Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BACKPORT/22.1.x] Multiple backports #4688

Merged
merged 3 commits into from
Apr 23, 2022
Merged

[BACKPORT/22.1.x] Multiple backports #4688

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0e8ada1
go/worker/compute: Only advertise active version for TEE runtimes
kostko Apr 22, 2022
654d5d9
go/worker/compute: Do not advertise old versions
kostko Apr 22, 2022
0131668
go/runtime/host/sandbox: Properly handle clone3 in seccomp policy
kostko Apr 23, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .changelog/4683.bugfix.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
go/worker/compute: Only advertise active version for TEE runtimes

Previously this caused additional downtime on upgrades due to capability
updates not being allowed.
13 changes: 13 additions & 0 deletions .changelog/4687.bugfix.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
go/runtime/host/sandbox: Properly handle clone3 in seccomp policy

We need to handle the clone3 syscall in a special manner as there are
several complications to its handling:

- Newer glibc versions will try clone3 first and if they see EPERM they
will instantly fail making the program unable to spawn threads.

- The clone3 syscall is much more complex than clone and so we can't
simply inspect its flags as we do for clone.

Therefore we need to reject the syscall with ENOSYS, causing fallback to
clone.
19 changes: 19 additions & 0 deletions go/runtime/host/sandbox/process/seccomp_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -355,5 +355,24 @@ func generateSeccompPolicy(out *os.File) error {
return err
}

// We need to handle the clone3 syscall in a special manner as there are several complications
// to its handling:
//
// - Newer glibc versions will try clone3 first and if they see EPERM they will instantly fail
// making the program unable to spawn threads.
//
// - The clone3 syscall is much more complex than clone and so we can't simply inspect its flags
// as above for clone.
//
// Therefore we need to reject the syscall with ENOSYS, causing fallback to clone.
clone3ID, err := seccomp.GetSyscallFromName("clone3")
if err != nil {
return err
}
err = filter.AddRule(clone3ID, seccomp.ActErrno.SetReturnCode(int16(syscall.ENOSYS)))
if err != nil {
return err
}

return filter.ExportBPF(out)
}
16 changes: 13 additions & 3 deletions go/worker/compute/executor/committee/node.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1532,10 +1532,20 @@ func (n *Node) nudgeAvailability(force bool) {

n.roleProvider.SetAvailable(func(nd *node.Node) error {
for _, version := range n.commonNode.Runtime.HostVersions() {
rt := nd.AddOrUpdateRuntime(n.commonNode.Runtime.ID(), version)
if rt.Version == n.runtimeVersion {
rt.Capabilities.TEE = n.runtimeCapabilityTEE
// For TEE-enabled runtimes we can only advertise the active version as this will
// otherwise cause additional downtime on upgrades due to capability updates not
// being allowed.
if n.runtimeCapabilityTEE != nil && version != n.runtimeVersion {
continue
}

// Skip sending any old versions that will never be active again.
if version.ToU64() < n.runtimeVersion.ToU64() {
continue
}

rt := nd.AddOrUpdateRuntime(n.commonNode.Runtime.ID(), version)
rt.Capabilities.TEE = n.runtimeCapabilityTEE
}
return nil
})
Expand Down