Fix some signal forwarder issues #4532
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously the signal loop can end up racing with the process exiting. Intead of logging and continuing the loop, exit early. Signed-off-by: Brian Goff <[email protected]>
cpuguy83
force-pushed
the
forward_signal_not_found
branch
from
ddaeb55 to
59f8a3a
Compare
Starting with go1.14, the go runtime hijacks SIGURG but with no way to not send to other signal handlers. In practice, we get this signal frequently. I found this while testing out go1.15 with ctr and multiple execs with only `echo hello`. When the process exits quickly, if the previous commit is not applied, you end up with an error message that it couldn't forward SIGURG to the container (due to the process being gone). Signed-off-by: Brian Goff <[email protected]>
cpuguy83
force-pushed
the
forward_signal_not_found
branch
from
59f8a3a to
899b4e3
Compare
|
Build succeeded.
|
AkihiroSuda
approved these changes
Sep 5, 2020
This was referenced Sep 8, 2020
fuweid
added
cherry-picked/1.3.x
cherry-picked/1.4.x
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Jan 12, 2021
When Docker/containerd binaries are compiled with Go 1.15 the containers generate many signal 23 (SIGURG) events which flood monitoring systems: kubernetes/kops#10388 The SIGURG signal does not kill the process but is generated by Go runtime scheduling: https://go.googlesource.com/proposal/+/master/design/24543-non-cooperative-preemption.md) Because the Go runtime does not know if the process expects external SIGURG signals, the signal is not filtered out but reported to the process: golang/go#37942 The process has to filter this signal out itself before forwarding it to, e.g,. children processes or logs. This change was introduced with the Go 1.15 update (actually Go 1.14 but Flatcar skipped that for Stable), however, while containerd has some workarounds in place, e.g., in containerd/containerd#4532 but there are still areas where the signal is not handled correctly. Until this is the case, downgrade to use the Go 1.13 compiler for Docker/containerd binaries. See flatcar/Flatcar#315
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Jan 12, 2021
When Docker/containerd binaries are compiled with Go 1.15 the containers generate many signal 23 (SIGURG) events which flood monitoring systems: kubernetes/kops#10388 The SIGURG signal does not kill the process but is generated by Go runtime scheduling: https://go.googlesource.com/proposal/+/master/design/24543-non-cooperative-preemption.md) Because the Go runtime does not know if the process expects external SIGURG signals, the signal is not filtered out but reported to the process: golang/go#37942 The process has to filter this signal out itself before forwarding it to, e.g,. children processes or logs. This change was introduced with the Go 1.15 update (actually Go 1.14 but Flatcar skipped that for Stable), however, while containerd has some workarounds in place, e.g., in containerd/containerd#4532 but there are still areas where the signal is not handled correctly. Until this is the case, downgrade to use the Go 1.13 compiler for Docker/containerd binaries. See flatcar/Flatcar#315
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Jan 13, 2021
When Docker/containerd binaries are compiled with Go 1.15 the containers generate many signal 23 (SIGURG) events which flood monitoring systems: kubernetes/kops#10388 The SIGURG signal does not kill the process but is generated by Go runtime scheduling: https://go.googlesource.com/proposal/+/master/design/24543-non-cooperative-preemption.md) Because the Go runtime does not know if the process expects external SIGURG signals, the signal is not filtered out but reported to the process: golang/go#37942 The process has to filter this signal out itself before forwarding it to, e.g,. children processes or logs. This change was introduced with the Go 1.15 update (actually Go 1.14 but Flatcar skipped that for Stable), however, while containerd has some workarounds in place, e.g., in containerd/containerd#4532 but there are still areas where the signal is not handled correctly. Until this is the case, downgrade to use the Go 1.13 compiler for Docker/containerd binaries. See flatcar/Flatcar#315
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Jan 18, 2021
When Docker/containerd binaries are compiled with Go 1.15 the containers generate many signal 23 (SIGURG) events which flood monitoring systems: kubernetes/kops#10388 The SIGURG signal does not kill the process but is generated by Go runtime scheduling: https://go.googlesource.com/proposal/+/master/design/24543-non-cooperative-preemption.md) Because the Go runtime does not know if the process expects external SIGURG signals, the signal is not filtered out but reported to the process: golang/go#37942 The process has to filter this signal out itself before forwarding it to, e.g,. children processes or logs. This change was introduced with the Go 1.15 update (actually Go 1.14 but Flatcar skipped that for Stable), however, while containerd has some workarounds in place, e.g., in containerd/containerd#4532 but there are still areas where the signal is not handled correctly. Until this is the case, downgrade to use the Go 1.13 compiler for Docker/containerd binaries. See flatcar/Flatcar#315
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Jan 18, 2021
When Docker/containerd binaries are compiled with Go 1.15 the containers generate many signal 23 (SIGURG) events which flood monitoring systems: kubernetes/kops#10388 The SIGURG signal does not kill the process but is generated by Go runtime scheduling: https://go.googlesource.com/proposal/+/master/design/24543-non-cooperative-preemption.md) Because the Go runtime does not know if the process expects external SIGURG signals, the signal is not filtered out but reported to the process: golang/go#37942 The process has to filter this signal out itself before forwarding it to, e.g,. children processes or logs. This change was introduced with the Go 1.15 update (actually Go 1.14 but Flatcar skipped that for Stable), however, while containerd has some workarounds in place, e.g., in containerd/containerd#4532 but there are still areas where the signal is not handled correctly. Until this is the case, downgrade to use the Go 1.13 compiler for Docker/containerd binaries. See flatcar/Flatcar#315
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Jan 18, 2021
When Docker/containerd binaries are compiled with Go 1.15 the containers generate many signal 23 (SIGURG) events which flood monitoring systems: kubernetes/kops#10388 The SIGURG signal does not kill the process but is generated by Go runtime scheduling: https://go.googlesource.com/proposal/+/master/design/24543-non-cooperative-preemption.md) Because the Go runtime does not know if the process expects external SIGURG signals, the signal is not filtered out but reported to the process: golang/go#37942 The process has to filter this signal out itself before forwarding it to, e.g,. children processes or logs. This change was introduced with the Go 1.15 update (actually Go 1.14 but Flatcar skipped that for Stable), however, while containerd has some workarounds in place, e.g., in containerd/containerd#4532 but there are still areas where the signal is not handled correctly. Until this is the case, downgrade to use the Go 1.13 compiler for Docker/containerd binaries. See flatcar/Flatcar#315
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Feb 1, 2021
When Docker/containerd binaries are compiled with Go 1.15 the containers generate many signal 23 (SIGURG) events which flood monitoring systems: kubernetes/kops#10388 The SIGURG signal does not kill the process but is generated by Go runtime scheduling: https://go.googlesource.com/proposal/+/master/design/24543-non-cooperative-preemption.md) Because the Go runtime does not know if the process expects external SIGURG signals, the signal is not filtered out but reported to the process: golang/go#37942 The process has to filter this signal out itself before forwarding it to, e.g,. children processes or logs. This change was introduced with the Go 1.15 update (actually Go 1.14 but Flatcar skipped that for Stable), however, while containerd has some workarounds in place, e.g., in containerd/containerd#4532 but there are still areas where the signal is not handled correctly. Until this is the case, downgrade to use the Go 1.13 compiler for Docker/containerd binaries. See flatcar/Flatcar#315
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Exit signal forward if process not found
Previously the signal loop can end up racing with the process exiting.
Intead of logging and continuing the loop, exit early.
Ignore SIGURG signals in signal forwarder
Starting with go1.14, the go runtime hijacks SIGURG but with no way to
not send to other signal handlers.
In practice, we get this signal frequently.
I found this while testing out go1.15 with ctr and multiple execs with
only
echo hello. When the process exits quickly, if the previouscommit is not applied, you end up with an error message that it couldn't
forward SIGURG to the container (due to the process being gone).