-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cbfs driver causes 'hcsshim::PrepareLayer - failed failed in Win32: Incorrect function. (0x1)' #42807
Comments
Docker makes a certain request and expects a specific error code to be returned. If there's any other error code reported by the driver, Docker refuses to continue. So, it's not anyone's bug but something that Docker should definitely improve for better compatibility. |
I'm curious what their workaround is. Unfortunately their code looks to be proprietary (?), so not sure if it'll be easy to find out exactly what it does. I'm wondering if the software injects itself into some of these code paths, and that's causing the issue. FWIW, I think the error is coming from this code; moby/daemon/graphdriver/windows/windows.go Lines 395 to 419 in 085c6a9
The
I had a quick look, but (also see the code above), and at a glance, I don't see specific handling for "specific" errors. In this case, the error indicates that the syscall failed in the kernel, so something went wrong when mounting the layer (at which point, the only thing docker can do is "rollback" ( /cc @katiewasnothere @kevpar @TBBle are you able to help out on this? |
Perhaps someone could get a trace for this, as was suggested in #42804 (comment)
|
This should be simple to reproduce with the
Edit: Ah, I see the actual bug report here is on 2004 (19041 kernel), so it wasn't fixed by that series. Maybe worth checking on LTSC 2022, particularly since the SAC releases are aging out, and if it is an OS issue, are unlikely to see a fix, but Windows Server 2022 would be an important target for such a fix. It's also possible that the HCSv2 API (i.e. computestorage.dll) doesn't have this issue, but I don't have anything that uses that yet (and we found an API issue in hcsshim, so we can't use it there yet), so it's harder to rule this in or out. I assume the issue is that the It's also possible that it's a bug in CBFS that it is somehow interfering with the attempt to activate WCIFS on the layer. It does kind-of depend on the workaround used, and since we can't see the source of either CBFS or vmcompute.dll, that's all speculation. |
Also experienced this issue using pCloud and docker on the same machine. After uninstalling pCloud (and removing the CBFS driver which was left behind...) the issue resolves and the Dockerfile is built. |
I can confirm that it replicates just with Given ## Box is not installed
> wclayer create tm -l C:\ProgramData\Docker\windowsfilter\32ebba58e25d6508c171d737289fc376095d82d0b026132e903dd32673a88a65
> wclayer mount tm -l C:\ProgramData\Docker\windowsfilter\32ebba58e25d6508c171d737289fc376095d82d0b026132e903dd32673a88a65
\\?\Volume{74a47361-9cf4-4774-8655-a25fb69af17a}
> wclayer unmount tm ## Installed https://e3.boxcdn.net/box-installers/desktop/releases/win/Box-x64.msi here, closed the login window
> wclayer mount tm -l C:\ProgramData\Docker\windowsfilter\32ebba58e25d6508c171d737289fc376095d82d0b026132e903dd32673a88a65
hcsshim::PrepareLayer - failed failed in Win32: Incorrect function. (0x1) The loaded filesystem filters are unchanged by installing or uninstalling Box, so however CBFS works, it's not a minifilter as I had assumed, or somehow it's causing problems without being loaded.
I do see it's a kernel mode driver.
So I'm assuming it's a legacy filesytem filter driver. However, the docs for that say it should appear in the above I uninstalled Box, and installed SFTP Drive V2 Personal Edition, and confirmed that it looks the same (i.e. not in So I can confirm that the 2019 release of cbfsconnect bundled with Box shows this problem, and the 2020 release of cbfsconnect bundled with SFTP Drive V2 does not. And it's nothing to do with Docker, it's a conflict between the device driver and the Windows container filesystem support. Windows 10 1903 introduced some driver model changes, so it's not unbelievable to me that this is what introduced the incompatibility, and since the fix is apparently obvious to the CBFS driver developers in their closed-source product, I can't see any useful way forward except either:
|
Wow, thanks for the deep-dive into this, @TBBle. Looks like there's not a lot that can be done in this repository. Does someone on this thread have a subscription for Box Drive or is in contact with the CBFS Connect driver people to get the missing information? |
I don't have a direct relationship but I've reached out to Callback Technologies via some public mailboxes, and asked them to respond here. |
Thanks! Hopefully someone from them is able to respond so that we are able to find a solution to this problem. |
Hey all. Here is what I got back from Callback Technologies. Since I am not familiar with the technical details here and can't discern what's relevant/important, I am re-posting as is.
|
Interesting. My reading of that doc:
is different to the CBFS developers, my take would be that the only valid response to So the apparent behaviour in HCS or below (not Docker this is happening in a Windows-internal component as I demonstrated with
That seems to be the behaviour described in the How the Volume is Recognized IFS docs, which suggests this routine is actually happening even lower-level than HCS, as a core Windows response to "a request to open a file on a logical volume (that is, a partition or dynamic volume)". In that case, I'm not sure why the old CBFS driver didn't cause similar problems elsewhere. Maybe something HCS is doing was causing ordering differences in the filesystem driver search, or normally an earlier driver in the list (NTFS) recognises the volume and so CBFS wasn't being called in the general user case. Perhaps we'd see the same problem if I installed Box and then tried to mount an extfs2 volume for which there is no valid filesystem driver installed, getting "invalid parameter" instead of "no filesystem found". It's also possible that this volume mount is not supposed to find a driver, because HCS is going to apply the WCIFS minifilter before the volume can be mounted by the NTFS driver, but the error from CBFS is aborting that process with a response of "Actually, it's a CBFS device but it's faulty" and HCS aborts so it doesn't corrupt someone else's volume data. The "How the Volume is Recognized" docs don't mention precisely how the driver is to signal "format does not match", but So yeah, this looks like possibly a documentation ambiguity, and I'd suggest that when implementing an API, it be implemented by the strictest-possible reading where multiple readings exist, as the updated version of CBFS now does. That said, since this problem appeared in Windows 10 1903, perhaps MS changed this routine to be narrower about the error codes that mean That said, someone else observed the same error-code behaviour in 2018 on Windows 10 17134 (1803 SAC):
referencing the same |
That's the problem - someone in MS was trying to fit multiple different pieces of information into one variable. It would be more logical to have a separate parameter for an indicator of the volume recognition and reserve the result code for possible errors. But that's a different story. |
Yes, curious about that as well; from the description it seems like there's a chance it may fail / cause errors in different scenarios as well.
perhaps @katiewasnothere or @kevpar can help shine a light on this (or know who would be able to); and/or help improving the Windows documentation if it's ambiguous.
I'm not familiar with the overall Windows APIs in this respect, but it's a quite common pattern to use sentinel errors to control flows. In this case, (deducting from the above), I think the intent is;
|
From docker/for-win#3884 (comment)
|
Last email from Callback on this:
It seems there is nothing to fix in Windows/moby/Docker but rather this is now on Box to incorporate the updated driver. Thanks all for the thorough investigation, I'll close and continue my year+ effort to get Box to incorporate the fix. 😬 |
Thank you! |
Hi @nickwesselman, How is your year+ fight going on? Regards |
@Hish15 Still waiting on Box. See above though for options on other software that you can install which may get you the updated driver that you need. |
Description
Starting with Windows 10 1903, having certain 'drive' software installed with certain versions of CBFS drivers causes Docker builds to fail with Windows containers, even with the most trivial Dockerfile.
Steps to reproduce the issue:
docker build .
Describe the results you received:
Uninstalling Box Drive makes the issue go away.
Describe the results you expected:
A successful build.
Additional information you deem important (e.g. issue happens only occasionally):
The company that makes this CBFS Connect driver used by Box and others has apparently released a version with a workaround for this bug. Installing software that contains this updated driver (such as SFTP Drive v2) actually resolves the issue. However Box has not released a fix, and insists that the issue is a regression in Docker and/or Windows itself.
Output of
docker version
:Output of
docker info
:Additional environment details (AWS, VirtualBox, physical, etc.):
physical
The text was updated successfully, but these errors were encountered: