From 638e17af843c6c75df2f8c6f518d9d4bd27cdd5a Mon Sep 17 00:00:00 2001
From: chenjiankun <chenjiankun1@huawei.com>
Date: Fri, 17 Feb 2023 16:47:54 +0800
Subject: [PATCH] docker: set freezer.state to Thawed to increase freeze
 chances

fix #I6EOOP

docker pause/unpause with parallel docker exec can lead to freezing
state, set freezer.state to Thawed to increase freeze chances

(cherry picked from commit 6b695c68f87ef189c79797e95698ced4bf669f9d)
---
 VERSION-vendor                                |  2 +-
 docker-engine-openeuler.spec                  |  8 ++-
 ...er.state-to-Thawed-to-increase-freez.patch | 54 +++++++++++++++++++
 series.conf                                   |  1 +
 4 files changed, 63 insertions(+), 2 deletions(-)
 create mode 100644 patch/0235-docker-set-freezer.state-to-Thawed-to-increase-freez.patch

diff --git a/VERSION-vendor b/VERSION-vendor
index 639839b..ab14482 100644
--- a/VERSION-vendor
+++ b/VERSION-vendor
@@ -1 +1 @@
-18.09.0.248
+18.09.0.249
diff --git a/docker-engine-openeuler.spec b/docker-engine-openeuler.spec
index e0dece7..5bb7d85 100644
--- a/docker-engine-openeuler.spec
+++ b/docker-engine-openeuler.spec
@@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 248
+Release: 249
 Epoch: 1
 Summary: The open-source application container engine
 Group: Tools/Docker
@@ -199,6 +199,12 @@ fi
 %endif
 
 %changelog
+* Fri Feb 17 2023 chenjiankun<chenjiankun1@huawei.com>- 18.09.0-249
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:set freezer.state to Thawed to increase freeze chances
+
 * Thu Dec 01 2022 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-248
 - Type:bugfix
 - CVE:NA
diff --git a/patch/0235-docker-set-freezer.state-to-Thawed-to-increase-freez.patch b/patch/0235-docker-set-freezer.state-to-Thawed-to-increase-freez.patch
new file mode 100644
index 0000000..738361a
--- /dev/null
+++ b/patch/0235-docker-set-freezer.state-to-Thawed-to-increase-freez.patch
@@ -0,0 +1,54 @@
+From a1e170db821863c8a8062f599fab64d6c1d95210 Mon Sep 17 00:00:00 2001
+From: chenjiankun <chenjiankun1@huawei.com>
+Date: Fri, 13 Jan 2023 17:13:22 +0800
+Subject: [PATCH] docker: set freezer.state to Thawed to increase freeze
+ chances
+
+docker pause/unpause with parallel docker exec can lead to freezing
+state, set freezer.state to Thawed to increase freeze chances
+---
+ components/engine/daemon/freezer/freezer.go | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/components/engine/daemon/freezer/freezer.go b/components/engine/daemon/freezer/freezer.go
+index 6df176f2f..fde134887 100644
+--- a/components/engine/daemon/freezer/freezer.go
++++ b/components/engine/daemon/freezer/freezer.go
+@@ -186,6 +186,7 @@ func (f *freezer) updateCgroup(state string) error {
+ 	timeout := time.After(30 * time.Second)
+ 	ticker := time.NewTicker(1 * time.Millisecond)
+ 	defer ticker.Stop()
++	count := 0
+ 	for {
+ 		select {
+ 		case <-timeout:
+@@ -194,6 +195,26 @@ func (f *freezer) updateCgroup(state string) error {
+ 			}
+ 			return fmt.Errorf("update freezer cgroup timeout for 30s")
+ 		case <-ticker.C:
++			// As per older kernel docs (freezer-subsystem.txt before
++			// kernel commit ef9fe980c6fcc1821), if FREEZING is seen,
++			// userspace should either retry or thaw. While current
++			// kernel cgroup v1 docs no longer mention a need to retry,
++			// the kernel (tested on v5.4, Ubuntu 20.04) can't reliably
++			// freeze a cgroup while new processes keep appearing in it
++			// (either via fork/clone or by writing new PIDs to
++			// cgroup.procs).
++			//
++			// The numbers below are chosen to have a decent chance to
++			// succeed even in the worst case scenario (docker pause/unpause
++			// with parallel docker exec).
++			//
++			// Adding any amount of sleep in between retries did not
++			// increase the chances of successful freeze.
++			if count++; count % 50 == 0 && state == string(configs.Frozen) {
++				writeFile(f.path, "freezer.state", string(configs.Thawed))
++				time.Sleep(10 * time.Millisecond)
++			}
++
+ 			// In case this loop does not exit because it doesn't get the expected
+ 			// state, let's write again this state, hoping it's going to be properly
+ 			// set this time. Otherwise, this loop could run infinitely, waiting for
+-- 
+2.23.0
+
diff --git a/series.conf b/series.conf
index daee192..6631702 100644
--- a/series.conf
+++ b/series.conf
@@ -228,4 +228,5 @@ patch/0231-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch
 patch/0232-docker-cleanup-netns-file-when-close-docker-daemon.patch
 patch/0233-docker-Read-connection-marking-information-from-CT-f.patch
 patch/0234-docker-do-not-stop-health-check-before-sending-signa.patch
+patch/0235-docker-set-freezer.state-to-Thawed-to-increase-freez.patch
 #end