!13 sync patches from internal

From: @zvier
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui

VERSION-openeuler

@@ -1 +1 @@
-18.09.0.100
+18.09.0.102

docker-engine-openeuler.spec

@@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 101
+Release: 102
 Summary: The open-source application container engine
 Group: Tools/Docker
 
@@ -200,3 +200,23 @@ fi
 %endif
 
 %changelog
+* Sat Dec 28 2020 liuzekun<liuzekun@huawei.com> - 18.09.0-102
+- Type:bugfix
+- ID:NA
+- CVE:NA
+- SUG:restart
+- DESC:
+1.delete stale containerd object on start failure
+2.remove redundant word item
+3.delete event is not need to process
+4.stat process exit file when kill process dire
+5.sync cli vendor
+6.fix CVE-2020-13401
+7.do not add w to LDFLAGS
+8.add files in proc for mask
+9.fix docker load files leak
+10.do not sync if BYPAAS_SYNC is false
+11.fix panic on single character volumes
+12.fix stats memory usage display error
+13.add more messages for ops when device not found
+14.mask proc pin_memory

patch/0161-docker-Delete-stale-containerd-object-on-start-failure.patch

@@ -0,0 +1,54 @@
+From 5ba30cd1dc6000ee53b34f628cbff91d7f6d7231 Mon Sep 17 00:00:00 2001
+From: Brian Goff <cpuguy83@gmail.com>
+Date: Wed, 12 Dec 2018 12:04:09 -0800
+Subject: [PATCH] Delete stale containerd object on start failure
+
+containerd has two objects with regard to containers.
+There is a "container" object which is metadata and a "task" which is
+manging the actual runtime state.
+
+When docker starts a container, it creartes both the container metadata
+and the task at the same time. So when a container exits, docker deletes
+both of these objects as well.
+
+This ensures that if, on start, when we go to create the container metadata object
+in containerd, if there is an error due to a name conflict that we go
+ahead and clean that up and try again.
+
+Signed-off-by: Brian Goff <cpuguy83@gmail.com>
+---
+ components/engine/daemon/start.go | 17 +++++++++++++++--
+ 1 file changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go
+index 393e00b..57a7267 100644
+--- a/components/engine/daemon/start.go
++++ b/components/engine/daemon/start.go
+@@ -177,9 +177,22 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
+ 		return err
+ 	}
+ 
+-	err = daemon.containerd.Create(context.Background(), container.ID, spec, createOptions)
++	ctx := context.TODO()
++
++	err = daemon.containerd.Create(ctx, container.ID, spec, createOptions)
+ 	if err != nil {
+-		return translateContainerdStartErr(container.Path, container.SetExitCode, err)
++		if errdefs.IsConflict(err) {
++			logrus.WithError(err).WithField("container", container.ID).Error("Container not cleaned up from containerd from previous run")
++			// best effort to clean up old container object
++			daemon.containerd.DeleteTask(ctx, container.ID)
++			if err := daemon.containerd.Delete(ctx, container.ID); err != nil && !errdefs.IsNotFound(err) {
++				logrus.WithError(err).WithField("container", container.ID).Error("Error cleaning up stale containerd container object")
++			}
++			err = daemon.containerd.Create(ctx, container.ID, spec, createOptions)
++		}
++		if err != nil {
++			return translateContainerdStartErr(container.Path, container.SetExitCode, err)
++		}
+ 	}
+ 
+ 	// TODO(mlaventure): we need to specify checkpoint options here
+-- 
+1.8.3.1
+

patch/0162-docker-remove-redundant-word-item.patch

@@ -0,0 +1,25 @@
+From 92266f008637a02ebffa2aa2704a09701b07a405 Mon Sep 17 00:00:00 2001
+From: liuzekun <liuzekun@huawei.com>
+Date: Mon, 27 Apr 2020 09:43:21 +0800
+Subject: [PATCH] docker: remove redundant word item
+
+Signed-off-by: liuzekun <liuzekun@huawei.com>
+---
+ components/cli/vendor/github.com/asaskevich/govalidator/types.go | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/components/cli/vendor/github.com/asaskevich/govalidator/types.go b/components/cli/vendor/github.com/asaskevich/govalidator/types.go
+index 4f7e9274..78be68c6 100644
+--- a/components/cli/vendor/github.com/asaskevich/govalidator/types.go
++++ b/components/cli/vendor/github.com/asaskevich/govalidator/types.go
+@@ -370,7 +370,6 @@ var ISO3166List = []ISO3166Entry{
+ 	{"Spain", "Espagne (l')", "ES", "ESP", "724"},
+ 	{"South Sudan", "Soudan du Sud (le)", "SS", "SSD", "728"},
+ 	{"Sudan (the)", "Soudan (le)", "SD", "SDN", "729"},
+-	{"Western Sahara*", "Sahara occidental (le)*", "EH", "ESH", "732"},
+ 	{"Suriname", "Suriname (le)", "SR", "SUR", "740"},
+ 	{"Svalbard and Jan Mayen", "Svalbard et l'Île Jan Mayen (le)", "SJ", "SJM", "744"},
+ 	{"Swaziland", "Swaziland (le)", "SZ", "SWZ", "748"},
+-- 
+2.19.1
+

patch/0163-docker-delete-event-is-not-need-to-process.patch

@@ -0,0 +1,27 @@
+From 0fe29ca9d45ddcb36f009a8da5f858f49a8e2844 Mon Sep 17 00:00:00 2001
+From: liuzekun <liuzekun@huawei.com>
+Date: Wed, 8 Apr 2020 17:32:03 +0800
+Subject: [PATCH] docker: delete event is not need to access processEvent
+
+reason: delete event is not need to access processEvent, continue it
+
+Signed-off-by: liuzekun <liuzekun@huawei.com>
+---
+ components/engine/libcontainerd/client_daemon.go | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/components/engine/libcontainerd/client_daemon.go b/components/engine/libcontainerd/client_daemon.go
+index 858d6429..05c439c5 100755
+--- a/components/engine/libcontainerd/client_daemon.go
++++ b/components/engine/libcontainerd/client_daemon.go
+@@ -895,6 +895,7 @@ func (c *client) processEventStream(ctx context.Context, ns string) {
+ 					"ExitStatus": t.ExitStatus,
+ 					"ExitedAt": t.ExitedAt,
+ 				}).Infof("event")
++				continue
+ 			default:
+ 				c.logger.WithFields(logrus.Fields{
+ 					"topic": ev.Topic,
+-- 
+2.19.1
+

patch/0164-docker-stat-process-exit-file-when-kill-process-dire.patch

@@ -0,0 +1,36 @@
+From 3f285224ade14c9d64dfc81cf9b5d969343a641e Mon Sep 17 00:00:00 2001
+From: liuzekun <liuzekun@huawei.com>
+Date: Wed, 8 Apr 2020 19:49:38 +0800
+Subject: [PATCH] docker: stat process exit file when kill process directly
+
+reason: stat process exit file when kill process directly
+
+Signed-off-by: liuzekun <liuzekun@huawei.com>
+---
+ components/engine/daemon/container_operations_unix.go | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go
+index 2cc2b2e3..df2f3261 100644
+--- a/components/engine/daemon/container_operations_unix.go
++++ b/components/engine/daemon/container_operations_unix.go
+@@ -346,6 +346,16 @@ func killProcessDirectly(cntr *container.Container) error {
+ 		// Ensure that we don't kill ourselves
+ 		if pid := cntr.GetPID(); pid != 0 {
+ 			logrus.Infof("Container %s failed to exit within 10 seconds of kill - trying direct SIGKILL", stringid.TruncateID(cntr.ID))
++			pattern := fmt.Sprintf("/var/run/docker/containerd/exit/moby/%s.%d.*", cntr.ID, pid)
++			efiles, err := filepath.Glob(pattern)
++			if err != nil {
++				logrus.Warnf("Match exit file with pattern %q failed: %s", pattern, err.Error())
++			}
++			if len(efiles) != 0 {
++				logrus.Infof("Find process exit files with pattern %q: %+v, skip force kill because the process is exit already", pattern, efiles)
++				return errNoSuchProcess{pid, 9}
++			}
++
+ 			if err := unix.Kill(pid, 9); err != nil {
+ 				if err != unix.ESRCH {
+ 					return err
+-- 
+2.19.1
+

patch/0165-docker-sync-cli-vendor.patch

@@ -0,0 +1,38 @@
+From c4ead7f7e914244e43eab849cf68c34c3460b41c Mon Sep 17 00:00:00 2001
+From: jingrui <jingrui@huawei.com>
+Date: Thu, 14 May 2020 22:57:37 +0800
+Subject: [PATCH] docker: sync cli vendor
+
+Change-Id: I9dbfd3e2c918d47806abdcdc27bf709c0e297780
+Signed-off-by: jingrui <jingrui@huawei.com>
+---
+ .../docker/docker/builder/remotecontext/git/gitutils.go     | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/components/cli/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go b/components/cli/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go
+index 77a45beff3..a9079153e0 100644
+--- a/components/cli/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go
++++ b/components/cli/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go
+@@ -102,6 +102,10 @@ func parseRemoteURL(remoteURL string) (gitRepo, error) {
+ 		u.Fragment = ""
+ 		repo.remote = u.String()
+ 	}
++
++	if strings.HasPrefix(repo.ref, "-") {
++		return gitRepo{}, errors.Errorf("invalid refspec: %s", repo.ref)
++	}
+ 	return repo, nil
+ }
+ 
+@@ -124,7 +128,7 @@ func fetchArgs(remoteURL string, ref string) []string {
+ 		args = append(args, "--depth", "1")
+ 	}
+ 
+-	return append(args, "origin", ref)
++	return append(args, "origin", "--", ref)
+ }
+ 
+ // Check if a given git URL supports a shallow git clone,
+-- 
+2.17.1
+

patch/0167-docker-fix-CVE-2020-13401.patch

@@ -0,0 +1,69 @@
+From 727ce265564d1dc3031221a84f95abad20a20f11 Mon Sep 17 00:00:00 2001
+From: jingrui <jingrui@huawei.com>
+Date: Thu, 11 Jun 2020 21:55:49 +0800
+Subject: [PATCH] docker: fix CVE-2020-13401
+
+Change-Id: I267bde21d88927a0beb7599651b856a2dd1371d3
+Signed-off-by: jingrui <jingrui@huawei.com>
+---
+ .../libnetwork/drivers/bridge/bridge.go       |  6 ++++++
+ .../libnetwork/drivers/bridge/setup_device.go | 19 +++++++++++++++++++
+ 2 files changed, 25 insertions(+)
+
+diff --git a/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go b/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go
+index 535da3c1ad..3288ff8652 100644
+--- a/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go
++++ b/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go
+@@ -679,6 +679,12 @@ func (d *driver) createNetwork(config *networkConfiguration) (err error) {
+ 	bridgeAlreadyExists := bridgeIface.exists()
+ 	if !bridgeAlreadyExists {
+ 		bridgeSetup.queueStep(setupDevice)
++		bridgeSetup.queueStep(setupDefaultSysctl)
++	}
++
++	// For the default bridge, set expected sysctls
++	if config.DefaultBridge {
++		bridgeSetup.queueStep(setupDefaultSysctl)
+ 	}
+ 
+ 	// Even if a bridge exists try to setup IPv4.
+diff --git a/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go b/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go
+index a9dfd06771..9822236dfd 100644
+--- a/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go
++++ b/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go
+@@ -2,6 +2,9 @@ package bridge
+ 
+ import (
+ 	"fmt"
++	"io/ioutil"
++	"os"
++	"path/filepath"
+ 
+ 	"github.com/docker/docker/pkg/parsers/kernel"
+ 	"github.com/docker/libnetwork/netutils"
+@@ -50,6 +53,22 @@ func setupDevice(config *networkConfiguration, i *bridgeInterface) error {
+ 	return err
+ }
+ 
++func setupDefaultSysctl(config *networkConfiguration, i *bridgeInterface) error {
++	// Disable IPv6 router advertisements originating on the bridge
++	sysPath := filepath.Join("/proc/sys/net/ipv6/conf/", config.BridgeName, "accept_ra")
++	if _, err := os.Stat(sysPath); err != nil {
++		logrus.
++			WithField("bridge", config.BridgeName).
++			WithField("syspath", sysPath).
++			Info("failed to read ipv6 net.ipv6.conf.<bridge>.accept_ra")
++		return nil
++	}
++	if err := ioutil.WriteFile(sysPath, []byte{'0', '\n'}, 0644); err != nil {
++		return fmt.Errorf("libnetwork: Unable to disable IPv6 router advertisement: %v", err)
++	}
++	return nil
++}
++
+ // SetupDeviceUp ups the given bridge interface.
+ func setupDeviceUp(config *networkConfiguration, i *bridgeInterface) error {
+ 	err := i.nlh.LinkSetUp(i.Link)
+-- 
+2.17.1
+

patch/0168-docker-do-not-add-w-to-LDFLAGS.patch

@@ -0,0 +1,79 @@
+From b23e7a179e68f194516b542bea375c44122e1037 Mon Sep 17 00:00:00 2001
+From: xiadanni1 <xiadanni1@huawei.com>
+Date: Tue, 11 Aug 2020 08:00:12 +0800
+Subject: [PATCH] docker: do not add "-w" to LDFLAG
+
+reason: for gdb debug, do not add "-w" to LDFLAGS
+
+Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
+---
+ components/cli/scripts/build/.variables | 1 -
+ components/cli/scripts/build/dynbinary  | 5 ++++-
+ components/engine/hack/make.sh          | 5 -----
+ components/engine/hack/make/.binary     | 5 ++++-
+ 4 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/components/cli/scripts/build/.variables b/components/cli/scripts/build/.variables
+index a23e379..7b78e62 100755
+--- a/components/cli/scripts/build/.variables
++++ b/components/cli/scripts/build/.variables
+@@ -13,7 +13,6 @@ if test -n "${PLATFORM}"; then
+ fi
+ 
+ export LDFLAGS="\
+-    -w \
+     ${PLATFORM_LDFLAGS} \
+     -X \"github.com/docker/cli/cli.GitCommit=${GITCOMMIT}\" \
+     -X \"github.com/docker/cli/cli.BuildTime=${BUILDTIME}\" \
+diff --git a/components/cli/scripts/build/dynbinary b/components/cli/scripts/build/dynbinary
+index 2442166..40941bb 100755
+--- a/components/cli/scripts/build/dynbinary
++++ b/components/cli/scripts/build/dynbinary
+@@ -13,7 +13,10 @@ export CGO_ENABLED=1
+ BEP_DIR=/tmp/docker-build-bep
+ BEP_FLAGS="-tmpdir=$BEP_DIR"
+ mkdir -p $BEP_DIR
++GC_FLAGS="-gcflags=-trimpath=$GOPATH"
++ASM_FLAGS="-asmflags=-trimpath=$GOPATH"
+ 
+-go build -o "${TARGET}" -tags pkcs11 --ldflags " -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $BEP_FLAGS ${LDFLAGS}" -buildmode=pie "${SOURCE}"
++set -x
++go build $GC_FLAGS $ASM_FLAGS -o "${TARGET}" -tags pkcs11 --ldflags " -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $BEP_FLAGS ${LDFLAGS}" -buildmode=pie "${SOURCE}"
+ 
+ ln -sf "$(basename "${TARGET}")" build/docker
+diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh
+index f4a51e7..d24a7b7 100755
+--- a/components/engine/hack/make.sh
++++ b/components/engine/hack/make.sh
+@@ -137,12 +137,7 @@ if \
+ fi
+ 
+ # Use these flags when compiling the tests and final binary
+-
+ IAMSTATIC='true'
+-if [ -z "$DOCKER_DEBUG" ]; then
+-	LDFLAGS='-w'
+-fi
+-
+ LDFLAGS_STATIC=''
+ EXTLDFLAGS_STATIC='-static'
+ # ORIG_BUILDFLAGS is necessary for the cross target which cannot always build
+diff --git a/components/engine/hack/make/.binary b/components/engine/hack/make/.binary
+index f76b6f7..35bb836 100755
+--- a/components/engine/hack/make/.binary
++++ b/components/engine/hack/make/.binary
+@@ -63,7 +63,10 @@ echo "Building: $DEST/$BINARY_FULLNAME"
+ BEP_DIR=/tmp/dockerd-build-bep
+ BEP_FLAGS="-tmpdir=$BEP_DIR"
+ mkdir -p $BEP_DIR
+-go build \
++GC_FLAGS="-gcflags=-trimpath=$GOPATH"
++ASM_FLAGS="-asmflags=-trimpath=$GOPATH"
++set -x
++go build $GC_FLAGS $ASM_FLAGS \
+ 	-o "$DEST/$BINARY_FULLNAME" \
+ 	"${BUILDFLAGS[@]}" \
+ 	-ldflags "
+-- 
+1.8.3.1
+

patch/0169-docker-add-files-in-proc-for-mask.patch

@@ -0,0 +1,42 @@
+From c9db33aaad779afff04db8beb5b6d7e7e512a66d Mon Sep 17 00:00:00 2001
+From: liuzekun <liuzekun@huawei.com>
+Date: Mon, 24 Aug 2020 09:42:21 -0400
+Subject: [PATCH] docker: add files in proc for mask
+
+Signed-off-by: liuzekun <liuzekun@huawei.com>
+---
+ components/engine/oci/defaults.go | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/components/engine/oci/defaults.go b/components/engine/oci/defaults.go
+index cd4985f5..ec748a6d 100644
+--- a/components/engine/oci/defaults.go
++++ b/components/engine/oci/defaults.go
+@@ -65,7 +65,7 @@ func DefaultLinuxSpec() specs.Spec {
+ 				Effective:   defaultCapabilities(),
+ 			},
+ 		},
+-		Root: &specs.Root{},
++		Root:  &specs.Root{},
+ 		Hooks: &specs.Hooks{},
+ 	}
+ 	s.Mounts = []specs.Mount{
+@@ -128,9 +128,15 @@ func DefaultLinuxSpec() specs.Spec {
+ 			"/proc/keys",
+ 			"/proc/latency_stats",
+ 			"/proc/livepatch",
++			"/proc/lru_info",
++			"/proc/lru_info_file",
+ 			"/proc/memstat",
+ 			"/proc/net_namespace",
+ 			"/proc/oom_extend",
++			"/proc/pagealloc_statistics",
++			"/proc/pagealloc_bt",
++			"/proc/slaballoc_bt",
++			"/proc/slaballoc_module",
+ 			"/proc/sched_debug",
+ 			"/proc/scsi",
+ 			"/proc/sig_catch",
+-- 
+2.19.1
+

patch/0170-docker-fix-docker-load-files-leak.patch

@@ -0,0 +1,27 @@
+From e7dd426dc3d962eae0e934dcb8fe4d805f8ea4ca Mon Sep 17 00:00:00 2001
+From: liuzekun <liuzekun@huawei.com>
+Date: Wed, 16 Sep 2020 22:40:49 -0400
+Subject: [PATCH] fix docker load files leak
+
+Signed-off-by: liuzekun <liuzekun@huawei.com>
+---
+ components/engine/daemon/graphdriver/devmapper/deviceset.go | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/components/engine/daemon/graphdriver/devmapper/deviceset.go b/components/engine/daemon/graphdriver/devmapper/deviceset.go
+index f5c0b04..ff90c44 100644
+--- a/components/engine/daemon/graphdriver/devmapper/deviceset.go
++++ b/components/engine/daemon/graphdriver/devmapper/deviceset.go
+@@ -2285,6 +2285,9 @@ func (devices *DeviceSet) unmountAndDeactivateAll(dir string) {
+ 		// and the device will be released when that container dies.
+ 		if err := unix.Unmount(fullname, unix.MNT_DETACH); err != nil && err != unix.EINVAL {
+ 			logger.Warnf("Shutdown unmounting %s, error: %s", fullname, err)
++		} else if err == nil {
++			logger.Debugf("Remove %s", fullname)
++			os.RemoveAll(fullname)
+ 		}
+ 
+ 		if devInfo, err := devices.lookupDevice(name); err != nil {
+-- 
+2.19.1
+

patch/0171-docker-do-not-sync-if-BYPAAS_SYNC-is-false.patch

@@ -0,0 +1,28 @@
+From bbc6fce3870ff7f43c87efe13247bb185817aa67 Mon Sep 17 00:00:00 2001
+From: liuzekun <liuzekun@huawei.com>
+Date: Wed, 14 Oct 2020 04:36:56 -0400
+Subject: [PATCH] do not sync if BYPAAS_SYNC is false
+
+Signed-off-by: liuzekun <liuzekun@huawei.com>
+---
+ components/engine/pkg/devicemapper/devmapper.go | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/components/engine/pkg/devicemapper/devmapper.go b/components/engine/pkg/devicemapper/devmapper.go
+index 06ddc3e9..a5c30cb3 100644
+--- a/components/engine/pkg/devicemapper/devmapper.go
++++ b/components/engine/pkg/devicemapper/devmapper.go
+@@ -477,7 +477,9 @@ func BlockDeviceDiscard(path string) error {
+ 
+ 	// Without this sometimes the remove of the device that happens after
+ 	// discard fails with EBUSY.
+-	unix.Sync()
++	if os.Getenv("DOCKER_BYPASS_SYNC_SYSCALL") != "false" {
++		unix.Sync()
++	}
+ 
+ 	return nil
+ }
+-- 
+2.19.1
+

patch/0172-docker-fix-panic-on-single-character-volumes.patch

@@ -0,0 +1,27 @@
+From 0a2c746c0d560d18502f84078d233166934e9eb9 Mon Sep 17 00:00:00 2001
+From: liuzekun <liuzekun@huawei.com>
+Date: Wed, 11 Nov 2020 23:47:30 -0500
+Subject: [PATCH] fix panic on single-character volumes
+
+Signed-off-by: liuzekun <liuzekun@huawei.com>
+---
+ components/cli/cli/compose/loader/volume.go | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/components/cli/cli/compose/loader/volume.go b/components/cli/cli/compose/loader/volume.go
+index 9c2792e0..f043f4aa 100644
+--- a/components/cli/cli/compose/loader/volume.go
++++ b/components/cli/cli/compose/loader/volume.go
+@@ -111,6 +111,9 @@ func isFilePath(source string) bool {
+ 	case '.', '/', '~':
+ 		return true
+ 	}
++	if len([]rune(source)) == 1 {
++		return false
++	}
+ 
+ 	// windows named pipes
+ 	if strings.HasPrefix(source, `\\`) {
+-- 
+2.19.1
+

patch/0173-docker-fix-stats-memory-usage-display-error.patch

@@ -0,0 +1,38 @@
+From d26341e4c447ddbb6bd289845b7b47f0e4348c62 Mon Sep 17 00:00:00 2001
+From: xiadanni1 <xiadanni1@huawei.com>
+Date: Wed, 11 Nov 2020 17:35:06 +0800
+Subject: [PATCH] docker:fix stats memory usage display error 
+
+fix stats memory usage display error
+use total_inactive_file not cache to calculate memory usage
+The new stat definition corresponds to containerd/CRI and cadvisor.
+
+https://github.com/containerd/cri/blob/c1115d4e57f55a5f45fb3efd29d3181ce26d5c6a/pkg/server/container_stats_list_unix.go#L106-L129
+https://github.com/google/cadvisor/commit/307d1b1cb320fef66fab02db749f07a459245451
+
+Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
+Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
+---
+ components/cli/cli/command/container/stats_helpers.go | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/components/cli/cli/command/container/stats_helpers.go b/components/cli/cli/command/container/stats_helpers.go
+index 2300ce5..c254212 100644
+--- a/components/cli/cli/command/container/stats_helpers.go
++++ b/components/cli/cli/command/container/stats_helpers.go
+@@ -226,7 +226,11 @@ func calculateNetwork(network map[string]types.NetworkStats) (float64, float64)
+ // calculateMemUsageUnixNoCache calculate memory usage of the container.
+ // Page cache is intentionally excluded to avoid misinterpretation of the output.
+ func calculateMemUsageUnixNoCache(mem types.MemoryStats) float64 {
+-	return float64(mem.Usage - mem.Stats["cache"])
++	if v, isCgroup1 := mem.Stats["total_inactive_file"]; isCgroup1 && v < mem.Usage {
++		return float64(mem.Usage - v)
++	}
++
++	return float64(mem.Usage)
+ }
+ 
+ func calculateMemPercentUnixNoCache(limit float64, usedNoCache float64) float64 {
+-- 
+1.8.3.1
+

patch/0174-docker-add-more-messages-for-ops-when-device-not-fo.patch

@@ -0,0 +1,27 @@
+From 19ce3a9a435ddb67a4e7a081cd23bb5cc19abc92 Mon Sep 17 00:00:00 2001
+From: liuzekun <liuzekun@huawei.com>
+Date: Thu, 30 Jul 2020 05:09:42 -0400
+Subject: [PATCH] dockerd: add more messages for ops when device not found in
+ the host
+
+Signed-off-by: liuzekun <liuzekun@huawei.com>
+---
+ components/engine/daemon/daemon_unix.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go
+index 5a59b324..af50fa37 100644
+--- a/components/engine/daemon/daemon_unix.go
++++ b/components/engine/daemon/daemon_unix.go
+@@ -262,7 +262,7 @@ func getBlkioThrottleDevices(devs []*blkiodev.ThrottleDevice) ([]specs.LinuxThro
+ 
+ 	for _, d := range devs {
+ 		if err := unix.Stat(d.Path, &stat); err != nil {
+-			return nil, err
++			return nil, errors.Wrapf(err, "Failed to stat device %q", d.Path)
+ 		}
+ 		d := specs.LinuxThrottleDevice{Rate: d.Rate}
+ 		d.Major = int64(stat.Rdev / 256)
+-- 
+2.19.1
+

patch/0175-docker-mask-proc-pin_memory.patch

@@ -0,0 +1,25 @@
+From 017c3377f0bd5230c0fa1699bd193baa527f0b8f Mon Sep 17 00:00:00 2001
+From: xiadanni1 <xiadanni1@huawei.com>
+Date: Fri, 20 Nov 2020 18:34:45 +0800
+Subject: [PATCH] docker:mask /proc/pin_memory
+
+Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
+---
+ components/engine/oci/defaults.go | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/components/engine/oci/defaults.go b/components/engine/oci/defaults.go
+index ec748a6..e763cb7 100644
+--- a/components/engine/oci/defaults.go
++++ b/components/engine/oci/defaults.go
+@@ -135,6 +135,7 @@ func DefaultLinuxSpec() specs.Spec {
+ 			"/proc/oom_extend",
+ 			"/proc/pagealloc_statistics",
+ 			"/proc/pagealloc_bt",
++			"/proc/pin_memory",
+ 			"/proc/slaballoc_bt",
+ 			"/proc/slaballoc_module",
+ 			"/proc/sched_debug",
+-- 
+1.8.3.1
+

series.conf

@@ -156,3 +156,18 @@ patch/0157-docker-Support-check-manifest-and-layer-s-DiffID-inf.patch
 patch/0158-docker-support-private-registry.patch
 patch/0159-docker-extend-timeout-in-cli-testcases.patch
 patch/0160-docker-create-a-soft-link-from-runtime-default-to-ru.patch
+patch/0161-docker-Delete-stale-containerd-object-on-start-failure.patch
+patch/0162-docker-remove-redundant-word-item.patch
+patch/0163-docker-delete-event-is-not-need-to-process.patch
+patch/0164-docker-stat-process-exit-file-when-kill-process-dire.patch
+patch/0165-docker-sync-cli-vendor.patch
+patch/0167-docker-fix-CVE-2020-13401.patch
+patch/0168-docker-do-not-add-w-to-LDFLAGS.patch
+patch/0169-docker-add-files-in-proc-for-mask.patch
+patch/0170-docker-fix-docker-load-files-leak.patch
+patch/0171-docker-do-not-sync-if-BYPAAS_SYNC-is-false.patch
+patch/0172-docker-fix-panic-on-single-character-volumes.patch
+patch/0173-docker-fix-stats-memory-usage-display-error.patch
+patch/0174-docker-add-more-messages-for-ops-when-device-not-fo.patch
+patch/0175-docker-mask-proc-pin_memory.patch
+#end