Fix the race condition during GC of snapshots when client retries #10723
Conversation
|
Hi @saketjajoo. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/ok-to-test |
containerd#10723. Signed-off-by: Saket Jajoo <[email protected]>
saketjajoo
force-pushed
the
3787-race-condition-fix
branch
from
71f8f82 to
8f8408d
Compare
k8s-ci-robot
added
do-not-merge/contains-merge-commits
and removed
do-not-merge/contains-merge-commits
labels
saketjajoo
force-pushed
the
3787-race-condition-fix
branch
from
5aa1e5e to
2e3ff8b
Compare
saketjajoo
force-pushed
the
3787-race-condition-fix
branch
4 times, most recently
from
1ac79ea to
9d5bab3
Compare
|
/retest |
saketjajoo
force-pushed
the
3787-race-condition-fix
branch
2 times, most recently
from
a26e9b7 to
74eddad
Compare
saketjajoo
force-pushed
the
3787-race-condition-fix
branch
from
74eddad to
1588b7a
Compare
samuelkarp
added
cherry-pick/1.6.x
|
@saketjajoo are you able to reliable get this test to fail without the change? I was not able to get it to fail. The test is a bit complex and if it not validating the fix, I'm not sure we should include it. |
|
@dmcgowan The race condition is a bit difficult to replicate. For testing manually, I had to add a This test aims to check the behaviour of containerd when an image pull gets interrupted/cancelled and restarted again almost immediately, which is the situation causing the race condition (#3787). The test could add some confidence that the change does not cause any regressions. Let me know if you think that the test is irrelevant and needs to be removed. |
I think it should be removed. Its possible we can introduce a test in the future to trigger the condition more easily, but this test itself is relying on a race between context cancellation being handled before the pull is not completed. These sort of cases can cause flakiness in the CI environment which does not give us the same amount of concurrency that you would get on other machines. |
saketjajoo
force-pushed
the
3787-race-condition-fix
branch
from
1588b7a to
86a8655
Compare
When an upstream client (e.g. kubelet) stops or restarts, the CRI connection to the containerd gets interrupted which is treated as a cancellation of context which subsequently cancels an ongoing operation, including an image pull. This generally gets followed by containerd's GC routine that tries to delete the prepared snapshots for the image layer(s) corresponding to the image in the pull operation that got cancelled. However, if the upstream client immediately retries (or starts a new) image pull operation, containerd initiates a new image pull and starts unpacking the image layers into snapshots. This may create a race condition: the GC routine (corresponding to the failed image pull operation) trying to clean up the same snapshot that the new image pull operation is preparing, thus leading to the "parent snapshot does not exist: not found" error. Race Condition Scenario: Assume an image consisting of 2 layers (L1 and L2, L1 being the bottom layer) that are supposed to get unpacked into snapshots S1 and S2 respectively. During an image pull operation, containerd unpacks(L1) which involves Stat()'ing the chainID. This Stat() fails as the chainID does not exist and Prepare(L1) gets called. Once S1 gets prepared, containerd processes L2 - unpack(L2) which again involves Stat()'ing the chainID which fails as the chainID for S2 does not exist which results in the call to Prepare(L2). However, if the image pull operation gets cancelled before Prepare(L2) is called, then the GC routine tries to clean up S1. When the image pull operation is retried by the upstream client, containerd follows the same series of operations. unpack(L1) gets called which then calls Stat(chainID) for L1. However, this time, Stat(L1) succedes as S1 already exists (from the previous image pull operation) and thus containerd goes to the next iteration to unpack(L2). Now, GC cleans up S1 and when Prepare(L2) gets called, it returns back the "parent snapshot does not exist: not found" error. Fix: Removing the "Stat() + early return" fixes the race condition. Now during the image pull operation corresponding to the client retry, although the chainID (for L1) already exists, containerd does not return early and goes on to Prepare(L1). Since L1 is already prepared, it adds a new lease to S1 and then returns `ErrAlreadyExists`. This new lease prevents GC from cleaning up S1 when containerd processes L2 (unpack(L2) -> Prepare(L2)). Fixes: containerd#3787 Signed-off-by: Saket Jajoo <[email protected]>
saketjajoo
force-pushed
the
3787-race-condition-fix
branch
from
86a8655 to
d7f8303
Compare
|
I've removed the test. |
|
/retest |
|
/cherrypick release/1.7 |
|
@samuelkarp: new pull request created: #10763 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/cherrypick release/1.6 |
|
@samuelkarp: #10723 failed to apply on top of branch "release/1.6": In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
samuelkarp
added
cherry-picked/1.6.x
When an upstream client (e.g. kubelet) stops or restarts, the CRI connection to the containerd gets interrupted which is treated as a cancellation of context which subsequently cancels an ongoing operation, including an image pull. This generally gets followed by containerd's GC routine that tries to delete the prepared snapshots for the image layer(s) corresponding to the image in the pull operation that got cancelled. However, if the upstream client immediately retries (or starts a new) image pull operation, containerd initiates a new image pull and starts unpacking the image layers into snapshots. This may create a race condition: the GC routine (corresponding to the failed image pull operation) trying to clean up the same snapshot that the new image pull operation is preparing, thus leading to the "parent snapshot does not exist: not found" error.
Race Condition Scenario:
Assume an image consisting of 2 layers (L1 and L2, L1 being the bottom layer) that are supposed to get unpacked into snapshots S1 and S2 respectively.
During an image pull operation, containerd unpacks(L1) which involves Stat()'ing the chainID. This Stat() fails as the chainID does not exist and Prepare(L1) gets called. Once S1 gets prepared, containerd processes L2 - unpack(L2) which again involves Stat()'ing the chainID which fails as the chainID for S2 does not exist which results in the call to Prepare(L2). However, if the image pull operation gets cancelled before Prepare(L2) is called, then the GC routine tries to clean up S1.
When the image pull operation is retried by the upstream client, containerd follows the same series of operations. unpack(L1) gets called which then calls Stat(chainID) for L1. However, this time, Stat(L1) succedes as S1 already exists (from the previous image pull operation) and thus containerd goes to the next iteration to unpack(L2). Now, GC cleans up S1 and when Prepare(L2) gets called, it returns back the "parent snapshot does not exist: not found" error.
Fix:
Removing the "Stat() + early return" fixes the race condition. Now during the image pull operation corresponding to the client retry, although the chainID (for L1) already exists, containerd does not return early and goes on to Prepare(L1). Since L1 is already prepared, it adds a new lease to S1 and then returns
ErrAlreadyExists. This new lease prevents GC from cleaning up S1 when containerd processes L2 (unpack(L2) -> Prepare(L2)).Fixes: #3787