docker: sync bugfix and bump version

Change-Id: I8fbbbe26d0279c9921416733ce36da9d57587240
Signed-off-by: xiadanni <xiadanni1@huawei.com>

VERSION-openeuler

@@ -1 +1 @@
-18.09.0.105
+18.09.0.200

docker-engine-openeuler.spec

@@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 105
+Release: 200
 Summary: The open-source application container engine
 Group: Tools/Docker
 
@@ -200,6 +200,14 @@ fi
 %endif
 
 %changelog
+* Wed Feb 9 2021 xiadanni<xiadanni1@huawei.com> - 18.09.0-200
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:sync bugfix and bump version to 200, bugfix include
+       1. fix execCommands leak in health-check.
+       2. check containerd pid before kill it.
+
 * Mon Jan 18 2021 jingrui<jingrui@huawei.com> - 18.09.0-105
 - Type:bugfix
 - ID:NA

patch/0186-docker-fix-execCommands-leak-in-health-check.patch

@@ -0,0 +1,67 @@
+From 83ef8cfec0df0388bb92788d9c3ec2a306ab7f20 Mon Sep 17 00:00:00 2001
+From: jingrui <jingrui@huawei.com>
+Date: Wed, 20 Jan 2021 17:07:12 +0800
+Subject: [PATCH] docker: fix execCommands leak in health-check
+
+Change-Id: I6bd02bc4a8e08b8de58bc454be8944c73175b3ae
+Signed-off-by: jingrui <jingrui@huawei.com>
+---
+ components/engine/daemon/daemon.go    | 5 +----
+ components/engine/daemon/exec/exec.go | 7 +++++++
+ components/engine/daemon/health.go    | 2 +-
+ 3 files changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
+index ed268d2c4f..57ad832eb2 100644
+--- a/components/engine/daemon/daemon.go
++++ b/components/engine/daemon/daemon.go
+@@ -404,10 +404,6 @@ func (daemon *Daemon) restore() error {
+ 			if c.IsRunning() || c.IsPaused() {
+ 				c.RestartManager().Cancel() // manually start containers because some need to wait for swarm networking
+ 
+-				c.Lock()
+-				daemon.initHealthMonitor(c)
+-				c.Unlock()
+-
+ 				if c.IsPaused() && alive {
+ 					s, err := daemon.containerd.Status(context.Background(), c.ID)
+ 					if err != nil {
+@@ -450,6 +446,7 @@ func (daemon *Daemon) restore() error {
+ 
+ 				if getProbe(c) != nil {
+ 					c.Lock()
++					daemon.initHealthMonitor(c)
+ 					if err := c.CheckpointTo(daemon.containersReplica); err != nil {
+ 						logrus.WithError(err).WithField("container", c.ID).
+ 							Error("Failed to checkpoint container state")
+diff --git a/components/engine/daemon/exec/exec.go b/components/engine/daemon/exec/exec.go
+index 08fc87c4b0..47644fc158 100644
+--- a/components/engine/daemon/exec/exec.go
++++ b/components/engine/daemon/exec/exec.go
+@@ -145,3 +145,10 @@ func (e *Store) List() []string {
+ 	e.RUnlock()
+ 	return IDs
+ }
++
++func (e *Store) Size() int {
++	e.RLock()
++	num := len(e.byID)
++	e.RUnlock()
++	return num
++}
+diff --git a/components/engine/daemon/health.go b/components/engine/daemon/health.go
+index 5f26ee5db8..c181850309 100644
+--- a/components/engine/daemon/health.go
++++ b/components/engine/daemon/health.go
+@@ -202,7 +202,7 @@ func monitor(d *Daemon, c *container.Container, stop chan struct{}, probe probe)
+ 				result, err := probe.run(ctx, d, c)
+ 				if err != nil {
+ 					healthChecksFailedCounter.Inc()
+-					logrus.Warnf("Health check for container %s error: %v", c.ID, err)
++					logrus.Warnf("exec-cmds=%d Health check for container %s error: %v", c.ExecCommands.Size(), c.ID, err)
+ 					results <- &types.HealthcheckResult{
+ 						ExitCode: -1,
+ 						Output:   err.Error(),
+-- 
+2.17.1
+

patch/0188-docker-check-containerd-pid-before-kill-it.patch

@@ -0,0 +1,121 @@
+From eda3fe6001fcf911e4630818514df6ad6531417d Mon Sep 17 00:00:00 2001
+From: xiadanni <xiadanni1@huawei.com>
+Date: Thu, 28 Jan 2021 16:02:47 +0800
+Subject: [PATCH] docker: check containerd pid before kill it
+
+Signed-off-by: xiadanni <xiadanni1@huawei.com>
+---
+ .../libcontainerd/supervisor/remote_daemon.go       |  6 ++++++
+ .../libcontainerd/supervisor/remote_daemon_linux.go | 15 +++++++++++----
+ components/engine/utils/utils.go                    | 21 +++++++++++++++++++++
+ 3 files changed, 38 insertions(+), 4 deletions(-)
+
+diff --git a/components/engine/libcontainerd/supervisor/remote_daemon.go b/components/engine/libcontainerd/supervisor/remote_daemon.go
+index 19582cd..5cb6de0 100644
+--- a/components/engine/libcontainerd/supervisor/remote_daemon.go
++++ b/components/engine/libcontainerd/supervisor/remote_daemon.go
+@@ -18,6 +18,7 @@ import (
+ 	"github.com/containerd/containerd"
+ 	"github.com/containerd/containerd/services/server"
+ 	"github.com/docker/docker/pkg/system"
++	"github.com/docker/docker/utils"
+ 	"github.com/pkg/errors"
+ 	"github.com/sirupsen/logrus"
+ 	"golang.org/x/sys/unix"
+@@ -139,6 +140,11 @@ func (r *remote) getContainerdPid() (int, error) {
+ 		if err != nil {
+ 			return -1, err
+ 		}
++
++		if !utils.IsContainerdPid(int(pid)) {
++			return -1, nil
++		}
++
+ 		if system.IsProcessAlive(int(pid)) {
+ 			return int(pid), nil
+ 		}
+diff --git a/components/engine/libcontainerd/supervisor/remote_daemon_linux.go b/components/engine/libcontainerd/supervisor/remote_daemon_linux.go
+index 799399c..3ccd38b 100644
+--- a/components/engine/libcontainerd/supervisor/remote_daemon_linux.go
++++ b/components/engine/libcontainerd/supervisor/remote_daemon_linux.go
+@@ -8,6 +8,7 @@ import (
+ 
+ 	"github.com/containerd/containerd/defaults"
+ 	"github.com/docker/docker/pkg/system"
++	"github.com/docker/docker/utils"
+ )
+ 
+ const (
+@@ -42,7 +43,7 @@ func (r *remote) setDefaults() {
+ 
+ func (r *remote) stopDaemon() {
+ 	// Ask the daemon to quit
+-	syscall.Kill(r.daemonPid, syscall.SIGTERM)
++	DoKillContainerd(r.daemonPid, syscall.SIGTERM)
+ 	// Wait up to 15secs for it to stop
+ 	for i := time.Duration(0); i < shutdownTimeout; i += time.Second {
+ 		if !system.IsProcessAlive(r.daemonPid) {
+@@ -53,15 +54,21 @@ func (r *remote) stopDaemon() {
+ 
+ 	if system.IsProcessAlive(r.daemonPid) {
+ 		r.logger.WithField("pid", r.daemonPid).Warn("daemon didn't stop within 15 secs, killing it")
+-		syscall.Kill(r.daemonPid, syscall.SIGKILL)
++		DoKillContainerd(r.daemonPid, syscall.SIGKILL)
++	}
++}
++
++func DoKillContainerd(pid int, sig syscall.Signal) {
++	if utils.IsContainerdPid(pid) {
++		syscall.Kill(pid, sig)
+ 	}
+ }
+ 
+ func (r *remote) killDaemon() {
+ 	// Try to get a stack trace
+-	syscall.Kill(r.daemonPid, syscall.SIGUSR1)
++	DoKillContainerd(r.daemonPid, syscall.SIGUSR1)
+ 	<-time.After(100 * time.Millisecond)
+-	system.KillProcess(r.daemonPid)
++	DoKillContainerd(r.daemonPid, syscall.SIGKILL)
+ }
+ 
+ func (r *remote) platformCleanup() {
+diff --git a/components/engine/utils/utils.go b/components/engine/utils/utils.go
+index 53893fc..c394456 100644
+--- a/components/engine/utils/utils.go
++++ b/components/engine/utils/utils.go
+@@ -19,6 +19,12 @@ int mysemctl(int cmd, struct seminfo *p){
+ import "C"
+ import (
+ 	"fmt"
++	"io/ioutil"
++	"path/filepath"
++	"strconv"
++	"strings"
++
++	"github.com/sirupsen/logrus"
+ )
+ 
+ func CheckSemSetStat() (int, int, error) {
+@@ -30,3 +36,18 @@ func CheckSemSetStat() (int, int, error) {
+ 	}
+ 	return int(seminfo.semusz), int(seminfo.semmni), err
+ }
++
++func IsContainerdPid(pid int) bool {
++	if pid <= 1 {
++		logrus.Warnf("pid %d is not containerd", pid)
++		return false
++	}
++
++	cmdlineBytes, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "cmdline"))
++	if err == nil && !strings.Contains(string(cmdlineBytes), "containerd") {
++		logrus.Warnf("pid %d is not containerd, cmdline: %s", pid, string(cmdlineBytes))
++		return false
++	}
++
++	return true
++}
+-- 
+1.8.3.1
+

series.conf

@@ -180,4 +180,6 @@ patch/0181-docker-do-not-return-when-matched-registry-mirror.patch
 patch/0183-add-masked-paths-pagealloc_module-and-slaballoc_stat.patch
 patch/0184-docker-wait-io-with-timeout-when-process-Start-faile.patch
 patch/0185-docker-delete-image-reference-when-failed-to-get-ima.patch
+patch/0186-docker-fix-execCommands-leak-in-health-check.patch
+patch/0188-docker-check-containerd-pid-before-kill-it.patch
 #end