-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use moby/sys for signal parsing #3213
Use moby/sys for signal parsing #3213
Conversation
2237a3a
to
2b53c12
Compare
@thaJeztah and @kzys fyi |
kill.go
Outdated
@@ -53,16 +53,16 @@ signal to the init process of the "ubuntu01" container: | |||
}, | |||
} | |||
|
|||
func parseSignal(rawSignal string) (unix.Signal, error) { | |||
func parseSignal(rawSignal string) (syscall.Signal, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can keep this as unix.Signal
. Given that the syscall
package is deprecated / frozen, and this is all Linux-only code (so we don't have to consider (e.g.) Windows; unix.Signal
is an alias for syscall.Signal
, so I don't think keeping it should be a problem; https://github.com/golang/sys/blob/751e447fb3d0a97f584890476adddc1d56307388/unix/aliases.go#L13-L14
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, done!
2b53c12
to
d708ae6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please split the commits up into at least two commits:
- Commit updating
golang.org/x/sys
. (Is this necessary for moby/sys/signal to work by the way? Also I'm confused why dependabot isn't updating those for us... Maybe because they don't have versions?) and addinggithub.com/moby/sys/signal
. - Commit switching to ParseSignal.
Exactly. |
Probably not, but since it requires v0.0.0-20210630005230-0f9fa26af87c, and we currently require v0.0.0-20210426230700-d19ff857e887, it makes sense to update (I'm not sure if the update should be to the latest version though, probably 20210630... is sufficient). Indeed, Separating this into two commits is a bit problematic though, because the above |
if !strings.HasPrefix(sig, "SIG") { | ||
sig = "SIG" + sig |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For other reviewers; I was initially thinking we had to keep this (make sure it has a SIG
prefix), or if this had to be moved to signal.ParseSignal
, but looks like that's already the case; signal.ParseSignal()
normalises by stripping the SIG
prefix (if present);
https://github.com/moby/sys/blob/1a1d2afe36340e8eac900548192ab7a43ac584c8/signal/signal.go#L46
signal, ok := SignalMap[strings.TrimPrefix(strings.ToUpper(rawSignal), "SIG")]
Signed-off-by: Kathryn Baldauf <kabaldau@microsoft.com>
d708ae6
to
a319490
Compare
@cyphar I've update the PR to pull in the golang.org/x/sys version that comes along with pulling in moby/sys/signal. Are you okay with keeping this in the same commit per @kolyshkin suggestion above? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NACK
I see two problems with this:
- We add a whole new package which does the same job as
unix.SignalNum
, the only simplification is we don't have to addSIG
prefix and callstrings.ToUpper()
. Is it worth it? moby/sys/signal
package fills in theSignalMap
during initialization time, which means once we include it, everyrunc
invocation incurs the overhead of doing so, thereasunix.SignalNum
does that initialization lazily (when first called), meaning there is no overhead unless you actually call it.
Overall, we have very little to gain and something to lose, so I'd rather not merge this.
We can update moby/sys/signal to lazy initialize if that's preferable @kolyshkin However, per @kzys's comment below:
It sounds like this PR is problematic. More input would be great to understand how to best support SIGRTMIN signals. |
That's fine, just as long as there is a separate commit for the vendor changes and the code change to make potential cherry-picking and bisecting slightly less painful in the future. 😸
Ah the wonders of Yeah this makes this issue quite bad because which signal we should send now somewhat depends on what libc the container process is using which is going to be non-trivial (bordering on impossible) to detect reliably. But on the other hand we definitely should support sending real-time signals because many programs use them (one example is systemd -- rather than using SIGPWR they use SIGRT13 as their shutdown signal -- which as an aside was a very fun thing for the LXC folks to grapple with). We currently support this by just supporting numerical signals but that doesn't help users from separate operating systems who might not know how the numerical signals work for their container... Yeah this is a bit of a doozy, I might need to think about this one for a bit... |
As runc is exclusive to Linux, the cross-platform discussion in containerd/containerd#5931 is not really relevant. In other words, what this PR adds is an ability to specify By the way, I just found one more issue with those SIGRT signal names -- different sources name them differently.
[kir@kir-rhat runc]$ kill -l
.....
31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3
38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8
43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13
48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12
53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7
58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2
63) SIGRTMAX-1 64) SIGRTMAX
[kir@kir-rhat runc]$ echo $BASH_VERSION
5.1.0(1)-release
[kir@kir-rhat runc]$ /bin/kill -l
HUP INT QUIT ILL TRAP ABRT IOT BUS FPE KILL USR1 SEGV USR2 PIPE ALRM
TERM STKFLT CHLD CLD CONT STOP TSTP TTIN TTOU URG XCPU XFSZ VTALRM PROF
WINCH IO POLL PWR SYS RT<N> RTMIN+<N> RTMAX-<N>
[kir@kir-rhat runc]$ rpm -qf /bin/kill
util-linux-2.36.2-1.fc34.x86_64
[kir@kir-rhat runc]$ busybox kill -l
...
31) SYS
32) RTMIN
64) RTMAX
[kir@kir-rhat rrbf]$ strace -ekill busybox kill -RTMIN+2 1
kill(1, SIGRT_2) = -1 EPERM (Operation not permitted)
...
[kir@kir-rhat rrbf]$ strace -ekill busybox kill -RTMAX-2 1
kill(1, SIGRT_30) = -1 EPERM (Operation not permitted)
...
[kir@kir-rhat runc]$ [kir@kir-rhat runc]$ busybox --help
BusyBox v1.33.1 (2021-05-06 18:08:02 UTC) multi-call binary.
...
|
It's worse than that actually:
Given all that 🤹🏻, we should probably not try to interpret SIGRT names at all, or we will be wrong. |
What a mess... 🤦 FYI strace is checking SIGRTMIN on asm/signal.h apparently. |
I think this can be closed then and discussion can continue on containerd/containerd#5931 for cross platform signal handling in containerd |
Yes, quite so. Can't get my head around how that's an actual "api"
Yes, we can continue the discussion there, and try to find a solution. After all, conversion needs to happen somewhere. Personally I'd still like it to be as close to where it's used (runc / OCI runtime if possible), but yes, we'd need to resolve how the conversion should be handled. |
Yeah, this is so flawed. Apparently, whoever wrote this did not accounted for having different programs compiled with different versions of libc (or maybe even without libc, like busybox). I found one more piece of info, it's signal(7) man page, sub-section "Real-time signals". Here's a relevant quote:
|
This PR addresses the issues mentioned in the discussion containerd/containerd#5931 around signal parsing. This PR updates runc to use the moby/sys signal's package. This package supports portable signal parsing.
This PR additionally changes the use of several instances where the golang
unix
package is used in favor of thesyscall
package. This allows for the potential use of additional systemd supported signals as discussed containerd/containerd#5693.