Skip to content

Backport PRs #2460

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
helsaawy merged 2 commits into from
Jun 16, 2025
Merged

Backport PRs #2460

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e090580
[backport]Trim LCOW `GetProperties` response (#2458)
helsaawy Jun 16, 2025
9495cf4
[backport]Swap `EvalSymlinks` with `ResolvePath` (#2455)
helsaawy Jun 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion internal/gcs/bridge.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ const (
// maxMsgSize is the maximum size of an incoming message. This is not
// enforced by the guest today but some maximum must be set to avoid
// unbounded allocations.
//
// Matches HCS limitions on maximum (sent and received) message size.
maxMsgSize = 0x10000
)

Expand Down Expand Up @@ -266,7 +268,7 @@ func readMessage(r io.Reader) (int64, msgType, []byte, error) {
var h [hdrSize]byte
_, err := io.ReadFull(r, h[:])
if err != nil {
return 0, 0, nil, err
return 0, 0, nil, fmt.Errorf("header read: %w", err)
}
typ := msgType(binary.LittleEndian.Uint32(h[hdrOffType:]))
n := binary.LittleEndian.Uint32(h[hdrOffSize:])
Expand Down
10 changes: 10 additions & 0 deletions internal/guest/runtime/hcsv2/uvm.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
didx509resolver "github.com/Microsoft/didx509go/pkg/did-x509-resolver"
"github.com/Microsoft/hcsshim/pkg/annotations"
"github.com/Microsoft/hcsshim/pkg/securitypolicy"
cgroup1stats "github.com/containerd/cgroups/v3/cgroup1/stats"
"github.com/mattn/go-shellwords"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
Expand Down Expand Up @@ -837,7 +838,16 @@ func (h *Host) GetProperties(ctx context.Context, containerID string, query prot
if err != nil {
return nil, err
}
// zero out [Blkio] sections, since:
// 1. (Az)CRI (currently) only looks at the CPU and memory sections; and
// 2. it can get very large for containers with many layers
cgroupMetrics.Blkio.Reset()
// also preemptively zero out [Rdma] and [Network], since they could also grow untenable large
cgroupMetrics.Rdma.Reset()
cgroupMetrics.Network = []*cgroup1stats.NetworkStat{}
properties.Metrics = cgroupMetrics
default:
log.G(ctx).WithField("propertyType", requestedProperty).Warn("unknown or empty property type")
}
}

Expand Down
17 changes: 15 additions & 2 deletions internal/layers/lcow.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"path/filepath"
"strings"

"github.com/Microsoft/go-winio/pkg/fs"
"github.com/containerd/containerd/api/types"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
Expand Down Expand Up @@ -77,7 +78,13 @@ func (lc *lcowLayersCloser) Release(ctx context.Context) (retErr error) {
// Returns the path at which the `rootfs` of the container can be accessed. Also, returns the path inside the
// UVM at which container scratch directory is located. Usually, this path is the path at which the container
// scratch VHD is mounted. However, in case of scratch sharing this is a directory under the UVM scratch.
func MountLCOWLayers(ctx context.Context, containerID string, layers *LCOWLayers, guestRoot string, vm *uvm.UtilityVM) (_, _ string, _ resources.ResourceCloser, err error) {
func MountLCOWLayers(
ctx context.Context,
containerID string,
layers *LCOWLayers,
guestRoot string,
vm *uvm.UtilityVM,
) (_, _ string, _ resources.ResourceCloser, err error) {
if vm == nil {
return "", "", nil, errors.New("MountLCOWLayers cannot be called for process-isolated containers")
}
Expand Down Expand Up @@ -114,7 +121,13 @@ func MountLCOWLayers(ctx context.Context, containerID string, layers *LCOWLayers
}

hostPath := layers.ScratchVHDPath
hostPath, err = filepath.EvalSymlinks(hostPath)
// For LCOW, we can reuse another container's scratch space (usually the sandbox container's).
//
// When sharing a scratch space, the `hostPath` will be a symlink to the sandbox.vhdx location to use.
// When not sharing a scratch space, `hostPath` will be the path to the sandbox.vhdx to use.
//
// Evaluate the symlink here (if there is one).
hostPath, err = fs.ResolvePath(hostPath)
if err != nil {
return "", "", nil, fmt.Errorf("failed to eval symlinks on scratch path: %w", err)
}
Expand Down
10 changes: 6 additions & 4 deletions test/functional/make_uvm_cim_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,22 +12,24 @@ import (
"strings"
"testing"

"github.com/Microsoft/go-winio/pkg/fs"
"github.com/Microsoft/go-winio/pkg/guid"
"github.com/Microsoft/hcsshim/pkg/cimfs"
"github.com/Microsoft/hcsshim/pkg/extractuvm"
"github.com/google/go-containerregistry/pkg/crane"
v1 "github.com/google/go-containerregistry/pkg/v1"

"github.com/Microsoft/hcsshim/pkg/cimfs"
"github.com/Microsoft/hcsshim/pkg/extractuvm"
)

func compareFiles(t *testing.T, file1, file2 string) (bool, error) {
t.Helper()

file1, err := filepath.EvalSymlinks(file1)
file1, err := fs.ResolvePath(file1)
if err != nil {
return false, err
}

file2, err = filepath.EvalSymlinks(file2)
file2, err = fs.ResolvePath(file2)
if err != nil {
return false, err
}
Expand Down
Loading