From 32ee3fc3a369089ed1d0c4b943cdecf8c69c85c7 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Thu, 14 Dec 2017 20:57:15 +0100 Subject: [PATCH] commands: fix race when open()/close() cmd socket When we report STOPPED to a caller and then close the command socket it is technically possible - and I've seen this happen on the test builders - that a container start() right after a wait() will receive ECONNREFUSED because it called open() before we close(). So for all new state clients simply close the command socket. This will inform all state clients that the container is STOPPED and also prevents a race between a open()/close() on the command socket causing a new process to get ECONNREFUSED because we haven't yet closed the command socket. Signed-off-by: Christian Brauner --- src/lxc/start.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c index f7b55844f..9f8f2185d 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -758,11 +758,23 @@ void lxc_fini(const char *name, struct lxc_handler *handler) cgroup_destroy(handler); - lxc_set_state(name, handler, STOPPED); - - /* close command socket */ - close(handler->conf->maincmd_fd); - handler->conf->maincmd_fd = -1; + /* This function will try to connect to the legacy lxc-monitord state + * server and only exists for backwards compatibility. + */ + lxc_monitor_send_state(name, STOPPED, handler->lxcpath); + + if (handler->conf->reboot == 0) { + /* For all new state clients simply close the command socket. + * This will inform all state clients that the container is + * STOPPED and also prevents a race between a open()/close() on + * the command socket causing a new process to get ECONNREFUSED + * because we haven't yet closed the command socket. + */ + close(handler->conf->maincmd_fd); + handler->conf->maincmd_fd = -1; + } else { + lxc_set_state(name, handler, STOPPED); + } if (run_lxc_hooks(name, "post-stop", handler->conf, handler->lxcpath, NULL)) { ERROR("Failed to run lxc.hook.post-stop for container \"%s\".", name); -- 2.47.3