=$(shell echo ${GOPATH} | tr ":" "\n" | tr ";" "\n") -diff --git a/version/version.go b/version/version.go -index b2874bf..04b7097 100644 ---- a/version/version.go -+++ b/version/version.go -@@ -18,7 +18,7 @@ package version - - var ( - // Package is filled at linking time -- Package = "github.com/containerd/containerd" -+ Package = "" - - // Version holds the complete version number. Filled in at linking time. - Version = "1.2.0+unknown" --- -2.7.4.3 - diff --git a/patch/0022-containerd-bump-version-1.2.0.4.patch b/patch/0022-containerd-bump-version-1.2.0.4.patch deleted file mode 100644 index 515b1f83022eccba52eceb7fdff8af90be538e80..0000000000000000000000000000000000000000 --- a/patch/0022-containerd-bump-version-1.2.0.4.patch +++ /dev/null @@ -1,29 +0,0 @@ -From bea413085725db89439817284b63bb4061e62753 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Wed, 13 Feb 2019 22:03:08 +0800 -Subject: [PATCH 22/27] containerd: bump version 1.2.0.4 - -reason: bump version - -Change-Id: Iee2348e931a723929ccfe63b3539c812514acc90 -Signed-off-by: jingrui ---- - hack/containerd.spec | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hack/containerd.spec b/hack/containerd.spec -index 462d35e..f8d9084 100644 ---- a/hack/containerd.spec -+++ b/hack/containerd.spec -@@ -3,7 +3,7 @@ - Version: 1.2.0 - - Name: containerd --Release: 3%{?dist} -+Release: 4%{?dist} - Summary: An industry-standard container runtime - License: ASL 2.0 - URL: https://containerd.io --- -2.7.4.3 - diff --git a/patch/0023-containerd-set-create-and-exec-timeout.patch b/patch/0023-containerd-set-create-and-exec-timeout.patch deleted file mode 100644 index f99410947aa79d0b548ed1b7c99381d810d320ce..0000000000000000000000000000000000000000 --- a/patch/0023-containerd-set-create-and-exec-timeout.patch +++ /dev/null @@ -1,218 +0,0 @@ -From 006bc6d0a9e0c233d0d14de53de0b18799c67081 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Fri, 15 Feb 2019 06:00:52 +0800 -Subject: [PATCH 23/27] containerd: set create and exec timeout - -reason:set create and exec timeout to avild block when command failed - -Change-Id: I6bc55f4ccc953bdc1d926ab940f0900811d68760 -Signed-off-by: xiadanni ---- - hack/containerd.spec | 2 +- - runtime/v1/shim/reaper.go | 50 +++++++++++++++++++++++++ - runtime/v2/shim/reaper_unix.go | 4 ++ - vendor/github.com/containerd/go-runc/monitor.go | 6 +++ - vendor/github.com/containerd/go-runc/runc.go | 31 +++++++++++++-- - 5 files changed, 88 insertions(+), 5 deletions(-) - -diff --git a/hack/containerd.spec b/hack/containerd.spec -index f8d9084..f39c57a 100644 ---- a/hack/containerd.spec -+++ b/hack/containerd.spec -@@ -3,7 +3,7 @@ - Version: 1.2.0 - - Name: containerd --Release: 4%{?dist} -+Release: 5%{?dist} - Summary: An industry-standard container runtime - License: ASL 2.0 - URL: https://containerd.io -diff --git a/runtime/v1/shim/reaper.go b/runtime/v1/shim/reaper.go -index 10d5c30..a2b90fe 100644 ---- a/runtime/v1/shim/reaper.go -+++ b/runtime/v1/shim/reaper.go -@@ -19,8 +19,13 @@ - package shim - - import ( -+ "io/ioutil" - "os/exec" -+ "path/filepath" -+ "strconv" -+ "strings" - "sync" -+ "syscall" - "time" - - "github.com/containerd/containerd/sys" -@@ -100,6 +105,34 @@ func (m *Monitor) Wait(c *exec.Cmd, ec chan runc.Exit) (int, error) { - return -1, ErrNoSuchProcess - } - -+// WaitTimeout is used to skip the blocked command and kill the left process. -+func (m *Monitor) WaitTimeout(c *exec.Cmd, ec chan runc.Exit, sec int64) (int, error) { -+ sch := make(chan int) -+ ech := make(chan error) -+ go func() { -+ for e := range ec { -+ if e.Pid == c.Process.Pid { -+ // make sure we flush all IO -+ c.Wait() -+ m.Unsubscribe(ec) -+ sch <- e.Status -+ return -+ } -+ } -+ }() -+ select { -+ case <-time.After(time.Duration(sec) * time.Second): -+ if SameProcess(c, c.Process.Pid) { -+ syscall.Kill(c.Process.Pid, syscall.SIGKILL) -+ } -+ return 0, errors.Errorf("timeout %ds for cmd(pid= %d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) -+ case status := <-sch: -+ return status, nil -+ case err := <-ech: -+ return -1, err -+ } -+} -+ - // Subscribe to process exit changes - func (m *Monitor) Subscribe() chan runc.Exit { - c := make(chan runc.Exit, bufferSize) -@@ -116,3 +149,20 @@ func (m *Monitor) Unsubscribe(c chan runc.Exit) { - close(c) - m.Unlock() - } -+ -+func SameProcess(cmd *exec.Cmd, pid int) bool { -+ bytes, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "cmdline")) -+ if err != nil { -+ return false -+ } -+ for i := range bytes { -+ if bytes[i] == 0 { -+ bytes[i] = 32 -+ } -+ } -+ cmdline := string(bytes) -+ if strings.EqualFold(cmdline, strings.Join(cmd.Args, " ")+" ") { -+ return true -+ } -+ return false -+} -diff --git a/runtime/v2/shim/reaper_unix.go b/runtime/v2/shim/reaper_unix.go -index 10d5c30..8bd7dd1 100644 ---- a/runtime/v2/shim/reaper_unix.go -+++ b/runtime/v2/shim/reaper_unix.go -@@ -100,6 +100,10 @@ func (m *Monitor) Wait(c *exec.Cmd, ec chan runc.Exit) (int, error) { - return -1, ErrNoSuchProcess - } - -+func (m *Monitor) WaitTimeout(c *exec.Cmd, ec chan runc.Exit, sec int64) (int, error) { -+ return m.Wait(c, ec) -+} -+ - // Subscribe to process exit changes - func (m *Monitor) Subscribe() chan runc.Exit { - c := make(chan runc.Exit, bufferSize) -diff --git a/vendor/github.com/containerd/go-runc/monitor.go b/vendor/github.com/containerd/go-runc/monitor.go -index ff06a3f..2c184d2 100644 ---- a/vendor/github.com/containerd/go-runc/monitor.go -+++ b/vendor/github.com/containerd/go-runc/monitor.go -@@ -40,6 +40,7 @@ type Exit struct { - type ProcessMonitor interface { - Start(*exec.Cmd) (chan Exit, error) - Wait(*exec.Cmd, chan Exit) (int, error) -+ WaitTimeout(*exec.Cmd, chan Exit, int64) (int, error) - } - - type defaultMonitor struct { -@@ -74,3 +75,8 @@ func (m *defaultMonitor) Wait(c *exec.Cmd, ec chan Exit) (int, error) { - e := <-ec - return e.Status, nil - } -+ -+func (m *defaultMonitor) WaitTimeout(c *exec.Cmd, ec chan Exit, sec int64) (int, error) { -+ e := <-ec -+ return e.Status, nil -+} -\ No newline at end of file -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index e688881..fc64e8a 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -52,6 +52,8 @@ const ( - Text Format = "text" - // DefaultCommand is the default command for Runc - DefaultCommand = "runc" -+ execTimeout = 30 -+ createTimeout = 120 - ) - - // Runc is the client to the runc cli -@@ -155,7 +157,7 @@ func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOp - cmd.ExtraFiles = opts.ExtraFiles - - if cmd.Stdout == nil && cmd.Stderr == nil { -- data, err := cmdOutput(cmd, true) -+ data, err := cmdOutputTimeout(cmd, true, createTimeout) - if err != nil { - return fmt.Errorf("%s: %s", err, data) - } -@@ -172,7 +174,7 @@ func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOp - } - } - } -- status, err := Monitor.Wait(cmd, ec) -+ status, err := Monitor.WaitTimeout(cmd, ec, createTimeout) - if err == nil && status != 0 { - err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) - } -@@ -234,7 +236,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts - opts.Set(cmd) - } - if cmd.Stdout == nil && cmd.Stderr == nil { -- data, err := cmdOutput(cmd, true) -+ data, err := cmdOutputTimeout(cmd, true, execTimeout) - if err != nil { - return fmt.Errorf("%s: %s", err, data) - } -@@ -251,7 +253,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts - } - } - } -- status, err := Monitor.Wait(cmd, ec) -+ status, err := Monitor.WaitTimeout(cmd, ec, execTimeout) - if err == nil && status != 0 { - err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) - } -@@ -707,3 +709,24 @@ func cmdOutput(cmd *exec.Cmd, combined bool) ([]byte, error) { - - return b.Bytes(), err - } -+ -+func cmdOutputTimeout(cmd *exec.Cmd, combined bool, timeout int64) ([]byte, error) { -+ b := getBuf() -+ defer putBuf(b) -+ -+ cmd.Stdout = b -+ if combined { -+ cmd.Stderr = b -+ } -+ ec, err := Monitor.Start(cmd) -+ if err != nil { -+ return nil, err -+ } -+ -+ status, err := Monitor.WaitTimeout(cmd, ec, timeout) -+ if err == nil && status != 0 { -+ err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) -+ } -+ -+ return b.Bytes(), err -+} --- -2.7.4.3 - diff --git a/patch/0024-create-cleanup-runc-dirty-files-on-start.patch b/patch/0024-create-cleanup-runc-dirty-files-on-start.patch deleted file mode 100644 index c951ceae72231074324945ccc2a1ed6a1bec0ec6..0000000000000000000000000000000000000000 --- a/patch/0024-create-cleanup-runc-dirty-files-on-start.patch +++ /dev/null @@ -1,54 +0,0 @@ -From f96039fcd94c5bc75dcec297668418811d60e785 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Tue, 19 Feb 2019 11:53:41 +0800 -Subject: [PATCH 24/27] create: cleanup runc dirty files on start - -reason: add check before cleanup runtime dirty files. - -Change-Id: I6f218fd8d19ed65d8b13ae1ea744b80574279f83 -Signed-off-by: jingrui ---- - hack/containerd.spec | 2 +- - vendor/github.com/containerd/go-runc/runc.go | 6 +++++- - 2 files changed, 6 insertions(+), 2 deletions(-) - -diff --git a/hack/containerd.spec b/hack/containerd.spec -index f39c57a..869012a 100644 ---- a/hack/containerd.spec -+++ b/hack/containerd.spec -@@ -3,7 +3,7 @@ - Version: 1.2.0 - - Name: containerd --Release: 5%{?dist} -+Release: 6%{?dist} - Summary: An industry-standard container runtime - License: ASL 2.0 - URL: https://containerd.io -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index fc64e8a..e66ea5b 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -30,6 +30,7 @@ import ( - "strings" - "syscall" - "time" -+ "github.com/sirupsen/logrus" - - specs "github.com/opencontainers/runtime-spec/specs-go" - ) -@@ -140,7 +141,10 @@ func (o *CreateOpts) args() (out []string, err error) { - - // Create creates a new container and returns its pid if it was created successfully - func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOpts) error { -- r.Delete(context, id, &DeleteOpts{Force: true}) -+ if _, err := os.Stat(filepath.Join(r.Root, id)); err == nil { -+ logrus.Warnf("cleanup residue runtime with bundle %s root=%s", bundle, r.Root) -+ r.Delete(context, id, &DeleteOpts{Force: true}) -+ } - - args := []string{"create", "--bundle", bundle} - if opts != nil { --- -2.7.4.3 - diff --git a/patch/0025-restore-skip-load-task-in-creating.patch b/patch/0025-restore-skip-load-task-in-creating.patch deleted file mode 100644 index 143f1c4e466d080c45ebe5f1951cb458f443df5c..0000000000000000000000000000000000000000 --- a/patch/0025-restore-skip-load-task-in-creating.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 869ceecb455640da5e90f7827f75275665e93e95 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 23 Feb 2019 15:51:24 +0800 -Subject: [PATCH 25/27] restore: skip load task in creating - -load task in creating will stuck containerd restore process. - -Change-Id: I2f8b77a88d78597ef2be5122708fc8ab16fad956 -Signed-off-by: jingrui ---- - runtime/v1/linux/runtime.go | 5 ++--- - runtime/v1/shim/service.go | 6 ++++++ - 2 files changed, 8 insertions(+), 3 deletions(-) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index add4d52..5647f94 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -353,7 +353,6 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - continue - } - id := path.Name() -- log.G(ctx).Infof("load-task %s", id) - bundle := loadBundle( - id, - filepath.Join(r.state, ns, id), -@@ -361,6 +360,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - ) - ctx = namespaces.WithNamespace(ctx, ns) - pid, _ := runc.ReadPidFile(filepath.Join(bundle.path, proc.InitPidFile)) -+ log.G(ctx).Infof("load-task %s/%s/%s Pid=%d", r.state, ns, id, pid) - s, err := bundle.NewShimClient(ctx, ns, ShimConnect(r.config, func() { - err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid) - if err != nil { -@@ -426,8 +426,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - continue - } - if pid <= 0 { -- _, err := t.DeleteForce(ctx, 0) -- log.G(ctx).Warnf("delete force %s Pid=%d error=%v", id, pid, err) -+ log.G(ctx).Warnf("skip load task in creating %s", id) - continue - } - if _, err := os.Stat(filepath.Join(bundle.path, proc.InitExit)); err == nil { -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index a2eb35b..d7fdcaf 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -26,6 +26,7 @@ import ( - "os" - "path/filepath" - "sync" -+ "time" - - "github.com/containerd/console" - eventstypes "github.com/containerd/containerd/api/events" -@@ -140,9 +141,14 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ * - rootfs := filepath.Join(r.Bundle, "rootfs") - defer func() { - if err != nil { -+ logrus.Errorf("create init %s failed error=%v", r.ID, err) - if err2 := mount.UnmountAll(rootfs, 0); err2 != nil { - log.G(ctx).WithError(err2).Warn("Failed to cleanup rootfs mount") - } -+ go func() { -+ time.Sleep(10*time.Second) -+ os.Exit(0) -+ }() - } - }() - for _, rm := range mounts { --- -2.7.4.3 - diff --git a/patch/0026-exit-optimize-init.exit-record.patch b/patch/0026-exit-optimize-init.exit-record.patch deleted file mode 100644 index 80eaae2a207b3a7fda5ca31efbb65880c265137c..0000000000000000000000000000000000000000 --- a/patch/0026-exit-optimize-init.exit-record.patch +++ /dev/null @@ -1,96 +0,0 @@ -From c26316153098e72a9b30668befc36fcfcba3b76f Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 23 Feb 2019 15:55:21 +0800 -Subject: [PATCH 26/27] exit: optimize init.exit record - -Change-Id: If1319f7d87defed16d1113337957f36b7320e9b9 -Signed-off-by: jingrui ---- - events/exit.go | 21 +++++++++++++++++++++ - runtime/v1/linux/proc/init.go | 1 - - runtime/v1/linux/runtime.go | 2 +- - runtime/v1/shim/service.go | 2 +- - 4 files changed, 23 insertions(+), 3 deletions(-) - -diff --git a/events/exit.go b/events/exit.go -index e1ce089..772dc24 100644 ---- a/events/exit.go -+++ b/events/exit.go -@@ -7,11 +7,13 @@ import ( - "path/filepath" - "strconv" - "strings" -+ - "github.com/sirupsen/logrus" - ) - - const ExitDir = "/var/run/docker/containerd/exit" - const ExitStatusDefault = 137 -+const InitExit = "init.exit" - - func ExitFile(cid string, pid uint32, status uint32) string { - return fmt.Sprintf("%s.%d.%d", cid, pid, status) -@@ -77,3 +79,22 @@ func ExitPending(ns string, cid string, pid uint32) bool { - } - return false - } -+ -+func InitExitWrite(bundle string, pid int) { -+ if _, err := os.Stat(bundle); err != nil { -+ logrus.Infof("skip write init.exit %s error=%v", bundle, err) -+ return -+ } -+ err := ioutil.WriteFile(filepath.Join(bundle, InitExit), []byte(fmt.Sprintf("%d", pid)), 0600) -+ if err != nil { -+ logrus.Infof("failed write init.exit error=%s", bundle, err) -+ } -+} -+ -+func InitExitExist(bundle string) bool { -+ if _, err := os.Stat(filepath.Join(bundle, InitExit)); err == nil { -+ return true -+ } -+ return false -+} -+ -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index caa31c3..5b23671 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -43,7 +43,6 @@ import ( - - // InitPidFile name of the file that contains the init pid - const InitPidFile = "init.pid" --const InitExit = "init.exit" - - // Init represents an initial process for a container - type Init struct { -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 5647f94..e92904e 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -429,7 +429,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - log.G(ctx).Warnf("skip load task in creating %s", id) - continue - } -- if _, err := os.Stat(filepath.Join(bundle.path, proc.InitExit)); err == nil { -+ if events.InitExitExist(bundle.path) { - if !events.ExitPending(ns, t.id, uint32(pid)) { - events.ExitAddFile(ns, events.ExitFile(t.id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") - } -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index d7fdcaf..f421fde 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -513,7 +513,7 @@ func (s *Service) checkProcesses(e runc.Exit) { - if ip, ok := p.(*proc.Init); ok { - ns := filepath.Base(filepath.Dir(ip.Bundle)) - events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") -- ioutil.WriteFile(filepath.Join(ip.Bundle, proc.InitExit), []byte(fmt.Sprintf("%d", e.Pid)), 0600) -+ events.InitExitWrite(ip.Bundle, e.Pid) - } - if shouldKillAll { - if ip, ok := p.(*proc.Init); ok { --- -2.7.4.3 - diff --git a/patch/0027-log-make-tester-happy.patch b/patch/0027-log-make-tester-happy.patch deleted file mode 100644 index f3e9295492002463ffeb8f7cf2f1ef53cdb5fea8..0000000000000000000000000000000000000000 --- a/patch/0027-log-make-tester-happy.patch +++ /dev/null @@ -1,48 +0,0 @@ -From a275b359b2e85d8f353eab12d538a94609171918 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 23 Feb 2019 18:32:00 +0800 -Subject: [PATCH 27/27] log: make tester happy - -reason: make tester happy -+ check_docker_error /tmp/tmp_11955/log2 b3357887148bc59212d30dba46d3eea9490cfe94594fa00aa7706c7addb92d91 -+ grep docker /tmp/tmp_11955/log2 -+ grep error -+ grep b3357887148bc59212d30dba46d3eea9490cfe94594fa00aa7706c7addb92d91 -+ grep -w 'container did not start before the specified timeout' - -Change-Id: Iddd40bd42212bf09f52c17f28119a6b5364f4de7 -Signed-off-by: jingrui ---- - hack/containerd.spec | 2 +- - runtime/v1/shim/reaper.go | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hack/containerd.spec b/hack/containerd.spec -index 869012a..05f68c7 100644 ---- a/hack/containerd.spec -+++ b/hack/containerd.spec -@@ -3,7 +3,7 @@ - Version: 1.2.0 - - Name: containerd --Release: 6%{?dist} -+Release: 7%{?dist} - Summary: An industry-standard container runtime - License: ASL 2.0 - URL: https://containerd.io -diff --git a/runtime/v1/shim/reaper.go b/runtime/v1/shim/reaper.go -index a2b90fe..529a533 100644 ---- a/runtime/v1/shim/reaper.go -+++ b/runtime/v1/shim/reaper.go -@@ -125,7 +125,7 @@ func (m *Monitor) WaitTimeout(c *exec.Cmd, ec chan runc.Exit, sec int64) (int, e - if SameProcess(c, c.Process.Pid) { - syscall.Kill(c.Process.Pid, syscall.SIGKILL) - } -- return 0, errors.Errorf("timeout %ds for cmd(pid= %d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) -+ return 0, errors.Errorf("container did not start before the specified timeout %ds for cmd(pid=%d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) - case status := <-sch: - return status, nil - case err := <-ech: --- -2.7.4.3 - diff --git a/patch/0028-restore-delete-task-in-containerd-restoring.patch b/patch/0028-restore-delete-task-in-containerd-restoring.patch deleted file mode 100644 index e5b36a121f93de21e42253e8e67607930d399861..0000000000000000000000000000000000000000 --- a/patch/0028-restore-delete-task-in-containerd-restoring.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 1130a0bc101c3f59c99eb850b24d0799c216d677 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Fri, 22 Mar 2019 21:22:08 +0800 -Subject: [PATCH] restore: delete task in containerd restoring - -reason: delete task quickly when containerd is restoring to avoid container restart fail. - -Change-Id: Ide5e8c9bbd873addc6c35b9604e4cda03ca78b5e -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/runtime.go | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index e92904e..2a45aaa 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -426,7 +426,11 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - continue - } - if pid <= 0 { -- log.G(ctx).Warnf("skip load task in creating %s", id) -+ go func() { -+ log.G(ctx).Infof("del task in creating %s", id) -+ t.DeleteForce(ctx, uint32(pid)) -+ log.G(ctx).Infof("del task in creating %s done", id) -+ }() - continue - } - if events.InitExitExist(bundle.path) { --- -1.8.3.1 - diff --git a/patch/0029-restore-delete-task-asynchronously.patch b/patch/0029-restore-delete-task-asynchronously.patch deleted file mode 100644 index 2d3dc90dda0b62347a1d65545baf89cb80b68512..0000000000000000000000000000000000000000 --- a/patch/0029-restore-delete-task-asynchronously.patch +++ /dev/null @@ -1,35 +0,0 @@ -From de14f9d00033a9596823e0ea953437f5f244cb74 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Sat, 23 Mar 2019 07:18:57 +0800 -Subject: [PATCH] restore: delete task asynchronously - -reason: set delete task to asynchronous to avoid containerd be killed when delete is blocking. - testCE_docker_hook_spec_ABN.059.sh - -Change-Id: I5fae8e60987b9617a835ea07710ca3c842efab14 -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/runtime.go | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 2a45aaa..cca72fe 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -437,8 +437,11 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - if !events.ExitPending(ns, t.id, uint32(pid)) { - events.ExitAddFile(ns, events.ExitFile(t.id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") - } -- _, err := t.DeleteForce(ctx, uint32(pid)) -- log.G(ctx).Warnf("delete force %s Pid=%d(exiting) error=%v", id, pid, err) -+ go func(){ -+ log.G(ctx).Infof("delete force %s start, Pid=%d(exiting)", id, pid) -+ _, err := t.DeleteForce(ctx, uint32(pid)) -+ log.G(ctx).Infof("delete force %s done, Pid=%d(exiting) error=%v", id, pid, err) -+ }() - continue - } - log.G(ctx).Infof("load-task %s Pid=%d done", id, pid) --- -1.8.3.1 - diff --git a/patch/0030-event-fix-events-lost-when-loadTask-failed.patch b/patch/0030-event-fix-events-lost-when-loadTask-failed.patch deleted file mode 100644 index 959460d2b6d00a533ed6566133081dd15aad8307..0000000000000000000000000000000000000000 --- a/patch/0030-event-fix-events-lost-when-loadTask-failed.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 375689497320d105aa2ed026710e20d9b0bd2a72 Mon Sep 17 00:00:00 2001 -From: jiangpengfei9 -Date: Mon, 1 Apr 2019 13:08:50 -0400 -Subject: [PATCH] event: fix events lost when loadTask failed - -reason: If containerd-shim and containerd process is killed, container will exit, -however containerd exit event which generates when containerd restart to reload -tasks can not publish to dockerd, because at the time of loading tasks the connection -between dockerd and containerd isn't established. - -So we add this unpublish exit event to file and resend this event after grpc connection -is established. - -Signed-off-by: jiangpengfei9 ---- - runtime/v1/linux/runtime.go | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index cca72fe..af823b2 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -373,6 +373,9 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - "id": id, - "namespace": ns, - }).Error("connecting to shim") -+ if !events.ExitPending(ns, id, uint32(pid)) { -+ events.ExitAddFile(ns, events.ExitFile(id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") -+ } - err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid) - if err != nil { - log.G(ctx).WithError(err).WithField("bundle", bundle.path). -@@ -388,6 +391,9 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - "id": id, - "namespace": ns, - }).Error("contacting to shim") -+ if !events.ExitPending(ns, id, uint32(pid)) { -+ events.ExitAddFile(ns, events.ExitFile(id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") -+ } - err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid) - if err != nil { - log.G(ctx).WithError(err).WithField("bundle", bundle.path). --- -1.8.3.1 - diff --git a/patch/0031-containerd-enable-relro-flags.patch b/patch/0031-containerd-enable-relro-flags.patch deleted file mode 100644 index 2ee4f4b6294a90ee58cfc7acf89966571c9a3b7d..0000000000000000000000000000000000000000 --- a/patch/0031-containerd-enable-relro-flags.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 2db6e4cda2e042fab327493c0fa095723d7c0352 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Mon, 15 Apr 2019 10:58:07 +0800 -Subject: [PATCH] containerd: enable relro flags - -Change-Id: I5f32e7bf794842a14e1644f7aa3115a65b1bc698 -Signed-off-by: jingrui ---- - Makefile | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index e38dfb38..921b2d50 100644 ---- a/Makefile -+++ b/Makefile -@@ -77,7 +77,8 @@ MANPAGES=ctr.1 containerd.1 containerd-config.1 containerd-config.toml.5 - # Build tags seccomp and apparmor are needed by CRI plugin. - BUILDTAGS ?= seccomp apparmor - GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",) --GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' -+GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' \ -+ -ldflags=-extldflags=-zrelro -ldflags=-extldflags=-znow - SHIM_GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' - - #Replaces ":" (*nix), ";" (windows) with newline for easy parsing --- -2.17.1 - diff --git a/patch/0032-containerd-enable-bep-ldflags.patch b/patch/0032-containerd-enable-bep-ldflags.patch deleted file mode 100644 index e557af1c8b8c34dbb88daf8612cbce5b6b7064a3..0000000000000000000000000000000000000000 --- a/patch/0032-containerd-enable-bep-ldflags.patch +++ /dev/null @@ -1,45 +0,0 @@ -From da6ea77f9f47c740fe85e7e4d34889e131135b81 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Mon, 15 Apr 2019 23:44:55 +0800 -Subject: [PATCH] containerd: enable bep ldflags - -Change-Id: I820b100aa1420fc399878a905de14fb6a25ca1a4 -Signed-off-by: jingrui ---- - Makefile | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/Makefile b/Makefile -index 921b2d50..612330b4 100644 ---- a/Makefile -+++ b/Makefile -@@ -77,9 +77,12 @@ MANPAGES=ctr.1 containerd.1 containerd-config.1 containerd-config.toml.5 - # Build tags seccomp and apparmor are needed by CRI plugin. - BUILDTAGS ?= seccomp apparmor - GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",) --GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' \ -- -ldflags=-extldflags=-zrelro -ldflags=-extldflags=-znow --SHIM_GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' -+ -+BEP_DIR=/tmp/containerd-build-bep -+BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep -+ -+GO_LDFLAGS=-ldflags '-s -w -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' -+SHIM_GO_LDFLAGS=-ldflags '-s -w $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' - - #Replaces ":" (*nix), ";" (windows) with newline for easy parsing - GOPATHS=$(shell echo ${GOPATH} | tr ":" "\n" | tr ";" "\n") -@@ -166,8 +169,9 @@ FORCE: - - # Build a binary from a cmd. - bin/%: cmd/% FORCE -+ mkdir -p $(BEP_DIR) - @echo "$(WHALE) $@${BINARY_SUFFIX}" -- @go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< -+ go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< - - bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim" --- -2.17.1 - diff --git a/patch/0033-containerd-fix-opened-file-not-close.patch b/patch/0033-containerd-fix-opened-file-not-close.patch deleted file mode 100644 index 8ba547cc5f0dd79f1f74d49902b9c09bdfb58162..0000000000000000000000000000000000000000 --- a/patch/0033-containerd-fix-opened-file-not-close.patch +++ /dev/null @@ -1,28 +0,0 @@ -From b5806942e2938d4800298df276f1a095b859bacb Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Fri, 19 Apr 2019 22:05:18 +0800 -Subject: [PATCH] containerd: fix opened file not close - -reason: fix opened file not close - -Change-Id: I69f53255eabd3dd2e87a61ba963fa8027870e014 -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/proc/utils.go | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/runtime/v1/linux/proc/utils.go b/runtime/v1/linux/proc/utils.go -index 3d0334c..ab9f5fa 100644 ---- a/runtime/v1/linux/proc/utils.go -+++ b/runtime/v1/linux/proc/utils.go -@@ -41,6 +41,7 @@ func getLastRuntimeError(r *runc.Runc) (string, error) { - if err != nil { - return "", err - } -+ defer f.Close() - - var ( - errMsg string --- -1.8.3.1 - diff --git a/patch/0034-containerd-add-buildid-in-Makefile.patch b/patch/0034-containerd-add-buildid-in-Makefile.patch deleted file mode 100644 index 8d92ee0d6811d610b052353893718b771d14858d..0000000000000000000000000000000000000000 --- a/patch/0034-containerd-add-buildid-in-Makefile.patch +++ /dev/null @@ -1,28 +0,0 @@ -From e61f2c1664c91b5c8a8cb48641002c7c471c1d45 Mon Sep 17 00:00:00 2001 -From: zhangyu235 -Date: Tue, 23 Apr 2019 12:24:50 +0800 -Subject: [PATCH] containerd: add buildid in Makefile - -Change-Id: I1c2ff035db2a02d125139b9ff170f91e81181541 ---- - Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile b/Makefile -index 612330b..a400899 100644 ---- a/Makefile -+++ b/Makefile -@@ -81,8 +81,8 @@ GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",) - BEP_DIR=/tmp/containerd-build-bep - BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep - --GO_LDFLAGS=-ldflags '-s -w -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' --SHIM_GO_LDFLAGS=-ldflags '-s -w $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' -+GO_LDFLAGS=-ldflags '-s -w -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' -+SHIM_GO_LDFLAGS=-ldflags '-s -w -buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' - - #Replaces ":" (*nix), ";" (windows) with newline for easy parsing - GOPATHS=$(shell echo ${GOPATH} | tr ":" "\n" | tr ";" "\n") --- -2.7.4.3 - diff --git a/patch/0035-containerd-fix-the-path-of-containerd.spec-in.patch b/patch/0035-containerd-fix-the-path-of-containerd.spec-in.patch deleted file mode 100644 index 0f7659a2bdf021bd3ac38a1f709608acc71c1ee3..0000000000000000000000000000000000000000 --- a/patch/0035-containerd-fix-the-path-of-containerd.spec-in.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 8f97c7a7353c05a8b64ef9ee522ee62fba66a608 Mon Sep 17 00:00:00 2001 -From: zhangyu235 -Date: Sun, 5 May 2019 19:50:56 +0800 -Subject: [PATCH] containerd: fix the path of containerd.spec in - Makefile - -Change-Id: I4ec87e5ddf256574513f977e53e4bdf050e0169c -Signed-off-by: zhangyu235 ---- - Makefile | 2 +- - hack/containerd.spec | 46 ---------------------------------------------- - 2 files changed, 1 insertion(+), 47 deletions(-) - delete mode 100644 hack/containerd.spec - -diff --git a/Makefile b/Makefile -index a400899..5de5cf7 100644 ---- a/Makefile -+++ b/Makefile -@@ -20,7 +20,7 @@ ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST)))) - DESTDIR=/usr/local - - # Used to populate variables in version package. --VERSION=$(shell echo version:)$(shell grep '^Version' ${ROOTDIR}/hack/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/').$(shell grep '^Release:' ${ROOTDIR}/hack/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/') -+VERSION=$(shell echo version:)$(shell grep '^Version' ${ROOTDIR}/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/').$(shell grep '^Release:' ${ROOTDIR}/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/') - REVISION=$(shell echo commit:)$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi) - - ifneq "$(strip $(shell command -v go 2>/dev/null))" "" -diff --git a/hack/containerd.spec b/hack/containerd.spec -deleted file mode 100644 -index 05f68c7..0000000 ---- a/hack/containerd.spec -+++ /dev/null -@@ -1,46 +0,0 @@ --%global goipath github.com/containerd/containerd --%global debug_package %{nil} --Version: 1.2.0 -- --Name: containerd --Release: 7%{?dist} --Summary: An industry-standard container runtime --License: ASL 2.0 --URL: https://containerd.io --Source0: containerd-1.2.0.tar.gz -- --BuildRequires: golang glibc-static make --BuildRequires: btrfs-progs-devel -- -- --%description --containerd is an industry-standard container runtime with an emphasis on --simplicity, robustness and portability. It is available as a daemon for Linux --and Windows, which can manage the complete container lifecycle of its host --system: image transfer and storage, container execution and supervision, --low-level storage and network attachments, etc. -- -- --%prep --%setup -c -n containerd -- --%build --GO_BUILD_PATH=$PWD/_build --install -m 0755 -vd $(dirname $GO_BUILD_PATH/src/%{goipath}) --ln -fs $PWD $GO_BUILD_PATH/src/%{goipath} --cd $GO_BUILD_PATH/src/%{goipath} --export GOPATH=$GO_BUILD_PATH:%{gopath} --export BUILDTAGS="no_btrfs no_cri" --make -- --%install --install -d $RPM_BUILD_ROOT/%{_bindir} --install -p -m 755 bin/containerd $RPM_BUILD_ROOT/%{_bindir}/containerd --install -p -m 755 bin/containerd-shim $RPM_BUILD_ROOT/%{_bindir}/containerd-shim -- --%files --%{_bindir}/containerd --%{_bindir}/containerd-shim -- -- --%changelog --- -2.7.4.3 - diff --git a/patch/0036-containerd-support-container-start-timeout-se.patch b/patch/0036-containerd-support-container-start-timeout-se.patch deleted file mode 100644 index 40c531000df970cdbeb258890a9ce075c18e085e..0000000000000000000000000000000000000000 --- a/patch/0036-containerd-support-container-start-timeout-se.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 1980e34108cf2fab407c4e0b45cb07fc06e15642 Mon Sep 17 00:00:00 2001 -From: lixiang172 -Date: Thu, 9 May 2019 21:36:56 +0800 -Subject: [PATCH] containerd: support container start timeout setting - -Change-Id: I8c958a1c16ed6c7a86e4c6299ad1ef81c7476120 -Signed-off-by: lixiang172 ---- - vendor/github.com/containerd/go-runc/runc.go | 24 ++++++++++++++++++++++-- - 1 file changed, 22 insertions(+), 2 deletions(-) - -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index e66ea5b..6323bf2 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -30,9 +30,9 @@ import ( - "strings" - "syscall" - "time" -- "github.com/sirupsen/logrus" - - specs "github.com/opencontainers/runtime-spec/specs-go" -+ "github.com/sirupsen/logrus" - ) - - // Format is the type of log formatting options avaliable -@@ -54,7 +54,10 @@ const ( - // DefaultCommand is the default command for Runc - DefaultCommand = "runc" - execTimeout = 30 -- createTimeout = 120 -+) -+ -+var ( -+ createTimeout int64 = 120 - ) - - // Runc is the client to the runc cli -@@ -72,6 +75,15 @@ type Runc struct { - Rootless *bool // nil stands for "auto" - } - -+func init() { -+ runtimeTimeout, err := convertTime(os.Getenv("DOCKER_RUNTIME_START_TIMEOUT")) -+ if err != nil { -+ logrus.Warnf("init error, wrong runtimeTimeout format: %v", err) -+ } else { -+ createTimeout = runtimeTimeout -+ } -+} -+ - // List returns all containers created inside the provided runc root directory - func (r *Runc) List(context context.Context) ([]*Container, error) { - data, err := cmdOutput(r.command(context, "list", "--format=json"), false) -@@ -734,3 +746,11 @@ func cmdOutputTimeout(cmd *exec.Cmd, combined bool, timeout int64) ([]byte, erro - - return b.Bytes(), err - } -+ -+func convertTime(timeout string) (int64, error) { -+ timeDura, err := time.ParseDuration(timeout) -+ if err != nil { -+ return 0, err -+ } -+ return timeDura.Nanoseconds() / 1e9, nil -+} --- -1.8.3.1 - diff --git a/patch/0037-containerd-Fix-fd-leak-of-shim-log.patch b/patch/0037-containerd-Fix-fd-leak-of-shim-log.patch deleted file mode 100644 index a62144650d9d1ba92c47a7cede77601cb6c6cd7e..0000000000000000000000000000000000000000 --- a/patch/0037-containerd-Fix-fd-leak-of-shim-log.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 26c6307f1cab31105583ef22c2da8fe44a8d45e4 Mon Sep 17 00:00:00 2001 -From: zhangyu235 -Date: Fri, 17 May 2019 16:52:06 +0800 -Subject: [PATCH] containerd: Fix fd leak of shim log - -reason:Open shim v2 log with the flag `O_RDWR` will cause the `Read()` block -forever even if the pipe has been closed on the shim side. Then the -`io.Copy()` would never return and lead to a fd leak. -Fix typo when closing shim v1 log which causes the `stdouLog` leak. -Update `numPipes` function in test case to get the opened FIFO -correctly. - -Cherry-pick from upstream cf6e00854 -Reference from https://github.com/containerd/containerd/pull/3266 - -Change-Id: If83a4ca9b9ec0079ac0f0015d1f6768581571030 -Signed-off-by: Li Yuxuan -Signed-off-by: zhangyu235 ---- - container_linux_test.go | 2 +- - runtime/v1/shim/client/client.go | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/container_linux_test.go b/container_linux_test.go -index fa764d7..fdf6349 100644 ---- a/container_linux_test.go -+++ b/container_linux_test.go -@@ -329,7 +329,7 @@ func TestShimDoesNotLeakPipes(t *testing.T) { - } - - func numPipes(pid int) (int, error) { -- cmd := exec.Command("sh", "-c", fmt.Sprintf("lsof -p %d | grep pipe", pid)) -+ cmd := exec.Command("sh", "-c", fmt.Sprintf("lsof -p %d | grep FIFO", pid)) - - var stdout bytes.Buffer - cmd.Stdout = &stdout -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index ef74030..a819be6 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -96,9 +96,9 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - cmd.Wait() - exitHandler() - if stdoutLog != nil { -- stderrLog.Close() -+ stdoutLog.Close() - } -- if stdoutLog != nil { -+ if stderrLog != nil { - stderrLog.Close() - } - }() --- -2.7.4.3 - diff --git a/patch/0037-containerd-fix-shim-std-logs-not-close-after-.patch b/patch/0037-containerd-fix-shim-std-logs-not-close-after-.patch deleted file mode 100644 index 77aa6ca986033b87f5b74c4a7f29e0bbec0bbe0c..0000000000000000000000000000000000000000 --- a/patch/0037-containerd-fix-shim-std-logs-not-close-after-.patch +++ /dev/null @@ -1,59 +0,0 @@ -From d13733a390a987006bd5febb7d28a2d1c7873af2 Mon Sep 17 00:00:00 2001 -From: zhangyu235 -Date: Thu, 30 May 2019 09:27:00 +0800 -Subject: [PATCH] containerd: fix shim std logs not close after shim - exit - -reason:fix shim std logs not close after shim exit - -Change-Id: I980fb17b1d46de099b81529ea46681cf9f4bf09c -Signed-off-by: zhangyu235 ---- - runtime/v1/linux/runtime.go | 16 +++++++++++++++- - 1 file changed, 15 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index af823b2..66914fe 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -361,7 +361,9 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - ctx = namespaces.WithNamespace(ctx, ns) - pid, _ := runc.ReadPidFile(filepath.Join(bundle.path, proc.InitPidFile)) - log.G(ctx).Infof("load-task %s/%s/%s Pid=%d", r.state, ns, id, pid) -+ shimExit := make(chan struct{}) - s, err := bundle.NewShimClient(ctx, ns, ShimConnect(r.config, func() { -+ close(shimExit) - err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid) - if err != nil { - log.G(ctx).WithError(err).WithField("bundle", bundle.path). -@@ -426,6 +428,18 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - } - go io.Copy(os.Stderr, shimStderrLog) - -+ go func() { -+ select { -+ case <-shimExit: -+ if shimStdoutLog != nil { -+ shimStdoutLog.Close() -+ } -+ if shimStderrLog != nil { -+ shimStderrLog.Close() -+ } -+ } -+ }() -+ - t, err := newTask(id, ns, pid, s, r.events, r.tasks, bundle) - if err != nil { - log.G(ctx).WithError(err).Error("loading task type") -@@ -443,7 +457,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - if !events.ExitPending(ns, t.id, uint32(pid)) { - events.ExitAddFile(ns, events.ExitFile(t.id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") - } -- go func(){ -+ go func() { - log.G(ctx).Infof("delete force %s start, Pid=%d(exiting)", id, pid) - _, err := t.DeleteForce(ctx, uint32(pid)) - log.G(ctx).Infof("delete force %s done, Pid=%d(exiting) error=%v", id, pid, err) --- -2.7.4.3 - diff --git a/patch/0038-containerd-add-timeout-for-I-O-waitgroups.patch b/patch/0038-containerd-add-timeout-for-I-O-waitgroups.patch deleted file mode 100644 index 9c7e85774f8993dafc60185834ccf6ebca77daa3..0000000000000000000000000000000000000000 --- a/patch/0038-containerd-add-timeout-for-I-O-waitgroups.patch +++ /dev/null @@ -1,89 +0,0 @@ -From d886f6c03cca051b45fd77cc77d0cc870aed1aed Mon Sep 17 00:00:00 2001 -From: build -Date: Wed, 4 Sep 2019 05:21:06 -0400 -Subject: [PATCH] containerd: add timeout for I/O waitgroups - -reason: This and a combination of a couple Docker changes are needed to fully -resolve the issue on the Docker side. However, this ensures that after -processes exit, we still leave some time for the I/O to fully flush -before closing. Without this timeout, the delete methods would block -forever. - -Cherry-pick from upstream 245052243d -Reference from https://github.com/containerd/containerd/pull/3361 - -Signed-off-by: Michael Crosby ---- - runtime/v1/linux/proc/exec.go | 2 +- - runtime/v1/linux/proc/init.go | 2 +- - runtime/v1/linux/proc/utils.go | 20 ++++++++++++++++++++ - 3 files changed, 22 insertions(+), 2 deletions(-) - -diff --git a/runtime/v1/linux/proc/exec.go b/runtime/v1/linux/proc/exec.go -index 715a977..08c581f 100644 ---- a/runtime/v1/linux/proc/exec.go -+++ b/runtime/v1/linux/proc/exec.go -@@ -94,7 +94,7 @@ func (e *execProcess) setExited(status int) { - } - - func (e *execProcess) delete(ctx context.Context) error { -- e.wg.Wait() -+ waitTimeout(ctx, &e.wg, 2*time.Second) - if e.io != nil { - for _, c := range e.closers { - c.Close() -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index 44d3f58..49fa8ec 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -263,7 +263,7 @@ func (p *Init) setExited(status int) { - } - - func (p *Init) delete(context context.Context) error { -- p.wg.Wait() -+ waitTimeout(context, &p.wg, 2*time.Second) - err := p.runtime.Delete(context, p.id, nil) - // ignore errors if a runtime has already deleted the process - // but we still hold metadata and pipes -diff --git a/runtime/v1/linux/proc/utils.go b/runtime/v1/linux/proc/utils.go -index ab9f5fa..d6f047c 100644 ---- a/runtime/v1/linux/proc/utils.go -+++ b/runtime/v1/linux/proc/utils.go -@@ -19,10 +19,12 @@ - package proc - - import ( -+ "context" - "encoding/json" - "io" - "os" - "strings" -+ "sync" - "time" - - "github.com/containerd/containerd/errdefs" -@@ -103,3 +105,21 @@ func checkKillError(err error) error { - func hasNoIO(r *CreateConfig) bool { - return r.Stdin == "" && r.Stdout == "" && r.Stderr == "" - } -+ -+// waitTimeout handles waiting on a waitgroup with a specified timeout. -+// this is commonly used for waiting on IO to finish after a process has exited -+func waitTimeout(ctx context.Context, wg *sync.WaitGroup, timeout time.Duration) error { -+ ctx, cancel := context.WithTimeout(ctx, timeout) -+ defer cancel() -+ done := make(chan struct{}, 1) -+ go func() { -+ wg.Wait() -+ close(done) -+ }() -+ select { -+ case <-done: -+ return nil -+ case <-ctx.Done(): -+ return ctx.Err() -+ } -+} --- -2.20.1 - diff --git a/patch/0038-containerd-support-kill-D-state-container.patch b/patch/0038-containerd-support-kill-D-state-container.patch deleted file mode 100644 index bc94d1f487565867f281bbdc844c2ffcd190c7a0..0000000000000000000000000000000000000000 --- a/patch/0038-containerd-support-kill-D-state-container.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 8ab02b5aecb0fa04ad747988d838e1c4de535222 Mon Sep 17 00:00:00 2001 -From: Jing Rui -Date: Tue, 18 Jun 2019 00:12:41 +0800 -Subject: [PATCH] containerd: support kill D state container - -Change-Id: I057553f2b8d3f57b71e5ea79930067bb7071e524 -Signed-off-by: Jing Rui ---- - runtime/v1/shim/service.go | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index f421fdef..8adaf35b 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -26,6 +26,7 @@ import ( - "os" - "path/filepath" - "sync" -+ "syscall" - "time" - - "github.com/containerd/console" -@@ -366,11 +367,30 @@ func (s *Service) Resume(ctx context.Context, r *ptypes.Empty) (*ptypes.Empty, e - - // Kill a process with the provided signal - func (s *Service) Kill(ctx context.Context, r *shimapi.KillRequest) (*ptypes.Empty, error) { -+ delayKill := func(p rproc.Process) { -+ if s.id != p.ID() || r.Signal != uint32(syscall.SIGKILL) { -+ return -+ } -+ -+ for i := 1; i < 5; i++ { -+ time.Sleep(10 * time.Second) -+ err := p.Kill(ctx, r.Signal, r.All) -+ logrus.Infof("delay kill %s retry %d error=%v", s.id, i, err) -+ } -+ -+ logrus.Infof("force exit shim %s ...", s.id) -+ p.SetExited(137) -+ err := p.Delete(ctx) -+ logrus.Infof("force exit shim %s error=%v", s.id, err) -+ os.Exit(0) -+ } -+ - if r.ID == "" { - p, err := s.getInitProcess() - if err != nil { - return nil, err - } -+ go delayKill(p) - if err := p.Kill(ctx, r.Signal, r.All); err != nil { - return nil, errdefs.ToGRPC(err) - } -@@ -381,6 +401,7 @@ func (s *Service) Kill(ctx context.Context, r *shimapi.KillRequest) (*ptypes.Emp - if err != nil { - return nil, err - } -+ go delayKill(p) - if err := p.Kill(ctx, r.Signal, r.All); err != nil { - return nil, errdefs.ToGRPC(err) - } --- -2.17.1 - diff --git a/patch/0039-containerd-fix-shouldKillAllOnExit-check.patch b/patch/0039-containerd-fix-shouldKillAllOnExit-check.patch deleted file mode 100644 index 1f894bf3b2841d07b20a31ecf70a4901246337c2..0000000000000000000000000000000000000000 --- a/patch/0039-containerd-fix-shouldKillAllOnExit-check.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7741b1a960799b1724e92d23c6b2d9473ca71fee Mon Sep 17 00:00:00 2001 -From: liuzekun -Date: Thu, 31 Oct 2019 23:25:40 -0400 -Subject: [PATCH] containerd: fix shouldKillAllOnExit check - -reason: fix shouldKillAllOnExit check -v1 https://github.com/containerd/containerd/commit/fa5f744a790356472d4649b9ad1d955e36d0c7c0 -v2 https://github.com/containerd/containerd/commit/872296642ac395acbc4344f529fcf4c6fddb5de2 -Signed-off-by: Lifubang ---- - runtime/v1/shim/service.go | 2 +- - runtime/v2/runc/service.go | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index ac545ea..88f7e0d 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -578,7 +578,7 @@ func shouldKillAllOnExit(bundlePath string) (bool, error) { - - if bundleSpec.Linux != nil { - for _, ns := range bundleSpec.Linux.Namespaces { -- if ns.Type == specs.PIDNamespace { -+ if ns.Type == specs.PIDNamespace && ns.Path == "" { - return false, nil - } - } -diff --git a/runtime/v2/runc/service.go b/runtime/v2/runc/service.go -index e37fb29..82beb8d 100644 ---- a/runtime/v2/runc/service.go -+++ b/runtime/v2/runc/service.go -@@ -680,7 +680,7 @@ func shouldKillAllOnExit(bundlePath string) (bool, error) { - - if bundleSpec.Linux != nil { - for _, ns := range bundleSpec.Linux.Namespaces { -- if ns.Type == specs.PIDNamespace { -+ if ns.Type == specs.PIDNamespace && ns.Path == "" { - return false, nil - } - } --- -2.20.1 - diff --git a/patch/0039-containerd-modify-containerd-shim-to-ad.patch b/patch/0039-containerd-modify-containerd-shim-to-ad.patch deleted file mode 100644 index e475ee3ec0132917910c88370365b110da85b992..0000000000000000000000000000000000000000 --- a/patch/0039-containerd-modify-containerd-shim-to-ad.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 5eef82c3c41eabb532cd7520acf7e8587b76d8b5 Mon Sep 17 00:00:00 2001 -From: jiangpengfei -Date: Wed, 10 Jul 2019 15:07:46 -0400 -Subject: [PATCH] containerd: modify containerd-shim to adapt runv - runtime - -reason: containerd-shim pass a too long runtime root path to runv runtime, which cause hyperstartgrpc.sock -file absolute path exceed the max length of Unix Socket(max length is 108). - -Signed-off-by: jiangpengfei ---- - runtime/v1/linux/proc/init.go | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index 5b23671..d464147 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -44,6 +44,9 @@ import ( - // InitPidFile name of the file that contains the init pid - const InitPidFile = "init.pid" - -+// Default runv runtime root dir -+const defaultRunvRoot = "/run/runv" -+ - // Init represents an initial process for a container - type Init struct { - wg sync.WaitGroup -@@ -83,12 +86,18 @@ func NewRunc(root, path, namespace, runtime, criu string, systemd bool) *runc.Ru - if root == "" { - root = RuncRoot - } -+ -+ rootPath := filepath.Join(root, namespace) -+ if strings.Contains(runtime, "runv") { -+ rootPath = defaultRunvRoot -+ } -+ - return &runc.Runc{ - Command: runtime, - Log: filepath.Join(path, "log.json"), - LogFormat: runc.JSON, - PdeathSignal: syscall.SIGKILL, -- Root: filepath.Join(root, namespace), -+ Root: rootPath, - Criu: criu, - SystemdCgroup: systemd, - } --- -1.8.3.1 - diff --git a/patch/0040-containerd-add-shim-exit-when-bundle-dir-does.patch b/patch/0040-containerd-add-shim-exit-when-bundle-dir-does.patch deleted file mode 100644 index b266393a4fc44c766ca879f8b592edea8ca33aef..0000000000000000000000000000000000000000 --- a/patch/0040-containerd-add-shim-exit-when-bundle-dir-does.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 07605707cce769e4f4c79b700586b5c59ec0b15a Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Sat, 13 Jul 2019 06:32:54 +0800 -Subject: [PATCH] containerd: add shim exit when bundle dir does not - exist - -reason: when bundle dir is deleted, containerd-shim should exit to avoid -shim.sock is occupied when container restart next time. - -Change-Id: I956412598e17d15f25b91afe1cbb9e24463f04be -Signed-off-by: xiadanni1 ---- - runtime/v1/shim/service.go | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 8adaf35..ac545ea 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -141,13 +141,23 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ * - } - rootfs := filepath.Join(r.Bundle, "rootfs") - defer func() { -+ go func() { -+ for i := 0; i < 60; i++ { -+ time.Sleep(time.Second) -+ _, err := os.Stat(r.Bundle) -+ if os.IsNotExist(err) { -+ logrus.Errorf("bundle dir: %v does not exist, containerd-shim exit", r.Bundle) -+ os.Exit(0) -+ } -+ } -+ }() - if err != nil { - logrus.Errorf("create init %s failed error=%v", r.ID, err) - if err2 := mount.UnmountAll(rootfs, 0); err2 != nil { - log.G(ctx).WithError(err2).Warn("Failed to cleanup rootfs mount") - } - go func() { -- time.Sleep(10*time.Second) -+ time.Sleep(10 * time.Second) - os.Exit(0) - }() - } --- -1.8.3.1 - diff --git a/patch/0041-containerd-fix-containerd-call-runv-delete-directly.patch b/patch/0041-containerd-fix-containerd-call-runv-delete-directly.patch deleted file mode 100644 index 910cb601853196ba1b16fd26aad9e20c122d5bc2..0000000000000000000000000000000000000000 --- a/patch/0041-containerd-fix-containerd-call-runv-delete-directly.patch +++ /dev/null @@ -1,80 +0,0 @@ -From be9c04e9a90be92437c12ce90c8ff6d4ec1d83b3 Mon Sep 17 00:00:00 2001 -From: jiangpengfei -Date: Thu, 18 Jul 2019 07:57:52 -0400 -Subject: [PATCH] containerd: fix containerd call runv delete directly - use wrong --root parameters - -reason: When containerd-shim process is killed abnormaly, containerd will exec runv -delete command directly, however it will use the wrong --root parameters which is not -compatible with runv runtime. - -Signed-off-by: jiangpengfei ---- - runtime/v1/linux/proc/init.go | 4 ++-- - runtime/v1/linux/runtime.go | 10 +++++++++- - 2 files changed, 11 insertions(+), 3 deletions(-) - -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index d464147..44d3f58 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -45,7 +45,7 @@ import ( - const InitPidFile = "init.pid" - - // Default runv runtime root dir --const defaultRunvRoot = "/run/runv" -+const DefaultRunvRoot = "/run/runv" - - // Init represents an initial process for a container - type Init struct { -@@ -89,7 +89,7 @@ func NewRunc(root, path, namespace, runtime, criu string, systemd bool) *runc.Ru - - rootPath := filepath.Join(root, namespace) - if strings.Contains(runtime, "runv") { -- rootPath = defaultRunvRoot -+ rootPath = DefaultRunvRoot - } - - return &runc.Runc{ -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 66914fe..f8e3074 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -25,6 +25,7 @@ import ( - "io/ioutil" - "os" - "path/filepath" -+ "strings" - "time" - - eventstypes "github.com/containerd/containerd/api/events" -@@ -506,6 +507,7 @@ func (r *Runtime) terminate(ctx context.Context, bundle *bundle, ns, id string) - if err != nil { - return err - } -+ - if err := rt.Delete(ctx, id, &runc.DeleteOpts{ - Force: true, - }); err != nil { -@@ -539,11 +541,17 @@ func (r *Runtime) getRuntime(ctx context.Context, ns, id string) (*runc.Runc, er - } - } - -+ rootPath := filepath.Join(root, ns) -+ -+ if strings.Contains(cmd, "runv") { -+ rootPath = proc.DefaultRunvRoot -+ } -+ - return &runc.Runc{ - Command: cmd, - LogFormat: runc.JSON, - PdeathSignal: unix.SIGKILL, -- Root: filepath.Join(root, ns), -+ Root: rootPath, - Debug: r.config.ShimDebug, - }, nil - } --- -1.8.3.1 - diff --git a/patch/0042-containerd-close-inherit-shim.sock-fd-to-adap.patch b/patch/0042-containerd-close-inherit-shim.sock-fd-to-adap.patch deleted file mode 100644 index 73af8e46aee4efa1745a8c5c3a06c2cf95e3630c..0000000000000000000000000000000000000000 --- a/patch/0042-containerd-close-inherit-shim.sock-fd-to-adap.patch +++ /dev/null @@ -1,34 +0,0 @@ -From dcef6fcbdc78f7e9c14bdcd58e79d3eac8bc1c1b Mon Sep 17 00:00:00 2001 -From: jiangpengfei -Date: Thu, 18 Jul 2019 15:44:12 -0400 -Subject: [PATCH] containerd: close inherit shim.sock fd to adapt runv - -reason: runv create prcess is created by containerd-shim process and will -inherit the abstract unix socket shim.sock fd from containerd-shim. -If pause container restart, qemu and runv-proxy process are still running, -and shim.sock fd doesn't close, so pause container can not reuse the shim.sock -path and restart failed! - -Signed-off-by: jiangpengfei ---- - cmd/containerd-shim/main_unix.go | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index 38b3eb4..89f6be9 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -189,6 +189,10 @@ func serve(ctx context.Context, server *ttrpc.Server, path string) error { - ) - if path == "" { - l, err = net.FileListener(os.NewFile(3, "socket")) -+ _, _, errnoValue := unix.Syscall(unix.SYS_FCNTL, 3, uintptr(unix.F_SETFD), unix.FD_CLOEXEC) -+ if errnoValue != 0 { -+ logrus.Errorf("SYS_FCNTL set fd 3 FD_CLOEXEC flag failed: %v", errnoValue) -+ } - path = "[inherited from parent]" - } else { - if len(path) > 106 { --- -1.8.3.1 - diff --git a/patch/0043-containerd-run-state-with-timeout-10s.patch b/patch/0043-containerd-run-state-with-timeout-10s.patch deleted file mode 100644 index cfe0706287f9f60c91cd14f955aa31419f1075c2..0000000000000000000000000000000000000000 --- a/patch/0043-containerd-run-state-with-timeout-10s.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 7b9e8a793fa6c0ec67effac0bc53d55c275e13be Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Thu, 25 Jul 2019 19:29:50 +0800 -Subject: [PATCH] containerd: run state with timeout 10s - -Change-Id: Idf55f750c2e7c6a9268318f519f1c8bc1595e09e -Signed-off-by: jingrui ---- - Makefile | 4 ++-- - runtime/v1/linux/task.go | 3 --- - services/tasks/local.go | 11 +++++++++++ - 3 files changed, 13 insertions(+), 5 deletions(-) - -diff --git a/Makefile b/Makefile -index 5de5cf75..9e7f3ae3 100644 ---- a/Makefile -+++ b/Makefile -@@ -81,8 +81,8 @@ GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",) - BEP_DIR=/tmp/containerd-build-bep - BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep - --GO_LDFLAGS=-ldflags '-s -w -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' --SHIM_GO_LDFLAGS=-ldflags '-s -w -buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' -+GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' -+SHIM_GO_LDFLAGS=-ldflags ' -buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' - - #Replaces ":" (*nix), ";" (windows) with newline for easy parsing - GOPATHS=$(shell echo ${GOPATH} | tr ":" "\n" | tr ";" "\n") -diff --git a/runtime/v1/linux/task.go b/runtime/v1/linux/task.go -index b692ae78..d2bbb764 100644 ---- a/runtime/v1/linux/task.go -+++ b/runtime/v1/linux/task.go -@@ -92,9 +92,6 @@ func (t *Task) delete(ctx context.Context, force bool, pid uint32) (*runtime.Exi - rsp, err := t.shim.Delete(ctx, empty) - if err != nil { - log.G(ctx).WithError(err).Error("failed to delete container, force=%t", force) -- if !force { -- return nil, errdefs.FromGRPC(err) -- } - } - t.tasks.Delete(ctx, t.id) - if err := t.shim.KillShim(ctx); err != nil { -diff --git a/services/tasks/local.go b/services/tasks/local.go -index ce9ee59d..990e8411 100644 ---- a/services/tasks/local.go -+++ b/services/tasks/local.go -@@ -47,6 +47,7 @@ import ( - ptypes "github.com/gogo/protobuf/types" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - bolt "go.etcd.io/bbolt" - "google.golang.org/grpc" - "google.golang.org/grpc/codes" -@@ -185,9 +186,19 @@ func (l *local) Create(ctx context.Context, r *api.CreateTaskRequest, _ ...grpc. - if err := l.monitor.Monitor(c); err != nil { - return nil, errors.Wrap(err, "monitor task") - } -+ -+ ctx, cancel := context.WithTimeout(ctx, 20*time.Second) -+ defer cancel() -+ - state, err := c.State(ctx) - if err != nil { - log.G(ctx).Error(err) -+ go func() { -+ ctx, cancel := context.WithTimeout(context.Background(), time.Second) -+ defer cancel() -+ _, err := c.Delete(ctx) -+ logrus.Errorf("failed get pid, delete force error=%v", err) -+ }() - } - return &api.CreateTaskResponse{ - ContainerID: r.ContainerID, --- -2.17.1 - diff --git a/patch/0044-containerd-add-copyright.patch b/patch/0044-containerd-add-copyright.patch deleted file mode 100644 index f40d27227836c78751425852a3974404feaa5492..0000000000000000000000000000000000000000 --- a/patch/0044-containerd-add-copyright.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 80972f7d142540b886068d67a49794aaa7232fb5 Mon Sep 17 00:00:00 2001 -From: lixiang -Date: Fri, 6 Sep 2019 15:16:21 +0800 -Subject: [PATCH] containerd: add copyright - -reason: add copyright - -Change-Id: I93ef565c6bf10d6f8cb66d956dddbfbd14477138 -Signed-off-by: lixiang ---- - events/exit.go | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/events/exit.go b/events/exit.go -index 772dc24..d3b3027 100644 ---- a/events/exit.go -+++ b/events/exit.go -@@ -1,3 +1,12 @@ -+/* -+Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. -+Use of this source code is governed by Apache-2.0 -+license that can be found in the LICENSE file -+Description: common functions -+Author: jingrui -+Create: 2019-02-12 -+*/ -+ - package events - - import ( -@@ -97,4 +106,3 @@ func InitExitExist(bundle string) bool { - } - return false - } -- --- -1.8.3.1 - diff --git a/patch/0044-containerd-change-tmpfile-directory-when-exec.patch b/patch/0044-containerd-change-tmpfile-directory-when-exec.patch deleted file mode 100644 index 4e1adbe9895a8120f4ca3e7a059d281c32c5ce9e..0000000000000000000000000000000000000000 --- a/patch/0044-containerd-change-tmpfile-directory-when-exec.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 8f3291f805c641a6fcf043eb8c4e1a2f4174b579 Mon Sep 17 00:00:00 2001 -From: wujibin -Date: Wed, 14 Aug 2019 17:18:24 +0800 -Subject: [PATCH] containerd: change tmpfile directory when exec - -reason: tmp file stored /tmp before change, if mountain of containers -are runing, the diretory will exist too many tmp file - -Change-Id: I1879ba9d09dca41a7571131d7447bf67356ea79c ---- - vendor/github.com/containerd/go-runc/runc.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index 6323bf21..7a2a8c4d 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -229,7 +229,7 @@ func (o *ExecOpts) args() (out []string, err error) { - // Exec executres and additional process inside the container based on a full - // OCI Process specification - func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts *ExecOpts) error { -- f, err := ioutil.TempFile(os.Getenv("XDG_RUNTIME_DIR"), "runc-process") -+ f, err := ioutil.TempFile(".", "runc-process") - if err != nil { - return err - } --- -2.19.0 - diff --git a/patch/0045-containerd-shim-disable-fast-gc-on-arm.patch b/patch/0045-containerd-shim-disable-fast-gc-on-arm.patch deleted file mode 100644 index ea8fc658dc8f7707970e386b6421a20baa49a206..0000000000000000000000000000000000000000 --- a/patch/0045-containerd-shim-disable-fast-gc-on-arm.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 4a8367ce3a9a8321ceeffbf2934380b139a74f90 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Fri, 18 Oct 2019 14:49:47 +0800 -Subject: [PATCH] containerd: stw gc sweep for arm64 - -Change-Id: I855c13a21c72bf0e91563db7c11e1348a1a78d55 -Signed-off-by: jingrui ---- - cmd/containerd-shim/main_unix.go | 5 ----- - runtime/v1/shim/client/client.go | 4 ++++ - 2 files changed, 4 insertions(+), 5 deletions(-) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index 89f6be91..22283626 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -80,11 +80,6 @@ func init() { - - func main() { - debug.SetGCPercent(40) -- go func() { -- for range time.Tick(30 * time.Second) { -- debug.FreeOSMemory() -- } -- }() - - if debugFlag { - logrus.SetLevel(logrus.DebugLevel) -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index a819be6c..a4669d33 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -24,6 +24,7 @@ import ( - "net" - "os" - "os/exec" -+ "runtime" - "strings" - "sync" - "syscall" -@@ -161,6 +162,9 @@ func newCommand(binary, daemonAddress string, debug bool, config shim.Config, so - cmd.SysProcAttr = getSysProcAttr() - cmd.ExtraFiles = append(cmd.ExtraFiles, socket) - cmd.Env = append(os.Environ(), "GOMAXPROCS=2") -+ if runtime.GOARCH == "arm64" { -+ cmd.Env = append(cmd.Env, "GODEBUG=gcstoptheworld=2") -+ } - cmd.Stdout = stdout - cmd.Stderr = stderr - return cmd, nil --- -2.17.1 - diff --git a/patch/0046-containerd-support-hot-upgrade.patch b/patch/0046-containerd-support-hot-upgrade.patch deleted file mode 100644 index 9aac7294d9a56832e5f2f6b48b90d12d6b514925..0000000000000000000000000000000000000000 --- a/patch/0046-containerd-support-hot-upgrade.patch +++ /dev/null @@ -1,630 +0,0 @@ -From 4656fbac6e4a23cf4e2fcb332777fb17895e67ca Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Wed, 14 Aug 2019 10:51:19 +0800 -Subject: [PATCH] containerd: hot-upgrade support from - containerd-0.2.8 - -This patch support hot-upgrade from containerd-0.2.8. When restore -tasks, it will find containers started by containerd-0.2.8, then start -fake task create, the fake create will run a new shim process, the shim -process will manage the container created by runc. - -After restore legacy created tasks, each task will has 2 shim -process. So it support down-grade to docker-1.11.2 with container still -running. - -Change-Id: I94cd48cbf8ceb408dbc8849fe6916e0ec3d889b0 -Signed-off-by: jingrui ---- - legacy/legacy.go | 145 ++++++++++++++++++++ - runtime/v1/linux/leruntime.go | 243 ++++++++++++++++++++++++++++++++++ - runtime/v1/linux/proc/init.go | 27 +++- - runtime/v1/linux/proc/io.go | 11 +- - runtime/v1/linux/runtime.go | 5 + - runtime/v1/shim/service.go | 10 +- - services/containers/local.go | 19 ++- - 7 files changed, 452 insertions(+), 8 deletions(-) - create mode 100644 legacy/legacy.go - create mode 100644 runtime/v1/linux/leruntime.go - -diff --git a/legacy/legacy.go b/legacy/legacy.go -new file mode 100644 -index 00000000..fde9f709 ---- /dev/null -+++ b/legacy/legacy.go -@@ -0,0 +1,145 @@ -+/* -+Copyright (c) Huawei Technologies Co., Ltd. 2019-2019. All rights reserved. -+Description: support containerd hot-upgrade from 0.2.8 -+Author: jingrui jingrui@huawei.com -+Create: 2019-09-20 -+*/ -+ -+package legacy -+ -+import ( -+ "encoding/json" -+ "fmt" -+ "io" -+ "io/ioutil" -+ "os" -+ "path/filepath" -+ "runtime" -+ "strings" -+ -+ "github.com/sirupsen/logrus" -+ "github.com/opencontainers/runtime-spec/specs-go" -+) -+ -+const ( -+ LegacyFile = "legacy" -+ Config120 = "/var/run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/" -+ Stdio120 = "/var/run/docker/containerd/" -+ Config028 = "/var/run/docker/libcontainerd/" -+ State028 = "/var/run/docker/libcontainerd/containerd/" -+ Runtime = "io.containerd.runtime.v1" -+) -+ -+// IsLegacy is used to check if im legacy. -+func IsLegacy(id string) bool { -+ lf := Config120 + id + "/" + LegacyFile -+ if _, err := os.Stat(lf); err == nil { -+ caller := "??" -+ if pc, file, line, ok := runtime.Caller(1); ok { -+ caller = fmt.Sprintf("%s:%d:%s()", file, line, runtime.FuncForPC(pc).Name()) -+ } -+ logrus.Infof("shim pretend to be 0.2.8 in %s", caller) -+ return true -+ } -+ return false -+} -+ -+// IsRunning is used to detect whether legacy container is running. -+func IsRunning(id string) bool { -+ path := State028 + id + "/init/pid" -+ bpid, err := ioutil.ReadFile(path) -+ if err != nil { -+ return false -+ } -+ -+ path = State028 + id + "/init/starttime" -+ btime, err := ioutil.ReadFile(path) -+ if err != nil { -+ return false -+ } -+ -+ path = fmt.Sprintf("/proc/%s/stat", string(bpid)) -+ bstat, err := ioutil.ReadFile(path) -+ if err != nil { -+ return false -+ } -+ -+ if !strings.Contains(string(bstat), string(btime)) { -+ return false -+ } -+ -+ return true -+} -+ -+// CopyFile used to copy a file. -+func CopyFile(dstName, srcName string) (written int64, err error) { -+ src, err := os.Open(srcName) -+ if err != nil { -+ return -+ } -+ defer src.Close() -+ -+ dst, err := os.OpenFile(dstName, os.O_WRONLY|os.O_CREATE, 0644) -+ if err != nil { -+ return -+ } -+ defer dst.Close() -+ -+ return io.Copy(dst, src) -+} -+ -+// InitBundle will copy files from 0.2.8 dirs to 1.2.0 dirs. -+func InitBundle(root string, id string) error { -+ err := os.MkdirAll(Config120+id, 0711) -+ if err != nil { -+ return err -+ } -+ err = os.MkdirAll(Stdio120+id, 0711) -+ if err != nil { -+ return err -+ } -+ err = os.MkdirAll(filepath.Join(root, "moby", id), 0711) -+ if err != nil { -+ return err -+ } -+ -+ err = ioutil.WriteFile(Config120+id+"/"+LegacyFile, []byte{}, 0644) -+ if err != nil { -+ return err -+ } -+ CopyFile(Config120+id+"/config.json", Config028+id+"/config.json") -+ CopyFile(Config120+id+"/init.pid", State028+id+"/init/pid") -+ return nil -+} -+ -+// DeleteBundle will delete unused legacy bundle files. -+func DeleteBundle(id string) error { -+ err1 := os.RemoveAll(Config120 + id) -+ err2 := os.RemoveAll(Stdio120 + id) -+ if err1 != nil { -+ return err1 -+ } -+ if err2 != nil { -+ return err2 -+ } -+ -+ return nil -+} -+ -+// LoadSpec load config.json into spec. -+func LoadSpec(id string) (*specs.Spec, error) { -+ f, err := os.OpenFile(Config120+id+"/config.json", os.O_RDONLY, 0400) -+ if err != nil { -+ return nil, err -+ } -+ defer f.Close() -+ -+ spec := specs.Spec{} -+ dec := json.NewDecoder(f) -+ err = dec.Decode(&spec) -+ if err != nil { -+ return nil, err -+ } -+ -+ return &spec, nil -+} -diff --git a/runtime/v1/linux/leruntime.go b/runtime/v1/linux/leruntime.go -new file mode 100644 -index 00000000..5b887935 ---- /dev/null -+++ b/runtime/v1/linux/leruntime.go -@@ -0,0 +1,243 @@ -+/* -+Copyright (c) Huawei Technologies Co., Ltd. 2019-2019. All rights reserved. -+Description: support containerd hot-upgrade from 0.2.8 -+Author: jingrui jingrui@huawei.com -+Create: 2019-09-20 -+*/ -+ -+package linux -+ -+import ( -+ "context" -+ "fmt" -+ "io/ioutil" -+ goruntime "runtime" -+ -+ "github.com/containerd/containerd/api/types" -+ "github.com/containerd/containerd/containers" -+ "github.com/containerd/containerd/errdefs" -+ "github.com/containerd/containerd/legacy" -+ "github.com/containerd/containerd/log" -+ "github.com/containerd/containerd/namespaces" -+ "github.com/containerd/containerd/runtime" -+ "github.com/containerd/containerd/runtime/linux/runctypes" -+ shim "github.com/containerd/containerd/runtime/v1/shim/v1" -+ scontainers "github.com/containerd/containerd/services/containers" -+ "github.com/containerd/typeurl" -+ "github.com/sirupsen/logrus" -+) -+ -+func taskIsExist(tasks []*Task, id string) bool { -+ for _, t := range tasks { -+ if t.id == id { -+ return true -+ } -+ } -+ return false -+} -+ -+func loadCreateOpts(id string) runtime.CreateOpts { -+ opts := runtime.CreateOpts{ -+ IO: runtime.IO{ -+ Stdin: fmt.Sprintf("/var/run/docker/libcontainerd/%s/init-stdin", id), -+ Stdout: fmt.Sprintf("/var/run/docker/libcontainerd/%s/init-stdout", id), -+ }, -+ } -+ -+ return opts -+} -+ -+func (r *Runtime) legacyCreateMeta(ctx context.Context, id string) { -+ spec, err := legacy.LoadSpec(id) -+ if err != nil { -+ logrus.Errorf("load spec for %s failed %v", id, err) -+ return -+ } -+ -+ s, err := typeurl.MarshalAny(spec) -+ if err != nil { -+ logrus.Errorf("marshal-any for %s failed %v", id, err) -+ return -+ } -+ -+ c := containers.Container{ -+ ID: id, -+ Runtime: containers.RuntimeInfo{ -+ Name: fmt.Sprintf("%s.%s", legacy.Runtime, goruntime.GOOS), -+ }, -+ Spec: s, -+ } -+ -+ err = scontainers.CreateMeta(ctx, c) -+ if err != nil { -+ logrus.Infof("create meta for %s failed %v", c.ID, err) -+ } -+} -+ -+func (r *Runtime) legacyCreate(ctx context.Context, id string, opts runtime.CreateOpts) (*Task, error) { -+ namespace, err := namespaces.NamespaceRequired(ctx) -+ if err != nil { -+ return nil, err -+ } -+ if namespace != "moby" { -+ return nil, fmt.Errorf("legacy not support ns=%s", namespace) -+ } -+ -+ ropts := &runctypes.RuncOptions{} -+ bundle := loadBundle(id, -+ legacy.Config120+id, -+ legacy.Config120+id) -+ -+ defer func() { -+ if err != nil { -+ errd := bundle.Delete() -+ log.G(ctx).WithError(err).Errorf("revert: delete bundle error=%v", errd) -+ } -+ }() -+ -+ shimopt := ShimLocal(r.config, r.events) -+ -+ var cgroup string -+ if opts.TaskOptions != nil { -+ v, err := typeurl.UnmarshalAny(opts.TaskOptions) -+ if err != nil { -+ return nil, err -+ } -+ cgroup = v.(*runctypes.CreateOptions).ShimCgroup -+ } -+ exitHandler := func() { -+ log.G(ctx).WithField("id", id).Info("shim reaped") -+ t, err := r.tasks.Get(ctx, id) -+ if err != nil { -+ // Task was never started or was already successfully deleted -+ return -+ } -+ lc := t.(*Task) -+ -+ log.G(ctx).WithFields(logrus.Fields{ -+ "id": id, -+ "namespace": namespace, -+ }).Warn("cleaning up after killed shim") -+ if err = r.cleanupAfterDeadShim(context.Background(), bundle, namespace, id, lc.pid); err != nil { -+ log.G(ctx).WithError(err).WithFields(logrus.Fields{ -+ "id": id, -+ "namespace": namespace, -+ }).Warn("failed to clean up after killed shim") -+ } -+ } -+ shimopt = ShimRemote(r.config, r.address, cgroup, exitHandler) -+ -+ s, err := bundle.NewShimClient(ctx, namespace, shimopt, ropts) -+ if err != nil { -+ return nil, err -+ } -+ -+ defer func() { -+ if err != nil { -+ kerr := s.KillShim(ctx) -+ log.G(ctx).WithError(err).Errorf("revert: kill shim error=%v", kerr) -+ } -+ }() -+ -+ rt := r.config.Runtime -+ if ropts != nil && ropts.Runtime != "" { -+ rt = ropts.Runtime -+ } -+ sopts := &shim.CreateTaskRequest{ -+ ID: id, -+ Bundle: bundle.path, -+ Runtime: rt, -+ Stdin: opts.IO.Stdin, -+ Stdout: opts.IO.Stdout, -+ Stderr: opts.IO.Stderr, -+ Terminal: opts.IO.Terminal, -+ Checkpoint: opts.Checkpoint, -+ Options: opts.TaskOptions, -+ } -+ for _, m := range opts.Rootfs { -+ sopts.Rootfs = append(sopts.Rootfs, &types.Mount{ -+ Type: m.Type, -+ Source: m.Source, -+ Options: m.Options, -+ }) -+ } -+ cr, err := s.Create(ctx, sopts) -+ if err != nil { -+ return nil, errdefs.FromGRPC(err) -+ } -+ t, err := newTask(id, namespace, int(cr.Pid), s, r.events, r.tasks, bundle) -+ if err != nil { -+ return nil, err -+ } -+ -+ // dont add task to tasklist, restoreTasks() will add it later. -+ -+ return t, nil -+} -+ -+func (r *Runtime) loadLegacyTask(id string) (*Task, error) { -+ logrus.Infof("load-letask id=%s", id) -+ err := legacy.InitBundle(r.root, id) -+ if err != nil { -+ logrus.Errorf("letask %s init bundle failed %s", id, err) -+ return nil, err -+ } -+ -+ defer func() { -+ if err != nil { -+ err1 := legacy.DeleteBundle(id) -+ logrus.Errorf("letask %s failed %v, drop bundle error=%s", id, err, err1) -+ } -+ }() -+ -+ ctx := namespaces.WithNamespace(context.Background(), "moby") -+ r.legacyCreateMeta(ctx, id) -+ task, err := r.legacyCreate(ctx, id, loadCreateOpts(id)) -+ if err != nil { -+ logrus.Errorf("letask %s create failed %v", id, err) -+ return nil, err -+ } -+ -+ return task, nil -+} -+ -+func (r *Runtime) loadLegacyTasks(tasks []*Task, ctx context.Context, ns string) ([]*Task, error) { -+ var o []*Task -+ -+ if ns != "moby" { -+ logrus.Infof("loadLegacyTasks ignore ns=%s", ns) -+ return o, nil -+ } -+ -+ dir, err := ioutil.ReadDir(legacy.State028) -+ if err != nil { -+ logrus.Infof("loadLegacyTasks skipped, no legacy residual") -+ return o, nil -+ } -+ -+ for _, path := range dir { -+ if !path.IsDir() { -+ continue -+ } -+ -+ id := path.Name() -+ if taskIsExist(tasks, id) { -+ logrus.Infof("letask %s already loaded", id) -+ continue -+ } -+ if !legacy.IsRunning(id) { -+ logrus.Infof("letask %s not running", id) -+ continue -+ } -+ -+ task, err := r.loadLegacyTask(id) -+ if err != nil { -+ logrus.Errorf("letask %s load failed %s", err) -+ continue -+ } -+ -+ o = append(o, task) -+ logrus.Infof("letask id=%s load ok", id) -+ } -+ return o, nil -+} -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index 44d3f58b..ace98621 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -31,6 +31,7 @@ import ( - "time" - - "github.com/containerd/console" -+ "github.com/containerd/containerd/legacy" - "github.com/containerd/containerd/log" - "github.com/containerd/containerd/mount" - "github.com/containerd/containerd/runtime/proc" -@@ -39,6 +40,7 @@ import ( - google_protobuf "github.com/gogo/protobuf/types" - specs "github.com/opencontainers/runtime-spec/specs-go" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - // InitPidFile name of the file that contains the init pid -@@ -113,6 +115,19 @@ func New(id string, runtime *runc.Runc, stdio proc.Stdio) *Init { - waitBlock: make(chan struct{}), - } - p.initState = &createdState{p: p} -+ // legacy container is exist, set it running state directly. -+ if legacy.IsLegacy(id) { -+ p.initState = &runningState{p: p} -+ go func(id string) { -+ for { -+ time.Sleep(3 * time.Second) -+ if !legacy.IsRunning(id) { -+ logrus.Infof("legacy container %s exited", id) -+ os.Exit(0) -+ } -+ } -+ }(id) -+ } - return p - } - -@@ -122,6 +137,17 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - err error - socket *runc.Socket - ) -+ pidFile := filepath.Join(p.Bundle, InitPidFile) -+ -+ if legacy.IsLegacy(r.ID) { -+ pid, err := runc.ReadPidFile(pidFile) -+ if err != nil { -+ return errors.Wrap(err, "failed to retrieve OCI runtime container pid") -+ } -+ p.pid = pid -+ return nil -+ } -+ - if r.Terminal { - if socket, err = runc.NewTempConsoleSocket(); err != nil { - return errors.Wrap(err, "failed to create OCI runtime console socket") -@@ -136,7 +162,6 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - return errors.Wrap(err, "failed to create OCI runtime io pipes") - } - } -- pidFile := filepath.Join(p.Bundle, InitPidFile) - if r.Checkpoint != "" { - opts := &runc.RestoreOpts{ - CheckpointOpts: runc.CheckpointOpts{ -diff --git a/runtime/v1/linux/proc/io.go b/runtime/v1/linux/proc/io.go -index 71f6ee1b..36066270 100644 ---- a/runtime/v1/linux/proc/io.go -+++ b/runtime/v1/linux/proc/io.go -@@ -79,6 +79,9 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w - }, - }, - } { -+ if i.name == "" { -+ continue -+ } - ok, err := isFifo(i.name) - if err != nil { - return err -@@ -89,10 +92,10 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w - ) - if ok { - if fw, err = fifo.OpenFifo(ctx, i.name, syscall.O_WRONLY, 0); err != nil { -- return fmt.Errorf("containerd-shim: opening %s failed: %s", i.name, err) -+ return fmt.Errorf("containerd-shim syscall.O_WRONLY: opening %s failed: %s", i.name, err) - } - if fr, err = fifo.OpenFifo(ctx, i.name, syscall.O_RDONLY, 0); err != nil { -- return fmt.Errorf("containerd-shim: opening %s failed: %s", i.name, err) -+ return fmt.Errorf("containerd-shim syscall.O_RDONLY: opening %s failed: %s", i.name, err) - } - } else { - if sameFile != nil { -@@ -100,7 +103,7 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w - continue - } - if fw, err = os.OpenFile(i.name, syscall.O_WRONLY|syscall.O_APPEND, 0); err != nil { -- return fmt.Errorf("containerd-shim: opening %s failed: %s", i.name, err) -+ return fmt.Errorf("containerd-shim syscall.O_WRONLY|syscall.O_APPEND: opening %s failed: %s", i.name, err) - } - if stdout == stderr { - sameFile = fw -@@ -113,7 +116,7 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w - } - f, err := fifo.OpenFifo(ctx, stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0) - if err != nil { -- return fmt.Errorf("containerd-shim: opening %s failed: %s", stdin, err) -+ return fmt.Errorf("containerd-shim syscall.O_RDONLY|syscall.O_NONBLOCK: opening %s failed: %s", stdin, err) - } - cwg.Add(1) - go func() { -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index f8e30742..1b763fbc 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -300,6 +300,11 @@ func (r *Runtime) restoreTasks(ctx context.Context) ([]*Task, error) { - } - o = append(o, tasks...) - } -+ lo, err := r.loadLegacyTasks(o, ctx, "moby") -+ if err != nil { -+ logrus.Errorf("load legacy with error %v", err) -+ } -+ o = append(o, lo...) - return o, nil - } - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index ac545ea4..6411fdd9 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -34,6 +34,7 @@ import ( - "github.com/containerd/containerd/api/types/task" - "github.com/containerd/containerd/errdefs" - "github.com/containerd/containerd/events" -+ "github.com/containerd/containerd/legacy" - "github.com/containerd/containerd/log" - "github.com/containerd/containerd/mount" - "github.com/containerd/containerd/namespaces" -@@ -381,7 +382,9 @@ func (s *Service) Kill(ctx context.Context, r *shimapi.KillRequest) (*ptypes.Emp - if s.id != p.ID() || r.Signal != uint32(syscall.SIGKILL) { - return - } -- -+ if legacy.IsLegacy(s.id) { -+ return -+ } - for i := 1; i < 5; i++ { - time.Sleep(10 * time.Second) - err := p.Kill(ctx, r.Signal, r.All) -@@ -676,6 +679,11 @@ func newInit(ctx context.Context, path, workDir, runtimeRoot, namespace, criu st - - rootfs := filepath.Join(path, "rootfs") - runtime := proc.NewRunc(runtimeRoot, path, namespace, r.Runtime, criu, systemdCgroup) -+ // legacy container using /run/runc as runc root. -+ if legacy.IsLegacy(r.ID) { -+ runtime.Root = "/run/runc" -+ } -+ - p := proc.New(r.ID, runtime, rproc.Stdio{ - Stdin: r.Stdin, - Stdout: r.Stdout, -diff --git a/services/containers/local.go b/services/containers/local.go -index 95a09872..5934d5ad 100644 ---- a/services/containers/local.go -+++ b/services/containers/local.go -@@ -48,10 +48,11 @@ func init() { - if err != nil { - return nil, err - } -- return &local{ -+ helperLocal = local{ - db: m.(*metadata.DB), - publisher: ic.Events, -- }, nil -+ } -+ return &helperLocal, nil - }, - }) - } -@@ -243,3 +244,17 @@ func (s *localStream) SendMsg(m interface{}) error { - func (s *localStream) RecvMsg(m interface{}) error { - return nil - } -+ -+var helperLocal local // used for create meta only. -+// CreateMeta used only by legacy module to create meta. -+func CreateMeta(ctx context.Context, c containers.Container) error { -+ l := &helperLocal -+ err := l.withStoreUpdate(ctx, func(ctx context.Context, store containers.Store) error { -+ _, err := store.Create(ctx, c) -+ if err != nil { -+ return err -+ } -+ return nil -+ }) -+ return err -+} --- -2.17.1 - diff --git a/patch/0047-containerd-shim-exit-initiative-after-3s.patch b/patch/0047-containerd-shim-exit-initiative-after-3s.patch deleted file mode 100644 index f8e325c643ecebce4c33a16960a0e39a5ce23bdf..0000000000000000000000000000000000000000 --- a/patch/0047-containerd-shim-exit-initiative-after-3s.patch +++ /dev/null @@ -1,30 +0,0 @@ -From fe778eb160fc1e3a492b5304890af3843aa91f32 Mon Sep 17 00:00:00 2001 -From: liuzekun -Date: Tue, 5 Nov 2019 23:07:49 -0500 -Subject: [PATCH] containerd: containerd-shim exit initiative after 3s - -reason: containerd-shim exit initiative after 3s - -Signed-off-by: liuzekun ---- - runtime/v1/shim/service.go | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 326096c..3abaa99 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -548,6 +548,10 @@ func (s *Service) checkProcesses(e runc.Exit) { - ns := filepath.Base(filepath.Dir(ip.Bundle)) - events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") - events.InitExitWrite(ip.Bundle, e.Pid) -+ go func() { -+ time.Sleep(3 * time.Second) -+ os.Exit(0) -+ }() - } - if shouldKillAll { - if ip, ok := p.(*proc.Init); ok { --- -2.20.1 - diff --git a/patch/0048-containerd-modify-shim-initiative-exit-time.patch b/patch/0048-containerd-modify-shim-initiative-exit-time.patch deleted file mode 100644 index f76982ceb4fe8cae4eee1a900ae5f2a9f48e1a17..0000000000000000000000000000000000000000 --- a/patch/0048-containerd-modify-shim-initiative-exit-time.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 1735262dfdbc434c3e734c2a4b7e3c5407cd541f Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Sat, 16 Nov 2019 02:28:31 +0800 -Subject: [PATCH] containerd: modify shim initiative exit time - -reason: We set shim exit initiative after 3s of container init process -exiting, but poststop hook will run abnormally if it needs more than 3s. -So we modify the exit time to 120s to avoid this case, as poststop hook -is suggested not more than 120s. - -Change-Id: I3e78b6344fabb0687bc40c3b6da153f403a9f211 -Signed-off-by: xiadanni1 ---- - runtime/v1/shim/service.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 3abaa99..9721660 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -549,7 +549,7 @@ func (s *Service) checkProcesses(e runc.Exit) { - events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") - events.InitExitWrite(ip.Bundle, e.Pid) - go func() { -- time.Sleep(3 * time.Second) -+ time.Sleep(120 * time.Second) - os.Exit(0) - }() - } --- -1.8.3.1 - diff --git a/patch/0049-contaienrd-modify-shim-initiative-exit-time-for-post-hook.patch b/patch/0049-contaienrd-modify-shim-initiative-exit-time-for-post-hook.patch deleted file mode 100644 index 9876c45570ef964e6ded188d939ea4de2563ca21..0000000000000000000000000000000000000000 --- a/patch/0049-contaienrd-modify-shim-initiative-exit-time-for-post-hook.patch +++ /dev/null @@ -1,84 +0,0 @@ -From d2e10b3f23adf3338ee451c926167d18e5ac02e1 Mon Sep 17 00:00:00 2001 -From: liuzekun -Date: Thu, 21 Nov 2019 08:23:35 -0500 -Subject: [PATCH] contaienrd: modify shim initiative exit time for post hook - -reason: Modify shim initiative exit time for post hook. In consideration -of each post hook has a execution time with timeout(default 120s), we -should ensure enough time to call all post hook. - -Signed-off-by: liuzekun ---- - runtime/v1/shim/service.go | 29 ++++++++++++++++++++++------- - 1 file changed, 22 insertions(+), 7 deletions(-) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 9721660..cfba225 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -537,7 +537,7 @@ func (s *Service) checkProcesses(e runc.Exit) { - s.mu.Lock() - defer s.mu.Unlock() - -- shouldKillAll, err := shouldKillAllOnExit(s.bundle) -+ shouldKillAll, bundleSpec, err := shouldKillAllOnExit(s.bundle) - if err != nil { - log.G(s.context).WithError(err).Error("failed to check shouldKillAll") - } -@@ -549,8 +549,23 @@ func (s *Service) checkProcesses(e runc.Exit) { - events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") - events.InitExitWrite(ip.Bundle, e.Pid) - go func() { -- time.Sleep(120 * time.Second) -- os.Exit(0) -+ t := 30 -+ defer func() { -+ time.Sleep(time.Duration(t) * time.Second) -+ os.Exit(0) -+ }() -+ if bundleSpec.Hooks == nil { -+ return -+ } -+ postStopHooks := bundleSpec.Hooks.Poststop -+ for _, postStopHook := range postStopHooks { -+ hookTimeout := postStopHook.Timeout -+ if hookTimeout == nil { -+ t += 120 -+ } else { -+ t += *hookTimeout -+ } -+ } - }() - } - if shouldKillAll { -@@ -575,23 +590,23 @@ func (s *Service) checkProcesses(e runc.Exit) { - } - } - --func shouldKillAllOnExit(bundlePath string) (bool, error) { -+func shouldKillAllOnExit(bundlePath string) (bool, specs.Spec, error) { - var bundleSpec specs.Spec - bundleConfigContents, err := ioutil.ReadFile(filepath.Join(bundlePath, "config.json")) - if err != nil { -- return false, err -+ return false, specs.Spec{}, err - } - json.Unmarshal(bundleConfigContents, &bundleSpec) - - if bundleSpec.Linux != nil { - for _, ns := range bundleSpec.Linux.Namespaces { - if ns.Type == specs.PIDNamespace && ns.Path == "" { -- return false, nil -+ return false, bundleSpec, nil - } - } - } - -- return true, nil -+ return true, bundleSpec, nil - } - - func (s *Service) getContainerPids(ctx context.Context, id string) ([]uint32, error) { --- -2.20.1 - diff --git a/patch/0050-containerd-warp-and-process-return-errors.patch b/patch/0050-containerd-warp-and-process-return-errors.patch deleted file mode 100644 index fc20562bf343e556bb1e77e2cbe98eda7556265b..0000000000000000000000000000000000000000 --- a/patch/0050-containerd-warp-and-process-return-errors.patch +++ /dev/null @@ -1,170 +0,0 @@ -From 20cb595625dcfdf89fdf766028625a7864674dec Mon Sep 17 00:00:00 2001 -From: liuzekun -Date: Mon, 23 Dec 2019 03:10:49 -0500 -Subject: [PATCH] containerd: wrap and process return errors - -reason: wrap and process return errors - -Signed-off-by: liuzekun ---- - cmd/containerd-shim/main_unix.go | 2 +- - events/exit.go | 4 ++-- - legacy/legacy.go | 8 +++++--- - runtime/v1/linux/leruntime.go | 5 ++++- - runtime/v1/linux/runtime.go | 7 +++++-- - runtime/v1/shim/reaper.go | 4 ++-- - runtime/v1/shim/service.go | 1 + - vendor/github.com/sirupsen/logrus/exported.go | 5 +++++ - 8 files changed, 25 insertions(+), 11 deletions(-) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index 2228362..e9c1426 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -259,7 +259,7 @@ func dumpStacks(logger *logrus.Entry) { - bufferLen *= 2 - } - buf = buf[:stackSize] -- ioutil.WriteFile(fmt.Sprintf(stacksLogNameTemplate, strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)), buf, 0600) -+ logrus.Devour(ioutil.WriteFile(fmt.Sprintf(stacksLogNameTemplate, strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)), buf, 0600)) - logger.Infof("=== BEGIN goroutine stack dump ===\n%s\n=== END goroutine stack dump ===", buf) - } - -diff --git a/events/exit.go b/events/exit.go -index 772dc24..c0a3583 100644 ---- a/events/exit.go -+++ b/events/exit.go -@@ -48,13 +48,14 @@ func ExitInfo(ef string) (string, uint32, uint32) { - } - - func ExitAddFile(ns string, ef string, reason string) { -- os.MkdirAll(filepath.Join(ExitDir, ns), 0700) -+ logrus.Devour(os.MkdirAll(filepath.Join(ExitDir, ns), 0700)) - err := ioutil.WriteFile(filepath.Join(ExitDir, ns, ef), []byte{}, 0600) - logrus.Infof("exit-add %s/%s [reason: %s] error=%v", ns, ef, reason, err) - } - - func ExitDelFile(ns string, ef string) { - err := os.RemoveAll(filepath.Join(ExitDir, ns, ef)) -+ logrus.Devour(err) - logrus.Infof("exit-del %s/%s error=%v", ns, ef, err) - } - -diff --git a/legacy/legacy.go b/legacy/legacy.go -index fde9f70..219508c 100644 ---- a/legacy/legacy.go -+++ b/legacy/legacy.go -@@ -17,8 +17,8 @@ import ( - "runtime" - "strings" - -- "github.com/sirupsen/logrus" - "github.com/opencontainers/runtime-spec/specs-go" -+ "github.com/sirupsen/logrus" - ) - - const ( -@@ -107,8 +107,10 @@ func InitBundle(root string, id string) error { - if err != nil { - return err - } -- CopyFile(Config120+id+"/config.json", Config028+id+"/config.json") -- CopyFile(Config120+id+"/init.pid", State028+id+"/init/pid") -+ _, err = CopyFile(Config120+id+"/config.json", Config028+id+"/config.json") -+ logrus.Devour(err) -+ _, err = CopyFile(Config120+id+"/init.pid", State028+id+"/init/pid") -+ logrus.Devour(err) - return nil - } - -diff --git a/runtime/v1/linux/leruntime.go b/runtime/v1/linux/leruntime.go -index 9c793a5..e8fbe61 100644 ---- a/runtime/v1/linux/leruntime.go -+++ b/runtime/v1/linux/leruntime.go -@@ -112,7 +112,10 @@ func (r *Runtime) legacyCreate(ctx context.Context, id string, opts runtime.Crea - // Task was never started or was already successfully deleted - return - } -- lc := t.(*Task) -+ lc, ok := t.(*Task) -+ if !ok { -+ log.G(ctx).WithField("id", id).Errorf("task t's type is %T, cannot convert to a *Task value", t) -+ } - - log.G(ctx).WithFields(logrus.Fields{ - "id": id, -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 1b763fb..c334bf4 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -43,7 +43,7 @@ import ( - "github.com/containerd/containerd/plugin" - "github.com/containerd/containerd/runtime" - "github.com/containerd/containerd/runtime/linux/runctypes" -- "github.com/containerd/containerd/runtime/v1" -+ v1 "github.com/containerd/containerd/runtime/v1" - "github.com/containerd/containerd/runtime/v1/linux/proc" - shim "github.com/containerd/containerd/runtime/v1/shim/v1" - runc "github.com/containerd/go-runc" -@@ -200,7 +200,10 @@ func (r *Runtime) Create(ctx context.Context, id string, opts runtime.CreateOpts - // Task was never started or was already successfully deleted - return - } -- lc := t.(*Task) -+ lc, ok := t.(*Task) -+ if !ok { -+ log.G(ctx).WithField("id", id).Errorf("task t's type is %T, cannot convert to a *Task value", t) -+ } - - log.G(ctx).WithFields(logrus.Fields{ - "id": id, -diff --git a/runtime/v1/shim/reaper.go b/runtime/v1/shim/reaper.go -index 2846152..c657397 100644 ---- a/runtime/v1/shim/reaper.go -+++ b/runtime/v1/shim/reaper.go -@@ -95,7 +95,7 @@ func (m *Monitor) Wait(c *exec.Cmd, ec chan runc.Exit) (int, error) { - for e := range ec { - if e.Pid == c.Process.Pid { - // make sure we flush all IO -- c.Wait() -+ logrus.Devour(c.Wait()) - m.Unsubscribe(ec) - return e.Status, nil - } -@@ -123,7 +123,7 @@ func (m *Monitor) WaitTimeout(c *exec.Cmd, ec chan runc.Exit, sec int64) (int, e - select { - case <-time.After(time.Duration(sec) * time.Second): - if SameProcess(c, c.Process.Pid) { -- syscall.Kill(c.Process.Pid, syscall.SIGKILL) -+ logrus.Devour(syscall.Kill(c.Process.Pid, syscall.SIGKILL)) - } - return 0, errors.Errorf("container did not start before the specified timeout %ds for cmd(pid=%d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) - case status := <-sch: -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 4025a72..beb0ed8 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -146,6 +146,7 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ * - for i := 0; i < 60; i++ { - time.Sleep(time.Second) - _, err := os.Stat(r.Bundle) -+ logrus.Devour(err) - if os.IsNotExist(err) { - logrus.Errorf("bundle dir: %v does not exist, containerd-shim exit", r.Bundle) - os.Exit(0) -diff --git a/vendor/github.com/sirupsen/logrus/exported.go b/vendor/github.com/sirupsen/logrus/exported.go -index 1aeaa90..46fa7f8 100644 ---- a/vendor/github.com/sirupsen/logrus/exported.go -+++ b/vendor/github.com/sirupsen/logrus/exported.go -@@ -191,3 +191,8 @@ func Panicln(args ...interface{}) { - func Fatalln(args ...interface{}) { - std.Fatalln(args...) - } -+ -+// Devour will do nothing and return directly -+func Devour(args ...interface{}) { -+ return -+} --- -2.20.1 - diff --git a/patch/0051-containerd-add-timeout-for-containerd-shim.patch b/patch/0051-containerd-add-timeout-for-containerd-shim.patch deleted file mode 100644 index 62125c1cf36fd9a1679b88c074c141150f9959c3..0000000000000000000000000000000000000000 --- a/patch/0051-containerd-add-timeout-for-containerd-shim.patch +++ /dev/null @@ -1,134 +0,0 @@ -From ea6e8c7b10fe1552d14fb9b0337d850a1f4a7178 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Fri, 3 Jan 2020 03:06:00 +0800 -Subject: [PATCH] containerd: add timeout for containerd-shim - -reason:add timeout for containerd-shim to avoid dead lock - -Change-Id: I7886eb9e73dc1a3c8b837687c8ac8361d67f5e4f -Signed-off-by: xiadanni1 ---- - runtime/v1/shim/reaper.go | 2 +- - vendor/github.com/containerd/go-runc/runc.go | 37 ++++++++++++++++++++++------ - 2 files changed, 30 insertions(+), 9 deletions(-) - -diff --git a/runtime/v1/shim/reaper.go b/runtime/v1/shim/reaper.go -index c657397..d8e8274 100644 ---- a/runtime/v1/shim/reaper.go -+++ b/runtime/v1/shim/reaper.go -@@ -125,7 +125,7 @@ func (m *Monitor) WaitTimeout(c *exec.Cmd, ec chan runc.Exit, sec int64) (int, e - if SameProcess(c, c.Process.Pid) { - logrus.Devour(syscall.Kill(c.Process.Pid, syscall.SIGKILL)) - } -- return 0, errors.Errorf("container did not start before the specified timeout %ds for cmd(pid=%d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) -+ return 0, errors.Errorf("timeout %ds for cmd(pid=%d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) - case status := <-sch: - return status, nil - case err := <-ech: -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index 7a2a8c4..430648d 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -53,7 +53,9 @@ const ( - Text Format = "text" - // DefaultCommand is the default command for Runc - DefaultCommand = "runc" -- execTimeout = 30 -+ defaultTimeout = 30 -+ startTimeout = 120 -+ updateTimeout = 60 - ) - - var ( -@@ -99,7 +101,7 @@ func (r *Runc) List(context context.Context) ([]*Container, error) { - - // State returns the state for the container provided by id - func (r *Runc) State(context context.Context, id string) (*Container, error) { -- data, err := cmdOutput(r.command(context, "state", id), true) -+ data, err := cmdOutputTimeout(r.command(context, "state", id), true, defaultTimeout) - if err != nil { - return nil, fmt.Errorf("%s: %s", err, data) - } -@@ -199,7 +201,7 @@ func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOp - - // Start will start an already created container - func (r *Runc) Start(context context.Context, id string) error { -- return r.runOrError(r.command(context, "start", id)) -+ return r.runOrErrorTimeout(r.command(context, "start", id), startTimeout) - } - - type ExecOpts struct { -@@ -252,7 +254,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts - opts.Set(cmd) - } - if cmd.Stdout == nil && cmd.Stderr == nil { -- data, err := cmdOutputTimeout(cmd, true, execTimeout) -+ data, err := cmdOutputTimeout(cmd, true, defaultTimeout) - if err != nil { - return fmt.Errorf("%s: %s", err, data) - } -@@ -269,7 +271,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts - } - } - } -- status, err := Monitor.WaitTimeout(cmd, ec, execTimeout) -+ status, err := Monitor.WaitTimeout(cmd, ec, defaultTimeout) - if err == nil && status != 0 { - err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) - } -@@ -338,7 +340,7 @@ func (r *Runc) Kill(context context.Context, id string, sig int, opts *KillOpts) - if opts != nil { - args = append(args, opts.args()...) - } -- return r.runOrError(r.command(context, append(args, id, strconv.Itoa(sig))...)) -+ return r.runOrErrorTimeout(r.command(context, append(args, id, strconv.Itoa(sig))...), defaultTimeout) - } - - // Stats return the stats for a container like cpu, memory, and io -@@ -414,7 +416,7 @@ func (r *Runc) Resume(context context.Context, id string) error { - - // Ps lists all the processes inside the container returning their pids - func (r *Runc) Ps(context context.Context, id string) ([]int, error) { -- data, err := cmdOutput(r.command(context, "ps", "--format", "json", id), true) -+ data, err := cmdOutputTimeout(r.command(context, "ps", "--format", "json", id), true, defaultTimeout) - if err != nil { - return nil, fmt.Errorf("%s: %s", err, data) - } -@@ -604,7 +606,7 @@ func (r *Runc) Update(context context.Context, id string, resources *specs.Linux - args := []string{"update", "--resources", "-", id} - cmd := r.command(context, args...) - cmd.Stdin = buf -- return r.runOrError(cmd) -+ return r.runOrErrorTimeout(cmd, updateTimeout) - } - - var ErrParseRuncVersion = errors.New("unable to parse runc version") -@@ -705,6 +707,25 @@ func (r *Runc) runOrError(cmd *exec.Cmd) error { - return nil - } - -+func (r *Runc) runOrErrorTimeout(cmd *exec.Cmd, runTimeout int64) error { -+ if cmd.Stdout != nil || cmd.Stderr != nil { -+ ec, err := Monitor.Start(cmd) -+ if err != nil { -+ return err -+ } -+ status, err := Monitor.WaitTimeout(cmd, ec, runTimeout) -+ if err == nil && status != 0 { -+ err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) -+ } -+ return err -+ } -+ data, err := cmdOutputTimeout(cmd, true, runTimeout) -+ if err != nil { -+ return fmt.Errorf("%s: %s", err, data) -+ } -+ return nil -+} -+ - func cmdOutput(cmd *exec.Cmd, combined bool) ([]byte, error) { - b := getBuf() - defer putBuf(b) --- -1.8.3.1 - diff --git a/patch/0052-containerd-modify-runtime-root-if-containe.patch b/patch/0052-containerd-modify-runtime-root-if-containe.patch deleted file mode 100644 index 92d5a636fcba32930d52c5f0678afcd22ed46f9e..0000000000000000000000000000000000000000 --- a/patch/0052-containerd-modify-runtime-root-if-containe.patch +++ /dev/null @@ -1,266 +0,0 @@ -From 3ccf18b7d72ef484093e8a6f578ef9381418bc54 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Fri, 17 Jan 2020 07:07:34 +0800 -Subject: [PATCH] containerd: modify runtime root if container is created by - 1.11.2 - -reason:if container is created by 1.11.2, runtime root is /run/runc, -so we need to modify the root dir when this container stops first time. - -Change-Id: If30e26a719ed61be0a08344860a066ab77b4cb40 -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/runtime.go | 14 ++++--- - .../github.com/containerd/go-runc/command_linux.go | 4 +- - .../github.com/containerd/go-runc/command_other.go | 2 +- - vendor/github.com/containerd/go-runc/runc.go | 45 ++++++++++++---------- - 4 files changed, 37 insertions(+), 28 deletions(-) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index c334bf4..08e563d 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -35,6 +35,7 @@ import ( - "github.com/containerd/containerd/events" - "github.com/containerd/containerd/events/exchange" - "github.com/containerd/containerd/identifiers" -+ "github.com/containerd/containerd/legacy" - "github.com/containerd/containerd/log" - "github.com/containerd/containerd/metadata" - "github.com/containerd/containerd/mount" -@@ -521,11 +522,14 @@ func (r *Runtime) terminate(ctx context.Context, bundle *bundle, ns, id string) - }); err != nil { - log.G(ctx).WithError(err).Warnf("delete runtime state %s", id) - } -- if err := mount.Unmount(filepath.Join(bundle.path, "rootfs"), 0); err != nil { -- log.G(ctx).WithError(err).WithFields(logrus.Fields{ -- "path": bundle.path, -- "id": id, -- }).Warnf("unmount task rootfs") -+ -+ if !legacy.IsLegacy(id) { -+ if err := mount.Unmount(filepath.Join(bundle.path, "rootfs"), 0); err != nil { -+ log.G(ctx).WithError(err).WithFields(logrus.Fields{ -+ "path": bundle.path, -+ "id": id, -+ }).Warnf("unmount task rootfs") -+ } - } - return nil - } -diff --git a/vendor/github.com/containerd/go-runc/command_linux.go b/vendor/github.com/containerd/go-runc/command_linux.go -index 6ad27be..0aa6040 100644 ---- a/vendor/github.com/containerd/go-runc/command_linux.go -+++ b/vendor/github.com/containerd/go-runc/command_linux.go -@@ -31,12 +31,12 @@ func (r *Runc) isrunv() bool { - return false - } - --func (r *Runc) command(context context.Context, args ...string) *exec.Cmd { -+func (r *Runc) command(id string, context context.Context, args ...string) *exec.Cmd { - command := r.Command - if command == "" { - command = DefaultCommand - } -- cmd := exec.CommandContext(context, command, append(r.args(), args...)...) -+ cmd := exec.CommandContext(context, command, append(r.args(id), args...)...) - cmd.SysProcAttr = &syscall.SysProcAttr{ - Setpgid: r.Setpgid, - } -diff --git a/vendor/github.com/containerd/go-runc/command_other.go b/vendor/github.com/containerd/go-runc/command_other.go -index b8fd4b8..21bb699 100644 ---- a/vendor/github.com/containerd/go-runc/command_other.go -+++ b/vendor/github.com/containerd/go-runc/command_other.go -@@ -29,7 +29,7 @@ func (r *Runc) command(context context.Context, args ...string) *exec.Cmd { - if command == "" { - command = DefaultCommand - } -- cmd := exec.CommandContext(context, command, append(r.args(), args...)...) -+ cmd := exec.CommandContext(context, command, append(r.args(""), args...)...) - cmd.Env = os.Environ() - return cmd - } -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index 430648d..c1748ff 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -31,6 +31,7 @@ import ( - "syscall" - "time" - -+ "github.com/containerd/containerd/legacy" - specs "github.com/opencontainers/runtime-spec/specs-go" - "github.com/sirupsen/logrus" - ) -@@ -88,7 +89,7 @@ func init() { - - // List returns all containers created inside the provided runc root directory - func (r *Runc) List(context context.Context) ([]*Container, error) { -- data, err := cmdOutput(r.command(context, "list", "--format=json"), false) -+ data, err := cmdOutput(r.command("", context, "list", "--format=json"), false) - if err != nil { - return nil, err - } -@@ -101,7 +102,7 @@ func (r *Runc) List(context context.Context) ([]*Container, error) { - - // State returns the state for the container provided by id - func (r *Runc) State(context context.Context, id string) (*Container, error) { -- data, err := cmdOutputTimeout(r.command(context, "state", id), true, defaultTimeout) -+ data, err := cmdOutputTimeout(r.command(id, context, "state", id), true, defaultTimeout) - if err != nil { - return nil, fmt.Errorf("%s: %s", err, data) - } -@@ -168,7 +169,7 @@ func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOp - } - args = append(args, oargs...) - } -- cmd := r.command(context, append(args, id)...) -+ cmd := r.command(id, context, append(args, id)...) - if opts != nil && opts.IO != nil { - opts.Set(cmd) - } -@@ -201,7 +202,7 @@ func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOp - - // Start will start an already created container - func (r *Runc) Start(context context.Context, id string) error { -- return r.runOrErrorTimeout(r.command(context, "start", id), startTimeout) -+ return r.runOrErrorTimeout(r.command(id, context, "start", id), startTimeout) - } - - type ExecOpts struct { -@@ -249,7 +250,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts - } - args = append(args, oargs...) - } -- cmd := r.command(context, append(args, id)...) -+ cmd := r.command(id, context, append(args, id)...) - if opts != nil && opts.IO != nil { - opts.Set(cmd) - } -@@ -289,7 +290,7 @@ func (r *Runc) Run(context context.Context, id, bundle string, opts *CreateOpts) - } - args = append(args, oargs...) - } -- cmd := r.command(context, append(args, id)...) -+ cmd := r.command(id, context, append(args, id)...) - if opts != nil && opts.IO != nil { - opts.Set(cmd) - } -@@ -317,7 +318,7 @@ func (r *Runc) Delete(context context.Context, id string, opts *DeleteOpts) erro - if opts != nil { - args = append(args, opts.args()...) - } -- return r.runOrError(r.command(context, append(args, id)...)) -+ return r.runOrError(r.command(id, context, append(args, id)...)) - } - - // KillOpts specifies options for killing a container and its processes -@@ -340,12 +341,12 @@ func (r *Runc) Kill(context context.Context, id string, sig int, opts *KillOpts) - if opts != nil { - args = append(args, opts.args()...) - } -- return r.runOrErrorTimeout(r.command(context, append(args, id, strconv.Itoa(sig))...), defaultTimeout) -+ return r.runOrErrorTimeout(r.command(id, context, append(args, id, strconv.Itoa(sig))...), defaultTimeout) - } - - // Stats return the stats for a container like cpu, memory, and io - func (r *Runc) Stats(context context.Context, id string) (*Stats, error) { -- cmd := r.command(context, "events", "--stats", id) -+ cmd := r.command(id, context, "events", "--stats", id) - rd, err := cmd.StdoutPipe() - if err != nil { - return nil, err -@@ -367,7 +368,7 @@ func (r *Runc) Stats(context context.Context, id string) (*Stats, error) { - - // Events returns an event stream from runc for a container with stats and OOM notifications - func (r *Runc) Events(context context.Context, id string, interval time.Duration) (chan *Event, error) { -- cmd := r.command(context, "events", fmt.Sprintf("--interval=%ds", int(interval.Seconds())), id) -+ cmd := r.command(id, context, "events", fmt.Sprintf("--interval=%ds", int(interval.Seconds())), id) - rd, err := cmd.StdoutPipe() - if err != nil { - return nil, err -@@ -406,17 +407,17 @@ func (r *Runc) Events(context context.Context, id string, interval time.Duration - - // Pause the container with the provided id - func (r *Runc) Pause(context context.Context, id string) error { -- return r.runOrError(r.command(context, "pause", id)) -+ return r.runOrError(r.command(id, context, "pause", id)) - } - - // Resume the container with the provided id - func (r *Runc) Resume(context context.Context, id string) error { -- return r.runOrError(r.command(context, "resume", id)) -+ return r.runOrError(r.command(id, context, "resume", id)) - } - - // Ps lists all the processes inside the container returning their pids - func (r *Runc) Ps(context context.Context, id string) ([]int, error) { -- data, err := cmdOutputTimeout(r.command(context, "ps", "--format", "json", id), true, defaultTimeout) -+ data, err := cmdOutputTimeout(r.command(id, context, "ps", "--format", "json", id), true, defaultTimeout) - if err != nil { - return nil, fmt.Errorf("%s: %s", err, data) - } -@@ -429,7 +430,7 @@ func (r *Runc) Ps(context context.Context, id string) ([]int, error) { - - // Top lists all the processes inside the container returning the full ps data - func (r *Runc) Top(context context.Context, id string, psOptions string) (*TopResults, error) { -- data, err := cmdOutput(r.command(context, "ps", "--format", "table", id, psOptions), true) -+ data, err := cmdOutput(r.command(id, context, "ps", "--format", "table", id, psOptions), true) - if err != nil { - return nil, fmt.Errorf("%s: %s", err, data) - } -@@ -528,7 +529,7 @@ func (r *Runc) Checkpoint(context context.Context, id string, opts *CheckpointOp - for _, a := range actions { - args = a(args) - } -- return r.runOrError(r.command(context, append(args, id)...)) -+ return r.runOrError(r.command(id, context, append(args, id)...)) - } - - type RestoreOpts struct { -@@ -577,7 +578,7 @@ func (r *Runc) Restore(context context.Context, id, bundle string, opts *Restore - args = append(args, oargs...) - } - args = append(args, "--bundle", bundle) -- cmd := r.command(context, append(args, id)...) -+ cmd := r.command(id, context, append(args, id)...) - if opts != nil && opts.IO != nil { - opts.Set(cmd) - } -@@ -604,7 +605,7 @@ func (r *Runc) Update(context context.Context, id string, resources *specs.Linux - return err - } - args := []string{"update", "--resources", "-", id} -- cmd := r.command(context, args...) -+ cmd := r.command(id, context, args...) - cmd.Stdin = buf - return r.runOrErrorTimeout(cmd, updateTimeout) - } -@@ -619,7 +620,7 @@ type Version struct { - - // Version returns the runc and runtime-spec versions - func (r *Runc) Version(context context.Context) (Version, error) { -- data, err := cmdOutput(r.command(context, "--version"), false) -+ data, err := cmdOutput(r.command("", context, "--version"), false) - if err != nil { - return Version{}, err - } -@@ -658,9 +659,13 @@ func parseVersion(data []byte) (Version, error) { - return v, nil - } - --func (r *Runc) args() (out []string) { -+func (r *Runc) args(id string) (out []string) { - if r.Root != "" { -- out = append(out, "--root", r.Root) -+ if id != "" && legacy.IsLegacy(id) { -+ out = append(out, "--root", "/run/runc") -+ } else { -+ out = append(out, "--root", r.Root) -+ } - } - if r.Debug { - out = append(out, "--debug") --- -1.8.3.1 - diff --git a/patch/0053-containerd-add-pid-check-to-avoid-poststop-ho.patch b/patch/0053-containerd-add-pid-check-to-avoid-poststop-ho.patch deleted file mode 100644 index fddaf5679877df373593fc5bbc3d88aa9323c2d8..0000000000000000000000000000000000000000 --- a/patch/0053-containerd-add-pid-check-to-avoid-poststop-ho.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 489f69209650aa743ffd6e53571b822ad0b63c2d Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Sat, 18 Jan 2020 04:18:22 +0800 -Subject: [PATCH] containerd: add pid check to avoid poststop hook - execute twice - -reason:If start a container at docker 1.11.2, upgrade docker to 18.09, -downgrade to 1.11.2, stop/restart container, upgrade to 18.09 again, -poststop hook will execute again when containerd load task. -So we add pid check to avoid poststop hook execute twice. - -Change-Id: I8b88b69bfa0a4141bd9595da8ad4e786666e114b -Signed-off-by: xiadanni1 ---- - legacy/legacy.go | 21 +++++++++++++++++++++ - runtime/v1/linux/runtime.go | 10 ++++++---- - 2 files changed, 27 insertions(+), 4 deletions(-) - -diff --git a/legacy/legacy.go b/legacy/legacy.go -index 219508c..644f94a 100644 ---- a/legacy/legacy.go -+++ b/legacy/legacy.go -@@ -44,6 +44,25 @@ func IsLegacy(id string) bool { - return false - } - -+func IsSamePid(id string) bool { -+ pid120, err := ioutil.ReadFile(filepath.Join(Config120, id, "init.pid")) -+ if err != nil { -+ logrus.Infof("read 1.2.0 init.pid file error: %v", err) -+ return false -+ } -+ pid028, err := ioutil.ReadFile(filepath.Join(State028, id, "init", "pid")) -+ if err != nil { -+ logrus.Infof("read 0.2.8 pid file error: %v", err) -+ return false -+ } -+ logrus.Infof("pid1.2.0: %v, pid0.2.8: %v", string(pid120), string(pid028)) -+ if string(pid120) != string(pid028) { -+ return false -+ } -+ -+ return true -+} -+ - // IsRunning is used to detect whether legacy container is running. - func IsRunning(id string) bool { - path := State028 + id + "/init/pid" -@@ -111,6 +130,8 @@ func InitBundle(root string, id string) error { - logrus.Devour(err) - _, err = CopyFile(Config120+id+"/init.pid", State028+id+"/init/pid") - logrus.Devour(err) -+ _, err = CopyFile(Config120+id+"/starttime", State028+id+"/init/starttime") -+ logrus.Devour(err) - return nil - } - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 08e563d..96ad815 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -517,10 +517,12 @@ func (r *Runtime) terminate(ctx context.Context, bundle *bundle, ns, id string) - return err - } - -- if err := rt.Delete(ctx, id, &runc.DeleteOpts{ -- Force: true, -- }); err != nil { -- log.G(ctx).WithError(err).Warnf("delete runtime state %s", id) -+ if !legacy.IsLegacy(id) || legacy.IsSamePid(id) { -+ if err := rt.Delete(ctx, id, &runc.DeleteOpts{ -+ Force: true, -+ }); err != nil { -+ log.G(ctx).WithError(err).Warnf("delete runtime state %s", id) -+ } - } - - if !legacy.IsLegacy(id) { --- -1.8.3.1 - diff --git a/patch/0054-containerd-clean-up-residual-container.patch b/patch/0054-containerd-clean-up-residual-container.patch deleted file mode 100644 index 645b90f7bd849939344c878f9850c7a59b6814ee..0000000000000000000000000000000000000000 --- a/patch/0054-containerd-clean-up-residual-container.patch +++ /dev/null @@ -1,100 +0,0 @@ -From a2310cbcff07f660b8d17584f687561b64bf27ad Mon Sep 17 00:00:00 2001 -From: zhangtianyang -Date: Thu, 27 Feb 2020 16:51:59 +0800 -Subject: [PATCH] containerd: clean up residual container after - shim abnormal exit - -reason:from update/revert test an occasional failure has been found that -shim process has exited but container is still running, then following exec -call all report ttrpc close error. -the triggering condition is uncertain. this patch will make up the clean -work of the residual container after such failure occurred to avoid -subsequent call errors. - -Change-Id: I0da9d4e46010cbe58f2fda21895caeb301936c47 -Signed-off-by: zhangtianyang ---- - runtime/v1/linux/runtime.go | 11 +++++++++++ - services/tasks/local.go | 25 +++++++++++++++++++++++++ - 2 files changed, 36 insertions(+) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 96ad815..47a0cb6 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -511,6 +511,17 @@ func (r *Runtime) cleanupAfterDeadShim(ctx context.Context, bundle *bundle, ns, - return nil - } - -+func (r *Runtime) CleanupAfterDeadShim(ctx context.Context, ns, id string) error { -+ bund := &bundle{id: id, -+ path: filepath.Join(r.state, ns, id), -+ workDir: filepath.Join(r.root, ns, id)} -+ pid, err := runc.ReadPidFile(filepath.Join(bund.path, proc.InitPidFile)) -+ if err != nil { -+ return fmt.Errorf("failed to read pid from %s", proc.InitPidFile) -+ } -+ return r.cleanupAfterDeadShim(ctx, bund, ns, id, pid) -+} -+ - func (r *Runtime) terminate(ctx context.Context, bundle *bundle, ns, id string) error { - rt, err := r.getRuntime(ctx, ns, id) - if err != nil { -diff --git a/services/tasks/local.go b/services/tasks/local.go -index 990e841..9818971 100644 ---- a/services/tasks/local.go -+++ b/services/tasks/local.go -@@ -24,6 +24,7 @@ import ( - "io/ioutil" - "os" - "path/filepath" -+ "strings" - "time" - - api "github.com/containerd/containerd/api/services/tasks/v1" -@@ -41,6 +42,7 @@ import ( - "github.com/containerd/containerd/mount" - "github.com/containerd/containerd/plugin" - "github.com/containerd/containerd/runtime" -+ "github.com/containerd/containerd/runtime/v1/linux" - "github.com/containerd/containerd/runtime/v2" - "github.com/containerd/containerd/services" - "github.com/containerd/typeurl" -@@ -383,11 +385,34 @@ func (l *local) Kill(ctx context.Context, r *api.KillRequest, _ ...grpc.CallOpti - } - } - if err := p.Kill(ctx, r.Signal, r.All); err != nil { -+ if (r.Signal == 9 || r.Signal == 15) && strings.Contains(err.Error(), "ttrpc: client shutting down") { -+ // not sure under what conditions will cause such ttrpc error. since the error has -+ // happened, we have to make up the clean up work to avoid container residue. -+ cleanErr := l.cleanupResidualContainer(ctx, r, t.Namespace()) -+ log.G(ctx).WithField("clean error", cleanErr).Warnf( -+ "previous actions might encounter failure, try clean up the dead container.") -+ } - return nil, errdefs.ToGRPC(err) - } - return empty, nil - } - -+func (l *local) cleanupResidualContainer(ctx context.Context, r *api.KillRequest, namespace string) error { -+ container, err := l.getContainer(ctx, r.ContainerID) -+ if err != nil { -+ return fmt.Errorf("failed to get container %s, %v", r.ContainerID, err) -+ } -+ rt, err := l.getRuntime(container.Runtime.Name) -+ if err != nil { -+ return fmt.Errorf("failed to get runtime %s, %v", container.Runtime.Name, err) -+ } -+ lRuntime, ok := rt.(*linux.Runtime) -+ if !ok { -+ return fmt.Errorf("no clean work for runtime other than linux ones") -+ } -+ return lRuntime.CleanupAfterDeadShim(ctx, namespace, r.ContainerID) -+} -+ - func (l *local) ListPids(ctx context.Context, r *api.ListPidsRequest, _ ...grpc.CallOption) (*api.ListPidsResponse, error) { - t, err := l.getTask(ctx, r.ContainerID) - if err != nil { --- -1.8.3.1 - diff --git a/patch/0055-containerd-add-LLT-for-containerd-shim-timeou.patch b/patch/0055-containerd-add-LLT-for-containerd-shim-timeou.patch deleted file mode 100644 index 0daafda48fc514f6680e3008659324dddf77bb8c..0000000000000000000000000000000000000000 --- a/patch/0055-containerd-add-LLT-for-containerd-shim-timeou.patch +++ /dev/null @@ -1,115 +0,0 @@ -From 47e981ebb8996e432968ed68f08e3fc108210cd4 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Tue, 3 Mar 2020 06:29:56 +0800 -Subject: [PATCH 1/2] containerd:add LLT for containerd-shim timeout - requirement - -reason:add LLT testcases for containerd-shim timeout requirement. - -Change-Id: If422542b72f3550d86a6eba6b19d0cdea2d2a660 -Signed-off-by: xiadanni1 - ---- - vendor/github.com/containerd/go-runc/runc_test.go | 90 +++++++++++++++++++++++ - 1 file changed, 90 insertions(+) - create mode 100644 vendor/github.com/containerd/go-runc/runc_test.go - -diff --git a/vendor/github.com/containerd/go-runc/runc_test.go b/vendor/github.com/containerd/go-runc/runc_test.go -new file mode 100644 -index 0000000..8f9212d ---- /dev/null -+++ b/vendor/github.com/containerd/go-runc/runc_test.go -@@ -0,0 +1,90 @@ -+package runc -+ -+import ( -+ "context" -+ "os" -+ "os/exec" -+ "testing" -+ -+ specs "github.com/opencontainers/runtime-spec/specs-go" -+) -+ -+func TestRuncCommandInvoke(t *testing.T) { -+ rc := &Runc{ -+ Command: "/bin/true", -+ } -+ ctx := context.Background() -+ id := "containerid" -+ bundle := "bundlepath" -+ -+ createOpts := CreateOpts{} -+ err := rc.Create(ctx, id, bundle, &createOpts) -+ if err != nil { -+ t.Errorf("Create command invoke error, %v", err) -+ } -+ -+ err = rc.Start(ctx, id) -+ if err != nil { -+ t.Errorf("Start command invoke error, %v", err) -+ } -+ -+ execSpec := specs.Process{} -+ nullIO, _ := NewNullIO() -+ execOpts := ExecOpts{IO: nullIO} -+ err = rc.Exec(ctx, id, execSpec, &execOpts) -+ if err != nil { -+ t.Errorf("Exec command invoke error, %v", err) -+ } -+ -+ execOptsnil := ExecOpts{} -+ err = rc.Exec(ctx, id, execSpec, &execOptsnil) -+ if err != nil { -+ t.Errorf("Exec command invoke error, %v", err) -+ } -+ -+ killOpts := KillOpts{} -+ err = rc.Kill(ctx, id, 9, &killOpts) -+ if err != nil { -+ t.Errorf("Kill command invoke error, %v", err) -+ } -+ -+ resource := specs.LinuxResources{} -+ err = rc.Update(ctx, id, &resource) -+ if err != nil { -+ t.Errorf("Update command invoke error, %v", err) -+ } -+ -+ _, err = rc.State(ctx, id) -+ if err == nil { -+ t.Errorf("State command invoke should return error") -+ } -+ -+ _, err = rc.Ps(ctx, id) -+ if err == nil { -+ t.Errorf("Ps command invoke should return error") -+ } -+} -+ -+func TestRunOrErrorTimeout(t *testing.T) { -+ rc := &Runc{} -+ -+ cmd := exec.Cmd{Path: "/bin/bash2"} -+ cmd.Stdout = os.Stdout -+ err := rc.runOrErrorTimeout(&cmd, 10) -+ if err == nil { -+ t.Errorf("runOrErrorTimeout should return error") -+ } -+ -+ cmd = exec.Cmd{Path: "/usr/bin/sleep", Args: []string{"2"}} -+ cmd.Stdout = os.Stdout -+ rc.runOrErrorTimeout(&cmd, 1) -+ if err == nil { -+ t.Errorf("runOrErrorTimeout should return error") -+ } -+ -+ cmd = exec.Cmd{Path: "/usr/bin/sleep", Args: []string{"2"}} -+ rc.runOrErrorTimeout(&cmd, 1) -+ if err == nil { -+ t.Errorf("runOrErrorTimeout should return error") -+ } -+} --- -1.8.3.1 - diff --git a/patch/0056-containerd-save-dumpstack-to-file.patch b/patch/0056-containerd-save-dumpstack-to-file.patch deleted file mode 100644 index 2a67217c00cbaaec3f946c6bf7c7866043bb60b4..0000000000000000000000000000000000000000 --- a/patch/0056-containerd-save-dumpstack-to-file.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 7db93cf813023f2a5ac209617aaae5c3f5c202d5 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Tue, 3 Mar 2020 09:01:22 +0800 -Subject: [PATCH] containerd:save dumpstack to file - -Change-Id: I54a41a13b4523de279337a9ff208347859c0fb4d -Signed-off-by: xiadanni1 ---- - cmd/containerd/command/main_unix.go | 5 +++++ - runtime/v1/linux/runtime.go | 1 + - 2 files changed, 6 insertions(+) - -diff --git a/cmd/containerd/command/main_unix.go b/cmd/containerd/command/main_unix.go -index 12c1426..2f9398f 100644 ---- a/cmd/containerd/command/main_unix.go -+++ b/cmd/containerd/command/main_unix.go -@@ -20,8 +20,12 @@ package command - - import ( - "context" -+ "fmt" -+ "io/ioutil" - "os" - "runtime" -+ "strings" -+ "time" - - "github.com/containerd/containerd/log" - "github.com/containerd/containerd/services/server" -@@ -79,5 +83,6 @@ func dumpStacks() { - bufferLen *= 2 - } - buf = buf[:stackSize] -+ logrus.Devour(ioutil.WriteFile(fmt.Sprintf("/var/run/docker/containerd/containerd-stacks-%s.log", strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)), buf, 0600)) - logrus.Infof("=== BEGIN goroutine stack dump ===\n%s\n=== END goroutine stack dump ===", buf) - } -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 47a0cb6..5be785d 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -481,6 +481,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - } - - func (r *Runtime) cleanupAfterDeadShim(ctx context.Context, bundle *bundle, ns, id string, pid int) error { -+ logrus.Infof("cleanup dead shim(legacy=%t): %s %d", legacy.IsLegacy(id), id, pid) - ctx = namespaces.WithNamespace(ctx, ns) - if err := r.terminate(ctx, bundle, ns, id); err != nil { - log.G(ctx).WithError(err).Warn("failed to terminate task") --- -1.8.3.1 - diff --git a/patch/0057-containerd-add-timeout-for-delete-command.patch b/patch/0057-containerd-add-timeout-for-delete-command.patch deleted file mode 100644 index 7a0cb9eae2e4956970b1bffdd99eed37cba0ee54..0000000000000000000000000000000000000000 --- a/patch/0057-containerd-add-timeout-for-delete-command.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 313e7f972e887c715b8feaad332ffe505653c496 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Tue, 3 Mar 2020 06:31:18 +0800 -Subject: [PATCH] containerd:add timeout for delete command - -Change-Id: I620d2f19a8ac9086b5c83792a6fe49b0389da87d -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/task.go | 2 +- - runtime/v1/shim/reaper.go | 23 +-------------- - vendor/github.com/containerd/go-runc/monitor.go | 37 +++++++++++++++++++++++-- - vendor/github.com/containerd/go-runc/runc.go | 3 +- - 4 files changed, 38 insertions(+), 27 deletions(-) - -diff --git a/runtime/v1/linux/task.go b/runtime/v1/linux/task.go -index d2bbb76..d200e9d 100644 ---- a/runtime/v1/linux/task.go -+++ b/runtime/v1/linux/task.go -@@ -91,7 +91,7 @@ func (t *Task) Namespace() string { - func (t *Task) delete(ctx context.Context, force bool, pid uint32) (*runtime.Exit, error) { - rsp, err := t.shim.Delete(ctx, empty) - if err != nil { -- log.G(ctx).WithError(err).Error("failed to delete container, force=%t", force) -+ log.G(ctx).WithError(err).Errorf("failed to delete container, force=%t", force) - } - t.tasks.Delete(ctx, t.id) - if err := t.shim.KillShim(ctx); err != nil { -diff --git a/runtime/v1/shim/reaper.go b/runtime/v1/shim/reaper.go -index d8e8274..f5f8096 100644 ---- a/runtime/v1/shim/reaper.go -+++ b/runtime/v1/shim/reaper.go -@@ -19,11 +19,7 @@ - package shim - - import ( -- "io/ioutil" - "os/exec" -- "path/filepath" -- "strconv" -- "strings" - "sync" - "syscall" - "time" -@@ -122,7 +118,7 @@ func (m *Monitor) WaitTimeout(c *exec.Cmd, ec chan runc.Exit, sec int64) (int, e - }() - select { - case <-time.After(time.Duration(sec) * time.Second): -- if SameProcess(c, c.Process.Pid) { -+ if runc.SameProcess(c, c.Process.Pid) { - logrus.Devour(syscall.Kill(c.Process.Pid, syscall.SIGKILL)) - } - return 0, errors.Errorf("timeout %ds for cmd(pid=%d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) -@@ -149,20 +145,3 @@ func (m *Monitor) Unsubscribe(c chan runc.Exit) { - close(c) - m.Unlock() - } -- --func SameProcess(cmd *exec.Cmd, pid int) bool { -- bytes, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "cmdline")) -- if err != nil { -- return false -- } -- for i := range bytes { -- if bytes[i] == 0 { -- bytes[i] = 32 -- } -- } -- cmdline := string(bytes) -- if strings.EqualFold(cmdline, strings.Join(cmd.Args, " ")+" ") { -- return true -- } -- return false --} -diff --git a/vendor/github.com/containerd/go-runc/monitor.go b/vendor/github.com/containerd/go-runc/monitor.go -index 2c184d2..bb8bbab 100644 ---- a/vendor/github.com/containerd/go-runc/monitor.go -+++ b/vendor/github.com/containerd/go-runc/monitor.go -@@ -20,6 +20,13 @@ import ( - "os/exec" - "syscall" - "time" -+ "io/ioutil" -+ "path/filepath" -+ "strconv" -+ "strings" -+ -+ "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - var Monitor ProcessMonitor = &defaultMonitor{} -@@ -77,6 +84,30 @@ func (m *defaultMonitor) Wait(c *exec.Cmd, ec chan Exit) (int, error) { - } - - func (m *defaultMonitor) WaitTimeout(c *exec.Cmd, ec chan Exit, sec int64) (int, error) { -- e := <-ec -- return e.Status, nil --} -\ No newline at end of file -+ select { -+ case <-time.After(time.Duration(sec) * time.Second): -+ if SameProcess(c, c.Process.Pid) { -+ logrus.Devour(syscall.Kill(c.Process.Pid, syscall.SIGKILL)) -+ } -+ return 0, errors.Errorf("timeout %ds for cmd(pid=%d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) -+ case e := <-ec: -+ return e.Status, nil -+ } -+} -+ -+func SameProcess(cmd *exec.Cmd, pid int) bool { -+ bytes, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "cmdline")) -+ if err != nil { -+ return false -+ } -+ for i := range bytes { -+ if bytes[i] == 0 { -+ bytes[i] = 32 -+ } -+ } -+ cmdline := string(bytes) -+ if strings.EqualFold(cmdline, strings.Join(cmd.Args, " ")+" ") { -+ return true -+ } -+ return false -+} -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index c1748ff..1c96317 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -57,6 +57,7 @@ const ( - defaultTimeout = 30 - startTimeout = 120 - updateTimeout = 60 -+ deleteTimeout = 120 - ) - - var ( -@@ -318,7 +319,7 @@ func (r *Runc) Delete(context context.Context, id string, opts *DeleteOpts) erro - if opts != nil { - args = append(args, opts.args()...) - } -- return r.runOrError(r.command(id, context, append(args, id)...)) -+ return r.runOrErrorTimeout(r.command(id, context, append(args, id)...), deleteTimeout) - } - - // KillOpts specifies options for killing a container and its processes --- -1.8.3.1 - diff --git a/patch/0058-containerd-use-git-commit-to-store-commit-ID.patch b/patch/0058-containerd-use-git-commit-to-store-commit-ID.patch deleted file mode 100644 index 8cfc1c1ef16466775739c7a6789fa270d882fa6d..0000000000000000000000000000000000000000 --- a/patch/0058-containerd-use-git-commit-to-store-commit-ID.patch +++ /dev/null @@ -1,26 +0,0 @@ -From fe8ce77e756f7f468ed65c8c42a9f91becabbf4e Mon Sep 17 00:00:00 2001 -From: liuzekun -Date: Wed, 10 Jun 2020 00:37:01 -0400 -Subject: [PATCH] containerd: use git-commit to store commit ID - -Signed-off-by: liuzekun ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index 9e7f3ae..6011aa1 100644 ---- a/Makefile -+++ b/Makefile -@@ -21,7 +21,7 @@ DESTDIR=/usr/local - - # Used to populate variables in version package. - VERSION=$(shell echo version:)$(shell grep '^Version' ${ROOTDIR}/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/').$(shell grep '^Release:' ${ROOTDIR}/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/') --REVISION=$(shell echo commit:)$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi) -+REVISION=$(shell cat ./git-commit | head -c 40) - - ifneq "$(strip $(shell command -v go 2>/dev/null))" "" - GOOS ?= $(shell go env GOOS) --- -2.19.1 - diff --git a/patch/0059-containerd-add-GO_GCFLAGS-to-containerd-shim-making.patch b/patch/0059-containerd-add-GO_GCFLAGS-to-containerd-shim-making.patch deleted file mode 100644 index 7f0bf1c2f52875f22700cf31229474b55ef41c38..0000000000000000000000000000000000000000 --- a/patch/0059-containerd-add-GO_GCFLAGS-to-containerd-shim-making.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 44079d9ee81c215d39ed81e39eb2ae31cf0ad453 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Tue, 11 Aug 2020 05:55:59 +0800 -Subject: [PATCH] add GO_GCFLAGS to containerd-shim making - -Signed-off-by: xiadanni1 ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index 6011aa1..ba512ef 100644 ---- a/Makefile -+++ b/Makefile -@@ -175,7 +175,7 @@ bin/%: cmd/% FORCE - - bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim" -- @CGO_ENABLED=0 go build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim -+ @CGO_ENABLED=0 go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim - - bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim-runc-v1" --- -1.8.3.1 - diff --git a/patch/0060-containerd-do-not-disable-cgo-in-containerd-shim-mak.patch b/patch/0060-containerd-do-not-disable-cgo-in-containerd-shim-mak.patch deleted file mode 100644 index baf09bd00bb1a933fe135f8b28d18de217f70115..0000000000000000000000000000000000000000 --- a/patch/0060-containerd-do-not-disable-cgo-in-containerd-shim-mak.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 6523d7e39a9bb45be632ff114c64329f43e1499a Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Wed, 12 Aug 2020 01:52:16 +0800 -Subject: [PATCH] containerd: do not disable cgo in containerd-shim making - -reason: for debuginfo - -Signed-off-by: xiadanni1 ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index ba512ef..f69559b 100644 ---- a/Makefile -+++ b/Makefile -@@ -175,7 +175,7 @@ bin/%: cmd/% FORCE - - bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim" -- @CGO_ENABLED=0 go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim -+ go build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim - - bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim-runc-v1" --- -1.8.3.1 - diff --git a/patch/0061-containerd-check-if-bundle-exists-before-create-bund.patch b/patch/0061-containerd-check-if-bundle-exists-before-create-bund.patch deleted file mode 100644 index 2969e088bdaff0ef68d2fafac87c00ed37bf2f40..0000000000000000000000000000000000000000 --- a/patch/0061-containerd-check-if-bundle-exists-before-create-bund.patch +++ /dev/null @@ -1,66 +0,0 @@ -From c56df3dd08d709e8ee81675661527aac47a7cba2 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Fri, 6 Nov 2020 10:19:26 +0800 -Subject: [PATCH] containerd: check if bundle exists before create bundle - -reason: If container starts following tightly the last stop, bundle -directory may be deleted by the not yet completed stop, which may cause -container start fail. So we add bundle check during start to avoid this, -if bundle exists, wait for it to clean up. - -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/bundle.go | 17 ++++++++++++++++- - 1 file changed, 16 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/linux/bundle.go b/runtime/v1/linux/bundle.go -index d73866a..b4f7b4c 100644 ---- a/runtime/v1/linux/bundle.go -+++ b/runtime/v1/linux/bundle.go -@@ -23,12 +23,14 @@ import ( - "io/ioutil" - "os" - "path/filepath" -+ "time" - - "github.com/containerd/containerd/events/exchange" - "github.com/containerd/containerd/runtime/linux/runctypes" - "github.com/containerd/containerd/runtime/v1/shim" - "github.com/containerd/containerd/runtime/v1/shim/client" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - // loadBundle loads an existing bundle from disk -@@ -46,6 +48,20 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) { - return nil, err - } - path = filepath.Join(path, id) -+ workDir = filepath.Join(workDir, id) -+ -+ for waitTime := 10 * time.Millisecond; ; waitTime *= 2 { -+ if _, err = os.Stat(workDir); err != nil { -+ break -+ } -+ logrus.Debugf("bundle-check: wait time %v", waitTime) -+ if waitTime > 2*time.Second { -+ logrus.Warnf("bundle-check: waiting cleanup bundle timeout, start anyway") -+ break -+ } -+ time.Sleep(waitTime) -+ } -+ - if err := os.Mkdir(path, 0711); err != nil { - return nil, err - } -@@ -54,7 +70,6 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) { - os.RemoveAll(path) - } - }() -- workDir = filepath.Join(workDir, id) - if err := os.MkdirAll(workDir, 0711); err != nil { - return nil, err - } --- -1.8.3.1 - diff --git a/patch/0062-containerd-use-path-based-socket-for-shims.patch b/patch/0062-containerd-use-path-based-socket-for-shims.patch deleted file mode 100644 index b96cd00bc5673508ef69759e61d532ed3aa54073..0000000000000000000000000000000000000000 --- a/patch/0062-containerd-use-path-based-socket-for-shims.patch +++ /dev/null @@ -1,318 +0,0 @@ -From 4185b832a4f89e671e6ecf201d21b75d866a48e4 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 14 Nov 2020 15:55:30 +0800 -Subject: [PATCH] use path based socket for shims - -Signed-off-by: jingrui ---- - cmd/containerd-shim/main_unix.go | 16 +++-- - cmd/ctr/commands/shim/shim.go | 2 + - runtime/v1/linux/bundle.go | 37 +++++++++- - runtime/v1/shim/client/client.go | 118 ++++++++++++++++++++++++++++--- - 4 files changed, 159 insertions(+), 14 deletions(-) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index e9c14263b..3a5bb6170 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -66,7 +66,7 @@ var ( - func init() { - flag.BoolVar(&debugFlag, "debug", false, "enable debug output in logs") - flag.StringVar(&namespaceFlag, "namespace", "", "namespace that owns the shim") -- flag.StringVar(&socketFlag, "socket", "", "abstract socket path to serve") -+ flag.StringVar(&socketFlag, "socket", "", "socket path to serve") - flag.StringVar(&addressFlag, "address", "", "grpc address back to main containerd") - flag.StringVar(&workdirFlag, "workdir", "", "path used to storge large temporary data") - flag.StringVar(&runtimeRootFlag, "runtime-root", proc.RuncRoot, "root directory for the runtime") -@@ -190,10 +190,18 @@ func serve(ctx context.Context, server *ttrpc.Server, path string) error { - } - path = "[inherited from parent]" - } else { -- if len(path) > 106 { -- return errors.Errorf("%q: unix socket path too long (> 106)", path) -+ const ( -+ abstractSocketPrefix = "\x00" -+ socketPathLimit = 106 -+ ) -+ p := strings.TrimPrefix(path, "unix://") -+ if len(p) == len(path) { -+ p = abstractSocketPrefix + p - } -- l, err = net.Listen("unix", "\x00"+path) -+ if len(p) > socketPathLimit { -+ return errors.Errorf("%q: unix socket path too long (> %d)", p, socketPathLimit) -+ } -+ l, err = net.Listen("unix", p) - } - if err != nil { - return err -diff --git a/cmd/ctr/commands/shim/shim.go b/cmd/ctr/commands/shim/shim.go -index ec08cc68b..8ef068292 100644 ---- a/cmd/ctr/commands/shim/shim.go -+++ b/cmd/ctr/commands/shim/shim.go -@@ -23,6 +23,7 @@ import ( - "fmt" - "io/ioutil" - "net" -+ "strings" - - "github.com/containerd/console" - "github.com/containerd/containerd/cmd/ctr/commands" -@@ -231,6 +232,7 @@ func getTaskService(context *cli.Context) (task.TaskService, error) { - return nil, errors.New("socket path must be specified") - } - -+ bindSocket = strings.TrimPrefix(bindSocket, "unix://") - conn, err := net.Dial("unix", "\x00"+bindSocket) - if err != nil { - return nil, err -diff --git a/runtime/v1/linux/bundle.go b/runtime/v1/linux/bundle.go -index ef4200b29..0442246f9 100644 ---- a/runtime/v1/linux/bundle.go -+++ b/runtime/v1/linux/bundle.go -@@ -20,6 +20,7 @@ package linux - - import ( - "context" -+ "fmt" - "io/ioutil" - "os" - "path/filepath" -@@ -117,7 +118,7 @@ func ShimLocal(c *Config, exchange *exchange.Exchange) ShimOpt { - // ShimConnect is a ShimOpt for connecting to an existing remote shim - func ShimConnect(c *Config, onClose func()) ShimOpt { - return func(b *bundle, ns string, ropts *runctypes.RuncOptions) (shim.Config, client.Opt) { -- return b.shimConfig(ns, c, ropts), client.WithConnect(b.shimAddress(ns), onClose) -+ return b.shimConfig(ns, c, ropts), client.WithConnect(b.decideShimAddress(ns), onClose) - } - } - -@@ -129,6 +130,11 @@ func (b *bundle) NewShimClient(ctx context.Context, namespace string, getClientO - - // Delete deletes the bundle from disk - func (b *bundle) Delete() error { -+ address, _ := b.loadAddress() -+ if address != "" { -+ // we don't care about errors here -+ client.RemoveSocket(address) -+ } - err := os.RemoveAll(b.path) - if err == nil { - return os.RemoveAll(b.workDir) -@@ -141,10 +147,37 @@ func (b *bundle) Delete() error { - return errors.Wrapf(err, "Failed to remove both bundle and workdir locations: %v", err2) - } - --func (b *bundle) shimAddress(namespace string) string { -+func (b *bundle) legacyShimAddress(namespace string) string { - return filepath.Join(string(filepath.Separator), "containerd-shim", namespace, b.id, "shim.sock") - } - -+const socketRoot = "/run/containerd" -+ -+func (b *bundle) shimAddress(namespace string) string { -+ return fmt.Sprintf("unix://%s", b.shimSock()) -+} -+ -+func (b *bundle) shimSock() string { -+ return filepath.Join(socketRoot, "s", b.id) -+} -+ -+func (b *bundle) loadAddress() (string, error) { -+ addressPath := filepath.Join(b.path, "address") -+ data, err := ioutil.ReadFile(addressPath) -+ if err != nil { -+ return "", err -+ } -+ return string(data), nil -+} -+ -+func (b *bundle) decideShimAddress(namespace string) string { -+ address, err := b.loadAddress() -+ if err != nil { -+ return b.legacyShimAddress(namespace) -+ } -+ return address -+} -+ - func (b *bundle) shimConfig(namespace string, c *Config, runcOptions *runctypes.RuncOptions) shim.Config { - var ( - criuPath string -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index a4669d33c..06453b35a 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -20,11 +20,14 @@ package client - - import ( - "context" -+ "fmt" - "io" - "net" - "os" - "os/exec" -+ "path/filepath" - "runtime" -+ "strconv" - "strings" - "sync" - "syscall" -@@ -55,9 +58,17 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - return func(ctx context.Context, config shim.Config) (_ shimapi.ShimService, _ io.Closer, err error) { - socket, err := newSocket(address) - if err != nil { -- return nil, nil, err -+ if !eaddrinuse(err) { -+ return nil, nil, err -+ } -+ if err := RemoveSocket(address); err != nil { -+ return nil, nil, errors.Wrap(err, "remove already used socket") -+ } -+ if socket, err = newSocket(address); err != nil { -+ return nil, nil, err -+ } - } -- defer socket.Close() -+ - f, err := socket.File() - if err != nil { - return nil, nil, errors.Wrapf(err, "failed to get fd for socket %s", address) -@@ -102,12 +113,22 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - if stderrLog != nil { - stderrLog.Close() - } -+ socket.Close() -+ RemoveSocket(address) - }() - log.G(ctx).WithFields(logrus.Fields{ - "pid": cmd.Process.Pid, - "address": address, - "debug": debug, - }).Infof("shim %s started", binary) -+ -+ if err := writeFile(filepath.Join(config.Path, "address"), address); err != nil { -+ return nil, nil, err -+ } -+ if err := writeFile(filepath.Join(config.Path, "shim.pid"), strconv.Itoa(cmd.Process.Pid)); err != nil { -+ return nil, nil, err -+ } -+ - // set shim in cgroup if it is provided - if cgroup != "" { - if err := setCgroup(cgroup, cmd); err != nil { -@@ -170,25 +191,106 @@ func newCommand(binary, daemonAddress string, debug bool, config shim.Config, so - return cmd, nil - } - -+// writeFile writes a address file atomically -+func writeFile(path, address string) error { -+ path, err := filepath.Abs(path) -+ if err != nil { -+ return err -+ } -+ tempPath := filepath.Join(filepath.Dir(path), fmt.Sprintf(".%s", filepath.Base(path))) -+ f, err := os.OpenFile(tempPath, os.O_RDWR|os.O_CREATE|os.O_EXCL|os.O_SYNC, 0666) -+ if err != nil { -+ return err -+ } -+ _, err = f.WriteString(address) -+ f.Close() -+ if err != nil { -+ return err -+ } -+ return os.Rename(tempPath, path) -+} -+ -+const ( -+ abstractSocketPrefix = "\x00" -+ socketPathLimit = 106 -+) -+ -+func eaddrinuse(err error) bool { -+ cause := errors.Cause(err) -+ netErr, ok := cause.(*net.OpError) -+ if !ok { -+ return false -+ } -+ if netErr.Op != "listen" { -+ return false -+ } -+ syscallErr, ok := netErr.Err.(*os.SyscallError) -+ if !ok { -+ return false -+ } -+ errno, ok := syscallErr.Err.(syscall.Errno) -+ if !ok { -+ return false -+ } -+ return errno == syscall.EADDRINUSE -+} -+ -+type socket string -+ -+func (s socket) isAbstract() bool { -+ return !strings.HasPrefix(string(s), "unix://") -+} -+ -+func (s socket) path() string { -+ path := strings.TrimPrefix(string(s), "unix://") -+ // if there was no trim performed, we assume an abstract socket -+ if len(path) == len(s) { -+ path = abstractSocketPrefix + path -+ } -+ return path -+} -+ - func newSocket(address string) (*net.UnixListener, error) { -- if len(address) > 106 { -- return nil, errors.Errorf("%q: unix socket path too long (> 106)", address) -+ if len(address) > socketPathLimit { -+ return nil, errors.Errorf("%q: unix socket path too long (> %d)", address, socketPathLimit) -+ } -+ var ( -+ sock = socket(address) -+ path = sock.path() -+ ) -+ if !sock.isAbstract() { -+ if err := os.MkdirAll(filepath.Dir(path), 0600); err != nil { -+ return nil, errors.Wrapf(err, "%s", path) -+ } - } -- l, err := net.Listen("unix", "\x00"+address) -+ l, err := net.Listen("unix", path) - if err != nil { -- return nil, errors.Wrapf(err, "failed to listen to abstract unix socket %q", address) -+ return nil, errors.Wrapf(err, "failed to listen to unix socket %q (abstract: %t)", address, sock.isAbstract()) -+ } -+ if err := os.Chmod(path, 0600); err != nil { -+ l.Close() -+ return nil, err - } - - return l.(*net.UnixListener), nil - } - -+// RemoveSocket removes the socket at the specified address if -+// it exists on the filesystem -+func RemoveSocket(address string) error { -+ sock := socket(address) -+ if !sock.isAbstract() { -+ return os.Remove(sock.path()) -+ } -+ return nil -+} -+ - func connect(address string, d func(string, time.Duration) (net.Conn, error)) (net.Conn, error) { - return d(address, 100*time.Second) - } - - func annonDialer(address string, timeout time.Duration) (net.Conn, error) { -- address = strings.TrimPrefix(address, "unix://") -- return net.DialTimeout("unix", "\x00"+address, timeout) -+ return net.DialTimeout("unix", socket(address).path(), timeout) - } - - // WithConnect connects to an existing shim --- -2.17.1 - diff --git a/patch/0063-containerd-kill-init-directly-if-runtime-kill-failed.patch b/patch/0063-containerd-kill-init-directly-if-runtime-kill-failed.patch deleted file mode 100644 index a3e9bfcd69947ce46f6683e04972deb9fbe577ff..0000000000000000000000000000000000000000 --- a/patch/0063-containerd-kill-init-directly-if-runtime-kill-failed.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 3ec035244d33b4cb64adacb8133ae3e204cae55f Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Thu, 19 Nov 2020 15:49:53 +0800 -Subject: [PATCH] containerd: kill init directly if runtime kill failed - -Change-Id: I80a1c0c4f88530fe9732e6e9a2d1fb222ece118c -Signed-off-by: jingrui ---- - runtime/v1/shim/service.go | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index beb0ed8d5..7e07ab011 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -49,6 +49,7 @@ import ( - specs "github.com/opencontainers/runtime-spec/specs-go" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" -+ "golang.org/x/sys/unix" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - ) -@@ -390,6 +391,10 @@ func (s *Service) Kill(ctx context.Context, r *shimapi.KillRequest) (*ptypes.Emp - time.Sleep(10 * time.Second) - err := p.Kill(ctx, r.Signal, r.All) - logrus.Infof("delay kill %s retry %d error=%v", s.id, i, err) -+ if err != nil { -+ err := unix.Kill(p.Pid(), syscall.SIGKILL) -+ logrus.Infof("delay kill-direct %s retry %d error=%v", s.id, i, err) -+ } - } - - logrus.Infof("force exit shim %s ...", s.id) --- -2.17.1 - diff --git a/patch/0064-containerd-add-sys-symbol-to-support-riscv.patch b/patch/0064-containerd-add-sys-symbol-to-support-riscv.patch deleted file mode 100644 index 3665d97c26d01b950c75c980ba5a6bc550b40fe1..0000000000000000000000000000000000000000 --- a/patch/0064-containerd-add-sys-symbol-to-support-riscv.patch +++ /dev/null @@ -1,7977 +0,0 @@ -From 7414e986b522f84f8a4bebefe2e23b02a94dbb38 Mon Sep 17 00:00:00 2001 -From: yangyanchao -Date: Tue, 15 Dec 2020 03:24:35 +0000 -Subject: [PATCH 1/2] containerd-add-sys-symbol-to-support-riscv - ---- - .../golang.org/x/sys/unix/asm_linux_riscv64.s | 26 + - .../x/sys/unix/syscall_linux_riscv64.go | 226 ++ - .../x/sys/unix/zerrors_linux_riscv64.go | 2826 +++++++++++++++++ - .../x/sys/unix/zsyscall_linux_riscv64.go | 2217 +++++++++++++ - .../x/sys/unix/zsysnum_linux_riscv64.go | 289 ++ - .../x/sys/unix/ztypes_linux_riscv64.go | 2334 ++++++++++++++ - 6 files changed, 7918 insertions(+) - create mode 100644 vendor/golang.org/x/sys/unix/asm_linux_riscv64.s - create mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go - create mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go - create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go - create mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go - create mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go - -diff --git a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s -new file mode 100644 -index 0000000..5b740f7 ---- /dev/null -+++ b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s -@@ -0,0 +1,26 @@ -+// Copyright 2019 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// +build riscv64,!gccgo -+ -+#include "textflag.h" -+ -+// -+// System calls for linux/riscv64. -+// -+// Where available, just jump to package syscall's implementation of -+// these functions. -+ -+TEXT ·Syscall(SB),NOSPLIT,$0-56 -+ JMP syscall·Syscall(SB) -+ -+TEXT ·Syscall6(SB),NOSPLIT,$0-80 -+ JMP syscall·Syscall6(SB) -+ -+TEXT ·RawSyscall(SB),NOSPLIT,$0-56 -+ JMP syscall·RawSyscall(SB) -+ -+TEXT ·RawSyscall6(SB),NOSPLIT,$0-80 -+ JMP syscall·RawSyscall6(SB) -+ -diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go -new file mode 100644 -index 0000000..6230f64 ---- /dev/null -+++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go -@@ -0,0 +1,226 @@ -+// Copyright 2018 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// +build riscv64,linux -+ -+package unix -+ -+import "unsafe" -+ -+func EpollCreate(size int) (fd int, err error) { -+ if size <= 0 { -+ return -1, EINVAL -+ } -+ return EpollCreate1(0) -+} -+ -+//sys EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) = SYS_EPOLL_PWAIT -+//sys Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64 -+//sys Fchown(fd int, uid int, gid int) (err error) -+//sys Fstat(fd int, stat *Stat_t) (err error) -+//sys Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) -+//sys Fstatfs(fd int, buf *Statfs_t) (err error) -+//sys Ftruncate(fd int, length int64) (err error) -+//sysnb Getegid() (egid int) -+//sysnb Geteuid() (euid int) -+//sysnb Getgid() (gid int) -+//sysnb Getrlimit(resource int, rlim *Rlimit) (err error) -+//sysnb Getuid() (uid int) -+//sys Listen(s int, n int) (err error) -+//sys Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 -+//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 -+//sys Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK -+ -+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) { -+ var ts *Timespec -+ if timeout != nil { -+ ts = &Timespec{Sec: timeout.Sec, Nsec: timeout.Usec * 1000} -+ } -+ return Pselect(nfd, r, w, e, ts, nil) -+} -+ -+//sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) -+//sys Setfsgid(gid int) (err error) -+//sys Setfsuid(uid int) (err error) -+//sysnb Setregid(rgid int, egid int) (err error) -+//sysnb Setresgid(rgid int, egid int, sgid int) (err error) -+//sysnb Setresuid(ruid int, euid int, suid int) (err error) -+//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) -+//sysnb Setreuid(ruid int, euid int) (err error) -+//sys Shutdown(fd int, how int) (err error) -+//sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) -+ -+func Stat(path string, stat *Stat_t) (err error) { -+ return Fstatat(AT_FDCWD, path, stat, 0) -+} -+ -+func Lchown(path string, uid int, gid int) (err error) { -+ return Fchownat(AT_FDCWD, path, uid, gid, AT_SYMLINK_NOFOLLOW) -+} -+ -+func Lstat(path string, stat *Stat_t) (err error) { -+ return Fstatat(AT_FDCWD, path, stat, AT_SYMLINK_NOFOLLOW) -+} -+ -+//sys Statfs(path string, buf *Statfs_t) (err error) -+//sys SyncFileRange(fd int, off int64, n int64, flags int) (err error) -+//sys Truncate(path string, length int64) (err error) -+ -+func Ustat(dev int, ubuf *Ustat_t) (err error) { -+ return ENOSYS -+} -+ -+//sys accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) -+//sys accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) -+//sys bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) -+//sys connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) -+//sysnb getgroups(n int, list *_Gid_t) (nn int, err error) -+//sysnb setgroups(n int, list *_Gid_t) (err error) -+//sys getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) -+//sys setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) -+//sysnb socket(domain int, typ int, proto int) (fd int, err error) -+//sysnb socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) -+//sysnb getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) -+//sysnb getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) -+//sys recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) -+//sys sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) -+//sys recvmsg(s int, msg *Msghdr, flags int) (n int, err error) -+//sys sendmsg(s int, msg *Msghdr, flags int) (n int, err error) -+//sys mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) -+ -+//sysnb Gettimeofday(tv *Timeval) (err error) -+ -+func setTimespec(sec, nsec int64) Timespec { -+ return Timespec{Sec: sec, Nsec: nsec} -+} -+ -+func setTimeval(sec, usec int64) Timeval { -+ return Timeval{Sec: sec, Usec: usec} -+} -+ -+func futimesat(dirfd int, path string, tv *[2]Timeval) (err error) { -+ if tv == nil { -+ return utimensat(dirfd, path, nil, 0) -+ } -+ -+ ts := []Timespec{ -+ NsecToTimespec(TimevalToNsec(tv[0])), -+ NsecToTimespec(TimevalToNsec(tv[1])), -+ } -+ return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0) -+} -+ -+func Time(t *Time_t) (Time_t, error) { -+ var tv Timeval -+ err := Gettimeofday(&tv) -+ if err != nil { -+ return 0, err -+ } -+ if t != nil { -+ *t = Time_t(tv.Sec) -+ } -+ return Time_t(tv.Sec), nil -+} -+ -+func Utime(path string, buf *Utimbuf) error { -+ tv := []Timeval{ -+ {Sec: buf.Actime}, -+ {Sec: buf.Modtime}, -+ } -+ return Utimes(path, tv) -+} -+ -+func utimes(path string, tv *[2]Timeval) (err error) { -+ if tv == nil { -+ return utimensat(AT_FDCWD, path, nil, 0) -+ } -+ -+ ts := []Timespec{ -+ NsecToTimespec(TimevalToNsec(tv[0])), -+ NsecToTimespec(TimevalToNsec(tv[1])), -+ } -+ return utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0) -+} -+ -+func Pipe(p []int) (err error) { -+ if len(p) != 2 { -+ return EINVAL -+ } -+ var pp [2]_C_int -+ err = pipe2(&pp, 0) -+ p[0] = int(pp[0]) -+ p[1] = int(pp[1]) -+ return -+} -+ -+//sysnb pipe2(p *[2]_C_int, flags int) (err error) -+ -+func Pipe2(p []int, flags int) (err error) { -+ if len(p) != 2 { -+ return EINVAL -+ } -+ var pp [2]_C_int -+ err = pipe2(&pp, flags) -+ p[0] = int(pp[0]) -+ p[1] = int(pp[1]) -+ return -+} -+ -+func (r *PtraceRegs) PC() uint64 { return r.Pc } -+ -+func (r *PtraceRegs) SetPC(pc uint64) { r.Pc = pc } -+ -+func (iov *Iovec) SetLen(length int) { -+ iov.Len = uint64(length) -+} -+ -+func (msghdr *Msghdr) SetControllen(length int) { -+ msghdr.Controllen = uint64(length) -+} -+ -+func (cmsg *Cmsghdr) SetLen(length int) { -+ cmsg.Len = uint64(length) -+} -+ -+func InotifyInit() (fd int, err error) { -+ return InotifyInit1(0) -+} -+ -+func Dup2(oldfd int, newfd int) (err error) { -+ return Dup3(oldfd, newfd, 0) -+} -+ -+func Pause() error { -+ _, err := ppoll(nil, 0, nil, nil) -+ return err -+} -+ -+func Poll(fds []PollFd, timeout int) (n int, err error) { -+ var ts *Timespec -+ if timeout >= 0 { -+ ts = new(Timespec) -+ *ts = NsecToTimespec(int64(timeout) * 1e6) -+ } -+ if len(fds) == 0 { -+ return ppoll(nil, 0, ts, nil) -+ } -+ return ppoll(&fds[0], len(fds), ts, nil) -+} -+ -+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) { -+ return Renameat2(olddirfd, oldpath, newdirfd, newpath, 0) -+} -+ -+//sys kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) -+ -+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error { -+ cmdlineLen := len(cmdline) -+ if cmdlineLen > 0 { -+ // Account for the additional NULL byte added by -+ // BytePtrFromString in kexecFileLoad. The kexec_file_load -+ // syscall expects a NULL-terminated string. -+ cmdlineLen++ -+ } -+ return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags) -+} -diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go -new file mode 100644 -index 0000000..0465451 ---- /dev/null -+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go -@@ -0,0 +1,2826 @@ -+// mkerrors.sh -Wall -Werror -static -I/tmp/include -+// Code generated by the command above; see README.md. DO NOT EDIT. -+ -+// +build riscv64,linux -+ -+// Code generated by cmd/cgo -godefs; DO NOT EDIT. -+// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go -+ -+package unix -+ -+import "syscall" -+ -+const ( -+ AAFS_MAGIC = 0x5a3c69f0 -+ ADFS_SUPER_MAGIC = 0xadf5 -+ AFFS_SUPER_MAGIC = 0xadff -+ AFS_FS_MAGIC = 0x6b414653 -+ AFS_SUPER_MAGIC = 0x5346414f -+ AF_ALG = 0x26 -+ AF_APPLETALK = 0x5 -+ AF_ASH = 0x12 -+ AF_ATMPVC = 0x8 -+ AF_ATMSVC = 0x14 -+ AF_AX25 = 0x3 -+ AF_BLUETOOTH = 0x1f -+ AF_BRIDGE = 0x7 -+ AF_CAIF = 0x25 -+ AF_CAN = 0x1d -+ AF_DECnet = 0xc -+ AF_ECONET = 0x13 -+ AF_FILE = 0x1 -+ AF_IB = 0x1b -+ AF_IEEE802154 = 0x24 -+ AF_INET = 0x2 -+ AF_INET6 = 0xa -+ AF_IPX = 0x4 -+ AF_IRDA = 0x17 -+ AF_ISDN = 0x22 -+ AF_IUCV = 0x20 -+ AF_KCM = 0x29 -+ AF_KEY = 0xf -+ AF_LLC = 0x1a -+ AF_LOCAL = 0x1 -+ AF_MAX = 0x2d -+ AF_MPLS = 0x1c -+ AF_NETBEUI = 0xd -+ AF_NETLINK = 0x10 -+ AF_NETROM = 0x6 -+ AF_NFC = 0x27 -+ AF_PACKET = 0x11 -+ AF_PHONET = 0x23 -+ AF_PPPOX = 0x18 -+ AF_QIPCRTR = 0x2a -+ AF_RDS = 0x15 -+ AF_ROSE = 0xb -+ AF_ROUTE = 0x10 -+ AF_RXRPC = 0x21 -+ AF_SECURITY = 0xe -+ AF_SMC = 0x2b -+ AF_SNA = 0x16 -+ AF_TIPC = 0x1e -+ AF_UNIX = 0x1 -+ AF_UNSPEC = 0x0 -+ AF_VSOCK = 0x28 -+ AF_WANPIPE = 0x19 -+ AF_X25 = 0x9 -+ AF_XDP = 0x2c -+ ALG_OP_DECRYPT = 0x0 -+ ALG_OP_ENCRYPT = 0x1 -+ ALG_SET_AEAD_ASSOCLEN = 0x4 -+ ALG_SET_AEAD_AUTHSIZE = 0x5 -+ ALG_SET_IV = 0x2 -+ ALG_SET_KEY = 0x1 -+ ALG_SET_OP = 0x3 -+ ANON_INODE_FS_MAGIC = 0x9041934 -+ ARPHRD_6LOWPAN = 0x339 -+ ARPHRD_ADAPT = 0x108 -+ ARPHRD_APPLETLK = 0x8 -+ ARPHRD_ARCNET = 0x7 -+ ARPHRD_ASH = 0x30d -+ ARPHRD_ATM = 0x13 -+ ARPHRD_AX25 = 0x3 -+ ARPHRD_BIF = 0x307 -+ ARPHRD_CAIF = 0x336 -+ ARPHRD_CAN = 0x118 -+ ARPHRD_CHAOS = 0x5 -+ ARPHRD_CISCO = 0x201 -+ ARPHRD_CSLIP = 0x101 -+ ARPHRD_CSLIP6 = 0x103 -+ ARPHRD_DDCMP = 0x205 -+ ARPHRD_DLCI = 0xf -+ ARPHRD_ECONET = 0x30e -+ ARPHRD_EETHER = 0x2 -+ ARPHRD_ETHER = 0x1 -+ ARPHRD_EUI64 = 0x1b -+ ARPHRD_FCAL = 0x311 -+ ARPHRD_FCFABRIC = 0x313 -+ ARPHRD_FCPL = 0x312 -+ ARPHRD_FCPP = 0x310 -+ ARPHRD_FDDI = 0x306 -+ ARPHRD_FRAD = 0x302 -+ ARPHRD_HDLC = 0x201 -+ ARPHRD_HIPPI = 0x30c -+ ARPHRD_HWX25 = 0x110 -+ ARPHRD_IEEE1394 = 0x18 -+ ARPHRD_IEEE802 = 0x6 -+ ARPHRD_IEEE80211 = 0x321 -+ ARPHRD_IEEE80211_PRISM = 0x322 -+ ARPHRD_IEEE80211_RADIOTAP = 0x323 -+ ARPHRD_IEEE802154 = 0x324 -+ ARPHRD_IEEE802154_MONITOR = 0x325 -+ ARPHRD_IEEE802_TR = 0x320 -+ ARPHRD_INFINIBAND = 0x20 -+ ARPHRD_IP6GRE = 0x337 -+ ARPHRD_IPDDP = 0x309 -+ ARPHRD_IPGRE = 0x30a -+ ARPHRD_IRDA = 0x30f -+ ARPHRD_LAPB = 0x204 -+ ARPHRD_LOCALTLK = 0x305 -+ ARPHRD_LOOPBACK = 0x304 -+ ARPHRD_METRICOM = 0x17 -+ ARPHRD_NETLINK = 0x338 -+ ARPHRD_NETROM = 0x0 -+ ARPHRD_NONE = 0xfffe -+ ARPHRD_PHONET = 0x334 -+ ARPHRD_PHONET_PIPE = 0x335 -+ ARPHRD_PIMREG = 0x30b -+ ARPHRD_PPP = 0x200 -+ ARPHRD_PRONET = 0x4 -+ ARPHRD_RAWHDLC = 0x206 -+ ARPHRD_RAWIP = 0x207 -+ ARPHRD_ROSE = 0x10e -+ ARPHRD_RSRVD = 0x104 -+ ARPHRD_SIT = 0x308 -+ ARPHRD_SKIP = 0x303 -+ ARPHRD_SLIP = 0x100 -+ ARPHRD_SLIP6 = 0x102 -+ ARPHRD_TUNNEL = 0x300 -+ ARPHRD_TUNNEL6 = 0x301 -+ ARPHRD_VOID = 0xffff -+ ARPHRD_VSOCKMON = 0x33a -+ ARPHRD_X25 = 0x10f -+ AUTOFS_SUPER_MAGIC = 0x187 -+ B0 = 0x0 -+ B1000000 = 0x1008 -+ B110 = 0x3 -+ B115200 = 0x1002 -+ B1152000 = 0x1009 -+ B1200 = 0x9 -+ B134 = 0x4 -+ B150 = 0x5 -+ B1500000 = 0x100a -+ B1800 = 0xa -+ B19200 = 0xe -+ B200 = 0x6 -+ B2000000 = 0x100b -+ B230400 = 0x1003 -+ B2400 = 0xb -+ B2500000 = 0x100c -+ B300 = 0x7 -+ B3000000 = 0x100d -+ B3500000 = 0x100e -+ B38400 = 0xf -+ B4000000 = 0x100f -+ B460800 = 0x1004 -+ B4800 = 0xc -+ B50 = 0x1 -+ B500000 = 0x1005 -+ B57600 = 0x1001 -+ B576000 = 0x1006 -+ B600 = 0x8 -+ B75 = 0x2 -+ B921600 = 0x1007 -+ B9600 = 0xd -+ BALLOON_KVM_MAGIC = 0x13661366 -+ BDEVFS_MAGIC = 0x62646576 -+ BINDERFS_SUPER_MAGIC = 0x6c6f6f70 -+ BINFMTFS_MAGIC = 0x42494e4d -+ BLKBSZGET = 0x80081270 -+ BLKBSZSET = 0x40081271 -+ BLKFLSBUF = 0x1261 -+ BLKFRAGET = 0x1265 -+ BLKFRASET = 0x1264 -+ BLKGETSIZE = 0x1260 -+ BLKGETSIZE64 = 0x80081272 -+ BLKPBSZGET = 0x127b -+ BLKRAGET = 0x1263 -+ BLKRASET = 0x1262 -+ BLKROGET = 0x125e -+ BLKROSET = 0x125d -+ BLKRRPART = 0x125f -+ BLKSECTGET = 0x1267 -+ BLKSECTSET = 0x1266 -+ BLKSSZGET = 0x1268 -+ BOTHER = 0x1000 -+ BPF_A = 0x10 -+ BPF_ABS = 0x20 -+ BPF_ADD = 0x0 -+ BPF_ALU = 0x4 -+ BPF_AND = 0x50 -+ BPF_B = 0x10 -+ BPF_DIV = 0x30 -+ BPF_FS_MAGIC = 0xcafe4a11 -+ BPF_H = 0x8 -+ BPF_IMM = 0x0 -+ BPF_IND = 0x40 -+ BPF_JA = 0x0 -+ BPF_JEQ = 0x10 -+ BPF_JGE = 0x30 -+ BPF_JGT = 0x20 -+ BPF_JMP = 0x5 -+ BPF_JSET = 0x40 -+ BPF_K = 0x0 -+ BPF_LD = 0x0 -+ BPF_LDX = 0x1 -+ BPF_LEN = 0x80 -+ BPF_LL_OFF = -0x200000 -+ BPF_LSH = 0x60 -+ BPF_MAJOR_VERSION = 0x1 -+ BPF_MAXINSNS = 0x1000 -+ BPF_MEM = 0x60 -+ BPF_MEMWORDS = 0x10 -+ BPF_MINOR_VERSION = 0x1 -+ BPF_MISC = 0x7 -+ BPF_MOD = 0x90 -+ BPF_MSH = 0xa0 -+ BPF_MUL = 0x20 -+ BPF_NEG = 0x80 -+ BPF_NET_OFF = -0x100000 -+ BPF_OR = 0x40 -+ BPF_RET = 0x6 -+ BPF_RSH = 0x70 -+ BPF_ST = 0x2 -+ BPF_STX = 0x3 -+ BPF_SUB = 0x10 -+ BPF_TAX = 0x0 -+ BPF_TXA = 0x80 -+ BPF_W = 0x0 -+ BPF_X = 0x8 -+ BPF_XOR = 0xa0 -+ BRKINT = 0x2 -+ BS0 = 0x0 -+ BS1 = 0x2000 -+ BSDLY = 0x2000 -+ BTRFS_SUPER_MAGIC = 0x9123683e -+ BTRFS_TEST_MAGIC = 0x73727279 -+ CAN_BCM = 0x2 -+ CAN_EFF_FLAG = 0x80000000 -+ CAN_EFF_ID_BITS = 0x1d -+ CAN_EFF_MASK = 0x1fffffff -+ CAN_ERR_FLAG = 0x20000000 -+ CAN_ERR_MASK = 0x1fffffff -+ CAN_INV_FILTER = 0x20000000 -+ CAN_ISOTP = 0x6 -+ CAN_MAX_DLC = 0x8 -+ CAN_MAX_DLEN = 0x8 -+ CAN_MCNET = 0x5 -+ CAN_MTU = 0x10 -+ CAN_NPROTO = 0x7 -+ CAN_RAW = 0x1 -+ CAN_RAW_FILTER_MAX = 0x200 -+ CAN_RTR_FLAG = 0x40000000 -+ CAN_SFF_ID_BITS = 0xb -+ CAN_SFF_MASK = 0x7ff -+ CAN_TP16 = 0x3 -+ CAN_TP20 = 0x4 -+ CBAUD = 0x100f -+ CBAUDEX = 0x1000 -+ CFLUSH = 0xf -+ CGROUP2_SUPER_MAGIC = 0x63677270 -+ CGROUP_SUPER_MAGIC = 0x27e0eb -+ CIBAUD = 0x100f0000 -+ CLOCAL = 0x800 -+ CLOCK_BOOTTIME = 0x7 -+ CLOCK_BOOTTIME_ALARM = 0x9 -+ CLOCK_DEFAULT = 0x0 -+ CLOCK_EXT = 0x1 -+ CLOCK_INT = 0x2 -+ CLOCK_MONOTONIC = 0x1 -+ CLOCK_MONOTONIC_COARSE = 0x6 -+ CLOCK_MONOTONIC_RAW = 0x4 -+ CLOCK_PROCESS_CPUTIME_ID = 0x2 -+ CLOCK_REALTIME = 0x0 -+ CLOCK_REALTIME_ALARM = 0x8 -+ CLOCK_REALTIME_COARSE = 0x5 -+ CLOCK_TAI = 0xb -+ CLOCK_THREAD_CPUTIME_ID = 0x3 -+ CLOCK_TXFROMRX = 0x4 -+ CLOCK_TXINT = 0x3 -+ CLONE_CHILD_CLEARTID = 0x200000 -+ CLONE_CHILD_SETTID = 0x1000000 -+ CLONE_DETACHED = 0x400000 -+ CLONE_FILES = 0x400 -+ CLONE_FS = 0x200 -+ CLONE_IO = 0x80000000 -+ CLONE_NEWCGROUP = 0x2000000 -+ CLONE_NEWIPC = 0x8000000 -+ CLONE_NEWNET = 0x40000000 -+ CLONE_NEWNS = 0x20000 -+ CLONE_NEWPID = 0x20000000 -+ CLONE_NEWUSER = 0x10000000 -+ CLONE_NEWUTS = 0x4000000 -+ CLONE_PARENT = 0x8000 -+ CLONE_PARENT_SETTID = 0x100000 -+ CLONE_PTRACE = 0x2000 -+ CLONE_SETTLS = 0x80000 -+ CLONE_SIGHAND = 0x800 -+ CLONE_SYSVSEM = 0x40000 -+ CLONE_THREAD = 0x10000 -+ CLONE_UNTRACED = 0x800000 -+ CLONE_VFORK = 0x4000 -+ CLONE_VM = 0x100 -+ CMSPAR = 0x40000000 -+ CODA_SUPER_MAGIC = 0x73757245 -+ CR0 = 0x0 -+ CR1 = 0x200 -+ CR2 = 0x400 -+ CR3 = 0x600 -+ CRAMFS_MAGIC = 0x28cd3d45 -+ CRDLY = 0x600 -+ CREAD = 0x80 -+ CRTSCTS = 0x80000000 -+ CRYPTO_MAX_NAME = 0x40 -+ CRYPTO_MSG_MAX = 0x15 -+ CRYPTO_NR_MSGTYPES = 0x6 -+ CRYPTO_REPORT_MAXSIZE = 0x160 -+ CS5 = 0x0 -+ CS6 = 0x10 -+ CS7 = 0x20 -+ CS8 = 0x30 -+ CSIGNAL = 0xff -+ CSIZE = 0x30 -+ CSTART = 0x11 -+ CSTATUS = 0x0 -+ CSTOP = 0x13 -+ CSTOPB = 0x40 -+ CSUSP = 0x1a -+ DAXFS_MAGIC = 0x64646178 -+ DEBUGFS_MAGIC = 0x64626720 -+ DEVPTS_SUPER_MAGIC = 0x1cd1 -+ DT_BLK = 0x6 -+ DT_CHR = 0x2 -+ DT_DIR = 0x4 -+ DT_FIFO = 0x1 -+ DT_LNK = 0xa -+ DT_REG = 0x8 -+ DT_SOCK = 0xc -+ DT_UNKNOWN = 0x0 -+ DT_WHT = 0xe -+ ECHO = 0x8 -+ ECHOCTL = 0x200 -+ ECHOE = 0x10 -+ ECHOK = 0x20 -+ ECHOKE = 0x800 -+ ECHONL = 0x40 -+ ECHOPRT = 0x400 -+ ECRYPTFS_SUPER_MAGIC = 0xf15f -+ EFD_CLOEXEC = 0x80000 -+ EFD_NONBLOCK = 0x800 -+ EFD_SEMAPHORE = 0x1 -+ EFIVARFS_MAGIC = 0xde5e81e4 -+ EFS_SUPER_MAGIC = 0x414a53 -+ ENCODING_DEFAULT = 0x0 -+ ENCODING_FM_MARK = 0x3 -+ ENCODING_FM_SPACE = 0x4 -+ ENCODING_MANCHESTER = 0x5 -+ ENCODING_NRZ = 0x1 -+ ENCODING_NRZI = 0x2 -+ EPOLLERR = 0x8 -+ EPOLLET = 0x80000000 -+ EPOLLEXCLUSIVE = 0x10000000 -+ EPOLLHUP = 0x10 -+ EPOLLIN = 0x1 -+ EPOLLMSG = 0x400 -+ EPOLLONESHOT = 0x40000000 -+ EPOLLOUT = 0x4 -+ EPOLLPRI = 0x2 -+ EPOLLRDBAND = 0x80 -+ EPOLLRDHUP = 0x2000 -+ EPOLLRDNORM = 0x40 -+ EPOLLWAKEUP = 0x20000000 -+ EPOLLWRBAND = 0x200 -+ EPOLLWRNORM = 0x100 -+ EPOLL_CLOEXEC = 0x80000 -+ EPOLL_CTL_ADD = 0x1 -+ EPOLL_CTL_DEL = 0x2 -+ EPOLL_CTL_MOD = 0x3 -+ ETH_P_1588 = 0x88f7 -+ ETH_P_8021AD = 0x88a8 -+ ETH_P_8021AH = 0x88e7 -+ ETH_P_8021Q = 0x8100 -+ ETH_P_80221 = 0x8917 -+ ETH_P_802_2 = 0x4 -+ ETH_P_802_3 = 0x1 -+ ETH_P_802_3_MIN = 0x600 -+ ETH_P_802_EX1 = 0x88b5 -+ ETH_P_AARP = 0x80f3 -+ ETH_P_AF_IUCV = 0xfbfb -+ ETH_P_ALL = 0x3 -+ ETH_P_AOE = 0x88a2 -+ ETH_P_ARCNET = 0x1a -+ ETH_P_ARP = 0x806 -+ ETH_P_ATALK = 0x809b -+ ETH_P_ATMFATE = 0x8884 -+ ETH_P_ATMMPOA = 0x884c -+ ETH_P_AX25 = 0x2 -+ ETH_P_BATMAN = 0x4305 -+ ETH_P_BPQ = 0x8ff -+ ETH_P_CAIF = 0xf7 -+ ETH_P_CAN = 0xc -+ ETH_P_CANFD = 0xd -+ ETH_P_CONTROL = 0x16 -+ ETH_P_CUST = 0x6006 -+ ETH_P_DDCMP = 0x6 -+ ETH_P_DEC = 0x6000 -+ ETH_P_DIAG = 0x6005 -+ ETH_P_DNA_DL = 0x6001 -+ ETH_P_DNA_RC = 0x6002 -+ ETH_P_DNA_RT = 0x6003 -+ ETH_P_DSA = 0x1b -+ ETH_P_ECONET = 0x18 -+ ETH_P_EDSA = 0xdada -+ ETH_P_ERSPAN = 0x88be -+ ETH_P_ERSPAN2 = 0x22eb -+ ETH_P_FCOE = 0x8906 -+ ETH_P_FIP = 0x8914 -+ ETH_P_HDLC = 0x19 -+ ETH_P_HSR = 0x892f -+ ETH_P_IBOE = 0x8915 -+ ETH_P_IEEE802154 = 0xf6 -+ ETH_P_IEEEPUP = 0xa00 -+ ETH_P_IEEEPUPAT = 0xa01 -+ ETH_P_IFE = 0xed3e -+ ETH_P_IP = 0x800 -+ ETH_P_IPV6 = 0x86dd -+ ETH_P_IPX = 0x8137 -+ ETH_P_IRDA = 0x17 -+ ETH_P_LAT = 0x6004 -+ ETH_P_LINK_CTL = 0x886c -+ ETH_P_LOCALTALK = 0x9 -+ ETH_P_LOOP = 0x60 -+ ETH_P_LOOPBACK = 0x9000 -+ ETH_P_MACSEC = 0x88e5 -+ ETH_P_MAP = 0xf9 -+ ETH_P_MOBITEX = 0x15 -+ ETH_P_MPLS_MC = 0x8848 -+ ETH_P_MPLS_UC = 0x8847 -+ ETH_P_MVRP = 0x88f5 -+ ETH_P_NCSI = 0x88f8 -+ ETH_P_NSH = 0x894f -+ ETH_P_PAE = 0x888e -+ ETH_P_PAUSE = 0x8808 -+ ETH_P_PHONET = 0xf5 -+ ETH_P_PPPTALK = 0x10 -+ ETH_P_PPP_DISC = 0x8863 -+ ETH_P_PPP_MP = 0x8 -+ ETH_P_PPP_SES = 0x8864 -+ ETH_P_PREAUTH = 0x88c7 -+ ETH_P_PRP = 0x88fb -+ ETH_P_PUP = 0x200 -+ ETH_P_PUPAT = 0x201 -+ ETH_P_QINQ1 = 0x9100 -+ ETH_P_QINQ2 = 0x9200 -+ ETH_P_QINQ3 = 0x9300 -+ ETH_P_RARP = 0x8035 -+ ETH_P_SCA = 0x6007 -+ ETH_P_SLOW = 0x8809 -+ ETH_P_SNAP = 0x5 -+ ETH_P_TDLS = 0x890d -+ ETH_P_TEB = 0x6558 -+ ETH_P_TIPC = 0x88ca -+ ETH_P_TRAILER = 0x1c -+ ETH_P_TR_802_2 = 0x11 -+ ETH_P_TSN = 0x22f0 -+ ETH_P_WAN_PPP = 0x7 -+ ETH_P_WCCP = 0x883e -+ ETH_P_X25 = 0x805 -+ ETH_P_XDSA = 0xf8 -+ EXABYTE_ENABLE_NEST = 0xf0 -+ EXT2_SUPER_MAGIC = 0xef53 -+ EXT3_SUPER_MAGIC = 0xef53 -+ EXT4_SUPER_MAGIC = 0xef53 -+ EXTA = 0xe -+ EXTB = 0xf -+ EXTPROC = 0x10000 -+ F2FS_SUPER_MAGIC = 0xf2f52010 -+ FALLOC_FL_COLLAPSE_RANGE = 0x8 -+ FALLOC_FL_INSERT_RANGE = 0x20 -+ FALLOC_FL_KEEP_SIZE = 0x1 -+ FALLOC_FL_NO_HIDE_STALE = 0x4 -+ FALLOC_FL_PUNCH_HOLE = 0x2 -+ FALLOC_FL_UNSHARE_RANGE = 0x40 -+ FALLOC_FL_ZERO_RANGE = 0x10 -+ FANOTIFY_METADATA_VERSION = 0x3 -+ FAN_ACCESS = 0x1 -+ FAN_ACCESS_PERM = 0x20000 -+ FAN_ALLOW = 0x1 -+ FAN_ALL_CLASS_BITS = 0xc -+ FAN_ALL_EVENTS = 0x3b -+ FAN_ALL_INIT_FLAGS = 0x3f -+ FAN_ALL_MARK_FLAGS = 0xff -+ FAN_ALL_OUTGOING_EVENTS = 0x3403b -+ FAN_ALL_PERM_EVENTS = 0x30000 -+ FAN_AUDIT = 0x10 -+ FAN_CLASS_CONTENT = 0x4 -+ FAN_CLASS_NOTIF = 0x0 -+ FAN_CLASS_PRE_CONTENT = 0x8 -+ FAN_CLOEXEC = 0x1 -+ FAN_CLOSE = 0x18 -+ FAN_CLOSE_NOWRITE = 0x10 -+ FAN_CLOSE_WRITE = 0x8 -+ FAN_DENY = 0x2 -+ FAN_ENABLE_AUDIT = 0x40 -+ FAN_EVENT_METADATA_LEN = 0x18 -+ FAN_EVENT_ON_CHILD = 0x8000000 -+ FAN_MARK_ADD = 0x1 -+ FAN_MARK_DONT_FOLLOW = 0x4 -+ FAN_MARK_FILESYSTEM = 0x100 -+ FAN_MARK_FLUSH = 0x80 -+ FAN_MARK_IGNORED_MASK = 0x20 -+ FAN_MARK_IGNORED_SURV_MODIFY = 0x40 -+ FAN_MARK_INODE = 0x0 -+ FAN_MARK_MOUNT = 0x10 -+ FAN_MARK_ONLYDIR = 0x8 -+ FAN_MARK_REMOVE = 0x2 -+ FAN_MODIFY = 0x2 -+ FAN_NOFD = -0x1 -+ FAN_NONBLOCK = 0x2 -+ FAN_ONDIR = 0x40000000 -+ FAN_OPEN = 0x20 -+ FAN_OPEN_EXEC = 0x1000 -+ FAN_OPEN_EXEC_PERM = 0x40000 -+ FAN_OPEN_PERM = 0x10000 -+ FAN_Q_OVERFLOW = 0x4000 -+ FAN_REPORT_TID = 0x100 -+ FAN_UNLIMITED_MARKS = 0x20 -+ FAN_UNLIMITED_QUEUE = 0x10 -+ FD_CLOEXEC = 0x1 -+ FD_SETSIZE = 0x400 -+ FF0 = 0x0 -+ FF1 = 0x8000 -+ FFDLY = 0x8000 -+ FLUSHO = 0x1000 -+ FS_ENCRYPTION_MODE_ADIANTUM = 0x9 -+ FS_ENCRYPTION_MODE_AES_128_CBC = 0x5 -+ FS_ENCRYPTION_MODE_AES_128_CTS = 0x6 -+ FS_ENCRYPTION_MODE_AES_256_CBC = 0x3 -+ FS_ENCRYPTION_MODE_AES_256_CTS = 0x4 -+ FS_ENCRYPTION_MODE_AES_256_GCM = 0x2 -+ FS_ENCRYPTION_MODE_AES_256_XTS = 0x1 -+ FS_ENCRYPTION_MODE_INVALID = 0x0 -+ FS_ENCRYPTION_MODE_SPECK128_256_CTS = 0x8 -+ FS_ENCRYPTION_MODE_SPECK128_256_XTS = 0x7 -+ FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615 -+ FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614 -+ FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613 -+ FS_KEY_DESCRIPTOR_SIZE = 0x8 -+ FS_KEY_DESC_PREFIX = "fscrypt:" -+ FS_KEY_DESC_PREFIX_SIZE = 0x8 -+ FS_MAX_KEY_SIZE = 0x40 -+ FS_POLICY_FLAGS_PAD_16 = 0x2 -+ FS_POLICY_FLAGS_PAD_32 = 0x3 -+ FS_POLICY_FLAGS_PAD_4 = 0x0 -+ FS_POLICY_FLAGS_PAD_8 = 0x1 -+ FS_POLICY_FLAGS_PAD_MASK = 0x3 -+ FS_POLICY_FLAGS_VALID = 0x7 -+ FUTEXFS_SUPER_MAGIC = 0xbad1dea -+ F_ADD_SEALS = 0x409 -+ F_DUPFD = 0x0 -+ F_DUPFD_CLOEXEC = 0x406 -+ F_EXLCK = 0x4 -+ F_GETFD = 0x1 -+ F_GETFL = 0x3 -+ F_GETLEASE = 0x401 -+ F_GETLK = 0x5 -+ F_GETLK64 = 0x5 -+ F_GETOWN = 0x9 -+ F_GETOWN_EX = 0x10 -+ F_GETPIPE_SZ = 0x408 -+ F_GETSIG = 0xb -+ F_GET_FILE_RW_HINT = 0x40d -+ F_GET_RW_HINT = 0x40b -+ F_GET_SEALS = 0x40a -+ F_LOCK = 0x1 -+ F_NOTIFY = 0x402 -+ F_OFD_GETLK = 0x24 -+ F_OFD_SETLK = 0x25 -+ F_OFD_SETLKW = 0x26 -+ F_OK = 0x0 -+ F_RDLCK = 0x0 -+ F_SEAL_GROW = 0x4 -+ F_SEAL_SEAL = 0x1 -+ F_SEAL_SHRINK = 0x2 -+ F_SEAL_WRITE = 0x8 -+ F_SETFD = 0x2 -+ F_SETFL = 0x4 -+ F_SETLEASE = 0x400 -+ F_SETLK = 0x6 -+ F_SETLK64 = 0x6 -+ F_SETLKW = 0x7 -+ F_SETLKW64 = 0x7 -+ F_SETOWN = 0x8 -+ F_SETOWN_EX = 0xf -+ F_SETPIPE_SZ = 0x407 -+ F_SETSIG = 0xa -+ F_SET_FILE_RW_HINT = 0x40e -+ F_SET_RW_HINT = 0x40c -+ F_SHLCK = 0x8 -+ F_TEST = 0x3 -+ F_TLOCK = 0x2 -+ F_ULOCK = 0x0 -+ F_UNLCK = 0x2 -+ F_WRLCK = 0x1 -+ GENL_ADMIN_PERM = 0x1 -+ GENL_CMD_CAP_DO = 0x2 -+ GENL_CMD_CAP_DUMP = 0x4 -+ GENL_CMD_CAP_HASPOL = 0x8 -+ GENL_HDRLEN = 0x4 -+ GENL_ID_CTRL = 0x10 -+ GENL_ID_PMCRAID = 0x12 -+ GENL_ID_VFS_DQUOT = 0x11 -+ GENL_MAX_ID = 0x3ff -+ GENL_MIN_ID = 0x10 -+ GENL_NAMSIZ = 0x10 -+ GENL_START_ALLOC = 0x13 -+ GENL_UNS_ADMIN_PERM = 0x10 -+ GRND_NONBLOCK = 0x1 -+ GRND_RANDOM = 0x2 -+ HDIO_DRIVE_CMD = 0x31f -+ HDIO_DRIVE_CMD_AEB = 0x31e -+ HDIO_DRIVE_CMD_HDR_SIZE = 0x4 -+ HDIO_DRIVE_HOB_HDR_SIZE = 0x8 -+ HDIO_DRIVE_RESET = 0x31c -+ HDIO_DRIVE_TASK = 0x31e -+ HDIO_DRIVE_TASKFILE = 0x31d -+ HDIO_DRIVE_TASK_HDR_SIZE = 0x8 -+ HDIO_GETGEO = 0x301 -+ HDIO_GET_32BIT = 0x309 -+ HDIO_GET_ACOUSTIC = 0x30f -+ HDIO_GET_ADDRESS = 0x310 -+ HDIO_GET_BUSSTATE = 0x31a -+ HDIO_GET_DMA = 0x30b -+ HDIO_GET_IDENTITY = 0x30d -+ HDIO_GET_KEEPSETTINGS = 0x308 -+ HDIO_GET_MULTCOUNT = 0x304 -+ HDIO_GET_NICE = 0x30c -+ HDIO_GET_NOWERR = 0x30a -+ HDIO_GET_QDMA = 0x305 -+ HDIO_GET_UNMASKINTR = 0x302 -+ HDIO_GET_WCACHE = 0x30e -+ HDIO_OBSOLETE_IDENTITY = 0x307 -+ HDIO_SCAN_HWIF = 0x328 -+ HDIO_SET_32BIT = 0x324 -+ HDIO_SET_ACOUSTIC = 0x32c -+ HDIO_SET_ADDRESS = 0x32f -+ HDIO_SET_BUSSTATE = 0x32d -+ HDIO_SET_DMA = 0x326 -+ HDIO_SET_KEEPSETTINGS = 0x323 -+ HDIO_SET_MULTCOUNT = 0x321 -+ HDIO_SET_NICE = 0x329 -+ HDIO_SET_NOWERR = 0x325 -+ HDIO_SET_PIO_MODE = 0x327 -+ HDIO_SET_QDMA = 0x32e -+ HDIO_SET_UNMASKINTR = 0x322 -+ HDIO_SET_WCACHE = 0x32b -+ HDIO_SET_XFER = 0x306 -+ HDIO_TRISTATE_HWIF = 0x31b -+ HDIO_UNREGISTER_HWIF = 0x32a -+ HOSTFS_SUPER_MAGIC = 0xc0ffee -+ HPFS_SUPER_MAGIC = 0xf995e849 -+ HUGETLBFS_MAGIC = 0x958458f6 -+ HUPCL = 0x400 -+ IBSHIFT = 0x10 -+ ICANON = 0x2 -+ ICMPV6_FILTER = 0x1 -+ ICRNL = 0x100 -+ IEXTEN = 0x8000 -+ IFA_F_DADFAILED = 0x8 -+ IFA_F_DEPRECATED = 0x20 -+ IFA_F_HOMEADDRESS = 0x10 -+ IFA_F_MANAGETEMPADDR = 0x100 -+ IFA_F_MCAUTOJOIN = 0x400 -+ IFA_F_NODAD = 0x2 -+ IFA_F_NOPREFIXROUTE = 0x200 -+ IFA_F_OPTIMISTIC = 0x4 -+ IFA_F_PERMANENT = 0x80 -+ IFA_F_SECONDARY = 0x1 -+ IFA_F_STABLE_PRIVACY = 0x800 -+ IFA_F_TEMPORARY = 0x1 -+ IFA_F_TENTATIVE = 0x40 -+ IFA_MAX = 0xa -+ IFF_ALLMULTI = 0x200 -+ IFF_ATTACH_QUEUE = 0x200 -+ IFF_AUTOMEDIA = 0x4000 -+ IFF_BROADCAST = 0x2 -+ IFF_DEBUG = 0x4 -+ IFF_DETACH_QUEUE = 0x400 -+ IFF_DORMANT = 0x20000 -+ IFF_DYNAMIC = 0x8000 -+ IFF_ECHO = 0x40000 -+ IFF_LOOPBACK = 0x8 -+ IFF_LOWER_UP = 0x10000 -+ IFF_MASTER = 0x400 -+ IFF_MULTICAST = 0x1000 -+ IFF_MULTI_QUEUE = 0x100 -+ IFF_NAPI = 0x10 -+ IFF_NAPI_FRAGS = 0x20 -+ IFF_NOARP = 0x80 -+ IFF_NOFILTER = 0x1000 -+ IFF_NOTRAILERS = 0x20 -+ IFF_NO_PI = 0x1000 -+ IFF_ONE_QUEUE = 0x2000 -+ IFF_PERSIST = 0x800 -+ IFF_POINTOPOINT = 0x10 -+ IFF_PORTSEL = 0x2000 -+ IFF_PROMISC = 0x100 -+ IFF_RUNNING = 0x40 -+ IFF_SLAVE = 0x800 -+ IFF_TAP = 0x2 -+ IFF_TUN = 0x1 -+ IFF_TUN_EXCL = 0x8000 -+ IFF_UP = 0x1 -+ IFF_VNET_HDR = 0x4000 -+ IFF_VOLATILE = 0x70c5a -+ IFNAMSIZ = 0x10 -+ IGNBRK = 0x1 -+ IGNCR = 0x80 -+ IGNPAR = 0x4 -+ IMAXBEL = 0x2000 -+ INLCR = 0x40 -+ INPCK = 0x10 -+ IN_ACCESS = 0x1 -+ IN_ALL_EVENTS = 0xfff -+ IN_ATTRIB = 0x4 -+ IN_CLASSA_HOST = 0xffffff -+ IN_CLASSA_MAX = 0x80 -+ IN_CLASSA_NET = 0xff000000 -+ IN_CLASSA_NSHIFT = 0x18 -+ IN_CLASSB_HOST = 0xffff -+ IN_CLASSB_MAX = 0x10000 -+ IN_CLASSB_NET = 0xffff0000 -+ IN_CLASSB_NSHIFT = 0x10 -+ IN_CLASSC_HOST = 0xff -+ IN_CLASSC_NET = 0xffffff00 -+ IN_CLASSC_NSHIFT = 0x8 -+ IN_CLOEXEC = 0x80000 -+ IN_CLOSE = 0x18 -+ IN_CLOSE_NOWRITE = 0x10 -+ IN_CLOSE_WRITE = 0x8 -+ IN_CREATE = 0x100 -+ IN_DELETE = 0x200 -+ IN_DELETE_SELF = 0x400 -+ IN_DONT_FOLLOW = 0x2000000 -+ IN_EXCL_UNLINK = 0x4000000 -+ IN_IGNORED = 0x8000 -+ IN_ISDIR = 0x40000000 -+ IN_LOOPBACKNET = 0x7f -+ IN_MASK_ADD = 0x20000000 -+ IN_MASK_CREATE = 0x10000000 -+ IN_MODIFY = 0x2 -+ IN_MOVE = 0xc0 -+ IN_MOVED_FROM = 0x40 -+ IN_MOVED_TO = 0x80 -+ IN_MOVE_SELF = 0x800 -+ IN_NONBLOCK = 0x800 -+ IN_ONESHOT = 0x80000000 -+ IN_ONLYDIR = 0x1000000 -+ IN_OPEN = 0x20 -+ IN_Q_OVERFLOW = 0x4000 -+ IN_UNMOUNT = 0x2000 -+ IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 -+ IPPROTO_AH = 0x33 -+ IPPROTO_BEETPH = 0x5e -+ IPPROTO_COMP = 0x6c -+ IPPROTO_DCCP = 0x21 -+ IPPROTO_DSTOPTS = 0x3c -+ IPPROTO_EGP = 0x8 -+ IPPROTO_ENCAP = 0x62 -+ IPPROTO_ESP = 0x32 -+ IPPROTO_FRAGMENT = 0x2c -+ IPPROTO_GRE = 0x2f -+ IPPROTO_HOPOPTS = 0x0 -+ IPPROTO_ICMP = 0x1 -+ IPPROTO_ICMPV6 = 0x3a -+ IPPROTO_IDP = 0x16 -+ IPPROTO_IGMP = 0x2 -+ IPPROTO_IP = 0x0 -+ IPPROTO_IPIP = 0x4 -+ IPPROTO_IPV6 = 0x29 -+ IPPROTO_MH = 0x87 -+ IPPROTO_MPLS = 0x89 -+ IPPROTO_MTP = 0x5c -+ IPPROTO_NONE = 0x3b -+ IPPROTO_PIM = 0x67 -+ IPPROTO_PUP = 0xc -+ IPPROTO_RAW = 0xff -+ IPPROTO_ROUTING = 0x2b -+ IPPROTO_RSVP = 0x2e -+ IPPROTO_SCTP = 0x84 -+ IPPROTO_TCP = 0x6 -+ IPPROTO_TP = 0x1d -+ IPPROTO_UDP = 0x11 -+ IPPROTO_UDPLITE = 0x88 -+ IPV6_2292DSTOPTS = 0x4 -+ IPV6_2292HOPLIMIT = 0x8 -+ IPV6_2292HOPOPTS = 0x3 -+ IPV6_2292PKTINFO = 0x2 -+ IPV6_2292PKTOPTIONS = 0x6 -+ IPV6_2292RTHDR = 0x5 -+ IPV6_ADDRFORM = 0x1 -+ IPV6_ADDR_PREFERENCES = 0x48 -+ IPV6_ADD_MEMBERSHIP = 0x14 -+ IPV6_AUTHHDR = 0xa -+ IPV6_AUTOFLOWLABEL = 0x46 -+ IPV6_CHECKSUM = 0x7 -+ IPV6_DONTFRAG = 0x3e -+ IPV6_DROP_MEMBERSHIP = 0x15 -+ IPV6_DSTOPTS = 0x3b -+ IPV6_FREEBIND = 0x4e -+ IPV6_HDRINCL = 0x24 -+ IPV6_HOPLIMIT = 0x34 -+ IPV6_HOPOPTS = 0x36 -+ IPV6_IPSEC_POLICY = 0x22 -+ IPV6_JOIN_ANYCAST = 0x1b -+ IPV6_JOIN_GROUP = 0x14 -+ IPV6_LEAVE_ANYCAST = 0x1c -+ IPV6_LEAVE_GROUP = 0x15 -+ IPV6_MINHOPCOUNT = 0x49 -+ IPV6_MTU = 0x18 -+ IPV6_MTU_DISCOVER = 0x17 -+ IPV6_MULTICAST_ALL = 0x1d -+ IPV6_MULTICAST_HOPS = 0x12 -+ IPV6_MULTICAST_IF = 0x11 -+ IPV6_MULTICAST_LOOP = 0x13 -+ IPV6_NEXTHOP = 0x9 -+ IPV6_ORIGDSTADDR = 0x4a -+ IPV6_PATHMTU = 0x3d -+ IPV6_PKTINFO = 0x32 -+ IPV6_PMTUDISC_DO = 0x2 -+ IPV6_PMTUDISC_DONT = 0x0 -+ IPV6_PMTUDISC_INTERFACE = 0x4 -+ IPV6_PMTUDISC_OMIT = 0x5 -+ IPV6_PMTUDISC_PROBE = 0x3 -+ IPV6_PMTUDISC_WANT = 0x1 -+ IPV6_RECVDSTOPTS = 0x3a -+ IPV6_RECVERR = 0x19 -+ IPV6_RECVFRAGSIZE = 0x4d -+ IPV6_RECVHOPLIMIT = 0x33 -+ IPV6_RECVHOPOPTS = 0x35 -+ IPV6_RECVORIGDSTADDR = 0x4a -+ IPV6_RECVPATHMTU = 0x3c -+ IPV6_RECVPKTINFO = 0x31 -+ IPV6_RECVRTHDR = 0x38 -+ IPV6_RECVTCLASS = 0x42 -+ IPV6_ROUTER_ALERT = 0x16 -+ IPV6_RTHDR = 0x39 -+ IPV6_RTHDRDSTOPTS = 0x37 -+ IPV6_RTHDR_LOOSE = 0x0 -+ IPV6_RTHDR_STRICT = 0x1 -+ IPV6_RTHDR_TYPE_0 = 0x0 -+ IPV6_RXDSTOPTS = 0x3b -+ IPV6_RXHOPOPTS = 0x36 -+ IPV6_TCLASS = 0x43 -+ IPV6_TRANSPARENT = 0x4b -+ IPV6_UNICAST_HOPS = 0x10 -+ IPV6_UNICAST_IF = 0x4c -+ IPV6_V6ONLY = 0x1a -+ IPV6_XFRM_POLICY = 0x23 -+ IP_ADD_MEMBERSHIP = 0x23 -+ IP_ADD_SOURCE_MEMBERSHIP = 0x27 -+ IP_BIND_ADDRESS_NO_PORT = 0x18 -+ IP_BLOCK_SOURCE = 0x26 -+ IP_CHECKSUM = 0x17 -+ IP_DEFAULT_MULTICAST_LOOP = 0x1 -+ IP_DEFAULT_MULTICAST_TTL = 0x1 -+ IP_DF = 0x4000 -+ IP_DROP_MEMBERSHIP = 0x24 -+ IP_DROP_SOURCE_MEMBERSHIP = 0x28 -+ IP_FREEBIND = 0xf -+ IP_HDRINCL = 0x3 -+ IP_IPSEC_POLICY = 0x10 -+ IP_MAXPACKET = 0xffff -+ IP_MAX_MEMBERSHIPS = 0x14 -+ IP_MF = 0x2000 -+ IP_MINTTL = 0x15 -+ IP_MSFILTER = 0x29 -+ IP_MSS = 0x240 -+ IP_MTU = 0xe -+ IP_MTU_DISCOVER = 0xa -+ IP_MULTICAST_ALL = 0x31 -+ IP_MULTICAST_IF = 0x20 -+ IP_MULTICAST_LOOP = 0x22 -+ IP_MULTICAST_TTL = 0x21 -+ IP_NODEFRAG = 0x16 -+ IP_OFFMASK = 0x1fff -+ IP_OPTIONS = 0x4 -+ IP_ORIGDSTADDR = 0x14 -+ IP_PASSSEC = 0x12 -+ IP_PKTINFO = 0x8 -+ IP_PKTOPTIONS = 0x9 -+ IP_PMTUDISC = 0xa -+ IP_PMTUDISC_DO = 0x2 -+ IP_PMTUDISC_DONT = 0x0 -+ IP_PMTUDISC_INTERFACE = 0x4 -+ IP_PMTUDISC_OMIT = 0x5 -+ IP_PMTUDISC_PROBE = 0x3 -+ IP_PMTUDISC_WANT = 0x1 -+ IP_RECVERR = 0xb -+ IP_RECVFRAGSIZE = 0x19 -+ IP_RECVOPTS = 0x6 -+ IP_RECVORIGDSTADDR = 0x14 -+ IP_RECVRETOPTS = 0x7 -+ IP_RECVTOS = 0xd -+ IP_RECVTTL = 0xc -+ IP_RETOPTS = 0x7 -+ IP_RF = 0x8000 -+ IP_ROUTER_ALERT = 0x5 -+ IP_TOS = 0x1 -+ IP_TRANSPARENT = 0x13 -+ IP_TTL = 0x2 -+ IP_UNBLOCK_SOURCE = 0x25 -+ IP_UNICAST_IF = 0x32 -+ IP_XFRM_POLICY = 0x11 -+ ISIG = 0x1 -+ ISOFS_SUPER_MAGIC = 0x9660 -+ ISTRIP = 0x20 -+ IUCLC = 0x200 -+ IUTF8 = 0x4000 -+ IXANY = 0x800 -+ IXOFF = 0x1000 -+ IXON = 0x400 -+ JFFS2_SUPER_MAGIC = 0x72b6 -+ KEXEC_ARCH_386 = 0x30000 -+ KEXEC_ARCH_68K = 0x40000 -+ KEXEC_ARCH_AARCH64 = 0xb70000 -+ KEXEC_ARCH_ARM = 0x280000 -+ KEXEC_ARCH_DEFAULT = 0x0 -+ KEXEC_ARCH_IA_64 = 0x320000 -+ KEXEC_ARCH_MASK = 0xffff0000 -+ KEXEC_ARCH_MIPS = 0x80000 -+ KEXEC_ARCH_MIPS_LE = 0xa0000 -+ KEXEC_ARCH_PPC = 0x140000 -+ KEXEC_ARCH_PPC64 = 0x150000 -+ KEXEC_ARCH_S390 = 0x160000 -+ KEXEC_ARCH_SH = 0x2a0000 -+ KEXEC_ARCH_X86_64 = 0x3e0000 -+ KEXEC_FILE_NO_INITRAMFS = 0x4 -+ KEXEC_FILE_ON_CRASH = 0x2 -+ KEXEC_FILE_UNLOAD = 0x1 -+ KEXEC_ON_CRASH = 0x1 -+ KEXEC_PRESERVE_CONTEXT = 0x2 -+ KEXEC_SEGMENT_MAX = 0x10 -+ KEYCTL_ASSUME_AUTHORITY = 0x10 -+ KEYCTL_CHOWN = 0x4 -+ KEYCTL_CLEAR = 0x7 -+ KEYCTL_DESCRIBE = 0x6 -+ KEYCTL_DH_COMPUTE = 0x17 -+ KEYCTL_GET_KEYRING_ID = 0x0 -+ KEYCTL_GET_PERSISTENT = 0x16 -+ KEYCTL_GET_SECURITY = 0x11 -+ KEYCTL_INSTANTIATE = 0xc -+ KEYCTL_INSTANTIATE_IOV = 0x14 -+ KEYCTL_INVALIDATE = 0x15 -+ KEYCTL_JOIN_SESSION_KEYRING = 0x1 -+ KEYCTL_LINK = 0x8 -+ KEYCTL_NEGATE = 0xd -+ KEYCTL_PKEY_DECRYPT = 0x1a -+ KEYCTL_PKEY_ENCRYPT = 0x19 -+ KEYCTL_PKEY_QUERY = 0x18 -+ KEYCTL_PKEY_SIGN = 0x1b -+ KEYCTL_PKEY_VERIFY = 0x1c -+ KEYCTL_READ = 0xb -+ KEYCTL_REJECT = 0x13 -+ KEYCTL_RESTRICT_KEYRING = 0x1d -+ KEYCTL_REVOKE = 0x3 -+ KEYCTL_SEARCH = 0xa -+ KEYCTL_SESSION_TO_PARENT = 0x12 -+ KEYCTL_SETPERM = 0x5 -+ KEYCTL_SET_REQKEY_KEYRING = 0xe -+ KEYCTL_SET_TIMEOUT = 0xf -+ KEYCTL_SUPPORTS_DECRYPT = 0x2 -+ KEYCTL_SUPPORTS_ENCRYPT = 0x1 -+ KEYCTL_SUPPORTS_SIGN = 0x4 -+ KEYCTL_SUPPORTS_VERIFY = 0x8 -+ KEYCTL_UNLINK = 0x9 -+ KEYCTL_UPDATE = 0x2 -+ KEY_REQKEY_DEFL_DEFAULT = 0x0 -+ KEY_REQKEY_DEFL_GROUP_KEYRING = 0x6 -+ KEY_REQKEY_DEFL_NO_CHANGE = -0x1 -+ KEY_REQKEY_DEFL_PROCESS_KEYRING = 0x2 -+ KEY_REQKEY_DEFL_REQUESTOR_KEYRING = 0x7 -+ KEY_REQKEY_DEFL_SESSION_KEYRING = 0x3 -+ KEY_REQKEY_DEFL_THREAD_KEYRING = 0x1 -+ KEY_REQKEY_DEFL_USER_KEYRING = 0x4 -+ KEY_REQKEY_DEFL_USER_SESSION_KEYRING = 0x5 -+ KEY_SPEC_GROUP_KEYRING = -0x6 -+ KEY_SPEC_PROCESS_KEYRING = -0x2 -+ KEY_SPEC_REQKEY_AUTH_KEY = -0x7 -+ KEY_SPEC_REQUESTOR_KEYRING = -0x8 -+ KEY_SPEC_SESSION_KEYRING = -0x3 -+ KEY_SPEC_THREAD_KEYRING = -0x1 -+ KEY_SPEC_USER_KEYRING = -0x4 -+ KEY_SPEC_USER_SESSION_KEYRING = -0x5 -+ LINUX_REBOOT_CMD_CAD_OFF = 0x0 -+ LINUX_REBOOT_CMD_CAD_ON = 0x89abcdef -+ LINUX_REBOOT_CMD_HALT = 0xcdef0123 -+ LINUX_REBOOT_CMD_KEXEC = 0x45584543 -+ LINUX_REBOOT_CMD_POWER_OFF = 0x4321fedc -+ LINUX_REBOOT_CMD_RESTART = 0x1234567 -+ LINUX_REBOOT_CMD_RESTART2 = 0xa1b2c3d4 -+ LINUX_REBOOT_CMD_SW_SUSPEND = 0xd000fce2 -+ LINUX_REBOOT_MAGIC1 = 0xfee1dead -+ LINUX_REBOOT_MAGIC2 = 0x28121969 -+ LOCK_EX = 0x2 -+ LOCK_NB = 0x4 -+ LOCK_SH = 0x1 -+ LOCK_UN = 0x8 -+ MADV_DODUMP = 0x11 -+ MADV_DOFORK = 0xb -+ MADV_DONTDUMP = 0x10 -+ MADV_DONTFORK = 0xa -+ MADV_DONTNEED = 0x4 -+ MADV_FREE = 0x8 -+ MADV_HUGEPAGE = 0xe -+ MADV_HWPOISON = 0x64 -+ MADV_KEEPONFORK = 0x13 -+ MADV_MERGEABLE = 0xc -+ MADV_NOHUGEPAGE = 0xf -+ MADV_NORMAL = 0x0 -+ MADV_RANDOM = 0x1 -+ MADV_REMOVE = 0x9 -+ MADV_SEQUENTIAL = 0x2 -+ MADV_UNMERGEABLE = 0xd -+ MADV_WILLNEED = 0x3 -+ MADV_WIPEONFORK = 0x12 -+ MAP_ANON = 0x20 -+ MAP_ANONYMOUS = 0x20 -+ MAP_DENYWRITE = 0x800 -+ MAP_EXECUTABLE = 0x1000 -+ MAP_FILE = 0x0 -+ MAP_FIXED = 0x10 -+ MAP_FIXED_NOREPLACE = 0x100000 -+ MAP_GROWSDOWN = 0x100 -+ MAP_HUGETLB = 0x40000 -+ MAP_HUGE_MASK = 0x3f -+ MAP_HUGE_SHIFT = 0x1a -+ MAP_LOCKED = 0x2000 -+ MAP_NONBLOCK = 0x10000 -+ MAP_NORESERVE = 0x4000 -+ MAP_POPULATE = 0x8000 -+ MAP_PRIVATE = 0x2 -+ MAP_SHARED = 0x1 -+ MAP_SHARED_VALIDATE = 0x3 -+ MAP_STACK = 0x20000 -+ MAP_SYNC = 0x80000 -+ MAP_TYPE = 0xf -+ MCL_CURRENT = 0x1 -+ MCL_FUTURE = 0x2 -+ MCL_ONFAULT = 0x4 -+ MFD_ALLOW_SEALING = 0x2 -+ MFD_CLOEXEC = 0x1 -+ MFD_HUGETLB = 0x4 -+ MFD_HUGE_16GB = -0x78000000 -+ MFD_HUGE_16MB = 0x60000000 -+ MFD_HUGE_1GB = 0x78000000 -+ MFD_HUGE_1MB = 0x50000000 -+ MFD_HUGE_256MB = 0x70000000 -+ MFD_HUGE_2GB = 0x7c000000 -+ MFD_HUGE_2MB = 0x54000000 -+ MFD_HUGE_32MB = 0x64000000 -+ MFD_HUGE_512KB = 0x4c000000 -+ MFD_HUGE_512MB = 0x74000000 -+ MFD_HUGE_64KB = 0x40000000 -+ MFD_HUGE_8MB = 0x5c000000 -+ MFD_HUGE_MASK = 0x3f -+ MFD_HUGE_SHIFT = 0x1a -+ MINIX2_SUPER_MAGIC = 0x2468 -+ MINIX2_SUPER_MAGIC2 = 0x2478 -+ MINIX3_SUPER_MAGIC = 0x4d5a -+ MINIX_SUPER_MAGIC = 0x137f -+ MINIX_SUPER_MAGIC2 = 0x138f -+ MNT_DETACH = 0x2 -+ MNT_EXPIRE = 0x4 -+ MNT_FORCE = 0x1 -+ MODULE_INIT_IGNORE_MODVERSIONS = 0x1 -+ MODULE_INIT_IGNORE_VERMAGIC = 0x2 -+ MSDOS_SUPER_MAGIC = 0x4d44 -+ MSG_BATCH = 0x40000 -+ MSG_CMSG_CLOEXEC = 0x40000000 -+ MSG_CONFIRM = 0x800 -+ MSG_CTRUNC = 0x8 -+ MSG_DONTROUTE = 0x4 -+ MSG_DONTWAIT = 0x40 -+ MSG_EOR = 0x80 -+ MSG_ERRQUEUE = 0x2000 -+ MSG_FASTOPEN = 0x20000000 -+ MSG_FIN = 0x200 -+ MSG_MORE = 0x8000 -+ MSG_NOSIGNAL = 0x4000 -+ MSG_OOB = 0x1 -+ MSG_PEEK = 0x2 -+ MSG_PROXY = 0x10 -+ MSG_RST = 0x1000 -+ MSG_SYN = 0x400 -+ MSG_TRUNC = 0x20 -+ MSG_TRYHARD = 0x4 -+ MSG_WAITALL = 0x100 -+ MSG_WAITFORONE = 0x10000 -+ MSG_ZEROCOPY = 0x4000000 -+ MS_ACTIVE = 0x40000000 -+ MS_ASYNC = 0x1 -+ MS_BIND = 0x1000 -+ MS_BORN = 0x20000000 -+ MS_DIRSYNC = 0x80 -+ MS_INVALIDATE = 0x2 -+ MS_I_VERSION = 0x800000 -+ MS_KERNMOUNT = 0x400000 -+ MS_LAZYTIME = 0x2000000 -+ MS_MANDLOCK = 0x40 -+ MS_MGC_MSK = 0xffff0000 -+ MS_MGC_VAL = 0xc0ed0000 -+ MS_MOVE = 0x2000 -+ MS_NOATIME = 0x400 -+ MS_NODEV = 0x4 -+ MS_NODIRATIME = 0x800 -+ MS_NOEXEC = 0x8 -+ MS_NOREMOTELOCK = 0x8000000 -+ MS_NOSEC = 0x10000000 -+ MS_NOSUID = 0x2 -+ MS_NOUSER = -0x80000000 -+ MS_POSIXACL = 0x10000 -+ MS_PRIVATE = 0x40000 -+ MS_RDONLY = 0x1 -+ MS_REC = 0x4000 -+ MS_RELATIME = 0x200000 -+ MS_REMOUNT = 0x20 -+ MS_RMT_MASK = 0x2800051 -+ MS_SHARED = 0x100000 -+ MS_SILENT = 0x8000 -+ MS_SLAVE = 0x80000 -+ MS_STRICTATIME = 0x1000000 -+ MS_SUBMOUNT = 0x4000000 -+ MS_SYNC = 0x4 -+ MS_SYNCHRONOUS = 0x10 -+ MS_UNBINDABLE = 0x20000 -+ MS_VERBOSE = 0x8000 -+ MTD_INODE_FS_MAGIC = 0x11307854 -+ NAME_MAX = 0xff -+ NCP_SUPER_MAGIC = 0x564c -+ NETLINK_ADD_MEMBERSHIP = 0x1 -+ NETLINK_AUDIT = 0x9 -+ NETLINK_BROADCAST_ERROR = 0x4 -+ NETLINK_CAP_ACK = 0xa -+ NETLINK_CONNECTOR = 0xb -+ NETLINK_CRYPTO = 0x15 -+ NETLINK_DNRTMSG = 0xe -+ NETLINK_DROP_MEMBERSHIP = 0x2 -+ NETLINK_ECRYPTFS = 0x13 -+ NETLINK_EXT_ACK = 0xb -+ NETLINK_FIB_LOOKUP = 0xa -+ NETLINK_FIREWALL = 0x3 -+ NETLINK_GENERIC = 0x10 -+ NETLINK_GET_STRICT_CHK = 0xc -+ NETLINK_INET_DIAG = 0x4 -+ NETLINK_IP6_FW = 0xd -+ NETLINK_ISCSI = 0x8 -+ NETLINK_KOBJECT_UEVENT = 0xf -+ NETLINK_LISTEN_ALL_NSID = 0x8 -+ NETLINK_LIST_MEMBERSHIPS = 0x9 -+ NETLINK_NETFILTER = 0xc -+ NETLINK_NFLOG = 0x5 -+ NETLINK_NO_ENOBUFS = 0x5 -+ NETLINK_PKTINFO = 0x3 -+ NETLINK_RDMA = 0x14 -+ NETLINK_ROUTE = 0x0 -+ NETLINK_RX_RING = 0x6 -+ NETLINK_SCSITRANSPORT = 0x12 -+ NETLINK_SELINUX = 0x7 -+ NETLINK_SMC = 0x16 -+ NETLINK_SOCK_DIAG = 0x4 -+ NETLINK_TX_RING = 0x7 -+ NETLINK_UNUSED = 0x1 -+ NETLINK_USERSOCK = 0x2 -+ NETLINK_XFRM = 0x6 -+ NETNSA_MAX = 0x5 -+ NETNSA_NSID_NOT_ASSIGNED = -0x1 -+ NFNETLINK_V0 = 0x0 -+ NFNLGRP_ACCT_QUOTA = 0x8 -+ NFNLGRP_CONNTRACK_DESTROY = 0x3 -+ NFNLGRP_CONNTRACK_EXP_DESTROY = 0x6 -+ NFNLGRP_CONNTRACK_EXP_NEW = 0x4 -+ NFNLGRP_CONNTRACK_EXP_UPDATE = 0x5 -+ NFNLGRP_CONNTRACK_NEW = 0x1 -+ NFNLGRP_CONNTRACK_UPDATE = 0x2 -+ NFNLGRP_MAX = 0x9 -+ NFNLGRP_NFTABLES = 0x7 -+ NFNLGRP_NFTRACE = 0x9 -+ NFNLGRP_NONE = 0x0 -+ NFNL_BATCH_MAX = 0x1 -+ NFNL_MSG_BATCH_BEGIN = 0x10 -+ NFNL_MSG_BATCH_END = 0x11 -+ NFNL_NFA_NEST = 0x8000 -+ NFNL_SUBSYS_ACCT = 0x7 -+ NFNL_SUBSYS_COUNT = 0xc -+ NFNL_SUBSYS_CTHELPER = 0x9 -+ NFNL_SUBSYS_CTNETLINK = 0x1 -+ NFNL_SUBSYS_CTNETLINK_EXP = 0x2 -+ NFNL_SUBSYS_CTNETLINK_TIMEOUT = 0x8 -+ NFNL_SUBSYS_IPSET = 0x6 -+ NFNL_SUBSYS_NFTABLES = 0xa -+ NFNL_SUBSYS_NFT_COMPAT = 0xb -+ NFNL_SUBSYS_NONE = 0x0 -+ NFNL_SUBSYS_OSF = 0x5 -+ NFNL_SUBSYS_QUEUE = 0x3 -+ NFNL_SUBSYS_ULOG = 0x4 -+ NFS_SUPER_MAGIC = 0x6969 -+ NILFS_SUPER_MAGIC = 0x3434 -+ NL0 = 0x0 -+ NL1 = 0x100 -+ NLA_ALIGNTO = 0x4 -+ NLA_F_NESTED = 0x8000 -+ NLA_F_NET_BYTEORDER = 0x4000 -+ NLA_HDRLEN = 0x4 -+ NLDLY = 0x100 -+ NLMSG_ALIGNTO = 0x4 -+ NLMSG_DONE = 0x3 -+ NLMSG_ERROR = 0x2 -+ NLMSG_HDRLEN = 0x10 -+ NLMSG_MIN_TYPE = 0x10 -+ NLMSG_NOOP = 0x1 -+ NLMSG_OVERRUN = 0x4 -+ NLM_F_ACK = 0x4 -+ NLM_F_ACK_TLVS = 0x200 -+ NLM_F_APPEND = 0x800 -+ NLM_F_ATOMIC = 0x400 -+ NLM_F_CAPPED = 0x100 -+ NLM_F_CREATE = 0x400 -+ NLM_F_DUMP = 0x300 -+ NLM_F_DUMP_FILTERED = 0x20 -+ NLM_F_DUMP_INTR = 0x10 -+ NLM_F_ECHO = 0x8 -+ NLM_F_EXCL = 0x200 -+ NLM_F_MATCH = 0x200 -+ NLM_F_MULTI = 0x2 -+ NLM_F_NONREC = 0x100 -+ NLM_F_REPLACE = 0x100 -+ NLM_F_REQUEST = 0x1 -+ NLM_F_ROOT = 0x100 -+ NOFLSH = 0x80 -+ NSFS_MAGIC = 0x6e736673 -+ OCFS2_SUPER_MAGIC = 0x7461636f -+ OCRNL = 0x8 -+ OFDEL = 0x80 -+ OFILL = 0x40 -+ OLCUC = 0x2 -+ ONLCR = 0x4 -+ ONLRET = 0x20 -+ ONOCR = 0x10 -+ OPENPROM_SUPER_MAGIC = 0x9fa1 -+ OPOST = 0x1 -+ OVERLAYFS_SUPER_MAGIC = 0x794c7630 -+ O_ACCMODE = 0x3 -+ O_APPEND = 0x400 -+ O_ASYNC = 0x2000 -+ O_CLOEXEC = 0x80000 -+ O_CREAT = 0x40 -+ O_DIRECT = 0x4000 -+ O_DIRECTORY = 0x10000 -+ O_DSYNC = 0x1000 -+ O_EXCL = 0x80 -+ O_FSYNC = 0x101000 -+ O_LARGEFILE = 0x0 -+ O_NDELAY = 0x800 -+ O_NOATIME = 0x40000 -+ O_NOCTTY = 0x100 -+ O_NOFOLLOW = 0x20000 -+ O_NONBLOCK = 0x800 -+ O_PATH = 0x200000 -+ O_RDONLY = 0x0 -+ O_RDWR = 0x2 -+ O_RSYNC = 0x101000 -+ O_SYNC = 0x101000 -+ O_TMPFILE = 0x410000 -+ O_TRUNC = 0x200 -+ O_WRONLY = 0x1 -+ PACKET_ADD_MEMBERSHIP = 0x1 -+ PACKET_AUXDATA = 0x8 -+ PACKET_BROADCAST = 0x1 -+ PACKET_COPY_THRESH = 0x7 -+ PACKET_DROP_MEMBERSHIP = 0x2 -+ PACKET_FANOUT = 0x12 -+ PACKET_FANOUT_CBPF = 0x6 -+ PACKET_FANOUT_CPU = 0x2 -+ PACKET_FANOUT_DATA = 0x16 -+ PACKET_FANOUT_EBPF = 0x7 -+ PACKET_FANOUT_FLAG_DEFRAG = 0x8000 -+ PACKET_FANOUT_FLAG_ROLLOVER = 0x1000 -+ PACKET_FANOUT_FLAG_UNIQUEID = 0x2000 -+ PACKET_FANOUT_HASH = 0x0 -+ PACKET_FANOUT_LB = 0x1 -+ PACKET_FANOUT_QM = 0x5 -+ PACKET_FANOUT_RND = 0x4 -+ PACKET_FANOUT_ROLLOVER = 0x3 -+ PACKET_FASTROUTE = 0x6 -+ PACKET_HDRLEN = 0xb -+ PACKET_HOST = 0x0 -+ PACKET_IGNORE_OUTGOING = 0x17 -+ PACKET_KERNEL = 0x7 -+ PACKET_LOOPBACK = 0x5 -+ PACKET_LOSS = 0xe -+ PACKET_MR_ALLMULTI = 0x2 -+ PACKET_MR_MULTICAST = 0x0 -+ PACKET_MR_PROMISC = 0x1 -+ PACKET_MR_UNICAST = 0x3 -+ PACKET_MULTICAST = 0x2 -+ PACKET_ORIGDEV = 0x9 -+ PACKET_OTHERHOST = 0x3 -+ PACKET_OUTGOING = 0x4 -+ PACKET_QDISC_BYPASS = 0x14 -+ PACKET_RECV_OUTPUT = 0x3 -+ PACKET_RESERVE = 0xc -+ PACKET_ROLLOVER_STATS = 0x15 -+ PACKET_RX_RING = 0x5 -+ PACKET_STATISTICS = 0x6 -+ PACKET_TIMESTAMP = 0x11 -+ PACKET_TX_HAS_OFF = 0x13 -+ PACKET_TX_RING = 0xd -+ PACKET_TX_TIMESTAMP = 0x10 -+ PACKET_USER = 0x6 -+ PACKET_VERSION = 0xa -+ PACKET_VNET_HDR = 0xf -+ PARENB = 0x100 -+ PARITY_CRC16_PR0 = 0x2 -+ PARITY_CRC16_PR0_CCITT = 0x4 -+ PARITY_CRC16_PR1 = 0x3 -+ PARITY_CRC16_PR1_CCITT = 0x5 -+ PARITY_CRC32_PR0_CCITT = 0x6 -+ PARITY_CRC32_PR1_CCITT = 0x7 -+ PARITY_DEFAULT = 0x0 -+ PARITY_NONE = 0x1 -+ PARMRK = 0x8 -+ PARODD = 0x200 -+ PENDIN = 0x4000 -+ PERF_EVENT_IOC_DISABLE = 0x2401 -+ PERF_EVENT_IOC_ENABLE = 0x2400 -+ PERF_EVENT_IOC_ID = 0x80082407 -+ PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x4008240b -+ PERF_EVENT_IOC_PAUSE_OUTPUT = 0x40042409 -+ PERF_EVENT_IOC_PERIOD = 0x40082404 -+ PERF_EVENT_IOC_QUERY_BPF = 0xc008240a -+ PERF_EVENT_IOC_REFRESH = 0x2402 -+ PERF_EVENT_IOC_RESET = 0x2403 -+ PERF_EVENT_IOC_SET_BPF = 0x40042408 -+ PERF_EVENT_IOC_SET_FILTER = 0x40082406 -+ PERF_EVENT_IOC_SET_OUTPUT = 0x2405 -+ PIPEFS_MAGIC = 0x50495045 -+ PPPIOCATTACH = 0x4004743d -+ PPPIOCATTCHAN = 0x40047438 -+ PPPIOCCONNECT = 0x4004743a -+ PPPIOCDETACH = 0x4004743c -+ PPPIOCDISCONN = 0x7439 -+ PPPIOCGASYNCMAP = 0x80047458 -+ PPPIOCGCHAN = 0x80047437 -+ PPPIOCGDEBUG = 0x80047441 -+ PPPIOCGFLAGS = 0x8004745a -+ PPPIOCGIDLE = 0x8010743f -+ PPPIOCGL2TPSTATS = 0x80487436 -+ PPPIOCGMRU = 0x80047453 -+ PPPIOCGNPMODE = 0xc008744c -+ PPPIOCGRASYNCMAP = 0x80047455 -+ PPPIOCGUNIT = 0x80047456 -+ PPPIOCGXASYNCMAP = 0x80207450 -+ PPPIOCNEWUNIT = 0xc004743e -+ PPPIOCSACTIVE = 0x40107446 -+ PPPIOCSASYNCMAP = 0x40047457 -+ PPPIOCSCOMPRESS = 0x4010744d -+ PPPIOCSDEBUG = 0x40047440 -+ PPPIOCSFLAGS = 0x40047459 -+ PPPIOCSMAXCID = 0x40047451 -+ PPPIOCSMRRU = 0x4004743b -+ PPPIOCSMRU = 0x40047452 -+ PPPIOCSNPMODE = 0x4008744b -+ PPPIOCSPASS = 0x40107447 -+ PPPIOCSRASYNCMAP = 0x40047454 -+ PPPIOCSXASYNCMAP = 0x4020744f -+ PPPIOCXFERUNIT = 0x744e -+ PRIO_PGRP = 0x1 -+ PRIO_PROCESS = 0x0 -+ PRIO_USER = 0x2 -+ PROC_SUPER_MAGIC = 0x9fa0 -+ PROT_EXEC = 0x4 -+ PROT_GROWSDOWN = 0x1000000 -+ PROT_GROWSUP = 0x2000000 -+ PROT_NONE = 0x0 -+ PROT_READ = 0x1 -+ PROT_WRITE = 0x2 -+ PR_CAPBSET_DROP = 0x18 -+ PR_CAPBSET_READ = 0x17 -+ PR_CAP_AMBIENT = 0x2f -+ PR_CAP_AMBIENT_CLEAR_ALL = 0x4 -+ PR_CAP_AMBIENT_IS_SET = 0x1 -+ PR_CAP_AMBIENT_LOWER = 0x3 -+ PR_CAP_AMBIENT_RAISE = 0x2 -+ PR_ENDIAN_BIG = 0x0 -+ PR_ENDIAN_LITTLE = 0x1 -+ PR_ENDIAN_PPC_LITTLE = 0x2 -+ PR_FPEMU_NOPRINT = 0x1 -+ PR_FPEMU_SIGFPE = 0x2 -+ PR_FP_EXC_ASYNC = 0x2 -+ PR_FP_EXC_DISABLED = 0x0 -+ PR_FP_EXC_DIV = 0x10000 -+ PR_FP_EXC_INV = 0x100000 -+ PR_FP_EXC_NONRECOV = 0x1 -+ PR_FP_EXC_OVF = 0x20000 -+ PR_FP_EXC_PRECISE = 0x3 -+ PR_FP_EXC_RES = 0x80000 -+ PR_FP_EXC_SW_ENABLE = 0x80 -+ PR_FP_EXC_UND = 0x40000 -+ PR_FP_MODE_FR = 0x1 -+ PR_FP_MODE_FRE = 0x2 -+ PR_GET_CHILD_SUBREAPER = 0x25 -+ PR_GET_DUMPABLE = 0x3 -+ PR_GET_ENDIAN = 0x13 -+ PR_GET_FPEMU = 0x9 -+ PR_GET_FPEXC = 0xb -+ PR_GET_FP_MODE = 0x2e -+ PR_GET_KEEPCAPS = 0x7 -+ PR_GET_NAME = 0x10 -+ PR_GET_NO_NEW_PRIVS = 0x27 -+ PR_GET_PDEATHSIG = 0x2 -+ PR_GET_SECCOMP = 0x15 -+ PR_GET_SECUREBITS = 0x1b -+ PR_GET_SPECULATION_CTRL = 0x34 -+ PR_GET_THP_DISABLE = 0x2a -+ PR_GET_TID_ADDRESS = 0x28 -+ PR_GET_TIMERSLACK = 0x1e -+ PR_GET_TIMING = 0xd -+ PR_GET_TSC = 0x19 -+ PR_GET_UNALIGN = 0x5 -+ PR_MCE_KILL = 0x21 -+ PR_MCE_KILL_CLEAR = 0x0 -+ PR_MCE_KILL_DEFAULT = 0x2 -+ PR_MCE_KILL_EARLY = 0x1 -+ PR_MCE_KILL_GET = 0x22 -+ PR_MCE_KILL_LATE = 0x0 -+ PR_MCE_KILL_SET = 0x1 -+ PR_MPX_DISABLE_MANAGEMENT = 0x2c -+ PR_MPX_ENABLE_MANAGEMENT = 0x2b -+ PR_PAC_APDAKEY = 0x4 -+ PR_PAC_APDBKEY = 0x8 -+ PR_PAC_APGAKEY = 0x10 -+ PR_PAC_APIAKEY = 0x1 -+ PR_PAC_APIBKEY = 0x2 -+ PR_PAC_RESET_KEYS = 0x36 -+ PR_SET_CHILD_SUBREAPER = 0x24 -+ PR_SET_DUMPABLE = 0x4 -+ PR_SET_ENDIAN = 0x14 -+ PR_SET_FPEMU = 0xa -+ PR_SET_FPEXC = 0xc -+ PR_SET_FP_MODE = 0x2d -+ PR_SET_KEEPCAPS = 0x8 -+ PR_SET_MM = 0x23 -+ PR_SET_MM_ARG_END = 0x9 -+ PR_SET_MM_ARG_START = 0x8 -+ PR_SET_MM_AUXV = 0xc -+ PR_SET_MM_BRK = 0x7 -+ PR_SET_MM_END_CODE = 0x2 -+ PR_SET_MM_END_DATA = 0x4 -+ PR_SET_MM_ENV_END = 0xb -+ PR_SET_MM_ENV_START = 0xa -+ PR_SET_MM_EXE_FILE = 0xd -+ PR_SET_MM_MAP = 0xe -+ PR_SET_MM_MAP_SIZE = 0xf -+ PR_SET_MM_START_BRK = 0x6 -+ PR_SET_MM_START_CODE = 0x1 -+ PR_SET_MM_START_DATA = 0x3 -+ PR_SET_MM_START_STACK = 0x5 -+ PR_SET_NAME = 0xf -+ PR_SET_NO_NEW_PRIVS = 0x26 -+ PR_SET_PDEATHSIG = 0x1 -+ PR_SET_PTRACER = 0x59616d61 -+ PR_SET_PTRACER_ANY = 0xffffffffffffffff -+ PR_SET_SECCOMP = 0x16 -+ PR_SET_SECUREBITS = 0x1c -+ PR_SET_SPECULATION_CTRL = 0x35 -+ PR_SET_THP_DISABLE = 0x29 -+ PR_SET_TIMERSLACK = 0x1d -+ PR_SET_TIMING = 0xe -+ PR_SET_TSC = 0x1a -+ PR_SET_UNALIGN = 0x6 -+ PR_SPEC_DISABLE = 0x4 -+ PR_SPEC_ENABLE = 0x2 -+ PR_SPEC_FORCE_DISABLE = 0x8 -+ PR_SPEC_INDIRECT_BRANCH = 0x1 -+ PR_SPEC_NOT_AFFECTED = 0x0 -+ PR_SPEC_PRCTL = 0x1 -+ PR_SPEC_STORE_BYPASS = 0x0 -+ PR_SVE_GET_VL = 0x33 -+ PR_SVE_SET_VL = 0x32 -+ PR_SVE_SET_VL_ONEXEC = 0x40000 -+ PR_SVE_VL_INHERIT = 0x20000 -+ PR_SVE_VL_LEN_MASK = 0xffff -+ PR_TASK_PERF_EVENTS_DISABLE = 0x1f -+ PR_TASK_PERF_EVENTS_ENABLE = 0x20 -+ PR_TIMING_STATISTICAL = 0x0 -+ PR_TIMING_TIMESTAMP = 0x1 -+ PR_TSC_ENABLE = 0x1 -+ PR_TSC_SIGSEGV = 0x2 -+ PR_UNALIGN_NOPRINT = 0x1 -+ PR_UNALIGN_SIGBUS = 0x2 -+ PSTOREFS_MAGIC = 0x6165676c -+ PTRACE_ATTACH = 0x10 -+ PTRACE_CONT = 0x7 -+ PTRACE_DETACH = 0x11 -+ PTRACE_EVENT_CLONE = 0x3 -+ PTRACE_EVENT_EXEC = 0x4 -+ PTRACE_EVENT_EXIT = 0x6 -+ PTRACE_EVENT_FORK = 0x1 -+ PTRACE_EVENT_SECCOMP = 0x7 -+ PTRACE_EVENT_STOP = 0x80 -+ PTRACE_EVENT_VFORK = 0x2 -+ PTRACE_EVENT_VFORK_DONE = 0x5 -+ PTRACE_GETEVENTMSG = 0x4201 -+ PTRACE_GETREGS = 0xc -+ PTRACE_GETREGSET = 0x4204 -+ PTRACE_GETSIGINFO = 0x4202 -+ PTRACE_GETSIGMASK = 0x420a -+ PTRACE_INTERRUPT = 0x4207 -+ PTRACE_KILL = 0x8 -+ PTRACE_LISTEN = 0x4208 -+ PTRACE_O_EXITKILL = 0x100000 -+ PTRACE_O_MASK = 0x3000ff -+ PTRACE_O_SUSPEND_SECCOMP = 0x200000 -+ PTRACE_O_TRACECLONE = 0x8 -+ PTRACE_O_TRACEEXEC = 0x10 -+ PTRACE_O_TRACEEXIT = 0x40 -+ PTRACE_O_TRACEFORK = 0x2 -+ PTRACE_O_TRACESECCOMP = 0x80 -+ PTRACE_O_TRACESYSGOOD = 0x1 -+ PTRACE_O_TRACEVFORK = 0x4 -+ PTRACE_O_TRACEVFORKDONE = 0x20 -+ PTRACE_PEEKDATA = 0x2 -+ PTRACE_PEEKSIGINFO = 0x4209 -+ PTRACE_PEEKSIGINFO_SHARED = 0x1 -+ PTRACE_PEEKTEXT = 0x1 -+ PTRACE_PEEKUSR = 0x3 -+ PTRACE_POKEDATA = 0x5 -+ PTRACE_POKETEXT = 0x4 -+ PTRACE_POKEUSR = 0x6 -+ PTRACE_SECCOMP_GET_FILTER = 0x420c -+ PTRACE_SECCOMP_GET_METADATA = 0x420d -+ PTRACE_SEIZE = 0x4206 -+ PTRACE_SETOPTIONS = 0x4200 -+ PTRACE_SETREGS = 0xd -+ PTRACE_SETREGSET = 0x4205 -+ PTRACE_SETSIGINFO = 0x4203 -+ PTRACE_SETSIGMASK = 0x420b -+ PTRACE_SINGLESTEP = 0x9 -+ PTRACE_SYSCALL = 0x18 -+ PTRACE_TRACEME = 0x0 -+ QNX4_SUPER_MAGIC = 0x2f -+ QNX6_SUPER_MAGIC = 0x68191122 -+ RAMFS_MAGIC = 0x858458f6 -+ RDTGROUP_SUPER_MAGIC = 0x7655821 -+ REISERFS_SUPER_MAGIC = 0x52654973 -+ RENAME_EXCHANGE = 0x2 -+ RENAME_NOREPLACE = 0x1 -+ RENAME_WHITEOUT = 0x4 -+ RLIMIT_AS = 0x9 -+ RLIMIT_CORE = 0x4 -+ RLIMIT_CPU = 0x0 -+ RLIMIT_DATA = 0x2 -+ RLIMIT_FSIZE = 0x1 -+ RLIMIT_LOCKS = 0xa -+ RLIMIT_MEMLOCK = 0x8 -+ RLIMIT_MSGQUEUE = 0xc -+ RLIMIT_NICE = 0xd -+ RLIMIT_NOFILE = 0x7 -+ RLIMIT_NPROC = 0x6 -+ RLIMIT_RSS = 0x5 -+ RLIMIT_RTPRIO = 0xe -+ RLIMIT_RTTIME = 0xf -+ RLIMIT_SIGPENDING = 0xb -+ RLIMIT_STACK = 0x3 -+ RLIM_INFINITY = 0xffffffffffffffff -+ RNDADDENTROPY = 0x40085203 -+ RNDADDTOENTCNT = 0x40045201 -+ RNDCLEARPOOL = 0x5206 -+ RNDGETENTCNT = 0x80045200 -+ RNDGETPOOL = 0x80085202 -+ RNDRESEEDCRNG = 0x5207 -+ RNDZAPENTCNT = 0x5204 -+ RTAX_ADVMSS = 0x8 -+ RTAX_CC_ALGO = 0x10 -+ RTAX_CWND = 0x7 -+ RTAX_FASTOPEN_NO_COOKIE = 0x11 -+ RTAX_FEATURES = 0xc -+ RTAX_FEATURE_ALLFRAG = 0x8 -+ RTAX_FEATURE_ECN = 0x1 -+ RTAX_FEATURE_MASK = 0xf -+ RTAX_FEATURE_SACK = 0x2 -+ RTAX_FEATURE_TIMESTAMP = 0x4 -+ RTAX_HOPLIMIT = 0xa -+ RTAX_INITCWND = 0xb -+ RTAX_INITRWND = 0xe -+ RTAX_LOCK = 0x1 -+ RTAX_MAX = 0x11 -+ RTAX_MTU = 0x2 -+ RTAX_QUICKACK = 0xf -+ RTAX_REORDERING = 0x9 -+ RTAX_RTO_MIN = 0xd -+ RTAX_RTT = 0x4 -+ RTAX_RTTVAR = 0x5 -+ RTAX_SSTHRESH = 0x6 -+ RTAX_UNSPEC = 0x0 -+ RTAX_WINDOW = 0x3 -+ RTA_ALIGNTO = 0x4 -+ RTA_MAX = 0x1d -+ RTCF_DIRECTSRC = 0x4000000 -+ RTCF_DOREDIRECT = 0x1000000 -+ RTCF_LOG = 0x2000000 -+ RTCF_MASQ = 0x400000 -+ RTCF_NAT = 0x800000 -+ RTCF_VALVE = 0x200000 -+ RTC_AF = 0x20 -+ RTC_AIE_OFF = 0x7002 -+ RTC_AIE_ON = 0x7001 -+ RTC_ALM_READ = 0x80247008 -+ RTC_ALM_SET = 0x40247007 -+ RTC_EPOCH_READ = 0x8008700d -+ RTC_EPOCH_SET = 0x4008700e -+ RTC_IRQF = 0x80 -+ RTC_IRQP_READ = 0x8008700b -+ RTC_IRQP_SET = 0x4008700c -+ RTC_MAX_FREQ = 0x2000 -+ RTC_PF = 0x40 -+ RTC_PIE_OFF = 0x7006 -+ RTC_PIE_ON = 0x7005 -+ RTC_PLL_GET = 0x80207011 -+ RTC_PLL_SET = 0x40207012 -+ RTC_RD_TIME = 0x80247009 -+ RTC_SET_TIME = 0x4024700a -+ RTC_UF = 0x10 -+ RTC_UIE_OFF = 0x7004 -+ RTC_UIE_ON = 0x7003 -+ RTC_VL_CLR = 0x7014 -+ RTC_VL_READ = 0x80047013 -+ RTC_WIE_OFF = 0x7010 -+ RTC_WIE_ON = 0x700f -+ RTC_WKALM_RD = 0x80287010 -+ RTC_WKALM_SET = 0x4028700f -+ RTF_ADDRCLASSMASK = 0xf8000000 -+ RTF_ADDRCONF = 0x40000 -+ RTF_ALLONLINK = 0x20000 -+ RTF_BROADCAST = 0x10000000 -+ RTF_CACHE = 0x1000000 -+ RTF_DEFAULT = 0x10000 -+ RTF_DYNAMIC = 0x10 -+ RTF_FLOW = 0x2000000 -+ RTF_GATEWAY = 0x2 -+ RTF_HOST = 0x4 -+ RTF_INTERFACE = 0x40000000 -+ RTF_IRTT = 0x100 -+ RTF_LINKRT = 0x100000 -+ RTF_LOCAL = 0x80000000 -+ RTF_MODIFIED = 0x20 -+ RTF_MSS = 0x40 -+ RTF_MTU = 0x40 -+ RTF_MULTICAST = 0x20000000 -+ RTF_NAT = 0x8000000 -+ RTF_NOFORWARD = 0x1000 -+ RTF_NONEXTHOP = 0x200000 -+ RTF_NOPMTUDISC = 0x4000 -+ RTF_POLICY = 0x4000000 -+ RTF_REINSTATE = 0x8 -+ RTF_REJECT = 0x200 -+ RTF_STATIC = 0x400 -+ RTF_THROW = 0x2000 -+ RTF_UP = 0x1 -+ RTF_WINDOW = 0x80 -+ RTF_XRESOLVE = 0x800 -+ RTM_BASE = 0x10 -+ RTM_DELACTION = 0x31 -+ RTM_DELADDR = 0x15 -+ RTM_DELADDRLABEL = 0x49 -+ RTM_DELCHAIN = 0x65 -+ RTM_DELLINK = 0x11 -+ RTM_DELMDB = 0x55 -+ RTM_DELNEIGH = 0x1d -+ RTM_DELNETCONF = 0x51 -+ RTM_DELNSID = 0x59 -+ RTM_DELQDISC = 0x25 -+ RTM_DELROUTE = 0x19 -+ RTM_DELRULE = 0x21 -+ RTM_DELTCLASS = 0x29 -+ RTM_DELTFILTER = 0x2d -+ RTM_F_CLONED = 0x200 -+ RTM_F_EQUALIZE = 0x400 -+ RTM_F_FIB_MATCH = 0x2000 -+ RTM_F_LOOKUP_TABLE = 0x1000 -+ RTM_F_NOTIFY = 0x100 -+ RTM_F_PREFIX = 0x800 -+ RTM_GETACTION = 0x32 -+ RTM_GETADDR = 0x16 -+ RTM_GETADDRLABEL = 0x4a -+ RTM_GETANYCAST = 0x3e -+ RTM_GETCHAIN = 0x66 -+ RTM_GETDCB = 0x4e -+ RTM_GETLINK = 0x12 -+ RTM_GETMDB = 0x56 -+ RTM_GETMULTICAST = 0x3a -+ RTM_GETNEIGH = 0x1e -+ RTM_GETNEIGHTBL = 0x42 -+ RTM_GETNETCONF = 0x52 -+ RTM_GETNSID = 0x5a -+ RTM_GETQDISC = 0x26 -+ RTM_GETROUTE = 0x1a -+ RTM_GETRULE = 0x22 -+ RTM_GETSTATS = 0x5e -+ RTM_GETTCLASS = 0x2a -+ RTM_GETTFILTER = 0x2e -+ RTM_MAX = 0x67 -+ RTM_NEWACTION = 0x30 -+ RTM_NEWADDR = 0x14 -+ RTM_NEWADDRLABEL = 0x48 -+ RTM_NEWCACHEREPORT = 0x60 -+ RTM_NEWCHAIN = 0x64 -+ RTM_NEWLINK = 0x10 -+ RTM_NEWMDB = 0x54 -+ RTM_NEWNDUSEROPT = 0x44 -+ RTM_NEWNEIGH = 0x1c -+ RTM_NEWNEIGHTBL = 0x40 -+ RTM_NEWNETCONF = 0x50 -+ RTM_NEWNSID = 0x58 -+ RTM_NEWPREFIX = 0x34 -+ RTM_NEWQDISC = 0x24 -+ RTM_NEWROUTE = 0x18 -+ RTM_NEWRULE = 0x20 -+ RTM_NEWSTATS = 0x5c -+ RTM_NEWTCLASS = 0x28 -+ RTM_NEWTFILTER = 0x2c -+ RTM_NR_FAMILIES = 0x16 -+ RTM_NR_MSGTYPES = 0x58 -+ RTM_SETDCB = 0x4f -+ RTM_SETLINK = 0x13 -+ RTM_SETNEIGHTBL = 0x43 -+ RTNH_ALIGNTO = 0x4 -+ RTNH_COMPARE_MASK = 0x19 -+ RTNH_F_DEAD = 0x1 -+ RTNH_F_LINKDOWN = 0x10 -+ RTNH_F_OFFLOAD = 0x8 -+ RTNH_F_ONLINK = 0x4 -+ RTNH_F_PERVASIVE = 0x2 -+ RTNH_F_UNRESOLVED = 0x20 -+ RTN_MAX = 0xb -+ RTPROT_BABEL = 0x2a -+ RTPROT_BGP = 0xba -+ RTPROT_BIRD = 0xc -+ RTPROT_BOOT = 0x3 -+ RTPROT_DHCP = 0x10 -+ RTPROT_DNROUTED = 0xd -+ RTPROT_EIGRP = 0xc0 -+ RTPROT_GATED = 0x8 -+ RTPROT_ISIS = 0xbb -+ RTPROT_KERNEL = 0x2 -+ RTPROT_MROUTED = 0x11 -+ RTPROT_MRT = 0xa -+ RTPROT_NTK = 0xf -+ RTPROT_OSPF = 0xbc -+ RTPROT_RA = 0x9 -+ RTPROT_REDIRECT = 0x1 -+ RTPROT_RIP = 0xbd -+ RTPROT_STATIC = 0x4 -+ RTPROT_UNSPEC = 0x0 -+ RTPROT_XORP = 0xe -+ RTPROT_ZEBRA = 0xb -+ RT_CLASS_DEFAULT = 0xfd -+ RT_CLASS_LOCAL = 0xff -+ RT_CLASS_MAIN = 0xfe -+ RT_CLASS_MAX = 0xff -+ RT_CLASS_UNSPEC = 0x0 -+ RUSAGE_CHILDREN = -0x1 -+ RUSAGE_SELF = 0x0 -+ RUSAGE_THREAD = 0x1 -+ SCM_CREDENTIALS = 0x2 -+ SCM_RIGHTS = 0x1 -+ SCM_TIMESTAMP = 0x1d -+ SCM_TIMESTAMPING = 0x25 -+ SCM_TIMESTAMPING_OPT_STATS = 0x36 -+ SCM_TIMESTAMPING_PKTINFO = 0x3a -+ SCM_TIMESTAMPNS = 0x23 -+ SCM_TXTIME = 0x3d -+ SCM_WIFI_STATUS = 0x29 -+ SC_LOG_FLUSH = 0x100000 -+ SECCOMP_MODE_DISABLED = 0x0 -+ SECCOMP_MODE_FILTER = 0x2 -+ SECCOMP_MODE_STRICT = 0x1 -+ SECURITYFS_MAGIC = 0x73636673 -+ SELINUX_MAGIC = 0xf97cff8c -+ SFD_CLOEXEC = 0x80000 -+ SFD_NONBLOCK = 0x800 -+ SHUT_RD = 0x0 -+ SHUT_RDWR = 0x2 -+ SHUT_WR = 0x1 -+ SIOCADDDLCI = 0x8980 -+ SIOCADDMULTI = 0x8931 -+ SIOCADDRT = 0x890b -+ SIOCATMARK = 0x8905 -+ SIOCBONDCHANGEACTIVE = 0x8995 -+ SIOCBONDENSLAVE = 0x8990 -+ SIOCBONDINFOQUERY = 0x8994 -+ SIOCBONDRELEASE = 0x8991 -+ SIOCBONDSETHWADDR = 0x8992 -+ SIOCBONDSLAVEINFOQUERY = 0x8993 -+ SIOCBRADDBR = 0x89a0 -+ SIOCBRADDIF = 0x89a2 -+ SIOCBRDELBR = 0x89a1 -+ SIOCBRDELIF = 0x89a3 -+ SIOCDARP = 0x8953 -+ SIOCDELDLCI = 0x8981 -+ SIOCDELMULTI = 0x8932 -+ SIOCDELRT = 0x890c -+ SIOCDEVPRIVATE = 0x89f0 -+ SIOCDIFADDR = 0x8936 -+ SIOCDRARP = 0x8960 -+ SIOCETHTOOL = 0x8946 -+ SIOCGARP = 0x8954 -+ SIOCGHWTSTAMP = 0x89b1 -+ SIOCGIFADDR = 0x8915 -+ SIOCGIFBR = 0x8940 -+ SIOCGIFBRDADDR = 0x8919 -+ SIOCGIFCONF = 0x8912 -+ SIOCGIFCOUNT = 0x8938 -+ SIOCGIFDSTADDR = 0x8917 -+ SIOCGIFENCAP = 0x8925 -+ SIOCGIFFLAGS = 0x8913 -+ SIOCGIFHWADDR = 0x8927 -+ SIOCGIFINDEX = 0x8933 -+ SIOCGIFMAP = 0x8970 -+ SIOCGIFMEM = 0x891f -+ SIOCGIFMETRIC = 0x891d -+ SIOCGIFMTU = 0x8921 -+ SIOCGIFNAME = 0x8910 -+ SIOCGIFNETMASK = 0x891b -+ SIOCGIFPFLAGS = 0x8935 -+ SIOCGIFSLAVE = 0x8929 -+ SIOCGIFTXQLEN = 0x8942 -+ SIOCGIFVLAN = 0x8982 -+ SIOCGMIIPHY = 0x8947 -+ SIOCGMIIREG = 0x8948 -+ SIOCGPGRP = 0x8904 -+ SIOCGPPPCSTATS = 0x89f2 -+ SIOCGPPPSTATS = 0x89f0 -+ SIOCGPPPVER = 0x89f1 -+ SIOCGRARP = 0x8961 -+ SIOCGSKNS = 0x894c -+ SIOCGSTAMP = 0x8906 -+ SIOCGSTAMPNS = 0x8907 -+ SIOCINQ = 0x541b -+ SIOCOUTQ = 0x5411 -+ SIOCOUTQNSD = 0x894b -+ SIOCPROTOPRIVATE = 0x89e0 -+ SIOCRTMSG = 0x890d -+ SIOCSARP = 0x8955 -+ SIOCSHWTSTAMP = 0x89b0 -+ SIOCSIFADDR = 0x8916 -+ SIOCSIFBR = 0x8941 -+ SIOCSIFBRDADDR = 0x891a -+ SIOCSIFDSTADDR = 0x8918 -+ SIOCSIFENCAP = 0x8926 -+ SIOCSIFFLAGS = 0x8914 -+ SIOCSIFHWADDR = 0x8924 -+ SIOCSIFHWBROADCAST = 0x8937 -+ SIOCSIFLINK = 0x8911 -+ SIOCSIFMAP = 0x8971 -+ SIOCSIFMEM = 0x8920 -+ SIOCSIFMETRIC = 0x891e -+ SIOCSIFMTU = 0x8922 -+ SIOCSIFNAME = 0x8923 -+ SIOCSIFNETMASK = 0x891c -+ SIOCSIFPFLAGS = 0x8934 -+ SIOCSIFSLAVE = 0x8930 -+ SIOCSIFTXQLEN = 0x8943 -+ SIOCSIFVLAN = 0x8983 -+ SIOCSMIIREG = 0x8949 -+ SIOCSPGRP = 0x8902 -+ SIOCSRARP = 0x8962 -+ SIOCWANDEV = 0x894a -+ SMACK_MAGIC = 0x43415d53 -+ SMART_AUTOSAVE = 0xd2 -+ SMART_AUTO_OFFLINE = 0xdb -+ SMART_DISABLE = 0xd9 -+ SMART_ENABLE = 0xd8 -+ SMART_HCYL_PASS = 0xc2 -+ SMART_IMMEDIATE_OFFLINE = 0xd4 -+ SMART_LCYL_PASS = 0x4f -+ SMART_READ_LOG_SECTOR = 0xd5 -+ SMART_READ_THRESHOLDS = 0xd1 -+ SMART_READ_VALUES = 0xd0 -+ SMART_SAVE = 0xd3 -+ SMART_STATUS = 0xda -+ SMART_WRITE_LOG_SECTOR = 0xd6 -+ SMART_WRITE_THRESHOLDS = 0xd7 -+ SMB_SUPER_MAGIC = 0x517b -+ SOCKFS_MAGIC = 0x534f434b -+ SOCK_CLOEXEC = 0x80000 -+ SOCK_DCCP = 0x6 -+ SOCK_DGRAM = 0x2 -+ SOCK_IOC_TYPE = 0x89 -+ SOCK_NONBLOCK = 0x800 -+ SOCK_PACKET = 0xa -+ SOCK_RAW = 0x3 -+ SOCK_RDM = 0x4 -+ SOCK_SEQPACKET = 0x5 -+ SOCK_STREAM = 0x1 -+ SOL_AAL = 0x109 -+ SOL_ALG = 0x117 -+ SOL_ATM = 0x108 -+ SOL_CAIF = 0x116 -+ SOL_CAN_BASE = 0x64 -+ SOL_DCCP = 0x10d -+ SOL_DECNET = 0x105 -+ SOL_ICMPV6 = 0x3a -+ SOL_IP = 0x0 -+ SOL_IPV6 = 0x29 -+ SOL_IRDA = 0x10a -+ SOL_IUCV = 0x115 -+ SOL_KCM = 0x119 -+ SOL_LLC = 0x10c -+ SOL_NETBEUI = 0x10b -+ SOL_NETLINK = 0x10e -+ SOL_NFC = 0x118 -+ SOL_PACKET = 0x107 -+ SOL_PNPIPE = 0x113 -+ SOL_PPPOL2TP = 0x111 -+ SOL_RAW = 0xff -+ SOL_RDS = 0x114 -+ SOL_RXRPC = 0x110 -+ SOL_SOCKET = 0x1 -+ SOL_TCP = 0x6 -+ SOL_TIPC = 0x10f -+ SOL_TLS = 0x11a -+ SOL_X25 = 0x106 -+ SOL_XDP = 0x11b -+ SOMAXCONN = 0x80 -+ SO_ACCEPTCONN = 0x1e -+ SO_ATTACH_BPF = 0x32 -+ SO_ATTACH_FILTER = 0x1a -+ SO_ATTACH_REUSEPORT_CBPF = 0x33 -+ SO_ATTACH_REUSEPORT_EBPF = 0x34 -+ SO_BINDTODEVICE = 0x19 -+ SO_BPF_EXTENSIONS = 0x30 -+ SO_BROADCAST = 0x6 -+ SO_BSDCOMPAT = 0xe -+ SO_BUSY_POLL = 0x2e -+ SO_CNX_ADVICE = 0x35 -+ SO_COOKIE = 0x39 -+ SO_DEBUG = 0x1 -+ SO_DETACH_BPF = 0x1b -+ SO_DETACH_FILTER = 0x1b -+ SO_DOMAIN = 0x27 -+ SO_DONTROUTE = 0x5 -+ SO_EE_CODE_TXTIME_INVALID_PARAM = 0x1 -+ SO_EE_CODE_TXTIME_MISSED = 0x2 -+ SO_EE_CODE_ZEROCOPY_COPIED = 0x1 -+ SO_EE_ORIGIN_ICMP = 0x2 -+ SO_EE_ORIGIN_ICMP6 = 0x3 -+ SO_EE_ORIGIN_LOCAL = 0x1 -+ SO_EE_ORIGIN_NONE = 0x0 -+ SO_EE_ORIGIN_TIMESTAMPING = 0x4 -+ SO_EE_ORIGIN_TXSTATUS = 0x4 -+ SO_EE_ORIGIN_TXTIME = 0x6 -+ SO_EE_ORIGIN_ZEROCOPY = 0x5 -+ SO_ERROR = 0x4 -+ SO_GET_FILTER = 0x1a -+ SO_INCOMING_CPU = 0x31 -+ SO_INCOMING_NAPI_ID = 0x38 -+ SO_KEEPALIVE = 0x9 -+ SO_LINGER = 0xd -+ SO_LOCK_FILTER = 0x2c -+ SO_MARK = 0x24 -+ SO_MAX_PACING_RATE = 0x2f -+ SO_MEMINFO = 0x37 -+ SO_NOFCS = 0x2b -+ SO_NO_CHECK = 0xb -+ SO_OOBINLINE = 0xa -+ SO_PASSCRED = 0x10 -+ SO_PASSSEC = 0x22 -+ SO_PEEK_OFF = 0x2a -+ SO_PEERCRED = 0x11 -+ SO_PEERGROUPS = 0x3b -+ SO_PEERNAME = 0x1c -+ SO_PEERSEC = 0x1f -+ SO_PRIORITY = 0xc -+ SO_PROTOCOL = 0x26 -+ SO_RCVBUF = 0x8 -+ SO_RCVBUFFORCE = 0x21 -+ SO_RCVLOWAT = 0x12 -+ SO_RCVTIMEO = 0x14 -+ SO_REUSEADDR = 0x2 -+ SO_REUSEPORT = 0xf -+ SO_RXQ_OVFL = 0x28 -+ SO_SECURITY_AUTHENTICATION = 0x16 -+ SO_SECURITY_ENCRYPTION_NETWORK = 0x18 -+ SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17 -+ SO_SELECT_ERR_QUEUE = 0x2d -+ SO_SNDBUF = 0x7 -+ SO_SNDBUFFORCE = 0x20 -+ SO_SNDLOWAT = 0x13 -+ SO_SNDTIMEO = 0x15 -+ SO_TIMESTAMP = 0x1d -+ SO_TIMESTAMPING = 0x25 -+ SO_TIMESTAMPNS = 0x23 -+ SO_TXTIME = 0x3d -+ SO_TYPE = 0x3 -+ SO_VM_SOCKETS_BUFFER_MAX_SIZE = 0x2 -+ SO_VM_SOCKETS_BUFFER_MIN_SIZE = 0x1 -+ SO_VM_SOCKETS_BUFFER_SIZE = 0x0 -+ SO_VM_SOCKETS_CONNECT_TIMEOUT = 0x6 -+ SO_VM_SOCKETS_NONBLOCK_TXRX = 0x7 -+ SO_VM_SOCKETS_PEER_HOST_VM_ID = 0x3 -+ SO_VM_SOCKETS_TRUSTED = 0x5 -+ SO_WIFI_STATUS = 0x29 -+ SO_ZEROCOPY = 0x3c -+ SPLICE_F_GIFT = 0x8 -+ SPLICE_F_MORE = 0x4 -+ SPLICE_F_MOVE = 0x1 -+ SPLICE_F_NONBLOCK = 0x2 -+ SQUASHFS_MAGIC = 0x73717368 -+ STACK_END_MAGIC = 0x57ac6e9d -+ STATX_ALL = 0xfff -+ STATX_ATIME = 0x20 -+ STATX_ATTR_APPEND = 0x20 -+ STATX_ATTR_AUTOMOUNT = 0x1000 -+ STATX_ATTR_COMPRESSED = 0x4 -+ STATX_ATTR_ENCRYPTED = 0x800 -+ STATX_ATTR_IMMUTABLE = 0x10 -+ STATX_ATTR_NODUMP = 0x40 -+ STATX_BASIC_STATS = 0x7ff -+ STATX_BLOCKS = 0x400 -+ STATX_BTIME = 0x800 -+ STATX_CTIME = 0x80 -+ STATX_GID = 0x10 -+ STATX_INO = 0x100 -+ STATX_MODE = 0x2 -+ STATX_MTIME = 0x40 -+ STATX_NLINK = 0x4 -+ STATX_SIZE = 0x200 -+ STATX_TYPE = 0x1 -+ STATX_UID = 0x8 -+ STATX__RESERVED = 0x80000000 -+ SYNC_FILE_RANGE_WAIT_AFTER = 0x4 -+ SYNC_FILE_RANGE_WAIT_BEFORE = 0x1 -+ SYNC_FILE_RANGE_WRITE = 0x2 -+ SYSFS_MAGIC = 0x62656572 -+ S_BLKSIZE = 0x200 -+ S_IEXEC = 0x40 -+ S_IFBLK = 0x6000 -+ S_IFCHR = 0x2000 -+ S_IFDIR = 0x4000 -+ S_IFIFO = 0x1000 -+ S_IFLNK = 0xa000 -+ S_IFMT = 0xf000 -+ S_IFREG = 0x8000 -+ S_IFSOCK = 0xc000 -+ S_IREAD = 0x100 -+ S_IRGRP = 0x20 -+ S_IROTH = 0x4 -+ S_IRUSR = 0x100 -+ S_IRWXG = 0x38 -+ S_IRWXO = 0x7 -+ S_IRWXU = 0x1c0 -+ S_ISGID = 0x400 -+ S_ISUID = 0x800 -+ S_ISVTX = 0x200 -+ S_IWGRP = 0x10 -+ S_IWOTH = 0x2 -+ S_IWRITE = 0x80 -+ S_IWUSR = 0x80 -+ S_IXGRP = 0x8 -+ S_IXOTH = 0x1 -+ S_IXUSR = 0x40 -+ TAB0 = 0x0 -+ TAB1 = 0x800 -+ TAB2 = 0x1000 -+ TAB3 = 0x1800 -+ TABDLY = 0x1800 -+ TASKSTATS_CMD_ATTR_MAX = 0x4 -+ TASKSTATS_CMD_MAX = 0x2 -+ TASKSTATS_GENL_NAME = "TASKSTATS" -+ TASKSTATS_GENL_VERSION = 0x1 -+ TASKSTATS_TYPE_MAX = 0x6 -+ TASKSTATS_VERSION = 0x9 -+ TCFLSH = 0x540b -+ TCGETA = 0x5405 -+ TCGETS = 0x5401 -+ TCGETS2 = 0x802c542a -+ TCGETX = 0x5432 -+ TCIFLUSH = 0x0 -+ TCIOFF = 0x2 -+ TCIOFLUSH = 0x2 -+ TCION = 0x3 -+ TCOFLUSH = 0x1 -+ TCOOFF = 0x0 -+ TCOON = 0x1 -+ TCP_CC_INFO = 0x1a -+ TCP_CM_INQ = 0x24 -+ TCP_CONGESTION = 0xd -+ TCP_COOKIE_IN_ALWAYS = 0x1 -+ TCP_COOKIE_MAX = 0x10 -+ TCP_COOKIE_MIN = 0x8 -+ TCP_COOKIE_OUT_NEVER = 0x2 -+ TCP_COOKIE_PAIR_SIZE = 0x20 -+ TCP_COOKIE_TRANSACTIONS = 0xf -+ TCP_CORK = 0x3 -+ TCP_DEFER_ACCEPT = 0x9 -+ TCP_FASTOPEN = 0x17 -+ TCP_FASTOPEN_CONNECT = 0x1e -+ TCP_FASTOPEN_KEY = 0x21 -+ TCP_FASTOPEN_NO_COOKIE = 0x22 -+ TCP_INFO = 0xb -+ TCP_INQ = 0x24 -+ TCP_KEEPCNT = 0x6 -+ TCP_KEEPIDLE = 0x4 -+ TCP_KEEPINTVL = 0x5 -+ TCP_LINGER2 = 0x8 -+ TCP_MAXSEG = 0x2 -+ TCP_MAXWIN = 0xffff -+ TCP_MAX_WINSHIFT = 0xe -+ TCP_MD5SIG = 0xe -+ TCP_MD5SIG_EXT = 0x20 -+ TCP_MD5SIG_FLAG_PREFIX = 0x1 -+ TCP_MD5SIG_MAXKEYLEN = 0x50 -+ TCP_MSS = 0x200 -+ TCP_MSS_DEFAULT = 0x218 -+ TCP_MSS_DESIRED = 0x4c4 -+ TCP_NODELAY = 0x1 -+ TCP_NOTSENT_LOWAT = 0x19 -+ TCP_QUEUE_SEQ = 0x15 -+ TCP_QUICKACK = 0xc -+ TCP_REPAIR = 0x13 -+ TCP_REPAIR_OFF = 0x0 -+ TCP_REPAIR_OFF_NO_WP = -0x1 -+ TCP_REPAIR_ON = 0x1 -+ TCP_REPAIR_OPTIONS = 0x16 -+ TCP_REPAIR_QUEUE = 0x14 -+ TCP_REPAIR_WINDOW = 0x1d -+ TCP_SAVED_SYN = 0x1c -+ TCP_SAVE_SYN = 0x1b -+ TCP_SYNCNT = 0x7 -+ TCP_S_DATA_IN = 0x4 -+ TCP_S_DATA_OUT = 0x8 -+ TCP_THIN_DUPACK = 0x11 -+ TCP_THIN_LINEAR_TIMEOUTS = 0x10 -+ TCP_TIMESTAMP = 0x18 -+ TCP_ULP = 0x1f -+ TCP_USER_TIMEOUT = 0x12 -+ TCP_WINDOW_CLAMP = 0xa -+ TCP_ZEROCOPY_RECEIVE = 0x23 -+ TCSAFLUSH = 0x2 -+ TCSBRK = 0x5409 -+ TCSBRKP = 0x5425 -+ TCSETA = 0x5406 -+ TCSETAF = 0x5408 -+ TCSETAW = 0x5407 -+ TCSETS = 0x5402 -+ TCSETS2 = 0x402c542b -+ TCSETSF = 0x5404 -+ TCSETSF2 = 0x402c542d -+ TCSETSW = 0x5403 -+ TCSETSW2 = 0x402c542c -+ TCSETX = 0x5433 -+ TCSETXF = 0x5434 -+ TCSETXW = 0x5435 -+ TCXONC = 0x540a -+ TIMER_ABSTIME = 0x1 -+ TIOCCBRK = 0x5428 -+ TIOCCONS = 0x541d -+ TIOCEXCL = 0x540c -+ TIOCGDEV = 0x80045432 -+ TIOCGETD = 0x5424 -+ TIOCGEXCL = 0x80045440 -+ TIOCGICOUNT = 0x545d -+ TIOCGISO7816 = 0x80285442 -+ TIOCGLCKTRMIOS = 0x5456 -+ TIOCGPGRP = 0x540f -+ TIOCGPKT = 0x80045438 -+ TIOCGPTLCK = 0x80045439 -+ TIOCGPTN = 0x80045430 -+ TIOCGPTPEER = 0x5441 -+ TIOCGRS485 = 0x542e -+ TIOCGSERIAL = 0x541e -+ TIOCGSID = 0x5429 -+ TIOCGSOFTCAR = 0x5419 -+ TIOCGWINSZ = 0x5413 -+ TIOCINQ = 0x541b -+ TIOCLINUX = 0x541c -+ TIOCMBIC = 0x5417 -+ TIOCMBIS = 0x5416 -+ TIOCMGET = 0x5415 -+ TIOCMIWAIT = 0x545c -+ TIOCMSET = 0x5418 -+ TIOCM_CAR = 0x40 -+ TIOCM_CD = 0x40 -+ TIOCM_CTS = 0x20 -+ TIOCM_DSR = 0x100 -+ TIOCM_DTR = 0x2 -+ TIOCM_LE = 0x1 -+ TIOCM_RI = 0x80 -+ TIOCM_RNG = 0x80 -+ TIOCM_RTS = 0x4 -+ TIOCM_SR = 0x10 -+ TIOCM_ST = 0x8 -+ TIOCNOTTY = 0x5422 -+ TIOCNXCL = 0x540d -+ TIOCOUTQ = 0x5411 -+ TIOCPKT = 0x5420 -+ TIOCPKT_DATA = 0x0 -+ TIOCPKT_DOSTOP = 0x20 -+ TIOCPKT_FLUSHREAD = 0x1 -+ TIOCPKT_FLUSHWRITE = 0x2 -+ TIOCPKT_IOCTL = 0x40 -+ TIOCPKT_NOSTOP = 0x10 -+ TIOCPKT_START = 0x8 -+ TIOCPKT_STOP = 0x4 -+ TIOCSBRK = 0x5427 -+ TIOCSCTTY = 0x540e -+ TIOCSERCONFIG = 0x5453 -+ TIOCSERGETLSR = 0x5459 -+ TIOCSERGETMULTI = 0x545a -+ TIOCSERGSTRUCT = 0x5458 -+ TIOCSERGWILD = 0x5454 -+ TIOCSERSETMULTI = 0x545b -+ TIOCSERSWILD = 0x5455 -+ TIOCSER_TEMT = 0x1 -+ TIOCSETD = 0x5423 -+ TIOCSIG = 0x40045436 -+ TIOCSISO7816 = 0xc0285443 -+ TIOCSLCKTRMIOS = 0x5457 -+ TIOCSPGRP = 0x5410 -+ TIOCSPTLCK = 0x40045431 -+ TIOCSRS485 = 0x542f -+ TIOCSSERIAL = 0x541f -+ TIOCSSOFTCAR = 0x541a -+ TIOCSTI = 0x5412 -+ TIOCSWINSZ = 0x5414 -+ TIOCVHANGUP = 0x5437 -+ TMPFS_MAGIC = 0x1021994 -+ TOSTOP = 0x100 -+ TPACKET_ALIGNMENT = 0x10 -+ TPACKET_HDRLEN = 0x34 -+ TP_STATUS_AVAILABLE = 0x0 -+ TP_STATUS_BLK_TMO = 0x20 -+ TP_STATUS_COPY = 0x2 -+ TP_STATUS_CSUMNOTREADY = 0x8 -+ TP_STATUS_CSUM_VALID = 0x80 -+ TP_STATUS_KERNEL = 0x0 -+ TP_STATUS_LOSING = 0x4 -+ TP_STATUS_SENDING = 0x2 -+ TP_STATUS_SEND_REQUEST = 0x1 -+ TP_STATUS_TS_RAW_HARDWARE = -0x80000000 -+ TP_STATUS_TS_SOFTWARE = 0x20000000 -+ TP_STATUS_TS_SYS_HARDWARE = 0x40000000 -+ TP_STATUS_USER = 0x1 -+ TP_STATUS_VLAN_TPID_VALID = 0x40 -+ TP_STATUS_VLAN_VALID = 0x10 -+ TP_STATUS_WRONG_FORMAT = 0x4 -+ TRACEFS_MAGIC = 0x74726163 -+ TS_COMM_LEN = 0x20 -+ TUNATTACHFILTER = 0x401054d5 -+ TUNDETACHFILTER = 0x401054d6 -+ TUNGETFEATURES = 0x800454cf -+ TUNGETFILTER = 0x801054db -+ TUNGETIFF = 0x800454d2 -+ TUNGETSNDBUF = 0x800454d3 -+ TUNGETVNETBE = 0x800454df -+ TUNGETVNETHDRSZ = 0x800454d7 -+ TUNGETVNETLE = 0x800454dd -+ TUNSETCARRIER = 0x400454e2 -+ TUNSETDEBUG = 0x400454c9 -+ TUNSETFILTEREBPF = 0x800454e1 -+ TUNSETGROUP = 0x400454ce -+ TUNSETIFF = 0x400454ca -+ TUNSETIFINDEX = 0x400454da -+ TUNSETLINK = 0x400454cd -+ TUNSETNOCSUM = 0x400454c8 -+ TUNSETOFFLOAD = 0x400454d0 -+ TUNSETOWNER = 0x400454cc -+ TUNSETPERSIST = 0x400454cb -+ TUNSETQUEUE = 0x400454d9 -+ TUNSETSNDBUF = 0x400454d4 -+ TUNSETSTEERINGEBPF = 0x800454e0 -+ TUNSETTXFILTER = 0x400454d1 -+ TUNSETVNETBE = 0x400454de -+ TUNSETVNETHDRSZ = 0x400454d8 -+ TUNSETVNETLE = 0x400454dc -+ UBI_IOCATT = 0x40186f40 -+ UBI_IOCDET = 0x40046f41 -+ UBI_IOCEBCH = 0x40044f02 -+ UBI_IOCEBER = 0x40044f01 -+ UBI_IOCEBISMAP = 0x80044f05 -+ UBI_IOCEBMAP = 0x40084f03 -+ UBI_IOCEBUNMAP = 0x40044f04 -+ UBI_IOCMKVOL = 0x40986f00 -+ UBI_IOCRMVOL = 0x40046f01 -+ UBI_IOCRNVOL = 0x51106f03 -+ UBI_IOCRSVOL = 0x400c6f02 -+ UBI_IOCSETVOLPROP = 0x40104f06 -+ UBI_IOCVOLCRBLK = 0x40804f07 -+ UBI_IOCVOLRMBLK = 0x4f08 -+ UBI_IOCVOLUP = 0x40084f00 -+ UDF_SUPER_MAGIC = 0x15013346 -+ UMOUNT_NOFOLLOW = 0x8 -+ USBDEVICE_SUPER_MAGIC = 0x9fa2 -+ UTIME_NOW = 0x3fffffff -+ UTIME_OMIT = 0x3ffffffe -+ V9FS_MAGIC = 0x1021997 -+ VDISCARD = 0xd -+ VEOF = 0x4 -+ VEOL = 0xb -+ VEOL2 = 0x10 -+ VERASE = 0x2 -+ VINTR = 0x0 -+ VKILL = 0x3 -+ VLNEXT = 0xf -+ VMADDR_CID_ANY = 0xffffffff -+ VMADDR_CID_HOST = 0x2 -+ VMADDR_CID_HYPERVISOR = 0x0 -+ VMADDR_CID_RESERVED = 0x1 -+ VMADDR_PORT_ANY = 0xffffffff -+ VMIN = 0x6 -+ VM_SOCKETS_INVALID_VERSION = 0xffffffff -+ VQUIT = 0x1 -+ VREPRINT = 0xc -+ VSTART = 0x8 -+ VSTOP = 0x9 -+ VSUSP = 0xa -+ VSWTC = 0x7 -+ VT0 = 0x0 -+ VT1 = 0x4000 -+ VTDLY = 0x4000 -+ VTIME = 0x5 -+ VWERASE = 0xe -+ WALL = 0x40000000 -+ WCLONE = 0x80000000 -+ WCONTINUED = 0x8 -+ WDIOC_GETBOOTSTATUS = 0x80045702 -+ WDIOC_GETPRETIMEOUT = 0x80045709 -+ WDIOC_GETSTATUS = 0x80045701 -+ WDIOC_GETSUPPORT = 0x80285700 -+ WDIOC_GETTEMP = 0x80045703 -+ WDIOC_GETTIMELEFT = 0x8004570a -+ WDIOC_GETTIMEOUT = 0x80045707 -+ WDIOC_KEEPALIVE = 0x80045705 -+ WDIOC_SETOPTIONS = 0x80045704 -+ WDIOC_SETPRETIMEOUT = 0xc0045708 -+ WDIOC_SETTIMEOUT = 0xc0045706 -+ WEXITED = 0x4 -+ WIN_ACKMEDIACHANGE = 0xdb -+ WIN_CHECKPOWERMODE1 = 0xe5 -+ WIN_CHECKPOWERMODE2 = 0x98 -+ WIN_DEVICE_RESET = 0x8 -+ WIN_DIAGNOSE = 0x90 -+ WIN_DOORLOCK = 0xde -+ WIN_DOORUNLOCK = 0xdf -+ WIN_DOWNLOAD_MICROCODE = 0x92 -+ WIN_FLUSH_CACHE = 0xe7 -+ WIN_FLUSH_CACHE_EXT = 0xea -+ WIN_FORMAT = 0x50 -+ WIN_GETMEDIASTATUS = 0xda -+ WIN_IDENTIFY = 0xec -+ WIN_IDENTIFY_DMA = 0xee -+ WIN_IDLEIMMEDIATE = 0xe1 -+ WIN_INIT = 0x60 -+ WIN_MEDIAEJECT = 0xed -+ WIN_MULTREAD = 0xc4 -+ WIN_MULTREAD_EXT = 0x29 -+ WIN_MULTWRITE = 0xc5 -+ WIN_MULTWRITE_EXT = 0x39 -+ WIN_NOP = 0x0 -+ WIN_PACKETCMD = 0xa0 -+ WIN_PIDENTIFY = 0xa1 -+ WIN_POSTBOOT = 0xdc -+ WIN_PREBOOT = 0xdd -+ WIN_QUEUED_SERVICE = 0xa2 -+ WIN_READ = 0x20 -+ WIN_READDMA = 0xc8 -+ WIN_READDMA_EXT = 0x25 -+ WIN_READDMA_ONCE = 0xc9 -+ WIN_READDMA_QUEUED = 0xc7 -+ WIN_READDMA_QUEUED_EXT = 0x26 -+ WIN_READ_BUFFER = 0xe4 -+ WIN_READ_EXT = 0x24 -+ WIN_READ_LONG = 0x22 -+ WIN_READ_LONG_ONCE = 0x23 -+ WIN_READ_NATIVE_MAX = 0xf8 -+ WIN_READ_NATIVE_MAX_EXT = 0x27 -+ WIN_READ_ONCE = 0x21 -+ WIN_RECAL = 0x10 -+ WIN_RESTORE = 0x10 -+ WIN_SECURITY_DISABLE = 0xf6 -+ WIN_SECURITY_ERASE_PREPARE = 0xf3 -+ WIN_SECURITY_ERASE_UNIT = 0xf4 -+ WIN_SECURITY_FREEZE_LOCK = 0xf5 -+ WIN_SECURITY_SET_PASS = 0xf1 -+ WIN_SECURITY_UNLOCK = 0xf2 -+ WIN_SEEK = 0x70 -+ WIN_SETFEATURES = 0xef -+ WIN_SETIDLE1 = 0xe3 -+ WIN_SETIDLE2 = 0x97 -+ WIN_SETMULT = 0xc6 -+ WIN_SET_MAX = 0xf9 -+ WIN_SET_MAX_EXT = 0x37 -+ WIN_SLEEPNOW1 = 0xe6 -+ WIN_SLEEPNOW2 = 0x99 -+ WIN_SMART = 0xb0 -+ WIN_SPECIFY = 0x91 -+ WIN_SRST = 0x8 -+ WIN_STANDBY = 0xe2 -+ WIN_STANDBY2 = 0x96 -+ WIN_STANDBYNOW1 = 0xe0 -+ WIN_STANDBYNOW2 = 0x94 -+ WIN_VERIFY = 0x40 -+ WIN_VERIFY_EXT = 0x42 -+ WIN_VERIFY_ONCE = 0x41 -+ WIN_WRITE = 0x30 -+ WIN_WRITEDMA = 0xca -+ WIN_WRITEDMA_EXT = 0x35 -+ WIN_WRITEDMA_ONCE = 0xcb -+ WIN_WRITEDMA_QUEUED = 0xcc -+ WIN_WRITEDMA_QUEUED_EXT = 0x36 -+ WIN_WRITE_BUFFER = 0xe8 -+ WIN_WRITE_EXT = 0x34 -+ WIN_WRITE_LONG = 0x32 -+ WIN_WRITE_LONG_ONCE = 0x33 -+ WIN_WRITE_ONCE = 0x31 -+ WIN_WRITE_SAME = 0xe9 -+ WIN_WRITE_VERIFY = 0x3c -+ WNOHANG = 0x1 -+ WNOTHREAD = 0x20000000 -+ WNOWAIT = 0x1000000 -+ WORDSIZE = 0x40 -+ WSTOPPED = 0x2 -+ WUNTRACED = 0x2 -+ XATTR_CREATE = 0x1 -+ XATTR_REPLACE = 0x2 -+ XCASE = 0x4 -+ XDP_COPY = 0x2 -+ XDP_FLAGS_DRV_MODE = 0x4 -+ XDP_FLAGS_HW_MODE = 0x8 -+ XDP_FLAGS_MASK = 0xf -+ XDP_FLAGS_MODES = 0xe -+ XDP_FLAGS_SKB_MODE = 0x2 -+ XDP_FLAGS_UPDATE_IF_NOEXIST = 0x1 -+ XDP_MMAP_OFFSETS = 0x1 -+ XDP_PGOFF_RX_RING = 0x0 -+ XDP_PGOFF_TX_RING = 0x80000000 -+ XDP_RX_RING = 0x2 -+ XDP_SHARED_UMEM = 0x1 -+ XDP_STATISTICS = 0x7 -+ XDP_TX_RING = 0x3 -+ XDP_UMEM_COMPLETION_RING = 0x6 -+ XDP_UMEM_FILL_RING = 0x5 -+ XDP_UMEM_PGOFF_COMPLETION_RING = 0x180000000 -+ XDP_UMEM_PGOFF_FILL_RING = 0x100000000 -+ XDP_UMEM_REG = 0x4 -+ XDP_ZEROCOPY = 0x4 -+ XENFS_SUPER_MAGIC = 0xabba1974 -+ XFS_SUPER_MAGIC = 0x58465342 -+ XTABS = 0x1800 -+ ZSMALLOC_MAGIC = 0x58295829 -+) -+ -+// Errors -+const ( -+ E2BIG = syscall.Errno(0x7) -+ EACCES = syscall.Errno(0xd) -+ EADDRINUSE = syscall.Errno(0x62) -+ EADDRNOTAVAIL = syscall.Errno(0x63) -+ EADV = syscall.Errno(0x44) -+ EAFNOSUPPORT = syscall.Errno(0x61) -+ EAGAIN = syscall.Errno(0xb) -+ EALREADY = syscall.Errno(0x72) -+ EBADE = syscall.Errno(0x34) -+ EBADF = syscall.Errno(0x9) -+ EBADFD = syscall.Errno(0x4d) -+ EBADMSG = syscall.Errno(0x4a) -+ EBADR = syscall.Errno(0x35) -+ EBADRQC = syscall.Errno(0x38) -+ EBADSLT = syscall.Errno(0x39) -+ EBFONT = syscall.Errno(0x3b) -+ EBUSY = syscall.Errno(0x10) -+ ECANCELED = syscall.Errno(0x7d) -+ ECHILD = syscall.Errno(0xa) -+ ECHRNG = syscall.Errno(0x2c) -+ ECOMM = syscall.Errno(0x46) -+ ECONNABORTED = syscall.Errno(0x67) -+ ECONNREFUSED = syscall.Errno(0x6f) -+ ECONNRESET = syscall.Errno(0x68) -+ EDEADLK = syscall.Errno(0x23) -+ EDEADLOCK = syscall.Errno(0x23) -+ EDESTADDRREQ = syscall.Errno(0x59) -+ EDOM = syscall.Errno(0x21) -+ EDOTDOT = syscall.Errno(0x49) -+ EDQUOT = syscall.Errno(0x7a) -+ EEXIST = syscall.Errno(0x11) -+ EFAULT = syscall.Errno(0xe) -+ EFBIG = syscall.Errno(0x1b) -+ EHOSTDOWN = syscall.Errno(0x70) -+ EHOSTUNREACH = syscall.Errno(0x71) -+ EHWPOISON = syscall.Errno(0x85) -+ EIDRM = syscall.Errno(0x2b) -+ EILSEQ = syscall.Errno(0x54) -+ EINPROGRESS = syscall.Errno(0x73) -+ EINTR = syscall.Errno(0x4) -+ EINVAL = syscall.Errno(0x16) -+ EIO = syscall.Errno(0x5) -+ EISCONN = syscall.Errno(0x6a) -+ EISDIR = syscall.Errno(0x15) -+ EISNAM = syscall.Errno(0x78) -+ EKEYEXPIRED = syscall.Errno(0x7f) -+ EKEYREJECTED = syscall.Errno(0x81) -+ EKEYREVOKED = syscall.Errno(0x80) -+ EL2HLT = syscall.Errno(0x33) -+ EL2NSYNC = syscall.Errno(0x2d) -+ EL3HLT = syscall.Errno(0x2e) -+ EL3RST = syscall.Errno(0x2f) -+ ELIBACC = syscall.Errno(0x4f) -+ ELIBBAD = syscall.Errno(0x50) -+ ELIBEXEC = syscall.Errno(0x53) -+ ELIBMAX = syscall.Errno(0x52) -+ ELIBSCN = syscall.Errno(0x51) -+ ELNRNG = syscall.Errno(0x30) -+ ELOOP = syscall.Errno(0x28) -+ EMEDIUMTYPE = syscall.Errno(0x7c) -+ EMFILE = syscall.Errno(0x18) -+ EMLINK = syscall.Errno(0x1f) -+ EMSGSIZE = syscall.Errno(0x5a) -+ EMULTIHOP = syscall.Errno(0x48) -+ ENAMETOOLONG = syscall.Errno(0x24) -+ ENAVAIL = syscall.Errno(0x77) -+ ENETDOWN = syscall.Errno(0x64) -+ ENETRESET = syscall.Errno(0x66) -+ ENETUNREACH = syscall.Errno(0x65) -+ ENFILE = syscall.Errno(0x17) -+ ENOANO = syscall.Errno(0x37) -+ ENOBUFS = syscall.Errno(0x69) -+ ENOCSI = syscall.Errno(0x32) -+ ENODATA = syscall.Errno(0x3d) -+ ENODEV = syscall.Errno(0x13) -+ ENOENT = syscall.Errno(0x2) -+ ENOEXEC = syscall.Errno(0x8) -+ ENOKEY = syscall.Errno(0x7e) -+ ENOLCK = syscall.Errno(0x25) -+ ENOLINK = syscall.Errno(0x43) -+ ENOMEDIUM = syscall.Errno(0x7b) -+ ENOMEM = syscall.Errno(0xc) -+ ENOMSG = syscall.Errno(0x2a) -+ ENONET = syscall.Errno(0x40) -+ ENOPKG = syscall.Errno(0x41) -+ ENOPROTOOPT = syscall.Errno(0x5c) -+ ENOSPC = syscall.Errno(0x1c) -+ ENOSR = syscall.Errno(0x3f) -+ ENOSTR = syscall.Errno(0x3c) -+ ENOSYS = syscall.Errno(0x26) -+ ENOTBLK = syscall.Errno(0xf) -+ ENOTCONN = syscall.Errno(0x6b) -+ ENOTDIR = syscall.Errno(0x14) -+ ENOTEMPTY = syscall.Errno(0x27) -+ ENOTNAM = syscall.Errno(0x76) -+ ENOTRECOVERABLE = syscall.Errno(0x83) -+ ENOTSOCK = syscall.Errno(0x58) -+ ENOTSUP = syscall.Errno(0x5f) -+ ENOTTY = syscall.Errno(0x19) -+ ENOTUNIQ = syscall.Errno(0x4c) -+ ENXIO = syscall.Errno(0x6) -+ EOPNOTSUPP = syscall.Errno(0x5f) -+ EOVERFLOW = syscall.Errno(0x4b) -+ EOWNERDEAD = syscall.Errno(0x82) -+ EPERM = syscall.Errno(0x1) -+ EPFNOSUPPORT = syscall.Errno(0x60) -+ EPIPE = syscall.Errno(0x20) -+ EPROTO = syscall.Errno(0x47) -+ EPROTONOSUPPORT = syscall.Errno(0x5d) -+ EPROTOTYPE = syscall.Errno(0x5b) -+ ERANGE = syscall.Errno(0x22) -+ EREMCHG = syscall.Errno(0x4e) -+ EREMOTE = syscall.Errno(0x42) -+ EREMOTEIO = syscall.Errno(0x79) -+ ERESTART = syscall.Errno(0x55) -+ ERFKILL = syscall.Errno(0x84) -+ EROFS = syscall.Errno(0x1e) -+ ESHUTDOWN = syscall.Errno(0x6c) -+ ESOCKTNOSUPPORT = syscall.Errno(0x5e) -+ ESPIPE = syscall.Errno(0x1d) -+ ESRCH = syscall.Errno(0x3) -+ ESRMNT = syscall.Errno(0x45) -+ ESTALE = syscall.Errno(0x74) -+ ESTRPIPE = syscall.Errno(0x56) -+ ETIME = syscall.Errno(0x3e) -+ ETIMEDOUT = syscall.Errno(0x6e) -+ ETOOMANYREFS = syscall.Errno(0x6d) -+ ETXTBSY = syscall.Errno(0x1a) -+ EUCLEAN = syscall.Errno(0x75) -+ EUNATCH = syscall.Errno(0x31) -+ EUSERS = syscall.Errno(0x57) -+ EWOULDBLOCK = syscall.Errno(0xb) -+ EXDEV = syscall.Errno(0x12) -+ EXFULL = syscall.Errno(0x36) -+) -+ -+// Signals -+const ( -+ SIGABRT = syscall.Signal(0x6) -+ SIGALRM = syscall.Signal(0xe) -+ SIGBUS = syscall.Signal(0x7) -+ SIGCHLD = syscall.Signal(0x11) -+ SIGCLD = syscall.Signal(0x11) -+ SIGCONT = syscall.Signal(0x12) -+ SIGFPE = syscall.Signal(0x8) -+ SIGHUP = syscall.Signal(0x1) -+ SIGILL = syscall.Signal(0x4) -+ SIGINT = syscall.Signal(0x2) -+ SIGIO = syscall.Signal(0x1d) -+ SIGIOT = syscall.Signal(0x6) -+ SIGKILL = syscall.Signal(0x9) -+ SIGPIPE = syscall.Signal(0xd) -+ SIGPOLL = syscall.Signal(0x1d) -+ SIGPROF = syscall.Signal(0x1b) -+ SIGPWR = syscall.Signal(0x1e) -+ SIGQUIT = syscall.Signal(0x3) -+ SIGSEGV = syscall.Signal(0xb) -+ SIGSTKFLT = syscall.Signal(0x10) -+ SIGSTOP = syscall.Signal(0x13) -+ SIGSYS = syscall.Signal(0x1f) -+ SIGTERM = syscall.Signal(0xf) -+ SIGTRAP = syscall.Signal(0x5) -+ SIGTSTP = syscall.Signal(0x14) -+ SIGTTIN = syscall.Signal(0x15) -+ SIGTTOU = syscall.Signal(0x16) -+ SIGURG = syscall.Signal(0x17) -+ SIGUSR1 = syscall.Signal(0xa) -+ SIGUSR2 = syscall.Signal(0xc) -+ SIGVTALRM = syscall.Signal(0x1a) -+ SIGWINCH = syscall.Signal(0x1c) -+ SIGXCPU = syscall.Signal(0x18) -+ SIGXFSZ = syscall.Signal(0x19) -+) -+ -+// Error table -+var errorList = [...]struct { -+ num syscall.Errno -+ name string -+ desc string -+}{ -+ {1, "EPERM", "operation not permitted"}, -+ {2, "ENOENT", "no such file or directory"}, -+ {3, "ESRCH", "no such process"}, -+ {4, "EINTR", "interrupted system call"}, -+ {5, "EIO", "input/output error"}, -+ {6, "ENXIO", "no such device or address"}, -+ {7, "E2BIG", "argument list too long"}, -+ {8, "ENOEXEC", "exec format error"}, -+ {9, "EBADF", "bad file descriptor"}, -+ {10, "ECHILD", "no child processes"}, -+ {11, "EAGAIN", "resource temporarily unavailable"}, -+ {12, "ENOMEM", "cannot allocate memory"}, -+ {13, "EACCES", "permission denied"}, -+ {14, "EFAULT", "bad address"}, -+ {15, "ENOTBLK", "block device required"}, -+ {16, "EBUSY", "device or resource busy"}, -+ {17, "EEXIST", "file exists"}, -+ {18, "EXDEV", "invalid cross-device link"}, -+ {19, "ENODEV", "no such device"}, -+ {20, "ENOTDIR", "not a directory"}, -+ {21, "EISDIR", "is a directory"}, -+ {22, "EINVAL", "invalid argument"}, -+ {23, "ENFILE", "too many open files in system"}, -+ {24, "EMFILE", "too many open files"}, -+ {25, "ENOTTY", "inappropriate ioctl for device"}, -+ {26, "ETXTBSY", "text file busy"}, -+ {27, "EFBIG", "file too large"}, -+ {28, "ENOSPC", "no space left on device"}, -+ {29, "ESPIPE", "illegal seek"}, -+ {30, "EROFS", "read-only file system"}, -+ {31, "EMLINK", "too many links"}, -+ {32, "EPIPE", "broken pipe"}, -+ {33, "EDOM", "numerical argument out of domain"}, -+ {34, "ERANGE", "numerical result out of range"}, -+ {35, "EDEADLK", "resource deadlock avoided"}, -+ {36, "ENAMETOOLONG", "file name too long"}, -+ {37, "ENOLCK", "no locks available"}, -+ {38, "ENOSYS", "function not implemented"}, -+ {39, "ENOTEMPTY", "directory not empty"}, -+ {40, "ELOOP", "too many levels of symbolic links"}, -+ {42, "ENOMSG", "no message of desired type"}, -+ {43, "EIDRM", "identifier removed"}, -+ {44, "ECHRNG", "channel number out of range"}, -+ {45, "EL2NSYNC", "level 2 not synchronized"}, -+ {46, "EL3HLT", "level 3 halted"}, -+ {47, "EL3RST", "level 3 reset"}, -+ {48, "ELNRNG", "link number out of range"}, -+ {49, "EUNATCH", "protocol driver not attached"}, -+ {50, "ENOCSI", "no CSI structure available"}, -+ {51, "EL2HLT", "level 2 halted"}, -+ {52, "EBADE", "invalid exchange"}, -+ {53, "EBADR", "invalid request descriptor"}, -+ {54, "EXFULL", "exchange full"}, -+ {55, "ENOANO", "no anode"}, -+ {56, "EBADRQC", "invalid request code"}, -+ {57, "EBADSLT", "invalid slot"}, -+ {59, "EBFONT", "bad font file format"}, -+ {60, "ENOSTR", "device not a stream"}, -+ {61, "ENODATA", "no data available"}, -+ {62, "ETIME", "timer expired"}, -+ {63, "ENOSR", "out of streams resources"}, -+ {64, "ENONET", "machine is not on the network"}, -+ {65, "ENOPKG", "package not installed"}, -+ {66, "EREMOTE", "object is remote"}, -+ {67, "ENOLINK", "link has been severed"}, -+ {68, "EADV", "advertise error"}, -+ {69, "ESRMNT", "srmount error"}, -+ {70, "ECOMM", "communication error on send"}, -+ {71, "EPROTO", "protocol error"}, -+ {72, "EMULTIHOP", "multihop attempted"}, -+ {73, "EDOTDOT", "RFS specific error"}, -+ {74, "EBADMSG", "bad message"}, -+ {75, "EOVERFLOW", "value too large for defined data type"}, -+ {76, "ENOTUNIQ", "name not unique on network"}, -+ {77, "EBADFD", "file descriptor in bad state"}, -+ {78, "EREMCHG", "remote address changed"}, -+ {79, "ELIBACC", "can not access a needed shared library"}, -+ {80, "ELIBBAD", "accessing a corrupted shared library"}, -+ {81, "ELIBSCN", ".lib section in a.out corrupted"}, -+ {82, "ELIBMAX", "attempting to link in too many shared libraries"}, -+ {83, "ELIBEXEC", "cannot exec a shared library directly"}, -+ {84, "EILSEQ", "invalid or incomplete multibyte or wide character"}, -+ {85, "ERESTART", "interrupted system call should be restarted"}, -+ {86, "ESTRPIPE", "streams pipe error"}, -+ {87, "EUSERS", "too many users"}, -+ {88, "ENOTSOCK", "socket operation on non-socket"}, -+ {89, "EDESTADDRREQ", "destination address required"}, -+ {90, "EMSGSIZE", "message too long"}, -+ {91, "EPROTOTYPE", "protocol wrong type for socket"}, -+ {92, "ENOPROTOOPT", "protocol not available"}, -+ {93, "EPROTONOSUPPORT", "protocol not supported"}, -+ {94, "ESOCKTNOSUPPORT", "socket type not supported"}, -+ {95, "ENOTSUP", "operation not supported"}, -+ {96, "EPFNOSUPPORT", "protocol family not supported"}, -+ {97, "EAFNOSUPPORT", "address family not supported by protocol"}, -+ {98, "EADDRINUSE", "address already in use"}, -+ {99, "EADDRNOTAVAIL", "cannot assign requested address"}, -+ {100, "ENETDOWN", "network is down"}, -+ {101, "ENETUNREACH", "network is unreachable"}, -+ {102, "ENETRESET", "network dropped connection on reset"}, -+ {103, "ECONNABORTED", "software caused connection abort"}, -+ {104, "ECONNRESET", "connection reset by peer"}, -+ {105, "ENOBUFS", "no buffer space available"}, -+ {106, "EISCONN", "transport endpoint is already connected"}, -+ {107, "ENOTCONN", "transport endpoint is not connected"}, -+ {108, "ESHUTDOWN", "cannot send after transport endpoint shutdown"}, -+ {109, "ETOOMANYREFS", "too many references: cannot splice"}, -+ {110, "ETIMEDOUT", "connection timed out"}, -+ {111, "ECONNREFUSED", "connection refused"}, -+ {112, "EHOSTDOWN", "host is down"}, -+ {113, "EHOSTUNREACH", "no route to host"}, -+ {114, "EALREADY", "operation already in progress"}, -+ {115, "EINPROGRESS", "operation now in progress"}, -+ {116, "ESTALE", "stale file handle"}, -+ {117, "EUCLEAN", "structure needs cleaning"}, -+ {118, "ENOTNAM", "not a XENIX named type file"}, -+ {119, "ENAVAIL", "no XENIX semaphores available"}, -+ {120, "EISNAM", "is a named type file"}, -+ {121, "EREMOTEIO", "remote I/O error"}, -+ {122, "EDQUOT", "disk quota exceeded"}, -+ {123, "ENOMEDIUM", "no medium found"}, -+ {124, "EMEDIUMTYPE", "wrong medium type"}, -+ {125, "ECANCELED", "operation canceled"}, -+ {126, "ENOKEY", "required key not available"}, -+ {127, "EKEYEXPIRED", "key has expired"}, -+ {128, "EKEYREVOKED", "key has been revoked"}, -+ {129, "EKEYREJECTED", "key was rejected by service"}, -+ {130, "EOWNERDEAD", "owner died"}, -+ {131, "ENOTRECOVERABLE", "state not recoverable"}, -+ {132, "ERFKILL", "operation not possible due to RF-kill"}, -+ {133, "EHWPOISON", "memory page has hardware error"}, -+} -+ -+// Signal table -+var signalList = [...]struct { -+ num syscall.Signal -+ name string -+ desc string -+}{ -+ {1, "SIGHUP", "hangup"}, -+ {2, "SIGINT", "interrupt"}, -+ {3, "SIGQUIT", "quit"}, -+ {4, "SIGILL", "illegal instruction"}, -+ {5, "SIGTRAP", "trace/breakpoint trap"}, -+ {6, "SIGABRT", "aborted"}, -+ {7, "SIGBUS", "bus error"}, -+ {8, "SIGFPE", "floating point exception"}, -+ {9, "SIGKILL", "killed"}, -+ {10, "SIGUSR1", "user defined signal 1"}, -+ {11, "SIGSEGV", "segmentation fault"}, -+ {12, "SIGUSR2", "user defined signal 2"}, -+ {13, "SIGPIPE", "broken pipe"}, -+ {14, "SIGALRM", "alarm clock"}, -+ {15, "SIGTERM", "terminated"}, -+ {16, "SIGSTKFLT", "stack fault"}, -+ {17, "SIGCHLD", "child exited"}, -+ {18, "SIGCONT", "continued"}, -+ {19, "SIGSTOP", "stopped (signal)"}, -+ {20, "SIGTSTP", "stopped"}, -+ {21, "SIGTTIN", "stopped (tty input)"}, -+ {22, "SIGTTOU", "stopped (tty output)"}, -+ {23, "SIGURG", "urgent I/O condition"}, -+ {24, "SIGXCPU", "CPU time limit exceeded"}, -+ {25, "SIGXFSZ", "file size limit exceeded"}, -+ {26, "SIGVTALRM", "virtual timer expired"}, -+ {27, "SIGPROF", "profiling timer expired"}, -+ {28, "SIGWINCH", "window changed"}, -+ {29, "SIGIO", "I/O possible"}, -+ {30, "SIGPWR", "power failure"}, -+ {31, "SIGSYS", "bad system call"}, -+} -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go -new file mode 100644 -index 0000000..03143b2 ---- /dev/null -+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go -@@ -0,0 +1,2217 @@ -+// go run mksyscall.go -tags linux,riscv64 syscall_linux.go syscall_linux_riscv64.go -+// Code generated by the command above; see README.md. DO NOT EDIT. -+ -+// +build linux,riscv64 -+ -+package unix -+ -+import ( -+ "syscall" -+ "unsafe" -+) -+ -+var _ syscall.Errno -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func FanotifyInit(flags uint, event_f_flags uint) (fd int, err error) { -+ r0, _, e1 := Syscall(SYS_FANOTIFY_INIT, uintptr(flags), uintptr(event_f_flags), 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) { -+ _, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func fchmodat(dirfd int, path string, mode uint32) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func ioctl(fd int, req uint, arg uintptr) (err error) { -+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(oldpath) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(newpath) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { -+ r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 unsafe.Pointer -+ if len(buf) > 0 { -+ _p1 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p1 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(oldpath) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(newpath) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Unlinkat(dirfd int, path string, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getcwd(buf []byte) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(buf) > 0 { -+ _p0 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) { -+ r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) -+ wpid = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) { -+ r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0) -+ ret = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) { -+ var _p0 unsafe.Pointer -+ if len(buf) > 0 { -+ _p0 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0) -+ ret = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func keyctlJoin(cmd int, arg2 string) (ret int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(arg2) -+ if err != nil { -+ return -+ } -+ r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0) -+ ret = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(arg3) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(arg4) -+ if err != nil { -+ return -+ } -+ r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0) -+ ret = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) { -+ var _p0 unsafe.Pointer -+ if len(payload) > 0 { -+ _p0 = unsafe.Pointer(&payload[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) { -+ var _p0 unsafe.Pointer -+ if len(buf) > 0 { -+ _p0 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0) -+ ret = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) { -+ _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(arg) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(source) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(target) -+ if err != nil { -+ return -+ } -+ var _p2 *byte -+ _p2, err = BytePtrFromString(fstype) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Acct(path string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(keyType) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(description) -+ if err != nil { -+ return -+ } -+ var _p2 unsafe.Pointer -+ if len(payload) > 0 { -+ _p2 = unsafe.Pointer(&payload[0]) -+ } else { -+ _p2 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0) -+ id = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Adjtimex(buf *Timex) (state int, err error) { -+ r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0) -+ state = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Chdir(path string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Chroot(path string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func ClockGetres(clockid int32, res *Timespec) (err error) { -+ _, _, e1 := Syscall(SYS_CLOCK_GETRES, uintptr(clockid), uintptr(unsafe.Pointer(res)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func ClockGettime(clockid int32, time *Timespec) (err error) { -+ _, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error) { -+ _, _, e1 := Syscall6(SYS_CLOCK_NANOSLEEP, uintptr(clockid), uintptr(flags), uintptr(unsafe.Pointer(request)), uintptr(unsafe.Pointer(remain)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Close(fd int) (err error) { -+ _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) { -+ r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func DeleteModule(name string, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(name) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_DELETE_MODULE, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Dup(oldfd int) (fd int, err error) { -+ r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Dup3(oldfd int, newfd int, flags int) (err error) { -+ _, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func EpollCreate1(flag int) (fd int, err error) { -+ r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) { -+ _, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Eventfd(initval uint, flags int) (fd int, err error) { -+ r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Exit(code int) { -+ Syscall(SYS_EXIT_GROUP, uintptr(code), 0, 0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) { -+ _, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fchdir(fd int) (err error) { -+ _, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fchmod(fd int, mode uint32) (err error) { -+ _, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func fcntl(fd int, cmd int, arg int) (val int, err error) { -+ r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ val = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fdatasync(fd int) (err error) { -+ _, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ var _p1 unsafe.Pointer -+ if len(dest) > 0 { -+ _p1 = unsafe.Pointer(&dest[0]) -+ } else { -+ _p1 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_FGETXATTR, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)), 0, 0) -+ sz = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func FinitModule(fd int, params string, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(params) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_FINIT_MODULE, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Flistxattr(fd int, dest []byte) (sz int, err error) { -+ var _p0 unsafe.Pointer -+ if len(dest) > 0 { -+ _p0 = unsafe.Pointer(&dest[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_FLISTXATTR, uintptr(fd), uintptr(_p0), uintptr(len(dest))) -+ sz = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Flock(fd int, how int) (err error) { -+ _, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fremovexattr(fd int, attr string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_FREMOVEXATTR, uintptr(fd), uintptr(unsafe.Pointer(_p0)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fsetxattr(fd int, attr string, dest []byte, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ var _p1 unsafe.Pointer -+ if len(dest) > 0 { -+ _p1 = unsafe.Pointer(&dest[0]) -+ } else { -+ _p1 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall6(SYS_FSETXATTR, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fsync(fd int) (err error) { -+ _, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getdents(fd int, buf []byte) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(buf) > 0 { -+ _p0 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf))) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getpgid(pid int) (pgid int, err error) { -+ r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0) -+ pgid = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getpid() (pid int) { -+ r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0) -+ pid = int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getppid() (ppid int) { -+ r0,_,_:=RawSyscall(SYS_GETPPID, 0, 0, 0) -+ ppid=int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getpriority(which int, who int) (prio int, err error) { -+ r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0) -+ prio = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getrandom(buf []byte, flags int) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(buf) > 0 { -+ _p0 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getrusage(who int, rusage *Rusage) (err error) { -+ _, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getsid(pid int) (sid int, err error) { -+ r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0) -+ sid = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Gettid() (tid int) { -+ r0, _, _ := RawSyscall(SYS_GETTID, 0, 0, 0) -+ tid = int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getxattr(path string, attr string, dest []byte) (sz int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ var _p2 unsafe.Pointer -+ if len(dest) > 0 { -+ _p2 = unsafe.Pointer(&dest[0]) -+ } else { -+ _p2 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0) -+ sz = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func InitModule(moduleImage []byte, params string) (err error) { -+ var _p0 unsafe.Pointer -+ if len(moduleImage) > 0 { -+ _p0 = unsafe.Pointer(&moduleImage[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(params) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_INIT_MODULE, uintptr(_p0), uintptr(len(moduleImage)), uintptr(unsafe.Pointer(_p1))) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(pathname) -+ if err != nil { -+ return -+ } -+ r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask)) -+ watchdesc = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func InotifyInit1(flags int) (fd int, err error) { -+ r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) { -+ r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0) -+ success = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Kill(pid int, sig syscall.Signal) (err error) { -+ _, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Klogctl(typ int, buf []byte) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(buf) > 0 { -+ _p0 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf))) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ var _p2 unsafe.Pointer -+ if len(dest) > 0 { -+ _p2 = unsafe.Pointer(&dest[0]) -+ } else { -+ _p2 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0) -+ sz = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Listxattr(path string, dest []byte) (sz int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 unsafe.Pointer -+ if len(dest) > 0 { -+ _p1 = unsafe.Pointer(&dest[0]) -+ } else { -+ _p1 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest))) -+ sz = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Llistxattr(path string, dest []byte) (sz int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 unsafe.Pointer -+ if len(dest) > 0 { -+ _p1 = unsafe.Pointer(&dest[0]) -+ } else { -+ _p1 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest))) -+ sz = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Lremovexattr(path string, attr string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Lsetxattr(path string, attr string, data []byte, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ var _p2 unsafe.Pointer -+ if len(data) > 0 { -+ _p2 = unsafe.Pointer(&data[0]) -+ } else { -+ _p2 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func MemfdCreate(name string, flags int) (fd int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(name) -+ if err != nil { -+ return -+ } -+ r0, _, e1 := Syscall(SYS_MEMFD_CREATE, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Mkdirat(dirfd int, path string, mode uint32) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Nanosleep(time *Timespec, leftover *Timespec) (err error) { -+ _, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) { -+ r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func PivotRoot(newroot string, putold string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(newroot) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(putold) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) { -+ _, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) { -+ _, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { -+ r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask))) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func read(fd int, p []byte) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(p) > 0 { -+ _p0 = unsafe.Pointer(&p[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p))) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Removexattr(path string, attr string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(oldpath) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(newpath) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_RENAMEAT2, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(keyType) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(description) -+ if err != nil { -+ return -+ } -+ var _p2 *byte -+ _p2, err = BytePtrFromString(callback) -+ if err != nil { -+ return -+ } -+ r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0) -+ id = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setdomainname(p []byte) (err error) { -+ var _p0 unsafe.Pointer -+ if len(p) > 0 { -+ _p0 = unsafe.Pointer(&p[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Sethostname(p []byte) (err error) { -+ var _p0 unsafe.Pointer -+ if len(p) > 0 { -+ _p0 = unsafe.Pointer(&p[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setpgid(pid int, pgid int) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setsid() (pid int, err error) { -+ r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) -+ pid = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Settimeofday(tv *Timeval) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setns(fd int, nstype int) (err error) { -+ _, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setpriority(which int, who int, prio int) (err error) { -+ _, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setxattr(path string, attr string, data []byte, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ var _p2 unsafe.Pointer -+ if len(data) > 0 { -+ _p2 = unsafe.Pointer(&data[0]) -+ } else { -+ _p2 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Syncfs(fd int) (err error) { -+ _, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Sync() { -+ Syscall(SYS_SYNC, 0, 0, 0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Sysinfo(info *Sysinfo_t) (err error) { -+ _, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) { -+ r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0) -+ n = int64(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) { -+ _, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Times(tms *Tms) (ticks uintptr, err error) { -+ r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0) -+ ticks = uintptr(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Umask(mask int) (oldmask int) { -+ r0, _, _ := RawSyscall(SYS_UMASK, uintptr(mask), 0, 0) -+ oldmask = int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Uname(buf *Utsname) (err error) { -+ _, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Unmount(target string, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(target) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Unshare(flags int) (err error) { -+ _, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func write(fd int, p []byte) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(p) > 0 { -+ _p0 = unsafe.Pointer(&p[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p))) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func exitThread(code int) (err error) { -+ _, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func readlen(fd int, p *byte, np int) (n int, err error) { -+ r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func writelen(fd int, p *byte, np int) (n int, err error) { -+ r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func munmap(addr uintptr, length uintptr) (err error) { -+ _, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Madvise(b []byte, advice int) (err error) { -+ var _p0 unsafe.Pointer -+ if len(b) > 0 { -+ _p0 = unsafe.Pointer(&b[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Mprotect(b []byte, prot int) (err error) { -+ var _p0 unsafe.Pointer -+ if len(b) > 0 { -+ _p0 = unsafe.Pointer(&b[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Mlock(b []byte) (err error) { -+ var _p0 unsafe.Pointer -+ if len(b) > 0 { -+ _p0 = unsafe.Pointer(&b[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Mlockall(flags int) (err error) { -+ _, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Msync(b []byte, flags int) (err error) { -+ var _p0 unsafe.Pointer -+ if len(b) > 0 { -+ _p0 = unsafe.Pointer(&b[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Munlock(b []byte) (err error) { -+ var _p0 unsafe.Pointer -+ if len(b) > 0 { -+ _p0 = unsafe.Pointer(&b[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Munlockall() (err error) { -+ _, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func faccessat(dirfd int, path string, mode uint32) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(events) > 0 { -+ _p0 = unsafe.Pointer(&events[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_EPOLL_PWAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fadvise(fd int, offset int64, length int64, advice int) (err error) { -+ _, _, e1 := Syscall6(SYS_FADVISE64, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fchown(fd int, uid int, gid int) (err error) { -+ _, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fstat(fd int, stat *Stat_t) (err error) { -+ _, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fstatfs(fd int, buf *Statfs_t) (err error) { -+ _, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Ftruncate(fd int, length int64) (err error) { -+ _, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getegid() (egid int) { -+ r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0) -+ egid = int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Geteuid() (euid int) { -+ r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0) -+ euid = int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getgid() (gid int) { -+ r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0) -+ gid = int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getrlimit(resource int, rlim *Rlimit) (err error) { -+ _, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getuid() (uid int) { -+ r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0) -+ uid = int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Listen(s int, n int) (err error) { -+ _, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Pread(fd int, p []byte, offset int64) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(p) > 0 { -+ _p0 = unsafe.Pointer(&p[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Pwrite(fd int, p []byte, offset int64) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(p) > 0 { -+ _p0 = unsafe.Pointer(&p[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Seek(fd int, offset int64, whence int) (off int64, err error) { -+ r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence)) -+ off = int64(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { -+ r0, _, e1 := Syscall6(SYS_SENDFILE, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0) -+ written = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setfsgid(gid int) (err error) { -+ _, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setfsuid(uid int) (err error) { -+ _, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setregid(rgid int, egid int) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setresgid(rgid int, egid int, sgid int) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setresuid(ruid int, euid int, suid int) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setrlimit(resource int, rlim *Rlimit) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setreuid(ruid int, euid int) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Shutdown(fd int, how int) (err error) { -+ _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) { -+ r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags)) -+ n = int64(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Statfs(path string, buf *Statfs_t) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func SyncFileRange(fd int, off int64, n int64, flags int) (err error) { -+ _, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE, uintptr(fd), uintptr(off), uintptr(n), uintptr(flags), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Truncate(path string, length int64) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { -+ r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { -+ r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { -+ _, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { -+ _, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func getgroups(n int, list *_Gid_t) (nn int, err error) { -+ r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0) -+ nn = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func setgroups(n int, list *_Gid_t) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) { -+ _, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) { -+ _, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func socket(domain int, typ int, proto int) (fd int, err error) { -+ r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto)) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) { -+ _, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { -+ _, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { -+ _, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(p) > 0 { -+ _p0 = unsafe.Pointer(&p[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) { -+ var _p0 unsafe.Pointer -+ if len(buf) > 0 { -+ _p0 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { -+ r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { -+ r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) { -+ r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset)) -+ xaddr = uintptr(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Gettimeofday(tv *Timeval) (err error) { -+ _, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func pipe2(p *[2]_C_int, flags int) (err error) { -+ _, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(cmdline) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go -new file mode 100644 -index 0000000..38868fe ---- /dev/null -+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go -@@ -0,0 +1,289 @@ -+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h -+// Code generated by the command above; see README.md. DO NOT EDIT. -+ -+// +build riscv64,linux -+ -+package unix -+ -+const ( -+ SYS_IO_SETUP = 0 -+ SYS_IO_DESTROY = 1 -+ SYS_IO_SUBMIT = 2 -+ SYS_IO_CANCEL = 3 -+ SYS_IO_GETEVENTS = 4 -+ SYS_SETXATTR = 5 -+ SYS_LSETXATTR = 6 -+ SYS_FSETXATTR = 7 -+ SYS_GETXATTR = 8 -+ SYS_LGETXATTR = 9 -+ SYS_FGETXATTR = 10 -+ SYS_LISTXATTR = 11 -+ SYS_LLISTXATTR = 12 -+ SYS_FLISTXATTR = 13 -+ SYS_REMOVEXATTR = 14 -+ SYS_LREMOVEXATTR = 15 -+ SYS_FREMOVEXATTR = 16 -+ SYS_GETCWD = 17 -+ SYS_LOOKUP_DCOOKIE = 18 -+ SYS_EVENTFD2 = 19 -+ SYS_EPOLL_CREATE1 = 20 -+ SYS_EPOLL_CTL = 21 -+ SYS_EPOLL_PWAIT = 22 -+ SYS_DUP = 23 -+ SYS_DUP3 = 24 -+ SYS_FCNTL = 25 -+ SYS_INOTIFY_INIT1 = 26 -+ SYS_INOTIFY_ADD_WATCH = 27 -+ SYS_INOTIFY_RM_WATCH = 28 -+ SYS_IOCTL = 29 -+ SYS_IOPRIO_SET = 30 -+ SYS_IOPRIO_GET = 31 -+ SYS_FLOCK = 32 -+ SYS_MKNODAT = 33 -+ SYS_MKDIRAT = 34 -+ SYS_UNLINKAT = 35 -+ SYS_SYMLINKAT = 36 -+ SYS_LINKAT = 37 -+ SYS_UMOUNT2 = 39 -+ SYS_MOUNT = 40 -+ SYS_PIVOT_ROOT = 41 -+ SYS_NFSSERVCTL = 42 -+ SYS_STATFS = 43 -+ SYS_FSTATFS = 44 -+ SYS_TRUNCATE = 45 -+ SYS_FTRUNCATE = 46 -+ SYS_FALLOCATE = 47 -+ SYS_FACCESSAT = 48 -+ SYS_CHDIR = 49 -+ SYS_FCHDIR = 50 -+ SYS_CHROOT = 51 -+ SYS_FCHMOD = 52 -+ SYS_FCHMODAT = 53 -+ SYS_FCHOWNAT = 54 -+ SYS_FCHOWN = 55 -+ SYS_OPENAT = 56 -+ SYS_CLOSE = 57 -+ SYS_VHANGUP = 58 -+ SYS_PIPE2 = 59 -+ SYS_QUOTACTL = 60 -+ SYS_GETDENTS64 = 61 -+ SYS_LSEEK = 62 -+ SYS_READ = 63 -+ SYS_WRITE = 64 -+ SYS_READV = 65 -+ SYS_WRITEV = 66 -+ SYS_PREAD64 = 67 -+ SYS_PWRITE64 = 68 -+ SYS_PREADV = 69 -+ SYS_PWRITEV = 70 -+ SYS_SENDFILE = 71 -+ SYS_PSELECT6 = 72 -+ SYS_PPOLL = 73 -+ SYS_SIGNALFD4 = 74 -+ SYS_VMSPLICE = 75 -+ SYS_SPLICE = 76 -+ SYS_TEE = 77 -+ SYS_READLINKAT = 78 -+ SYS_FSTATAT = 79 -+ SYS_FSTAT = 80 -+ SYS_SYNC = 81 -+ SYS_FSYNC = 82 -+ SYS_FDATASYNC = 83 -+ SYS_SYNC_FILE_RANGE = 84 -+ SYS_TIMERFD_CREATE = 85 -+ SYS_TIMERFD_SETTIME = 86 -+ SYS_TIMERFD_GETTIME = 87 -+ SYS_UTIMENSAT = 88 -+ SYS_ACCT = 89 -+ SYS_CAPGET = 90 -+ SYS_CAPSET = 91 -+ SYS_PERSONALITY = 92 -+ SYS_EXIT = 93 -+ SYS_EXIT_GROUP = 94 -+ SYS_WAITID = 95 -+ SYS_SET_TID_ADDRESS = 96 -+ SYS_UNSHARE = 97 -+ SYS_FUTEX = 98 -+ SYS_SET_ROBUST_LIST = 99 -+ SYS_GET_ROBUST_LIST = 100 -+ SYS_NANOSLEEP = 101 -+ SYS_GETITIMER = 102 -+ SYS_SETITIMER = 103 -+ SYS_KEXEC_LOAD = 104 -+ SYS_INIT_MODULE = 105 -+ SYS_DELETE_MODULE = 106 -+ SYS_TIMER_CREATE = 107 -+ SYS_TIMER_GETTIME = 108 -+ SYS_TIMER_GETOVERRUN = 109 -+ SYS_TIMER_SETTIME = 110 -+ SYS_TIMER_DELETE = 111 -+ SYS_CLOCK_SETTIME = 112 -+ SYS_CLOCK_GETTIME = 113 -+ SYS_CLOCK_GETRES = 114 -+ SYS_CLOCK_NANOSLEEP = 115 -+ SYS_SYSLOG = 116 -+ SYS_PTRACE = 117 -+ SYS_SCHED_SETPARAM = 118 -+ SYS_SCHED_SETSCHEDULER = 119 -+ SYS_SCHED_GETSCHEDULER = 120 -+ SYS_SCHED_GETPARAM = 121 -+ SYS_SCHED_SETAFFINITY = 122 -+ SYS_SCHED_GETAFFINITY = 123 -+ SYS_SCHED_YIELD = 124 -+ SYS_SCHED_GET_PRIORITY_MAX = 125 -+ SYS_SCHED_GET_PRIORITY_MIN = 126 -+ SYS_SCHED_RR_GET_INTERVAL = 127 -+ SYS_RESTART_SYSCALL = 128 -+ SYS_KILL = 129 -+ SYS_TKILL = 130 -+ SYS_TGKILL = 131 -+ SYS_SIGALTSTACK = 132 -+ SYS_RT_SIGSUSPEND = 133 -+ SYS_RT_SIGACTION = 134 -+ SYS_RT_SIGPROCMASK = 135 -+ SYS_RT_SIGPENDING = 136 -+ SYS_RT_SIGTIMEDWAIT = 137 -+ SYS_RT_SIGQUEUEINFO = 138 -+ SYS_RT_SIGRETURN = 139 -+ SYS_SETPRIORITY = 140 -+ SYS_GETPRIORITY = 141 -+ SYS_REBOOT = 142 -+ SYS_SETREGID = 143 -+ SYS_SETGID = 144 -+ SYS_SETREUID = 145 -+ SYS_SETUID = 146 -+ SYS_SETRESUID = 147 -+ SYS_GETRESUID = 148 -+ SYS_SETRESGID = 149 -+ SYS_GETRESGID = 150 -+ SYS_SETFSUID = 151 -+ SYS_SETFSGID = 152 -+ SYS_TIMES = 153 -+ SYS_SETPGID = 154 -+ SYS_GETPGID = 155 -+ SYS_GETSID = 156 -+ SYS_SETSID = 157 -+ SYS_GETGROUPS = 158 -+ SYS_SETGROUPS = 159 -+ SYS_UNAME = 160 -+ SYS_SETHOSTNAME = 161 -+ SYS_SETDOMAINNAME = 162 -+ SYS_GETRLIMIT = 163 -+ SYS_SETRLIMIT = 164 -+ SYS_GETRUSAGE = 165 -+ SYS_UMASK = 166 -+ SYS_PRCTL = 167 -+ SYS_GETCPU = 168 -+ SYS_GETTIMEOFDAY = 169 -+ SYS_SETTIMEOFDAY = 170 -+ SYS_ADJTIMEX = 171 -+ SYS_GETPID = 172 -+ SYS_GETPPID = 173 -+ SYS_GETUID = 174 -+ SYS_GETEUID = 175 -+ SYS_GETGID = 176 -+ SYS_GETEGID = 177 -+ SYS_GETTID = 178 -+ SYS_SYSINFO = 179 -+ SYS_MQ_OPEN = 180 -+ SYS_MQ_UNLINK = 181 -+ SYS_MQ_TIMEDSEND = 182 -+ SYS_MQ_TIMEDRECEIVE = 183 -+ SYS_MQ_NOTIFY = 184 -+ SYS_MQ_GETSETATTR = 185 -+ SYS_MSGGET = 186 -+ SYS_MSGCTL = 187 -+ SYS_MSGRCV = 188 -+ SYS_MSGSND = 189 -+ SYS_SEMGET = 190 -+ SYS_SEMCTL = 191 -+ SYS_SEMTIMEDOP = 192 -+ SYS_SEMOP = 193 -+ SYS_SHMGET = 194 -+ SYS_SHMCTL = 195 -+ SYS_SHMAT = 196 -+ SYS_SHMDT = 197 -+ SYS_SOCKET = 198 -+ SYS_SOCKETPAIR = 199 -+ SYS_BIND = 200 -+ SYS_LISTEN = 201 -+ SYS_ACCEPT = 202 -+ SYS_CONNECT = 203 -+ SYS_GETSOCKNAME = 204 -+ SYS_GETPEERNAME = 205 -+ SYS_SENDTO = 206 -+ SYS_RECVFROM = 207 -+ SYS_SETSOCKOPT = 208 -+ SYS_GETSOCKOPT = 209 -+ SYS_SHUTDOWN = 210 -+ SYS_SENDMSG = 211 -+ SYS_RECVMSG = 212 -+ SYS_READAHEAD = 213 -+ SYS_BRK = 214 -+ SYS_MUNMAP = 215 -+ SYS_MREMAP = 216 -+ SYS_ADD_KEY = 217 -+ SYS_REQUEST_KEY = 218 -+ SYS_KEYCTL = 219 -+ SYS_CLONE = 220 -+ SYS_EXECVE = 221 -+ SYS_MMAP = 222 -+ SYS_FADVISE64 = 223 -+ SYS_SWAPON = 224 -+ SYS_SWAPOFF = 225 -+ SYS_MPROTECT = 226 -+ SYS_MSYNC = 227 -+ SYS_MLOCK = 228 -+ SYS_MUNLOCK = 229 -+ SYS_MLOCKALL = 230 -+ SYS_MUNLOCKALL = 231 -+ SYS_MINCORE = 232 -+ SYS_MADVISE = 233 -+ SYS_REMAP_FILE_PAGES = 234 -+ SYS_MBIND = 235 -+ SYS_GET_MEMPOLICY = 236 -+ SYS_SET_MEMPOLICY = 237 -+ SYS_MIGRATE_PAGES = 238 -+ SYS_MOVE_PAGES = 239 -+ SYS_RT_TGSIGQUEUEINFO = 240 -+ SYS_PERF_EVENT_OPEN = 241 -+ SYS_ACCEPT4 = 242 -+ SYS_RECVMMSG = 243 -+ SYS_ARCH_SPECIFIC_SYSCALL = 244 -+ SYS_WAIT4 = 260 -+ SYS_PRLIMIT64 = 261 -+ SYS_FANOTIFY_INIT = 262 -+ SYS_FANOTIFY_MARK = 263 -+ SYS_NAME_TO_HANDLE_AT = 264 -+ SYS_OPEN_BY_HANDLE_AT = 265 -+ SYS_CLOCK_ADJTIME = 266 -+ SYS_SYNCFS = 267 -+ SYS_SETNS = 268 -+ SYS_SENDMMSG = 269 -+ SYS_PROCESS_VM_READV = 270 -+ SYS_PROCESS_VM_WRITEV = 271 -+ SYS_KCMP = 272 -+ SYS_FINIT_MODULE = 273 -+ SYS_SCHED_SETATTR = 274 -+ SYS_SCHED_GETATTR = 275 -+ SYS_RENAMEAT2 = 276 -+ SYS_SECCOMP = 277 -+ SYS_GETRANDOM = 278 -+ SYS_MEMFD_CREATE = 279 -+ SYS_BPF = 280 -+ SYS_EXECVEAT = 281 -+ SYS_USERFAULTFD = 282 -+ SYS_MEMBARRIER = 283 -+ SYS_MLOCK2 = 284 -+ SYS_COPY_FILE_RANGE = 285 -+ SYS_PREADV2 = 286 -+ SYS_PWRITEV2 = 287 -+ SYS_PKEY_MPROTECT = 288 -+ SYS_PKEY_ALLOC = 289 -+ SYS_PKEY_FREE = 290 -+ SYS_STATX = 291 -+ SYS_IO_PGETEVENTS = 292 -+ SYS_RSEQ = 293 -+ SYS_KEXEC_FILE_LOAD = 294 -+ SYS_FUTIMESAT = 295 -+) -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go -new file mode 100644 -index 0000000..c37e476 ---- /dev/null -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go -@@ -0,0 +1,2334 @@ -+// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go -+// Code generated by the command above; see README.md. DO NOT EDIT. -+ -+// +build riscv64,linux -+ -+package unix -+ -+const ( -+ sizeofPtr = 0x8 -+ sizeofShort = 0x2 -+ sizeofInt = 0x4 -+ sizeofLong = 0x8 -+ sizeofLongLong = 0x8 -+ PathMax = 0x1000 -+) -+ -+type ( -+ _C_short int16 -+ _C_int int32 -+ _C_long int64 -+ _C_long_long int64 -+) -+ -+type Timespec struct { -+ Sec int64 -+ Nsec int64 -+} -+ -+type Timeval struct { -+ Sec int64 -+ Usec int64 -+} -+ -+type Timex struct { -+ Modes uint32 -+ Offset int64 -+ Freq int64 -+ Maxerror int64 -+ Esterror int64 -+ Status int32 -+ Constant int64 -+ Precision int64 -+ Tolerance int64 -+ Time Timeval -+ Tick int64 -+ Ppsfreq int64 -+ Jitter int64 -+ Shift int32 -+ Stabil int64 -+ Jitcnt int64 -+ Calcnt int64 -+ Errcnt int64 -+ Stbcnt int64 -+ Tai int32 -+ _ [44]byte -+} -+ -+type Time_t int64 -+ -+type Tms struct { -+ Utime int64 -+ Stime int64 -+ Cutime int64 -+ Cstime int64 -+} -+ -+type Utimbuf struct { -+ Actime int64 -+ Modtime int64 -+} -+ -+type Rusage struct { -+ Utime Timeval -+ Stime Timeval -+ Maxrss int64 -+ Ixrss int64 -+ Idrss int64 -+ Isrss int64 -+ Minflt int64 -+ Majflt int64 -+ Nswap int64 -+ Inblock int64 -+ Oublock int64 -+ Msgsnd int64 -+ Msgrcv int64 -+ Nsignals int64 -+ Nvcsw int64 -+ Nivcsw int64 -+} -+ -+type Rlimit struct { -+ Cur uint64 -+ Max uint64 -+} -+ -+type _Gid_t uint32 -+ -+type Stat_t struct { -+ Dev uint64 -+ Ino uint64 -+ Mode uint32 -+ Nlink uint32 -+ Uid uint32 -+ Gid uint32 -+ Rdev uint64 -+ _ uint64 -+ Size int64 -+ Blksize int32 -+ _ int32 -+ Blocks int64 -+ Atim Timespec -+ Mtim Timespec -+ Ctim Timespec -+ _ [2]int32 -+} -+ -+type StatxTimestamp struct { -+ Sec int64 -+ Nsec uint32 -+ _ int32 -+} -+ -+type Statx_t struct { -+ Mask uint32 -+ Blksize uint32 -+ Attributes uint64 -+ Nlink uint32 -+ Uid uint32 -+ Gid uint32 -+ Mode uint16 -+ _ [1]uint16 -+ Ino uint64 -+ Size uint64 -+ Blocks uint64 -+ Attributes_mask uint64 -+ Atime StatxTimestamp -+ Btime StatxTimestamp -+ Ctime StatxTimestamp -+ Mtime StatxTimestamp -+ Rdev_major uint32 -+ Rdev_minor uint32 -+ Dev_major uint32 -+ Dev_minor uint32 -+ _ [14]uint64 -+} -+ -+type Dirent struct { -+ Ino uint64 -+ Off int64 -+ Reclen uint16 -+ Type uint8 -+ Name [256]uint8 -+ _ [5]byte -+} -+ -+type Fsid struct { -+ Val [2]int32 -+} -+ -+type Flock_t struct { -+ Type int16 -+ Whence int16 -+ Start int64 -+ Len int64 -+ Pid int32 -+ _ [4]byte -+} -+ -+type FscryptPolicy struct { -+ Version uint8 -+ Contents_encryption_mode uint8 -+ Filenames_encryption_mode uint8 -+ Flags uint8 -+ Master_key_descriptor [8]uint8 -+} -+ -+type FscryptKey struct { -+ Mode uint32 -+ Raw [64]uint8 -+ Size uint32 -+} -+ -+type KeyctlDHParams struct { -+ Private int32 -+ Prime int32 -+ Base int32 -+} -+ -+const ( -+ FADV_NORMAL = 0x0 -+ FADV_RANDOM = 0x1 -+ FADV_SEQUENTIAL = 0x2 -+ FADV_WILLNEED = 0x3 -+ FADV_DONTNEED = 0x4 -+ FADV_NOREUSE = 0x5 -+) -+ -+type RawSockaddrInet4 struct { -+ Family uint16 -+ Port uint16 -+ Addr [4]byte /* in_addr */ -+ Zero [8]uint8 -+} -+ -+type RawSockaddrInet6 struct { -+ Family uint16 -+ Port uint16 -+ Flowinfo uint32 -+ Addr [16]byte /* in6_addr */ -+ Scope_id uint32 -+} -+ -+type RawSockaddrUnix struct { -+ Family uint16 -+ Path [108]int8 -+} -+ -+type RawSockaddrLinklayer struct { -+ Family uint16 -+ Protocol uint16 -+ Ifindex int32 -+ Hatype uint16 -+ Pkttype uint8 -+ Halen uint8 -+ Addr [8]uint8 -+} -+ -+type RawSockaddrNetlink struct { -+ Family uint16 -+ Pad uint16 -+ Pid uint32 -+ Groups uint32 -+} -+ -+type RawSockaddrHCI struct { -+ Family uint16 -+ Dev uint16 -+ Channel uint16 -+} -+ -+type RawSockaddrL2 struct { -+ Family uint16 -+ Psm uint16 -+ Bdaddr [6]uint8 -+ Cid uint16 -+ Bdaddr_type uint8 -+ _ [1]byte -+} -+ -+type RawSockaddrRFCOMM struct { -+ Family uint16 -+ Bdaddr [6]uint8 -+ Channel uint8 -+ _ [1]byte -+} -+ -+type RawSockaddrCAN struct { -+ Family uint16 -+ Ifindex int32 -+ Addr [8]byte -+} -+ -+type RawSockaddrALG struct { -+ Family uint16 -+ Type [14]uint8 -+ Feat uint32 -+ Mask uint32 -+ Name [64]uint8 -+} -+ -+type RawSockaddrVM struct { -+ Family uint16 -+ Reserved1 uint16 -+ Port uint32 -+ Cid uint32 -+ Zero [4]uint8 -+} -+ -+type RawSockaddrXDP struct { -+ Family uint16 -+ Flags uint16 -+ Ifindex uint32 -+ Queue_id uint32 -+ Shared_umem_fd uint32 -+} -+ -+type RawSockaddrPPPoX [0x1e]byte -+ -+type RawSockaddr struct { -+ Family uint16 -+ Data [14]uint8 -+} -+ -+type RawSockaddrAny struct { -+ Addr RawSockaddr -+ Pad [96]uint8 -+} -+ -+type _Socklen uint32 -+ -+type Linger struct { -+ Onoff int32 -+ Linger int32 -+} -+ -+type Iovec struct { -+ Base *byte -+ Len uint64 -+} -+ -+type IPMreq struct { -+ Multiaddr [4]byte /* in_addr */ -+ Interface [4]byte /* in_addr */ -+} -+ -+type IPMreqn struct { -+ Multiaddr [4]byte /* in_addr */ -+ Address [4]byte /* in_addr */ -+ Ifindex int32 -+} -+ -+type IPv6Mreq struct { -+ Multiaddr [16]byte /* in6_addr */ -+ Interface uint32 -+} -+ -+type PacketMreq struct { -+ Ifindex int32 -+ Type uint16 -+ Alen uint16 -+ Address [8]uint8 -+} -+ -+type Msghdr struct { -+ Name *byte -+ Namelen uint32 -+ Iov *Iovec -+ Iovlen uint64 -+ Control *byte -+ Controllen uint64 -+ Flags int32 -+ _ [4]byte -+} -+ -+type Cmsghdr struct { -+ Len uint64 -+ Level int32 -+ Type int32 -+} -+ -+type Inet4Pktinfo struct { -+ Ifindex int32 -+ Spec_dst [4]byte /* in_addr */ -+ Addr [4]byte /* in_addr */ -+} -+ -+type Inet6Pktinfo struct { -+ Addr [16]byte /* in6_addr */ -+ Ifindex uint32 -+} -+ -+type IPv6MTUInfo struct { -+ Addr RawSockaddrInet6 -+ Mtu uint32 -+} -+ -+type ICMPv6Filter struct { -+ Data [8]uint32 -+} -+ -+type Ucred struct { -+ Pid int32 -+ Uid uint32 -+ Gid uint32 -+} -+ -+type TCPInfo struct { -+ State uint8 -+ Ca_state uint8 -+ Retransmits uint8 -+ Probes uint8 -+ Backoff uint8 -+ Options uint8 -+ Rto uint32 -+ Ato uint32 -+ Snd_mss uint32 -+ Rcv_mss uint32 -+ Unacked uint32 -+ Sacked uint32 -+ Lost uint32 -+ Retrans uint32 -+ Fackets uint32 -+ Last_data_sent uint32 -+ Last_ack_sent uint32 -+ Last_data_recv uint32 -+ Last_ack_recv uint32 -+ Pmtu uint32 -+ Rcv_ssthresh uint32 -+ Rtt uint32 -+ Rttvar uint32 -+ Snd_ssthresh uint32 -+ Snd_cwnd uint32 -+ Advmss uint32 -+ Reordering uint32 -+ Rcv_rtt uint32 -+ Rcv_space uint32 -+ Total_retrans uint32 -+} -+ -+type CanFilter struct { -+ Id uint32 -+ Mask uint32 -+} -+ -+const ( -+ SizeofSockaddrInet4 = 0x10 -+ SizeofSockaddrInet6 = 0x1c -+ SizeofSockaddrAny = 0x70 -+ SizeofSockaddrUnix = 0x6e -+ SizeofSockaddrLinklayer = 0x14 -+ SizeofSockaddrNetlink = 0xc -+ SizeofSockaddrHCI = 0x6 -+ SizeofSockaddrL2 = 0xe -+ SizeofSockaddrRFCOMM = 0xa -+ SizeofSockaddrCAN = 0x10 -+ SizeofSockaddrALG = 0x58 -+ SizeofSockaddrVM = 0x10 -+ SizeofSockaddrXDP = 0x10 -+ SizeofSockaddrPPPoX = 0x1e -+ SizeofLinger = 0x8 -+ SizeofIovec = 0x10 -+ SizeofIPMreq = 0x8 -+ SizeofIPMreqn = 0xc -+ SizeofIPv6Mreq = 0x14 -+ SizeofPacketMreq = 0x10 -+ SizeofMsghdr = 0x38 -+ SizeofCmsghdr = 0x10 -+ SizeofInet4Pktinfo = 0xc -+ SizeofInet6Pktinfo = 0x14 -+ SizeofIPv6MTUInfo = 0x20 -+ SizeofICMPv6Filter = 0x20 -+ SizeofUcred = 0xc -+ SizeofTCPInfo = 0x68 -+ SizeofCanFilter = 0x8 -+) -+ -+const ( -+ NDA_UNSPEC = 0x0 -+ NDA_DST = 0x1 -+ NDA_LLADDR = 0x2 -+ NDA_CACHEINFO = 0x3 -+ NDA_PROBES = 0x4 -+ NDA_VLAN = 0x5 -+ NDA_PORT = 0x6 -+ NDA_VNI = 0x7 -+ NDA_IFINDEX = 0x8 -+ NDA_MASTER = 0x9 -+ NDA_LINK_NETNSID = 0xa -+ NDA_SRC_VNI = 0xb -+ NTF_USE = 0x1 -+ NTF_SELF = 0x2 -+ NTF_MASTER = 0x4 -+ NTF_PROXY = 0x8 -+ NTF_EXT_LEARNED = 0x10 -+ NTF_OFFLOADED = 0x20 -+ NTF_ROUTER = 0x80 -+ NUD_INCOMPLETE = 0x1 -+ NUD_REACHABLE = 0x2 -+ NUD_STALE = 0x4 -+ NUD_DELAY = 0x8 -+ NUD_PROBE = 0x10 -+ NUD_FAILED = 0x20 -+ NUD_NOARP = 0x40 -+ NUD_PERMANENT = 0x80 -+ NUD_NONE = 0x0 -+ IFA_UNSPEC = 0x0 -+ IFA_ADDRESS = 0x1 -+ IFA_LOCAL = 0x2 -+ IFA_LABEL = 0x3 -+ IFA_BROADCAST = 0x4 -+ IFA_ANYCAST = 0x5 -+ IFA_CACHEINFO = 0x6 -+ IFA_MULTICAST = 0x7 -+ IFA_FLAGS = 0x8 -+ IFA_RT_PRIORITY = 0x9 -+ IFA_TARGET_NETNSID = 0xa -+ IFLA_UNSPEC = 0x0 -+ IFLA_ADDRESS = 0x1 -+ IFLA_BROADCAST = 0x2 -+ IFLA_IFNAME = 0x3 -+ IFLA_MTU = 0x4 -+ IFLA_LINK = 0x5 -+ IFLA_QDISC = 0x6 -+ IFLA_STATS = 0x7 -+ IFLA_COST = 0x8 -+ IFLA_PRIORITY = 0x9 -+ IFLA_MASTER = 0xa -+ IFLA_WIRELESS = 0xb -+ IFLA_PROTINFO = 0xc -+ IFLA_TXQLEN = 0xd -+ IFLA_MAP = 0xe -+ IFLA_WEIGHT = 0xf -+ IFLA_OPERSTATE = 0x10 -+ IFLA_LINKMODE = 0x11 -+ IFLA_LINKINFO = 0x12 -+ IFLA_NET_NS_PID = 0x13 -+ IFLA_IFALIAS = 0x14 -+ IFLA_NUM_VF = 0x15 -+ IFLA_VFINFO_LIST = 0x16 -+ IFLA_STATS64 = 0x17 -+ IFLA_VF_PORTS = 0x18 -+ IFLA_PORT_SELF = 0x19 -+ IFLA_AF_SPEC = 0x1a -+ IFLA_GROUP = 0x1b -+ IFLA_NET_NS_FD = 0x1c -+ IFLA_EXT_MASK = 0x1d -+ IFLA_PROMISCUITY = 0x1e -+ IFLA_NUM_TX_QUEUES = 0x1f -+ IFLA_NUM_RX_QUEUES = 0x20 -+ IFLA_CARRIER = 0x21 -+ IFLA_PHYS_PORT_ID = 0x22 -+ IFLA_CARRIER_CHANGES = 0x23 -+ IFLA_PHYS_SWITCH_ID = 0x24 -+ IFLA_LINK_NETNSID = 0x25 -+ IFLA_PHYS_PORT_NAME = 0x26 -+ IFLA_PROTO_DOWN = 0x27 -+ IFLA_GSO_MAX_SEGS = 0x28 -+ IFLA_GSO_MAX_SIZE = 0x29 -+ IFLA_PAD = 0x2a -+ IFLA_XDP = 0x2b -+ IFLA_EVENT = 0x2c -+ IFLA_NEW_NETNSID = 0x2d -+ IFLA_IF_NETNSID = 0x2e -+ IFLA_TARGET_NETNSID = 0x2e -+ IFLA_CARRIER_UP_COUNT = 0x2f -+ IFLA_CARRIER_DOWN_COUNT = 0x30 -+ IFLA_NEW_IFINDEX = 0x31 -+ IFLA_MIN_MTU = 0x32 -+ IFLA_MAX_MTU = 0x33 -+ IFLA_MAX = 0x33 -+ IFLA_INFO_KIND = 0x1 -+ IFLA_INFO_DATA = 0x2 -+ IFLA_INFO_XSTATS = 0x3 -+ IFLA_INFO_SLAVE_KIND = 0x4 -+ IFLA_INFO_SLAVE_DATA = 0x5 -+ RT_SCOPE_UNIVERSE = 0x0 -+ RT_SCOPE_SITE = 0xc8 -+ RT_SCOPE_LINK = 0xfd -+ RT_SCOPE_HOST = 0xfe -+ RT_SCOPE_NOWHERE = 0xff -+ RT_TABLE_UNSPEC = 0x0 -+ RT_TABLE_COMPAT = 0xfc -+ RT_TABLE_DEFAULT = 0xfd -+ RT_TABLE_MAIN = 0xfe -+ RT_TABLE_LOCAL = 0xff -+ RT_TABLE_MAX = 0xffffffff -+ RTA_UNSPEC = 0x0 -+ RTA_DST = 0x1 -+ RTA_SRC = 0x2 -+ RTA_IIF = 0x3 -+ RTA_OIF = 0x4 -+ RTA_GATEWAY = 0x5 -+ RTA_PRIORITY = 0x6 -+ RTA_PREFSRC = 0x7 -+ RTA_METRICS = 0x8 -+ RTA_MULTIPATH = 0x9 -+ RTA_FLOW = 0xb -+ RTA_CACHEINFO = 0xc -+ RTA_TABLE = 0xf -+ RTA_MARK = 0x10 -+ RTA_MFC_STATS = 0x11 -+ RTA_VIA = 0x12 -+ RTA_NEWDST = 0x13 -+ RTA_PREF = 0x14 -+ RTA_ENCAP_TYPE = 0x15 -+ RTA_ENCAP = 0x16 -+ RTA_EXPIRES = 0x17 -+ RTA_PAD = 0x18 -+ RTA_UID = 0x19 -+ RTA_TTL_PROPAGATE = 0x1a -+ RTA_IP_PROTO = 0x1b -+ RTA_SPORT = 0x1c -+ RTA_DPORT = 0x1d -+ RTN_UNSPEC = 0x0 -+ RTN_UNICAST = 0x1 -+ RTN_LOCAL = 0x2 -+ RTN_BROADCAST = 0x3 -+ RTN_ANYCAST = 0x4 -+ RTN_MULTICAST = 0x5 -+ RTN_BLACKHOLE = 0x6 -+ RTN_UNREACHABLE = 0x7 -+ RTN_PROHIBIT = 0x8 -+ RTN_THROW = 0x9 -+ RTN_NAT = 0xa -+ RTN_XRESOLVE = 0xb -+ RTNLGRP_NONE = 0x0 -+ RTNLGRP_LINK = 0x1 -+ RTNLGRP_NOTIFY = 0x2 -+ RTNLGRP_NEIGH = 0x3 -+ RTNLGRP_TC = 0x4 -+ RTNLGRP_IPV4_IFADDR = 0x5 -+ RTNLGRP_IPV4_MROUTE = 0x6 -+ RTNLGRP_IPV4_ROUTE = 0x7 -+ RTNLGRP_IPV4_RULE = 0x8 -+ RTNLGRP_IPV6_IFADDR = 0x9 -+ RTNLGRP_IPV6_MROUTE = 0xa -+ RTNLGRP_IPV6_ROUTE = 0xb -+ RTNLGRP_IPV6_IFINFO = 0xc -+ RTNLGRP_IPV6_PREFIX = 0x12 -+ RTNLGRP_IPV6_RULE = 0x13 -+ RTNLGRP_ND_USEROPT = 0x14 -+ SizeofNlMsghdr = 0x10 -+ SizeofNlMsgerr = 0x14 -+ SizeofRtGenmsg = 0x1 -+ SizeofNlAttr = 0x4 -+ SizeofRtAttr = 0x4 -+ SizeofIfInfomsg = 0x10 -+ SizeofIfAddrmsg = 0x8 -+ SizeofRtMsg = 0xc -+ SizeofRtNexthop = 0x8 -+ SizeofNdUseroptmsg = 0x10 -+ SizeofNdMsg = 0xc -+) -+ -+type NlMsghdr struct { -+ Len uint32 -+ Type uint16 -+ Flags uint16 -+ Seq uint32 -+ Pid uint32 -+} -+ -+type NlMsgerr struct { -+ Error int32 -+ Msg NlMsghdr -+} -+ -+type RtGenmsg struct { -+ Family uint8 -+} -+ -+type NlAttr struct { -+ Len uint16 -+ Type uint16 -+} -+ -+type RtAttr struct { -+ Len uint16 -+ Type uint16 -+} -+ -+type IfInfomsg struct { -+ Family uint8 -+ _ uint8 -+ Type uint16 -+ Index int32 -+ Flags uint32 -+ Change uint32 -+} -+ -+type IfAddrmsg struct { -+ Family uint8 -+ Prefixlen uint8 -+ Flags uint8 -+ Scope uint8 -+ Index uint32 -+} -+ -+type RtMsg struct { -+ Family uint8 -+ Dst_len uint8 -+ Src_len uint8 -+ Tos uint8 -+ Table uint8 -+ Protocol uint8 -+ Scope uint8 -+ Type uint8 -+ Flags uint32 -+} -+ -+type RtNexthop struct { -+ Len uint16 -+ Flags uint8 -+ Hops uint8 -+ Ifindex int32 -+} -+ -+type NdUseroptmsg struct { -+ Family uint8 -+ Pad1 uint8 -+ Opts_len uint16 -+ Ifindex int32 -+ Icmp_type uint8 -+ Icmp_code uint8 -+ Pad2 uint16 -+ Pad3 uint32 -+} -+ -+type NdMsg struct { -+ Family uint8 -+ Pad1 uint8 -+ Pad2 uint16 -+ Ifindex int32 -+ State uint16 -+ Flags uint8 -+ Type uint8 -+} -+ -+const ( -+ SizeofSockFilter = 0x8 -+ SizeofSockFprog = 0x10 -+) -+ -+type SockFilter struct { -+ Code uint16 -+ Jt uint8 -+ Jf uint8 -+ K uint32 -+} -+ -+type SockFprog struct { -+ Len uint16 -+ Filter *SockFilter -+} -+ -+type InotifyEvent struct { -+ Wd int32 -+ Mask uint32 -+ Cookie uint32 -+ Len uint32 -+} -+ -+const SizeofInotifyEvent = 0x10 -+ -+type PtraceRegs struct { -+ Pc uint64 -+ Ra uint64 -+ Sp uint64 -+ Gp uint64 -+ Tp uint64 -+ T0 uint64 -+ T1 uint64 -+ T2 uint64 -+ S0 uint64 -+ S1 uint64 -+ A0 uint64 -+ A1 uint64 -+ A2 uint64 -+ A3 uint64 -+ A4 uint64 -+ A5 uint64 -+ A6 uint64 -+ A7 uint64 -+ S2 uint64 -+ S3 uint64 -+ S4 uint64 -+ S5 uint64 -+ S6 uint64 -+ S7 uint64 -+ S8 uint64 -+ S9 uint64 -+ S10 uint64 -+ S11 uint64 -+ T3 uint64 -+ T4 uint64 -+ T5 uint64 -+ T6 uint64 -+} -+ -+type FdSet struct { -+ Bits [16]int64 -+} -+ -+type Sysinfo_t struct { -+ Uptime int64 -+ Loads [3]uint64 -+ Totalram uint64 -+ Freeram uint64 -+ Sharedram uint64 -+ Bufferram uint64 -+ Totalswap uint64 -+ Freeswap uint64 -+ Procs uint16 -+ Pad uint16 -+ Totalhigh uint64 -+ Freehigh uint64 -+ Unit uint32 -+ _ [0]uint8 -+ _ [4]byte -+} -+ -+type Utsname struct { -+ Sysname [65]byte -+ Nodename [65]byte -+ Release [65]byte -+ Version [65]byte -+ Machine [65]byte -+ Domainname [65]byte -+} -+ -+type Ustat_t struct { -+ Tfree int32 -+ Tinode uint64 -+ Fname [6]uint8 -+ Fpack [6]uint8 -+ _ [4]byte -+} -+ -+type EpollEvent struct { -+ Events uint32 -+ Fd int32 -+ Pad int32 -+} -+ -+const ( -+ AT_EMPTY_PATH = 0x1000 -+ AT_FDCWD = -0x64 -+ AT_NO_AUTOMOUNT = 0x800 -+ AT_REMOVEDIR = 0x200 -+ -+ AT_STATX_SYNC_AS_STAT = 0x0 -+ AT_STATX_FORCE_SYNC = 0x2000 -+ AT_STATX_DONT_SYNC = 0x4000 -+ -+ AT_SYMLINK_FOLLOW = 0x400 -+ AT_SYMLINK_NOFOLLOW = 0x100 -+ -+ AT_EACCESS = 0x200 -+) -+ -+type PollFd struct { -+ Fd int32 -+ Events int16 -+ Revents int16 -+} -+ -+const ( -+ POLLIN = 0x1 -+ POLLPRI = 0x2 -+ POLLOUT = 0x4 -+ POLLRDHUP = 0x2000 -+ POLLERR = 0x8 -+ POLLHUP = 0x10 -+ POLLNVAL = 0x20 -+) -+ -+type Sigset_t struct { -+ Val [16]uint64 -+} -+ -+type SignalfdSiginfo struct { -+ Signo uint32 -+ Errno int32 -+ Code int32 -+ Pid uint32 -+ Uid uint32 -+ Fd int32 -+ Tid uint32 -+ Band uint32 -+ Overrun uint32 -+ Trapno uint32 -+ Status int32 -+ Int int32 -+ Ptr uint64 -+ Utime uint64 -+ Stime uint64 -+ Addr uint64 -+ Addr_lsb uint16 -+ _ uint16 -+ Syscall int32 -+ Call_addr uint64 -+ Arch uint32 -+ _ [28]uint8 -+} -+ -+const PERF_IOC_FLAG_GROUP = 0x1 -+ -+type Termios struct { -+ Iflag uint32 -+ Oflag uint32 -+ Cflag uint32 -+ Lflag uint32 -+ Line uint8 -+ Cc [19]uint8 -+ Ispeed uint32 -+ Ospeed uint32 -+} -+ -+type Winsize struct { -+ Row uint16 -+ Col uint16 -+ Xpixel uint16 -+ Ypixel uint16 -+} -+ -+type Taskstats struct { -+ Version uint16 -+ Ac_exitcode uint32 -+ Ac_flag uint8 -+ Ac_nice uint8 -+ Cpu_count uint64 -+ Cpu_delay_total uint64 -+ Blkio_count uint64 -+ Blkio_delay_total uint64 -+ Swapin_count uint64 -+ Swapin_delay_total uint64 -+ Cpu_run_real_total uint64 -+ Cpu_run_virtual_total uint64 -+ Ac_comm [32]uint8 -+ Ac_sched uint8 -+ Ac_pad [3]uint8 -+ _ [4]byte -+ Ac_uid uint32 -+ Ac_gid uint32 -+ Ac_pid uint32 -+ Ac_ppid uint32 -+ Ac_btime uint32 -+ Ac_etime uint64 -+ Ac_utime uint64 -+ Ac_stime uint64 -+ Ac_minflt uint64 -+ Ac_majflt uint64 -+ Coremem uint64 -+ Virtmem uint64 -+ Hiwater_rss uint64 -+ Hiwater_vm uint64 -+ Read_char uint64 -+ Write_char uint64 -+ Read_syscalls uint64 -+ Write_syscalls uint64 -+ Read_bytes uint64 -+ Write_bytes uint64 -+ Cancelled_write_bytes uint64 -+ Nvcsw uint64 -+ Nivcsw uint64 -+ Ac_utimescaled uint64 -+ Ac_stimescaled uint64 -+ Cpu_scaled_run_real_total uint64 -+ Freepages_count uint64 -+ Freepages_delay_total uint64 -+ Thrashing_count uint64 -+ Thrashing_delay_total uint64 -+} -+ -+const ( -+ TASKSTATS_CMD_UNSPEC = 0x0 -+ TASKSTATS_CMD_GET = 0x1 -+ TASKSTATS_CMD_NEW = 0x2 -+ TASKSTATS_TYPE_UNSPEC = 0x0 -+ TASKSTATS_TYPE_PID = 0x1 -+ TASKSTATS_TYPE_TGID = 0x2 -+ TASKSTATS_TYPE_STATS = 0x3 -+ TASKSTATS_TYPE_AGGR_PID = 0x4 -+ TASKSTATS_TYPE_AGGR_TGID = 0x5 -+ TASKSTATS_TYPE_NULL = 0x6 -+ TASKSTATS_CMD_ATTR_UNSPEC = 0x0 -+ TASKSTATS_CMD_ATTR_PID = 0x1 -+ TASKSTATS_CMD_ATTR_TGID = 0x2 -+ TASKSTATS_CMD_ATTR_REGISTER_CPUMASK = 0x3 -+ TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK = 0x4 -+) -+ -+type CGroupStats struct { -+ Sleeping uint64 -+ Running uint64 -+ Stopped uint64 -+ Uninterruptible uint64 -+ Io_wait uint64 -+} -+ -+const ( -+ CGROUPSTATS_CMD_UNSPEC = 0x3 -+ CGROUPSTATS_CMD_GET = 0x4 -+ CGROUPSTATS_CMD_NEW = 0x5 -+ CGROUPSTATS_TYPE_UNSPEC = 0x0 -+ CGROUPSTATS_TYPE_CGROUP_STATS = 0x1 -+ CGROUPSTATS_CMD_ATTR_UNSPEC = 0x0 -+ CGROUPSTATS_CMD_ATTR_FD = 0x1 -+) -+ -+type Genlmsghdr struct { -+ Cmd uint8 -+ Version uint8 -+ Reserved uint16 -+} -+ -+const ( -+ CTRL_CMD_UNSPEC = 0x0 -+ CTRL_CMD_NEWFAMILY = 0x1 -+ CTRL_CMD_DELFAMILY = 0x2 -+ CTRL_CMD_GETFAMILY = 0x3 -+ CTRL_CMD_NEWOPS = 0x4 -+ CTRL_CMD_DELOPS = 0x5 -+ CTRL_CMD_GETOPS = 0x6 -+ CTRL_CMD_NEWMCAST_GRP = 0x7 -+ CTRL_CMD_DELMCAST_GRP = 0x8 -+ CTRL_CMD_GETMCAST_GRP = 0x9 -+ CTRL_ATTR_UNSPEC = 0x0 -+ CTRL_ATTR_FAMILY_ID = 0x1 -+ CTRL_ATTR_FAMILY_NAME = 0x2 -+ CTRL_ATTR_VERSION = 0x3 -+ CTRL_ATTR_HDRSIZE = 0x4 -+ CTRL_ATTR_MAXATTR = 0x5 -+ CTRL_ATTR_OPS = 0x6 -+ CTRL_ATTR_MCAST_GROUPS = 0x7 -+ CTRL_ATTR_OP_UNSPEC = 0x0 -+ CTRL_ATTR_OP_ID = 0x1 -+ CTRL_ATTR_OP_FLAGS = 0x2 -+ CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0 -+ CTRL_ATTR_MCAST_GRP_NAME = 0x1 -+ CTRL_ATTR_MCAST_GRP_ID = 0x2 -+) -+ -+type cpuMask uint64 -+ -+const ( -+ _CPU_SETSIZE = 0x400 -+ _NCPUBITS = 0x40 -+) -+ -+const ( -+ BDADDR_BREDR = 0x0 -+ BDADDR_LE_PUBLIC = 0x1 -+ BDADDR_LE_RANDOM = 0x2 -+) -+ -+type PerfEventAttr struct { -+ Type uint32 -+ Size uint32 -+ Config uint64 -+ Sample uint64 -+ Sample_type uint64 -+ Read_format uint64 -+ Bits uint64 -+ Wakeup uint32 -+ Bp_type uint32 -+ Ext1 uint64 -+ Ext2 uint64 -+ Branch_sample_type uint64 -+ Sample_regs_user uint64 -+ Sample_stack_user uint32 -+ Clockid int32 -+ Sample_regs_intr uint64 -+ Aux_watermark uint32 -+ Sample_max_stack uint16 -+ _ uint16 -+} -+ -+type PerfEventMmapPage struct { -+ Version uint32 -+ Compat_version uint32 -+ Lock uint32 -+ Index uint32 -+ Offset int64 -+ Time_enabled uint64 -+ Time_running uint64 -+ Capabilities uint64 -+ Pmc_width uint16 -+ Time_shift uint16 -+ Time_mult uint32 -+ Time_offset uint64 -+ Time_zero uint64 -+ Size uint32 -+ _ [948]uint8 -+ Data_head uint64 -+ Data_tail uint64 -+ Data_offset uint64 -+ Data_size uint64 -+ Aux_head uint64 -+ Aux_tail uint64 -+ Aux_offset uint64 -+ Aux_size uint64 -+} -+ -+const ( -+ PerfBitDisabled uint64 = CBitFieldMaskBit0 -+ PerfBitInherit = CBitFieldMaskBit1 -+ PerfBitPinned = CBitFieldMaskBit2 -+ PerfBitExclusive = CBitFieldMaskBit3 -+ PerfBitExcludeUser = CBitFieldMaskBit4 -+ PerfBitExcludeKernel = CBitFieldMaskBit5 -+ PerfBitExcludeHv = CBitFieldMaskBit6 -+ PerfBitExcludeIdle = CBitFieldMaskBit7 -+ PerfBitMmap = CBitFieldMaskBit8 -+ PerfBitComm = CBitFieldMaskBit9 -+ PerfBitFreq = CBitFieldMaskBit10 -+ PerfBitInheritStat = CBitFieldMaskBit11 -+ PerfBitEnableOnExec = CBitFieldMaskBit12 -+ PerfBitTask = CBitFieldMaskBit13 -+ PerfBitWatermark = CBitFieldMaskBit14 -+ PerfBitPreciseIPBit1 = CBitFieldMaskBit15 -+ PerfBitPreciseIPBit2 = CBitFieldMaskBit16 -+ PerfBitMmapData = CBitFieldMaskBit17 -+ PerfBitSampleIDAll = CBitFieldMaskBit18 -+ PerfBitExcludeHost = CBitFieldMaskBit19 -+ PerfBitExcludeGuest = CBitFieldMaskBit20 -+ PerfBitExcludeCallchainKernel = CBitFieldMaskBit21 -+ PerfBitExcludeCallchainUser = CBitFieldMaskBit22 -+ PerfBitMmap2 = CBitFieldMaskBit23 -+ PerfBitCommExec = CBitFieldMaskBit24 -+ PerfBitUseClockID = CBitFieldMaskBit25 -+ PerfBitContextSwitch = CBitFieldMaskBit26 -+) -+ -+const ( -+ PERF_TYPE_HARDWARE = 0x0 -+ PERF_TYPE_SOFTWARE = 0x1 -+ PERF_TYPE_TRACEPOINT = 0x2 -+ PERF_TYPE_HW_CACHE = 0x3 -+ PERF_TYPE_RAW = 0x4 -+ PERF_TYPE_BREAKPOINT = 0x5 -+ -+ PERF_COUNT_HW_CPU_CYCLES = 0x0 -+ PERF_COUNT_HW_INSTRUCTIONS = 0x1 -+ PERF_COUNT_HW_CACHE_REFERENCES = 0x2 -+ PERF_COUNT_HW_CACHE_MISSES = 0x3 -+ PERF_COUNT_HW_BRANCH_INSTRUCTIONS = 0x4 -+ PERF_COUNT_HW_BRANCH_MISSES = 0x5 -+ PERF_COUNT_HW_BUS_CYCLES = 0x6 -+ PERF_COUNT_HW_STALLED_CYCLES_FRONTEND = 0x7 -+ PERF_COUNT_HW_STALLED_CYCLES_BACKEND = 0x8 -+ PERF_COUNT_HW_REF_CPU_CYCLES = 0x9 -+ -+ PERF_COUNT_HW_CACHE_L1D = 0x0 -+ PERF_COUNT_HW_CACHE_L1I = 0x1 -+ PERF_COUNT_HW_CACHE_LL = 0x2 -+ PERF_COUNT_HW_CACHE_DTLB = 0x3 -+ PERF_COUNT_HW_CACHE_ITLB = 0x4 -+ PERF_COUNT_HW_CACHE_BPU = 0x5 -+ PERF_COUNT_HW_CACHE_NODE = 0x6 -+ -+ PERF_COUNT_HW_CACHE_OP_READ = 0x0 -+ PERF_COUNT_HW_CACHE_OP_WRITE = 0x1 -+ PERF_COUNT_HW_CACHE_OP_PREFETCH = 0x2 -+ -+ PERF_COUNT_HW_CACHE_RESULT_ACCESS = 0x0 -+ PERF_COUNT_HW_CACHE_RESULT_MISS = 0x1 -+ -+ PERF_COUNT_SW_CPU_CLOCK = 0x0 -+ PERF_COUNT_SW_TASK_CLOCK = 0x1 -+ PERF_COUNT_SW_PAGE_FAULTS = 0x2 -+ PERF_COUNT_SW_CONTEXT_SWITCHES = 0x3 -+ PERF_COUNT_SW_CPU_MIGRATIONS = 0x4 -+ PERF_COUNT_SW_PAGE_FAULTS_MIN = 0x5 -+ PERF_COUNT_SW_PAGE_FAULTS_MAJ = 0x6 -+ PERF_COUNT_SW_ALIGNMENT_FAULTS = 0x7 -+ PERF_COUNT_SW_EMULATION_FAULTS = 0x8 -+ PERF_COUNT_SW_DUMMY = 0x9 -+ PERF_COUNT_SW_BPF_OUTPUT = 0xa -+ -+ PERF_SAMPLE_IP = 0x1 -+ PERF_SAMPLE_TID = 0x2 -+ PERF_SAMPLE_TIME = 0x4 -+ PERF_SAMPLE_ADDR = 0x8 -+ PERF_SAMPLE_READ = 0x10 -+ PERF_SAMPLE_CALLCHAIN = 0x20 -+ PERF_SAMPLE_ID = 0x40 -+ PERF_SAMPLE_CPU = 0x80 -+ PERF_SAMPLE_PERIOD = 0x100 -+ PERF_SAMPLE_STREAM_ID = 0x200 -+ PERF_SAMPLE_RAW = 0x400 -+ PERF_SAMPLE_BRANCH_STACK = 0x800 -+ -+ PERF_SAMPLE_BRANCH_USER = 0x1 -+ PERF_SAMPLE_BRANCH_KERNEL = 0x2 -+ PERF_SAMPLE_BRANCH_HV = 0x4 -+ PERF_SAMPLE_BRANCH_ANY = 0x8 -+ PERF_SAMPLE_BRANCH_ANY_CALL = 0x10 -+ PERF_SAMPLE_BRANCH_ANY_RETURN = 0x20 -+ PERF_SAMPLE_BRANCH_IND_CALL = 0x40 -+ PERF_SAMPLE_BRANCH_ABORT_TX = 0x80 -+ PERF_SAMPLE_BRANCH_IN_TX = 0x100 -+ PERF_SAMPLE_BRANCH_NO_TX = 0x200 -+ PERF_SAMPLE_BRANCH_COND = 0x400 -+ PERF_SAMPLE_BRANCH_CALL_STACK = 0x800 -+ PERF_SAMPLE_BRANCH_IND_JUMP = 0x1000 -+ PERF_SAMPLE_BRANCH_CALL = 0x2000 -+ PERF_SAMPLE_BRANCH_NO_FLAGS = 0x4000 -+ PERF_SAMPLE_BRANCH_NO_CYCLES = 0x8000 -+ PERF_SAMPLE_BRANCH_TYPE_SAVE = 0x10000 -+ -+ PERF_FORMAT_TOTAL_TIME_ENABLED = 0x1 -+ PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2 -+ PERF_FORMAT_ID = 0x4 -+ PERF_FORMAT_GROUP = 0x8 -+ -+ PERF_RECORD_MMAP = 0x1 -+ PERF_RECORD_LOST = 0x2 -+ PERF_RECORD_COMM = 0x3 -+ PERF_RECORD_EXIT = 0x4 -+ PERF_RECORD_THROTTLE = 0x5 -+ PERF_RECORD_UNTHROTTLE = 0x6 -+ PERF_RECORD_FORK = 0x7 -+ PERF_RECORD_READ = 0x8 -+ PERF_RECORD_SAMPLE = 0x9 -+ PERF_RECORD_MMAP2 = 0xa -+ PERF_RECORD_AUX = 0xb -+ PERF_RECORD_ITRACE_START = 0xc -+ PERF_RECORD_LOST_SAMPLES = 0xd -+ PERF_RECORD_SWITCH = 0xe -+ PERF_RECORD_SWITCH_CPU_WIDE = 0xf -+ PERF_RECORD_NAMESPACES = 0x10 -+ -+ PERF_CONTEXT_HV = -0x20 -+ PERF_CONTEXT_KERNEL = -0x80 -+ PERF_CONTEXT_USER = -0x200 -+ -+ PERF_CONTEXT_GUEST = -0x800 -+ PERF_CONTEXT_GUEST_KERNEL = -0x880 -+ PERF_CONTEXT_GUEST_USER = -0xa00 -+ -+ PERF_FLAG_FD_NO_GROUP = 0x1 -+ PERF_FLAG_FD_OUTPUT = 0x2 -+ PERF_FLAG_PID_CGROUP = 0x4 -+ PERF_FLAG_FD_CLOEXEC = 0x8 -+) -+ -+const ( -+ CBitFieldMaskBit0 = 0x1 -+ CBitFieldMaskBit1 = 0x2 -+ CBitFieldMaskBit2 = 0x4 -+ CBitFieldMaskBit3 = 0x8 -+ CBitFieldMaskBit4 = 0x10 -+ CBitFieldMaskBit5 = 0x20 -+ CBitFieldMaskBit6 = 0x40 -+ CBitFieldMaskBit7 = 0x80 -+ CBitFieldMaskBit8 = 0x100 -+ CBitFieldMaskBit9 = 0x200 -+ CBitFieldMaskBit10 = 0x400 -+ CBitFieldMaskBit11 = 0x800 -+ CBitFieldMaskBit12 = 0x1000 -+ CBitFieldMaskBit13 = 0x2000 -+ CBitFieldMaskBit14 = 0x4000 -+ CBitFieldMaskBit15 = 0x8000 -+ CBitFieldMaskBit16 = 0x10000 -+ CBitFieldMaskBit17 = 0x20000 -+ CBitFieldMaskBit18 = 0x40000 -+ CBitFieldMaskBit19 = 0x80000 -+ CBitFieldMaskBit20 = 0x100000 -+ CBitFieldMaskBit21 = 0x200000 -+ CBitFieldMaskBit22 = 0x400000 -+ CBitFieldMaskBit23 = 0x800000 -+ CBitFieldMaskBit24 = 0x1000000 -+ CBitFieldMaskBit25 = 0x2000000 -+ CBitFieldMaskBit26 = 0x4000000 -+ CBitFieldMaskBit27 = 0x8000000 -+ CBitFieldMaskBit28 = 0x10000000 -+ CBitFieldMaskBit29 = 0x20000000 -+ CBitFieldMaskBit30 = 0x40000000 -+ CBitFieldMaskBit31 = 0x80000000 -+ CBitFieldMaskBit32 = 0x100000000 -+ CBitFieldMaskBit33 = 0x200000000 -+ CBitFieldMaskBit34 = 0x400000000 -+ CBitFieldMaskBit35 = 0x800000000 -+ CBitFieldMaskBit36 = 0x1000000000 -+ CBitFieldMaskBit37 = 0x2000000000 -+ CBitFieldMaskBit38 = 0x4000000000 -+ CBitFieldMaskBit39 = 0x8000000000 -+ CBitFieldMaskBit40 = 0x10000000000 -+ CBitFieldMaskBit41 = 0x20000000000 -+ CBitFieldMaskBit42 = 0x40000000000 -+ CBitFieldMaskBit43 = 0x80000000000 -+ CBitFieldMaskBit44 = 0x100000000000 -+ CBitFieldMaskBit45 = 0x200000000000 -+ CBitFieldMaskBit46 = 0x400000000000 -+ CBitFieldMaskBit47 = 0x800000000000 -+ CBitFieldMaskBit48 = 0x1000000000000 -+ CBitFieldMaskBit49 = 0x2000000000000 -+ CBitFieldMaskBit50 = 0x4000000000000 -+ CBitFieldMaskBit51 = 0x8000000000000 -+ CBitFieldMaskBit52 = 0x10000000000000 -+ CBitFieldMaskBit53 = 0x20000000000000 -+ CBitFieldMaskBit54 = 0x40000000000000 -+ CBitFieldMaskBit55 = 0x80000000000000 -+ CBitFieldMaskBit56 = 0x100000000000000 -+ CBitFieldMaskBit57 = 0x200000000000000 -+ CBitFieldMaskBit58 = 0x400000000000000 -+ CBitFieldMaskBit59 = 0x800000000000000 -+ CBitFieldMaskBit60 = 0x1000000000000000 -+ CBitFieldMaskBit61 = 0x2000000000000000 -+ CBitFieldMaskBit62 = 0x4000000000000000 -+ CBitFieldMaskBit63 = 0x8000000000000000 -+) -+ -+type SockaddrStorage struct { -+ Family uint16 -+ _ [118]uint8 -+ _ uint64 -+} -+ -+type TCPMD5Sig struct { -+ Addr SockaddrStorage -+ Flags uint8 -+ Prefixlen uint8 -+ Keylen uint16 -+ _ uint32 -+ Key [80]uint8 -+} -+ -+type HDDriveCmdHdr struct { -+ Command uint8 -+ Number uint8 -+ Feature uint8 -+ Count uint8 -+} -+ -+type HDGeometry struct { -+ Heads uint8 -+ Sectors uint8 -+ Cylinders uint16 -+ Start uint64 -+} -+ -+type HDDriveID struct { -+ Config uint16 -+ Cyls uint16 -+ Reserved2 uint16 -+ Heads uint16 -+ Track_bytes uint16 -+ Sector_bytes uint16 -+ Sectors uint16 -+ Vendor0 uint16 -+ Vendor1 uint16 -+ Vendor2 uint16 -+ Serial_no [20]uint8 -+ Buf_type uint16 -+ Buf_size uint16 -+ Ecc_bytes uint16 -+ Fw_rev [8]uint8 -+ Model [40]uint8 -+ Max_multsect uint8 -+ Vendor3 uint8 -+ Dword_io uint16 -+ Vendor4 uint8 -+ Capability uint8 -+ Reserved50 uint16 -+ Vendor5 uint8 -+ TPIO uint8 -+ Vendor6 uint8 -+ TDMA uint8 -+ Field_valid uint16 -+ Cur_cyls uint16 -+ Cur_heads uint16 -+ Cur_sectors uint16 -+ Cur_capacity0 uint16 -+ Cur_capacity1 uint16 -+ Multsect uint8 -+ Multsect_valid uint8 -+ Lba_capacity uint32 -+ Dma_1word uint16 -+ Dma_mword uint16 -+ Eide_pio_modes uint16 -+ Eide_dma_min uint16 -+ Eide_dma_time uint16 -+ Eide_pio uint16 -+ Eide_pio_iordy uint16 -+ Words69_70 [2]uint16 -+ Words71_74 [4]uint16 -+ Queue_depth uint16 -+ Words76_79 [4]uint16 -+ Major_rev_num uint16 -+ Minor_rev_num uint16 -+ Command_set_1 uint16 -+ Command_set_2 uint16 -+ Cfsse uint16 -+ Cfs_enable_1 uint16 -+ Cfs_enable_2 uint16 -+ Csf_default uint16 -+ Dma_ultra uint16 -+ Trseuc uint16 -+ TrsEuc uint16 -+ CurAPMvalues uint16 -+ Mprc uint16 -+ Hw_config uint16 -+ Acoustic uint16 -+ Msrqs uint16 -+ Sxfert uint16 -+ Sal uint16 -+ Spg uint32 -+ Lba_capacity_2 uint64 -+ Words104_125 [22]uint16 -+ Last_lun uint16 -+ Word127 uint16 -+ Dlf uint16 -+ Csfo uint16 -+ Words130_155 [26]uint16 -+ Word156 uint16 -+ Words157_159 [3]uint16 -+ Cfa_power uint16 -+ Words161_175 [15]uint16 -+ Words176_205 [30]uint16 -+ Words206_254 [49]uint16 -+ Integrity_word uint16 -+} -+ -+type Statfs_t struct { -+ Type int64 -+ Bsize int64 -+ Blocks uint64 -+ Bfree uint64 -+ Bavail uint64 -+ Files uint64 -+ Ffree uint64 -+ Fsid Fsid -+ Namelen int64 -+ Frsize int64 -+ Flags int64 -+ Spare [4]int64 -+} -+ -+const ( -+ ST_MANDLOCK = 0x40 -+ ST_NOATIME = 0x400 -+ ST_NODEV = 0x4 -+ ST_NODIRATIME = 0x800 -+ ST_NOEXEC = 0x8 -+ ST_NOSUID = 0x2 -+ ST_RDONLY = 0x1 -+ ST_RELATIME = 0x1000 -+ ST_SYNCHRONOUS = 0x10 -+) -+ -+type TpacketHdr struct { -+ Status uint64 -+ Len uint32 -+ Snaplen uint32 -+ Mac uint16 -+ Net uint16 -+ Sec uint32 -+ Usec uint32 -+ _ [4]byte -+} -+ -+type Tpacket2Hdr struct { -+ Status uint32 -+ Len uint32 -+ Snaplen uint32 -+ Mac uint16 -+ Net uint16 -+ Sec uint32 -+ Nsec uint32 -+ Vlan_tci uint16 -+ Vlan_tpid uint16 -+ _ [4]uint8 -+} -+ -+type Tpacket3Hdr struct { -+ Next_offset uint32 -+ Sec uint32 -+ Nsec uint32 -+ Snaplen uint32 -+ Len uint32 -+ Status uint32 -+ Mac uint16 -+ Net uint16 -+ Hv1 TpacketHdrVariant1 -+ _ [8]uint8 -+} -+ -+type TpacketHdrVariant1 struct { -+ Rxhash uint32 -+ Vlan_tci uint32 -+ Vlan_tpid uint16 -+ _ uint16 -+} -+ -+type TpacketBlockDesc struct { -+ Version uint32 -+ To_priv uint32 -+ Hdr [40]byte -+} -+ -+type TpacketBDTS struct { -+ Sec uint32 -+ Usec uint32 -+} -+ -+type TpacketHdrV1 struct { -+ Block_status uint32 -+ Num_pkts uint32 -+ Offset_to_first_pkt uint32 -+ Blk_len uint32 -+ Seq_num uint64 -+ Ts_first_pkt TpacketBDTS -+ Ts_last_pkt TpacketBDTS -+} -+ -+type TpacketReq struct { -+ Block_size uint32 -+ Block_nr uint32 -+ Frame_size uint32 -+ Frame_nr uint32 -+} -+ -+type TpacketReq3 struct { -+ Block_size uint32 -+ Block_nr uint32 -+ Frame_size uint32 -+ Frame_nr uint32 -+ Retire_blk_tov uint32 -+ Sizeof_priv uint32 -+ Feature_req_word uint32 -+} -+ -+type TpacketStats struct { -+ Packets uint32 -+ Drops uint32 -+} -+ -+type TpacketStatsV3 struct { -+ Packets uint32 -+ Drops uint32 -+ Freeze_q_cnt uint32 -+} -+ -+type TpacketAuxdata struct { -+ Status uint32 -+ Len uint32 -+ Snaplen uint32 -+ Mac uint16 -+ Net uint16 -+ Vlan_tci uint16 -+ Vlan_tpid uint16 -+} -+ -+const ( -+ TPACKET_V1 = 0x0 -+ TPACKET_V2 = 0x1 -+ TPACKET_V3 = 0x2 -+) -+ -+const ( -+ SizeofTpacketHdr = 0x20 -+ SizeofTpacket2Hdr = 0x20 -+ SizeofTpacket3Hdr = 0x30 -+ -+ SizeofTpacketStats = 0x8 -+ SizeofTpacketStatsV3 = 0xc -+) -+ -+const ( -+ NF_INET_PRE_ROUTING = 0x0 -+ NF_INET_LOCAL_IN = 0x1 -+ NF_INET_FORWARD = 0x2 -+ NF_INET_LOCAL_OUT = 0x3 -+ NF_INET_POST_ROUTING = 0x4 -+ NF_INET_NUMHOOKS = 0x5 -+) -+ -+const ( -+ NF_NETDEV_INGRESS = 0x0 -+ NF_NETDEV_NUMHOOKS = 0x1 -+) -+ -+const ( -+ NFPROTO_UNSPEC = 0x0 -+ NFPROTO_INET = 0x1 -+ NFPROTO_IPV4 = 0x2 -+ NFPROTO_ARP = 0x3 -+ NFPROTO_NETDEV = 0x5 -+ NFPROTO_BRIDGE = 0x7 -+ NFPROTO_IPV6 = 0xa -+ NFPROTO_DECNET = 0xc -+ NFPROTO_NUMPROTO = 0xd -+) -+ -+type Nfgenmsg struct { -+ Nfgen_family uint8 -+ Version uint8 -+ Res_id uint16 -+} -+ -+const ( -+ NFNL_BATCH_UNSPEC = 0x0 -+ NFNL_BATCH_GENID = 0x1 -+) -+ -+const ( -+ NFT_REG_VERDICT = 0x0 -+ NFT_REG_1 = 0x1 -+ NFT_REG_2 = 0x2 -+ NFT_REG_3 = 0x3 -+ NFT_REG_4 = 0x4 -+ NFT_REG32_00 = 0x8 -+ NFT_REG32_01 = 0x9 -+ NFT_REG32_02 = 0xa -+ NFT_REG32_03 = 0xb -+ NFT_REG32_04 = 0xc -+ NFT_REG32_05 = 0xd -+ NFT_REG32_06 = 0xe -+ NFT_REG32_07 = 0xf -+ NFT_REG32_08 = 0x10 -+ NFT_REG32_09 = 0x11 -+ NFT_REG32_10 = 0x12 -+ NFT_REG32_11 = 0x13 -+ NFT_REG32_12 = 0x14 -+ NFT_REG32_13 = 0x15 -+ NFT_REG32_14 = 0x16 -+ NFT_REG32_15 = 0x17 -+ NFT_CONTINUE = -0x1 -+ NFT_BREAK = -0x2 -+ NFT_JUMP = -0x3 -+ NFT_GOTO = -0x4 -+ NFT_RETURN = -0x5 -+ NFT_MSG_NEWTABLE = 0x0 -+ NFT_MSG_GETTABLE = 0x1 -+ NFT_MSG_DELTABLE = 0x2 -+ NFT_MSG_NEWCHAIN = 0x3 -+ NFT_MSG_GETCHAIN = 0x4 -+ NFT_MSG_DELCHAIN = 0x5 -+ NFT_MSG_NEWRULE = 0x6 -+ NFT_MSG_GETRULE = 0x7 -+ NFT_MSG_DELRULE = 0x8 -+ NFT_MSG_NEWSET = 0x9 -+ NFT_MSG_GETSET = 0xa -+ NFT_MSG_DELSET = 0xb -+ NFT_MSG_NEWSETELEM = 0xc -+ NFT_MSG_GETSETELEM = 0xd -+ NFT_MSG_DELSETELEM = 0xe -+ NFT_MSG_NEWGEN = 0xf -+ NFT_MSG_GETGEN = 0x10 -+ NFT_MSG_TRACE = 0x11 -+ NFT_MSG_NEWOBJ = 0x12 -+ NFT_MSG_GETOBJ = 0x13 -+ NFT_MSG_DELOBJ = 0x14 -+ NFT_MSG_GETOBJ_RESET = 0x15 -+ NFT_MSG_MAX = 0x19 -+ NFTA_LIST_UNPEC = 0x0 -+ NFTA_LIST_ELEM = 0x1 -+ NFTA_HOOK_UNSPEC = 0x0 -+ NFTA_HOOK_HOOKNUM = 0x1 -+ NFTA_HOOK_PRIORITY = 0x2 -+ NFTA_HOOK_DEV = 0x3 -+ NFT_TABLE_F_DORMANT = 0x1 -+ NFTA_TABLE_UNSPEC = 0x0 -+ NFTA_TABLE_NAME = 0x1 -+ NFTA_TABLE_FLAGS = 0x2 -+ NFTA_TABLE_USE = 0x3 -+ NFTA_CHAIN_UNSPEC = 0x0 -+ NFTA_CHAIN_TABLE = 0x1 -+ NFTA_CHAIN_HANDLE = 0x2 -+ NFTA_CHAIN_NAME = 0x3 -+ NFTA_CHAIN_HOOK = 0x4 -+ NFTA_CHAIN_POLICY = 0x5 -+ NFTA_CHAIN_USE = 0x6 -+ NFTA_CHAIN_TYPE = 0x7 -+ NFTA_CHAIN_COUNTERS = 0x8 -+ NFTA_CHAIN_PAD = 0x9 -+ NFTA_RULE_UNSPEC = 0x0 -+ NFTA_RULE_TABLE = 0x1 -+ NFTA_RULE_CHAIN = 0x2 -+ NFTA_RULE_HANDLE = 0x3 -+ NFTA_RULE_EXPRESSIONS = 0x4 -+ NFTA_RULE_COMPAT = 0x5 -+ NFTA_RULE_POSITION = 0x6 -+ NFTA_RULE_USERDATA = 0x7 -+ NFTA_RULE_PAD = 0x8 -+ NFTA_RULE_ID = 0x9 -+ NFT_RULE_COMPAT_F_INV = 0x2 -+ NFT_RULE_COMPAT_F_MASK = 0x2 -+ NFTA_RULE_COMPAT_UNSPEC = 0x0 -+ NFTA_RULE_COMPAT_PROTO = 0x1 -+ NFTA_RULE_COMPAT_FLAGS = 0x2 -+ NFT_SET_ANONYMOUS = 0x1 -+ NFT_SET_CONSTANT = 0x2 -+ NFT_SET_INTERVAL = 0x4 -+ NFT_SET_MAP = 0x8 -+ NFT_SET_TIMEOUT = 0x10 -+ NFT_SET_EVAL = 0x20 -+ NFT_SET_OBJECT = 0x40 -+ NFT_SET_POL_PERFORMANCE = 0x0 -+ NFT_SET_POL_MEMORY = 0x1 -+ NFTA_SET_DESC_UNSPEC = 0x0 -+ NFTA_SET_DESC_SIZE = 0x1 -+ NFTA_SET_UNSPEC = 0x0 -+ NFTA_SET_TABLE = 0x1 -+ NFTA_SET_NAME = 0x2 -+ NFTA_SET_FLAGS = 0x3 -+ NFTA_SET_KEY_TYPE = 0x4 -+ NFTA_SET_KEY_LEN = 0x5 -+ NFTA_SET_DATA_TYPE = 0x6 -+ NFTA_SET_DATA_LEN = 0x7 -+ NFTA_SET_POLICY = 0x8 -+ NFTA_SET_DESC = 0x9 -+ NFTA_SET_ID = 0xa -+ NFTA_SET_TIMEOUT = 0xb -+ NFTA_SET_GC_INTERVAL = 0xc -+ NFTA_SET_USERDATA = 0xd -+ NFTA_SET_PAD = 0xe -+ NFTA_SET_OBJ_TYPE = 0xf -+ NFT_SET_ELEM_INTERVAL_END = 0x1 -+ NFTA_SET_ELEM_UNSPEC = 0x0 -+ NFTA_SET_ELEM_KEY = 0x1 -+ NFTA_SET_ELEM_DATA = 0x2 -+ NFTA_SET_ELEM_FLAGS = 0x3 -+ NFTA_SET_ELEM_TIMEOUT = 0x4 -+ NFTA_SET_ELEM_EXPIRATION = 0x5 -+ NFTA_SET_ELEM_USERDATA = 0x6 -+ NFTA_SET_ELEM_EXPR = 0x7 -+ NFTA_SET_ELEM_PAD = 0x8 -+ NFTA_SET_ELEM_OBJREF = 0x9 -+ NFTA_SET_ELEM_LIST_UNSPEC = 0x0 -+ NFTA_SET_ELEM_LIST_TABLE = 0x1 -+ NFTA_SET_ELEM_LIST_SET = 0x2 -+ NFTA_SET_ELEM_LIST_ELEMENTS = 0x3 -+ NFTA_SET_ELEM_LIST_SET_ID = 0x4 -+ NFT_DATA_VALUE = 0x0 -+ NFT_DATA_VERDICT = 0xffffff00 -+ NFTA_DATA_UNSPEC = 0x0 -+ NFTA_DATA_VALUE = 0x1 -+ NFTA_DATA_VERDICT = 0x2 -+ NFTA_VERDICT_UNSPEC = 0x0 -+ NFTA_VERDICT_CODE = 0x1 -+ NFTA_VERDICT_CHAIN = 0x2 -+ NFTA_EXPR_UNSPEC = 0x0 -+ NFTA_EXPR_NAME = 0x1 -+ NFTA_EXPR_DATA = 0x2 -+ NFTA_IMMEDIATE_UNSPEC = 0x0 -+ NFTA_IMMEDIATE_DREG = 0x1 -+ NFTA_IMMEDIATE_DATA = 0x2 -+ NFTA_BITWISE_UNSPEC = 0x0 -+ NFTA_BITWISE_SREG = 0x1 -+ NFTA_BITWISE_DREG = 0x2 -+ NFTA_BITWISE_LEN = 0x3 -+ NFTA_BITWISE_MASK = 0x4 -+ NFTA_BITWISE_XOR = 0x5 -+ NFT_BYTEORDER_NTOH = 0x0 -+ NFT_BYTEORDER_HTON = 0x1 -+ NFTA_BYTEORDER_UNSPEC = 0x0 -+ NFTA_BYTEORDER_SREG = 0x1 -+ NFTA_BYTEORDER_DREG = 0x2 -+ NFTA_BYTEORDER_OP = 0x3 -+ NFTA_BYTEORDER_LEN = 0x4 -+ NFTA_BYTEORDER_SIZE = 0x5 -+ NFT_CMP_EQ = 0x0 -+ NFT_CMP_NEQ = 0x1 -+ NFT_CMP_LT = 0x2 -+ NFT_CMP_LTE = 0x3 -+ NFT_CMP_GT = 0x4 -+ NFT_CMP_GTE = 0x5 -+ NFTA_CMP_UNSPEC = 0x0 -+ NFTA_CMP_SREG = 0x1 -+ NFTA_CMP_OP = 0x2 -+ NFTA_CMP_DATA = 0x3 -+ NFT_RANGE_EQ = 0x0 -+ NFT_RANGE_NEQ = 0x1 -+ NFTA_RANGE_UNSPEC = 0x0 -+ NFTA_RANGE_SREG = 0x1 -+ NFTA_RANGE_OP = 0x2 -+ NFTA_RANGE_FROM_DATA = 0x3 -+ NFTA_RANGE_TO_DATA = 0x4 -+ NFT_LOOKUP_F_INV = 0x1 -+ NFTA_LOOKUP_UNSPEC = 0x0 -+ NFTA_LOOKUP_SET = 0x1 -+ NFTA_LOOKUP_SREG = 0x2 -+ NFTA_LOOKUP_DREG = 0x3 -+ NFTA_LOOKUP_SET_ID = 0x4 -+ NFTA_LOOKUP_FLAGS = 0x5 -+ NFT_DYNSET_OP_ADD = 0x0 -+ NFT_DYNSET_OP_UPDATE = 0x1 -+ NFT_DYNSET_F_INV = 0x1 -+ NFTA_DYNSET_UNSPEC = 0x0 -+ NFTA_DYNSET_SET_NAME = 0x1 -+ NFTA_DYNSET_SET_ID = 0x2 -+ NFTA_DYNSET_OP = 0x3 -+ NFTA_DYNSET_SREG_KEY = 0x4 -+ NFTA_DYNSET_SREG_DATA = 0x5 -+ NFTA_DYNSET_TIMEOUT = 0x6 -+ NFTA_DYNSET_EXPR = 0x7 -+ NFTA_DYNSET_PAD = 0x8 -+ NFTA_DYNSET_FLAGS = 0x9 -+ NFT_PAYLOAD_LL_HEADER = 0x0 -+ NFT_PAYLOAD_NETWORK_HEADER = 0x1 -+ NFT_PAYLOAD_TRANSPORT_HEADER = 0x2 -+ NFT_PAYLOAD_CSUM_NONE = 0x0 -+ NFT_PAYLOAD_CSUM_INET = 0x1 -+ NFT_PAYLOAD_L4CSUM_PSEUDOHDR = 0x1 -+ NFTA_PAYLOAD_UNSPEC = 0x0 -+ NFTA_PAYLOAD_DREG = 0x1 -+ NFTA_PAYLOAD_BASE = 0x2 -+ NFTA_PAYLOAD_OFFSET = 0x3 -+ NFTA_PAYLOAD_LEN = 0x4 -+ NFTA_PAYLOAD_SREG = 0x5 -+ NFTA_PAYLOAD_CSUM_TYPE = 0x6 -+ NFTA_PAYLOAD_CSUM_OFFSET = 0x7 -+ NFTA_PAYLOAD_CSUM_FLAGS = 0x8 -+ NFT_EXTHDR_F_PRESENT = 0x1 -+ NFT_EXTHDR_OP_IPV6 = 0x0 -+ NFT_EXTHDR_OP_TCPOPT = 0x1 -+ NFTA_EXTHDR_UNSPEC = 0x0 -+ NFTA_EXTHDR_DREG = 0x1 -+ NFTA_EXTHDR_TYPE = 0x2 -+ NFTA_EXTHDR_OFFSET = 0x3 -+ NFTA_EXTHDR_LEN = 0x4 -+ NFTA_EXTHDR_FLAGS = 0x5 -+ NFTA_EXTHDR_OP = 0x6 -+ NFTA_EXTHDR_SREG = 0x7 -+ NFT_META_LEN = 0x0 -+ NFT_META_PROTOCOL = 0x1 -+ NFT_META_PRIORITY = 0x2 -+ NFT_META_MARK = 0x3 -+ NFT_META_IIF = 0x4 -+ NFT_META_OIF = 0x5 -+ NFT_META_IIFNAME = 0x6 -+ NFT_META_OIFNAME = 0x7 -+ NFT_META_IIFTYPE = 0x8 -+ NFT_META_OIFTYPE = 0x9 -+ NFT_META_SKUID = 0xa -+ NFT_META_SKGID = 0xb -+ NFT_META_NFTRACE = 0xc -+ NFT_META_RTCLASSID = 0xd -+ NFT_META_SECMARK = 0xe -+ NFT_META_NFPROTO = 0xf -+ NFT_META_L4PROTO = 0x10 -+ NFT_META_BRI_IIFNAME = 0x11 -+ NFT_META_BRI_OIFNAME = 0x12 -+ NFT_META_PKTTYPE = 0x13 -+ NFT_META_CPU = 0x14 -+ NFT_META_IIFGROUP = 0x15 -+ NFT_META_OIFGROUP = 0x16 -+ NFT_META_CGROUP = 0x17 -+ NFT_META_PRANDOM = 0x18 -+ NFT_RT_CLASSID = 0x0 -+ NFT_RT_NEXTHOP4 = 0x1 -+ NFT_RT_NEXTHOP6 = 0x2 -+ NFT_RT_TCPMSS = 0x3 -+ NFT_HASH_JENKINS = 0x0 -+ NFT_HASH_SYM = 0x1 -+ NFTA_HASH_UNSPEC = 0x0 -+ NFTA_HASH_SREG = 0x1 -+ NFTA_HASH_DREG = 0x2 -+ NFTA_HASH_LEN = 0x3 -+ NFTA_HASH_MODULUS = 0x4 -+ NFTA_HASH_SEED = 0x5 -+ NFTA_HASH_OFFSET = 0x6 -+ NFTA_HASH_TYPE = 0x7 -+ NFTA_META_UNSPEC = 0x0 -+ NFTA_META_DREG = 0x1 -+ NFTA_META_KEY = 0x2 -+ NFTA_META_SREG = 0x3 -+ NFTA_RT_UNSPEC = 0x0 -+ NFTA_RT_DREG = 0x1 -+ NFTA_RT_KEY = 0x2 -+ NFT_CT_STATE = 0x0 -+ NFT_CT_DIRECTION = 0x1 -+ NFT_CT_STATUS = 0x2 -+ NFT_CT_MARK = 0x3 -+ NFT_CT_SECMARK = 0x4 -+ NFT_CT_EXPIRATION = 0x5 -+ NFT_CT_HELPER = 0x6 -+ NFT_CT_L3PROTOCOL = 0x7 -+ NFT_CT_SRC = 0x8 -+ NFT_CT_DST = 0x9 -+ NFT_CT_PROTOCOL = 0xa -+ NFT_CT_PROTO_SRC = 0xb -+ NFT_CT_PROTO_DST = 0xc -+ NFT_CT_LABELS = 0xd -+ NFT_CT_PKTS = 0xe -+ NFT_CT_BYTES = 0xf -+ NFT_CT_AVGPKT = 0x10 -+ NFT_CT_ZONE = 0x11 -+ NFT_CT_EVENTMASK = 0x12 -+ NFTA_CT_UNSPEC = 0x0 -+ NFTA_CT_DREG = 0x1 -+ NFTA_CT_KEY = 0x2 -+ NFTA_CT_DIRECTION = 0x3 -+ NFTA_CT_SREG = 0x4 -+ NFT_LIMIT_PKTS = 0x0 -+ NFT_LIMIT_PKT_BYTES = 0x1 -+ NFT_LIMIT_F_INV = 0x1 -+ NFTA_LIMIT_UNSPEC = 0x0 -+ NFTA_LIMIT_RATE = 0x1 -+ NFTA_LIMIT_UNIT = 0x2 -+ NFTA_LIMIT_BURST = 0x3 -+ NFTA_LIMIT_TYPE = 0x4 -+ NFTA_LIMIT_FLAGS = 0x5 -+ NFTA_LIMIT_PAD = 0x6 -+ NFTA_COUNTER_UNSPEC = 0x0 -+ NFTA_COUNTER_BYTES = 0x1 -+ NFTA_COUNTER_PACKETS = 0x2 -+ NFTA_COUNTER_PAD = 0x3 -+ NFTA_LOG_UNSPEC = 0x0 -+ NFTA_LOG_GROUP = 0x1 -+ NFTA_LOG_PREFIX = 0x2 -+ NFTA_LOG_SNAPLEN = 0x3 -+ NFTA_LOG_QTHRESHOLD = 0x4 -+ NFTA_LOG_LEVEL = 0x5 -+ NFTA_LOG_FLAGS = 0x6 -+ NFTA_QUEUE_UNSPEC = 0x0 -+ NFTA_QUEUE_NUM = 0x1 -+ NFTA_QUEUE_TOTAL = 0x2 -+ NFTA_QUEUE_FLAGS = 0x3 -+ NFTA_QUEUE_SREG_QNUM = 0x4 -+ NFT_QUOTA_F_INV = 0x1 -+ NFT_QUOTA_F_DEPLETED = 0x2 -+ NFTA_QUOTA_UNSPEC = 0x0 -+ NFTA_QUOTA_BYTES = 0x1 -+ NFTA_QUOTA_FLAGS = 0x2 -+ NFTA_QUOTA_PAD = 0x3 -+ NFTA_QUOTA_CONSUMED = 0x4 -+ NFT_REJECT_ICMP_UNREACH = 0x0 -+ NFT_REJECT_TCP_RST = 0x1 -+ NFT_REJECT_ICMPX_UNREACH = 0x2 -+ NFT_REJECT_ICMPX_NO_ROUTE = 0x0 -+ NFT_REJECT_ICMPX_PORT_UNREACH = 0x1 -+ NFT_REJECT_ICMPX_HOST_UNREACH = 0x2 -+ NFT_REJECT_ICMPX_ADMIN_PROHIBITED = 0x3 -+ NFTA_REJECT_UNSPEC = 0x0 -+ NFTA_REJECT_TYPE = 0x1 -+ NFTA_REJECT_ICMP_CODE = 0x2 -+ NFT_NAT_SNAT = 0x0 -+ NFT_NAT_DNAT = 0x1 -+ NFTA_NAT_UNSPEC = 0x0 -+ NFTA_NAT_TYPE = 0x1 -+ NFTA_NAT_FAMILY = 0x2 -+ NFTA_NAT_REG_ADDR_MIN = 0x3 -+ NFTA_NAT_REG_ADDR_MAX = 0x4 -+ NFTA_NAT_REG_PROTO_MIN = 0x5 -+ NFTA_NAT_REG_PROTO_MAX = 0x6 -+ NFTA_NAT_FLAGS = 0x7 -+ NFTA_MASQ_UNSPEC = 0x0 -+ NFTA_MASQ_FLAGS = 0x1 -+ NFTA_MASQ_REG_PROTO_MIN = 0x2 -+ NFTA_MASQ_REG_PROTO_MAX = 0x3 -+ NFTA_REDIR_UNSPEC = 0x0 -+ NFTA_REDIR_REG_PROTO_MIN = 0x1 -+ NFTA_REDIR_REG_PROTO_MAX = 0x2 -+ NFTA_REDIR_FLAGS = 0x3 -+ NFTA_DUP_UNSPEC = 0x0 -+ NFTA_DUP_SREG_ADDR = 0x1 -+ NFTA_DUP_SREG_DEV = 0x2 -+ NFTA_FWD_UNSPEC = 0x0 -+ NFTA_FWD_SREG_DEV = 0x1 -+ NFTA_OBJREF_UNSPEC = 0x0 -+ NFTA_OBJREF_IMM_TYPE = 0x1 -+ NFTA_OBJREF_IMM_NAME = 0x2 -+ NFTA_OBJREF_SET_SREG = 0x3 -+ NFTA_OBJREF_SET_NAME = 0x4 -+ NFTA_OBJREF_SET_ID = 0x5 -+ NFTA_GEN_UNSPEC = 0x0 -+ NFTA_GEN_ID = 0x1 -+ NFTA_GEN_PROC_PID = 0x2 -+ NFTA_GEN_PROC_NAME = 0x3 -+ NFTA_FIB_UNSPEC = 0x0 -+ NFTA_FIB_DREG = 0x1 -+ NFTA_FIB_RESULT = 0x2 -+ NFTA_FIB_FLAGS = 0x3 -+ NFT_FIB_RESULT_UNSPEC = 0x0 -+ NFT_FIB_RESULT_OIF = 0x1 -+ NFT_FIB_RESULT_OIFNAME = 0x2 -+ NFT_FIB_RESULT_ADDRTYPE = 0x3 -+ NFTA_FIB_F_SADDR = 0x1 -+ NFTA_FIB_F_DADDR = 0x2 -+ NFTA_FIB_F_MARK = 0x4 -+ NFTA_FIB_F_IIF = 0x8 -+ NFTA_FIB_F_OIF = 0x10 -+ NFTA_FIB_F_PRESENT = 0x20 -+ NFTA_CT_HELPER_UNSPEC = 0x0 -+ NFTA_CT_HELPER_NAME = 0x1 -+ NFTA_CT_HELPER_L3PROTO = 0x2 -+ NFTA_CT_HELPER_L4PROTO = 0x3 -+ NFTA_OBJ_UNSPEC = 0x0 -+ NFTA_OBJ_TABLE = 0x1 -+ NFTA_OBJ_NAME = 0x2 -+ NFTA_OBJ_TYPE = 0x3 -+ NFTA_OBJ_DATA = 0x4 -+ NFTA_OBJ_USE = 0x5 -+ NFTA_TRACE_UNSPEC = 0x0 -+ NFTA_TRACE_TABLE = 0x1 -+ NFTA_TRACE_CHAIN = 0x2 -+ NFTA_TRACE_RULE_HANDLE = 0x3 -+ NFTA_TRACE_TYPE = 0x4 -+ NFTA_TRACE_VERDICT = 0x5 -+ NFTA_TRACE_ID = 0x6 -+ NFTA_TRACE_LL_HEADER = 0x7 -+ NFTA_TRACE_NETWORK_HEADER = 0x8 -+ NFTA_TRACE_TRANSPORT_HEADER = 0x9 -+ NFTA_TRACE_IIF = 0xa -+ NFTA_TRACE_IIFTYPE = 0xb -+ NFTA_TRACE_OIF = 0xc -+ NFTA_TRACE_OIFTYPE = 0xd -+ NFTA_TRACE_MARK = 0xe -+ NFTA_TRACE_NFPROTO = 0xf -+ NFTA_TRACE_POLICY = 0x10 -+ NFTA_TRACE_PAD = 0x11 -+ NFT_TRACETYPE_UNSPEC = 0x0 -+ NFT_TRACETYPE_POLICY = 0x1 -+ NFT_TRACETYPE_RETURN = 0x2 -+ NFT_TRACETYPE_RULE = 0x3 -+ NFTA_NG_UNSPEC = 0x0 -+ NFTA_NG_DREG = 0x1 -+ NFTA_NG_MODULUS = 0x2 -+ NFTA_NG_TYPE = 0x3 -+ NFTA_NG_OFFSET = 0x4 -+ NFT_NG_INCREMENTAL = 0x0 -+ NFT_NG_RANDOM = 0x1 -+) -+ -+type RTCTime struct { -+ Sec int32 -+ Min int32 -+ Hour int32 -+ Mday int32 -+ Mon int32 -+ Year int32 -+ Wday int32 -+ Yday int32 -+ Isdst int32 -+} -+ -+type RTCWkAlrm struct { -+ Enabled uint8 -+ Pending uint8 -+ Time RTCTime -+} -+ -+type RTCPLLInfo struct { -+ Ctrl int32 -+ Value int32 -+ Max int32 -+ Min int32 -+ Posmult int32 -+ Negmult int32 -+ Clock int64 -+} -+ -+type BlkpgIoctlArg struct { -+ Op int32 -+ Flags int32 -+ Datalen int32 -+ Data *byte -+} -+ -+type BlkpgPartition struct { -+ Start int64 -+ Length int64 -+ Pno int32 -+ Devname [64]uint8 -+ Volname [64]uint8 -+ _ [4]byte -+} -+ -+const ( -+ BLKPG = 0x1269 -+ BLKPG_ADD_PARTITION = 0x1 -+ BLKPG_DEL_PARTITION = 0x2 -+ BLKPG_RESIZE_PARTITION = 0x3 -+) -+ -+const ( -+ NETNSA_NONE = 0x0 -+ NETNSA_NSID = 0x1 -+ NETNSA_PID = 0x2 -+ NETNSA_FD = 0x3 -+) -+ -+type XDPRingOffset struct { -+ Producer uint64 -+ Consumer uint64 -+ Desc uint64 -+} -+ -+type XDPMmapOffsets struct { -+ Rx XDPRingOffset -+ Tx XDPRingOffset -+ Fr XDPRingOffset -+ Cr XDPRingOffset -+} -+ -+type XDPUmemReg struct { -+ Addr uint64 -+ Len uint64 -+ Size uint32 -+ Headroom uint32 -+} -+ -+type XDPStatistics struct { -+ Rx_dropped uint64 -+ Rx_invalid_descs uint64 -+ Tx_invalid_descs uint64 -+} -+ -+type XDPDesc struct { -+ Addr uint64 -+ Len uint32 -+ Options uint32 -+} -+ -+const ( -+ NCSI_CMD_UNSPEC = 0x0 -+ NCSI_CMD_PKG_INFO = 0x1 -+ NCSI_CMD_SET_INTERFACE = 0x2 -+ NCSI_CMD_CLEAR_INTERFACE = 0x3 -+ NCSI_ATTR_UNSPEC = 0x0 -+ NCSI_ATTR_IFINDEX = 0x1 -+ NCSI_ATTR_PACKAGE_LIST = 0x2 -+ NCSI_ATTR_PACKAGE_ID = 0x3 -+ NCSI_ATTR_CHANNEL_ID = 0x4 -+ NCSI_PKG_ATTR_UNSPEC = 0x0 -+ NCSI_PKG_ATTR = 0x1 -+ NCSI_PKG_ATTR_ID = 0x2 -+ NCSI_PKG_ATTR_FORCED = 0x3 -+ NCSI_PKG_ATTR_CHANNEL_LIST = 0x4 -+ NCSI_CHANNEL_ATTR_UNSPEC = 0x0 -+ NCSI_CHANNEL_ATTR = 0x1 -+ NCSI_CHANNEL_ATTR_ID = 0x2 -+ NCSI_CHANNEL_ATTR_VERSION_MAJOR = 0x3 -+ NCSI_CHANNEL_ATTR_VERSION_MINOR = 0x4 -+ NCSI_CHANNEL_ATTR_VERSION_STR = 0x5 -+ NCSI_CHANNEL_ATTR_LINK_STATE = 0x6 -+ NCSI_CHANNEL_ATTR_ACTIVE = 0x7 -+ NCSI_CHANNEL_ATTR_FORCED = 0x8 -+ NCSI_CHANNEL_ATTR_VLAN_LIST = 0x9 -+ NCSI_CHANNEL_ATTR_VLAN_ID = 0xa -+) -+ -+type ScmTimestamping struct { -+ Ts [3]Timespec -+} -+ -+const ( -+ SOF_TIMESTAMPING_TX_HARDWARE = 0x1 -+ SOF_TIMESTAMPING_TX_SOFTWARE = 0x2 -+ SOF_TIMESTAMPING_RX_HARDWARE = 0x4 -+ SOF_TIMESTAMPING_RX_SOFTWARE = 0x8 -+ SOF_TIMESTAMPING_SOFTWARE = 0x10 -+ SOF_TIMESTAMPING_SYS_HARDWARE = 0x20 -+ SOF_TIMESTAMPING_RAW_HARDWARE = 0x40 -+ SOF_TIMESTAMPING_OPT_ID = 0x80 -+ SOF_TIMESTAMPING_TX_SCHED = 0x100 -+ SOF_TIMESTAMPING_TX_ACK = 0x200 -+ SOF_TIMESTAMPING_OPT_CMSG = 0x400 -+ SOF_TIMESTAMPING_OPT_TSONLY = 0x800 -+ SOF_TIMESTAMPING_OPT_STATS = 0x1000 -+ SOF_TIMESTAMPING_OPT_PKTINFO = 0x2000 -+ SOF_TIMESTAMPING_OPT_TX_SWHW = 0x4000 -+ -+ SOF_TIMESTAMPING_LAST = 0x4000 -+ SOF_TIMESTAMPING_MASK = 0x7fff -+ -+ SCM_TSTAMP_SND = 0x0 -+ SCM_TSTAMP_SCHED = 0x1 -+ SCM_TSTAMP_ACK = 0x2 -+) -+ -+type SockExtendedErr struct { -+ Errno uint32 -+ Origin uint8 -+ Type uint8 -+ Code uint8 -+ Pad uint8 -+ Info uint32 -+ Data uint32 -+} -+ -+type FanotifyEventMetadata struct { -+ Event_len uint32 -+ Vers uint8 -+ Reserved uint8 -+ Metadata_len uint16 -+ Mask uint64 -+ Fd int32 -+ Pid int32 -+} -+ -+type FanotifyResponse struct { -+ Fd int32 -+ Response uint32 -+} -+ -+const ( -+ CRYPTO_MSG_BASE = 0x10 -+ CRYPTO_MSG_NEWALG = 0x10 -+ CRYPTO_MSG_DELALG = 0x11 -+ CRYPTO_MSG_UPDATEALG = 0x12 -+ CRYPTO_MSG_GETALG = 0x13 -+ CRYPTO_MSG_DELRNG = 0x14 -+ CRYPTO_MSG_GETSTAT = 0x15 -+) -+ -+const ( -+ CRYPTOCFGA_UNSPEC = 0x0 -+ CRYPTOCFGA_PRIORITY_VAL = 0x1 -+ CRYPTOCFGA_REPORT_LARVAL = 0x2 -+ CRYPTOCFGA_REPORT_HASH = 0x3 -+ CRYPTOCFGA_REPORT_BLKCIPHER = 0x4 -+ CRYPTOCFGA_REPORT_AEAD = 0x5 -+ CRYPTOCFGA_REPORT_COMPRESS = 0x6 -+ CRYPTOCFGA_REPORT_RNG = 0x7 -+ CRYPTOCFGA_REPORT_CIPHER = 0x8 -+ CRYPTOCFGA_REPORT_AKCIPHER = 0x9 -+ CRYPTOCFGA_REPORT_KPP = 0xa -+ CRYPTOCFGA_REPORT_ACOMP = 0xb -+ CRYPTOCFGA_STAT_LARVAL = 0xc -+ CRYPTOCFGA_STAT_HASH = 0xd -+ CRYPTOCFGA_STAT_BLKCIPHER = 0xe -+ CRYPTOCFGA_STAT_AEAD = 0xf -+ CRYPTOCFGA_STAT_COMPRESS = 0x10 -+ CRYPTOCFGA_STAT_RNG = 0x11 -+ CRYPTOCFGA_STAT_CIPHER = 0x12 -+ CRYPTOCFGA_STAT_AKCIPHER = 0x13 -+ CRYPTOCFGA_STAT_KPP = 0x14 -+ CRYPTOCFGA_STAT_ACOMP = 0x15 -+) -+ -+type CryptoUserAlg struct { -+ Name [64]uint8 -+ Driver_name [64]uint8 -+ Module_name [64]uint8 -+ Type uint32 -+ Mask uint32 -+ Refcnt uint32 -+ Flags uint32 -+} -+ -+type CryptoStatAEAD struct { -+ Type [64]uint8 -+ Encrypt_cnt uint64 -+ Encrypt_tlen uint64 -+ Decrypt_cnt uint64 -+ Decrypt_tlen uint64 -+ Err_cnt uint64 -+} -+ -+type CryptoStatAKCipher struct { -+ Type [64]uint8 -+ Encrypt_cnt uint64 -+ Encrypt_tlen uint64 -+ Decrypt_cnt uint64 -+ Decrypt_tlen uint64 -+ Verify_cnt uint64 -+ Sign_cnt uint64 -+ Err_cnt uint64 -+} -+ -+type CryptoStatCipher struct { -+ Type [64]uint8 -+ Encrypt_cnt uint64 -+ Encrypt_tlen uint64 -+ Decrypt_cnt uint64 -+ Decrypt_tlen uint64 -+ Err_cnt uint64 -+} -+ -+type CryptoStatCompress struct { -+ Type [64]uint8 -+ Compress_cnt uint64 -+ Compress_tlen uint64 -+ Decompress_cnt uint64 -+ Decompress_tlen uint64 -+ Err_cnt uint64 -+} -+ -+type CryptoStatHash struct { -+ Type [64]uint8 -+ Hash_cnt uint64 -+ Hash_tlen uint64 -+ Err_cnt uint64 -+} -+ -+type CryptoStatKPP struct { -+ Type [64]uint8 -+ Setsecret_cnt uint64 -+ Generate_public_key_cnt uint64 -+ Compute_shared_secret_cnt uint64 -+ Err_cnt uint64 -+} -+ -+type CryptoStatRNG struct { -+ Type [64]uint8 -+ Generate_cnt uint64 -+ Generate_tlen uint64 -+ Seed_cnt uint64 -+ Err_cnt uint64 -+} -+ -+type CryptoStatLarval struct { -+ Type [64]uint8 -+} -+ -+type CryptoReportLarval struct { -+ Type [64]uint8 -+} -+ -+type CryptoReportHash struct { -+ Type [64]uint8 -+ Blocksize uint32 -+ Digestsize uint32 -+} -+ -+type CryptoReportCipher struct { -+ Type [64]uint8 -+ Blocksize uint32 -+ Min_keysize uint32 -+ Max_keysize uint32 -+} -+ -+type CryptoReportBlkCipher struct { -+ Type [64]uint8 -+ Geniv [64]uint8 -+ Blocksize uint32 -+ Min_keysize uint32 -+ Max_keysize uint32 -+ Ivsize uint32 -+} -+ -+type CryptoReportAEAD struct { -+ Type [64]uint8 -+ Geniv [64]uint8 -+ Blocksize uint32 -+ Maxauthsize uint32 -+ Ivsize uint32 -+} -+ -+type CryptoReportComp struct { -+ Type [64]uint8 -+} -+ -+type CryptoReportRNG struct { -+ Type [64]uint8 -+ Seedsize uint32 -+} -+ -+type CryptoReportAKCipher struct { -+ Type [64]uint8 -+} -+ -+type CryptoReportKPP struct { -+ Type [64]uint8 -+} -+ -+type CryptoReportAcomp struct { -+ Type [64]uint8 -+} --- -2.23.0 - diff --git a/patch/0064-containerd-check-task-list-to-avoid-unnecessary-clea.patch b/patch/0064-containerd-check-task-list-to-avoid-unnecessary-clea.patch deleted file mode 100644 index caea572bd25bec56ea5de1b2016eafa0f99e9c18..0000000000000000000000000000000000000000 --- a/patch/0064-containerd-check-task-list-to-avoid-unnecessary-clea.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 53111d2f094b738a4b3a35bcec85f78324ca8509 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Tue, 24 Nov 2020 11:00:32 +0800 -Subject: [PATCH] containerd: check task list to avoid unnecessary cleanup - -Signed-off-by: Lantao Liu -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/runtime.go | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 5be785d..0feb587 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -374,6 +374,11 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - shimExit := make(chan struct{}) - s, err := bundle.NewShimClient(ctx, ns, ShimConnect(r.config, func() { - close(shimExit) -+ if _, err := r.tasks.Get(ctx, id); err != nil { -+ // Task was never started or was already successfully deleted -+ return -+ } -+ - err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid) - if err != nil { - log.G(ctx).WithError(err).WithField("bundle", bundle.path). --- -1.8.3.1 - diff --git a/patch/0065-containerd-add-blot-symbol-to-support-riscv.patch b/patch/0065-containerd-add-blot-symbol-to-support-riscv.patch deleted file mode 100644 index d59f2d2d19b12da64ae0ae9b21cbe152bb9b3016..0000000000000000000000000000000000000000 --- a/patch/0065-containerd-add-blot-symbol-to-support-riscv.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d03e4a480ba9f954ebe077981202c811e21640e9 Mon Sep 17 00:00:00 2001 -From: yangyanchao -Date: Tue, 15 Dec 2020 03:24:47 +0000 -Subject: [PATCH 2/2] containerd-add-sys-symbol-to-support-riscv - ---- - vendor/go.etcd.io/bbolt/bolt_riscv64.go | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - create mode 100644 vendor/go.etcd.io/bbolt/bolt_riscv64.go - -diff --git a/vendor/go.etcd.io/bbolt/bolt_riscv64.go b/vendor/go.etcd.io/bbolt/bolt_riscv64.go -new file mode 100644 -index 0000000..5f1c364 ---- /dev/null -+++ b/vendor/go.etcd.io/bbolt/bolt_riscv64.go -@@ -0,0 +1,12 @@ -+// +build riscv64 -+ -+package bbolt -+ -+// maxMapSize represents the latgest mmap size supported by Bolt. -+const maxMapSize = 0xFFFFFFFFFFFF // 256TB -+ -+// maxAllocSize is the size used when creating array pointers. -+const maxAllocSize = 0x7FFFFFFF -+ -+// Are unaligned load/stores broken on this arch? -+var brokenUnaligned = false --- -2.23.0 - diff --git a/patch/0065-containerd-fix-dead-loop.patch b/patch/0065-containerd-fix-dead-loop.patch deleted file mode 100644 index e7311d24815f14f3ba197caf8f834db15c190371..0000000000000000000000000000000000000000 --- a/patch/0065-containerd-fix-dead-loop.patch +++ /dev/null @@ -1,37 +0,0 @@ -From b315a85a6695dfbe67767f21713c3ccfc7cae73e Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Mon, 1 Feb 2021 09:48:07 +0800 -Subject: [PATCH] containerd: fix dead loop - -Change-Id: I6b2ce4456ca8fe197683692721d150f4e5d7e3fe -Signed-off-by: jingrui ---- - runtime/v1/shim/client/client.go | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index 06453b35a..9e63af4ea 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -393,15 +393,15 @@ func (c *Client) signalShim(ctx context.Context, sig syscall.Signal) error { - - func (c *Client) waitForExit(pid int) <-chan struct{} { - c.exitOnce.Do(func() { -- for { -+ for i := 0; i < 1000; i++ { - // use kill(pid, 0) here because the shim could have been reparented - // and we are no longer able to waitpid(pid, ...) on the shim - if err := unix.Kill(pid, 0); err == unix.ESRCH { -- close(c.exitCh) -- return -+ break - } - time.Sleep(10 * time.Millisecond) - } -+ close(c.exitCh) - }) - return c.exitCh - } --- -2.17.1 - diff --git a/patch/0066-containerd-cleanup-dangling-shim-by-brand-new-context.patch b/patch/0066-containerd-cleanup-dangling-shim-by-brand-new-context.patch deleted file mode 100644 index ecfe407b9531b7b0742c2cae361735d8b1cc9d65..0000000000000000000000000000000000000000 --- a/patch/0066-containerd-cleanup-dangling-shim-by-brand-new-context.patch +++ /dev/null @@ -1,41 +0,0 @@ -From a530cb668134335d4e5d6595d5d5a9cb74e16428 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Tue, 19 Jan 2021 15:01:00 +0800 -Subject: [PATCH] containerd: cleanup dangling shim by brand new context - -Upstream:https://github.com/containerd/containerd/pull/4048 - -Signed-off-by: xiadanni ---- - runtime/v1/linux/runtime.go | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 0feb587..66f959d 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -66,6 +66,9 @@ const ( - configFilename = "config.json" - defaultRuntime = "runc" - defaultShim = "containerd-shim" -+ -+ // cleanupTimeout is default timeout for cleanup operations -+ cleanupTimeout = 1 * time.Minute - ) - - func init() { -@@ -226,7 +229,10 @@ func (r *Runtime) Create(ctx context.Context, id string, opts runtime.CreateOpts - } - defer func() { - if err != nil { -- kerr := s.KillShim(ctx) -+ deferCtx, deferCancel := context.WithTimeout( -+ namespaces.WithNamespace(context.TODO(), namespace), cleanupTimeout) -+ defer deferCancel() -+ kerr := s.KillShim(deferCtx) - log.G(ctx).WithError(err).Errorf("revert: kill shim error=%v", kerr) - } - }() --- -1.8.3.1 - diff --git a/patch/0067-containerd-fix-potential-panic-for-task-in-unknown-state.patch b/patch/0067-containerd-fix-potential-panic-for-task-in-unknown-state.patch deleted file mode 100644 index 5197dcaeb513614b00ad9cc1a8735729d74d08b5..0000000000000000000000000000000000000000 --- a/patch/0067-containerd-fix-potential-panic-for-task-in-unknown-state.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 4c9ec5f1eece90929eb3b525c28f3713b7153d7d Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Tue, 19 Jan 2021 20:34:45 +0800 -Subject: [PATCH] containerd:fix potential panic for task in unknown state - -Upstream:https://github.com/containerd/containerd/pull/3611 - -Signed-off-by: xiadanni ---- - cio/io_unix.go | 22 ++++++++++++---------- - container.go | 13 +++++++++++-- - 2 files changed, 23 insertions(+), 12 deletions(-) - -diff --git a/cio/io_unix.go b/cio/io_unix.go -index 3ab2a30..53b6b2d 100644 ---- a/cio/io_unix.go -+++ b/cio/io_unix.go -@@ -72,17 +72,19 @@ func copyIO(fifos *FIFOSet, ioset *Streams) (*cio, error) { - } - - var wg = &sync.WaitGroup{} -- wg.Add(1) -- go func() { -- p := bufPool.Get().(*[]byte) -- defer bufPool.Put(p) -- -- io.CopyBuffer(ioset.Stdout, pipes.Stdout, *p) -- pipes.Stdout.Close() -- wg.Done() -- }() -+ if fifos.Stdout != "" { -+ wg.Add(1) -+ go func() { -+ p := bufPool.Get().(*[]byte) -+ defer bufPool.Put(p) -+ -+ io.CopyBuffer(ioset.Stdout, pipes.Stdout, *p) -+ pipes.Stdout.Close() -+ wg.Done() -+ }() -+ } - -- if !fifos.Terminal { -+ if !fifos.Terminal && fifos.Stderr != "" { - wg.Add(1) - go func() { - p := bufPool.Get().(*[]byte) -diff --git a/container.go b/container.go -index 3c09b2d..63b074a 100644 ---- a/container.go -+++ b/container.go -@@ -25,6 +25,7 @@ import ( - - "github.com/containerd/containerd/api/services/tasks/v1" - "github.com/containerd/containerd/api/types" -+ tasktypes "github.com/containerd/containerd/api/types/task" - "github.com/containerd/containerd/cio" - "github.com/containerd/containerd/containers" - "github.com/containerd/containerd/errdefs" -@@ -32,6 +33,7 @@ import ( - "github.com/containerd/typeurl" - prototypes "github.com/gogo/protobuf/types" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - // Container is a metadata object for container resources and task creation -@@ -284,9 +286,16 @@ func (c *container) loadTask(ctx context.Context, ioAttach cio.Attach) (Task, er - return nil, err - } - var i cio.IO -+ - if ioAttach != nil { -- if i, err = attachExistingIO(response, ioAttach); err != nil { -- return nil, err -+ if response.Process.Status == tasktypes.StatusUnknown { -+ logrus.Warnf("container %v loadTask: task get returns process status unknown", c.id) -+ } else { -+ // Do not attach IO for task in unknown state, because there -+ // are no fifo paths anyway. -+ if i, err = attachExistingIO(response, ioAttach); err != nil { -+ return nil, err -+ } - } - } - t := &task{ --- -1.8.3.1 - diff --git a/patch/0068-containerd-compile-option-compliance.patch b/patch/0068-containerd-compile-option-compliance.patch deleted file mode 100644 index 8f26e10129054a161e71c7fbe2d272cd35ad006d..0000000000000000000000000000000000000000 --- a/patch/0068-containerd-compile-option-compliance.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 0cda15b8d0241f9c15c0efe12d19877761f7b387 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Thu, 18 Mar 2021 10:29:02 +0800 -Subject: [PATCH] containerd: compile option compliance - -Signed-off-by: xiadanni ---- - Makefile | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/Makefile b/Makefile -index f69559b..102db9f 100644 ---- a/Makefile -+++ b/Makefile -@@ -82,7 +82,7 @@ BEP_DIR=/tmp/containerd-build-bep - BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep - - GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' --SHIM_GO_LDFLAGS=-ldflags ' -buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' -+SHIM_GO_LDFLAGS=-ldflags '-extldflags=-static' -ldflags '-buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -linkmode=external -extldflags=-Wl,-z,relro,-z,now' - - #Replaces ":" (*nix), ";" (windows) with newline for easy parsing - GOPATHS=$(shell echo ${GOPATH} | tr ":" "\n" | tr ";" "\n") -@@ -171,11 +171,21 @@ FORCE: - bin/%: cmd/% FORCE - mkdir -p $(BEP_DIR) - @echo "$(WHALE) $@${BINARY_SUFFIX}" -+ CGO_ENABLED=1 \ -+ CGO_CFLAGS="-fstack-protector-strong -fPIE" \ -+ CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \ -+ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ -+ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ - go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< - - bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim" -- go build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim -+ CGO_ENABLED=1 \ -+ CGO_CFLAGS="-fstack-protector-strong -fPIE" \ -+ CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \ -+ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ -+ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ -+ go build -buildmode=pie ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim - - bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim-runc-v1" --- -1.8.3.1 - diff --git a/patch/0069-containerd-add-check-in-spec.patch b/patch/0069-containerd-add-check-in-spec.patch deleted file mode 100644 index 2e96fe058c25c2d819bafaa1a886ae3bc1c294dc..0000000000000000000000000000000000000000 --- a/patch/0069-containerd-add-check-in-spec.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 27be5a04fc8b28e14ff296f5b9356ace8feb39ce Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Thu, 18 Feb 2021 20:28:52 +0800 -Subject: [PATCH] containerd: add check in spec - -Change-Id: I8ddf63ec1c4da479e90838678136237b5822d463 -Signed-off-by: xiadanni ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index 96c2370..511b6f2 100644 ---- a/Makefile -+++ b/Makefile -@@ -151,7 +151,7 @@ build: ## build the go packages - - test: ## run tests, except integration tests and tests that require root - @echo "$(WHALE) $@" -- @go test ${TESTFLAGS} $(filter-out ${INTEGRATION_PACKAGE},${PACKAGES}) -+ @go test ${TESTFLAGS} ./gc - - root-test: ## run tests, except integration tests - @echo "$(WHALE) $@" --- -1.8.3.1 - diff --git a/patch/0070-containerd-kill-container-init-process-if-runc-start.patch b/patch/0070-containerd-kill-container-init-process-if-runc-start.patch deleted file mode 100644 index 54185552225df570695b2230885a6f5d9523818f..0000000000000000000000000000000000000000 --- a/patch/0070-containerd-kill-container-init-process-if-runc-start.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 52d42e0b850cde3600028b00e19f5325a61ddad3 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Mon, 1 Feb 2021 19:36:53 +0800 -Subject: [PATCH] containerd: kill container init process if runc start returns - error - -Signed-off-by: xiadanni ---- - runtime/v1/linux/proc/init.go | 4 +++ - utils/utils.go | 61 +++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 65 insertions(+) - create mode 100644 utils/utils.go - -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index de76682..669c108 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -35,6 +35,7 @@ import ( - "github.com/containerd/containerd/log" - "github.com/containerd/containerd/mount" - "github.com/containerd/containerd/runtime/proc" -+ "github.com/containerd/containerd/utils" - "github.com/containerd/fifo" - runc "github.com/containerd/go-runc" - google_protobuf "github.com/gogo/protobuf/types" -@@ -277,6 +278,9 @@ func (p *Init) Status(ctx context.Context) (string, error) { - - func (p *Init) start(context context.Context) error { - err := p.runtime.Start(context, p.id) -+ if err != nil { -+ utils.KillInitProcess(p.id, p.pid) -+ } - return p.runtimeError(err, "OCI runtime start failed") - } - -diff --git a/utils/utils.go b/utils/utils.go -new file mode 100644 -index 0000000..c57c6ca ---- /dev/null -+++ b/utils/utils.go -@@ -0,0 +1,61 @@ -+/* -+Copyright (c) Huawei Technologies Co., Ltd. 2021. All rights reserved. -+Use of this source code is governed by Apache-2.0 -+license that can be found in the LICENSE file. -+Description: common functions -+Author: Danni Xia -+Create: 2021-01-30 -+*/ -+ -+package utils -+ -+import ( -+ "encoding/json" -+ "io/ioutil" -+ "path/filepath" -+ "strconv" -+ "strings" -+ "syscall" -+ -+ "github.com/sirupsen/logrus" -+) -+ -+type baseState struct { -+ InitProcessStartTime string `json:"init_process_start"` -+} -+ -+func KillInitProcess(cid string, pid int) { -+ if IsInitProcess(cid, pid) { -+ syscall.Kill(pid, syscall.SIGKILL) -+ } -+} -+ -+func IsInitProcess(cid string, pid int) bool { -+ stateBytes, err1 := ioutil.ReadFile(filepath.Join("/var/run/docker/runtime-runc/moby", cid, "state.json")) -+ statBytes, err2 := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "stat")) -+ if err1 != nil || err2 != nil { -+ return true -+ } -+ -+ s := strings.Split(string(statBytes), ")") -+ if len(s) < 1 { -+ return true -+ } -+ -+ statFields := strings.Split(strings.TrimSpace(s[len(s)-1]), " ") -+ if len(statFields) < 20 { -+ return true -+ } -+ -+ var baseState baseState -+ if err := json.Unmarshal(stateBytes, &baseState); err != nil { -+ return true -+ } -+ -+ if baseState.InitProcessStartTime == statFields[19] { -+ return true -+ } -+ -+ logrus.Warnf("process(pid:%d, start time:%s) is not container %s init process", pid, statFields[19], cid) -+ return false -+} --- -1.8.3.1 - diff --git a/patch/0071-containerd-fix-containerd-shim-residual-when-kill-co.patch b/patch/0071-containerd-fix-containerd-shim-residual-when-kill-co.patch deleted file mode 100644 index c6c4b6c658e35435b98a9920f32ef1dd4ea1c4dd..0000000000000000000000000000000000000000 --- a/patch/0071-containerd-fix-containerd-shim-residual-when-kill-co.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 5d72fe2c0d6774e94cad6feacec87db703104fe7 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Fri, 19 Feb 2021 16:37:48 +0800 -Subject: [PATCH] containerd: fix containerd-shim residual when kill containerd - during starting container - -after shim process started, containerd will write shim socket address -to address file, but if containerd is killed before write file, new -containerd process could not get shim socket address, and will not -kill it even if that shim could not work. -so we write address file ahead of starting shim process. - -Signed-off-by: xiadanni ---- - runtime/v1/shim/client/client.go | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index 9e63af4..bc9ac92 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -92,6 +92,10 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - go io.Copy(os.Stderr, stderrLog) - } - -+ if err := writeFile(filepath.Join(config.Path, "address"), address); err != nil { -+ return nil, nil, err -+ } -+ - cmd, err := newCommand(binary, daemonAddress, debug, config, f, stdoutLog, stderrLog) - if err != nil { - return nil, nil, err -@@ -122,9 +126,6 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - "debug": debug, - }).Infof("shim %s started", binary) - -- if err := writeFile(filepath.Join(config.Path, "address"), address); err != nil { -- return nil, nil, err -- } - if err := writeFile(filepath.Join(config.Path, "shim.pid"), strconv.Itoa(cmd.Process.Pid)); err != nil { - return nil, nil, err - } --- -1.8.3.1 - diff --git a/patch/0072-containerd-fix-deadlock-on-commit-error.patch b/patch/0072-containerd-fix-deadlock-on-commit-error.patch deleted file mode 100644 index 4dbb4962c18216bece34a2046f4ed802d2543b89..0000000000000000000000000000000000000000 --- a/patch/0072-containerd-fix-deadlock-on-commit-error.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 39183d7937d408afceb9456972ad3e42beb336c6 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Sat, 27 Feb 2021 11:19:22 +0800 -Subject: [PATCH] containerd:fix deadlock on commit error - -upstream:https://github.com/containerd/containerd/commit/5b9bd993a87008e06a34258f0672a78564adab13 -Signed-off-by: xiadanni ---- - content/local/writer.go | 5 +++-- - diff/walking/differ.go | 5 +++-- - 2 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/content/local/writer.go b/content/local/writer.go -index 223b145..3a94744 100644 ---- a/content/local/writer.go -+++ b/content/local/writer.go -@@ -74,6 +74,9 @@ func (w *writer) Write(p []byte) (n int, err error) { - } - - func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest, opts ...content.Opt) error { -+ // Ensure even on error the writer is fully closed -+ defer unlock(w.ref) -+ - var base content.Info - for _, opt := range opts { - if err := opt(&base); err != nil { -@@ -81,8 +84,6 @@ func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest, - } - } - -- // Ensure even on error the writer is fully closed -- defer unlock(w.ref) - fp := w.fp - w.fp = nil - -diff --git a/diff/walking/differ.go b/diff/walking/differ.go -index a45a563..1c82860 100644 ---- a/diff/walking/differ.go -+++ b/diff/walking/differ.go -@@ -106,14 +106,15 @@ func (s *walkingDiff) Compare(ctx context.Context, lower, upper []mount.Mount, o - } - }() - if !newReference { -- if err := cw.Truncate(0); err != nil { -+ if err = cw.Truncate(0); err != nil { - return err - } - } - - if isCompressed { - dgstr := digest.SHA256.Digester() -- compressed, err := compression.CompressStream(cw, compression.Gzip) -+ var compressed io.WriteCloser -+ compressed, err = compression.CompressStream(cw, compression.Gzip) - if err != nil { - return errors.Wrap(err, "failed to get compressed stream") - } --- -1.8.3.1 - diff --git a/patch/0073-containerd-backport-upstream-patches.patch b/patch/0073-containerd-backport-upstream-patches.patch deleted file mode 100644 index 9bc3a8d6e44da4b3f59f14533f536d1d1dbba685..0000000000000000000000000000000000000000 --- a/patch/0073-containerd-backport-upstream-patches.patch +++ /dev/null @@ -1,1212 +0,0 @@ -From 470a207ed468b5473d7833987791f01b467141a3 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Fri, 5 Feb 2021 15:10:27 +0800 -Subject: [PATCH] containerd: backport upstream patches - -2019-11-27 15:29:44 -0800 b97098762 Fix container pid. Lantao Liu lantaol@google.com -2019-06-21 15:28:16 -0400 f71f6d39b Robust pid locking for shim processes Michael Crosby crosbymichael.. -2019-06-20 16:13:51 -0400 42aba6e0f Add timeout for I/O waitgroups Michael Crosby crosbymichael.. -2019-02-01 02:08:49 -0800 5730c5003 Add a separate lock for pid. Lantao Liu lantaol@google.com -2019-01-31 18:59:29 -0800 b9b7ef32b Revert "use state machine management for exec.Pid()" Lantao Liu lantaol@google.com -2019-01-22 16:19:09 -0800 ab2cf0136 Use context.Background for `O_NONBLOCK` `OpenFifo`. Lantao Liu lantaol@google.com -2018-11-23 17:46:32 +0800 c42c8952b use state machine management for exec.Pid() Lifubang lifubang@acmcoder.com -2018-11-09 11:12:55 -0500 4c72befe0 Fix process locking and state management Michael Crosby crosbymichael.. - -Conflict:NA -Reference:https://github.com/containerd/containerd/pull/3755 - -Change-Id: Ic7f768e72a38383c1b89680333c9ee234ea217aa -Signed-off-by: jingrui ---- - runtime/proc/proc.go | 5 - - runtime/v1/linux/proc/exec.go | 77 +++++++++--- - runtime/v1/linux/proc/exec_state.go | 59 +++------ - runtime/v1/linux/proc/init.go | 155 +++++++++++++++++------ - runtime/v1/linux/proc/init_state.go | 182 +++++----------------------- - runtime/v1/linux/proc/io.go | 2 +- - runtime/v1/linux/proc/utils.go | 12 ++ - runtime/v2/runc/service_linux.go | 2 +- - runtime/v2/shim_unix.go | 2 +- - 9 files changed, 235 insertions(+), 261 deletions(-) - -diff --git a/runtime/proc/proc.go b/runtime/proc/proc.go -index 02bc9bda8..91ca59bb1 100644 ---- a/runtime/proc/proc.go -+++ b/runtime/proc/proc.go -@@ -40,7 +40,6 @@ func (s Stdio) IsNull() bool { - - // Process on a system - type Process interface { -- State - // ID returns the id for the process - ID() string - // Pid returns the pid for the process -@@ -57,10 +56,6 @@ type Process interface { - Status(context.Context) (string, error) - // Wait blocks until the process has exited - Wait() --} -- --// State of a process --type State interface { - // Resize resizes the process console - Resize(ws console.WinSize) error - // Start execution of the process -diff --git a/runtime/v1/linux/proc/exec.go b/runtime/v1/linux/proc/exec.go -index 08c581fbf..ea40cb5b8 100644 ---- a/runtime/v1/linux/proc/exec.go -+++ b/runtime/v1/linux/proc/exec.go -@@ -31,6 +31,7 @@ import ( - "golang.org/x/sys/unix" - - "github.com/containerd/console" -+ "github.com/containerd/containerd/errdefs" - "github.com/containerd/containerd/runtime/proc" - "github.com/containerd/fifo" - runc "github.com/containerd/go-runc" -@@ -41,7 +42,7 @@ import ( - type execProcess struct { - wg sync.WaitGroup - -- proc.State -+ execState execState - - mu sync.Mutex - id string -@@ -49,7 +50,7 @@ type execProcess struct { - io runc.IO - status int - exited time.Time -- pid int -+ pid safePid - closers []io.Closer - stdin io.Closer - stdio proc.Stdio -@@ -69,9 +70,7 @@ func (e *execProcess) ID() string { - } - - func (e *execProcess) Pid() int { -- e.mu.Lock() -- defer e.mu.Unlock() -- return e.pid -+ return e.pid.get() - } - - func (e *execProcess) ExitStatus() int { -@@ -86,6 +85,13 @@ func (e *execProcess) ExitedAt() time.Time { - return e.exited - } - -+func (e *execProcess) SetExited(status int) { -+ e.mu.Lock() -+ defer e.mu.Unlock() -+ -+ e.execState.SetExited(status) -+} -+ - func (e *execProcess) setExited(status int) { - e.status = status - e.exited = time.Now() -@@ -93,6 +99,13 @@ func (e *execProcess) setExited(status int) { - close(e.waitBlock) - } - -+func (e *execProcess) Delete(ctx context.Context) error { -+ e.mu.Lock() -+ defer e.mu.Unlock() -+ -+ return e.execState.Delete(ctx) -+} -+ - func (e *execProcess) delete(ctx context.Context) error { - waitTimeout(ctx, &e.wg, 2*time.Second) - if e.io != nil { -@@ -107,6 +120,13 @@ func (e *execProcess) delete(ctx context.Context) error { - return nil - } - -+func (e *execProcess) Resize(ws console.WinSize) error { -+ e.mu.Lock() -+ defer e.mu.Unlock() -+ -+ return e.execState.Resize(ws) -+} -+ - func (e *execProcess) resize(ws console.WinSize) error { - if e.console == nil { - return nil -@@ -114,9 +134,21 @@ func (e *execProcess) resize(ws console.WinSize) error { - return e.console.Resize(ws) - } - -+func (e *execProcess) Kill(ctx context.Context, sig uint32, _ bool) error { -+ e.mu.Lock() -+ defer e.mu.Unlock() -+ -+ return e.execState.Kill(ctx, sig, false) -+} -+ - func (e *execProcess) kill(ctx context.Context, sig uint32, _ bool) error { -- pid := e.pid -- if pid != 0 { -+ pid := e.pid.get() -+ switch { -+ case pid == 0: -+ return errors.Wrap(errdefs.ErrFailedPrecondition, "process not created") -+ case !e.exited.IsZero(): -+ return errors.Wrapf(errdefs.ErrNotFound, "process already finished") -+ default: - if err := unix.Kill(pid, syscall.Signal(sig)); err != nil { - return errors.Wrapf(checkKillError(err), "exec kill error") - } -@@ -132,7 +164,20 @@ func (e *execProcess) Stdio() proc.Stdio { - return e.stdio - } - -+func (e *execProcess) Start(ctx context.Context) error { -+ e.mu.Lock() -+ defer e.mu.Unlock() -+ -+ return e.execState.Start(ctx) -+} -+ - func (e *execProcess) start(ctx context.Context) (err error) { -+ // The reaper may receive exit signal right after -+ // the container is started, before the e.pid is updated. -+ // In that case, we want to block the signal handler to -+ // access e.pid until it is updated. -+ e.pid.Lock() -+ defer e.pid.Unlock() - var ( - socket *runc.Socket - pidfile = filepath.Join(e.path, fmt.Sprintf("%s.pid", e.id)) -@@ -164,7 +209,7 @@ func (e *execProcess) start(ctx context.Context) (err error) { - return e.parent.runtimeError(err, "OCI runtime exec failed") - } - if e.stdio.Stdin != "" { -- sc, err := fifo.OpenFifo(ctx, e.stdio.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0) -+ sc, err := fifo.OpenFifo(context.Background(), e.stdio.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0) - if err != nil { - return errors.Wrapf(err, "failed to open stdin fifo %s", e.stdio.Stdin) - } -@@ -173,29 +218,26 @@ func (e *execProcess) start(ctx context.Context) (err error) { - } - var copyWaitGroup sync.WaitGroup - ctx, cancel := context.WithTimeout(ctx, 30*time.Second) -+ defer cancel() - if socket != nil { - console, err := socket.ReceiveMaster() - if err != nil { -- cancel() - return errors.Wrap(err, "failed to retrieve console master") - } - if e.console, err = e.parent.Platform.CopyConsole(ctx, console, e.stdio.Stdin, e.stdio.Stdout, e.stdio.Stderr, &e.wg, ©WaitGroup); err != nil { -- cancel() - return errors.Wrap(err, "failed to start console copy") - } - } else if !e.stdio.IsNull() { - if err := copyPipes(ctx, e.io, e.stdio.Stdin, e.stdio.Stdout, e.stdio.Stderr, &e.wg, ©WaitGroup); err != nil { -- cancel() - return errors.Wrap(err, "failed to start io pipe copy") - } - } - copyWaitGroup.Wait() - pid, err := runc.ReadPidFile(opts.PidFile) - if err != nil { -- cancel() - return errors.Wrap(err, "failed to retrieve OCI runtime exec pid") - } -- e.pid = pid -+ e.pid.pid = pid - return nil - } - -@@ -212,12 +254,15 @@ func (e *execProcess) Status(ctx context.Context) (string, error) { - } - e.mu.Lock() - defer e.mu.Unlock() -- // if we don't have a pid then the exec process has just been created -- if e.pid == 0 { -+ // if we don't have a pid(pid=0) then the exec process has just been created -+ if e.pid.get() == 0 { - return "created", nil - } -+ if e.pid.get() == -1 { -+ return "stopped", nil -+ } - // if we have a pid and it can be signaled, the process is running -- if err := unix.Kill(e.pid, 0); err == nil { -+ if err := unix.Kill(e.pid.get(), 0); err == nil { - return "running", nil - } - // else if we have a pid but it can nolonger be signaled, it has stopped -diff --git a/runtime/v1/linux/proc/exec_state.go b/runtime/v1/linux/proc/exec_state.go -index ac5467552..12489501b 100644 ---- a/runtime/v1/linux/proc/exec_state.go -+++ b/runtime/v1/linux/proc/exec_state.go -@@ -25,6 +25,14 @@ import ( - "github.com/pkg/errors" - ) - -+type execState interface { -+ Resize(console.WinSize) error -+ Start(context.Context) error -+ Delete(context.Context) error -+ Kill(context.Context, uint32, bool) error -+ SetExited(int) -+} -+ - type execCreatedState struct { - p *execProcess - } -@@ -32,11 +40,11 @@ type execCreatedState struct { - func (s *execCreatedState) transition(name string) error { - switch name { - case "running": -- s.p.State = &execRunningState{p: s.p} -+ s.p.execState = &execRunningState{p: s.p} - case "stopped": -- s.p.State = &execStoppedState{p: s.p} -+ s.p.execState = &execStoppedState{p: s.p} - case "deleted": -- s.p.State = &deletedState{} -+ s.p.execState = &deletedState{} - default: - return errors.Errorf("invalid state transition %q to %q", stateName(s), name) - } -@@ -44,15 +52,10 @@ func (s *execCreatedState) transition(name string) error { - } - - func (s *execCreatedState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.resize(ws) - } - - func (s *execCreatedState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - if err := s.p.start(ctx); err != nil { - return err - } -@@ -63,22 +66,15 @@ func (s *execCreatedState) Delete(ctx context.Context) error { - if err := s.p.delete(ctx); err != nil { - return err - } -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -+ - return s.transition("deleted") - } - - func (s *execCreatedState) Kill(ctx context.Context, sig uint32, all bool) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.kill(ctx, sig, all) - } - - func (s *execCreatedState) SetExited(status int) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - s.p.setExited(status) - - if err := s.transition("stopped"); err != nil { -@@ -93,7 +89,7 @@ type execRunningState struct { - func (s *execRunningState) transition(name string) error { - switch name { - case "stopped": -- s.p.State = &execStoppedState{p: s.p} -+ s.p.execState = &execStoppedState{p: s.p} - default: - return errors.Errorf("invalid state transition %q to %q", stateName(s), name) - } -@@ -101,37 +97,22 @@ func (s *execRunningState) transition(name string) error { - } - - func (s *execRunningState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.resize(ws) - } - - func (s *execRunningState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot start a running process") - } - - func (s *execRunningState) Delete(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot delete a running process") - } - - func (s *execRunningState) Kill(ctx context.Context, sig uint32, all bool) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.kill(ctx, sig, all) - } - - func (s *execRunningState) SetExited(status int) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - s.p.setExited(status) - - if err := s.transition("stopped"); err != nil { -@@ -146,7 +127,7 @@ type execStoppedState struct { - func (s *execStoppedState) transition(name string) error { - switch name { - case "deleted": -- s.p.State = &deletedState{} -+ s.p.execState = &deletedState{} - default: - return errors.Errorf("invalid state transition %q to %q", stateName(s), name) - } -@@ -154,16 +135,10 @@ func (s *execStoppedState) transition(name string) error { - } - - func (s *execStoppedState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot resize a stopped container") - } - - func (s *execStoppedState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot start a stopped process") - } - -@@ -171,15 +146,11 @@ func (s *execStoppedState) Delete(ctx context.Context) error { - if err := s.p.delete(ctx); err != nil { - return err - } -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -+ - return s.transition("deleted") - } - - func (s *execStoppedState) Kill(ctx context.Context, sig uint32, all bool) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.kill(ctx, sig, all) - } - -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index 669c1085d..108234904 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -52,8 +52,8 @@ const DefaultRunvRoot = "/run/runv" - - // Init represents an initial process for a container - type Init struct { -- wg sync.WaitGroup -- initState -+ wg sync.WaitGroup -+ initState initState - - // mu is used to ensure that `Start()` and `Exited()` calls return in - // the right order when invoked in separate go routines. -@@ -65,12 +65,12 @@ type Init struct { - - WorkDir string - -- id string -- Bundle string -- console console.Console -- Platform proc.Platform -- io runc.IO -- runtime *runc.Runc -+ id string -+ Bundle string -+ console console.Console -+ Platform proc.Platform -+ io runc.IO -+ runtime *runc.Runc - status int - exited time.Time - pid int -@@ -138,6 +138,7 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - err error - socket *runc.Socket - ) -+ - pidFile := filepath.Join(p.Bundle, InitPidFile) - - if legacy.IsLegacy(r.ID) { -@@ -195,7 +196,7 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - return p.runtimeError(err, "OCI runtime create failed") - } - if r.Stdin != "" { -- sc, err := fifo.OpenFifo(ctx, r.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0) -+ sc, err := fifo.OpenFifo(context.Background(), r.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0) - if err != nil { - return errors.Wrapf(err, "failed to open stdin fifo %s", r.Stdin) - } -@@ -204,21 +205,19 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - } - var copyWaitGroup sync.WaitGroup - ctx, cancel := context.WithTimeout(ctx, 30*time.Second) -+ defer cancel() - if socket != nil { - console, err := socket.ReceiveMaster() - if err != nil { -- cancel() - return errors.Wrap(err, "failed to retrieve console master") - } - console, err = p.Platform.CopyConsole(ctx, console, r.Stdin, r.Stdout, r.Stderr, &p.wg, ©WaitGroup) - if err != nil { -- cancel() - return errors.Wrap(err, "failed to start console copy") - } - p.console = console - } else if !hasNoIO(r) { - if err := copyPipes(ctx, p.io, r.Stdin, r.Stdout, r.Stderr, &p.wg, ©WaitGroup); err != nil { -- cancel() - return errors.Wrap(err, "failed to start io pipe copy") - } - } -@@ -226,7 +225,6 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - copyWaitGroup.Wait() - pid, err := runc.ReadPidFile(pidFile) - if err != nil { -- cancel() - return errors.Wrap(err, "failed to retrieve OCI runtime container pid") - } - p.pid = pid -@@ -266,6 +264,7 @@ func (p *Init) ExitedAt() time.Time { - func (p *Init) Status(ctx context.Context) (string, error) { - p.mu.Lock() - defer p.mu.Unlock() -+ - c, err := p.runtime.State(ctx, p.id) - if err != nil { - if strings.Contains(err.Error(), "does not exist") { -@@ -276,14 +275,30 @@ func (p *Init) Status(ctx context.Context) (string, error) { - return c.Status, nil - } - --func (p *Init) start(context context.Context) error { -- err := p.runtime.Start(context, p.id) -+// Start the init process -+func (p *Init) Start(ctx context.Context) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Start(ctx) -+} -+ -+func (p *Init) start(ctx context.Context) error { -+ err := p.runtime.Start(ctx, p.id) - if err != nil { - utils.KillInitProcess(p.id, p.pid) - } - return p.runtimeError(err, "OCI runtime start failed") - } - -+// SetExited of the init process with the next status -+func (p *Init) SetExited(status int) { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ p.initState.SetExited(status) -+} -+ - func (p *Init) setExited(status int) { - p.exited = time.Now() - p.status = status -@@ -291,9 +306,17 @@ func (p *Init) setExited(status int) { - close(p.waitBlock) - } - --func (p *Init) delete(context context.Context) error { -- waitTimeout(context, &p.wg, 2*time.Second) -- err := p.runtime.Delete(context, p.id, nil) -+// Delete the init process -+func (p *Init) Delete(ctx context.Context) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Delete(ctx) -+} -+ -+func (p *Init) delete(ctx context.Context) error { -+ waitTimeout(ctx, &p.wg, 2*time.Second) -+ err := p.runtime.Delete(ctx, p.id, nil) - // ignore errors if a runtime has already deleted the process - // but we still hold metadata and pipes - // -@@ -312,15 +335,28 @@ func (p *Init) delete(context context.Context) error { - } - p.io.Close() - } -- if err2 := mount.UnmountAll(p.Rootfs, 0); err2 != nil { -- log.G(context).WithError(err2).Warn("failed to cleanup rootfs mount") -- if err == nil { -- err = errors.Wrap(err2, "failed rootfs umount") -+ if p.Rootfs != "" { -+ if err2 := mount.UnmountAll(p.Rootfs, 0); err2 != nil { -+ log.G(ctx).WithError(err2).Warn("failed to cleanup rootfs mount") -+ if err == nil { -+ err = errors.Wrap(err2, "failed rootfs umount") -+ } - } - } - return err - } - -+// Resize the init processes console -+func (p *Init) Resize(ws console.WinSize) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ if p.console == nil { -+ return nil -+ } -+ return p.console.Resize(ws) -+} -+ - func (p *Init) resize(ws console.WinSize) error { - if p.console == nil { - return nil -@@ -328,26 +364,43 @@ func (p *Init) resize(ws console.WinSize) error { - return p.console.Resize(ws) - } - --func (p *Init) pause(context context.Context) error { -- err := p.runtime.Pause(context, p.id) -- return p.runtimeError(err, "OCI runtime pause failed") -+// Pause the init process and all its child processes -+func (p *Init) Pause(ctx context.Context) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Pause(ctx) -+} -+ -+// Resume the init process and all its child processes -+func (p *Init) Resume(ctx context.Context) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Resume(ctx) - } - --func (p *Init) resume(context context.Context) error { -- err := p.runtime.Resume(context, p.id) -- return p.runtimeError(err, "OCI runtime resume failed") -+// Kill the init process -+func (p *Init) Kill(ctx context.Context, signal uint32, all bool) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Kill(ctx, signal, all) - } - --func (p *Init) kill(context context.Context, signal uint32, all bool) error { -- err := p.runtime.Kill(context, p.id, int(signal), &runc.KillOpts{ -+func (p *Init) kill(ctx context.Context, signal uint32, all bool) error { -+ err := p.runtime.Kill(ctx, p.id, int(signal), &runc.KillOpts{ - All: all, - }) - return checkKillError(err) - } - - // KillAll processes belonging to the init process --func (p *Init) KillAll(context context.Context) error { -- err := p.runtime.Kill(context, p.id, int(syscall.SIGKILL), &runc.KillOpts{ -+func (p *Init) KillAll(ctx context.Context) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ err := p.runtime.Kill(ctx, p.id, int(syscall.SIGKILL), &runc.KillOpts{ - All: true, - }) - return p.runtimeError(err, "OCI runtime killall failed") -@@ -363,8 +416,16 @@ func (p *Init) Runtime() *runc.Runc { - return p.runtime - } - -+// Exec returns a new child process -+func (p *Init) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Exec(ctx, path, r) -+} -+ - // exec returns a new exec'd process --func (p *Init) exec(context context.Context, path string, r *ExecConfig) (proc.Process, error) { -+func (p *Init) exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { - // process exec request - var spec specs.Process - if err := json.Unmarshal(r.Spec.Value, &spec); err != nil { -@@ -385,18 +446,26 @@ func (p *Init) exec(context context.Context, path string, r *ExecConfig) (proc.P - }, - waitBlock: make(chan struct{}), - } -- e.State = &execCreatedState{p: e} -+ e.execState = &execCreatedState{p: e} - return e, nil - } - --func (p *Init) checkpoint(context context.Context, r *CheckpointConfig) error { -+// Checkpoint the init process -+func (p *Init) Checkpoint(ctx context.Context, r *CheckpointConfig) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Checkpoint(ctx, r) -+} -+ -+func (p *Init) checkpoint(ctx context.Context, r *CheckpointConfig) error { - var actions []runc.CheckpointAction - if !r.Exit { - actions = append(actions, runc.LeaveRunning) - } - work := filepath.Join(p.WorkDir, "criu-work") - defer os.RemoveAll(work) -- if err := p.runtime.Checkpoint(context, p.id, &runc.CheckpointOpts{ -+ if err := p.runtime.Checkpoint(ctx, p.id, &runc.CheckpointOpts{ - WorkDir: work, - ImagePath: r.Path, - AllowOpenTCP: r.AllowOpenTCP, -@@ -407,19 +476,27 @@ func (p *Init) checkpoint(context context.Context, r *CheckpointConfig) error { - }, actions...); err != nil { - dumpLog := filepath.Join(p.Bundle, "criu-dump.log") - if cerr := copyFile(dumpLog, filepath.Join(work, "dump.log")); cerr != nil { -- log.G(context).Error(err) -+ log.G(ctx).Error(err) - } - return fmt.Errorf("%s path= %s", criuError(err), dumpLog) - } - return nil - } - --func (p *Init) update(context context.Context, r *google_protobuf.Any) error { -+// Update the processes resource configuration -+func (p *Init) Update(ctx context.Context, r *google_protobuf.Any) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Update(ctx, r) -+} -+ -+func (p *Init) update(ctx context.Context, r *google_protobuf.Any) error { - var resources specs.LinuxResources - if err := json.Unmarshal(r.Value, &resources); err != nil { - return err - } -- return p.runtime.Update(context, p.id, &resources) -+ return p.runtime.Update(ctx, p.id, &resources) - } - - // Stdio of the process -diff --git a/runtime/v1/linux/proc/init_state.go b/runtime/v1/linux/proc/init_state.go -index 6a6b448d3..e83934e9c 100644 ---- a/runtime/v1/linux/proc/init_state.go -+++ b/runtime/v1/linux/proc/init_state.go -@@ -30,16 +30,20 @@ import ( - runc "github.com/containerd/go-runc" - google_protobuf "github.com/gogo/protobuf/types" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - type initState interface { -- proc.State -- -+ Resize(console.WinSize) error -+ Start(context.Context) error -+ Delete(context.Context) error - Pause(context.Context) error - Resume(context.Context) error - Update(context.Context, *google_protobuf.Any) error - Checkpoint(context.Context, *CheckpointConfig) error - Exec(context.Context, string, *ExecConfig) (proc.Process, error) -+ Kill(context.Context, uint32, bool) error -+ SetExited(int) - } - - type createdState struct { -@@ -61,43 +65,26 @@ func (s *createdState) transition(name string) error { - } - - func (s *createdState) Pause(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot pause task in created state") - } - - func (s *createdState) Resume(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot resume task in created state") - } - --func (s *createdState) Update(context context.Context, r *google_protobuf.Any) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -- return s.p.update(context, r) -+func (s *createdState) Update(ctx context.Context, r *google_protobuf.Any) error { -+ return s.p.update(ctx, r) - } - --func (s *createdState) Checkpoint(context context.Context, r *CheckpointConfig) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -+func (s *createdState) Checkpoint(ctx context.Context, r *CheckpointConfig) error { - return errors.Errorf("cannot checkpoint a task in created state") - } - - func (s *createdState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.resize(ws) - } - - func (s *createdState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - if err := s.p.start(ctx); err != nil { - return err - } -@@ -105,8 +92,6 @@ func (s *createdState) Start(ctx context.Context) error { - } - - func (s *createdState) Delete(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - if err := s.p.delete(ctx); err != nil { - return err - } -@@ -114,16 +99,10 @@ func (s *createdState) Delete(ctx context.Context) error { - } - - func (s *createdState) Kill(ctx context.Context, sig uint32, all bool) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.kill(ctx, sig, all) - } - - func (s *createdState) SetExited(status int) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - s.p.setExited(status) - - if err := s.transition("stopped"); err != nil { -@@ -132,8 +111,6 @@ func (s *createdState) SetExited(status int) { - } - - func (s *createdState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - return s.p.exec(ctx, path, r) - } - -@@ -157,43 +134,26 @@ func (s *createdCheckpointState) transition(name string) error { - } - - func (s *createdCheckpointState) Pause(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot pause task in created state") - } - - func (s *createdCheckpointState) Resume(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot resume task in created state") - } - --func (s *createdCheckpointState) Update(context context.Context, r *google_protobuf.Any) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -- return s.p.update(context, r) -+func (s *createdCheckpointState) Update(ctx context.Context, r *google_protobuf.Any) error { -+ return s.p.update(ctx, r) - } - --func (s *createdCheckpointState) Checkpoint(context context.Context, r *CheckpointConfig) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -+func (s *createdCheckpointState) Checkpoint(ctx context.Context, r *CheckpointConfig) error { - return errors.Errorf("cannot checkpoint a task in created state") - } - - func (s *createdCheckpointState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.resize(ws) - } - - func (s *createdCheckpointState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - p := s.p - sio := p.stdio - -@@ -213,7 +173,7 @@ func (s *createdCheckpointState) Start(ctx context.Context) error { - return p.runtimeError(err, "OCI runtime restore failed") - } - if sio.Stdin != "" { -- sc, err := fifo.OpenFifo(ctx, sio.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0) -+ sc, err := fifo.OpenFifo(context.Background(), sio.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0) - if err != nil { - return errors.Wrapf(err, "failed to open stdin fifo %s", sio.Stdin) - } -@@ -247,8 +207,6 @@ func (s *createdCheckpointState) Start(ctx context.Context) error { - } - - func (s *createdCheckpointState) Delete(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - if err := s.p.delete(ctx); err != nil { - return err - } -@@ -256,16 +214,10 @@ func (s *createdCheckpointState) Delete(ctx context.Context) error { - } - - func (s *createdCheckpointState) Kill(ctx context.Context, sig uint32, all bool) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.kill(ctx, sig, all) - } - - func (s *createdCheckpointState) SetExited(status int) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - s.p.setExited(status) - - if err := s.transition("stopped"); err != nil { -@@ -274,9 +226,6 @@ func (s *createdCheckpointState) SetExited(status int) { - } - - func (s *createdCheckpointState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return nil, errors.Errorf("cannot exec in a created state") - } - -@@ -297,67 +246,42 @@ func (s *runningState) transition(name string) error { - } - - func (s *runningState) Pause(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- if err := s.p.pause(ctx); err != nil { -- return err -+ if err := s.p.runtime.Pause(ctx, s.p.id); err != nil { -+ return s.p.runtimeError(err, "OCI runtime pause failed") - } -+ - return s.transition("paused") - } - - func (s *runningState) Resume(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot resume a running process") - } - --func (s *runningState) Update(context context.Context, r *google_protobuf.Any) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -- return s.p.update(context, r) -+func (s *runningState) Update(ctx context.Context, r *google_protobuf.Any) error { -+ return s.p.update(ctx, r) - } - - func (s *runningState) Checkpoint(ctx context.Context, r *CheckpointConfig) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.checkpoint(ctx, r) - } - - func (s *runningState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.resize(ws) - } - - func (s *runningState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot start a running process") - } - - func (s *runningState) Delete(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot delete a running process") - } - - func (s *runningState) Kill(ctx context.Context, sig uint32, all bool) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.kill(ctx, sig, all) - } - - func (s *runningState) SetExited(status int) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - s.p.setExited(status) - - if err := s.transition("stopped"); err != nil { -@@ -366,8 +290,6 @@ func (s *runningState) SetExited(status int) { - } - - func (s *runningState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - return s.p.exec(ctx, path, r) - } - -@@ -388,79 +310,54 @@ func (s *pausedState) transition(name string) error { - } - - func (s *pausedState) Pause(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot pause a paused container") - } - - func (s *pausedState) Resume(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -- if err := s.p.resume(ctx); err != nil { -- return err -+ if err := s.p.runtime.Resume(ctx, s.p.id); err != nil { -+ return s.p.runtimeError(err, "OCI runtime resume failed") - } -+ - return s.transition("running") - } - --func (s *pausedState) Update(context context.Context, r *google_protobuf.Any) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -- return s.p.update(context, r) -+func (s *pausedState) Update(ctx context.Context, r *google_protobuf.Any) error { -+ return s.p.update(ctx, r) - } - - func (s *pausedState) Checkpoint(ctx context.Context, r *CheckpointConfig) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.checkpoint(ctx, r) - } - - func (s *pausedState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.resize(ws) - } - - func (s *pausedState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot start a paused process") - } - - func (s *pausedState) Delete(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot delete a paused process") - } - - func (s *pausedState) Kill(ctx context.Context, sig uint32, all bool) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.kill(ctx, sig, all) - } - - func (s *pausedState) SetExited(status int) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - s.p.setExited(status) - -+ if err := s.p.runtime.Resume(context.Background(), s.p.id); err != nil { -+ logrus.WithError(err).Error("resuming exited container from paused state") -+ } -+ - if err := s.transition("stopped"); err != nil { - panic(err) - } - } - - func (s *pausedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return nil, errors.Errorf("cannot exec in a paused state") - } - -@@ -479,50 +376,30 @@ func (s *stoppedState) transition(name string) error { - } - - func (s *stoppedState) Pause(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot pause a stopped container") - } - - func (s *stoppedState) Resume(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot resume a stopped container") - } - --func (s *stoppedState) Update(context context.Context, r *google_protobuf.Any) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -+func (s *stoppedState) Update(ctx context.Context, r *google_protobuf.Any) error { - return errors.Errorf("cannot update a stopped container") - } - - func (s *stoppedState) Checkpoint(ctx context.Context, r *CheckpointConfig) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot checkpoint a stopped container") - } - - func (s *stoppedState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot resize a stopped container") - } - - func (s *stoppedState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot start a stopped process") - } - - func (s *stoppedState) Delete(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - if err := s.p.delete(ctx); err != nil { - return err - } -@@ -538,8 +415,5 @@ func (s *stoppedState) SetExited(status int) { - } - - func (s *stoppedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return nil, errors.Errorf("cannot exec in a stopped state") - } -diff --git a/runtime/v1/linux/proc/io.go b/runtime/v1/linux/proc/io.go -index 360662701..e620f5840 100644 ---- a/runtime/v1/linux/proc/io.go -+++ b/runtime/v1/linux/proc/io.go -@@ -114,7 +114,7 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w - if stdin == "" { - return nil - } -- f, err := fifo.OpenFifo(ctx, stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0) -+ f, err := fifo.OpenFifo(context.Background(), stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0) - if err != nil { - return fmt.Errorf("containerd-shim syscall.O_RDONLY|syscall.O_NONBLOCK: opening %s failed: %s", stdin, err) - } -diff --git a/runtime/v1/linux/proc/utils.go b/runtime/v1/linux/proc/utils.go -index d6f047cee..7312dec68 100644 ---- a/runtime/v1/linux/proc/utils.go -+++ b/runtime/v1/linux/proc/utils.go -@@ -33,6 +33,18 @@ import ( - "golang.org/x/sys/unix" - ) - -+// safePid is a thread safe wrapper for pid. -+type safePid struct { -+ sync.Mutex -+ pid int -+} -+ -+func (s *safePid) get() int { -+ s.Lock() -+ defer s.Unlock() -+ return s.pid -+} -+ - // TODO(mlaventure): move to runc package? - func getLastRuntimeError(r *runc.Runc) (string, error) { - if r.Log == "" { -diff --git a/runtime/v2/runc/service_linux.go b/runtime/v2/runc/service_linux.go -index 116167352..195c23014 100644 ---- a/runtime/v2/runc/service_linux.go -+++ b/runtime/v2/runc/service_linux.go -@@ -42,7 +42,7 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console - } - - if stdin != "" { -- in, err := fifo.OpenFifo(ctx, stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0) -+ in, err := fifo.OpenFifo(context.Background(), stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0) - if err != nil { - return nil, err - } -diff --git a/runtime/v2/shim_unix.go b/runtime/v2/shim_unix.go -index 1a08be5d1..6738a7787 100644 ---- a/runtime/v2/shim_unix.go -+++ b/runtime/v2/shim_unix.go -@@ -28,5 +28,5 @@ import ( - ) - - func openShimLog(ctx context.Context, bundle *Bundle) (io.ReadCloser, error) { -- return fifo.OpenFifo(ctx, filepath.Join(bundle.Path, "log"), unix.O_RDONLY|unix.O_CREAT|unix.O_NONBLOCK, 0700) -+ return fifo.OpenFifo(ctx, filepath.Join(bundle.Path, "log"), unix.O_RDWR|unix.O_CREAT, 0700) - } --- -2.17.1 - diff --git a/patch/0074-containerd-fix-exec-event-missing-due-to-pid-reuse.patch b/patch/0074-containerd-fix-exec-event-missing-due-to-pid-reuse.patch deleted file mode 100644 index fe6a5a97fdf5c919dda34cd64b6cb65adf5e7797..0000000000000000000000000000000000000000 --- a/patch/0074-containerd-fix-exec-event-missing-due-to-pid-reuse.patch +++ /dev/null @@ -1,71 +0,0 @@ -From dded5a0253fbfd3c75c6d73a890049c832374545 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 20 Feb 2021 09:06:22 +0800 -Subject: [PATCH] containerd: fix exec event missing due to pid reuse - -When many exec request exit at nearly sametime, the Exit can match with -wrong process and return directly, the event for right process will lost -in this case. - -time="2021-02-19T21:10:12.250841280+08:00" level=info msg=event Pid=11623 containerID=a32a1b7923db55ebdc7483e2b9cd986e5efc750b989ad3507eb866835e8e37f4 execID=0b412ecaed98f9ea71168599a9363b8aa3b047187eadaa74973bb6c63a66118d module=libcontainerd namespace=moby topic=/tasks/exec-started -time="2021-02-19T21:10:12+08:00" level=info msg="try publish event(1) /tasks/exit &TaskExit{ContainerID:a32a1b7923db55ebdc7483e2b9cd986e5efc750b989ad3507eb866835e8e37f4,ID:0b412ecaed98f9ea71168599a9363b8aa3b047187eadaa74973bb6c63a66118d,Pid:11623,ExitStatus:0,ExitedAt:2021-02-19 21:10:12.27697416 +0800 CST m=+1893.164673481,} " -time="2021-02-19T21:11:02.944643980+08:00" level=debug msg="starting exec command 64cd335311e9b3c1c11e7360a374e3218efeb02e6578d7bc0811bad3f1820e16 in container a32a1b7923db55ebdc7483e2b9cd986e5efc750b989ad3507eb866835e8e37f4" -time="2021-02-19T21:11:06.201162360+08:00" level=debug msg="event published" ns=moby topic="/tasks/exec-started" type=containerd.events.TaskExecStarted -time="2021-02-19T21:11:57.961615320+08:00" level=warning msg="Ignoring Exit Event, no such exec command found" container=a32a1b7923db55ebdc7483e2b9cd986e5efc750b989ad3507eb866835e8e37f4 exec-id=0b412ecaed98f9ea71168599a9363b8aa3b047187eadaa74973bb6c63a66118d exec-pid=11623 - -From logs above, execID=0b412ecae with Pid=11623 exit and event -published, but new exec execID=64cd335 command reuse the Pid, but Exit -event still match previous execID=0b412ecae. so exit event for -execID=64cd335 will lost. - -Change-Id: If591a282a1cc0305758130a936ee8b92c88acc6c -Signed-off-by: jingrui ---- - runtime/v1/linux/proc/exec.go | 4 ++++ - runtime/v1/shim/service.go | 6 +++++- - 2 files changed, 9 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/linux/proc/exec.go b/runtime/v1/linux/proc/exec.go -index ea40cb5b8..a5f40bd63 100644 ---- a/runtime/v1/linux/proc/exec.go -+++ b/runtime/v1/linux/proc/exec.go -@@ -86,6 +86,10 @@ func (e *execProcess) ExitedAt() time.Time { - } - - func (e *execProcess) SetExited(status int) { -+ e.pid.Lock() -+ e.pid.pid = -1 -+ e.pid.Unlock() -+ - e.mu.Lock() - defer e.mu.Unlock() - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 7e07ab011..7d7327cd8 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -548,8 +548,13 @@ func (s *Service) checkProcesses(e runc.Exit) { - log.G(s.context).WithError(err).Error("failed to check shouldKillAll") - } - -+ match := 0 - for _, p := range s.processes { - if p.Pid() == e.Pid { -+ match++ -+ if match > 1 { -+ logrus.Warnf("exit for pid=%d match %d processes", e.Pid, match) -+ } - if ip, ok := p.(*proc.Init); ok { - ns := filepath.Base(filepath.Dir(ip.Bundle)) - events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") -@@ -591,7 +596,6 @@ func (s *Service) checkProcesses(e runc.Exit) { - ExitStatus: uint32(e.Status), - ExitedAt: p.ExitedAt(), - } -- return - } - } - } --- -2.17.1 - diff --git a/patch/0075-containerd-fix-dm-left-when-pause-contaienr-and-kill-shim.patch b/patch/0075-containerd-fix-dm-left-when-pause-contaienr-and-kill-shim.patch deleted file mode 100644 index 0e473738ad362f191404135de1f35ef325653933..0000000000000000000000000000000000000000 --- a/patch/0075-containerd-fix-dm-left-when-pause-contaienr-and-kill-shim.patch +++ /dev/null @@ -1,36 +0,0 @@ -From c10041fa37568bca00a25c055ee844d38e91fa95 Mon Sep 17 00:00:00 2001 -From: chenjiankun -Date: Mon, 19 Apr 2021 17:08:09 +0800 -Subject: [PATCH] docker: fix dm left when pause contaienr and kill shim - -when shim process be killed, we will delete the runtime, but if the -status is paused, it can't be delete. So we need to resume the shim -process before delete it. ---- - runtime/v1/linux/runtime.go | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 66f959d..ca36748 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -541,6 +541,16 @@ func (r *Runtime) terminate(ctx context.Context, bundle *bundle, ns, id string) - } - - if !legacy.IsLegacy(id) || legacy.IsSamePid(id) { -+ -+ state, err := rt.State(ctx, id) -+ if err == nil && state.Status == "paused" { -+ logrus.Warnf("container %s status is paused, try to resume before delete", id) -+ err := rt.Resume(ctx, id) -+ if err != nil { -+ log.G(ctx).WithError(err).Errorf("runtime resume %s error", id) -+ } -+ } -+ - if err := rt.Delete(ctx, id, &runc.DeleteOpts{ - Force: true, - }); err != nil { --- -2.23.0 - diff --git a/patch/0076-containerd-fix-start-container-failed-with-id-exists.patch b/patch/0076-containerd-fix-start-container-failed-with-id-exists.patch deleted file mode 100644 index c53b2184b96449c5f66b534af37739315d92d894..0000000000000000000000000000000000000000 --- a/patch/0076-containerd-fix-start-container-failed-with-id-exists.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 6936dda1f72b328cacfc29b52da780a29ef45385 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Thu, 8 Jul 2021 14:37:56 +0800 -Subject: [PATCH] containerd: fix start container failed with id exists - -reason: If container root path already exists when call runtime.Create, -we try to call runtime.Delete to cleanup it. But in case runtime.Delete -failed, root path will still exists which causes Create failed with error -"container with id exists". So remove path directly if Delete failed. - -Signed-off-by: xiadanni ---- - vendor/github.com/containerd/go-runc/runc.go | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index 1c96317..c089381 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -159,7 +159,10 @@ func (o *CreateOpts) args() (out []string, err error) { - func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOpts) error { - if _, err := os.Stat(filepath.Join(r.Root, id)); err == nil { - logrus.Warnf("cleanup residue runtime with bundle %s root=%s", bundle, r.Root) -- r.Delete(context, id, &DeleteOpts{Force: true}) -+ if dErr := r.Delete(context, id, &DeleteOpts{Force: true}); dErr != nil { -+ logrus.Errorf("runtime force delete return err: %v, remove container root err: %v", -+ dErr, os.RemoveAll(filepath.Join(r.Root, id))) -+ } - } - - args := []string{"create", "--bundle", bundle} --- -2.27.0 - diff --git a/patch/0077-containerd-drop-opt-package.patch b/patch/0077-containerd-drop-opt-package.patch deleted file mode 100644 index 807f49e80f73b2aafbe91aad9300b41e241b1bcb..0000000000000000000000000000000000000000 --- a/patch/0077-containerd-drop-opt-package.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 81d14714bb90455964eac557f9b2172d7bc3e522 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Thu, 5 Aug 2021 15:24:21 +0800 -Subject: [PATCH] [Huawei]containerd: drop opt package - -Signed-off-by: xiadanni ---- - cmd/containerd/builtins.go | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/cmd/containerd/builtins.go b/cmd/containerd/builtins.go -index b120b60..17fa9f6 100644 ---- a/cmd/containerd/builtins.go -+++ b/cmd/containerd/builtins.go -@@ -30,7 +30,6 @@ import ( - _ "github.com/containerd/containerd/services/introspection" - _ "github.com/containerd/containerd/services/leases" - _ "github.com/containerd/containerd/services/namespaces" -- _ "github.com/containerd/containerd/services/opt" - _ "github.com/containerd/containerd/services/snapshots" - _ "github.com/containerd/containerd/services/tasks" - _ "github.com/containerd/containerd/services/version" --- -2.27.0 - diff --git a/patch/0078-containerd-bump-containerd-ttrpc-699c4e40d1.patch b/patch/0078-containerd-bump-containerd-ttrpc-699c4e40d1.patch deleted file mode 100644 index f686be5cf31dbc36fa1777bb3aa171e1525d9339..0000000000000000000000000000000000000000 --- a/patch/0078-containerd-bump-containerd-ttrpc-699c4e40d1.patch +++ /dev/null @@ -1,149 +0,0 @@ -From 1c8a3bb488eb68523a3ae112854fcdd7326686cb Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Wed, 1 Sep 2021 07:23:17 +0800 -Subject: [PATCH] [backport]containerd:bump containerd/ttrpc - 699c4e40d1e7416e08bf7019c7ce2e9beced4636 - -full diff: https://github.com/containerd/ttrpc/compare/f02858b1457c5ca3aaec3a0803eb0d59f96e41d6...699c4e40d1e7416e08bf7019c7ce2e9beced4636 - -- containerd/ttrpc#33 Fix returns error message -- containerd/ttrpc#35 Make onclose an option - -Conflict:vendor.conf -Reference:https://github.com/containerd/containerd/commit/8c5779c32b70a0c55e1c94eb45b305897f7cf3f1 - -Signed-off-by: Sebastiaan van Stijn -Signed-off-by: xiadanni ---- - runtime/v1/shim/client/client.go | 3 +-- - runtime/v2/binary.go | 3 +-- - runtime/v2/shim.go | 3 +-- - vendor.conf | 2 +- - vendor/github.com/containerd/ttrpc/client.go | 21 ++++++++++++------- - .../github.com/containerd/ttrpc/services.go | 2 +- - 6 files changed, 19 insertions(+), 15 deletions(-) - -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index 48d62e537..6861df081 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -299,8 +299,7 @@ func WithConnect(address string, onClose func()) Opt { - if err != nil { - return nil, nil, err - } -- client := ttrpc.NewClient(conn) -- client.OnClose(onClose) -+ client := ttrpc.NewClient(conn, ttrpc.WithOnClose(onClose)) - return shimapi.NewShimClient(client), conn, nil - } - } -diff --git a/runtime/v2/binary.go b/runtime/v2/binary.go -index 41de0d3e0..223b85300 100644 ---- a/runtime/v2/binary.go -+++ b/runtime/v2/binary.go -@@ -97,8 +97,7 @@ func (b *binary) Start(ctx context.Context) (_ *shim, err error) { - if err != nil { - return nil, err - } -- client := ttrpc.NewClient(conn) -- client.OnClose(func() { conn.Close() }) -+ client := ttrpc.NewClient(conn, ttrpc.WithOnClose(func() { _ = conn.Close() })) - return &shim{ - bundle: b.bundle, - client: client, -diff --git a/runtime/v2/shim.go b/runtime/v2/shim.go -index 982d1bb34..8e746712b 100644 ---- a/runtime/v2/shim.go -+++ b/runtime/v2/shim.go -@@ -75,8 +75,7 @@ func loadShim(ctx context.Context, bundle *Bundle, events *exchange.Exchange, rt - } - }() - -- client := ttrpc.NewClient(conn) -- client.OnClose(func() { conn.Close() }) -+ client := ttrpc.NewClient(conn, ttrpc.WithOnClose(func() { _ = conn.Close() })) - s := &shim{ - client: client, - task: task.NewTaskClient(client), -diff --git a/vendor.conf b/vendor.conf -index dbc3eecd9..0f76be3b0 100644 ---- a/vendor.conf -+++ b/vendor.conf -@@ -36,7 +36,7 @@ github.com/Microsoft/go-winio v0.4.11 - github.com/Microsoft/hcsshim v0.7.12 - google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944 - golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4 --github.com/containerd/ttrpc 2a805f71863501300ae1976d29f0454ae003e85a -+github.com/containerd/ttrpc 699c4e40d1e7416e08bf7019c7ce2e9beced4636 - github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16 - gotest.tools v2.1.0 - github.com/google/go-cmp v0.1.0 -diff --git a/vendor/github.com/containerd/ttrpc/client.go b/vendor/github.com/containerd/ttrpc/client.go -index e40592dd7..bc2bbde1b 100644 ---- a/vendor/github.com/containerd/ttrpc/client.go -+++ b/vendor/github.com/containerd/ttrpc/client.go -@@ -48,7 +48,15 @@ type Client struct { - err error - } - --func NewClient(conn net.Conn) *Client { -+type ClientOpts func(c *Client) -+ -+func WithOnClose(onClose func()) ClientOpts { -+ return func(c *Client) { -+ c.closeFunc = onClose -+ } -+} -+ -+func NewClient(conn net.Conn, opts ...ClientOpts) *Client { - c := &Client{ - codec: codec{}, - conn: conn, -@@ -59,6 +67,10 @@ func NewClient(conn net.Conn) *Client { - closeFunc: func() {}, - } - -+ for _, o := range opts { -+ o(c) -+ } -+ - go c.run() - return c - } -@@ -135,11 +147,6 @@ func (c *Client) Close() error { - return nil - } - --// OnClose allows a close func to be called when the server is closed --func (c *Client) OnClose(closer func()) { -- c.closeFunc = closer --} -- - type message struct { - messageHeader - p []byte -@@ -249,7 +256,7 @@ func (c *Client) recv(resp *Response, msg *message) error { - } - - if msg.Type != messageTypeResponse { -- return errors.New("unkown message type received") -+ return errors.New("unknown message type received") - } - - defer c.channel.putmbuf(msg.p) -diff --git a/vendor/github.com/containerd/ttrpc/services.go b/vendor/github.com/containerd/ttrpc/services.go -index e90963825..fe1cade5a 100644 ---- a/vendor/github.com/containerd/ttrpc/services.go -+++ b/vendor/github.com/containerd/ttrpc/services.go -@@ -76,7 +76,7 @@ func (s *serviceSet) dispatch(ctx context.Context, serviceName, methodName strin - switch v := obj.(type) { - case proto.Message: - if err := proto.Unmarshal(p, v); err != nil { -- return status.Errorf(codes.Internal, "ttrpc: error unmarshaling payload: %v", err.Error()) -+ return status.Errorf(codes.Internal, "ttrpc: error unmarshalling payload: %v", err.Error()) - } - default: - return status.Errorf(codes.Internal, "ttrpc: error unsupported request type: %T", v) --- -2.27.0 - diff --git a/patch/0079-containerd-fix-race-access-for-mobySubcribed.patch b/patch/0079-containerd-fix-race-access-for-mobySubcribed.patch deleted file mode 100644 index 00d1d800749dc73bfdab52649d46bf84a5f0a75f..0000000000000000000000000000000000000000 --- a/patch/0079-containerd-fix-race-access-for-mobySubcribed.patch +++ /dev/null @@ -1,47 +0,0 @@ -From fe8f7f5acac4f0fcf75218e26c1f3f874a77bf44 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Wed, 1 Sep 2021 07:29:43 +0800 -Subject: [PATCH] [Huawei]containerd:fix race access for mobySubcribed - -Signed-off-by: xiadanni ---- - events/exchange/exchange.go | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/events/exchange/exchange.go b/events/exchange/exchange.go -index 540f18054..ad642563a 100644 ---- a/events/exchange/exchange.go -+++ b/events/exchange/exchange.go -@@ -19,6 +19,7 @@ package exchange - import ( - "context" - "strings" -+ "sync/atomic" - "time" - - "github.com/containerd/containerd/errdefs" -@@ -49,10 +50,10 @@ func NewExchange() *Exchange { - var _ events.Publisher = &Exchange{} - var _ events.Forwarder = &Exchange{} - var _ events.Subscriber = &Exchange{} --var mobySubcribed = false -+var mobySubcribed = int32(0) - - func MobySubscribed() bool { -- return mobySubcribed -+ return atomic.LoadInt32(&mobySubcribed) == 1 - } - - // Forward accepts an envelope to be direcly distributed on the exchange. -@@ -170,7 +171,7 @@ func (e *Exchange) Subscribe(ctx context.Context, fs ...string) (ch <-chan *even - for _, s := range fs { - if !MobySubscribed() && s == "namespace==moby,topic~=|^/tasks/|" { - queue.Namespace = "moby" -- mobySubcribed = true -+ atomic.StoreInt32(&mobySubcribed, 1) - } - } - --- -2.27.0 - diff --git a/patch/0080-containerd-improve-log-for-debugging.patch b/patch/0080-containerd-improve-log-for-debugging.patch deleted file mode 100644 index d4708ad261cfe1fecc46f90a670b54fc1c8a4a18..0000000000000000000000000000000000000000 --- a/patch/0080-containerd-improve-log-for-debugging.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 003a26f92ccfd6f296910874ed9ad55d652413cc Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Fri, 29 Oct 2021 16:37:28 +0800 -Subject: [PATCH] containerd: improve log for debugging - -add following logs for debugging -1. return event publish errors -2. redirect is used to make sure that containerd still can read the log - of shim after restart - -Conflict:NA -Reference: -https://github.com/containerd/containerd/pull/3179/commits/74eb0dc81221bffc192a349cf8b14fe7947b7a73 -https://github.com/containerd/containerd/pull/5293/commits/45df696bf3fe3eda15bbf0f2c00ddc2cfeddcdcc -https://github.com/containerd/containerd/commit/fbb80b9510db14a95b8ffa6c7842666ecf520489 - -Signed-off-by: xiadanni ---- - cmd/containerd-shim/main_unix.go | 23 ++++++++++++++++++++--- - runtime/v1/linux/runtime.go | 1 + - runtime/v1/shim/client/client.go | 22 ++++++++++------------ - 3 files changed, 31 insertions(+), 15 deletions(-) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index 3a5bb6170..a07932cef 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -61,6 +61,12 @@ var ( - criuFlag string - systemdCgroupFlag bool - containerdBinaryFlag string -+ -+ bufPool = sync.Pool{ -+ New: func() interface{} { -+ return bytes.NewBuffer(nil) -+ }, -+ } - ) - - func init() { -@@ -101,6 +107,10 @@ func main() { - stderr.Close() - }() - -+ // redirect the following output into fifo to make sure that containerd -+ // still can read the log after restart -+ logrus.SetOutput(stdout) -+ - if err := executeShim(); err != nil { - fmt.Fprintf(os.Stderr, "containerd-shim: %s\n", err) - os.Exit(1) -@@ -110,7 +120,7 @@ func main() { - // If containerd server process dies, we need the shim to keep stdout/err reader - // FDs so that Linux does not SIGPIPE the shim process if it tries to use its end of - // these pipes. --func openStdioKeepAlivePipes(dir string) (io.ReadCloser, io.ReadCloser, error) { -+func openStdioKeepAlivePipes(dir string) (io.ReadWriteCloser, io.ReadWriteCloser, error) { - background := context.Background() - keepStdoutAlive, err := shimlog.OpenShimStdoutLog(background, dir) - if err != nil { -@@ -287,16 +297,23 @@ func (l *remoteEventsPublisher) doPublish(ctx context.Context, topic string, eve - } - cmd := exec.CommandContext(ctx, containerdBinaryFlag, "--address", l.address, "publish", "--topic", topic, "--namespace", ns) - cmd.Stdin = bytes.NewReader(data) -+ b := bufPool.Get().(*bytes.Buffer) -+ defer func() { -+ b.Reset() -+ bufPool.Put(b) -+ }() -+ cmd.Stdout = b -+ cmd.Stderr = b - c, err := shim.Default.Start(cmd) - if err != nil { - return err - } - status, err := shim.Default.Wait(cmd, c) - if err != nil { -- return err -+ return errors.Wrapf(err, "failed to publish event: %s", b.String()) - } - if status != 0 { -- return errors.New("failed to publish event") -+ return errors.Errorf("failed to publish event: %s", b.String()) - } - return nil - } -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index ca3674808..eb3927305 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -379,6 +379,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - log.G(ctx).Infof("load-task %s/%s/%s Pid=%d", r.state, ns, id, pid) - shimExit := make(chan struct{}) - s, err := bundle.NewShimClient(ctx, ns, ShimConnect(r.config, func() { -+ log.G(ctx).WithField("id", id).Info("shim reaped") - close(shimExit) - if _, err := r.tasks.Get(ctx, id); err != nil { - // Task was never started or was already successfully deleted -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index eafb0d712..6861df081 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -77,21 +77,19 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - - var stdoutLog io.ReadWriteCloser - var stderrLog io.ReadWriteCloser -- if debug { -- stdoutLog, err = v1.OpenShimStdoutLog(ctx, config.WorkDir) -- if err != nil { -- return nil, nil, errors.Wrapf(err, "failed to create stdout log") -- } -- -- stderrLog, err = v1.OpenShimStderrLog(ctx, config.WorkDir) -- if err != nil { -- return nil, nil, errors.Wrapf(err, "failed to create stderr log") -- } -+ stdoutLog, err = v1.OpenShimStdoutLog(ctx, config.WorkDir) -+ if err != nil { -+ return nil, nil, errors.Wrapf(err, "failed to create stdout log") -+ } - -- go io.Copy(os.Stdout, stdoutLog) -- go io.Copy(os.Stderr, stderrLog) -+ stderrLog, err = v1.OpenShimStderrLog(ctx, config.WorkDir) -+ if err != nil { -+ return nil, nil, errors.Wrapf(err, "failed to create stderr log") - } - -+ go io.Copy(os.Stdout, stdoutLog) -+ go io.Copy(os.Stderr, stderrLog) -+ - if err := writeFile(filepath.Join(config.Path, "address"), address); err != nil { - return nil, nil, err - } --- -2.27.0 - diff --git a/patch/0081-containerd-reduce-permissions-for-bundle-di.patch b/patch/0081-containerd-reduce-permissions-for-bundle-di.patch deleted file mode 100644 index fbac4f813ee63131f159c71203fa5126d230916c..0000000000000000000000000000000000000000 --- a/patch/0081-containerd-reduce-permissions-for-bundle-di.patch +++ /dev/null @@ -1,138 +0,0 @@ -From fe70d9e0048502addcbeea5399f2da554a14bd78 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Tue, 9 Nov 2021 16:25:09 +0800 -Subject: [PATCH] [Backport]containerd:reduce permissions for bundle dir to fix - CVE-2021-41103 - -reduce permissions for bundle dir -reduce permissions on plugin directories -fix CVE-2021-41103 - -Conflict:NA -Reference:https://github.com/containerd/containerd/commit/6886c6a2ec0c70dde1aa64e77b64a5ad47b983c3 -https://github.com/containerd/containerd/commit/7c621e1fcc08bcf5a1a48b837342cc22eada1685 ---- - runtime/v1/linux/bundle.go | 56 +++++++++++++++++++++++++++++++++++++- - snapshots/btrfs/btrfs.go | 8 ++++-- - 2 files changed, 61 insertions(+), 3 deletions(-) - -diff --git a/runtime/v1/linux/bundle.go b/runtime/v1/linux/bundle.go -index 0442246f9..90a10862e 100644 ---- a/runtime/v1/linux/bundle.go -+++ b/runtime/v1/linux/bundle.go -@@ -20,6 +20,7 @@ package linux - - import ( - "context" -+ "encoding/json" - "fmt" - "io/ioutil" - "os" -@@ -30,6 +31,7 @@ import ( - "github.com/containerd/containerd/runtime/linux/runctypes" - "github.com/containerd/containerd/runtime/v1/shim" - "github.com/containerd/containerd/runtime/v1/shim/client" -+ "github.com/opencontainers/runtime-spec/specs-go" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" - ) -@@ -63,7 +65,7 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) { - time.Sleep(waitTime) - } - -- if err := os.Mkdir(path, 0711); err != nil { -+ if err := os.Mkdir(path, 0700); err != nil { - return nil, err - } - defer func() { -@@ -71,6 +73,9 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) { - os.RemoveAll(path) - } - }() -+ if err := prepareBundleDirectoryPermissions(path, spec); err != nil { -+ return nil, err -+ } - if err := os.MkdirAll(workDir, 0711); err != nil { - return nil, err - } -@@ -90,6 +95,55 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) { - }, err - } - -+// prepareBundleDirectoryPermissions prepares the permissions of the bundle -+// directory. When user namespaces are enabled, the permissions are modified -+// to allow the remapped root GID to access the bundle. -+func prepareBundleDirectoryPermissions(path string, spec []byte) error { -+ gid, err := remappedGID(spec) -+ if err != nil { -+ return err -+ } -+ if gid == 0 { -+ return nil -+ } -+ if err := os.Chown(path, -1, int(gid)); err != nil { -+ return err -+ } -+ return os.Chmod(path, 0710) -+} -+ -+// ociSpecUserNS is a subset of specs.Spec used to reduce garbage during -+// unmarshal. -+type ociSpecUserNS struct { -+ Linux *linuxSpecUserNS -+} -+ -+// linuxSpecUserNS is a subset of specs.Linux used to reduce garbage during -+// unmarshal. -+type linuxSpecUserNS struct { -+ GIDMappings []specs.LinuxIDMapping -+} -+ -+// remappedGID reads the remapped GID 0 from the OCI spec, if it exists. If -+// there is no remapping, remappedGID returns 0. If the spec cannot be parsed, -+// remappedGID returns an error. -+func remappedGID(spec []byte) (uint32, error) { -+ var ociSpec ociSpecUserNS -+ err := json.Unmarshal(spec, &ociSpec) -+ if err != nil { -+ return 0, err -+ } -+ if ociSpec.Linux == nil || len(ociSpec.Linux.GIDMappings) == 0 { -+ return 0, nil -+ } -+ for _, mapping := range ociSpec.Linux.GIDMappings { -+ if mapping.ContainerID == 0 { -+ return mapping.HostID, nil -+ } -+ } -+ return 0, nil -+} -+ - type bundle struct { - id string - path string -diff --git a/snapshots/btrfs/btrfs.go b/snapshots/btrfs/btrfs.go -index a89b55129..da6f8220e 100644 ---- a/snapshots/btrfs/btrfs.go -+++ b/snapshots/btrfs/btrfs.go -@@ -63,11 +63,15 @@ type snapshotter struct { - // root needs to be a mount point of btrfs. - func NewSnapshotter(root string) (snapshots.Snapshotter, error) { - // If directory does not exist, create it -- if _, err := os.Stat(root); err != nil { -+ if st, err := os.Stat(root); err != nil { - if !os.IsNotExist(err) { - return nil, err - } -- if err := os.Mkdir(root, 0755); err != nil { -+ if err := os.Mkdir(root, 0700); err != nil { -+ return nil, err -+ } -+ } else if st.Mode()&os.ModePerm != 0700 { -+ if err := os.Chmod(root, 0700); err != nil { - return nil, err - } - } --- -2.27.0 - diff --git a/patch/0082-containerd-fix-publish-command-wait-block-for.patch b/patch/0082-containerd-fix-publish-command-wait-block-for.patch deleted file mode 100644 index ec9f783645ce210234efcc52f14d0969ab282cfd..0000000000000000000000000000000000000000 --- a/patch/0082-containerd-fix-publish-command-wait-block-for.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 31cd7bb5147c42384ffd28e9a64f0c5d5c4f7500 Mon Sep 17 00:00:00 2001 -From: chenjiankun -Date: Wed, 10 Nov 2021 16:10:37 +0800 -Subject: [PATCH] containerd: fix publish command wait block forever - ---- - cmd/containerd-shim/main_unix.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index a07932c..37b621e 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -308,7 +308,7 @@ func (l *remoteEventsPublisher) doPublish(ctx context.Context, topic string, eve - if err != nil { - return err - } -- status, err := shim.Default.Wait(cmd, c) -+ status, err := shim.Default.WaitTimeout(cmd, c, 30) - if err != nil { - return errors.Wrapf(err, "failed to publish event: %s", b.String()) - } --- -2.27.0 - diff --git a/patch/0083-containerd-optimize-cgo-compile-options.patch b/patch/0083-containerd-optimize-cgo-compile-options.patch deleted file mode 100644 index fbe2c3cbb7a7b16f7d9b3b558a7cff307ef76fad..0000000000000000000000000000000000000000 --- a/patch/0083-containerd-optimize-cgo-compile-options.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 4ae41b01ba2dfd05e8eae0adac6dc3d54c461117 Mon Sep 17 00:00:00 2001 -From: songyanting -Date: Mon, 24 Jan 2022 11:08:44 +0800 -Subject: [PATCH] [Huawei]containerd:optimize cgo compile options - -offering:EulerOS Server -Type:bugfix -CVE: -DTS/AR: -reason:optimize cgo compile options - -Signed-off-by: songyanting songyanting@huawei.com ---- - Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile b/Makefile -index a7d0888..49a90e6 100644 ---- a/Makefile -+++ b/Makefile -@@ -172,8 +172,8 @@ bin/%: cmd/% FORCE - mkdir -p $(BEP_DIR) - @echo "$(WHALE) $@${BINARY_SUFFIX}" - CGO_ENABLED=1 \ -- CGO_CFLAGS="-fstack-protector-strong -fPIE" \ -- CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \ -+ CGO_CFLAGS="-fstack-protector-strong" \ -+ CGO_CPPFLAGS="-fstack-protector-strong" \ - CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ - CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ - go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< --- -2.23.0 - diff --git a/patch/0084-containerd-Use-fs.RootPath-when-mounting-vo.patch b/patch/0084-containerd-Use-fs.RootPath-when-mounting-vo.patch deleted file mode 100644 index 130d407bc0f9198674ebd0cbee2dd4afccdd90b0..0000000000000000000000000000000000000000 --- a/patch/0084-containerd-Use-fs.RootPath-when-mounting-vo.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 53c45a7abaea09e60e0175f192742c74d1be60e2 Mon Sep 17 00:00:00 2001 -From: Vanient -Date: Thu, 31 Mar 2022 21:30:15 +0800 -Subject: [PATCH] containerd:Use fs.RootPath when mounting volumes - -fix CVE-2022-23648 -upstream:https://github.com/containerd/containerd/commit/3406af86394c2426ce7f55d5f52be2b79f456211 - -Signed-off-by: Vanient ---- - .../containerd/cri/pkg/containerd/opts/container.go | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go b/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go -index 7647c373c..2ea49b594 100644 ---- a/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go -+++ b/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go -@@ -20,7 +20,6 @@ import ( - "context" - "io/ioutil" - "os" -- "path/filepath" - - "github.com/containerd/containerd" - "github.com/containerd/containerd/containers" -@@ -88,7 +87,10 @@ func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts { - }() - - for host, volume := range volumeMounts { -- src := filepath.Join(root, volume) -+ src, err := fs.RootPath(root, volume) -+ if err != nil { -+ return errors.Wrapf(err, "rootpath on root %s, volume %s", root, volume) -+ } - if _, err := os.Stat(src); err != nil { - if os.IsNotExist(err) { - // Skip copying directory if it does not exist. --- -2.27.0 - diff --git a/patch/0085-containerd-put-get-pid-lock-after-set-process-exited-to-.patch b/patch/0085-containerd-put-get-pid-lock-after-set-process-exited-to-.patch deleted file mode 100644 index 4ab36bb45542b8ef0fd5a91593f913e1a3b84f23..0000000000000000000000000000000000000000 --- a/patch/0085-containerd-put-get-pid-lock-after-set-process-exited-to-.patch +++ /dev/null @@ -1,37 +0,0 @@ -From a6c7265aa68fca3a5023ad2b399799db583fffeb Mon Sep 17 00:00:00 2001 -From: zhangsong234 -Date: Tue, 14 Jun 2022 10:25:47 +0800 -Subject: [PATCH] containerd: put get pid lock after set process exited to avoid - deadlock. - -Signed-off-by: zhangsong234 ---- - runtime/v1/linux/proc/exec.go | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/runtime/v1/linux/proc/exec.go b/runtime/v1/linux/proc/exec.go -index a5f40bd..ff967b5 100644 ---- a/runtime/v1/linux/proc/exec.go -+++ b/runtime/v1/linux/proc/exec.go -@@ -86,14 +86,14 @@ func (e *execProcess) ExitedAt() time.Time { - } - - func (e *execProcess) SetExited(status int) { -- e.pid.Lock() -- e.pid.pid = -1 -- e.pid.Unlock() -- - e.mu.Lock() - defer e.mu.Unlock() - - e.execState.SetExited(status) -+ -+ e.pid.Lock() -+ e.pid.pid = -1 -+ e.pid.Unlock() - } - - func (e *execProcess) setExited(status int) { --- -2.27.0 - diff --git a/patch/0086-containerd-Limit-the-response-size-of-ExecSync.patch b/patch/0086-containerd-Limit-the-response-size-of-ExecSync.patch deleted file mode 100644 index e17da504341a2c32c9f7a0233b29e1c22651439f..0000000000000000000000000000000000000000 --- a/patch/0086-containerd-Limit-the-response-size-of-ExecSync.patch +++ /dev/null @@ -1,133 +0,0 @@ -From cf3bde2b5a78d7ba8773eadcc3b28dfb0001aee0 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 4 Jul 2022 14:34:23 +0800 -Subject: [PATCH] containerd: Limit the response size of ExecSync - -fix CVE-2022-31030 -upstream:https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382 ---- - .../cri/pkg/server/container_execsync.go | 45 ++++++++++++++++- - .../cri/pkg/server/container_execsync_test.go | 49 +++++++++++++++++++ - 2 files changed, 92 insertions(+), 2 deletions(-) - create mode 100644 vendor/github.com/containerd/cri/pkg/server/container_execsync_test.go - -diff --git a/vendor/github.com/containerd/cri/pkg/server/container_execsync.go b/vendor/github.com/containerd/cri/pkg/server/container_execsync.go -index fd54120..1ef93e5 100644 ---- a/vendor/github.com/containerd/cri/pkg/server/container_execsync.go -+++ b/vendor/github.com/containerd/cri/pkg/server/container_execsync.go -@@ -37,14 +37,55 @@ import ( - "github.com/containerd/cri/pkg/util" - ) - -+type cappedWriter struct { -+ w io.WriteCloser -+ remain int -+} -+ -+func (cw *cappedWriter) Write(p []byte) (int, error) { -+ if cw.remain <= 0 { -+ return len(p), nil -+ } -+ -+ end := cw.remain -+ if end > len(p) { -+ end = len(p) -+ } -+ written, err := cw.w.Write(p[0:end]) -+ cw.remain -= written -+ -+ if err != nil { -+ return written, err -+ } -+ return len(p), nil -+} -+ -+func (cw *cappedWriter) Close() error { -+ return cw.w.Close() -+} -+ -+func (cw *cappedWriter) isFull() bool { -+ return cw.remain <= 0 -+} -+ - // ExecSync executes a command in the container, and returns the stdout output. - // If command exits with a non-zero exit code, an error is returned. - func (c *criService) ExecSync(ctx context.Context, r *runtime.ExecSyncRequest) (*runtime.ExecSyncResponse, error) { -+ const maxStreamSize = 1024 * 1024 * 16 -+ - var stdout, stderr bytes.Buffer -+ -+ // cappedWriter truncates the output. In that case, the size of -+ // the ExecSyncResponse will hit the CRI plugin's gRPC response limit. -+ // Thus the callers outside of the containerd process (e.g. Kubelet) never see -+ // the truncated output. -+ cout := &cappedWriter{w: cioutil.NewNopWriteCloser(&stdout), remain: maxStreamSize} -+ cerr := &cappedWriter{w: cioutil.NewNopWriteCloser(&stderr), remain: maxStreamSize} -+ - exitCode, err := c.execInContainer(ctx, r.GetContainerId(), execOptions{ - cmd: r.GetCmd(), -- stdout: cioutil.NewNopWriteCloser(&stdout), -- stderr: cioutil.NewNopWriteCloser(&stderr), -+ stdout: cout, -+ stderr: cerr, - timeout: time.Duration(r.GetTimeout()) * time.Second, - }) - if err != nil { -diff --git a/vendor/github.com/containerd/cri/pkg/server/container_execsync_test.go b/vendor/github.com/containerd/cri/pkg/server/container_execsync_test.go -new file mode 100644 -index 0000000..c8641d0 ---- /dev/null -+++ b/vendor/github.com/containerd/cri/pkg/server/container_execsync_test.go -@@ -0,0 +1,49 @@ -+/* -+ Copyright The containerd Authors. -+ Licensed under the Apache License, Version 2.0 (the "License"); -+ you may not use this file except in compliance with the License. -+ You may obtain a copy of the License at -+ http://www.apache.org/licenses/LICENSE-2.0 -+ Unless required by applicable law or agreed to in writing, software -+ distributed under the License is distributed on an "AS IS" BASIS, -+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ See the License for the specific language governing permissions and -+ limitations under the License. -+*/ -+ -+package server -+ -+import ( -+ "bytes" -+ "testing" -+ -+ cioutil "github.com/containerd/containerd/pkg/ioutil" -+ "github.com/stretchr/testify/assert" -+) -+ -+func TestCWWrite(t *testing.T) { -+ var buf bytes.Buffer -+ cw := &cappedWriter{w: cioutil.NewNopWriteCloser(&buf), remain: 10} -+ -+ n, err := cw.Write([]byte("hello")) -+ assert.NoError(t, err) -+ assert.Equal(t, 5, n) -+ -+ n, err = cw.Write([]byte("helloworld")) -+ assert.NoError(t, err, "no errors even it hits the cap") -+ assert.Equal(t, 10, n, "no indication of partial write") -+ assert.True(t, cw.isFull()) -+ assert.Equal(t, []byte("hellohello"), buf.Bytes(), "the underlying writer is capped") -+ -+ _, err = cw.Write([]byte("world")) -+ assert.NoError(t, err) -+ assert.True(t, cw.isFull()) -+ assert.Equal(t, []byte("hellohello"), buf.Bytes(), "the underlying writer is capped") -+} -+ -+func TestCWClose(t *testing.T) { -+ var buf bytes.Buffer -+ cw := &cappedWriter{w: cioutil.NewNopWriteCloser(&buf), remain: 5} -+ err := cw.Close() -+ assert.NoError(t, err) -+} --- -2.30.0 - diff --git a/patch/0087-containerd-treat-manifest-provided-URLs-differently.patch b/patch/0087-containerd-treat-manifest-provided-URLs-differently.patch deleted file mode 100644 index 717e4a17cc8e9b98b8a559d86154f4aa8fc18b32..0000000000000000000000000000000000000000 --- a/patch/0087-containerd-treat-manifest-provided-URLs-differently.patch +++ /dev/null @@ -1,65 +0,0 @@ -From eb6ab2e84ab184321bd649b4def182f93e62b6df Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Mon, 24 Jan 2022 19:03:30 +0800 -Subject: [PATCH] [Backport]treat manifest provided URLs differently - -fix CVE-2020-15157 - -Conflict:NA -Reference:https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726 -https://github.com/containerd/containerd/commit/abbb17959f55bbb9b7eb37f965d7dad2f4ea8744 - -Signed-off-by: xiadanni ---- - remotes/docker/fetcher.go | 28 ++++++++++++++++++++-------- - 1 file changed, 20 insertions(+), 8 deletions(-) - -diff --git a/remotes/docker/fetcher.go b/remotes/docker/fetcher.go -index 4a2ce3c39..00e7a47c6 100644 ---- a/remotes/docker/fetcher.go -+++ b/remotes/docker/fetcher.go -@@ -56,6 +56,26 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R - } - - return newHTTPReadSeeker(desc.Size, func(offset int64) (io.ReadCloser, error) { -+ if len(desc.URLs) > 0 { -+ db := *r.dockerBase -+ // Remove authorizer to avoid authentication when -+ // connecting to manifest provided URLs. -+ // Prevents https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c -+ db.auth = nil -+ nr := dockerFetcher{ -+ dockerBase: &db, -+ } -+ for _, u := range desc.URLs { -+ log.G(ctx).WithField("url", u).Debug("trying alternative url") -+ rc, err := nr.open(ctx, u, desc.MediaType, offset) -+ if err != nil { -+ log.G(ctx).WithField("error", err).Debug("error trying url") -+ continue // try one of the other urls. -+ } -+ -+ return rc, nil -+ } -+ } - for _, u := range urls { - rc, err := r.open(ctx, u, desc.MediaType, offset) - if err != nil { -@@ -142,14 +162,6 @@ func (r dockerFetcher) open(ctx context.Context, u, mediatype string, offset int - func (r *dockerFetcher) getV2URLPaths(ctx context.Context, desc ocispec.Descriptor) ([]string, error) { - var urls []string - -- if len(desc.URLs) > 0 { -- // handle fetch via external urls. -- for _, u := range desc.URLs { -- log.G(ctx).WithField("url", u).Debug("adding alternative url") -- urls = append(urls, u) -- } -- } -- - switch desc.MediaType { - case images.MediaTypeDockerSchema2Manifest, images.MediaTypeDockerSchema2ManifestList, - images.MediaTypeDockerSchema1Manifest, --- -2.27.0 - diff --git a/patch/0088-containerd-Use-chmod-path-for-checking-symlink.patch b/patch/0088-containerd-Use-chmod-path-for-checking-symlink.patch deleted file mode 100644 index bc4cf4f7a81148923e1fdf383757a8935694b9da..0000000000000000000000000000000000000000 --- a/patch/0088-containerd-Use-chmod-path-for-checking-symlink.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 90a3fd55136fb18641c8221792b013ee1dbc17f5 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Mon, 24 Jan 2022 19:15:14 +0800 -Subject: [PATCH] [Backport]Use chmod path for checking symlink - -fix CVE-2021-32760 -Conflict:NA -Reference:https://github.com/containerd/containerd/commit/03aa748c11663e87a72fab92b7ab7c88c28bf13e - -Signed-off-by: xiadanni ---- - archive/tar_unix.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/archive/tar_unix.go b/archive/tar_unix.go -index 022dd6d4f..7f3857c7d 100644 ---- a/archive/tar_unix.go -+++ b/archive/tar_unix.go -@@ -127,7 +127,7 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error { - - func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error { - if hdr.Typeflag == tar.TypeLink { -- if fi, err := os.Lstat(hdr.Linkname); err == nil && (fi.Mode()&os.ModeSymlink == 0) { -+ if fi, err := os.Lstat(path); err == nil && (fi.Mode()&os.ModeSymlink == 0) { - if err := os.Chmod(path, hdrInfo.Mode()); err != nil { - return err - } --- -2.27.0 - diff --git a/patch/0089-containerd-Add-lock-for-ListPids.patch b/patch/0089-containerd-Add-lock-for-ListPids.patch deleted file mode 100644 index 9bfc8777ec7394537d7aa2bbaa67d80aaf2d6a2b..0000000000000000000000000000000000000000 --- a/patch/0089-containerd-Add-lock-for-ListPids.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 9a92dd95046003cd661f8cd76429b2e424907a2a Mon Sep 17 00:00:00 2001 -From: Vanient -Date: Mon, 21 Mar 2022 06:57:02 +0800 -Subject: [PATCH] [Backport]containerd: Add lock for ListPids - -Add the missing locks in ListPids -Conflict:NA -Reference:https://github.com/containerd/containerd/commit/fcf3b275fcd404ddf5fe75d5629d2168742ec0d3 - -Signed-off-by: Vanient ---- - runtime/v1/shim/service.go | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 7d7327cd8..435f02e3c 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -434,6 +434,9 @@ func (s *Service) ListPids(ctx context.Context, r *shimapi.ListPidsRequest) (*sh - return nil, errdefs.ToGRPC(err) - } - var processes []*task.ProcessInfo -+ -+ s.mu.Lock() -+ defer s.mu.Unlock() - for _, pid := range pids { - pInfo := task.ProcessInfo{ - Pid: pid, --- -2.27.0 - diff --git a/patch/0090-images-validate-document-type-before-unmarshal.patch b/patch/0090-images-validate-document-type-before-unmarshal.patch deleted file mode 100644 index f4998f67560c13ccd5eb024f443f07eee516ddcb..0000000000000000000000000000000000000000 --- a/patch/0090-images-validate-document-type-before-unmarshal.patch +++ /dev/null @@ -1,117 +0,0 @@ -From e3e70b398ff362182797e2d73372f8f654ba9383 Mon Sep 17 00:00:00 2001 -From: Vanient -Date: Thu, 9 Jun 2022 10:45:47 +0800 -Subject: [PATCH 1/2] images: validate document type before unmarshal - -Conflict:NA -Reference:https://github.com/containerd/containerd/commit/eb9ba7ed8d46d48fb22362f9d91fff6fb837e37e - -Signed-off-by: Vanient ---- - images/image.go | 55 +++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 55 insertions(+) - -diff --git a/images/image.go b/images/image.go -index f72684d82..ad12fe971 100644 ---- a/images/image.go -+++ b/images/image.go -@@ -19,6 +19,7 @@ package images - import ( - "context" - "encoding/json" -+ "fmt" - "sort" - "strings" - "time" -@@ -154,6 +155,10 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc - return nil, err - } - -+ if err := validateMediaType(p, desc.MediaType); err != nil { -+ return nil, errors.Wrapf(err, "manifest: invalid desc %s", desc.Digest) -+ } -+ - var manifest ocispec.Manifest - if err := json.Unmarshal(p, &manifest); err != nil { - return nil, err -@@ -194,6 +199,10 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc - return nil, err - } - -+ if err := validateMediaType(p, desc.MediaType); err != nil { -+ return nil, errors.Wrapf(err, "manifest: invalid desc %s", desc.Digest) -+ } -+ - var idx ocispec.Index - if err := json.Unmarshal(p, &idx); err != nil { - return nil, err -@@ -335,6 +344,10 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr - return nil, err - } - -+ if err := validateMediaType(p, desc.MediaType); err != nil { -+ return nil, errors.Wrapf(err, "children: invalid desc %s", desc.Digest) -+ } -+ - // TODO(stevvooe): We just assume oci manifest, for now. There may be - // subtle differences from the docker version. - var manifest ocispec.Manifest -@@ -350,6 +363,10 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr - return nil, err - } - -+ if err := validateMediaType(p, desc.MediaType); err != nil { -+ return nil, errors.Wrapf(err, "children: invalid desc %s", desc.Digest) -+ } -+ - var index ocispec.Index - if err := json.Unmarshal(p, &index); err != nil { - return nil, err -@@ -371,6 +388,44 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr - return descs, nil - } - -+// unknownDocument represents a manifest, manifest list, or index that has not -+// yet been validated. -+type unknownDocument struct { -+ MediaType string `json:"mediaType,omitempty"` -+ Config json.RawMessage `json:"config,omitempty"` -+ Layers json.RawMessage `json:"layers,omitempty"` -+ Manifests json.RawMessage `json:"manifests,omitempty"` -+ FSLayers json.RawMessage `json:"fsLayers,omitempty"` // schema 1 -+} -+ -+// validateMediaType returns an error if the byte slice is invalid JSON or if -+// the media type identifies the blob as one format but it contains elements of -+// another format. -+func validateMediaType(b []byte, mt string) error { -+ var doc unknownDocument -+ if err := json.Unmarshal(b, &doc); err != nil { -+ return err -+ } -+ if len(doc.FSLayers) != 0 { -+ return fmt.Errorf("media-type: schema 1 not supported") -+ } -+ switch mt { -+ case MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest: -+ if len(doc.Manifests) != 0 || -+ doc.MediaType == MediaTypeDockerSchema2ManifestList || -+ doc.MediaType == ocispec.MediaTypeImageIndex { -+ return fmt.Errorf("media-type: expected manifest but found index (%s)", mt) -+ } -+ case MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex: -+ if len(doc.Config) != 0 || len(doc.Layers) != 0 || -+ doc.MediaType == MediaTypeDockerSchema2Manifest || -+ doc.MediaType == ocispec.MediaTypeImageManifest { -+ return fmt.Errorf("media-type: expected index but found manifest (%s)", mt) -+ } -+ } -+ return nil -+} -+ - // RootFS returns the unpacked diffids that make up and images rootfs. - // - // These are used to verify that a set of layers unpacked to the expected --- -2.27.0 - diff --git a/patch/0091-schema1-reject-ambiguous-documents.patch b/patch/0091-schema1-reject-ambiguous-documents.patch deleted file mode 100644 index d03ec24cd3131e4cab425fbfbdaa518e5495e9ad..0000000000000000000000000000000000000000 --- a/patch/0091-schema1-reject-ambiguous-documents.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7a294fa5d943401ed3cb9149f69f1d12f372c374 Mon Sep 17 00:00:00 2001 -From: Vanient -Date: Thu, 9 Jun 2022 10:48:09 +0800 -Subject: [PATCH 2/2] schema1: reject ambiguous documents - -Conflict:NA -Reference:https://github.com/containerd/containerd/commit/70c88f507579277ab7af23b06666e3b57d4b4f2d - -Signed-off-by: Vanient ---- - remotes/docker/schema1/converter.go | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/remotes/docker/schema1/converter.go b/remotes/docker/schema1/converter.go -index 766c24a26..c618a33d5 100644 ---- a/remotes/docker/schema1/converter.go -+++ b/remotes/docker/schema1/converter.go -@@ -250,6 +250,9 @@ func (c *Converter) fetchManifest(ctx context.Context, desc ocispec.Descriptor) - if err := json.Unmarshal(b, &m); err != nil { - return err - } -+ if len(m.Manifests) != 0 || len(m.Layers) != 0 { -+ return errors.New("converter: expected schema1 document but found extra keys") -+ } - c.pulledManifest = &m - - return nil -@@ -466,8 +469,10 @@ type history struct { - } - - type manifest struct { -- FSLayers []fsLayer `json:"fsLayers"` -- History []history `json:"history"` -+ FSLayers []fsLayer `json:"fsLayers"` -+ History []history `json:"history"` -+ Layers json.RawMessage `json:"layers,omitempty"` // OCI manifest -+ Manifests json.RawMessage `json:"manifests,omitempty"` // OCI index - } - - type v1History struct { --- -2.27.0 - diff --git a/patch/0092-containerd-add-CGO-sercurity-build-options.patch b/patch/0092-containerd-add-CGO-sercurity-build-options.patch deleted file mode 100644 index 29ec5ab1124e42cd84b7a15ad4fc27360e61a5d9..0000000000000000000000000000000000000000 --- a/patch/0092-containerd-add-CGO-sercurity-build-options.patch +++ /dev/null @@ -1,38 +0,0 @@ -From f7d5384097fde1e448649fcacde0dd05b7f2e967 Mon Sep 17 00:00:00 2001 -From: zjw -Date: Mon, 20 Jun 2022 20:08:24 +0800 -Subject: [PATCH] containerd: containerd and containerd-shim add CGO security build options - ---- - Makefile | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/Makefile b/Makefile -index 49a90e6..2bc5dd5 100644 ---- a/Makefile -+++ b/Makefile -@@ -172,8 +172,8 @@ bin/%: cmd/% FORCE - mkdir -p $(BEP_DIR) - @echo "$(WHALE) $@${BINARY_SUFFIX}" - CGO_ENABLED=1 \ -- CGO_CFLAGS="-fstack-protector-strong" \ -- CGO_CPPFLAGS="-fstack-protector-strong" \ -+ CGO_CFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \ -+ CGO_CPPFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \ - CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ - CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ - go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< -@@ -181,8 +181,8 @@ bin/%: cmd/% FORCE - bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim" - CGO_ENABLED=1 \ -- CGO_CFLAGS="-fstack-protector-strong -fPIE" \ -- CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \ -+ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ -+ CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ - CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ - CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ - go build -buildmode=pie ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim --- -2.30.0 - diff --git a/patch/0093-containerd-fix-version-number-wrong.patch b/patch/0093-containerd-fix-version-number-wrong.patch deleted file mode 100644 index f2a41d78cf2180a5fca587e8fffd26a9f77f6fb3..0000000000000000000000000000000000000000 --- a/patch/0093-containerd-fix-version-number-wrong.patch +++ /dev/null @@ -1,36 +0,0 @@ -From aca59a554842337e5e03b300a5f358a3fa9c80e4 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Wed, 16 Nov 2022 12:28:54 +0800 -Subject: [PATCH] containerd: fix version number wrong - ---- - Makefile | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/Makefile b/Makefile -index 2bc5dd5..44eeefc 100644 ---- a/Makefile -+++ b/Makefile -@@ -20,7 +20,7 @@ ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST)))) - DESTDIR=/usr/local - - # Used to populate variables in version package. --VERSION=$(shell echo version:)$(shell grep '^Version' ${ROOTDIR}/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/').$(shell grep '^Release:' ${ROOTDIR}/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/') -+VERSION=$(shell echo version:)$(shell cat ./containerd_version) - REVISION=$(shell cat ./git-commit | head -c 40) - - ifneq "$(strip $(shell command -v go 2>/dev/null))" "" -@@ -181,8 +181,8 @@ bin/%: cmd/% FORCE - bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim" - CGO_ENABLED=1 \ -- CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ -- CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ -+ CGO_CFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \ -+ CGO_CPPFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \ - CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ - CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ - go build -buildmode=pie ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim --- -2.30.0 - diff --git a/patch/0094-containerd-Fix-goroutine-leak-in-Exec.patch b/patch/0094-containerd-Fix-goroutine-leak-in-Exec.patch deleted file mode 100644 index d47d1c4516e9ac24481f3ac63b6ddd2d264f486f..0000000000000000000000000000000000000000 --- a/patch/0094-containerd-Fix-goroutine-leak-in-Exec.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 13c66a426dcbb0ecef601c386b116ad7a960896a Mon Sep 17 00:00:00 2001 -From: Danny Canter -Date: Mon, 28 Nov 2022 14:45:34 -0800 -Subject: [PATCH] CRI stream server: Fix goroutine leak in Exec - -In the CRI streaming server, a goroutine (`handleResizeEvents`) is launched -to handle terminal resize events if a TTY is asked for with an exec; this -is the sender of terminal resize events. Another goroutine is launched -shortly after successful process startup to actually do something with -these events, however the issue arises if the exec process fails to start -for any reason that would have `process.Start` return non-nil. The receiver -goroutine never gets launched so the sender is stuck blocked on a channel send -infinitely. - -This could be used in a malicious manner by repeatedly launching execs -with a command that doesn't exist in the image, as a single goroutine -will get leaked on every invocation which will slowly grow containerd's -memory usage. - -Signed-off-by: Danny Canter -(cherry picked from commit f012617edfd887a29345888d65640a7ccd7c72ce) ---- - .../kubelet/server/remotecommand/httpstream.go | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/server/remotecommand/httpstream.go b/vendor/k8s.io/kubernetes/pkg/kubelet/server/remotecommand/httpstream.go -index 387ad3d5a..9591a5426 100644 ---- a/vendor/k8s.io/kubernetes/pkg/kubelet/server/remotecommand/httpstream.go -+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/server/remotecommand/httpstream.go -@@ -17,6 +17,7 @@ limitations under the License. - package remotecommand - - import ( -+ gocontext "context" - "encoding/json" - "errors" - "fmt" -@@ -116,7 +117,7 @@ func createStreams(req *http.Request, w http.ResponseWriter, opts *Options, supp - - if ctx.resizeStream != nil { - ctx.resizeChan = make(chan remotecommand.TerminalSize) -- go handleResizeEvents(ctx.resizeStream, ctx.resizeChan) -+ go handleResizeEvents(req.Context(), ctx.resizeStream, ctx.resizeChan) - } - - return ctx, true -@@ -410,7 +411,7 @@ WaitForStreams: - // supportsTerminalResizing returns false because v1ProtocolHandler doesn't support it. - func (*v1ProtocolHandler) supportsTerminalResizing() bool { return false } - --func handleResizeEvents(stream io.Reader, channel chan<- remotecommand.TerminalSize) { -+func handleResizeEvents(ctx gocontext.Context, stream io.Reader, channel chan<- remotecommand.TerminalSize) { - defer runtime.HandleCrash() - - decoder := json.NewDecoder(stream) -@@ -419,7 +420,15 @@ func handleResizeEvents(stream io.Reader, channel chan<- remotecommand.TerminalS - if err := decoder.Decode(&size); err != nil { - break - } -- channel <- size -+ -+ select { -+ case channel <- size: -+ case <-ctx.Done(): -+ // To avoid leaking this routine, exit if the http request finishes. This path -+ // would generally be hit if starting the process fails and nothing is started to -+ // ingest these resize events. -+ return -+ } - } - } - --- -2.30.0 - diff --git a/patch/0095-oci-fix-additional-GIDs.patch b/patch/0095-oci-fix-additional-GIDs.patch deleted file mode 100644 index 5aa148dc5e5be33382fb521298776f92185c4b3f..0000000000000000000000000000000000000000 --- a/patch/0095-oci-fix-additional-GIDs.patch +++ /dev/null @@ -1,198 +0,0 @@ -From f73de44a5b70c85458af955d74f45492ff07926a Mon Sep 17 00:00:00 2001 -From: Akihiro Suda -Date: Sat, 24 Dec 2022 20:09:04 +0900 -Subject: [PATCH] oci: fix additional GIDs - -Test suite: -```yaml - ---- -apiVersion: v1 -kind: Pod -metadata: - name: test-no-option - annotations: - description: "Equivalent of `docker run` (no option)" -spec: - restartPolicy: Never - containers: - - name: main - image: ghcr.io/containerd/busybox:1.28 - args: ['sh', '-euxc', - '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),10(wheel)" ]'] ---- -apiVersion: v1 -kind: Pod -metadata: - name: test-group-add-1-group-add-1234 - annotations: - description: "Equivalent of `docker run --group-add 1 --group-add 1234`" -spec: - restartPolicy: Never - containers: - - name: main - image: ghcr.io/containerd/busybox:1.28 - args: ['sh', '-euxc', - '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),1(daemon),10(wheel),1234" ]'] - securityContext: - supplementalGroups: [1, 1234] ---- -apiVersion: v1 -kind: Pod -metadata: - name: test-user-1234 - annotations: - description: "Equivalent of `docker run --user 1234`" -spec: - restartPolicy: Never - containers: - - name: main - image: ghcr.io/containerd/busybox:1.28 - args: ['sh', '-euxc', - '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root)" ]'] - securityContext: - runAsUser: 1234 ---- -apiVersion: v1 -kind: Pod -metadata: - name: test-user-1234-1234 - annotations: - description: "Equivalent of `docker run --user 1234:1234`" -spec: - restartPolicy: Never - containers: - - name: main - image: ghcr.io/containerd/busybox:1.28 - args: ['sh', '-euxc', - '[ "$(id)" = "uid=1234 gid=1234 groups=1234" ]'] - securityContext: - runAsUser: 1234 - runAsGroup: 1234 ---- -apiVersion: v1 -kind: Pod -metadata: - name: test-user-1234-group-add-1234 - annotations: - description: "Equivalent of `docker run --user 1234 --group-add 1234`" -spec: - restartPolicy: Never - containers: - - name: main - image: ghcr.io/containerd/busybox:1.28 - args: ['sh', '-euxc', - '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root),1234" ]'] - securityContext: - runAsUser: 1234 - supplementalGroups: [1234] -``` - -Signed-off-by: Akihiro Suda -Signed-off-by: zhongjiawei ---- - oci/spec_opts.go | 33 +++++++++++++++++++ - .../cri/pkg/server/container_create.go | 3 +- - 2 files changed, 35 insertions(+), 1 deletion(-) - -diff --git a/oci/spec_opts.go b/oci/spec_opts.go -index 8b599f805..718c48246 100644 ---- a/oci/spec_opts.go -+++ b/oci/spec_opts.go -@@ -84,6 +84,17 @@ func setCapabilities(s *Spec) { - } - } - -+// ensureAdditionalGids ensures that the primary GID is also included in the additional GID list. -+func ensureAdditionalGids(s *Spec) { -+ setProcess(s) -+ for _, f := range s.Process.User.AdditionalGids { -+ if f == s.Process.User.GID { -+ return -+ } -+ } -+ s.Process.User.AdditionalGids = append([]uint32{s.Process.User.GID}, s.Process.User.AdditionalGids...) -+} -+ - // WithDefaultSpec returns a SpecOpts that will populate the spec with default - // values. - // -@@ -459,7 +470,21 @@ func WithNamespacedCgroup() SpecOpts { - // user, uid, user:group, uid:gid, uid:group, user:gid - func WithUser(userstr string) SpecOpts { - return func(ctx context.Context, client Client, c *containers.Container, s *Spec) error { -+ defer ensureAdditionalGids(s) - setProcess(s) -+ s.Process.User.AdditionalGids = nil -+ -+ // For LCOW it's a bit harder to confirm that the user actually exists on the host as a rootfs isn't -+ // mounted on the host and shared into the guest, but rather the rootfs is constructed entirely in the -+ // guest itself. To accommodate this, a spot to place the user string provided by a client as-is is needed. -+ // The `Username` field on the runtime spec is marked by Platform as only for Windows, and in this case it -+ // *is* being set on a Windows host at least, but will be used as a temporary holding spot until the guest -+ // can use the string to perform these same operations to grab the uid:gid inside. -+ if s.Windows != nil && s.Linux != nil { -+ s.Process.User.Username = userstr -+ return nil -+ } -+ - parts := strings.Split(userstr, ":") - switch len(parts) { - case 1: -@@ -538,7 +563,9 @@ func WithUser(userstr string) SpecOpts { - // WithUIDGID allows the UID and GID for the Process to be set - func WithUIDGID(uid, gid uint32) SpecOpts { - return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error { -+ defer ensureAdditionalGids(s) - setProcess(s) -+ s.Process.User.AdditionalGids = nil - s.Process.User.UID = uid - s.Process.User.GID = gid - return nil -@@ -551,7 +578,9 @@ func WithUIDGID(uid, gid uint32) SpecOpts { - // additionally sets the gid to 0, and does not return an error. - func WithUserID(uid uint32) SpecOpts { - return func(ctx context.Context, client Client, c *containers.Container, s *Spec) (err error) { -+ defer ensureAdditionalGids(s) - setProcess(s) -+ s.Process.User.AdditionalGids = nil - if c.Snapshotter == "" && c.SnapshotKey == "" { - if !isRootfsAbs(s.Root.Path) { - return errors.Errorf("rootfs absolute path is required") -@@ -604,7 +633,9 @@ func WithUserID(uid uint32) SpecOpts { - // it returns error. - func WithUsername(username string) SpecOpts { - return func(ctx context.Context, client Client, c *containers.Container, s *Spec) (err error) { -+ defer ensureAdditionalGids(s) - setProcess(s) -+ s.Process.User.AdditionalGids = nil - if s.Linux != nil { - if c.Snapshotter == "" && c.SnapshotKey == "" { - if !isRootfsAbs(s.Root.Path) { -@@ -659,7 +690,9 @@ func WithAdditionalGIDs(userstr string) SpecOpts { - return nil - } - setProcess(s) -+ s.Process.User.AdditionalGids = nil - setAdditionalGids := func(root string) error { -+ defer ensureAdditionalGids(s) - var username string - uid, err := strconv.Atoi(userstr) - if err == nil { -diff --git a/vendor/github.com/containerd/cri/pkg/server/container_create.go b/vendor/github.com/containerd/cri/pkg/server/container_create.go -index e29cb40f8..ffa6cd614 100644 ---- a/vendor/github.com/containerd/cri/pkg/server/container_create.go -+++ b/vendor/github.com/containerd/cri/pkg/server/container_create.go -@@ -230,7 +230,8 @@ func (c *criService) CreateContainer(ctx context.Context, r *runtime.CreateConta - // Because it is still useful to get additional gids for uid 0. - userstr = strconv.FormatInt(securityContext.GetRunAsUser().GetValue(), 10) - } -- specOpts = append(specOpts, customopts.WithAdditionalGIDs(userstr)) -+ specOpts = append(specOpts, customopts.WithDevices(c.os, config, c.config.DeviceOwnershipFromSecurityContext), -+ customopts.WithCapabilities(securityContext, c.allCaps)) - - apparmorSpecOpts, err := generateApparmorSpecOpts( - securityContext.GetApparmorProfile(), --- -2.33.0 - diff --git a/patch/0096-importer-stream-oci-layout-and-manifest.json.patch b/patch/0096-importer-stream-oci-layout-and-manifest.json.patch deleted file mode 100644 index 6d915bc913b99da6e58a4a48ab33700c40cea843..0000000000000000000000000000000000000000 --- a/patch/0096-importer-stream-oci-layout-and-manifest.json.patch +++ /dev/null @@ -1,48 +0,0 @@ -From d86db0de932912591e4a3884305547162b87f885 Mon Sep 17 00:00:00 2001 -From: Samuel Karp -Date: Mon, 27 Feb 2023 15:02:01 +0800 -Subject: [PATCH] importer: stream oci-layout and manifest.json - -Signed-off-by: Samuel Karp ---- - images/archive/importer.go | 16 +++++++--------- - 1 file changed, 7 insertions(+), 9 deletions(-) - -diff --git a/images/archive/importer.go b/images/archive/importer.go -index da83275..443b886 100644 ---- a/images/archive/importer.go -+++ b/images/archive/importer.go -@@ -23,7 +23,6 @@ import ( - "context" - "encoding/json" - "io" -- "io/ioutil" - "path" - - "github.com/containerd/containerd/archive/compression" -@@ -192,15 +191,14 @@ func ImportIndex(ctx context.Context, store content.Store, reader io.Reader) (oc - return writeManifest(ctx, store, idx, ocispec.MediaTypeImageIndex) - } - -+const ( -+ kib = 1024 -+ mib = 1024 * kib -+ jsonLimit = 20 * mib -+) -+ - func onUntarJSON(r io.Reader, j interface{}) error { -- b, err := ioutil.ReadAll(r) -- if err != nil { -- return err -- } -- if err := json.Unmarshal(b, j); err != nil { -- return err -- } -- return nil -+ return json.NewDecoder(io.LimitReader(r, jsonLimit)).Decode(j) - } - - func onUntarBlob(ctx context.Context, r io.Reader, store content.Ingester, size int64, ref string) (digest.Digest, error) { --- -2.33.0 - diff --git a/series.conf b/series.conf deleted file mode 100644 index b0352eaadfa9482ccc8bbf1668c29c92be4403fd..0000000000000000000000000000000000000000 --- a/series.conf +++ /dev/null @@ -1,104 +0,0 @@ -patch/0006-shim-optimize-shim-lock-in-runtime-v1.patch -patch/0007-shim-Increase-reaper-buffer-size-and-non-bl.patch -patch/0008-runtime-Use-named-pipes-for-shim-logs.patch -patch/0009-runtime-fix-pipe-in-broken-may-cause-shim-l.patch -patch/0010-runtime-fix-pipe-in-broken-may-cause-shim-l.patch -patch/0011-runtime-Add-timeout-and-cancel-to-shim-fifo.patch -patch/0037-containerd-Fix-fd-leak-of-shim-log.patch - -patch/0001-grpc-vendor-grpc-fix-grpc-map-panic.patch -patch/0002-sys-sys-count-steal-time-when-calculating-Sys.patch -patch/0003-oci-oci-add-files-cgroups-support.patch -patch/0004-runv-vendor-runv-compatibility.patch -patch/0005-containerd-add-spec-for-build.patch -patch/0012-bump-bump-containerd-to-1.2.0.2.patch -patch/0013-log-support-log-init-pid-to-start-event-log.patch -patch/0014-event-resend-exit-event-when-detect-container.patch -patch/0015-restore-cleanup-container-pid-1.patch -patch/0016-create-runc-delete-force-before-create.patch -patch/0017-exit-using-init.exit-indicate-container-is-ex.patch -patch/0018-containerd-shim-Dump-log-to-file-when-docker-.patch -patch/0019-restore-check-shim-alive-when-containerd-is-r.patch -patch/0020-events-resend-pending-exit-events-on-restore.patch -patch/0021-containerd-Update-the-version-info-of-contain.patch -patch/0022-containerd-bump-version-1.2.0.4.patch -patch/0023-containerd-set-create-and-exec-timeout.patch -patch/0024-create-cleanup-runc-dirty-files-on-start.patch -patch/0025-restore-skip-load-task-in-creating.patch -patch/0026-exit-optimize-init.exit-record.patch -patch/0027-log-make-tester-happy.patch -patch/0028-restore-delete-task-in-containerd-restoring.patch -patch/0029-restore-delete-task-asynchronously.patch -patch/0030-event-fix-events-lost-when-loadTask-failed.patch -patch/0031-containerd-enable-relro-flags.patch -patch/0032-containerd-enable-bep-ldflags.patch -patch/0033-containerd-fix-opened-file-not-close.patch -patch/0034-containerd-add-buildid-in-Makefile.patch -patch/0035-containerd-fix-the-path-of-containerd.spec-in.patch -patch/0036-containerd-support-container-start-timeout-se.patch -patch/0037-containerd-fix-shim-std-logs-not-close-after-.patch -patch/0038-containerd-support-kill-D-state-container.patch -patch/0039-containerd-modify-containerd-shim-to-ad.patch -patch/0040-containerd-add-shim-exit-when-bundle-dir-does.patch -patch/0041-containerd-fix-containerd-call-runv-delete-directly.patch -patch/0042-containerd-close-inherit-shim.sock-fd-to-adap.patch -patch/0043-containerd-run-state-with-timeout-10s.patch -patch/0044-containerd-add-copyright.patch -patch/0038-containerd-add-timeout-for-I-O-waitgroups.patch -patch/0039-containerd-fix-shouldKillAllOnExit-check.patch -patch/0044-containerd-change-tmpfile-directory-when-exec.patch -patch/0045-containerd-shim-disable-fast-gc-on-arm.patch -patch/0046-containerd-support-hot-upgrade.patch -patch/0047-containerd-shim-exit-initiative-after-3s.patch -patch/0048-containerd-modify-shim-initiative-exit-time.patch -patch/0049-contaienrd-modify-shim-initiative-exit-time-for-post-hook.patch -patch/0050-containerd-warp-and-process-return-errors.patch -patch/0051-containerd-add-timeout-for-containerd-shim.patch -patch/0052-containerd-modify-runtime-root-if-containe.patch -patch/0053-containerd-add-pid-check-to-avoid-poststop-ho.patch -patch/0054-containerd-clean-up-residual-container.patch -patch/0055-containerd-add-LLT-for-containerd-shim-timeou.patch -patch/0056-containerd-save-dumpstack-to-file.patch -patch/0057-containerd-add-timeout-for-delete-command.patch -patch/0058-containerd-use-git-commit-to-store-commit-ID.patch -patch/0059-containerd-add-GO_GCFLAGS-to-containerd-shim-making.patch -patch/0060-containerd-do-not-disable-cgo-in-containerd-shim-mak.patch -patch/0061-containerd-check-if-bundle-exists-before-create-bund.patch -patch/0062-containerd-use-path-based-socket-for-shims.patch -patch/0063-containerd-kill-init-directly-if-runtime-kill-failed.patch -patch/0064-containerd-add-sys-symbol-to-support-riscv.patch -patch/0065-containerd-add-blot-symbol-to-support-riscv.patch -patch/0064-containerd-check-task-list-to-avoid-unnecessary-clea.patch -patch/0065-containerd-fix-dead-loop.patch -patch/0066-containerd-cleanup-dangling-shim-by-brand-new-context.patch -patch/0067-containerd-fix-potential-panic-for-task-in-unknown-state.patch -patch/0068-containerd-compile-option-compliance.patch -patch/0069-containerd-add-check-in-spec.patch -patch/0070-containerd-kill-container-init-process-if-runc-start.patch -patch/0071-containerd-fix-containerd-shim-residual-when-kill-co.patch -patch/0072-containerd-fix-deadlock-on-commit-error.patch -patch/0073-containerd-backport-upstream-patches.patch -patch/0074-containerd-fix-exec-event-missing-due-to-pid-reuse.patch -patch/0075-containerd-fix-dm-left-when-pause-contaienr-and-kill-shim.patch -patch/0076-containerd-fix-start-container-failed-with-id-exists.patch -patch/0077-containerd-drop-opt-package.patch -patch/0078-containerd-bump-containerd-ttrpc-699c4e40d1.patch -patch/0079-containerd-fix-race-access-for-mobySubcribed.patch -patch/0080-containerd-improve-log-for-debugging.patch -patch/0081-containerd-reduce-permissions-for-bundle-di.patch -patch/0082-containerd-fix-publish-command-wait-block-for.patch -patch/0083-containerd-optimize-cgo-compile-options.patch -patch/0084-containerd-Use-fs.RootPath-when-mounting-vo.patch -patch/0085-containerd-put-get-pid-lock-after-set-process-exited-to-.patch -patch/0086-containerd-Limit-the-response-size-of-ExecSync.patch -patch/0087-containerd-treat-manifest-provided-URLs-differently.patch -patch/0088-containerd-Use-chmod-path-for-checking-symlink.patch -patch/0089-containerd-Add-lock-for-ListPids.patch -patch/0090-images-validate-document-type-before-unmarshal.patch -patch/0091-schema1-reject-ambiguous-documents.patch -patch/0092-containerd-add-CGO-sercurity-build-options.patch -patch/0093-containerd-fix-version-number-wrong.patch -patch/0094-containerd-Fix-goroutine-leak-in-Exec.patch -patch/0095-oci-fix-additional-GIDs.patch -patch/0096-importer-stream-oci-layout-and-manifest.json.patch -# end diff --git a/v1.2.0.zip b/v1.6.20.zip similarity index 38% rename from v1.2.0.zip rename to v1.6.20.zip index 724bf394bd7162f785ba610c34d47eaaacd32813..6b8e556d698c07c83c1157a671803adf88faced1 100644 Binary files a/v1.2.0.zip and b/v1.6.20.zip differ