From 91c2dd70f6875b7c7b05170c0e7efbc65409d740 Mon Sep 17 00:00:00 2001 From: zhongtao Date: Tue, 11 Jun 2024 19:55:44 +0800 Subject: [PATCH] code improve and bugfix Signed-off-by: zhongtao (cherry picked from commit 287b224ffae5e96750bd13f62b91e8ec09dfb4fa) --- 0086-cdi-test-case-and-gateway.patch | 359 ++++ 0087-code-improve.patch | 1690 +++++++++++++++++ 0088-testcase-close-cdi-testcase.patch | 29 + 0089-docs-update-cni-doc.patch | 68 + ...r-error-log-to-be-the-same-as-before.patch | 100 + ...add-enable-cri-v1-in-k8s-integration.patch | 54 + 0092-isolate-oom-monitor-codes.patch | 317 ++++ 0093-change-fork-process-exit-mode.patch | 64 + ...ix-error-log-for-verify_cpu_realtime.patch | 26 + 0095-bugfix-change-max-network-name-len.patch | 54 + 0096-del-useless-info.patch | 26 + 0097-code-improve.patch | 83 + 0098-cdi-add-debug-info.patch | 33 + 0099-bugfix-cni-network-name-UT.patch | 28 + 0100-bugfix-malloc-right-type-size.patch | 40 + ...sula_clean_path-rather-than-realpath.patch | 26 + ...-fix-false-engine-rootpath-reference.patch | 32 + 0103-bugfix-add-note.patch | 25 + 0104-bugfix-adapt-network-name-max-len.patch | 64 + ...dbox-before-setup-network-by-default.patch | 140 ++ ...sula_clean_path-rather-than-realpath.patch | 28 + ...-sandbox-before-setup-network-by-def.patch | 28 + 0108-skip-test-rely-on-docker.io.patch | 59 + iSulad.spec | 31 +- 24 files changed, 3403 insertions(+), 1 deletion(-) create mode 100644 0086-cdi-test-case-and-gateway.patch create mode 100644 0087-code-improve.patch create mode 100644 0088-testcase-close-cdi-testcase.patch create mode 100644 0089-docs-update-cni-doc.patch create mode 100644 0090-modify-the-user-error-log-to-be-the-same-as-before.patch create mode 100644 0091-add-enable-cri-v1-in-k8s-integration.patch create mode 100644 0092-isolate-oom-monitor-codes.patch create mode 100644 0093-change-fork-process-exit-mode.patch create mode 100644 0094-fix-error-log-for-verify_cpu_realtime.patch create mode 100644 0095-bugfix-change-max-network-name-len.patch create mode 100644 0096-del-useless-info.patch create mode 100644 0097-code-improve.patch create mode 100644 0098-cdi-add-debug-info.patch create mode 100644 0099-bugfix-cni-network-name-UT.patch create mode 100644 0100-bugfix-malloc-right-type-size.patch create mode 100644 0101-use-isula_clean_path-rather-than-realpath.patch create mode 100644 0102-fix-false-engine-rootpath-reference.patch create mode 100644 0103-bugfix-add-note.patch create mode 100644 0104-bugfix-adapt-network-name-max-len.patch create mode 100644 0105-start-sandbox-before-setup-network-by-default.patch create mode 100644 0106-Revert-use-isula_clean_path-rather-than-realpath.patch create mode 100644 0107-bugfix-for-start-sandbox-before-setup-network-by-def.patch create mode 100644 0108-skip-test-rely-on-docker.io.patch diff --git a/0086-cdi-test-case-and-gateway.patch b/0086-cdi-test-case-and-gateway.patch new file mode 100644 index 0000000..42cef23 --- /dev/null +++ b/0086-cdi-test-case-and-gateway.patch @@ -0,0 +1,359 @@ +From 3fb6de60ecf10278a676a41f8d0c334d1f90d303 Mon Sep 17 00:00:00 2001 +From: liuxu +Date: Wed, 17 Apr 2024 18:02:48 +0800 +Subject: [PATCH 086/108] cdi:test case and gateway + +Signed-off-by: liuxu +--- + CI/make-and-install.sh | 2 +- + CI/test_cases/container_cases/cdi_test.sh | 205 ++++++++++++++++++ + .../criconfigs/container-config-cdi.json | 50 +++++ + .../test_data/cdi_devices.json | 53 +++++ + 4 files changed, 309 insertions(+), 1 deletion(-) + create mode 100755 CI/test_cases/container_cases/cdi_test.sh + create mode 100644 CI/test_cases/container_cases/criconfigs/container-config-cdi.json + create mode 100644 CI/test_cases/container_cases/test_data/cdi_devices.json + +diff --git a/CI/make-and-install.sh b/CI/make-and-install.sh +index 9d4c5533..61281965 100755 +--- a/CI/make-and-install.sh ++++ b/CI/make-and-install.sh +@@ -105,7 +105,7 @@ cd build + if [[ ${enable_gcov} -ne 0 ]]; then + cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DCMAKE_BUILD_TYPE=Debug -DGCOV=ON -DENABLE_EMBEDDED=ON -DENABLE_COVERAGE=ON -DENABLE_CRI_API_V1=ON -DENABLE_CDI=ON -DENABLE_UT=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_GRPC_REMOTE_CONNECT=ON .. + else +- cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_CRI_API_V1=ON -DENABLE_GRPC_REMOTE_CONNECT=ON .. ++ cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_CRI_API_V1=ON -DENABLE_CDI=ON -DENABLE_GRPC_REMOTE_CONNECT=ON .. + fi + make -j $(nproc) + make install +diff --git a/CI/test_cases/container_cases/cdi_test.sh b/CI/test_cases/container_cases/cdi_test.sh +new file mode 100755 +index 00000000..dd7b1177 +--- /dev/null ++++ b/CI/test_cases/container_cases/cdi_test.sh +@@ -0,0 +1,205 @@ ++#!/bin/bash ++# ++# attributes: isulad cdi ++# concurrent: NA ++# spend time: 41 ++ ++####################################################################### ++##- Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. ++# - iSulad licensed under the Mulan PSL v2. ++# - You can use this software according to the terms and conditions of the Mulan PSL v2. ++# - You may obtain a copy of Mulan PSL v2 at: ++# - http://license.coscl.org.cn/MulanPSL2 ++# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++# - PURPOSE. ++# - See the Mulan PSL v2 for more details. ++##- @Description:CI ++##- @Author: liuxu ++##- @Create: 2024-04-16 ++####################################################################### ++ ++source ../helpers.sh ++curr_path=$(dirname $(readlink -f "$0")) ++data_path=$(realpath $curr_path/criconfigs) ++pause_img_path=$(realpath $curr_path/test_data) ++cdi_static_dir="/etc/cdi" ++ ++function do_pre() ++{ ++ cp /etc/isulad/daemon.json /etc/isulad/daemon.bak ++ sed -i "s#\"pod-sandbox-image\": \"\"#\"pod-sandbox-image\": \"mirrorgooglecontainers/pause-amd64:3.0\"#g" /etc/isulad/daemon.json ++ sed -i "/\"cni-conf-dir\": \".*\"/a\ \ \ \ \"enable-cri-v1\": true," /etc/isulad/daemon.json ++ sed -i "/\"cni-conf-dir\": \".*\"/a\ \ \ \ \"enable-cdi\": true," /etc/isulad/daemon.json ++ ++ check_valgrind_log ++ start_isulad_without_valgrind ++ ++ isula load -i ${pause_img_path}/pause.tar ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to load pause" && return ${FAILURE} ++ ++ isula pull busybox ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull busybox" && return ${FAILURE} ++ ++ crictl images | grep "mirrorgooglecontainers/pause-amd64" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Failed to find mirrorgooglecontainers/pause-amd64 image" && return ${FAILURE} ++ ++ return 0 ++} ++ ++function do_post() ++{ ++ cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json ++ check_valgrind_log ++ start_isulad_without_valgrind ++} ++ ++function verify_injected_vendor0() { ++ # check env ++ output=$(crictl exec --sync "$1" sh -c 'echo $VENDOR0') ++ [[ "$output" != "injected" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - env check failed" && return ${FAILURE} ++ ++ # check hooks ++ cat /tmp/cdi_hook_test.log | grep "prestart" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - hook check failed" && return ${FAILURE} ++ ++ # check mounts ++ output=$(crictl exec --sync "$1" sh -c 'stat -c %a /tmp/cdi_mounts_test') ++ [[ "$output" != "755" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - mount check failed" && return ${FAILURE} ++ ++ return 0 ++} ++ ++function verify_injected_loop8() { ++ # check env ++ output=$(crictl exec --sync "$1" sh -c 'echo $LOOP8') ++ [[ "$output" != "CDI8" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - env check failed" && return ${FAILURE} ++ ++ # check device nodes ++ output=$(crictl exec --sync "$1" sh -c 'stat -c %a /dev/loop8') ++ [[ "$output" != "640" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - device nodes check failed" && return ${FAILURE} ++ output=$(crictl exec --sync "$1" sh -c 'stat -c %t.%T /dev/loop8') ++ [[ "$output" != "7.8" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - device nodes check failed" && return ${FAILURE} ++ output=$(crictl exec --sync "$1" sh -c 'stat -c %t.%T /dev/loop8c') ++ [[ "$output" != "7.b" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - device nodes check failed" && return ${FAILURE} ++ ++ # check mounts ++ output=$(crictl exec --sync "$1" sh -c 'stat -c %a /tmp/cdi_mounts_test_loop8') ++ [[ "$output" != "755" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - mount check failed" && return ${FAILURE} ++ ++ return 0 ++} ++ ++function verify_injected_loop9() { ++ # check env ++ output=$(crictl exec --sync "$1" sh -c 'echo $LOOP9') ++ [[ "$output" != "present" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - env check failed" && return ${FAILURE} ++ ++ # check device nodes ++ output=$(crictl exec --sync "$1" sh -c 'stat -c %a /dev/loop9') ++ [[ "$output" != "644" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - device nodes check failed" && return ${FAILURE} ++ output=$(crictl exec --sync "$1" sh -c 'stat -c %t.%T /dev/loop9') ++ [[ "$output" != "7.9" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - device nodes check failed" && return ${FAILURE} ++ ++ return 0 ++} ++ ++function check_full_cdi() ++{ ++ verify_injected_vendor0 $1 ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - verify_injected_vendor0 failed" && return ${FAILURE} ++ ++ verify_injected_loop8 $1 ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - verify_injected_loop8 failed" && return ${FAILURE} ++ ++ verify_injected_loop9 $1 ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - verify_injected_loop9 failed" && return ${FAILURE} ++ ++ return 0 ++} ++ ++function do_test_help() ++{ ++ msg_info "cdi test starting..." ++ ++ isula rm -f `isula ps -a -q` ++ ++ sid=`crictl runp ${data_path}/$1` ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Failed to run sandbox" && return ${FAILURE} ++ ++ cid=`crictl create $sid ${data_path}/$2 ${data_path}/$1` ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - create container failed" && return ${FAILURE} ++ ++ crictl start $cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start container failed" && return ${FAILURE} ++ ++ crictl stats ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stats container failed" && return ${FAILURE} ++ ++ check_full_cdi $cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check cdi failed" && return ${FAILURE} ++ ++ crictl stop $cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop container failed" && return ${FAILURE} ++ ++ crictl rm $cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm container failed" && return ${FAILURE} ++ ++ crictl stopp $sid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop sandbox failed" && return ${FAILURE} ++ ++ crictl rmp $sid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm sandbox failed" && return ${FAILURE} ++ ++ return 0 ++} ++ ++function do_test_full_cdi() ++{ ++ if [ ! -d "$cdi_static_dir" ]; then ++ mkdir -p "$cdi_static_dir" ++ fi ++ cp -f ${pause_img_path}/cdi_devices.json ${cdi_static_dir}/cdi_devices.json ++ ++ mkdir -p /tmp/cdi_mounts_test ++ cat > /tmp/cdi_mounts_test_loop8 << EOF ++origin data ++EOF ++ chmod 755 /tmp/cdi_mounts_test_loop8 ++ mkdir -p /tmp/cdi_mounts_test_loop9 ++ ++ mknod /dev/loop8 b 7 8 ++ mknod /dev/loop9 b 7 9 ++ mknod /dev/loop8c c 7 11 ++ ++ cat > /tmp/cdi_printargs.sh << EOF ++#!/bin/bash ++echo "\$(date +'%Y-%m-%d %H:%M:%S') Input parameter: \$1 \$2" >> /tmp/cdi_hook_test.log ++EOF ++ chmod 755 /tmp/cdi_printargs.sh ++ ++ do_test_help "sandbox-config.json" "container-config-cdi.json" || ((ans++)) ++ ++ rm -f /tmp/cdi_printargs.sh ++ rm -f /tmp/cdi_hook_test.log ++ rm -f /dev/loop8 ++ rm -f /dev/loop9 ++ rm -f /dev/loop8c ++ ++ rm -f ${cdi_static_dir}/cdi_devices.json ++ rm -f /tmp/cdi_printargs ++ rmdir /tmp/cdi_mounts_test ++ rm -f /tmp/cdi_mounts_test_loop8 ++ rmdir /tmp/cdi_mounts_test_loop9 ++ rm -f /tmp/cdi_printargs.sh ++ ++ return 0 ++} ++ ++declare -i ans=0 ++ ++do_pre || ((ans++)) ++do_test_full_cdi || ((ans++)) ++do_post ++ ++show_result ${ans} "${curr_path}/${0}" +diff --git a/CI/test_cases/container_cases/criconfigs/container-config-cdi.json b/CI/test_cases/container_cases/criconfigs/container-config-cdi.json +new file mode 100644 +index 00000000..b9805c8a +--- /dev/null ++++ b/CI/test_cases/container_cases/criconfigs/container-config-cdi.json +@@ -0,0 +1,50 @@ ++{ ++ "metadata": { ++ "name": "haozi" ++ }, ++ "image":{ ++ "image": "busybox:latest" ++ }, ++ "command": [ ++ "/bin/sh", ++ "-c", ++ "i=0; while true; do echo \"$i: $(date)\"; i=$((i+1)); sleep 10; done" ++ ], ++ "labels": { ++ "filter_label_key": "filter_label_val" ++ }, ++ "annotations": { ++ "extension.network.kubernetes.io/cni/instancename": "pod_instance_name", ++ "cdi.k8s.io/test": "vendor0.com/device=loop8,vendor0.com/device=loop9" ++ }, ++ "CDI_Devices":[ ++ { "Name": "vendor0.com/device=loop8" }, ++ { "Name": "vendor0.com/device=loop9" } ++ ], ++ "mounts" : [ ++ { ++ "container_path": "/tmp/contpath", ++ "host_path": "/tmp/hostpath", ++ "readonly": true, ++ "selinux_relabel": true, ++ "propagation": 0 ++ }, ++ { ++ "container_path": "/tmp/contpath2", ++ "host_path": "/tmp/hostpath2", ++ "readonly": false, ++ "selinux_relabel": false, ++ "propagation": 0 ++ } ++ ], ++ "linux": { ++ "security_context": { ++ "namespace_options": { ++ "host_network": true, ++ "host_pid": false, ++ "host_ipc": false ++ } ++ } ++ }, ++ "log_path": "cri_test.log" ++} +diff --git a/CI/test_cases/container_cases/test_data/cdi_devices.json b/CI/test_cases/container_cases/test_data/cdi_devices.json +new file mode 100644 +index 00000000..f7fe65d4 +--- /dev/null ++++ b/CI/test_cases/container_cases/test_data/cdi_devices.json +@@ -0,0 +1,53 @@ ++{ ++ "cdiVersion": "0.6.0", ++ "kind": "vendor0.com/device", ++ "annotations":{ ++ "cdi_annotation":"cdi_annotation_value" ++ }, ++ "devices": [ ++ { ++ "name": "loop8", ++ "annotations":{ ++ "loop8_annotation":"loop8_annotation_value" ++ }, ++ "containerEdits": { ++ "env": [ ++ "LOOP8=CDI8", ++ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/dev" ++ ], ++ "deviceNodes": [ ++ {"path": "/dev/loop8", "type": "b", "fileMode": 416}, ++ {"path": "/dev/loop8c", "type": "c"} ++ ], ++ "mounts": [ ++ {"hostPath": "/tmp/cdi_mounts_test_loop8", "containerPath": "/tmp/cdi_mounts_test_loop8", "options": ["ro","nosuid","nodev","bind"]}, ++ {"hostPath": "tmpfs", "containerPath": "/tmp/data", "type": "tmpfs", "options": ["nosuid","strictatime","mode=755","size=65536k"]} ++ ] ++ } ++ },{ ++ "name": "loop9", ++ "containerEdits": { ++ "env":["LOOP9=present"], ++ "deviceNodes": [{ ++ "path": "/dev/loop9", "type": "b", "major": 7, "minor": 9, "fileMode": 420 ++ } ++ ] ++ } ++ } ++ ], ++ "containerEdits": { ++ "env": [ ++ "VENDOR0=injected", ++ "BAR=BARVALUE1" ++ ], ++ "hooks": [ ++ {"hookName": "prestart", "path": "/tmp/cdi_printargs.sh", "args":["prestart0", "prestart1"], "env":["prestartenv=value"]}, ++ {"hookName": "prestart", "path": "/tmp/cdi_printargs.sh", "args":["prestart0", "prestart1"], "env":["prestartenv=value"]}, ++ {"hookName": "poststart", "path": "/tmp/cdi_printargs.sh", "args":["poststart0", "poststart1"], "env":["poststartenv=value"]}, ++ {"hookName": "poststop", "path": "/tmp/cdi_printargs.sh", "args":["poststop0", "poststop1"], "env":["poststopenv=value"]} ++ ], ++ "mounts": [ ++ {"hostPath": "/tmp/cdi_mounts_test", "containerPath": "/tmp/cdi_mounts_test", "options": ["ro","nosuid","nodev","bind"]} ++ ] ++ } ++} +\ No newline at end of file +-- +2.25.1 + diff --git a/0087-code-improve.patch b/0087-code-improve.patch new file mode 100644 index 0000000..66f9f05 --- /dev/null +++ b/0087-code-improve.patch @@ -0,0 +1,1690 @@ +From e17bb2f5995d261790c453d81a453d25024450d1 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Mon, 13 May 2024 17:06:07 +1400 +Subject: [PATCH 087/108] code improve + +Signed-off-by: zhongtao +--- + src/client/connect/protocol_type.c | 2 +- + src/cmd/isula/base/create.c | 3 +- + src/cmd/isula/inspect_format.c | 4 +- + src/cmd/isulad-shim/common.c | 2 +- + src/cmd/isulad-shim/main.c | 5 +- + src/cmd/isulad-shim/process.c | 18 +++---- + src/daemon/common/cgroup/cgroup.c | 9 ++-- + src/daemon/common/cgroup/cgroup.h | 9 ++-- + src/daemon/common/cgroup/cgroup_common.h | 9 ++-- + src/daemon/common/cgroup/cgroup_v1.c | 10 ++-- + src/daemon/common/cgroup/cgroup_v2.c | 9 ++-- + src/daemon/common/cri/cri_helpers.cc | 4 +- + src/daemon/common/cri/v1/v1_cri_helpers.cc | 11 ++-- + src/daemon/common/sysinfo.c | 4 +- + src/daemon/config/isulad_config.c | 2 +- + .../cri/v1/cri_v1_runtime_runtime_service.cc | 5 +- + .../v1/v1_cri_container_manager_service.cc | 3 +- + .../v1/v1_cri_pod_sandbox_manager_service.cc | 8 +-- + .../v1/v1_cri_pod_sandbox_manager_service.h | 6 ++- + .../cri/v1/v1_cri_runtime_service_impl.cc | 3 +- + .../cri/v1/v1_cri_runtime_service_impl.h | 3 +- + .../executor/container_cb/execution_create.c | 2 +- + src/daemon/mailbox/mailbox.c | 3 +- + src/daemon/mailbox/mailbox.h | 4 +- + src/daemon/mailbox/mailbox_message.c | 9 ++-- + src/daemon/mailbox/mailbox_message.h | 4 +- + src/daemon/modules/api/container_api.h | 3 +- + src/daemon/modules/api/network_api.h | 2 +- + .../modules/container/supervisor/supervisor.c | 3 +- + .../device/cdi/behavior/cdi_container_edits.c | 46 ++++++++-------- + .../modules/device/cdi/behavior/cdi_device.c | 16 +++--- + .../modules/device/cdi/behavior/cdi_spec.c | 10 ++-- + .../modules/device/cdi/behavior/cdi_spec.h | 2 +- + .../device/cdi/behavior/cdi_spec_dirs.c | 6 +-- + .../device/cdi/behavior/cdi_spec_dirs.h | 2 +- + .../modules/device/cdi/behavior/cdi_version.c | 2 +- + .../device/cdi/behavior/parser/cdi_parser.c | 6 +-- + src/daemon/modules/device/cdi/cdi_cache.c | 22 ++++---- + src/daemon/modules/device/cdi/cdi_cache.h | 6 +-- + src/daemon/modules/device/cdi_operate.c | 8 +-- + src/daemon/modules/image/oci/oci_image.c | 3 +- + src/daemon/modules/image/oci/progress.h | 2 +- + .../modules/image/oci/registry/registry.c | 3 +- + .../cni_operator/libcni/invoke/libcni_exec.h | 2 +- + src/daemon/modules/network/cri/adaptor_cri.c | 2 +- + src/daemon/modules/network/cri/adaptor_cri.h | 4 +- + .../modules/runtime/engines/lcr/lcr_rt_ops.c | 6 ++- + .../modules/runtime/isula/isula_rt_ops.c | 9 ++-- + .../modules/service/service_container.c | 5 +- + src/daemon/modules/spec/specs.c | 52 ++++++++++--------- + src/daemon/modules/spec/specs_mount.c | 4 +- + src/utils/cutils/blocking_queue.c | 3 +- + src/utils/cutils/network_namespace.h | 4 +- + src/utils/cutils/utils_array.c | 12 ++--- + src/utils/cutils/utils_port.h | 2 +- + src/utils/cutils/utils_verify.c | 4 +- + src/utils/progress/show.h | 8 +-- + src/utils/tar/isulad_tar.c | 2 +- + test/cgroup/cpu/cgroup_cpu_ut.cc | 2 +- + 59 files changed, 223 insertions(+), 191 deletions(-) + +diff --git a/src/client/connect/protocol_type.c b/src/client/connect/protocol_type.c +index 4d530aea..57dcf753 100644 +--- a/src/client/connect/protocol_type.c ++++ b/src/client/connect/protocol_type.c +@@ -72,7 +72,7 @@ int isula_filters_last_parse_args(size_t last_n, struct isula_filters **flt) + goto cleanup; + } + +- ret = snprintf(value, VALUE_SIZE, "%ld", last_n); ++ ret = snprintf(value, VALUE_SIZE, "%lu", last_n); + if (ret < 0 || ret >= VALUE_SIZE) { + ret = -1; + ERROR("Sprintf lastest n containers args failed"); +diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c +index b8e3667e..543b8fd6 100644 +--- a/src/cmd/isula/base/create.c ++++ b/src/cmd/isula/base/create.c +@@ -932,7 +932,8 @@ inline static int request_pack_host_device_cgroup_rules(const struct client_argu + + inline static int request_pack_host_blockio(const struct client_arguments *args, isula_host_config_t *hostconfig) + { +- return (request_pack_host_weight_devices(args, hostconfig) != 0 || request_pack_host_device_read_bps(args, hostconfig) != 0 || ++ return (request_pack_host_weight_devices(args, hostconfig) != 0 || ++ request_pack_host_device_read_bps(args, hostconfig) != 0 || + request_pack_host_device_write_bps(args, hostconfig) != 0 || + request_pack_host_device_read_iops(args, hostconfig) != 0 || + request_pack_host_device_write_iops(args, hostconfig) != 0); +diff --git a/src/cmd/isula/inspect_format.c b/src/cmd/isula/inspect_format.c +index 36e8a31c..1fd67924 100644 +--- a/src/cmd/isula/inspect_format.c ++++ b/src/cmd/isula/inspect_format.c +@@ -26,12 +26,12 @@ + + #define PRINTF_TAB_LEN 4 + #define TOP_LEVEL_OBJ 0x10 +-#define IS_TOP_LEVEL_OBJ(value) ((value)&TOP_LEVEL_OBJ) ++#define IS_TOP_LEVEL_OBJ(value) ((value) & TOP_LEVEL_OBJ) + + #define LAST_ELEMENT_BIT 0x0F + #define NOT_LAST_ELEMENT 0x00 + #define LAST_ELEMENT 0x01 +-#define IS_LAST_ELEMENT(value) (LAST_ELEMENT == ((value)&LAST_ELEMENT_BIT)) ++#define IS_LAST_ELEMENT(value) (LAST_ELEMENT == ((value) & LAST_ELEMENT_BIT)) + + #define YAJL_TYPEOF(json) ((json)->type) + +diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c +index a288c170..799da3c2 100644 +--- a/src/cmd/isulad-shim/common.c ++++ b/src/cmd/isulad-shim/common.c +@@ -40,7 +40,7 @@ + static __thread char *g_shim_errmsg = NULL; + + // currently, log_to_stderr is only modified in the main process +-// and there is no need to set a thread-local variable. ++// and there is no need to set a thread-local variable. + // if it can be modified by multiple threads in the future, + // this variable needs to be set as a thread-local variable. + static bool log_to_stderr = false; +diff --git a/src/cmd/isulad-shim/main.c b/src/cmd/isulad-shim/main.c +index 54876d44..9061e568 100644 +--- a/src/cmd/isulad-shim/main.c ++++ b/src/cmd/isulad-shim/main.c +@@ -103,7 +103,7 @@ int main(int argc, char **argv) + engine_log_path = getenv(SHIIM_LOG_PATH_ENV); + if (engine_log_path == NULL) { + dprintf(STDERR_FILENO, "empty SHIIM_LOG_PATH_ENV"); +- _exit(EXIT_FAILURE); ++ _exit(EXIT_FAILURE); + } + + log_level = getenv(SHIIM_LOG_LEVEL_ENV); +@@ -149,7 +149,8 @@ int main(int argc, char **argv) + + // If isulad-shim is a child process of the isulad process, + // print the log to stderr so that isulad can obtain the exit information of isulad-shim. +- set_log_to_stderr((p->state->exec) && (p->state->isulad_stdin != NULL || p->state->isulad_stdout != NULL || p->state->isulad_stderr != NULL)); ++ set_log_to_stderr((p->state->exec) && (p->state->isulad_stdin != NULL || p->state->isulad_stdout != NULL || ++ p->state->isulad_stderr != NULL)); + + /* + * Open exit pipe +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index 6b5f8f7f..18fae03f 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -199,7 +199,7 @@ static int add_attach_terminal_fifos(const char *in, const char *out, const char + struct isula_linked_list *node = NULL; + + bool invalid = (in != NULL && !fifo_exists(in)) || (out != NULL && !fifo_exists(out)) || (err != NULL && +- !fifo_exists(err)); ++ !fifo_exists(err)); + if (invalid) { + ERROR("File %s or %s or %s does not refer to a FIFO", in, out, err); + return -1; +@@ -371,7 +371,7 @@ static int stdout_cb(int fd, uint32_t events, void *cbdata, isula_epoll_descr_t + (void)memset(p->buf, 0, DEFAULT_IO_COPY_BUF); + + r_count = isula_file_read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF); +- if (r_count <= 0 ) { ++ if (r_count <= 0) { + isula_epoll_remove_handler(descr, fd); + // fd cannot be closed here, which will cause the container process to exit abnormally + // due to terminal fd receiving the sighup signal. +@@ -417,7 +417,7 @@ static int stderr_cb(int fd, uint32_t events, void *cbdata, isula_epoll_descr_t + (void)memset(p->buf, 0, DEFAULT_IO_COPY_BUF); + + r_count = isula_file_read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF); +- if (r_count <= 0 ) { ++ if (r_count <= 0) { + isula_epoll_remove_handler(descr, fd); + // fd cannot be closed here, which will cause the container process to exit abnormally + // due to terminal fd receiving the sighup signal. +@@ -563,7 +563,7 @@ static int attach_cb(int fd, uint32_t events, void *cbdata, isula_epoll_descr_t + // limit the number of attach connections to MAX_ATTACH_NUM + if (isula_linked_list_len(p->attach_fifos) >= MAX_ATTACH_NUM) { + ERROR("The number of attach connections exceeds the limit:%d, and this connection is rejected.", +- MAX_ATTACH_NUM); ++ MAX_ATTACH_NUM); + goto out; + } + +@@ -934,8 +934,8 @@ static void *io_epoll_loop(void *data) + + (void)sem_post(&p->sem_mainloop); + +- // th frist epoll_loop will exit in the following scenarios: +- // 1. Receive sync fd event ++ // th frist epoll_loop will exit in the following scenarios: ++ // 1. Receive sync fd event + // 2. stdin fd receive EPOLLHUP event + // 3. stdin fd read failed + ret = isula_epoll_loop(&descr, -1); +@@ -945,8 +945,8 @@ static void *io_epoll_loop(void *data) + error_exit(EXIT_FAILURE); + } + +- // use a timeout epoll loop to ensure complete data reception +- // th second epoll_loop will exit in the following scenarios: ++ // use a timeout epoll loop to ensure complete data reception ++ // th second epoll_loop will exit in the following scenarios: + // 1. both stdout fd and stderr fd failed to read + // 2. no event received within 100 milliseconds + ret = isula_epoll_loop(&descr, 100); +@@ -1408,7 +1408,7 @@ static void exec_runtime_process(process_t *p, int exec_fd) + // the standard streams of the child process are set to /dev/null to prevent incorrect information acquisition. + if (isula_null_stdfds() != 0) { + (void)dprintf(exec_fd, "failed to set std console to /dev/null"); +- exit(EXIT_FAILURE); ++ exit(EXIT_FAILURE); + } + } + +diff --git a/src/daemon/common/cgroup/cgroup.c b/src/daemon/common/cgroup/cgroup.c +index 007dbb70..71bf9801 100644 +--- a/src/daemon/common/cgroup/cgroup.c ++++ b/src/daemon/common/cgroup/cgroup.c +@@ -82,9 +82,9 @@ int common_get_cgroup_version(void) + } + + int common_get_cgroup_info(cgroup_mem_info_t *meminfo, cgroup_cpu_info_t *cpuinfo, +- cgroup_hugetlb_info_t *hugetlbinfo, cgroup_blkio_info_t *blkioinfo, +- cgroup_cpuset_info_t *cpusetinfo, cgroup_pids_info_t *pidsinfo, +- cgroup_files_info_t *filesinfo, bool quiet) ++ cgroup_hugetlb_info_t *hugetlbinfo, cgroup_blkio_info_t *blkioinfo, ++ cgroup_cpuset_info_t *cpusetinfo, cgroup_pids_info_t *pidsinfo, ++ cgroup_files_info_t *filesinfo, bool quiet) + { + if (g_cgroup_ops.get_cgroup_info == NULL) { + ERROR("Unimplemented get_cgroup_info ops"); +@@ -197,7 +197,8 @@ char *common_convert_cgroup_path(const char *cgroup_path) + return util_strdup_s(result); + } + +-cgroup_oom_handler_info_t *common_get_cgroup_oom_handler(int fd, const char *name, const char *cgroup_path, const char *exit_fifo) ++cgroup_oom_handler_info_t *common_get_cgroup_oom_handler(int fd, const char *name, const char *cgroup_path, ++ const char *exit_fifo) + { + if (g_cgroup_ops.get_cgroup_oom_handler == NULL) { + ERROR("Unimplmented get_cgroup_oom_handler op"); +diff --git a/src/daemon/common/cgroup/cgroup.h b/src/daemon/common/cgroup/cgroup.h +index 8c76d99d..0bbb70a0 100644 +--- a/src/daemon/common/cgroup/cgroup.h ++++ b/src/daemon/common/cgroup/cgroup.h +@@ -31,9 +31,9 @@ int cgroup_ops_init(void); + + int common_get_cgroup_version(void); + int common_get_cgroup_info(cgroup_mem_info_t *meminfo, cgroup_cpu_info_t *cpuinfo, +- cgroup_hugetlb_info_t *hugetlbinfo, cgroup_blkio_info_t *blkioinfo, +- cgroup_cpuset_info_t *cpusetinfo, cgroup_pids_info_t *pidsinfo, +- cgroup_files_info_t *filesinfo, bool quiet); ++ cgroup_hugetlb_info_t *hugetlbinfo, cgroup_blkio_info_t *blkioinfo, ++ cgroup_cpuset_info_t *cpusetinfo, cgroup_pids_info_t *pidsinfo, ++ cgroup_files_info_t *filesinfo, bool quiet); + int common_get_cgroup_metrics(const char *cgroup_path, cgroup_metrics_t *cgroup_metrics); + int common_get_cgroup_mnt_and_root_path(const char *subsystem, char **mountpoint, char **root); + +@@ -43,7 +43,8 @@ char *common_get_own_cgroup_path(const char *subsystem); + + char *common_convert_cgroup_path(const char *cgroup_path); + +-cgroup_oom_handler_info_t *common_get_cgroup_oom_handler(int fd, const char *name, const char *cgroup_path, const char *exit_fifo); ++cgroup_oom_handler_info_t *common_get_cgroup_oom_handler(int fd, const char *name, const char *cgroup_path, ++ const char *exit_fifo); + void common_free_cgroup_oom_handler_info(cgroup_oom_handler_info_t *info); + + #ifdef __cplusplus +diff --git a/src/daemon/common/cgroup/cgroup_common.h b/src/daemon/common/cgroup/cgroup_common.h +index e3912bf0..46a7de50 100644 +--- a/src/daemon/common/cgroup/cgroup_common.h ++++ b/src/daemon/common/cgroup/cgroup_common.h +@@ -130,9 +130,9 @@ typedef struct _cgroup_oom_handler_info_t { + typedef struct { + int (*get_cgroup_version)(void); + int (*get_cgroup_info)(cgroup_mem_info_t *meminfo, cgroup_cpu_info_t *cpuinfo, +- cgroup_hugetlb_info_t *hugetlbinfo, cgroup_blkio_info_t *blkioinfo, +- cgroup_cpuset_info_t *cpusetinfo, cgroup_pids_info_t *pidsinfo, +- cgroup_files_info_t *filesinfo, bool quiet); ++ cgroup_hugetlb_info_t *hugetlbinfo, cgroup_blkio_info_t *blkioinfo, ++ cgroup_cpuset_info_t *cpusetinfo, cgroup_pids_info_t *pidsinfo, ++ cgroup_files_info_t *filesinfo, bool quiet); + int (*get_cgroup_metrics)(const char *cgroup_path, cgroup_metrics_t *cgroup_metrics); + + int (*get_cgroup_mnt_and_root_path)(const char *subsystem, char **mountpoint, char **root); +@@ -140,7 +140,8 @@ typedef struct { + char *(*get_init_cgroup_path)(const char *subsystem); + char *(*get_own_cgroup_path)(const char *subsystem); + +- cgroup_oom_handler_info_t *(*get_cgroup_oom_handler)(int fd, const char *name, const char *cgroup_path, const char *exit_fifo); ++ cgroup_oom_handler_info_t *(*get_cgroup_oom_handler)(int fd, const char *name, const char *cgroup_path, ++ const char *exit_fifo); + } cgroup_ops; + + #ifdef __cplusplus +diff --git a/src/daemon/common/cgroup/cgroup_v1.c b/src/daemon/common/cgroup/cgroup_v1.c +index 41f3110a..45b1d096 100644 +--- a/src/daemon/common/cgroup/cgroup_v1.c ++++ b/src/daemon/common/cgroup/cgroup_v1.c +@@ -772,7 +772,8 @@ static void get_cgroup_v1_blkio_info(const cgroup_layer_t *layers, const bool qu + blkioinfo->blkio_write_iops_device = check_cgroup_v1_file_exists(mountpoint, BLKIO_WRITE_IOPS, quiet); + } + +-static void get_cgroup_v1_hugetlb_info(const cgroup_layer_t *layers, const bool quiet, cgroup_hugetlb_info_t *hugetlbinfo) ++static void get_cgroup_v1_hugetlb_info(const cgroup_layer_t *layers, const bool quiet, ++ cgroup_hugetlb_info_t *hugetlbinfo) + { + int nret; + char *mountpoint = NULL; +@@ -1038,8 +1039,8 @@ static char *common_get_cgroup_path(const char *path, const char *subsystem) + + for (i = 0; i < util_array_len((const char **)nlist); i++) { + const char *prefix = "name="; +- bool find_sub = (strcmp(nlist[i], subsystem) == 0 || (strncmp(nlist[i], prefix, strlen(prefix)) == 0 +- && strcmp(nlist[i]+strlen(prefix), subsystem) == 0)); ++ bool find_sub = (strcmp(nlist[i], subsystem) == 0 || (strncmp(nlist[i], prefix, strlen(prefix)) == 0 && ++ strcmp(nlist[i] + strlen(prefix), subsystem) == 0)); + if (find_sub) { + res = util_strdup_s(plist[i]); + break; +@@ -1135,7 +1136,8 @@ static char *get_memory_cgroup_path_v1(const char *cgroup_path) + return util_path_join(fpath, converted_cgroup_path); + } + +-static cgroup_oom_handler_info_t *get_cgroup_oom_handler_v1(int fd, const char *name, const char *cgroup_path, const char *exit_fifo) ++static cgroup_oom_handler_info_t *get_cgroup_oom_handler_v1(int fd, const char *name, const char *cgroup_path, ++ const char *exit_fifo) + { + __isula_auto_free char *memory_cgroup_path = NULL; + __isula_auto_free char *memory_cgroup_oom_control_path = NULL; +diff --git a/src/daemon/common/cgroup/cgroup_v2.c b/src/daemon/common/cgroup/cgroup_v2.c +index a36258f0..76754dc1 100644 +--- a/src/daemon/common/cgroup/cgroup_v2.c ++++ b/src/daemon/common/cgroup/cgroup_v2.c +@@ -387,7 +387,7 @@ static int get_cgroup_info_v2(cgroup_mem_info_t *meminfo, cgroup_cpu_info_t *cpu + if (ret != 0) { + return ret; + } +- ++ + get_cgroup_v2_pids_info(quiet, pidsinfo); + get_cgroup_v2_files_info(quiet, filesinfo); + +@@ -433,7 +433,7 @@ static bool oom_cb_cgroup_v2(int fd, void *cbdata) + return CGROUP_OOM_HANDLE_CLOSE; + } + +- if (((struct inotify_event *)events)->mask & ( IN_DELETE | IN_DELETE_SELF)) { ++ if (((struct inotify_event *)events)->mask & (IN_DELETE | IN_DELETE_SELF)) { + return CGROUP_OOM_HANDLE_CLOSE; + } + +@@ -450,7 +450,7 @@ static bool oom_cb_cgroup_v2(int fd, void *cbdata) + int count; + const char *oom_str = "oom "; + const char *oom_kill_str = "oom_kill "; +- const int oom_len = strlen(oom_str), oom_kill_len = strlen(oom_kill_str); ++ const size_t oom_len = strlen(oom_str), oom_kill_len = strlen(oom_kill_str); + + if (read >= oom_kill_len + 2 && memcmp(line, oom_kill_str, oom_kill_len) == 0) { + len = oom_kill_len; +@@ -492,7 +492,8 @@ static char *get_real_cgroup_path_v2(const char *cgroup_path) + return util_path_join(CGROUP_MOUNTPOINT, converted_cgroup_path); + } + +-cgroup_oom_handler_info_t *get_cgroup_oom_handler_v2(int fd, const char *name, const char *cgroup_path, const char *exit_fifo) ++cgroup_oom_handler_info_t *get_cgroup_oom_handler_v2(int fd, const char *name, const char *cgroup_path, ++ const char *exit_fifo) + { + __isula_auto_free char *real_cgroup_path = NULL; + if (name == NULL || cgroup_path == NULL || exit_fifo == NULL) { +diff --git a/src/daemon/common/cri/cri_helpers.cc b/src/daemon/common/cri/cri_helpers.cc +index d7ec9f36..68d569cc 100644 +--- a/src/daemon/common/cri/cri_helpers.cc ++++ b/src/daemon/common/cri/cri_helpers.cc +@@ -550,8 +550,8 @@ void CreateContainerLogSymlink(const std::string &containerID, Errors &error) + WARN("Deleted previously existing symlink file: %s", path.c_str()); + } + if (symlink(realPath.c_str(), path.c_str()) != 0) { +- SYSERROR("failed to create symbolic link %s to the container log file %s for container %s", path.c_str(), realPath.c_str(), +- containerID.c_str()); ++ SYSERROR("failed to create symbolic link %s to the container log file %s for container %s", path.c_str(), ++ realPath.c_str(), containerID.c_str()); + error.Errorf("failed to create symbolic link %s to the container log file %s for container %s", path.c_str(), + realPath.c_str(), containerID.c_str()); + } +diff --git a/src/daemon/common/cri/v1/v1_cri_helpers.cc b/src/daemon/common/cri/v1/v1_cri_helpers.cc +index 1f797ad7..478dd105 100644 +--- a/src/daemon/common/cri/v1/v1_cri_helpers.cc ++++ b/src/daemon/common/cri/v1/v1_cri_helpers.cc +@@ -636,7 +636,8 @@ void ContainerStatusToGRPC(container_inspect *inspect, + ConvertResourcesToStatus(inspect, contStatus); + } + +-std::unique_ptr GetContainerStatus(service_executor_t *m_cb, const std::string &containerID, Errors &error) ++std::unique_ptr GetContainerStatus(service_executor_t *m_cb, ++ const std::string &containerID, Errors &error) + { + if (m_cb == nullptr) { + error.SetError("Invalid input arguments: empty service executor"); +@@ -694,7 +695,7 @@ static int InsertCDIDevices(std::unordered_set &fromCRI, const std: + } + return 0; + } +- ++ + void GenerateCDIRequestedDevices(const runtime::v1::ContainerConfig &config, host_config *hostconfig, Errors &err) + { + std::unordered_set fromCRI; +@@ -703,13 +704,13 @@ void GenerateCDIRequestedDevices(const runtime::v1::ContainerConfig &config, hos + __isula_auto_string_array_t string_array *devices = nullptr; + json_map_string_string *annotations = nullptr; + __isula_auto_free char *error = nullptr; +- ++ + if (hostconfig == nullptr) { + ERROR("Invalid input arguments"); + err.Errorf("Invalid input arguments"); + return; + } +- ++ + if (config.cdi_devices().empty() && config.annotations().empty()) { + return; + } +@@ -746,7 +747,7 @@ void GenerateCDIRequestedDevices(const runtime::v1::ContainerConfig &config, hos + requested->items = nullptr; + hostconfig->cdi_requested_devices_len = requested->len; + requested->len = 0; +- ++ + free_out: + free_json_map_string_string(annotations); + } +diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c +index e369c3e3..ed1c01a3 100644 +--- a/src/daemon/common/sysinfo.c ++++ b/src/daemon/common/sysinfo.c +@@ -384,8 +384,8 @@ sysinfo_t *get_sys_info(bool quiet) + sysinfo->ncpus_conf = get_nprocs_conf(); + + ret = common_get_cgroup_info(&sysinfo->cgmeminfo, &sysinfo->cgcpuinfo, &sysinfo->hugetlbinfo, +- &sysinfo->blkioinfo, &sysinfo->cpusetinfo, &sysinfo->pidsinfo, +- &sysinfo->filesinfo, quiet); ++ &sysinfo->blkioinfo, &sysinfo->cpusetinfo, &sysinfo->pidsinfo, ++ &sysinfo->filesinfo, quiet); + if (ret != 0) { + goto out; + } +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index 617db7a2..80689bce 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -1839,7 +1839,7 @@ int merge_json_confs_into_global(struct service_arguments *args) + args->json_confs->cdi_spec_dirs_len = tmp_json_confs->cdi_spec_dirs_len; + tmp_json_confs->cdi_spec_dirs_len = 0; + #endif /* ENABLE_CDI */ +- ++ + out: + free(err); + free_isulad_daemon_configs(tmp_json_confs); +diff --git a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc +index fb5aad3c..f8df8e0a 100644 +--- a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc ++++ b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc +@@ -90,7 +90,8 @@ void RuntimeV1RuntimeServiceImpl::Init(std::string &podSandboxImage, + m_enablePodEvents = enablePodEvents; + } + +- m_rService = std::unique_ptr(new CRIRuntimeServiceImpl(podSandboxImage, cb, networkPlugin, m_enablePodEvents)); ++ m_rService = std::unique_ptr(new CRIRuntimeServiceImpl(podSandboxImage, cb, networkPlugin, ++ m_enablePodEvents)); + } + + void RuntimeV1RuntimeServiceImpl::Wait() +@@ -134,7 +135,7 @@ auto RuntimeV1RuntimeServiceImpl::GenerateCRIContainerEvent(const char *containe + m_rService->PodSandboxStatus(sandboxID, statusReply, error); + if (!error.Empty()) { + WARN("Object: CRI, Type: Failed to status pod:%s due to %s", sandboxID.c_str(), +- error.GetMessage().c_str()); ++ error.GetMessage().c_str()); + } else { + *(response->mutable_pod_sandbox_status()) = *(statusReply->mutable_status()); + for (auto &containerStatus : statusReply->containers_statuses()) { +diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc +index 1097c32c..1cee68ec 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc ++++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc +@@ -1015,7 +1015,8 @@ cleanup: + return contStats; + } + +-std::unique_ptr ContainerManagerService::ContainerStatus(const std::string &containerID, Errors &error) ++std::unique_ptr ContainerManagerService::ContainerStatus(const std::string &containerID, ++ Errors &error) + { + return CRIHelpersV1::GetContainerStatus(m_cb, containerID, error); + } +diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc +index 4291d8a0..fa726e2c 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc ++++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc +@@ -819,7 +819,8 @@ void PodSandboxManagerService::SetSandboxStatusNetwork(std::shared_ptr> &containerStatuses, +- std::vector &errors) { ++ std::vector &errors) ++{ + auto list_response_wrapper = GetContainerListResponse(podSandboxID, errors); + if (list_response_wrapper == nullptr) { + return; +@@ -837,7 +838,8 @@ void PodSandboxManagerService::GetContainerStatuses(const std::string &podSandbo + } + } + +-std::unique_ptr PodSandboxManagerService::GetPodSandboxStatus(const std::string &podSandboxID, Errors &error) ++std::unique_ptr PodSandboxManagerService::GetPodSandboxStatus( ++ const std::string &podSandboxID, Errors &error) + { + std::unique_ptr podStatus(new (std::nothrow) runtime::v1::PodSandboxStatus); + if (podStatus == nullptr) { +@@ -876,7 +878,7 @@ void PodSandboxManagerService::PodSandboxStatus(const std::string &podSandboxID, + return; + } + +- ++ + auto podStatus = GetPodSandboxStatus(podSandboxID, error); + if (error.NotEmpty()) { + ERROR("Failed to get pod sandbox status: %s", error.GetCMessage()); +diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h +index 3872c4c9..d5c0cf91 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h ++++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h +@@ -129,8 +129,10 @@ private: + std::vector &podSandboxIDs, Errors &error); + void ApplySandboxLinuxOptions(const runtime::v1::LinuxPodSandboxConfig &lc, host_config *hc, + container_config *custom_config, Errors &error); +- auto GetPodSandboxStatus(const std::string &podSandboxID, Errors &error) -> std::unique_ptr; +- void GetContainerStatuses(const std::string &podSandboxID, std::vector> &containerStatuses, ++ auto GetPodSandboxStatus(const std::string &podSandboxID, ++ Errors &error) -> std::unique_ptr; ++ void GetContainerStatuses(const std::string &podSandboxID, ++ std::vector> &containerStatuses, + std::vector &errors); + + private: +diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc +index 7b40e29d..56c89c1e 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc ++++ b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc +@@ -125,7 +125,8 @@ void CRIRuntimeServiceImpl::RemovePodSandbox(const std::string &podSandboxID, Er + m_podSandboxManager->RemovePodSandbox(podSandboxID, error); + } + +-void CRIRuntimeServiceImpl::PodSandboxStatus(const std::string &podSandboxID, runtime::v1::PodSandboxStatusResponse *reply, Errors &error) ++void CRIRuntimeServiceImpl::PodSandboxStatus(const std::string &podSandboxID, ++ runtime::v1::PodSandboxStatusResponse *reply, Errors &error) + { + m_podSandboxManager->PodSandboxStatus(podSandboxID, reply, error); + } +diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h +index 6ae59bfa..3d93c7bb 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h ++++ b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h +@@ -73,7 +73,8 @@ public: + + void RemovePodSandbox(const std::string &podSandboxID, Errors &error) override; + +- void PodSandboxStatus(const std::string &podSandboxID, runtime::v1::PodSandboxStatusResponse *reply, Errors &error) override; ++ void PodSandboxStatus(const std::string &podSandboxID, runtime::v1::PodSandboxStatusResponse *reply, ++ Errors &error) override; + + void ListPodSandbox(const runtime::v1::PodSandboxFilter &filter, + std::vector> &pods, Errors &error) override; +diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c +index 785b4e27..8e930c8a 100644 +--- a/src/daemon/executor/container_cb/execution_create.c ++++ b/src/daemon/executor/container_cb/execution_create.c +@@ -551,7 +551,7 @@ static int merge_config_for_syscontainer(const container_create_request *request + goto out; + } + if (request->rootfs != NULL && (append_json_map_string_string(container_spec->annotations, "external.rootfs", "true") +- || append_json_map_string_string(oci_spec->annotations, "external.rootfs", "true"))) { ++ || append_json_map_string_string(oci_spec->annotations, "external.rootfs", "true"))) { + ERROR("Realloc annotations failed"); + ret = -1; + goto out; +diff --git a/src/daemon/mailbox/mailbox.c b/src/daemon/mailbox/mailbox.c +index 732b91b9..39f003f3 100644 +--- a/src/daemon/mailbox/mailbox.c ++++ b/src/daemon/mailbox/mailbox.c +@@ -23,7 +23,8 @@ + + mailbox_topic_handler_t mailbox_topic_handlers[MAILBOX_TOPIC_MAX] = { 0 }; + +-static bool mailbox_topic_valid(mailbox_topic topic) { ++static bool mailbox_topic_valid(mailbox_topic topic) ++{ + return topic > MAILBOX_TOPIC_INVALID && topic < MAILBOX_TOPIC_MAX; + } + +diff --git a/src/daemon/mailbox/mailbox.h b/src/daemon/mailbox/mailbox.h +index 1dc2e934..aef63514 100644 +--- a/src/daemon/mailbox/mailbox.h ++++ b/src/daemon/mailbox/mailbox.h +@@ -64,7 +64,7 @@ typedef struct { + cri_container_message_type type; + } cri_container_message_t; + +-int mailbox_register_topic_handler(mailbox_topic topic, message_generator_t handle, void *context, ++int mailbox_register_topic_handler(mailbox_topic topic, message_generator_t generator, void *context, + message_release_t release, bool async); + + void mailbox_unregister_topic_handler(mailbox_topic topic); +@@ -73,7 +73,7 @@ void mailbox_publish(mailbox_topic topic, void *data); + + message_subscriber *mailbox_subscribe(mailbox_topic topic); + +-void mailbox_unsubscribe(mailbox_topic, message_subscriber *sub); ++void mailbox_unsubscribe(mailbox_topic topic, message_subscriber *sub); + + #ifdef __cplusplus + } +diff --git a/src/daemon/mailbox/mailbox_message.c b/src/daemon/mailbox/mailbox_message.c +index b16a1bdd..316b7428 100644 +--- a/src/daemon/mailbox/mailbox_message.c ++++ b/src/daemon/mailbox/mailbox_message.c +@@ -20,7 +20,8 @@ + #include "utils.h" + + // Once the create succeeds, the ownership is transferred to the mailbox_message. +-mailbox_message *mailbox_message_create(void *data, void (*destroy)(void *)) { ++mailbox_message *mailbox_message_create(void *data, void (*destroy)(void *)) ++{ + __isula_auto_free mailbox_message *msg = NULL; + msg = util_common_calloc_s(sizeof(mailbox_message)); + if (msg == NULL) { +@@ -40,7 +41,8 @@ mailbox_message *mailbox_message_create(void *data, void (*destroy)(void *)) { + return isula_transfer_ptr(msg); + } + +-int mailbox_message_ref(mailbox_message *dest) { ++int mailbox_message_ref(mailbox_message *dest) ++{ + __isula_auto_pm_unlock pthread_mutex_t *lock = NULL; + if (dest == NULL) { + ERROR("Invalid mailbox_message"); +@@ -63,7 +65,8 @@ int mailbox_message_ref(mailbox_message *dest) { + return 0; + } + +-void mailbox_message_unref(mailbox_message *dest) { ++void mailbox_message_unref(mailbox_message *dest) ++{ + __isula_auto_pm_unlock pthread_mutex_t *lock = NULL; + if (dest == NULL) { + return; +diff --git a/src/daemon/mailbox/mailbox_message.h b/src/daemon/mailbox/mailbox_message.h +index 39e40b70..af323069 100644 +--- a/src/daemon/mailbox/mailbox_message.h ++++ b/src/daemon/mailbox/mailbox_message.h +@@ -34,9 +34,9 @@ typedef struct mailbox_message { + + mailbox_message *mailbox_message_create(void *ptr, void (*destroy)(void *)); + +-int mailbox_message_ref(mailbox_message *p); ++int mailbox_message_ref(mailbox_message *dest); + +-void mailbox_message_unref(mailbox_message *p); ++void mailbox_message_unref(mailbox_message *dest); + + // define auto free function callback for mailbox_message + define_auto_cleanup_callback(mailbox_message_unref, mailbox_message); +diff --git a/src/daemon/modules/api/container_api.h b/src/daemon/modules/api/container_api.h +index 55c59980..a6ec8e22 100644 +--- a/src/daemon/modules/api/container_api.h ++++ b/src/daemon/modules/api/container_api.h +@@ -271,7 +271,8 @@ bool container_is_valid_state_string(const char *state); + + void container_update_health_monitor(const char *container_id); + +-extern int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const pid_ppid_info_t *pid_info, const container_t *cont); ++extern int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const pid_ppid_info_t *pid_info, ++ const container_t *cont); + + extern char *container_exit_fifo_create(const char *cont_state_path); + +diff --git a/src/daemon/modules/api/network_api.h b/src/daemon/modules/api/network_api.h +index 4c1e3480..fd8607b3 100644 +--- a/src/daemon/modules/api/network_api.h ++++ b/src/daemon/modules/api/network_api.h +@@ -77,7 +77,7 @@ void free_network_api_result_list(network_api_result_list *ptr); + + void free_attach_net_conf(struct attach_net_conf *ptr); + +-void free_network_api_conf(network_api_conf *ptr); ++void free_network_api_conf(network_api_conf *conf); + + bool network_module_init(const char *network_plugin, const char *cache_dir, const char *conf_dir, const char* bin_path); + +diff --git a/src/daemon/modules/container/supervisor/supervisor.c b/src/daemon/modules/container/supervisor/supervisor.c +index 83d46268..39d9fdb8 100644 +--- a/src/daemon/modules/container/supervisor/supervisor.c ++++ b/src/daemon/modules/container/supervisor/supervisor.c +@@ -307,7 +307,8 @@ static int oom_handle_cb(int fd, uint32_t events, void *cbdata, struct epoll_des + } + + /* supervisor add exit monitor */ +-int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const pid_ppid_info_t *pid_info, const container_t *cont) ++int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const pid_ppid_info_t *pid_info, ++ const container_t *cont) + { + int ret = 0; + struct supervisor_handler_data *data = NULL; +diff --git a/src/daemon/modules/device/cdi/behavior/cdi_container_edits.c b/src/daemon/modules/device/cdi/behavior/cdi_container_edits.c +index 816b9c2d..d146f7e1 100644 +--- a/src/daemon/modules/device/cdi/behavior/cdi_container_edits.c ++++ b/src/daemon/modules/device/cdi/behavior/cdi_container_edits.c +@@ -27,8 +27,8 @@ + #include "utils_array.h" + #include "specs_api.h" + +-/* +- * The OCI being used by the iSulad not supportes ++/* ++ * The OCI being used by the iSulad not supportes + * createRuntime/createContainer/startContainer currently. + */ + // PRESTART_HOOK is the name of the OCI "prestart" hook. +@@ -105,8 +105,8 @@ static int fill_device_node_info(cdi_device_node *d) + dev_type = NULL; + } else { + if (strcmp(d->type, dev_type) != 0) { +- ERROR("CDI device (%s, %s), host type mismatch (%s, %s)", +- d->path, d->host_path, d->type, dev_type); ++ ERROR("CDI device (%s, %s), host type mismatch (%s, %s)", ++ d->path, d->host_path, d->type, dev_type); + return -1; + } + } +@@ -168,7 +168,7 @@ static cdi_hook *clone_cdi_hook(cdi_hook *h) + hook->env_len = h->env_len; + } + hook->timeout = h->timeout; +- ++ + return hook; + + error_out: +@@ -280,7 +280,7 @@ static defs_device *cdi_device_node_to_oci(cdi_device_node *d) + oci_device->file_mode = d->file_mode; + oci_device->uid = d->uid; + oci_device->gid = d->gid; +- ++ + return oci_device; + } + +@@ -331,7 +331,7 @@ static int apply_cdi_device_nodes(cdi_container_edits *e, oci_runtime_spec *spec + access = "rwm"; + } + if (spec_add_linux_resources_device(spec, true, dev->type, +- dev->major, dev->minor, access)) { ++ dev->major, dev->minor, access)) { + dev = NULL; + goto error_out; + } +@@ -391,9 +391,9 @@ static int apply_cdi_mounts(cdi_container_edits *e, oci_runtime_spec *spec) + return -1; + } + } +- ++ + qsort(spec->mounts, spec->mounts_len, +- sizeof(defs_mount *), (int (*)(const void *, const void *))defs_mount_cmp); ++ sizeof(defs_mount *), (int (*)(const void *, const void *))defs_mount_cmp); + return 0; + } + +@@ -411,8 +411,8 @@ static int apply_cdi_hooks(cdi_container_edits *e, oci_runtime_spec *spec) + } else if (strcmp(e->hooks[i]->hook_name, POSTSTOP_HOOK)) { + ret = spec_add_poststop_hook(spec, oci_hook); + } else { +- /* +- * The OCI being used by the iSulad not supportes ++ /* ++ * The OCI being used by the iSulad not supportes + * createRuntime/createContainer/startContainer currently. + */ + ERROR("Unknown hook name %s", e->hooks[i]->hook_name); +@@ -503,19 +503,19 @@ int cdi_container_edits_validate(cdi_container_edits *e) + static int append_##item(cdi_container_edits *e, cdi_container_edits *o, clone_common_array_item_cb cb) \ + { \ + common_array e_array = { \ +- .items = (void **)e->item, \ +- .len = e->item##_len, \ +- .cap = e->item##_len, \ +- .free_item_cb = NULL, \ +- .clone_item_cb = cb \ +- }; \ ++ .items = (void **)e->item, \ ++ .len = e->item##_len, \ ++ .cap = e->item##_len, \ ++ .free_item_cb = NULL, \ ++ .clone_item_cb = cb \ ++ }; \ + common_array o_array = { \ +- .items = (void **)o->item, \ +- .len = o->item##_len, \ +- .cap = o->item##_len, \ +- .free_item_cb = NULL, \ +- .clone_item_cb = cb \ +- }; \ ++ .items = (void **)o->item, \ ++ .len = o->item##_len, \ ++ .cap = o->item##_len, \ ++ .free_item_cb = NULL, \ ++ .clone_item_cb = cb \ ++ }; \ + if (util_merge_common_array(&e_array, &o_array) != 0) { \ + ERROR("Out of memory"); \ + return -1; \ +diff --git a/src/daemon/modules/device/cdi/behavior/cdi_device.c b/src/daemon/modules/device/cdi/behavior/cdi_device.c +index aec3d7c0..9104416c 100644 +--- a/src/daemon/modules/device/cdi/behavior/cdi_device.c ++++ b/src/daemon/modules/device/cdi/behavior/cdi_device.c +@@ -28,21 +28,21 @@ void free_cdi_cache_device(struct cdi_cache_device *d) + if (d == NULL) { + return; + } +- +- /* ++ ++ /* + * free_cdi_cache_device should not be recursively free raw_device. + * Otherwise, the function conflicts with the raw_spec free raw_device +- * when cdi_cache_spec free raw_spec, triggering double free. ++ * when cdi_cache_spec free raw_spec, triggering double free. + */ + d->raw_device = NULL; +- +- /* ++ ++ /* + * free_cdi_cache_device should not be recursively free cache_spec. + * Otherwise, the function conflicts with the cache free specs, +- * triggering double free. ++ * triggering double free. + */ + d->cache_spec = NULL; +- ++ + free(d); + } + +@@ -86,7 +86,7 @@ char *cdi_device_get_qualified_name(const struct cdi_cache_device *d) + return NULL; + } + return cdi_parser_qualified_name(cdi_spec_get_vendor(d->cache_spec), +- cdi_spec_get_class(d->cache_spec), d->raw_device->name); ++ cdi_spec_get_class(d->cache_spec), d->raw_device->name); + } + + cdi_container_edits *cdi_device_get_edits(const struct cdi_cache_device *d) +diff --git a/src/daemon/modules/device/cdi/behavior/cdi_spec.c b/src/daemon/modules/device/cdi/behavior/cdi_spec.c +index 8783debc..ec563230 100644 +--- a/src/daemon/modules/device/cdi/behavior/cdi_spec.c ++++ b/src/daemon/modules/device/cdi/behavior/cdi_spec.c +@@ -33,7 +33,7 @@ void free_cdi_cache_spec(struct cdi_cache_spec *s) + if (s == NULL) { + return; + } +- ++ + free_cdi_spec(s->raw_spec); + s->raw_spec = NULL; + free(s->vendor); +@@ -44,7 +44,7 @@ void free_cdi_cache_spec(struct cdi_cache_spec *s) + s->path = NULL; + map_free(s->devices); + s->devices = NULL; +- ++ + free(s); + } + +@@ -58,7 +58,7 @@ struct cdi_cache_spec *cdi_spec_read_spec(const char *path, int priority) + ERROR("Failed to get clean path %s", path); + return NULL; + } +- ++ + raw_spec = cdi_spec_parse_file(cleanpath, NULL, &err); + if (raw_spec == NULL) { + ERROR("Failed to read CDI Spec %s: %s", cleanpath, err); +@@ -106,7 +106,7 @@ struct cdi_cache_spec *cdi_spec_new_spec(cdi_spec *raw, const char *path, int pr + ERROR("Invalid CDI Spec"); + goto error_out; + } +- ++ + return spec; + + error_out: +@@ -183,7 +183,7 @@ static int cdi_spec_init(struct cdi_cache_spec *s) + cdi_device *d = NULL; + size_t i; + bool version_result = true; +- ++ + if (!cdi_is_valid_version(s->raw_spec->cdi_version)) { + ERROR("Failed to validate cdi spec version: %s", s->raw_spec->cdi_version); + return -1; +diff --git a/src/daemon/modules/device/cdi/behavior/cdi_spec.h b/src/daemon/modules/device/cdi/behavior/cdi_spec.h +index ca7b2cfa..d20826c6 100644 +--- a/src/daemon/modules/device/cdi/behavior/cdi_spec.h ++++ b/src/daemon/modules/device/cdi/behavior/cdi_spec.h +@@ -37,7 +37,7 @@ struct cdi_cache_spec { + }; + + #define CDI_DEFAULT_SPEC_EXT ".json" +- ++ + void free_cdi_cache_spec(struct cdi_cache_spec *s); + + struct cdi_cache_spec *cdi_spec_read_spec(const char *path, int priority); +diff --git a/src/daemon/modules/device/cdi/behavior/cdi_spec_dirs.c b/src/daemon/modules/device/cdi/behavior/cdi_spec_dirs.c +index cafb52b8..75cd7abf 100644 +--- a/src/daemon/modules/device/cdi/behavior/cdi_spec_dirs.c ++++ b/src/daemon/modules/device/cdi/behavior/cdi_spec_dirs.c +@@ -27,13 +27,13 @@ + + #define DEFAULT_SPEC_DIRS_LEN 2 + static char *default_spec_dirs_items[DEFAULT_SPEC_DIRS_LEN] = {CDI_DEFAULT_STATIC_DIR, CDI_DEFAULT_DYNAMIC_DIR}; +- ++ + string_array g_default_spec_dirs = { + .items = default_spec_dirs_items, + .len = DEFAULT_SPEC_DIRS_LEN, + .cap = DEFAULT_SPEC_DIRS_LEN, + }; +- ++ + struct scan_spec_dir_cb_args { + struct cdi_scan_fn_maps *scan_fn_maps; + cdi_scan_spec_func scan_fn; +@@ -64,7 +64,7 @@ static bool scan_spec_dir_cb(const char *dir, const struct dirent *pdirent, void + DEBUG("Skip dir %s", file_path); + return true; + } +- ++ + if (!util_has_suffix(file_path, ".json")) { + DEBUG("Skip file %s", file_path); + return true; +diff --git a/src/daemon/modules/device/cdi/behavior/cdi_spec_dirs.h b/src/daemon/modules/device/cdi/behavior/cdi_spec_dirs.h +index b17a0cd8..fdb0f2f9 100644 +--- a/src/daemon/modules/device/cdi/behavior/cdi_spec_dirs.h ++++ b/src/daemon/modules/device/cdi/behavior/cdi_spec_dirs.h +@@ -27,7 +27,7 @@ extern "C" { + #define CDI_DEFAULT_DYNAMIC_DIR "/var/run/cdi" + + extern string_array g_default_spec_dirs; +- ++ + struct cdi_scan_fn_maps { + map_t *specs; + map_t *devices; +diff --git a/src/daemon/modules/device/cdi/behavior/cdi_version.c b/src/daemon/modules/device/cdi/behavior/cdi_version.c +index 550f3107..4cdc116a 100644 +--- a/src/daemon/modules/device/cdi/behavior/cdi_version.c ++++ b/src/daemon/modules/device/cdi/behavior/cdi_version.c +@@ -177,7 +177,7 @@ const char *cdi_minimum_required_version(cdi_spec *spec) + bool cdi_is_valid_version(const char *spec_version) + { + int i; +- ++ + for (i = 0; i < VALID_SPEC_VERSIONS_LEN; i++) { + if (strcmp(g_valid_spec_versions[i].version, spec_version) == 0) { + return true; +diff --git a/src/daemon/modules/device/cdi/behavior/parser/cdi_parser.c b/src/daemon/modules/device/cdi/behavior/parser/cdi_parser.c +index 8824d29c..603ce28d 100644 +--- a/src/daemon/modules/device/cdi/behavior/parser/cdi_parser.c ++++ b/src/daemon/modules/device/cdi/behavior/parser/cdi_parser.c +@@ -47,7 +47,7 @@ char *cdi_parser_qualified_name(const char *vendor, const char *class, const cha + } + + nret = snprintf(device_name, sizeof(device_name), "%s/%s=%s", +- vendor, class, name); ++ vendor, class, name); + if (nret < 0 || (size_t)nret >= sizeof(device_name)) { + ERROR("Device name is too long"); + return NULL; +@@ -118,7 +118,7 @@ int cdi_parser_parse_device(const char *device, char **vendor, char **class, cha + { + __isula_auto_array_t char **parts = NULL; + +- if (vendor == NULL || class == NULL || name == NULL || ++ if (vendor == NULL || class == NULL || name == NULL || + device == NULL || device[0] == '/') { + ERROR("Invalid argument"); + return -1; +@@ -214,7 +214,7 @@ int cdi_parser_validate_class_name(const char *class) + int cdi_parser_validate_device_name(const char *name) + { + size_t i; +- ++ + if (name == NULL) { + ERROR("Invalid (empty) device name"); + return -1; +diff --git a/src/daemon/modules/device/cdi/cdi_cache.c b/src/daemon/modules/device/cdi/cdi_cache.c +index e637f7cd..e9a9b804 100644 +--- a/src/daemon/modules/device/cdi/cdi_cache.c ++++ b/src/daemon/modules/device/cdi/cdi_cache.c +@@ -179,7 +179,7 @@ static int cdi_refresh(struct cdi_cache *c) + { + bool refreshed; + int ret = 0; +- ++ + if (c == NULL) { + ERROR("Invalid arguments"); + return -1; +@@ -206,10 +206,10 @@ static void map_cdi_cache_specs_kvfree(void *key, void *value) + static void map_cdi_cache_device_kvfree(void *key, void *value) + { + free(key); +- /* ++ /* + * map_cdi_cache_device_kvfree should not be recursively free cdi_cache_device. + * Otherwise, the function conflicts with the cdi_cache_specs free devices, +- * triggering double free. ++ * triggering double free. + */ + (void)value; + } +@@ -249,8 +249,8 @@ static bool resolve_conflict(struct cdi_scan_fn_maps *scan_fn_maps, const char * + return true; + } + +-static void refresh_scan_spec_func(struct cdi_scan_fn_maps *scan_fn_maps, const char *path, +- int priority, struct cdi_cache_spec *spec) ++static void refresh_scan_spec_func(struct cdi_scan_fn_maps *scan_fn_maps, const char *path, ++ int priority, struct cdi_cache_spec *spec) + { + map_t *specs = scan_fn_maps->specs; + map_t *devices = scan_fn_maps->devices; +@@ -375,7 +375,7 @@ static int refresh(struct cdi_cache *c) + util_swap_ptr((void **)&c->devices, (void **)&devices); + + ret = c->refresh_error_flag ? -1 : 0; +- ++ + free_out: + map_itor_free(itor); + map_free(specs); +@@ -443,7 +443,7 @@ static int cdi_inject_devices(struct cdi_cache *c, oci_runtime_spec *oci_spec, s + + (void)refresh_if_required(c, false, &ret); + +- for(i = 0; i < devices->len; i++) { ++ for (i = 0; i < devices->len; i++) { + device = devices->items[i]; + d = map_search(c->devices, (void *)device); + if (d == NULL) { +@@ -524,7 +524,7 @@ static int init_tracked(struct cdi_watch *w, string_array *dirs) + ERROR("Out of memory"); + return -1; + } +- for(i = 0; i < dirs->len; i++) { ++ for (i = 0; i < dirs->len; i++) { + if (!map_replace(w->tracked, (void *)dirs->items[i], (void *)&tmp_value)) { + ERROR("Failed to insert tracked by dir %s", dirs->items[i]); + goto error_out; +@@ -624,7 +624,7 @@ static int process_cdi_events(int watcher_fd, struct cdi_cache *c) + } + + (void)pthread_mutex_lock(&c->mutex); +- ++ + while (events_index < events_length) { + cdi_event = (struct inotify_event *)(&buffer[events_index]); + ssize_t event_size = (ssize_t)(cdi_event->len) + (ssize_t)offsetof(struct inotify_event, name); +@@ -633,8 +633,8 @@ static int process_cdi_events(int watcher_fd, struct cdi_cache *c) + } + events_index += event_size; + +- /* +- * file: ++ /* ++ * file: + * Rename: mask == IN_MOVED_TO | IN_MOVED_FROM + * Remove: mask == IN_MOVED_FROM || mask == IN_DELETE + * Write: mask == IN_MODIFY +diff --git a/src/daemon/modules/device/cdi/cdi_cache.h b/src/daemon/modules/device/cdi/cdi_cache.h +index 638e954e..9f6793c8 100644 +--- a/src/daemon/modules/device/cdi/cdi_cache.h ++++ b/src/daemon/modules/device/cdi/cdi_cache.h +@@ -34,7 +34,7 @@ struct cdi_cache_ops { + // injecting CDI devices into an OCI Spec. + // Resolver + int (*inject_devices)(struct cdi_cache *c, oci_runtime_spec *spec, string_array *devices); +- ++ + // refreshing the cache of CDI Specs and devices. + // Refresher + int (*configure)(struct cdi_cache *c, string_array *spec_dirs); +@@ -55,12 +55,12 @@ struct cdi_cache { + // This map holding the reference to cdi device, the devices will not released when the map is freed. + map_t *devices; // MAP_STR_PTR devices[cdi_device.name] = cdi_cache_device* + bool refresh_error_flag; +- bool auto_refresh; ++ bool auto_refresh; + struct cdi_watch *watch; + }; + + void free_cdi_cache(struct cdi_cache *c); +- ++ + struct cdi_cache *cdi_new_cache(string_array *spec_dirs); + struct cdi_cache_ops *cdi_get_cache_ops(void); + +diff --git a/src/daemon/modules/device/cdi_operate.c b/src/daemon/modules/device/cdi_operate.c +index f99bb7e4..2cc2a17d 100644 +--- a/src/daemon/modules/device/cdi_operate.c ++++ b/src/daemon/modules/device/cdi_operate.c +@@ -29,7 +29,7 @@ int cdi_operate_registry_init(char **specs_dirs, size_t specs_dirs_len) + .len = specs_dirs_len, + .cap = specs_dirs_len, + }; +- ++ + return cdi_registry_init(&spec_dirs_array); + } + +@@ -40,7 +40,7 @@ int cdi_operate_refresh(void) + ERROR("Failed to get registry"); + return -1; + } +- ++ + return registry->ops->refresh(registry->cdi_cache); + } + +@@ -52,13 +52,13 @@ int cdi_operate_inject_devices(oci_runtime_spec *spec, string_array *devices) + ERROR("Invalid params"); + return -1; + } +- ++ + registry = cdi_get_registry(); + if (registry == NULL || registry->ops == NULL || registry->ops->inject_devices == NULL) { + ERROR("Failed to get registry"); + return -1; + } +- ++ + return registry->ops->inject_devices(registry->cdi_cache, spec, devices); + } + +diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c +index ce1c8a6b..e9f16024 100644 +--- a/src/daemon/modules/image/oci/oci_image.c ++++ b/src/daemon/modules/image/oci/oci_image.c +@@ -295,7 +295,8 @@ static bool remove_image_tmpdir_cb(const char *path_name, const struct dirent *s + return true; + } + +- if (!util_has_prefix(sub_dir->d_name, LOAD_TMPDIR_PREFIX) && !util_has_prefix(sub_dir->d_name, REGISTRY_TMPDIR_PREFIX)) { ++ if (!util_has_prefix(sub_dir->d_name, LOAD_TMPDIR_PREFIX) && ++ !util_has_prefix(sub_dir->d_name, REGISTRY_TMPDIR_PREFIX)) { + // only remove directory that image module created + return true; + } +diff --git a/src/daemon/modules/image/oci/progress.h b/src/daemon/modules/image/oci/progress.h +index dcc8e144..673019a4 100644 +--- a/src/daemon/modules/image/oci/progress.h ++++ b/src/daemon/modules/image/oci/progress.h +@@ -35,7 +35,7 @@ typedef struct progress { + + bool progress_status_map_udpate(progress_status_map *progress_status_map, char *key, int64_t current, int64_t total); + +-progress_status_map *progress_status_map_new(); ++progress_status_map *progress_status_map_new(void); + + size_t progress_status_map_size(progress_status_map *progress_status_map); + +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index 66fa0076..2e99255a 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -293,7 +293,8 @@ static bool is_manifest_schemav1(char *media_type) + return false; + } + +- if (strcmp(media_type, DOCKER_MANIFEST_SCHEMA1_JSON) == 0 || strcmp(media_type, DOCKER_MANIFEST_SCHEMA1_PRETTYJWS) == 0 || ++ if (strcmp(media_type, DOCKER_MANIFEST_SCHEMA1_JSON) == 0 || ++ strcmp(media_type, DOCKER_MANIFEST_SCHEMA1_PRETTYJWS) == 0 || + strcmp(media_type, MEDIA_TYPE_APPLICATION_JSON) == 0) { + return true; + } +diff --git a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.h b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.h +index 48d8d8b6..10c14f05 100644 +--- a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.h ++++ b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.h +@@ -36,7 +36,7 @@ struct cni_args { + void free_cni_args(struct cni_args *cargs); + + int exec_plugin_with_result(const char *plugin_path, const char *cni_net_conf_json, const struct cni_args *cniargs, +- struct cni_opt_result **ret); ++ struct cni_opt_result **result); + + int exec_plugin_without_result(const char *plugin_path, const char *cni_net_conf_json, const struct cni_args *cniargs); + +diff --git a/src/daemon/modules/network/cri/adaptor_cri.c b/src/daemon/modules/network/cri/adaptor_cri.c +index 2d03dd98..55826d52 100644 +--- a/src/daemon/modules/network/cri/adaptor_cri.c ++++ b/src/daemon/modules/network/cri/adaptor_cri.c +@@ -71,7 +71,7 @@ int adaptor_cni_update_confs() + size_t tmp_net_list_len = 0; + size_t i; + char message[MAX_BUFFER_SIZE] = { 0 }; +- int pos = 0; ++ size_t pos = 0; + + work = map_new(MAP_STR_INT, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC); + if (work == NULL) { +diff --git a/src/daemon/modules/network/cri/adaptor_cri.h b/src/daemon/modules/network/cri/adaptor_cri.h +index 3d4fe82d..bc157626 100644 +--- a/src/daemon/modules/network/cri/adaptor_cri.h ++++ b/src/daemon/modules/network/cri/adaptor_cri.h +@@ -23,9 +23,9 @@ extern "C" { + + int adaptor_cni_init_confs(const char *conf_dir, const char **bin_paths, const size_t bin_paths_len); + +-int adaptor_cni_update_confs(); ++int adaptor_cni_update_confs(void); + +-bool adaptor_cni_check_inited(); ++bool adaptor_cni_check_inited(void); + + int adaptor_cni_setup(const network_api_conf *conf, network_api_result_list *result); + +diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +index a89d0375..64a8adbc 100644 +--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c ++++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +@@ -166,7 +166,8 @@ int rt_lcr_start(const char *name, const char *runtime, const rt_start_params_t + } + isulad_set_error_message("Start container error: %s", + (tmpmsg != NULL && strcmp(tmpmsg, DEF_SUCCESS_STR) != 0) ? tmpmsg : DEF_ERR_RUNTIME_STR); +- ERROR("Start container error: %s", (tmpmsg != NULL && strcmp(tmpmsg, DEF_SUCCESS_STR) != 0) ? tmpmsg : DEF_ERR_RUNTIME_STR); ++ ERROR("Start container error: %s", (tmpmsg != NULL && ++ strcmp(tmpmsg, DEF_SUCCESS_STR) != 0) ? tmpmsg : DEF_ERR_RUNTIME_STR); + ret = -1; + goto out; + } +@@ -264,7 +265,8 @@ int rt_lcr_rm(const char *name, const char *runtime, const rt_rm_params_t *param + if (engine_ops == NULL || engine_ops->engine_delete_op == NULL) { + // if engine_ops is NULL, container root path may have been corrupted, try to remove by daemon + // If user runs container with lcr but remove lcr runtime after, there might be resources remaining +- ERROR("Failed to get engine delete operations, container %s root path may have been corrupted, try to remove by daemon", name); ++ ERROR("Failed to get engine delete operations, container %s root path may have been corrupted, try to remove by daemon", ++ name); + if (remove_container_rootpath(name, params->rootpath) == 0) { + ret = 0; + goto out; +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 854752ea..62cff3cf 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -623,7 +623,8 @@ out: + return ret; + } + +-static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats, struct runtime_container_resources_stats_info *info) ++static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats, ++ struct runtime_container_resources_stats_info *info) + { + size_t i; + if (stats == NULL || stats->data == NULL) { +@@ -887,7 +888,7 @@ static int shim_create(shim_create_args *args) + + if (get_engine_routine_log_info(&engine_log_path, &log_level) != 0) { + ERROR("failed to get engine log path"); +- return -1; ++ return -1; + } + + nret = snprintf(fpid, sizeof(fpid), "%s/shim-pid", args->workdir); +@@ -938,7 +939,7 @@ static int shim_create(shim_create_args *args) + //prevent the child process from having the same standard streams as the parent process + if (isula_null_stdfds() != 0) { + (void)dprintf(exec_err_pipe[1], "failed to set std console to /dev/null"); +- exit(EXIT_FAILURE); ++ exit(EXIT_FAILURE); + } + + if (args->fg) { +@@ -1054,7 +1055,7 @@ out: + close(shim_stdout_pipe[0]); + if (ret != 0) { + show_shim_errlog(shim_stderr_pipe[0]); +- // Since users are more concerned about runtime error information, ++ // Since users are more concerned about runtime error information, + // the runtime log will overwrite the shim log if it exists. + show_runtime_errlog(args->workdir); + if (args->timeout != NULL) { +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index fe8ee72f..0b95cdad 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -691,7 +691,8 @@ out: + epoll_loop_close(&descr); + } + +-static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, container_config *container_spec, host_config *hostconfig) ++static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, container_config *container_spec, ++ host_config *hostconfig) + { + int ret; + +@@ -2013,7 +2014,7 @@ static defs_process *make_exec_process_spec(const container_config *container_sp + #ifdef ENABLE_CDI + // extend step: merge env from oci_spec which comes from injected devices + ret = defs_process_add_multiple_env(spec, (const char **)oci_spec->process->env, +- oci_spec->process->env_len); ++ oci_spec->process->env_len); + if (ret != 0) { + ERROR("Failed to dup oci env for exec process spec"); + goto err_out; +diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c +index e779c22e..122f9992 100644 +--- a/src/daemon/modules/spec/specs.c ++++ b/src/daemon/modules/spec/specs.c +@@ -2483,7 +2483,8 @@ out: + return ret; + } + +-int update_oci_ulimit(oci_runtime_spec *oci_spec, const host_config *hostconfig) { ++int update_oci_ulimit(oci_runtime_spec *oci_spec, const host_config *hostconfig) ++{ + if (oci_spec == NULL || hostconfig == NULL) { + ERROR("Invalid arguments"); + return -1; +@@ -2660,7 +2661,7 @@ int defs_process_add_multiple_env(defs_process *dp, const char **envs, size_t en + int spec_add_multiple_process_env(oci_runtime_spec *oci_spec, const char **envs, size_t env_len) + { + int ret = 0; +- ++ + if (envs == NULL || env_len == 0) { + DEBUG("empty envs"); + return 0; +@@ -2669,26 +2670,26 @@ int spec_add_multiple_process_env(oci_runtime_spec *oci_spec, const char **envs, + ERROR("Invalid params"); + return -1; + } +- ++ + ret = make_sure_oci_spec_process(oci_spec); + if (ret < 0) { + ERROR("Out of memory"); + return -1; + } +- ++ + ret = defs_process_add_multiple_env(oci_spec->process, envs, env_len); + if (ret < 0) { + ERROR("Failed to add envs"); + } +- ++ + return ret; + } +- ++ + int spec_add_device(oci_runtime_spec *oci_spec, defs_device *device) + { + int ret = 0; + size_t i; +- ++ + if (device == NULL) { + return -1; + } +@@ -2696,7 +2697,7 @@ int spec_add_device(oci_runtime_spec *oci_spec, defs_device *device) + if (ret < 0) { + return -1; + } +- ++ + for (i = 0; i < oci_spec->linux->devices_len; i++) { + if (strcmp(oci_spec->linux->devices[i]->path, device->path) == 0) { + free_defs_device(oci_spec->linux->devices[i]); +@@ -2712,21 +2713,21 @@ int spec_add_device(oci_runtime_spec *oci_spec, defs_device *device) + } + oci_spec->linux->devices[oci_spec->linux->devices_len] = device; + oci_spec->linux->devices_len++; +- ++ + return 0; + } +- ++ + int spec_add_linux_resources_device(oci_runtime_spec *oci_spec, bool allow, const char *dev_type, + int64_t major, int64_t minor, const char *access) + { + int ret = 0; + defs_device_cgroup *device = NULL; +- ++ + ret = make_sure_oci_spec_linux_resources(oci_spec); + if (ret < 0) { + return -1; + } +- ++ + device = util_common_calloc_s(sizeof(*device)); + if (device == NULL) { + ERROR("Out of memory"); +@@ -2738,7 +2739,8 @@ int spec_add_linux_resources_device(oci_runtime_spec *oci_spec, bool allow, cons + device->major = major; + device->minor = minor; + +- if (util_mem_realloc((void **)&oci_spec->linux->resources->devices, (oci_spec->linux->resources->devices_len + 1) * sizeof(char *), ++ if (util_mem_realloc((void **)&oci_spec->linux->resources->devices, ++ (oci_spec->linux->resources->devices_len + 1) * sizeof(char *), + (void *)oci_spec->linux->resources->devices, oci_spec->linux->resources->devices_len * sizeof(char *)) != 0) { + ERROR("Out of memory"); + free_defs_device_cgroup(device); +@@ -2746,35 +2748,35 @@ int spec_add_linux_resources_device(oci_runtime_spec *oci_spec, bool allow, cons + } + oci_spec->linux->resources->devices[oci_spec->linux->resources->devices_len] = device; + oci_spec->linux->resources->devices_len++; +- ++ + return 0; + } +- ++ + void spec_remove_mount(oci_runtime_spec *oci_spec, const char *dest) + { + size_t i; +- ++ + if (oci_spec == NULL || oci_spec->mounts == NULL || dest == NULL) { + return; + } +- ++ + for (i = 0; i < oci_spec->mounts_len; i++) { + if (strcmp(oci_spec->mounts[i]->destination, dest) == 0) { + free_defs_mount(oci_spec->mounts[i]); + (void)memcpy((void **)&oci_spec->mounts[i], (void **)&oci_spec->mounts[i + 1], +- (oci_spec->mounts_len - i - 1) * sizeof(void *)); ++ (oci_spec->mounts_len - i - 1) * sizeof(void *)); + oci_spec->mounts_len--; + return; + } + } + } +- ++ + int spec_add_mount(oci_runtime_spec *oci_spec, defs_mount *mnt) + { + if (oci_spec == NULL || mnt == NULL) { + return -1; + } +- ++ + if (util_mem_realloc((void **)&oci_spec->mounts, (oci_spec->mounts_len + 1) * sizeof(char *), + (void *)oci_spec->mounts, oci_spec->mounts_len * sizeof(char *)) != 0) { + ERROR("Out of memory"); +@@ -2782,10 +2784,10 @@ int spec_add_mount(oci_runtime_spec *oci_spec, defs_mount *mnt) + } + oci_spec->mounts[oci_spec->mounts_len] = mnt; + oci_spec->mounts_len++; +- ++ + return 0; + } +- ++ + #define SPEC_ADD_HOOKS_ITEM_DEF(hooktype) \ + int spec_add_##hooktype##_hook(oci_runtime_spec *oci_spec, defs_hook *hooktype##_hook) \ + { \ +@@ -2806,9 +2808,9 @@ int spec_add_mount(oci_runtime_spec *oci_spec, defs_mount *mnt) + oci_spec->hooks->hooktype##_len++; \ + return 0; \ + } +- +-/* +-* The OCI being used by the iSulad not supportes ++ ++/* ++* The OCI being used by the iSulad not supportes + * createRuntime/createContainer/startContainer currently. + */ + SPEC_ADD_HOOKS_ITEM_DEF(prestart) +diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c +index 12bd261b..2e065e3d 100644 +--- a/src/daemon/modules/spec/specs_mount.c ++++ b/src/daemon/modules/spec/specs_mount.c +@@ -2871,7 +2871,7 @@ static inline int set_host_ipc_shm_path(container_config_v2_common_config *v2_sp + * 1. The user defined /dev/shm in mounts, which takes the first priority + * 2. If sharable is set in ipc mode (or by default ipc_mode is null), the container provides shm path, + * in the case of sandbox API is used, the sandbox module has already provided shm path +- * 3. Use the connected container's shm path if ipc_mode is set to container:, ++ * 3. Use the connected container's shm path if ipc_mode is set to container:, + * if connected containerd is a sandbox, use the sandbox's shm path + * 4. Use /dev/shm if ipc_mode is set to host + */ +@@ -3613,7 +3613,7 @@ int inject_CDI_devcies_for_oci_spec(oci_runtime_spec *oci_spec, host_config *hos + int ret = 0; + string_array devices_array = { 0 }; + __isula_auto_free char *error = NULL; +- ++ + if (oci_spec == NULL || hostconfig == NULL) { + ERROR("Invalid params"); + return -1; +diff --git a/src/utils/cutils/blocking_queue.c b/src/utils/cutils/blocking_queue.c +index 9bdb2ca3..02059690 100644 +--- a/src/utils/cutils/blocking_queue.c ++++ b/src/utils/cutils/blocking_queue.c +@@ -97,7 +97,8 @@ int blocking_queue_push(blocking_queue *queue, void *data) + return 0; + } + +-int blocking_queue_pop(blocking_queue *queue, void **data) { ++int blocking_queue_pop(blocking_queue *queue, void **data) ++{ + if (queue == NULL || data == NULL) { + ERROR("Invalid NULL arguments"); + return -1; +diff --git a/src/utils/cutils/network_namespace.h b/src/utils/cutils/network_namespace.h +index 6ac7b28b..14410736 100644 +--- a/src/utils/cutils/network_namespace.h ++++ b/src/utils/cutils/network_namespace.h +@@ -22,9 +22,9 @@ + extern "C" { + #endif + +-int prepare_network_namespace(const char *netns_path, const bool post_prepare_network, const int pid); ++int prepare_network_namespace(const char *netns_path, const bool post_setup_network, const int pid); + +-int remove_network_namespace(const char *netns); ++int remove_network_namespace(const char *netns_path); + + int create_network_namespace_file(const char *netns_path); + +diff --git a/src/utils/cutils/utils_array.c b/src/utils/cutils/utils_array.c +index 72294005..6c7444f0 100644 +--- a/src/utils/cutils/utils_array.c ++++ b/src/utils/cutils/utils_array.c +@@ -90,17 +90,17 @@ char **util_copy_array_by_len(char **array, size_t len) + { + char **new_array = NULL; + size_t i; +- ++ + if (array == NULL || len == 0) { + return NULL; + } +- ++ + new_array = util_smart_calloc_s(sizeof(char *), len); + if (new_array == NULL) { + ERROR("Out of memory"); + return NULL; + } +- ++ + for (i = 0; i < len; i++) { + new_array[i] = util_strdup_s(array[i]); + } +@@ -262,12 +262,12 @@ string_array *util_copy_string_array(string_array *sarr) + { + string_array *ptr = NULL; + size_t i; +- ++ + if (sarr == NULL) { + ERROR("Invalid string array"); + return NULL; + } +- ++ + ptr = util_string_array_new(sarr->cap); + if (ptr == NULL) { + ERROR("Out of memory"); +@@ -277,7 +277,7 @@ string_array *util_copy_string_array(string_array *sarr) + ptr->items[i] = util_strdup_s(sarr->items[i]); + ptr->len += 1; + } +- ++ + return ptr; + } + +diff --git a/src/utils/cutils/utils_port.h b/src/utils/cutils/utils_port.h +index dbbf2a5a..ae1676f2 100644 +--- a/src/utils/cutils/utils_port.h ++++ b/src/utils/cutils/utils_port.h +@@ -66,7 +66,7 @@ void util_free_network_port(struct network_port *ptr); + + bool util_valid_proto(const char *proto); + +-int util_get_random_port(); ++int util_get_random_port(void); + + static inline bool is_valid_port(const int port) + { +diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c +index 6f1da12c..0d7c17f4 100644 +--- a/src/utils/cutils/utils_verify.c ++++ b/src/utils/cutils/utils_verify.c +@@ -540,8 +540,8 @@ bool util_valid_propagation_mode(const char *mode) + if (mode == NULL) { + return false; + } +- return strcmp(mode, "private") == 0 || strcmp(mode, "rprivate") == 0 || strcmp(mode, "slave") == 0 || strcmp(mode, "rslave") == 0 || +- strcmp(mode, "shared") == 0 || strcmp(mode, "rshared") == 0; ++ return strcmp(mode, "private") == 0 || strcmp(mode, "rprivate") == 0 || strcmp(mode, "slave") == 0 || ++ strcmp(mode, "rslave") == 0 || strcmp(mode, "shared") == 0 || strcmp(mode, "rshared") == 0; + } + + bool util_valid_mount_mode(const char *mode) +diff --git a/src/utils/progress/show.h b/src/utils/progress/show.h +index c1f71d86..1942db8e 100644 +--- a/src/utils/progress/show.h ++++ b/src/utils/progress/show.h +@@ -21,11 +21,11 @@ extern "C" { + #endif + + void move_to_row(int row); +-void move_cursor_up(int lines); ++void move_cursor_up(int rows); + void clear_row(int row); +-void clear_lines_below(); +-int get_current_row(); +-int get_terminal_width(); ++void clear_lines_below(void); ++int get_current_row(void); ++int get_terminal_width(void); + + #ifdef __cplusplus + } +diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c +index 13343922..29008420 100644 +--- a/src/utils/tar/isulad_tar.c ++++ b/src/utils/tar/isulad_tar.c +@@ -445,7 +445,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char + ERROR("Can not split path: %s", path); + goto cleanup; + } +- ++ + if (realpath(srcdir, cleanpath) == NULL) { + ERROR("Failed to get real path for %s", srcdir); + goto cleanup; +diff --git a/test/cgroup/cpu/cgroup_cpu_ut.cc b/test/cgroup/cpu/cgroup_cpu_ut.cc +index 6e6e04f4..16eec69b 100644 +--- a/test/cgroup/cpu/cgroup_cpu_ut.cc ++++ b/test/cgroup/cpu/cgroup_cpu_ut.cc +@@ -80,7 +80,7 @@ TEST(CgroupCpuUnitTest, test_sysinfo_cgroup_controller_cpurt_mnt_path) + { + MOCK_SET(util_common_calloc_s, nullptr); + ASSERT_EQ(get_sys_info(true), nullptr); +- ++ + int ret = cgroup_ops_init(); + ASSERT_EQ(ret, 0); + +-- +2.25.1 + diff --git a/0088-testcase-close-cdi-testcase.patch b/0088-testcase-close-cdi-testcase.patch new file mode 100644 index 0000000..702342f --- /dev/null +++ b/0088-testcase-close-cdi-testcase.patch @@ -0,0 +1,29 @@ +From eba353bef72bf62cd47f1b03a9fbd4c621ad479e Mon Sep 17 00:00:00 2001 +From: liuxu +Date: Thu, 16 May 2024 18:00:01 +0800 +Subject: [PATCH 088/108] testcase:close cdi testcase + +Signed-off-by: liuxu +--- + CI/test_cases/container_cases/cdi_test.sh | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/CI/test_cases/container_cases/cdi_test.sh b/CI/test_cases/container_cases/cdi_test.sh +index dd7b1177..f9fd4567 100755 +--- a/CI/test_cases/container_cases/cdi_test.sh ++++ b/CI/test_cases/container_cases/cdi_test.sh +@@ -198,8 +198,8 @@ EOF + + declare -i ans=0 + +-do_pre || ((ans++)) +-do_test_full_cdi || ((ans++)) +-do_post ++# do_pre || ((ans++)) ++# do_test_full_cdi || ((ans++)) ++# do_post + + show_result ${ans} "${curr_path}/${0}" +-- +2.25.1 + diff --git a/0089-docs-update-cni-doc.patch b/0089-docs-update-cni-doc.patch new file mode 100644 index 0000000..32d1fad --- /dev/null +++ b/0089-docs-update-cni-doc.patch @@ -0,0 +1,68 @@ +From 7fc8578097b9f8254962dc4fb277492b3251e5cb Mon Sep 17 00:00:00 2001 +From: liuxu +Date: Thu, 16 May 2024 17:56:08 +0800 +Subject: [PATCH 089/108] docs:update cni doc + +Signed-off-by: liuxu +--- + README.md | 2 +- + README_zh.md | 2 +- + docs/design/README.md | 2 ++ + docs/design/README_zh.md | 2 ++ + 4 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/README.md b/README.md +index 694ddbc2..7ddc62ab 100644 +--- a/README.md ++++ b/README.md +@@ -228,7 +228,7 @@ Using [ptcr](https://gitee.com/openeuler/ptcr) as a performance test tool , it s + The standard specification versions that `iSulad` is compatible with are as follows: + + - Compatible with OCI 1.0.0. +-- Compatible with CNI 0.3.0 and above. ++- Compatible with CNI 0.3.0 - 1.0.0, iSulad supports CNI 1.0.0 from 2.1.4 version. + - Compatible with lcr 2.1.x and above. + + ## Kubernetes Support +diff --git a/README_zh.md b/README_zh.md +index 5db28f3a..45ac66ac 100755 +--- a/README_zh.md ++++ b/README_zh.md +@@ -224,7 +224,7 @@ $ sudo isula rm test + `iSulad` 能够兼容的标准规范版本如下: + + - 兼容 1.0.0 版本的OCI +-- 兼容 0.3.0 版本以上的CNI ++- 兼容 0.3.0-1.0.0 版本的CNI,iSulad从2.1.4版本后支持 CNI 1.0.0版本 + - 兼容 2.1.x 版本以上的lcr + + ## Kubernetes Support +diff --git a/docs/design/README.md b/docs/design/README.md +index d2a3702d..c171cb20 100644 +--- a/docs/design/README.md ++++ b/docs/design/README.md +@@ -43,6 +43,8 @@ This section contains some design documents for users who want to learn more abo + + - You can see how the cni operator modules are designed in [cni_operator_design](./detailed/Network/cni_operator_design.md). + ++- You can see how the cni operator modules update to CNI v1.0.0 in [cni_1.0.0_change](./detailed/Network/cni_1.0.0_change.md)。 ++ + - You can see how the CRI adapter modules are designed in [CRI_adapter_design](./detailed/Network/CRI_adapter_design.md). + + - You can see how the native network adapter modules are designed in [native_network_adapter_design](./detailed/Network/native_network_adapter_design.md). +diff --git a/docs/design/README_zh.md b/docs/design/README_zh.md +index c6172b6f..0f4cf13e 100644 +--- a/docs/design/README_zh.md ++++ b/docs/design/README_zh.md +@@ -49,6 +49,8 @@ + + - 查看 cni operator 模块的设计文档: [cni_operator_design](./detailed/Network/cni_operator_design_zh.md) 。 + ++- 查看 cni operator 模块升级到CNI v1.0.0的设计文档: [cni_1.0.0_change](./detailed/Network/cni_1.0.0_change.md) 。 ++ + - 查看 CRI adapter 模块的设计文档: [CRI_adapter_design](./detailed/Network/CRI_adapter_design_zh.md) 。 + + - 查看 native network adapter 模块的设计文档: [native_network_adapter_design](./detailed/Network/native_network_adapter_design_zh.md) 。 +-- +2.25.1 + diff --git a/0090-modify-the-user-error-log-to-be-the-same-as-before.patch b/0090-modify-the-user-error-log-to-be-the-same-as-before.patch new file mode 100644 index 0000000..582f7e4 --- /dev/null +++ b/0090-modify-the-user-error-log-to-be-the-same-as-before.patch @@ -0,0 +1,100 @@ +From 3b0f34c7cd55686cf18f65efbdc0be8a84f13e3e Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Mon, 20 May 2024 17:54:04 +1400 +Subject: [PATCH 090/108] modify the user error log to be the same as before + +Signed-off-by: zhongtao +--- + src/daemon/common/id_name_manager.c | 4 +-- + .../executor/container_cb/execution_create.c | 26 +++++++++++-------- + .../container_cb/execution_information.c | 4 ++- + 3 files changed, 20 insertions(+), 14 deletions(-) + +diff --git a/src/daemon/common/id_name_manager.c b/src/daemon/common/id_name_manager.c +index 263a584d..f64094b9 100644 +--- a/src/daemon/common/id_name_manager.c ++++ b/src/daemon/common/id_name_manager.c +@@ -242,7 +242,7 @@ static bool try_add_name(const char *name) + } + + if (!util_valid_container_name(name)) { +- ERROR("Failed to add invalid name: %s", name); ++ ERROR("Invalid container name (%s), only [a-zA-Z0-9][a-zA-Z0-9_.-]+$ are allowed.", name); + return false; + } + +@@ -262,7 +262,7 @@ static bool try_remove_name(const char *name) + } + + if (!util_valid_container_name(name)) { +- ERROR("Failed to remove invalid name: %s", name); ++ ERROR("Invalid container name (%s), only [a-zA-Z0-9][a-zA-Z0-9_.-]+$ are allowed.", name); + return false; + } + +diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c +index 785b4e27..041089dd 100644 +--- a/src/daemon/executor/container_cb/execution_create.c ++++ b/src/daemon/executor/container_cb/execution_create.c +@@ -761,8 +761,17 @@ static int maintain_container_id(const container_create_request *request, char * + #endif + + if (!nret) { +- ERROR("Failed to add entry to id name manager with new id and name"); +- isulad_set_error_message("Failed to add entry to id name manager with new id and name"); ++ __isula_auto_free char *used_id = NULL; ++ used_id = container_name_index_get(name); ++ if(used_id != NULL) { ++ ERROR("Name %s is in use by container %s", name, used_id); ++ isulad_set_error_message("Conflict. The name \"%s\" is already in use by container %s. " ++ "You have to remove (or rename) that container to be able to reuse that name.", ++ name, used_id); ++ } else { ++ ERROR("Failed to add entry to id name manager with new id and name"); ++ isulad_set_error_message("Failed to add entry to id name manager with new id and name"); ++ } + ret = -1; + goto out; + } +@@ -775,19 +784,14 @@ static int maintain_container_id(const container_create_request *request, char * + goto out; + } + +- char *used_id = NULL; +- used_id = container_name_index_get(name); +- ERROR("Name %s is in use by container %s", name, used_id); +- isulad_set_error_message("Conflict. The name \"%s\" is already in use by container %s. " +- "You have to remove (or rename) that container to be able to reuse that name.", +- name, used_id); +- free(used_id); +- used_id = NULL; +- ret = -1; + if (!skip_id_name_manage && !id_name_manager_remove_entry(id, name)) { + WARN("Failed to remove %s and %s from id name manager", id, name); + } + ++ ERROR("Failed to add %s to container name index", name); ++ isulad_set_error_message("Failed to add %s to container name index", name); ++ ret = -1; ++ + out: + *out_id = id; + *out_name = name; +diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c +index c02cc830..58924257 100644 +--- a/src/daemon/executor/container_cb/execution_information.c ++++ b/src/daemon/executor/container_cb/execution_information.c +@@ -1149,7 +1149,9 @@ static int container_rename(container_t *cont, const char *new_name) + + if (!id_name_manager_rename(new_name, old_name)) { + ERROR("Failed to rename %s to %s in id-name manager", old_name, new_name); +- isulad_set_error_message("Failed to rename %s to %s in id-name manager", old_name, new_name); ++ isulad_set_error_message("Conflict. The name \"%s\" is already in use by container %s. " ++ "You have to remove (or rename) that container to be able to reuse that name.", ++ new_name, new_name); + ret = -1; + goto out; + } +-- +2.25.1 + diff --git a/0091-add-enable-cri-v1-in-k8s-integration.patch b/0091-add-enable-cri-v1-in-k8s-integration.patch new file mode 100644 index 0000000..8c36478 --- /dev/null +++ b/0091-add-enable-cri-v1-in-k8s-integration.patch @@ -0,0 +1,54 @@ +From 1f69ffe589f7225a1db83377e276ddbab963bd16 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Tue, 21 May 2024 01:13:08 +0000 +Subject: [PATCH 091/108] add enable cri v1 in k8s integration + +Signed-off-by: jikai +--- + docs/manual/k8s_integration.md | 9 +++++++++ + docs/manual/k8s_integration_zh.md | 9 +++++++++ + 2 files changed, 18 insertions(+) + +diff --git a/docs/manual/k8s_integration.md b/docs/manual/k8s_integration.md +index 8fcd0a54..14de0ef4 100644 +--- a/docs/manual/k8s_integration.md ++++ b/docs/manual/k8s_integration.md +@@ -20,6 +20,15 @@ + + if `hosts` is not configured, the default endpoint is `unix:///var/run/isulad.sock`. + ++ `iSulad` supports both `CRI V1alpha2` and `CRI V1`, and uses `CRI V1alph2` by default. ++ If `CRI V1` is required, it can be configured in `/etc/isulad/daemon.json` to enable `CRI V1`: ++ ++ ```json ++ "enable-cri-v1": true, ++ ``` ++ ++ If `iSulad` is compiled from source codes, `-D ENABLE_CRI_API_V1=ON` option is required in cmake. ++ + 2. Restart `isulad`: + + ```bash +diff --git a/docs/manual/k8s_integration_zh.md b/docs/manual/k8s_integration_zh.md +index 6dda1e4d..26ba6cc4 100644 +--- a/docs/manual/k8s_integration_zh.md ++++ b/docs/manual/k8s_integration_zh.md +@@ -20,6 +20,15 @@ + + 如果`hosts`没有配置,默认的`endpoint`为``unix:///var/run/isulad.sock`` + ++ `iSulad`同时支持`CRI V1alpha2`和`CRI V1`两种`CRI`接口,默认使用`CRI V1alph2`,若需使用`CRI V1`, ++ 需要在`/etc/isulad/daemon.json`对`iSulad`进行相关配置,配置方式为: ++ ++ ```json ++ "enable-cri-v1": true, ++ ``` ++ ++ 若使用源码编译`iSulad`,还需在编译时增加cmake编译选项`-D ENABLE_CRI_API_V1=ON`。 ++ + 2. 重启`isulad` + + ```bash +-- +2.25.1 + diff --git a/0092-isolate-oom-monitor-codes.patch b/0092-isolate-oom-monitor-codes.patch new file mode 100644 index 0000000..d7d61de --- /dev/null +++ b/0092-isolate-oom-monitor-codes.patch @@ -0,0 +1,317 @@ +From d97656a8b99f4fa95a9c15abfbac777a94b84d55 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Mon, 20 May 2024 08:48:00 +0000 +Subject: [PATCH 092/108] isolate oom monitor codes + +Signed-off-by: jikai +--- + cmake/options.cmake | 7 +++++++ + src/daemon/common/cgroup/cgroup.c | 2 ++ + src/daemon/common/cgroup/cgroup.h | 2 ++ + src/daemon/common/cgroup/cgroup_common.h | 4 ++++ + src/daemon/common/cgroup/cgroup_v1.c | 8 ++++++++ + src/daemon/common/cgroup/cgroup_v2.c | 8 ++++++++ + src/daemon/common/cri/v1/v1_cri_helpers.cc | 2 ++ + src/daemon/modules/container/container_state.c | 2 ++ + .../modules/container/supervisor/supervisor.c | 14 ++++++++++++++ + 9 files changed, 49 insertions(+) + +diff --git a/cmake/options.cmake b/cmake/options.cmake +index a15b8194..5b17f631 100644 +--- a/cmake/options.cmake ++++ b/cmake/options.cmake +@@ -58,6 +58,13 @@ if (ENABLE_SANDBOXER STREQUAL "ON") + message("${Green}-- Enable sandbox API${ColourReset}") + endif() + ++option(ENABLE_OOM_MONITOR "Enable oom monitor" ON) ++IF (ENABLE_OOM_MONITOR STREQUAL "ON") ++ add_definitions(-DENABLE_OOM_MONITOR) ++ set(ENABLE_OOM_MONITOR 1) ++ message("${Green}-- Enable oom monitor${ColourReset}") ++endif() ++ + option(ENABLE_SYSTEMD_NOTIFY "Enable systemd notify" ON) + if (ENABLE_SYSTEMD_NOTIFY STREQUAL "ON") + add_definitions(-DSYSTEMD_NOTIFY) +diff --git a/src/daemon/common/cgroup/cgroup.c b/src/daemon/common/cgroup/cgroup.c +index 71bf9801..77fafdae 100644 +--- a/src/daemon/common/cgroup/cgroup.c ++++ b/src/daemon/common/cgroup/cgroup.c +@@ -197,6 +197,7 @@ char *common_convert_cgroup_path(const char *cgroup_path) + return util_strdup_s(result); + } + ++#ifdef ENABLE_OOM_MONITOR + cgroup_oom_handler_info_t *common_get_cgroup_oom_handler(int fd, const char *name, const char *cgroup_path, + const char *exit_fifo) + { +@@ -225,3 +226,4 @@ void common_free_cgroup_oom_handler_info(cgroup_oom_handler_info_t *info) + free(info->cgroup_memory_event_path); + free(info); + } ++#endif +diff --git a/src/daemon/common/cgroup/cgroup.h b/src/daemon/common/cgroup/cgroup.h +index 0bbb70a0..1ebbfa98 100644 +--- a/src/daemon/common/cgroup/cgroup.h ++++ b/src/daemon/common/cgroup/cgroup.h +@@ -43,9 +43,11 @@ char *common_get_own_cgroup_path(const char *subsystem); + + char *common_convert_cgroup_path(const char *cgroup_path); + ++#ifdef ENABLE_OOM_MONITOR + cgroup_oom_handler_info_t *common_get_cgroup_oom_handler(int fd, const char *name, const char *cgroup_path, + const char *exit_fifo); + void common_free_cgroup_oom_handler_info(cgroup_oom_handler_info_t *info); ++#endif + + #ifdef __cplusplus + } +diff --git a/src/daemon/common/cgroup/cgroup_common.h b/src/daemon/common/cgroup/cgroup_common.h +index 46a7de50..01fc669c 100644 +--- a/src/daemon/common/cgroup/cgroup_common.h ++++ b/src/daemon/common/cgroup/cgroup_common.h +@@ -116,6 +116,7 @@ typedef struct { + cgroup_pids_metrics_t cgpids_metrics; + } cgroup_metrics_t; + ++#ifdef ENABLE_OOM_MONITOR + #define CGROUP_OOM_HANDLE_CONTINUE false + #define CGROUP_OOM_HANDLE_CLOSE true + +@@ -126,6 +127,7 @@ typedef struct _cgroup_oom_handler_info_t { + char *cgroup_memory_event_path; + bool (*oom_event_handler)(int, void *); + } cgroup_oom_handler_info_t; ++#endif + + typedef struct { + int (*get_cgroup_version)(void); +@@ -140,8 +142,10 @@ typedef struct { + char *(*get_init_cgroup_path)(const char *subsystem); + char *(*get_own_cgroup_path)(const char *subsystem); + ++#ifdef ENABLE_OOM_MONITOR + cgroup_oom_handler_info_t *(*get_cgroup_oom_handler)(int fd, const char *name, const char *cgroup_path, + const char *exit_fifo); ++#endif + } cgroup_ops; + + #ifdef __cplusplus +diff --git a/src/daemon/common/cgroup/cgroup_v1.c b/src/daemon/common/cgroup/cgroup_v1.c +index 45b1d096..018336ea 100644 +--- a/src/daemon/common/cgroup/cgroup_v1.c ++++ b/src/daemon/common/cgroup/cgroup_v1.c +@@ -20,12 +20,16 @@ + + #include + #include ++#ifdef ENABLE_OOM_MONITOR + #include ++#endif + + #include "utils.h" + #include "sysinfo.h" + #include "err_msg.h" ++#ifdef ENABLE_OOM_MONITOR + #include "events_sender_api.h" ++#endif + + #define CGROUP_HUGETLB_LIMIT "hugetlb.%s.limit_in_bytes" + #define CGROUP_MOUNT_PATH_PREFIX "/sys/fs/cgroup/" +@@ -1052,6 +1056,7 @@ static char *common_get_cgroup_path(const char *path, const char *subsystem) + return res; + } + ++#ifdef ENABLE_OOM_MONITOR + static bool oom_cb_cgroup_v1(int fd, void *cbdata) + { + cgroup_oom_handler_info_t *info = (cgroup_oom_handler_info_t *)cbdata; +@@ -1205,6 +1210,7 @@ cleanup: + common_free_cgroup_oom_handler_info(info); + return NULL; + } ++#endif + + char *get_init_cgroup_path_v1(const char *subsystem) + { +@@ -1232,6 +1238,8 @@ int cgroup_v1_ops_init(cgroup_ops *ops) + ops->get_cgroup_mnt_and_root_path = get_cgroup_mnt_and_root_path_v1; + ops->get_init_cgroup_path = get_init_cgroup_path_v1; + ops->get_own_cgroup_path = get_own_cgroup_v1; ++#ifdef ENABLE_OOM_MONITOR + ops->get_cgroup_oom_handler = get_cgroup_oom_handler_v1; ++#endif + return 0; + } +\ No newline at end of file +diff --git a/src/daemon/common/cgroup/cgroup_v2.c b/src/daemon/common/cgroup/cgroup_v2.c +index 76754dc1..ce72e6c4 100644 +--- a/src/daemon/common/cgroup/cgroup_v2.c ++++ b/src/daemon/common/cgroup/cgroup_v2.c +@@ -17,14 +17,18 @@ + #include + #include + #include ++#ifdef ENABLE_OOM_MONITOR + #include ++#endif + + #include + + #include "utils.h" + #include "path.h" + #include "sysinfo.h" ++#ifdef ENABLE_OOM_MONITOR + #include "events_sender_api.h" ++#endif + + // Cgroup V2 Item Definition + #define CGROUP2_CPU_WEIGHT "cpu.weight" +@@ -416,6 +420,7 @@ static int get_cgroup_mnt_and_root_v2(const char *subsystem, char **mountpoint, + return 0; + } + ++#ifdef ENABLE_OOM_MONITOR + static bool oom_cb_cgroup_v2(int fd, void *cbdata) + { + const size_t events_size = sizeof(struct inotify_event) + NAME_MAX + 1; +@@ -547,6 +552,7 @@ cleanup: + common_free_cgroup_oom_handler_info(info); + return NULL; + } ++#endif + + int get_cgroup_version_v2() + { +@@ -562,6 +568,8 @@ int cgroup_v2_ops_init(cgroup_ops *ops) + ops->get_cgroup_info = get_cgroup_info_v2; + ops->get_cgroup_metrics = get_cgroup_metrics_v2; + ops->get_cgroup_mnt_and_root_path = get_cgroup_mnt_and_root_v2; ++#ifdef ENABLE_OOM_MONITOR + ops->get_cgroup_oom_handler = get_cgroup_oom_handler_v2; ++#endif + return 0; + } +\ No newline at end of file +diff --git a/src/daemon/common/cri/v1/v1_cri_helpers.cc b/src/daemon/common/cri/v1/v1_cri_helpers.cc +index 478dd105..31b6b137 100644 +--- a/src/daemon/common/cri/v1/v1_cri_helpers.cc ++++ b/src/daemon/common/cri/v1/v1_cri_helpers.cc +@@ -517,9 +517,11 @@ void UpdateBaseStatusFromInspect( + } else { // Case 3 + state = runtime::v1::CONTAINER_CREATED; + } ++#ifdef ENABLE_OOM_MONITOR + if (inspect->state->oom_killed == true) { + reason = "OOMKilled"; + } ++#endif + if (inspect->state->error != nullptr) { + message = inspect->state->error; + } +diff --git a/src/daemon/modules/container/container_state.c b/src/daemon/modules/container/container_state.c +index 452a2b26..f8ad0537 100644 +--- a/src/daemon/modules/container/container_state.c ++++ b/src/daemon/modules/container/container_state.c +@@ -587,7 +587,9 @@ container_inspect_state *container_state_to_inspect_state(container_state_t *s) + state->running = s->state->running; + state->paused = s->state->paused; + state->restarting = s->state->restarting; ++#ifdef ENABLE_OOM_MONITOR + state->oom_killed = s->state->oom_killed; ++#endif + state->pid = s->state->pid; + + state->exit_code = s->state->exit_code; +diff --git a/src/daemon/modules/container/supervisor/supervisor.c b/src/daemon/modules/container/supervisor/supervisor.c +index 39d9fdb8..294783eb 100644 +--- a/src/daemon/modules/container/supervisor/supervisor.c ++++ b/src/daemon/modules/container/supervisor/supervisor.c +@@ -42,8 +42,10 @@ + #ifdef ENABLE_CRI_API_V1 + #include "sandbox_ops.h" + #endif ++#ifdef ENABLE_OOM_MONITOR + #include "cgroup.h" + #include "specs_api.h" ++#endif + + pthread_mutex_t g_supervisor_lock = PTHREAD_MUTEX_INITIALIZER; + struct epoll_descr g_supervisor_descr; +@@ -286,6 +288,7 @@ static int supervisor_exit_cb(int fd, uint32_t events, void *cbdata, struct epol + return EPOLL_LOOP_HANDLE_CONTINUE; + } + ++#ifdef ENABLE_OOM_MONITOR + static int oom_handle_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *descr) + { + cgroup_oom_handler_info_t *oom_handler_info = (cgroup_oom_handler_info_t *)cbdata; +@@ -305,6 +308,7 @@ static int oom_handle_cb(int fd, uint32_t events, void *cbdata, struct epoll_des + + return EPOLL_LOOP_HANDLE_CONTINUE; + } ++#endif + + /* supervisor add exit monitor */ + int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const pid_ppid_info_t *pid_info, +@@ -312,8 +316,10 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p + { + int ret = 0; + struct supervisor_handler_data *data = NULL; ++#ifdef ENABLE_OOM_MONITOR + cgroup_oom_handler_info_t *oom_handler_info = NULL; + __isula_auto_free char *cgroup_path = NULL; ++#endif + + if (fd < 0) { + ERROR("Invalid exit fifo fd"); +@@ -326,12 +332,14 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p + return -1; + } + ++#ifdef ENABLE_OOM_MONITOR + cgroup_path = merge_container_cgroups_path(cont->common_config->id, cont->hostconfig); + if (cgroup_path == NULL) { + ERROR("Failed to get cgroup path"); + close(fd); + return -1; + } ++#endif + + data = util_common_calloc_s(sizeof(struct supervisor_handler_data)); + if (data == NULL) { +@@ -353,9 +361,12 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p + data->pid_info.start_time = pid_info->start_time; + data->pid_info.ppid = pid_info->ppid; + data->pid_info.pstart_time = pid_info->pstart_time; ++#ifdef ENABLE_OOM_MONITOR + oom_handler_info = common_get_cgroup_oom_handler(fd, cont->common_config->id, cgroup_path, exit_fifo); ++#endif + + supervisor_handler_lock(); ++#ifdef ENABLE_OOM_MONITOR + if (oom_handler_info != NULL) { + ret = epoll_loop_add_handler(&g_supervisor_descr, oom_handler_info->oom_event_fd, oom_handle_cb, oom_handler_info); + if (ret != 0) { +@@ -363,6 +374,7 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p + goto err; + } + } ++#endif + + ret = epoll_loop_add_handler(&g_supervisor_descr, fd, supervisor_exit_cb, data); + if (ret != 0) { +@@ -374,7 +386,9 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p + + err: + supervisor_handler_data_free(data); ++#ifdef ENABLE_OOM_MONITOR + common_free_cgroup_oom_handler_info(oom_handler_info); ++#endif + out: + supervisor_handler_unlock(); + return ret; +-- +2.25.1 + diff --git a/0093-change-fork-process-exit-mode.patch b/0093-change-fork-process-exit-mode.patch new file mode 100644 index 0000000..2806227 --- /dev/null +++ b/0093-change-fork-process-exit-mode.patch @@ -0,0 +1,64 @@ +From 0ff5a421e31096fbd10cf00c45a3849297023391 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Thu, 23 May 2024 01:09:41 +1400 +Subject: [PATCH 093/108] change fork process exit mode + +--- + src/utils/tar/util_archive.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index 52b51162..204dab83 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -897,9 +897,9 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co + + child_out: + if (ret != 0) { +- exit(EXIT_FAILURE); ++ _exit(EXIT_FAILURE); + } +- exit(EXIT_SUCCESS); ++ _exit(EXIT_SUCCESS); + } + close(pipe_stderr[1]); + pipe_stderr[1] = -1; +@@ -1342,9 +1342,9 @@ int archive_chroot_tar(const char *path, const char *file, const char *root_dir, + child_out: + + if (ret != 0) { +- exit(EXIT_FAILURE); ++ _exit(EXIT_FAILURE); + } else { +- exit(EXIT_SUCCESS); ++ _exit(EXIT_SUCCESS); + } + } + close(pipe_for_read[1]); +@@ -1577,9 +1577,9 @@ int archive_chroot_untar_stream(const struct io_read_wrapper *context, const cha + + child_out: + if (ret != 0) { +- exit(EXIT_FAILURE); ++ _exit(EXIT_FAILURE); + } +- exit(EXIT_SUCCESS); ++ _exit(EXIT_SUCCESS); + } + + close(pipe_stderr[1]); +@@ -1727,9 +1727,9 @@ child_out: + free(tar_base_name); + + if (ret != 0) { +- exit(EXIT_FAILURE); ++ _exit(EXIT_FAILURE); + } else { +- exit(EXIT_SUCCESS); ++ _exit(EXIT_SUCCESS); + } + } + +-- +2.25.1 + diff --git a/0094-fix-error-log-for-verify_cpu_realtime.patch b/0094-fix-error-log-for-verify_cpu_realtime.patch new file mode 100644 index 0000000..c62bbe8 --- /dev/null +++ b/0094-fix-error-log-for-verify_cpu_realtime.patch @@ -0,0 +1,26 @@ +From 1671a136d1b7d209c453a8ad2b1bf062a3afbe09 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 28 May 2024 17:23:45 +1400 +Subject: [PATCH 094/108] fix error log for verify_cpu_realtime + +Signed-off-by: zhongtao +--- + src/daemon/modules/spec/verify.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c +index 57e16ef9..1ce76c1d 100644 +--- a/src/daemon/modules/spec/verify.c ++++ b/src/daemon/modules/spec/verify.c +@@ -390,7 +390,7 @@ static int verify_cpu_realtime(const sysinfo_t *sysinfo, int64_t realtime_period + + if (realtime_runtime != 0 && !(sysinfo->cgcpuinfo.cpu_rt_runtime)) { + ERROR("Invalid --cpu-rt-runtime: Your kernel does not support cgroup rt runtime"); +- isulad_set_error_message("Invalid --cpu-rt-period: Your kernel does not support cgroup rt runtime"); ++ isulad_set_error_message("Invalid --cpu-rt-runtime: Your kernel does not support cgroup rt runtime"); + ret = -1; + goto out; + } +-- +2.25.1 + diff --git a/0095-bugfix-change-max-network-name-len.patch b/0095-bugfix-change-max-network-name-len.patch new file mode 100644 index 0000000..3a4ffb7 --- /dev/null +++ b/0095-bugfix-change-max-network-name-len.patch @@ -0,0 +1,54 @@ +From e2a7e6bfb0f0e97e5e1543fac7a5e0807fadaba0 Mon Sep 17 00:00:00 2001 +From: liuxu +Date: Thu, 30 May 2024 16:50:56 +0800 +Subject: [PATCH 095/108] bugfix: change max network name len + +Signed-off-by: liuxu +--- + docs/design/detailed/Network/native_network_adapter_design.md | 2 +- + .../design/detailed/Network/native_network_adapter_design_zh.md | 2 +- + src/utils/cutils/utils.h | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/docs/design/detailed/Network/native_network_adapter_design.md b/docs/design/detailed/Network/native_network_adapter_design.md +index b58989eb..1010bd73 100644 +--- a/docs/design/detailed/Network/native_network_adapter_design.md ++++ b/docs/design/detailed/Network/native_network_adapter_design.md +@@ -204,7 +204,7 @@ Client: + 1. Parse the parameters passed in by the user. + 2. Verify the incoming parameters, including: + - Only one network is allowed to be created at a time, that is, at most one name can be specified. +- - If name is specified, check whether the length of name exceeds MAX_NETWORK_NAME_LEN(128). ++ - If name is specified, check whether the length of name exceeds MAX_NETWORK_NAME_LEN(255). + 3. Send the request to the server + + Server: +diff --git a/docs/design/detailed/Network/native_network_adapter_design_zh.md b/docs/design/detailed/Network/native_network_adapter_design_zh.md +index 30860f3d..62c4b6ef 100644 +--- a/docs/design/detailed/Network/native_network_adapter_design_zh.md ++++ b/docs/design/detailed/Network/native_network_adapter_design_zh.md +@@ -204,7 +204,7 @@ int native_network_add_container_list(const char *network_name, const char *cont + 1. 解析用户传入的参数 + 2. 对传入的参数进行校验,包括 + - 每次只允许创建一个网络, 即最多指定一个name +- - 若指定name,检查name长度是否超过MAX_NETWORK_NAME_LEN(128) ++ - 若指定name,检查name长度是否超过MAX_NETWORK_NAME_LEN(255) + 3. 发送请求到服务端 + + 服务端: +diff --git a/src/utils/cutils/utils.h b/src/utils/cutils/utils.h +index 3671272a..4417a165 100644 +--- a/src/utils/cutils/utils.h ++++ b/src/utils/cutils/utils.h +@@ -99,7 +99,7 @@ int malloc_trim(size_t pad); + #define MAX_IMAGE_REF_LEN 384 + #define MAX_CONTAINER_NAME_LEN 1024 + #define MAX_RUNTIME_NAME_LEN 32 +-#define MAX_NETWORK_NAME_LEN 128 ++#define MAX_NETWORK_NAME_LEN 255 + + #define LOGIN_USERNAME_LEN 255 + #define LOGIN_PASSWORD_LEN 255 +-- +2.25.1 + diff --git a/0096-del-useless-info.patch b/0096-del-useless-info.patch new file mode 100644 index 0000000..ea885dd --- /dev/null +++ b/0096-del-useless-info.patch @@ -0,0 +1,26 @@ +From b36cfa4325f43b3fa1468ba360b3d51f6ef1c3ca Mon Sep 17 00:00:00 2001 +From: liuxu +Date: Thu, 30 May 2024 17:14:48 +0800 +Subject: [PATCH 096/108] del useless info + +Signed-off-by: liuxu +--- + release_notes | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/release_notes b/release_notes +index 2d564c7e..fdcd3690 100644 +--- a/release_notes ++++ b/release_notes +@@ -72,7 +72,7 @@ + + dev stats: + - 357 files changed, 7886 insertions(+), 2849 deletions(-) +- - contributors: zhongtao, jikai, haozi007, jake, liuxu, xuxuepeng, zhangxiaoyu, sailorvii, chen524, dreamloy, l00804245, yangjiaqi ++ - contributors: zhongtao, jikai, haozi007, jake, liuxu, xuxuepeng, zhangxiaoyu, sailorvii, chen524, dreamloy, yangjiaqi + + 2023-11-07 xuepengxu release 2.1.4 + - !2238 modify the default value of EANBLE_IMAGE_LIBARAY to off * modify the default value of EANBLE_IMAGE_LIBARAY to off +-- +2.25.1 + diff --git a/0097-code-improve.patch b/0097-code-improve.patch new file mode 100644 index 0000000..cb8d41d --- /dev/null +++ b/0097-code-improve.patch @@ -0,0 +1,83 @@ +From 2aa26649f20ae5992ace7bb8cb62a5ee9c3f7a81 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Thu, 30 May 2024 21:30:43 +1400 +Subject: [PATCH 097/108] code improve + +Signed-off-by: zhongtao +--- + src/cmd/isula/volume/prune.c | 2 +- + src/cmd/options/opt_log.c | 2 +- + src/daemon/executor/container_cb/execution_extend.c | 3 ++- + src/daemon/executor/container_cb/execution_information.c | 2 +- + src/daemon/modules/image/oci/registry_type.c | 2 +- + 5 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/src/cmd/isula/volume/prune.c b/src/cmd/isula/volume/prune.c +index c8d632ed..3b5bfbf1 100644 +--- a/src/cmd/isula/volume/prune.c ++++ b/src/cmd/isula/volume/prune.c +@@ -79,7 +79,7 @@ out: + + int cmd_volume_prune_main(int argc, const char **argv) + { +- int i = 0; ++ size_t i = 0; + struct isula_libutils_log_config lconf = { 0 }; + int exit_code = 1; + command_t cmd; +diff --git a/src/cmd/options/opt_log.c b/src/cmd/options/opt_log.c +index b1abcfaf..8ffb9966 100644 +--- a/src/cmd/options/opt_log.c ++++ b/src/cmd/options/opt_log.c +@@ -67,7 +67,7 @@ static int log_opt_syslog_facility(const char *key, const char *value, char **pa + "authpriv", "ftp", "local0", "local1", "local2", + "local3", "local4", "local5", "local6", "local7" + }; +- int i; ++ size_t i; + size_t f_len = sizeof(facility_values) / sizeof(const char *); + + for (i = 0; i < f_len; i++) { +diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c +index 52401633..ed072848 100644 +--- a/src/daemon/executor/container_cb/execution_extend.c ++++ b/src/daemon/executor/container_cb/execution_extend.c +@@ -990,7 +990,8 @@ out: + + static int update_container_unified(const char *id, const host_config *hostconfig, host_config *chostconfig) + { +- int i, cgroup_version; ++ int cgroup_version; ++ size_t i; + + if (hostconfig->unified == NULL || hostconfig->unified->len == 0) { + return 0; +diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c +index 58924257..4aee3aef 100644 +--- a/src/daemon/executor/container_cb/execution_information.c ++++ b/src/daemon/executor/container_cb/execution_information.c +@@ -244,7 +244,7 @@ static int get_proxy_env(char **proxy, const char *type) + } + *col_pos = '\0'; + nret = snprintf(*proxy, proxy_len, "%s:%s%s", tmp_proxy, mask_str, at_pos); +- if (nret < 0 || nret >= proxy_len) { ++ if (nret < 0 || (size_t)nret >= proxy_len) { + ret = -1; + free(*proxy); + *proxy = NULL; +diff --git a/src/daemon/modules/image/oci/registry_type.c b/src/daemon/modules/image/oci/registry_type.c +index 6c9ff747..7a2c25ed 100644 +--- a/src/daemon/modules/image/oci/registry_type.c ++++ b/src/daemon/modules/image/oci/registry_type.c +@@ -59,7 +59,7 @@ void free_layer_blob(layer_blob *layer) + + void free_pull_desc(pull_descriptor *desc) + { +- int i = 0; ++ size_t i = 0; + + if (desc == NULL) { + return; +-- +2.25.1 + diff --git a/0098-cdi-add-debug-info.patch b/0098-cdi-add-debug-info.patch new file mode 100644 index 0000000..aec57f6 --- /dev/null +++ b/0098-cdi-add-debug-info.patch @@ -0,0 +1,33 @@ +From 5a5f4879246783932ab620b2461a7cd832ddc1f0 Mon Sep 17 00:00:00 2001 +From: liuxu +Date: Fri, 31 May 2024 16:38:26 +0800 +Subject: [PATCH 098/108] cdi:add debug info + +Signed-off-by: liuxu +--- + src/daemon/modules/device/cdi/cdi_cache.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/daemon/modules/device/cdi/cdi_cache.c b/src/daemon/modules/device/cdi/cdi_cache.c +index e9a9b804..cd7158dd 100644 +--- a/src/daemon/modules/device/cdi/cdi_cache.c ++++ b/src/daemon/modules/device/cdi/cdi_cache.c +@@ -306,6 +306,7 @@ static void refresh_scan_spec_func(struct cdi_scan_fn_maps *scan_fn_maps, const + ERROR("Failed to insert device to devices by name %s", qualified); + goto error_out; + } ++ DEBUG("Add device %s into memory", qualified); + free(qualified); + qualified = NULL; + } +@@ -445,6 +446,7 @@ static int cdi_inject_devices(struct cdi_cache *c, oci_runtime_spec *oci_spec, s + + for (i = 0; i < devices->len; i++) { + device = devices->items[i]; ++ DEBUG("Search cdi devices %s.", device); + d = map_search(c->devices, (void *)device); + if (d == NULL) { + if (util_append_string_array(unresolved, device) != 0) { +-- +2.25.1 + diff --git a/0099-bugfix-cni-network-name-UT.patch b/0099-bugfix-cni-network-name-UT.patch new file mode 100644 index 0000000..4ed04c3 --- /dev/null +++ b/0099-bugfix-cni-network-name-UT.patch @@ -0,0 +1,28 @@ +From 4a98535064319a9df3143d9c4b397f44fbbb56c5 Mon Sep 17 00:00:00 2001 +From: liuxu +Date: Mon, 3 Jun 2024 16:11:06 +0800 +Subject: [PATCH 099/108] bugfix:cni network name UT + +Signed-off-by: liuxu +--- + test/cutils/utils_network/utils_network_ut.cc | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/cutils/utils_network/utils_network_ut.cc b/test/cutils/utils_network/utils_network_ut.cc +index 33eb6eb5..68f6f011 100644 +--- a/test/cutils/utils_network/utils_network_ut.cc ++++ b/test/cutils/utils_network/utils_network_ut.cc +@@ -344,8 +344,8 @@ TEST(utils_network, test_net_contain_ip) + TEST(utils_network, test_validate_network_name) + { + ASSERT_EQ(util_validate_network_name(nullptr), false); +- ASSERT_EQ(util_validate_network_name(std::string(128, 'a').c_str()), true); +- ASSERT_EQ(util_validate_network_name(std::string(129, 'a').c_str()), false); ++ ASSERT_EQ(util_validate_network_name(std::string(255, 'a').c_str()), true); ++ ASSERT_EQ(util_validate_network_name(std::string(256, 'a').c_str()), false); + ASSERT_EQ(util_validate_network_name(std::string(".abce").c_str()), false); + } + +-- +2.25.1 + diff --git a/0100-bugfix-malloc-right-type-size.patch b/0100-bugfix-malloc-right-type-size.patch new file mode 100644 index 0000000..983d55e --- /dev/null +++ b/0100-bugfix-malloc-right-type-size.patch @@ -0,0 +1,40 @@ +From 7bf26415fcba090e281324ba92f7d7e6487b94fc Mon Sep 17 00:00:00 2001 +From: liuxu +Date: Tue, 4 Jun 2024 16:30:19 +0800 +Subject: [PATCH 100/108] bugfix:malloc right type size + +Signed-off-by: liuxu +--- + src/client/connect/rest/rest_volumes_client.c | 2 +- + src/daemon/modules/service/service_network.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/client/connect/rest/rest_volumes_client.c b/src/client/connect/rest/rest_volumes_client.c +index 88254e6c..2327c28e 100644 +--- a/src/client/connect/rest/rest_volumes_client.c ++++ b/src/client/connect/rest/rest_volumes_client.c +@@ -251,7 +251,7 @@ static int prune_request_to_rest(const struct isula_prune_volume_request *reques + parser_error err = NULL; + int ret = 0; + +- nrequest = util_common_calloc_s(sizeof(volume_list_volume_request)); ++ nrequest = util_common_calloc_s(sizeof(volume_prune_volume_request)); + if (nrequest == NULL) { + ERROR("Out of memory"); + return -1; +diff --git a/src/daemon/modules/service/service_network.c b/src/daemon/modules/service/service_network.c +index 6754cf1a..fe6dbf1d 100644 +--- a/src/daemon/modules/service/service_network.c ++++ b/src/daemon/modules/service/service_network.c +@@ -74,7 +74,7 @@ static struct attach_net_conf_list *build_attach_networks(const defs_map_string_ + return NULL; + } + +- list = (struct attach_net_conf_list *)util_common_calloc_s(sizeof(struct attach_net_conf)); ++ list = (struct attach_net_conf_list *)util_common_calloc_s(sizeof(struct attach_net_conf_list)); + if (list == NULL) { + ERROR("Out of memory"); + return NULL; +-- +2.25.1 + diff --git a/0101-use-isula_clean_path-rather-than-realpath.patch b/0101-use-isula_clean_path-rather-than-realpath.patch new file mode 100644 index 0000000..6ac4423 --- /dev/null +++ b/0101-use-isula_clean_path-rather-than-realpath.patch @@ -0,0 +1,26 @@ +From 60a2b15e0090018b7850b37369964bf62e253419 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Wed, 5 Jun 2024 02:07:23 +0000 +Subject: [PATCH 101/108] use isula_clean_path rather than realpath + +Signed-off-by: jikai +--- + src/cmd/isulad-shim/process.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index 18fae03f..dd41c77f 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -489,7 +489,7 @@ static bool attach_fifopath_security_check(process_t *p, const char *fifopath) + return false; + } + +- if (realpath(fifopath, real_path) == NULL) { ++ if (isula_clean_path(fifopath, real_path, sizeof(real_path)) == NULL) { + ERROR("Failed to get realpath for '%s': %d.", real_path, SHIM_SYS_ERR(errno)); + return false; + } +-- +2.25.1 + diff --git a/0102-fix-false-engine-rootpath-reference.patch b/0102-fix-false-engine-rootpath-reference.patch new file mode 100644 index 0000000..a375a44 --- /dev/null +++ b/0102-fix-false-engine-rootpath-reference.patch @@ -0,0 +1,32 @@ +From fa25a8923e47ed6b65e0bcd08954589f5b26092c Mon Sep 17 00:00:00 2001 +From: jikai +Date: Wed, 5 Jun 2024 02:10:48 +0000 +Subject: [PATCH 102/108] fix false engine rootpath reference + +Signed-off-by: jikai +--- + src/daemon/config/isulad_config.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index 80689bce..d7b54498 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -398,12 +398,12 @@ char *conf_get_sandbox_rootpath(void) + ERROR("Get rootpath failed"); + return epath; + } +- if (strlen(rootpath) > (PATH_MAX - strlen(ENGINE_ROOTPATH_NAME)) - 2) { ++ if (strlen(rootpath) > (PATH_MAX - strlen(SANDBOX_ROOTPATH_NAME)) - 2) { + ERROR("Root path is too long"); + return epath; + } + // rootpath + "/" + SANDBOX_ROOTPATH_NAME + "/0" +- len = strlen(rootpath) + 1 + strlen(ENGINE_ROOTPATH_NAME) + 1; ++ len = strlen(rootpath) + 1 + strlen(SANDBOX_ROOTPATH_NAME) + 1; + epath = util_smart_calloc_s(sizeof(char), len); + if (epath == NULL) { + ERROR("Out of memory"); +-- +2.25.1 + diff --git a/0103-bugfix-add-note.patch b/0103-bugfix-add-note.patch new file mode 100644 index 0000000..1cdc42b --- /dev/null +++ b/0103-bugfix-add-note.patch @@ -0,0 +1,25 @@ +From 8eea40e09aa34da85cfa191f07cfe7e123c9809d Mon Sep 17 00:00:00 2001 +From: liuxu +Date: Wed, 5 Jun 2024 10:18:06 +0800 +Subject: [PATCH 103/108] bugfix:add note + +Signed-off-by: liuxu +--- + src/utils/cutils/utils_array.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/utils/cutils/utils_array.h b/src/utils/cutils/utils_array.h +index 0c4fd217..553c2c13 100644 +--- a/src/utils/cutils/utils_array.h ++++ b/src/utils/cutils/utils_array.h +@@ -30,6 +30,7 @@ void util_free_array_by_len(char **array, size_t len); + + void util_free_array(char **array); + ++// this function just copies the first len elements of array and does not automatically add NULL element in the end. + char **util_copy_array_by_len(char **array, size_t len); + + int util_grow_array(char ***orig_array, size_t *orig_capacity, size_t size, +-- +2.25.1 + diff --git a/0104-bugfix-adapt-network-name-max-len.patch b/0104-bugfix-adapt-network-name-max-len.patch new file mode 100644 index 0000000..0d7c6a3 --- /dev/null +++ b/0104-bugfix-adapt-network-name-max-len.patch @@ -0,0 +1,64 @@ +From 174f7d9d959bd129675651ccf7ef460794188b63 Mon Sep 17 00:00:00 2001 +From: liuxu +Date: Wed, 5 Jun 2024 10:40:22 +0800 +Subject: [PATCH 104/108] bugfix:adapt network name max len + +Signed-off-by: liuxu +--- + CI/test_cases/network_cases/network_create.sh | 5 +++-- + src/utils/cutils/utils.h | 7 ++++++- + test/cutils/utils_network/utils_network_ut.cc | 4 ++-- + 3 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/CI/test_cases/network_cases/network_create.sh b/CI/test_cases/network_cases/network_create.sh +index 3107da12..da54fdd0 100755 +--- a/CI/test_cases/network_cases/network_create.sh ++++ b/CI/test_cases/network_cases/network_create.sh +@@ -33,8 +33,9 @@ function test_network_create() + local name1="cni1" + local name2="cni2" + local name3="a" +- for i in $(seq 1 7);do +- name3=${name3}${name3} ++ local basechar="a" ++ for i in $(seq 1 199);do ++ name3=${name3}${basechar} + done + local name4=${name3}b + local invalid_name=".xx" +diff --git a/src/utils/cutils/utils.h b/src/utils/cutils/utils.h +index 4417a165..ce0ca703 100644 +--- a/src/utils/cutils/utils.h ++++ b/src/utils/cutils/utils.h +@@ -99,7 +99,12 @@ int malloc_trim(size_t pad); + #define MAX_IMAGE_REF_LEN 384 + #define MAX_CONTAINER_NAME_LEN 1024 + #define MAX_RUNTIME_NAME_LEN 32 +-#define MAX_NETWORK_NAME_LEN 255 ++/* ++ * Linux limits the length of the file name to 255, ++ * isulad will create file by name "${ISULAD_CNI_NETWORK_CONF_FILE_PRE}${network_name}.conflist" ++ * when create native network,so we limit the length of the network name to 200. ++ */ ++#define MAX_NETWORK_NAME_LEN 200 + + #define LOGIN_USERNAME_LEN 255 + #define LOGIN_PASSWORD_LEN 255 +diff --git a/test/cutils/utils_network/utils_network_ut.cc b/test/cutils/utils_network/utils_network_ut.cc +index 68f6f011..be85e398 100644 +--- a/test/cutils/utils_network/utils_network_ut.cc ++++ b/test/cutils/utils_network/utils_network_ut.cc +@@ -344,8 +344,8 @@ TEST(utils_network, test_net_contain_ip) + TEST(utils_network, test_validate_network_name) + { + ASSERT_EQ(util_validate_network_name(nullptr), false); +- ASSERT_EQ(util_validate_network_name(std::string(255, 'a').c_str()), true); +- ASSERT_EQ(util_validate_network_name(std::string(256, 'a').c_str()), false); ++ ASSERT_EQ(util_validate_network_name(std::string(200, 'a').c_str()), true); ++ ASSERT_EQ(util_validate_network_name(std::string(201, 'a').c_str()), false); + ASSERT_EQ(util_validate_network_name(std::string(".abce").c_str()), false); + } + +-- +2.25.1 + diff --git a/0105-start-sandbox-before-setup-network-by-default.patch b/0105-start-sandbox-before-setup-network-by-default.patch new file mode 100644 index 0000000..df5c44f --- /dev/null +++ b/0105-start-sandbox-before-setup-network-by-default.patch @@ -0,0 +1,140 @@ +From e6b3528acff10fb2bc62e2da0c3754f1e36cbd54 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 5 Jun 2024 10:04:59 +0800 +Subject: [PATCH 105/108] start sandbox before setup network by default + +Signed-off-by: zhongtao +--- + src/daemon/common/cri/cri_helpers.cc | 12 +++++++ + src/daemon/common/cri/cri_helpers.h | 3 ++ + .../cri_pod_sandbox_manager_service.cc | 34 +++++++++++++------ + src/daemon/modules/spec/specs.c | 2 +- + src/utils/cutils/utils_file.c | 2 +- + 5 files changed, 41 insertions(+), 12 deletions(-) + +diff --git a/src/daemon/common/cri/cri_helpers.cc b/src/daemon/common/cri/cri_helpers.cc +index 68d569cc..8117403c 100644 +--- a/src/daemon/common/cri/cri_helpers.cc ++++ b/src/daemon/common/cri/cri_helpers.cc +@@ -47,6 +47,8 @@ const std::string Constants::DOCKER_IMAGEID_PREFIX { "docker://" }; + const std::string Constants::DOCKER_PULLABLE_IMAGEID_PREFIX { "docker-pullable://" }; + const std::string Constants::RUNTIME_READY { "RuntimeReady" }; + const std::string Constants::NETWORK_READY { "NetworkReady" }; ++// Kata 2.x need create network namespace and setup network befoce run podsandbox ++const std::string Constants::NETWORK_SETUP_ANNOTATION_KEY { "cri.sandbox.network.setup.v2" }; + const std::string Constants::POD_CHECKPOINT_KEY { "cri.sandbox.isulad.checkpoint" }; + const std::string Constants::CONTAINER_TYPE_ANNOTATION_KEY { "io.kubernetes.cri.container-type" }; + const std::string Constants::CONTAINER_NAME_ANNOTATION_KEY { "io.kubernetes.cri.container-name" }; +@@ -1140,4 +1142,14 @@ auto GetPodSELinuxLabelOpts(const std::string &selinuxLabel, Errors &error) + return fmtiSuladOpts(selinuxOpts, securityOptSep); + } + ++bool SetupNetworkFirst(const std::map &annotations) ++{ ++ auto iter = annotations.find(CRIHelpers::Constants::NETWORK_SETUP_ANNOTATION_KEY); ++ if (iter == annotations.end()) { ++ return false; ++ } ++ ++ return iter->second == std::string("true"); ++} ++ + } // namespace CRIHelpers +diff --git a/src/daemon/common/cri/cri_helpers.h b/src/daemon/common/cri/cri_helpers.h +index 5c450b32..11a80b45 100644 +--- a/src/daemon/common/cri/cri_helpers.h ++++ b/src/daemon/common/cri/cri_helpers.h +@@ -49,6 +49,7 @@ public: + static const std::string DOCKER_PULLABLE_IMAGEID_PREFIX; + static const std::string RUNTIME_READY; + static const std::string NETWORK_READY; ++ static const std::string NETWORK_SETUP_ANNOTATION_KEY; + static const std::string POD_CHECKPOINT_KEY; + static const size_t MAX_CHECKPOINT_KEY_LEN { 250 }; + static const std::string CONTAINER_TYPE_ANNOTATION_KEY; +@@ -151,6 +152,8 @@ auto GetPodSELinuxLabelOpts(const std::string &selinuxLabel, Errors &error) -> s + auto GetlegacySeccompiSuladOpts(const std::string &seccompProfile, Errors &error) -> std::vector; + + auto GetSeccompiSuladOptsByPath(const char *dstpath, Errors &error) -> std::vector; ++ ++bool SetupNetworkFirst(const std::map &annotations); + }; // namespace CRIHelpers + + #endif // DAEMON_ENTRY_CRI_CRI_HELPERS_H +diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc +index af6b5fff..f852f4df 100644 +--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc ++++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc +@@ -655,19 +655,33 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1alpha2::PodSandbox + } + } + +- // Step 7: Setup networking for the sandbox. +- SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error); +- if (error.NotEmpty()) { +- goto cleanup_ns; +- } ++ // Step 7: According to the annotation and network namespace mode, ++ // determine the order of start sandbox and setup network. ++ if (CRIHelpers::SetupNetworkFirst(stdAnnos)) { ++ // Step 7.1: Setup networking for the sandbox, and then start the sandbox container. ++ SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error); ++ if (error.NotEmpty()) { ++ goto cleanup_ns; ++ } + +- // Step 8: Start the sandbox container. +- StartSandboxContainer(response_id, error); +- if (error.NotEmpty()) { +- goto cleanup_network; ++ StartSandboxContainer(response_id, error); ++ if (error.NotEmpty()) { ++ goto cleanup_network; ++ } ++ } else { ++ // Step 7.2: (Default)Start the sandbox container, and then setup networking for the sandbox. ++ StartSandboxContainer(response_id, error); ++ if (error.NotEmpty()) { ++ goto cleanup_ns; ++ } ++ ++ SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error); ++ if (error.NotEmpty()) { ++ goto cleanup_ns; ++ } + } + +- // Step 9: Save network settings json to disk ++ // Step 8: Save network settings json to disk + if (namespace_is_cni(inspect_data->host_config->network_mode)) { + Errors tmpErr; + UpdatePodSandboxNetworkSettings(response_id, network_setting_json, tmpErr); +diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c +index 122f9992..f0538e26 100644 +--- a/src/daemon/modules/spec/specs.c ++++ b/src/daemon/modules/spec/specs.c +@@ -1601,7 +1601,7 @@ static int merge_share_network_namespace(const oci_runtime_spec *oci_spec, const + int ret = 0; + char *ns_path = NULL; + +- if (host_spec->network_mode == NULL) { ++ if (host_spec->network_mode == NULL || strlen(host_spec->network_mode) == 0) { + return 0; + } + +diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c +index 6fc6852d..90bb156f 100644 +--- a/src/utils/cutils/utils_file.c ++++ b/src/utils/cutils/utils_file.c +@@ -85,7 +85,7 @@ bool util_file_exists(const char *f) + struct stat buf; + int nret; + +- if (f == NULL) { ++ if (f == NULL || strlen(f) == 0) { + return false; + } + +-- +2.25.1 + diff --git a/0106-Revert-use-isula_clean_path-rather-than-realpath.patch b/0106-Revert-use-isula_clean_path-rather-than-realpath.patch new file mode 100644 index 0000000..6115474 --- /dev/null +++ b/0106-Revert-use-isula_clean_path-rather-than-realpath.patch @@ -0,0 +1,28 @@ +From f690c9a2dff298b41dc607e4ea6dd09113a322fb Mon Sep 17 00:00:00 2001 +From: jikai +Date: Thu, 6 Jun 2024 02:13:36 +0000 +Subject: [PATCH 106/108] Revert "use isula_clean_path rather than realpath" + +This reverts commit 60a2b15e0090018b7850b37369964bf62e253419. + +Signed-off-by: jikai +--- + src/cmd/isulad-shim/process.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index dd41c77f..18fae03f 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -489,7 +489,7 @@ static bool attach_fifopath_security_check(process_t *p, const char *fifopath) + return false; + } + +- if (isula_clean_path(fifopath, real_path, sizeof(real_path)) == NULL) { ++ if (realpath(fifopath, real_path) == NULL) { + ERROR("Failed to get realpath for '%s': %d.", real_path, SHIM_SYS_ERR(errno)); + return false; + } +-- +2.25.1 + diff --git a/0107-bugfix-for-start-sandbox-before-setup-network-by-def.patch b/0107-bugfix-for-start-sandbox-before-setup-network-by-def.patch new file mode 100644 index 0000000..009910f --- /dev/null +++ b/0107-bugfix-for-start-sandbox-before-setup-network-by-def.patch @@ -0,0 +1,28 @@ +From 63f4f9bc9c36825d85a14f6a33102194d30e12a7 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Fri, 7 Jun 2024 02:24:49 +1400 +Subject: [PATCH 107/108] bugfix for start sandbox before setup network by + default + +Signed-off-by: zhongtao +--- + .../entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc +index f852f4df..bc3f4031 100644 +--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc ++++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc +@@ -677,6 +677,9 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1alpha2::PodSandbox + + SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error); + if (error.NotEmpty()) { ++ Errors stopError; ++ StopContainerHelper(response_id, stopError); ++ WARN("Error stop container: %s: %s", response_id.c_str(), stopError.GetCMessage()); + goto cleanup_ns; + } + } +-- +2.25.1 + diff --git a/0108-skip-test-rely-on-docker.io.patch b/0108-skip-test-rely-on-docker.io.patch new file mode 100644 index 0000000..dd146d7 --- /dev/null +++ b/0108-skip-test-rely-on-docker.io.patch @@ -0,0 +1,59 @@ +From d3e7b0b0d19ca4937716d835e3627714157d6cc3 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 11 Jun 2024 17:14:58 +0800 +Subject: [PATCH 108/108] skip test rely on docker.io + +Signed-off-by: zhongtao +--- + CI/test_cases/image_cases/image_search.sh | 4 +++- + CI/test_cases/image_cases/integration_check.sh | 2 +- + CI/test_cases/image_cases/registry.sh | 5 +++-- + 3 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/CI/test_cases/image_cases/image_search.sh b/CI/test_cases/image_cases/image_search.sh +index 11af02f1..4bf0e099 100755 +--- a/CI/test_cases/image_cases/image_search.sh ++++ b/CI/test_cases/image_cases/image_search.sh +@@ -76,7 +76,9 @@ function test_image_search() + + declare -i ans=0 + +-test_image_search || ((ans++)) ++# unable to pull image from docker.io without agent, skip this test ++# registry API v1 is not implemented in https://3laho3y3.mirror.aliyuncs.com and isula search cannot be tested ++# test_image_search || ((ans++)) + + show_result ${ans} "${curr_path}/${0}" + +diff --git a/CI/test_cases/image_cases/integration_check.sh b/CI/test_cases/image_cases/integration_check.sh +index 6ec3ab52..f340348d 100755 +--- a/CI/test_cases/image_cases/integration_check.sh ++++ b/CI/test_cases/image_cases/integration_check.sh +@@ -27,7 +27,7 @@ image="busybox" + function test_image_info() + { + local ret=0 +- local uimage="docker.io/library/nats" ++ local uimage="nats" + local test="list && inspect image info test => (${FUNCNAME[@]})" + local lid + local cid +diff --git a/CI/test_cases/image_cases/registry.sh b/CI/test_cases/image_cases/registry.sh +index e33983d6..7ea9a0c5 100755 +--- a/CI/test_cases/image_cases/registry.sh ++++ b/CI/test_cases/image_cases/registry.sh +@@ -74,8 +74,9 @@ function isula_pull() + isula run --rm -ti busybox echo hello 2>&1 | grep pulling + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull missing failed" && ((ret++)) + +- isula pull docker.io/library/busybox:latest +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull docker.io/library/busybox:latest failed" && ((ret++)) ++ # Unable to pull image from docker.io without agent, skip this test ++ # isula pull docker.io/library/busybox:latest ++ # [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull docker.io/library/busybox:latest failed" && ((ret++)) + + isula pull 3laho3y3.mirror.aliyuncs.com/library/busybox + fn_check_eq "$?" "0" "isula pull 3laho3y3.mirror.aliyuncs.com/library/busybox" +-- +2.25.1 + diff --git a/iSulad.spec b/iSulad.spec index 460c059..3dfd483 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.1.5 -%global _release 9 +%global _release 10 %global is_systemd 1 %global enable_criv1 1 %global enable_cdi 1 @@ -101,6 +101,29 @@ Patch0082: 0082-fix-shim-controller-set-incorrect-sandbox-status-sta.patch Patch0083: 0083-fix-bug-for-invalid-env-write.patch Patch0084: 0084-trim-key-value-for-env.patch Patch0085: 0085-cdi-allow-env-variable-has-an-empty-value.patch +Patch0086: 0086-cdi-test-case-and-gateway.patch +Patch0087: 0087-code-improve.patch +Patch0088: 0088-testcase-close-cdi-testcase.patch +Patch0089: 0089-docs-update-cni-doc.patch +Patch0090: 0090-modify-the-user-error-log-to-be-the-same-as-before.patch +Patch0091: 0091-add-enable-cri-v1-in-k8s-integration.patch +Patch0092: 0092-isolate-oom-monitor-codes.patch +Patch0093: 0093-change-fork-process-exit-mode.patch +Patch0094: 0094-fix-error-log-for-verify_cpu_realtime.patch +Patch0095: 0095-bugfix-change-max-network-name-len.patch +Patch0096: 0096-del-useless-info.patch +Patch0097: 0097-code-improve.patch +Patch0098: 0098-cdi-add-debug-info.patch +Patch0099: 0099-bugfix-cni-network-name-UT.patch +Patch0100: 0100-bugfix-malloc-right-type-size.patch +Patch0101: 0101-use-isula_clean_path-rather-than-realpath.patch +Patch0102: 0102-fix-false-engine-rootpath-reference.patch +Patch0103: 0103-bugfix-add-note.patch +Patch0104: 0104-bugfix-adapt-network-name-max-len.patch +Patch0105: 0105-start-sandbox-before-setup-network-by-default.patch +Patch0106: 0106-Revert-use-isula_clean_path-rather-than-realpath.patch +Patch0107: 0107-bugfix-for-start-sandbox-before-setup-network-by-def.patch +Patch0108: 0108-skip-test-rely-on-docker.io.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -358,6 +381,12 @@ fi %endif %changelog +* Tue Jun 11 2024 zhongtao - 2.1.5-10 +- Type: update +- ID: NA +- SUG: NA +- DESC: code improve and bugfix + * Sat May 11 2024 liuxu - 2.1.5-9 - Type: update - ID: NA -- Gitee