containerd:sync some patches

(cherry picked from commit f5c0eb343e044dcbeda145a0c7bfb604661f724d)
2023-09-19 15:53:19 +08:00 · 2023-09-19 15:53:19 +08:00 · c2db3a0238
commit c2db3a0238
parent 35bae5d9ef
9 changed files with 638 additions and 1 deletions
--- a/containerd.spec
+++ b/containerd.spec
@ -2,7 +2,7 @@
 %global debug_package %{nil}
 Version:        1.2.0
 Name:           containerd
-Release:        211
+Release:        212
 Summary:        An industry-standard container runtime
 License:        ASL 2.0
 URL:            https://containerd.io
@ -44,6 +44,12 @@ install -p -m 755 bin/ctr $RPM_BUILD_ROOT/%{_bindir}/ctr
 %{_bindir}/ctr

 %changelog
+* Tue Sep 19 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-212
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:sync some patches
+
 * Sat Aug 26 2023 chenjiankun<chenjiankun1@huawei.com> - 1.2.0-211
 - Type:bugfix
 - CVE:NA
--- a/patch/0099-containerd-diff-walking-fix-defer-cleanup.patch
+++ b/patch/0099-containerd-diff-walking-fix-defer-cleanup.patch
@ -0,0 +1,35 @@
+From d8fe98edc34c3db927092c09af0941ca052996b9 Mon Sep 17 00:00:00 2001
+From: Iceber Gu <wei.cai-nat@daocloud.io>
+Date: Tue, 1 Jun 2021 18:24:47 +0800
+Subject: [PATCH] diff/walking: fix defer cleanup
+
+Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
+---
+ diff/walking/differ.go | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/diff/walking/differ.go b/diff/walking/differ.go
+index 1c82860d7..988af3ccb 100644
+--- a/diff/walking/differ.go
+++ b/diff/walking/differ.go
+@@ -80,7 +80,7 @@ func (s *walkingDiff) Compare(ctx context.Context, lower, upper []mount.Mount, o
+ 
+ 	var ocidesc ocispec.Descriptor
+ 	if err := mount.WithTempMount(ctx, lower, func(lowerRoot string) error {
+-		return mount.WithTempMount(ctx, upper, func(upperRoot string) error {
+		return mount.WithTempMount(ctx, upper, func(upperRoot string) (retErr error) {
+ 			var newReference bool
+ 			if config.Reference == "" {
+ 				newReference = true
+@@ -96,7 +96,7 @@ func (s *walkingDiff) Compare(ctx context.Context, lower, upper []mount.Mount, o
+ 				return errors.Wrap(err, "failed to open writer")
+ 			}
+ 			defer func() {
+-				if err != nil {
+				if retErr != nil {
+ 					cw.Close()
+ 					if newReference {
+ 						if err := s.store.Abort(ctx, config.Reference); err != nil {
+-- 
+2.33.0
+
--- a/patch/0100-containerd-fix-invalid-validation-error-checking.patch
+++ b/patch/0100-containerd-fix-invalid-validation-error-checking.patch
@ -0,0 +1,40 @@
+From aa0d00674a9b836954c74dfa805798cfc267f1c2 Mon Sep 17 00:00:00 2001
+From: Mike Brown <brownwm@us.ibm.com>
+Date: Thu, 3 Jun 2021 15:58:11 -0500
+Subject: [PATCH] fix invalid validation error checking
+
+Signed-off-by: Mike Brown <brownwm@us.ibm.com>
+---
+ metadata/containers.go | 2 +-
+ metadata/content.go    | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/metadata/containers.go b/metadata/containers.go
+index 6e5622c36..30ef44c33 100644
+--- a/metadata/containers.go
+++ b/metadata/containers.go
+@@ -259,7 +259,7 @@ func validateContainer(container *containers.Container) error {
+ 
+ 	// image has no validation
+ 	for k, v := range container.Labels {
+-		if err := labels.Validate(k, v); err == nil {
+		if err := labels.Validate(k, v); err != nil {
+ 			return errors.Wrapf(err, "containers.Labels")
+ 		}
+ 	}
+diff --git a/metadata/content.go b/metadata/content.go
+index 8ee0f2e20..4f352ca26 100644
+--- a/metadata/content.go
+++ b/metadata/content.go
+@@ -689,7 +689,7 @@ func (cs *contentStore) checkAccess(ctx context.Context, dgst digest.Digest) err
+ 
+ func validateInfo(info *content.Info) error {
+ 	for k, v := range info.Labels {
+-		if err := labels.Validate(k, v); err == nil {
+		if err := labels.Validate(k, v); err != nil {
+ 			return errors.Wrapf(err, "info.Labels")
+ 		}
+ 	}
+-- 
+2.33.0
+
--- a/patch/0101-containerd-fix-Implicit-memory-aliasing-in-for-loop.patch
+++ b/patch/0101-containerd-fix-Implicit-memory-aliasing-in-for-loop.patch
@ -0,0 +1,38 @@
+From fc2c26175d1504b73ec63ab76d7428d53e59d180 Mon Sep 17 00:00:00 2001
+From: ningmingxiao <ning.mingxiao@zte.com.cn>
+Date: Mon, 6 Dec 2021 21:36:31 +0800
+Subject: [PATCH] fix Implicit memory aliasing in for loop
+
+Signed-off-by: ningmingxiao <ning.mingxiao@zte.com.cn>
+---
+ containerstore.go | 1 +
+ image_store.go    | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/containerstore.go b/containerstore.go
+index 2756e2a68..bdd1c6066 100644
+--- a/containerstore.go
+++ b/containerstore.go
+@@ -189,6 +189,7 @@ func containersFromProto(containerspb []containersapi.Container) []containers.Co
+ 	var containers []containers.Container
+ 
+ 	for _, container := range containerspb {
+		container := container
+ 		containers = append(containers, containerFromProto(&container))
+ 	}
+ 
+diff --git a/image_store.go b/image_store.go
+index 3676bdada..7e44c73cc 100644
+--- a/image_store.go
+++ b/image_store.go
+@@ -129,6 +129,7 @@ func imagesFromProto(imagespb []imagesapi.Image) []images.Image {
+ 	var images []images.Image
+ 
+ 	for _, image := range imagespb {
+		image := image
+ 		images = append(images, imageFromProto(&image))
+ 	}
+ 
+-- 
+2.33.0
+
--- a/patch/0102-contained-fix-cio.Cancel-should-close-the-pipes.patch
+++ b/patch/0102-contained-fix-cio.Cancel-should-close-the-pipes.patch
@ -0,0 +1,35 @@
+From 1b94345a4ce03a4ea54717df3b5a9a12a99a53cc Mon Sep 17 00:00:00 2001
+From: "Hsing-Yu (David) Chen" <davidhsingyuchen@gmail.com>
+Date: Thu, 30 Mar 2023 18:38:54 -0700
+Subject: [PATCH] fix: cio.Cancel() should close the pipes
+
+PR fixes #8326.
+
+Signed-off-by: Hsing-Yu (David) Chen <davidhsingyuchen@gmail.com>
+---
+ cio/io_unix.go | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/cio/io_unix.go b/cio/io_unix.go
+index 53b6b2dee..644e840e6 100644
+--- a/cio/io_unix.go
+++ b/cio/io_unix.go
+@@ -99,7 +99,14 @@ func copyIO(fifos *FIFOSet, ioset *Streams) (*cio, error) {
+ 		config:  fifos.Config,
+ 		wg:      wg,
+ 		closers: append(pipes.closers(), fifos),
+-		cancel:  cancel,
+		cancel: func() {
+			cancel()
+			for _, c := range pipes.closers() {
+				if c != nil {
+					c.Close()
+				}
+			}
+		},
+ 	}, nil
+ }
+ 
+-- 
+2.33.0
+
--- a/patch/0103-containerd-fix-unable-to-checkpoint-the-container-more-than-onc.patch
+++ b/patch/0103-containerd-fix-unable-to-checkpoint-the-container-more-than-onc.patch
@ -0,0 +1,26 @@
+From 7ef42e9ee0640c241bd2f06c084ef3fd3171910b Mon Sep 17 00:00:00 2001
+From: Iceber Gu <wei.cai-nat@daocloud.io>
+Date: Mon, 17 Apr 2023 14:02:18 +0800
+Subject: [PATCH] fix unable to checkpoint the container more than once
+
+Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
+---
+ services/tasks/local.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/services/tasks/local.go b/services/tasks/local.go
+index 98189713e..857182b70 100644
+--- a/services/tasks/local.go
+++ b/services/tasks/local.go
+@@ -637,7 +637,7 @@ func (l *local) writeContent(ctx context.Context, mediaType, ref string, r io.Re
+ 	if err != nil {
+ 		return nil, err
+ 	}
+-	if err := writer.Commit(ctx, 0, ""); err != nil {
+	if err := writer.Commit(ctx, 0, ""); err != nil && !errdefs.IsAlreadyExists(err) {
+ 		return nil, err
+ 	}
+ 	return &types.Descriptor{
+-- 
+2.33.0
+
--- a/patch/0104-containerd-bugfix-add-nil-pointer-check-for-cgroup-v1-mem-usage.patch
+++ b/patch/0104-containerd-bugfix-add-nil-pointer-check-for-cgroup-v1-mem-usage.patch
@ -0,0 +1,161 @@
+From 4a8b277057b1682769aebc47f589468bda6f7a18 Mon Sep 17 00:00:00 2001
+From: "Cardy.Tang" <zuniorone@gmail.com>
+Date: Fri, 19 May 2023 09:49:58 +0800
+Subject: [PATCH] bugfix: add nil pointer check for cgroup v1 mem usage
+
+Signed-off-by: Cardy.Tang <zuniorone@gmail.com>
+---
+ metrics/cgroups/memory.go | 32 ++++++++++++++++----------------
+ 1 file changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/metrics/cgroups/memory.go b/metrics/cgroups/memory.go
+index e90295fb3..e8e9f093c 100644
+--- a/metrics/cgroups/memory.go
+++ b/metrics/cgroups/memory.go
+@@ -543,7 +543,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Total,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.Usage == nil {
+ 				return nil
+ 			}
+ 			return []value{
+@@ -559,7 +559,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Bytes,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.Usage == nil {
+ 				return nil
+ 			}
+ 			return []value{
+@@ -575,7 +575,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Bytes,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.Usage == nil {
+ 				return nil
+ 			}
+ 			return []value{
+@@ -591,7 +591,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Bytes,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.Usage == nil {
+ 				return nil
+ 			}
+ 			return []value{
+@@ -607,7 +607,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Total,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.Swap == nil {
+ 				return nil
+ 			}
+ 			return []value{
+@@ -623,7 +623,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Bytes,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.Swap == nil {
+ 				return nil
+ 			}
+ 			return []value{
+@@ -639,7 +639,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Bytes,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.Swap == nil {
+ 				return nil
+ 			}
+ 			return []value{
+@@ -655,7 +655,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Bytes,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.Swap == nil {
+ 				return nil
+ 			}
+ 			return []value{
+@@ -671,7 +671,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Total,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.Kernel == nil {
+ 				return nil
+ 			}
+ 			return []value{
+@@ -687,7 +687,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Bytes,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.Kernel == nil {
+ 				return nil
+ 			}
+ 			return []value{
+@@ -703,7 +703,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Bytes,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.Kernel == nil {
+ 				return nil
+ 			}
+ 			return []value{
+@@ -719,7 +719,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Bytes,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.Kernel == nil {
+ 				return nil
+ 			}
+ 			return []value{
+@@ -735,7 +735,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Total,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.KernelTCP == nil {
+ 				return nil
+ 			}
+ 			return []value{
+@@ -751,7 +751,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Bytes,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.KernelTCP == nil {
+ 				return nil
+ 			}
+ 			return []value{
+@@ -767,7 +767,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Bytes,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.KernelTCP == nil {
+ 				return nil
+ 			}
+ 			return []value{
+@@ -783,7 +783,7 @@ var memoryMetrics = []*metric{
+ 		unit: metrics.Bytes,
+ 		vt:   prometheus.GaugeValue,
+ 		getValues: func(stats *cgroups.Metrics) []value {
+-			if stats.Memory == nil {
+			if stats.Memory == nil || stats.Memory.KernelTCP == nil {
+ 				return nil
+ 			}
+ 			return []value{
+-- 
+2.33.0
+
--- a/patch/0105-containerd-fix-allow-attaching-to-any-combination-of-stdin-stdo.patch
+++ b/patch/0105-containerd-fix-allow-attaching-to-any-combination-of-stdin-stdo.patch
@ -0,0 +1,289 @@
+From 8c74006ac5f9175e8b253fbef58711d27ef6cb89 Mon Sep 17 00:00:00 2001
+From: "Hsing-Yu (David) Chen" <davidhsingyuchen@gmail.com>
+Date: Tue, 28 Mar 2023 17:13:28 -0700
+Subject: [PATCH] fix: allow attaching to any combination of
+ stdin/stdout/stderr
+
+Before this PR, if a stdin/stdout/stderr stream is nil,
+and the corresponding FIFO is not an empty string,
+a panic will occur when Read/Write of the nil stream is invoked in io.CopyBuffer.
+
+Signed-off-by: Hsing-Yu (David) Chen <davidhsingyuchen@gmail.com>
+---
+ cio/io.go           |   9 ++
+ cio/io_unix_test.go | 242 ++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 251 insertions(+)
+
+diff --git a/cio/io.go b/cio/io.go
+index a9c6d2b15..bda04d289 100644
+--- a/cio/io.go
+++ b/cio/io.go
+@@ -164,6 +164,15 @@ func NewAttach(opts ...Opt) Attach {
+ 		if fifos == nil {
+ 			return nil, fmt.Errorf("cannot attach, missing fifos")
+ 		}
+		if streams.Stdin == nil {
+			fifos.Stdin = ""
+		}
+		if streams.Stdout == nil {
+			fifos.Stdout = ""
+		}
+		if streams.Stderr == nil {
+			fifos.Stderr = ""
+		}
+ 		return copyIO(fifos, streams)
+ 	}
+ }
+diff --git a/cio/io_unix_test.go b/cio/io_unix_test.go
+index fc2cce96d..fc186a6ec 100644
+--- a/cio/io_unix_test.go
+++ b/cio/io_unix_test.go
+@@ -55,3 +55,245 @@ func TestOpenFifos(t *testing.T) {
+ 		assert.Assert(t, err != nil, scenario)
+ 	}
+ }
+
+// TestOpenFifosWithTerminal tests openFifos should not open stderr if terminal
+// is set.
+func TestOpenFifosWithTerminal(t *testing.T) {
+	var ctx, cancel = context.WithCancel(context.Background())
+	defer cancel()
+
+	ioFifoDir := t.TempDir()
+
+	cfg := Config{
+		Stdout: filepath.Join(ioFifoDir, "test-stdout"),
+		Stderr: filepath.Join(ioFifoDir, "test-stderr"),
+	}
+
+	// Without terminal, pipes.Stderr should not be nil
+	{
+		p, err := openFifos(ctx, NewFIFOSet(cfg, nil))
+		if err != nil {
+			t.Fatalf("unexpected error during openFifos: %v", err)
+		}
+
+		if p.Stderr == nil {
+			t.Fatalf("unexpected empty stderr pipe")
+		}
+	}
+
+	// With terminal, pipes.Stderr should be nil
+	{
+		cfg.Terminal = true
+		p, err := openFifos(ctx, NewFIFOSet(cfg, nil))
+		if err != nil {
+			t.Fatalf("unexpected error during openFifos: %v", err)
+		}
+
+		if p.Stderr != nil {
+			t.Fatalf("unexpected stderr pipe")
+		}
+	}
+}
+
+func assertHasPrefix(t *testing.T, s, prefix string) {
+	t.Helper()
+	if !strings.HasPrefix(s, prefix) {
+		t.Fatalf("expected %s to start with %s", s, prefix)
+	}
+}
+
+func TestNewFIFOSetInDir(t *testing.T) {
+	root := t.TempDir()
+
+	fifos, err := NewFIFOSetInDir(root, "theid", true)
+	assert.NoError(t, err)
+
+	dir := filepath.Dir(fifos.Stdin)
+	assertHasPrefix(t, dir, root)
+	expected := &FIFOSet{
+		Config: Config{
+			Stdin:    filepath.Join(dir, "theid-stdin"),
+			Stdout:   filepath.Join(dir, "theid-stdout"),
+			Stderr:   filepath.Join(dir, "theid-stderr"),
+			Terminal: true,
+		},
+	}
+
+	assert.Equal(t, fifos.Config, expected.Config)
+
+	files, err := os.ReadDir(root)
+	assert.NoError(t, err)
+	assert.Len(t, files, 1)
+
+	assert.Nil(t, fifos.Close())
+	files, err = os.ReadDir(root)
+	assert.NoError(t, err)
+	assert.Len(t, files, 0)
+}
+
+func TestNewAttach(t *testing.T) {
+	testCases := []struct {
+		name                                          string
+		expectedStdin, expectedStdout, expectedStderr string
+	}{
+		{
+			name:           "attach to all streams (stdin, stdout, and stderr)",
+			expectedStdin:  "this is the stdin",
+			expectedStdout: "this is the stdout",
+			expectedStderr: "this is the stderr",
+		},
+		{
+			name:           "don't attach to stdin",
+			expectedStdout: "this is the stdout",
+			expectedStderr: "this is the stderr",
+		},
+		{
+			name:           "don't attach to stdout",
+			expectedStdin:  "this is the stdin",
+			expectedStderr: "this is the stderr",
+		},
+		{
+			name:           "don't attach to stderr",
+			expectedStdin:  "this is the stdin",
+			expectedStdout: "this is the stdout",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			var (
+				stdin  = bytes.NewBufferString(tc.expectedStdin)
+				stdout = new(bytes.Buffer)
+				stderr = new(bytes.Buffer)
+
+				// The variables below have to be of the interface type (i.e., io.Reader/io.Writer)
+				// instead of the concrete type (i.e., *bytes.Buffer) *before* being passed to NewAttach.
+				// Otherwise, in NewAttach, the interface value won't be nil
+				// (it's just that the concrete value inside the interface itself is nil. [1]),
+				// which means that the corresponding FIFO path won't be set to be an empty string,
+				// and that's not what we want.
+				//
+				// [1] https://go.dev/tour/methods/12
+				stdinArg             io.Reader
+				stdoutArg, stderrArg io.Writer
+			)
+			if tc.expectedStdin != "" {
+				stdinArg = stdin
+			}
+			if tc.expectedStdout != "" {
+				stdoutArg = stdout
+			}
+			if tc.expectedStderr != "" {
+				stderrArg = stderr
+			}
+
+			attacher := NewAttach(WithStreams(stdinArg, stdoutArg, stderrArg))
+
+			fifos, err := NewFIFOSetInDir("", "theid", false)
+			assert.NoError(t, err)
+
+			attachedFifos, err := attacher(fifos)
+			assert.NoError(t, err)
+			defer attachedFifos.Close()
+
+			producers := setupFIFOProducers(t, attachedFifos.Config())
+			initProducers(t, producers, tc.expectedStdout, tc.expectedStderr)
+
+			var actualStdin []byte
+			if producers.Stdin != nil {
+				actualStdin, err = io.ReadAll(producers.Stdin)
+				assert.NoError(t, err)
+			}
+
+			attachedFifos.Wait()
+			attachedFifos.Cancel()
+			assert.Nil(t, attachedFifos.Close())
+
+			assert.Equal(t, tc.expectedStdout, stdout.String())
+			assert.Equal(t, tc.expectedStderr, stderr.String())
+			assert.Equal(t, tc.expectedStdin, string(actualStdin))
+		})
+	}
+}
+
+type producers struct {
+	Stdin  io.ReadCloser
+	Stdout io.WriteCloser
+	Stderr io.WriteCloser
+}
+
+func setupFIFOProducers(t *testing.T, fifos Config) producers {
+	var (
+		err   error
+		pipes producers
+		ctx   = context.Background()
+	)
+
+	if fifos.Stdin != "" {
+		pipes.Stdin, err = fifo.OpenFifo(ctx, fifos.Stdin, syscall.O_RDONLY, 0)
+		assert.NoError(t, err)
+	}
+
+	if fifos.Stdout != "" {
+		pipes.Stdout, err = fifo.OpenFifo(ctx, fifos.Stdout, syscall.O_WRONLY, 0)
+		assert.NoError(t, err)
+	}
+
+	if fifos.Stderr != "" {
+		pipes.Stderr, err = fifo.OpenFifo(ctx, fifos.Stderr, syscall.O_WRONLY, 0)
+		assert.NoError(t, err)
+	}
+
+	return pipes
+}
+
+func initProducers(t *testing.T, producers producers, stdout, stderr string) {
+	if producers.Stdout != nil {
+		_, err := producers.Stdout.Write([]byte(stdout))
+		assert.NoError(t, err)
+		assert.Nil(t, producers.Stdout.Close())
+	}
+
+	if producers.Stderr != nil {
+		_, err := producers.Stderr.Write([]byte(stderr))
+		assert.NoError(t, err)
+		assert.Nil(t, producers.Stderr.Close())
+	}
+}
+
+func TestLogURIGenerator(t *testing.T) {
+	baseTestLogURIGenerator(t, []LogURIGeneratorTestCase{
+		{
+			scheme:   "fifo",
+			path:     "/full/path/pipe.fifo",
+			expected: "fifo:///full/path/pipe.fifo",
+		},
+		{
+			scheme: "file",
+			path:   "/full/path/file.txt",
+			args: map[string]string{
+				"maxSize": "100MB",
+			},
+			expected: "file:///full/path/file.txt?maxSize=100MB",
+		},
+		{
+			scheme: "binary",
+			path:   "/full/path/bin",
+			args: map[string]string{
+				"id": "testing",
+			},
+			expected: "binary:///full/path/bin?id=testing",
+		},
+		{
+			scheme: "unknown",
+			path:   "nowhere",
+			err:    "must be absolute",
+		},
+		{
+			scheme: "binary",
+			path:   "C:\\path\\to\\binary",
+			// NOTE: Windows paths should not be parse-able outside of Windows:
+			err: "must be absolute",
+		},
+	})
+}
+-- 
+2.33.0
+
--- a/series.conf
+++ b/series.conf
@ -100,3 +100,10 @@ patch/0095-oci-fix-additional-GIDs.patch
 patch/0096-importer-stream-oci-layout-and-manifest.json.patch
 patch/0097-containerd-fix-journald-stop-container-shim-log-stuc.patch
 patch/0098-containerd-remove-socket-file-when-get-file-fd-failed.patch
+patch/0099-containerd-diff-walking-fix-defer-cleanup.patch
+patch/0100-containerd-fix-invalid-validation-error-checking.patch
+patch/0101-containerd-fix-Implicit-memory-aliasing-in-for-loop.patch
+patch/0102-contained-fix-cio.Cancel-should-close-the-pipes.patch
+patch/0103-containerd-fix-unable-to-checkpoint-the-container-more-than-onc.patch
+patch/0104-containerd-bugfix-add-nil-pointer-check-for-cgroup-v1-mem-usage.patch
+patch/0105-containerd-fix-allow-attaching-to-any-combination-of-stdin-stdo.patch