Skip to content

Implement the ability to record the exit code from the entrypoint in userspace #312

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Apr 29, 2025
Merged

Implement the ability to record the exit code from the entrypoint in userspace #312

merged 4 commits into from
Apr 29, 2025

Conversation

@slp
Copy link
Collaborator

@slp slp commented Apr 9, 2025 

For the container use case, we need to relay the exit code from
userspace in the microVM all the way to the process using libkrun to
launch the VMM.

Since ioctls are passed mostly unmodified from userspace in the guest
to the virtio-fs device, we can use them as a mechanism for transporting
this information without requiring any specific support in the guest's
kernel.

Here we create an AtomicI32 and wire it up between virtio-fs and Vmm,
using it as exit code if userspace has set it to some value other than
i32::MAX. Otherwise, we keep using the vCPU exit code, as we did before.

@slp
Copy link
Collaborator Author

slp commented Apr 9, 2025

Fixes #306, containers/crun#1694 and containers/crun#1688

nohajc
nohajc reviewed Apr 9, 2025
View reviewed changes
mtjhrc
mtjhrc requested changes Apr 10, 2025
View reviewed changes
Copy link
Collaborator

@mtjhrc mtjhrc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good, but please add some documentation to krun_start_enter about the special exit codes. I would say they are now part of our public API - podman relies on them to fix the mentioned issues.

slp added 3 commits April 21, 2025 08:16
@slp
virtio/fs: implement an ioctl to receive exit_code
2aa5cfa 
For the container use case, we need to relay the exit code from
userspace in the microVM all the way to the process using libkrun to
launch the VMM.

Since ioctls are passed mostly unmodified from userspace in the guest
to the virtio-fs device, we can use them as a mechanism for transporting
this information without requiring any specific support in the guest's
kernel.

Here we create an AtomicI32 and wire it up between virtio-fs and Vmm,
using it as exit code if userspace has set it to some value other than
i32::MAX. Otherwise, we keep using the vCPU exit code, as we did before.

Signed-off-by: Sergio Lopez <slp@redhat.com>
@slp
virtio/fs/macos: fix INIT_BINARY read with offset
c470692 
We already fixed this for Linux a while ago, do the same for the macOS
implementation.

Signed-off-by: Sergio Lopez <slp@redhat.com>
@slp
init: record exit code of the entrypoint
2c06cad 
Use the newly added exit code recording feature in virtio-fs to record
the exit code from workload's entrypoint.

We need to stop ignoring SIGCHLD, as otherwise waitpid doesn't record
the exit code of our child, which also means we need to do a waitpid
on every children to ensure we aren't leaving zombie processes.

Signed-off-by: Sergio Lopez <slp@redhat.com>
@slp slp force-pushed the record-exit-code branch from 38d8608 to b432306 Compare April 21, 2025 12:16
@slp
Copy link
Collaborator Author

slp commented Apr 21, 2025

I think I've addressed all the feedback.

tylerfanelli
tylerfanelli reviewed Apr 21, 2025
View reviewed changes
tylerfanelli
tylerfanelli previously approved these changes Apr 22, 2025
View reviewed changes
mtjhrc
mtjhrc requested changes Apr 23, 2025
View reviewed changes
@slp @mtjhrc
init: use the same exit codes as chroot/podman
ca35ca1 
For consistency for the container isolation use case, let's use in init
the same exit codes as chroot and podman do:

 125: "init" cannot set up the environment inside the microVM.
 126: "init" can find the executable to be run inside the microVM but cannot not execute it.
 127: "init" cannot find the executable to be run inside the microVM.

Co-authored-by: Matej Hrica <30753707+mtjhrc@users.noreply.github.com>
Signed-off-by: Sergio Lopez <slp@redhat.com>
@slp slp force-pushed the record-exit-code branch from 9551a38 to ca35ca1 Compare April 24, 2025 11:28
mtjhrc
mtjhrc approved these changes Apr 24, 2025
View reviewed changes
Copy link
Collaborator

@mtjhrc mtjhrc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good now!

@slp slp merged commit a137a2f into containers:main Apr 29, 2025
6 checks passed
@slp slp deleted the record-exit-code branch April 29, 2025 16:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtjhrc mtjhrc mtjhrc approved these changes

@tylerfanelli tylerfanelli tylerfanelli approved these changes

@jakecorrenti jakecorrenti Awaiting requested review from jakecorrenti jakecorrenti is a code owner

@MatiasVara MatiasVara Awaiting requested review from MatiasVara MatiasVara is a code owner

+1 more reviewer

@nohajc nohajc nohajc left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@slp @nohajc @mtjhrc @tylerfanelli