[meta-vitualization][master][dunfell][PATCH] start: handle CLONE_PIDFD on arm64

[meta-vitualization][master][dunfell][PATCH] start: handle CLONE_PIDFD on arm64

[jainsaloni0918]

From: "Saloni.Jain" <saloni.jain@kpit.com>

It doesn't work with kernels older than 5.2.

https://man7.org/linux/man-pages/man2/clone.2.html

"       CLONE_PIDFD (since Linux 5.2)"

Fix lxc container startup error:

clone3({flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID|0x200000000, pidfd=0x55904a09a0, exit_signal=SIGCHLD, stack=NULL, stack_size=0, /* bytes 80..87 */ "\x17\x00\x00\x00\x00\x00\x00\x00"}, 88) = -1 ENOSYS (Function not implemented)
clone3({flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID, pidfd=0x55904a09a0, exit_signal=SIGCHLD, stack=NULL, stack_size=0}, 64) = -1 ENOSYS (Function not implemented)
clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID|SIGCHLD, parent_tid=0x55904a09a0) = -1 EINVAL (Invalid argument)

Reported-by: Ondrej Kubik <ondrej.kubik@canonical.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Saloni Jain <jainsaloni0918@gmail.com>
---
 .../lxc_remove_CLONE_PIDFD_support.patch      | 56 +++++++++++++++++++
 recipes-containers/lxc/lxc_4.0.6.bb           |  1 +
 2 files changed, 57 insertions(+)
 create mode 100644 recipes-containers/lxc/files/lxc_remove_CLONE_PIDFD_support.patch

diff --git a/recipes-containers/lxc/files/lxc_remove_CLONE_PIDFD_support.patch b/recipes-containers/lxc/files/lxc_remove_CLONE_PIDFD_support.patch
new file mode 100644
index 0000000..9da1757
--- /dev/null
+++ b/recipes-containers/lxc/files/lxc_remove_CLONE_PIDFD_support.patch
@@ -0,0 +1,56 @@
+commit c07b6837e30b8d969060ce7d3f95a30abec637de
+Author: Christian Brauner <christian.brauner@ubuntu.com>
+Date:   Fri Mar 5 19:50:28 2021 +0100
+
+
+start: handle CLONE_PIDFD on arm64
+
+It doesn't work with kernels older than 5.2.
+ 
+https://man7.org/linux/man-pages/man2/clone.2.html
+ 
+"       CLONE_PIDFD (since Linux 5.2)"
+ 
+Fix lxc container startup error:
+ 
+clone3({flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID|0x200000000, pidfd=0x55904a09a0, exit_signal=SIGCHLD, stack=NULL, stack_size=0, /* bytes 80..87 */ "\x17\x00\x00\x00\x00\x00\x00\x00"}, 88) = -1 ENOSYS (Function not implemented)
+clone3({flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID, pidfd=0x55904a09a0, exit_signal=SIGCHLD, stack=NULL, stack_size=0}, 64) = -1 ENOSYS (Function not implemented)
+clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID|SIGCHLD, parent_tid=0x55904a09a0) = -1 EINVAL (Invalid argument)
+    
+Reported-by: Ondrej Kubik <ondrej.kubik@canonical.com>
+Cc: stable-4.0
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+Signed-off-by: Saloni Jain <jainsaloni0918@gmail.com>
+Upstream-Status: Pending
+
+diff --git a/src/lxc/start.c b/src/lxc/start.c
+index 301b81a..f2737a2 100644
+--- a/src/lxc/start.c
++++ b/src/lxc/start.c
+@@ -1714,7 +1714,26 @@ static int lxc_spawn(struct lxc_handler *handler)
+                /* Kernel might be too old for clone3(). */
+                if (handler->pid < 0) {
+                        SYSTRACE("Failed to spawn container via clone3()");
++
++               /*
++                * In contrast to all other architectures arm64 verifies that
++                * the argument we use to retrieve the pidfd with is
++                * initialized to 0. But we need to be able to initialize it to
++                * a negative value such as our customary -EBADF so we can
++                * detect whether this kernel supports pidfds. If the syscall
++                * returns and the pidfd variable is set to something >= 0 then
++                * we know this is a kernel supporting pidfds. But if we can't
++                * set it to -EBADF then this won't work since 0 is a valid
++                * file descriptor too. And since legacy clone silently ignores
++                * unknown flags we are left without any way to detect support
++                * for pidfds. So let's special-case arm64 to not fail starting
++                * containers.
++                */
++               #if defined(__aarch64__)
++                       handler->pid = lxc_raw_legacy_clone(handler->clone_flags & ~CLONE_PIDFD, NULL);
++               #else
+                        handler->pid = lxc_raw_legacy_clone(handler->clone_flags, &handler->pidfd);
++               #endif
+                }
+ 
+                if (handler->pid < 0) {
diff --git a/recipes-containers/lxc/lxc_4.0.6.bb b/recipes-containers/lxc/lxc_4.0.6.bb
index c9bf3d0..105caa0 100644
--- a/recipes-containers/lxc/lxc_4.0.6.bb
+++ b/recipes-containers/lxc/lxc_4.0.6.bb
@@ -51,6 +51,7 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}/${BPN}-${PV}.tar.gz \
 	file://lxc-net \
 	file://configure-skip-libseccomp-tests-if-it-is-disabled.patch \
 	file://commands-fix-check-for-seccomp-notify-support.patch \
+        file://lxc_remove_CLONE_PIDFD_support.patch \
 	"
 
 SRC_URI[md5sum] = "732571c7cb4ab845068afb227bf35256"
-- 
2.17.1

Re: [meta-virtualization] [meta-vitualization][master][dunfell][PATCH] start: handle CLONE_PIDFD on arm64

[Bruce Ashfield]

Unfortunately the patch itself doesn't apply to lxc in meta-virt
master or dunfell.

I did bump the version in master, since that change is already included.

But for dunfell, you'll need to do a new patch that applies to the source:

NOTE: Executing Tasks
ERROR: lxc-4.0.6-r0 do_patch: Command Error: 'quilt --quiltrc
/opt/bruce/poky-dunfell/build/tmp/work/mips32r2-poky-linux/lxc/4.0.6-r0/recipe-sysroot-native/etc/quiltrc
push' exited with 0  Output:
Applying patch lxc_remove_CLONE_PIDFD_support.patch
patching file src/lxc/start.c
Hunk #1 FAILED at 1714.
1 out of 1 hunk FAILED -- rejects in file src/lxc/start.c
Patch lxc_remove_CLONE_PIDFD_support.patch does not apply (enforce with -f)
ERROR: Logfile of failure stored in:
/opt/bruce/poky-dunfell/build/tmp/work/mips32r2-poky-linux/lxc/4.0.6-r0/temp/log.do_patch.1248727
ERROR: Task (/opt/bruce/poky-dunfell/meta-virtualization/recipes-containers/lxc/lxc_4.0.6.bb:do_patch)
failed with exit code '1'


Cheers,

Bruce



On Fri, Jul 9, 2021 at 3:45 AM Saloni Jain <jainsaloni0918@gmail.com> wrote:
>
> From: "Saloni.Jain" <saloni.jain@kpit.com>
>
> It doesn't work with kernels older than 5.2.
>
> https://man7.org/linux/man-pages/man2/clone.2.html
>
> "       CLONE_PIDFD (since Linux 5.2)"
>
> Fix lxc container startup error:
>
> clone3({flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID|0x200000000, pidfd=0x55904a09a0, exit_signal=SIGCHLD, stack=NULL, stack_size=0, /* bytes 80..87 */ "\x17\x00\x00\x00\x00\x00\x00\x00"}, 88) = -1 ENOSYS (Function not implemented)
> clone3({flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID, pidfd=0x55904a09a0, exit_signal=SIGCHLD, stack=NULL, stack_size=0}, 64) = -1 ENOSYS (Function not implemented)
> clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID|SIGCHLD, parent_tid=0x55904a09a0) = -1 EINVAL (Invalid argument)
>
> Reported-by: Ondrej Kubik <ondrej.kubik@canonical.com>
> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
> Signed-off-by: Saloni Jain <jainsaloni0918@gmail.com>
> ---
>  .../lxc_remove_CLONE_PIDFD_support.patch      | 56 +++++++++++++++++++
>  recipes-containers/lxc/lxc_4.0.6.bb           |  1 +
>  2 files changed, 57 insertions(+)
>  create mode 100644 recipes-containers/lxc/files/lxc_remove_CLONE_PIDFD_support.patch
>
> diff --git a/recipes-containers/lxc/files/lxc_remove_CLONE_PIDFD_support.patch b/recipes-containers/lxc/files/lxc_remove_CLONE_PIDFD_support.patch
> new file mode 100644
> index 0000000..9da1757
> --- /dev/null
> +++ b/recipes-containers/lxc/files/lxc_remove_CLONE_PIDFD_support.patch
> @@ -0,0 +1,56 @@
> +commit c07b6837e30b8d969060ce7d3f95a30abec637de
> +Author: Christian Brauner <christian.brauner@ubuntu.com>
> +Date:   Fri Mar 5 19:50:28 2021 +0100
> +
> +
> +start: handle CLONE_PIDFD on arm64
> +
> +It doesn't work with kernels older than 5.2.
> +
> +https://man7.org/linux/man-pages/man2/clone.2.html
> +
> +"       CLONE_PIDFD (since Linux 5.2)"
> +
> +Fix lxc container startup error:
> +
> +clone3({flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID|0x200000000, pidfd=0x55904a09a0, exit_signal=SIGCHLD, stack=NULL, stack_size=0, /* bytes 80..87 */ "\x17\x00\x00\x00\x00\x00\x00\x00"}, 88) = -1 ENOSYS (Function not implemented)
> +clone3({flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID, pidfd=0x55904a09a0, exit_signal=SIGCHLD, stack=NULL, stack_size=0}, 64) = -1 ENOSYS (Function not implemented)
> +clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID|SIGCHLD, parent_tid=0x55904a09a0) = -1 EINVAL (Invalid argument)
> +
> +Reported-by: Ondrej Kubik <ondrej.kubik@canonical.com>
> +Cc: stable-4.0
> +Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
> +Signed-off-by: Saloni Jain <jainsaloni0918@gmail.com>
> +Upstream-Status: Pending
> +
> +diff --git a/src/lxc/start.c b/src/lxc/start.c
> +index 301b81a..f2737a2 100644
> +--- a/src/lxc/start.c
> ++++ b/src/lxc/start.c
> +@@ -1714,7 +1714,26 @@ static int lxc_spawn(struct lxc_handler *handler)
> +                /* Kernel might be too old for clone3(). */
> +                if (handler->pid < 0) {
> +                        SYSTRACE("Failed to spawn container via clone3()");
> ++
> ++               /*
> ++                * In contrast to all other architectures arm64 verifies that
> ++                * the argument we use to retrieve the pidfd with is
> ++                * initialized to 0. But we need to be able to initialize it to
> ++                * a negative value such as our customary -EBADF so we can
> ++                * detect whether this kernel supports pidfds. If the syscall
> ++                * returns and the pidfd variable is set to something >= 0 then
> ++                * we know this is a kernel supporting pidfds. But if we can't
> ++                * set it to -EBADF then this won't work since 0 is a valid
> ++                * file descriptor too. And since legacy clone silently ignores
> ++                * unknown flags we are left without any way to detect support
> ++                * for pidfds. So let's special-case arm64 to not fail starting
> ++                * containers.
> ++                */
> ++               #if defined(__aarch64__)
> ++                       handler->pid = lxc_raw_legacy_clone(handler->clone_flags & ~CLONE_PIDFD, NULL);
> ++               #else
> +                        handler->pid = lxc_raw_legacy_clone(handler->clone_flags, &handler->pidfd);
> ++               #endif
> +                }
> +
> +                if (handler->pid < 0) {
> diff --git a/recipes-containers/lxc/lxc_4.0.6.bb b/recipes-containers/lxc/lxc_4.0.6.bb
> index c9bf3d0..105caa0 100644
> --- a/recipes-containers/lxc/lxc_4.0.6.bb
> +++ b/recipes-containers/lxc/lxc_4.0.6.bb
> @@ -51,6 +51,7 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}/${BPN}-${PV}.tar.gz \
>         file://lxc-net \
>         file://configure-skip-libseccomp-tests-if-it-is-disabled.patch \
>         file://commands-fix-check-for-seccomp-notify-support.patch \
> +        file://lxc_remove_CLONE_PIDFD_support.patch \
>         "
>
>  SRC_URI[md5sum] = "732571c7cb4ab845068afb227bf35256"
> --
> 2.17.1
>
>
> 
>


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II