From: "Saloni.Jain" <[email protected]> It doesn't work with kernels older than 5.2.
https://man7.org/linux/man-pages/man2/clone.2.html " CLONE_PIDFD (since Linux 5.2)" Fix lxc container startup error: clone3({flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID|0x200000000, pidfd=0x55904a09a0, exit_signal=SIGCHLD, stack=NULL, stack_size=0, /* bytes 80..87 */ "\x17\x00\x00\x00\x00\x00\x00\x00"}, 88) = -1 ENOSYS (Function not implemented) clone3({flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID, pidfd=0x55904a09a0, exit_signal=SIGCHLD, stack=NULL, stack_size=0}, 64) = -1 ENOSYS (Function not implemented) clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID|SIGCHLD, parent_tid=0x55904a09a0) = -1 EINVAL (Invalid argument) Reported-by: Ondrej Kubik <[email protected]> Signed-off-by: Christian Brauner <[email protected]> Signed-off-by: Saloni Jain <[email protected]> --- .../lxc_remove_CLONE_PIDFD_support.patch | 56 +++++++++++++++++++ recipes-containers/lxc/lxc_4.0.6.bb | 1 + 2 files changed, 57 insertions(+) create mode 100644 recipes-containers/lxc/files/lxc_remove_CLONE_PIDFD_support.patch diff --git a/recipes-containers/lxc/files/lxc_remove_CLONE_PIDFD_support.patch b/recipes-containers/lxc/files/lxc_remove_CLONE_PIDFD_support.patch new file mode 100644 index 0000000..9da1757 --- /dev/null +++ b/recipes-containers/lxc/files/lxc_remove_CLONE_PIDFD_support.patch @@ -0,0 +1,56 @@ +commit c07b6837e30b8d969060ce7d3f95a30abec637de +Author: Christian Brauner <[email protected]> +Date: Fri Mar 5 19:50:28 2021 +0100 + + +start: handle CLONE_PIDFD on arm64 + +It doesn't work with kernels older than 5.2. + +https://man7.org/linux/man-pages/man2/clone.2.html + +" CLONE_PIDFD (since Linux 5.2)" + +Fix lxc container startup error: + +clone3({flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID|0x200000000, pidfd=0x55904a09a0, exit_signal=SIGCHLD, stack=NULL, stack_size=0, /* bytes 80..87 */ "\x17\x00\x00\x00\x00\x00\x00\x00"}, 88) = -1 ENOSYS (Function not implemented) +clone3({flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID, pidfd=0x55904a09a0, exit_signal=SIGCHLD, stack=NULL, stack_size=0}, 64) = -1 ENOSYS (Function not implemented) +clone(child_stack=NULL, flags=CLONE_PIDFD|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID|SIGCHLD, parent_tid=0x55904a09a0) = -1 EINVAL (Invalid argument) + +Reported-by: Ondrej Kubik <[email protected]> +Cc: stable-4.0 +Signed-off-by: Christian Brauner <[email protected]> +Signed-off-by: Saloni Jain <[email protected]> +Upstream-Status: Pending + +diff --git a/src/lxc/start.c b/src/lxc/start.c +index 301b81a..f2737a2 100644 +--- a/src/lxc/start.c ++++ b/src/lxc/start.c +@@ -1714,7 +1714,26 @@ static int lxc_spawn(struct lxc_handler *handler) + /* Kernel might be too old for clone3(). */ + if (handler->pid < 0) { + SYSTRACE("Failed to spawn container via clone3()"); ++ ++ /* ++ * In contrast to all other architectures arm64 verifies that ++ * the argument we use to retrieve the pidfd with is ++ * initialized to 0. But we need to be able to initialize it to ++ * a negative value such as our customary -EBADF so we can ++ * detect whether this kernel supports pidfds. If the syscall ++ * returns and the pidfd variable is set to something >= 0 then ++ * we know this is a kernel supporting pidfds. But if we can't ++ * set it to -EBADF then this won't work since 0 is a valid ++ * file descriptor too. And since legacy clone silently ignores ++ * unknown flags we are left without any way to detect support ++ * for pidfds. So let's special-case arm64 to not fail starting ++ * containers. ++ */ ++ #if defined(__aarch64__) ++ handler->pid = lxc_raw_legacy_clone(handler->clone_flags & ~CLONE_PIDFD, NULL); ++ #else + handler->pid = lxc_raw_legacy_clone(handler->clone_flags, &handler->pidfd); ++ #endif + } + + if (handler->pid < 0) { diff --git a/recipes-containers/lxc/lxc_4.0.6.bb b/recipes-containers/lxc/lxc_4.0.6.bb index c9bf3d0..105caa0 100644 --- a/recipes-containers/lxc/lxc_4.0.6.bb +++ b/recipes-containers/lxc/lxc_4.0.6.bb @@ -51,6 +51,7 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}/${BPN}-${PV}.tar.gz \ file://lxc-net \ file://configure-skip-libseccomp-tests-if-it-is-disabled.patch \ file://commands-fix-check-for-seccomp-notify-support.patch \ + file://lxc_remove_CLONE_PIDFD_support.patch \ " SRC_URI[md5sum] = "732571c7cb4ab845068afb227bf35256" -- 2.17.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6635): https://lists.yoctoproject.org/g/meta-virtualization/message/6635 Mute This Topic: https://lists.yoctoproject.org/mt/84086910/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
