lvhi: add workaround for systemd issue on 5.4

Details on issue 603. Signed-off-by: Kornilios Kourtis <[email protected]>
cilium · Aug 15, 2024 · 6158a32 · 6158a32
1 parent 35bb67e
commit 6158a32
Show file tree

Hide file tree

Showing 5 changed files with 126 additions and 0 deletions.
diff --git a/Makefile b/Makefile
@@ -79,3 +79,10 @@ complexity-test: kernel-images root-images
 			--build-arg ROOT_IMAGES_TAG=$(ROOT_IMAGES_TAG) \
 			-f dockerfiles/complexity-test-images -t $(COMPLEXITY_TEST_IMAGES):$$v . ; \
 	done
+
+.PHONY: systemd-workaround
+systemd-workaround:
+	$(DOCKER) rm systemd-workaround-builder || true
+	$(DOCKER) run -v $(CURDIR)/systemd-workaround:/src:Z --name systemd-workaround-builder gcc:14 sh -c 'make -C /src'
+	cp $(CURDIR)/systemd-workaround/systemd-pidfd-fix.so _data/bootstrap/
+	$(DOCKER) rm systemd-workaround-builder
diff --git a/_data/images.json b/_data/images.json
@@ -50,6 +50,22 @@
                     "Line": "fs.inotify.max_user_instances = 512"
                 },
                 "type": "append-line"
+            },
+            {
+                "comment": "systemd workaround: copy .so",
+                "op": {
+                    "LocalPath": "bootstrap/systemd-pidfd-fix.so",
+                    "RemoteDir": "/"
+                },
+                "type": "copy-in"
+            },
+            {
+                "comment": "set preload",
+                "op": {
+                    "File": "/etc/ld.so.preload",
+                    "Line": "/systemd-pidfd-fix.so"
+                },
+                "type": "append-line"
             }
         ]
     },
@@ -186,6 +202,22 @@
                     "Cmd": "/bootstrap/deb-k8s.sh"
                 },
                 "type": "run-command"
+            },
+            {
+                "comment": "systemd workaround: copy .so",
+                "op": {
+                    "LocalPath": "bootstrap/systemd-pidfd-fix.so",
+                    "RemoteDir": "/"
+                },
+                "type": "copy-in"
+            },
+            {
+                "comment": "set preload",
+                "op": {
+                    "File": "/etc/ld.so.preload",
+                    "Line": "/systemd-pidfd-fix.so"
+                },
+                "type": "append-line"
             }
         ]
     },
@@ -278,6 +310,22 @@
                     "Cmd": "/bootstrap/deb-docker.sh"
                 },
                 "type": "run-command"
+            },
+            {
+                "comment": "systemd workaround: copy .so",
+                "op": {
+                    "LocalPath": "bootstrap/systemd-pidfd-fix.so",
+                    "RemoteDir": "/"
+                },
+                "type": "copy-in"
+            },
+            {
+                "comment": "set preload",
+                "op": {
+                    "File": "/etc/ld.so.preload",
+                    "Line": "/systemd-pidfd-fix.so"
+                },
+                "type": "append-line"
             }
         ]
     }

diff --git a/dockerfiles/root-images b/dockerfiles/root-images
@@ -4,9 +4,17 @@
 
 ARG ROOT_BUILDER_TAG=invalid
 
+FROM gcc:14 AS systemd-workaround-builder
+COPY systemd-workaround /src
+RUN make -C /src
+
 FROM quay.io/lvh-images/root-builder-ci:"${ROOT_BUILDER_TAG}" AS builder
 COPY _data /data
+COPY --from=systemd-workaround-builder /src/systemd-pidfd-fix.so /data/bootstrap/systemd-pidfd-fix.so
+
 RUN lvh version
+
+
 # mmdebstrap outputs messages in stderr, so we redirect stderr
 #
 # You cannot use KVM during docker build anyway (without insecure option), it

diff --git a/systemd-workaround/Makefile b/systemd-workaround/Makefile
@@ -0,0 +1,13 @@
+
+CC=gcc
+CFLAGS=-Wall -O2
+
+.PHONY: all
+all: systemd-pidfd-fix.so
+
+systemd-pidfd-fix.so: systemd-pidfd-fix.c
+	$(CC) $(CFLAGS) -ldl -fPIC -shared -o $@ $<
+
+.PHONY: clean
+clean:
+	rm -f systemd-pidfd-fix.so
diff --git a/systemd-workaround/systemd-pidfd-fix.c b/systemd-workaround/systemd-pidfd-fix.c
@@ -0,0 +1,50 @@
+#define _GNU_SOURCE
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <spawn.h>
+#include <sys/utsname.h>
+#include <dlfcn.h>
+#include <ctype.h>
+
+int pidfd_spawn(int *restrict pidfd,
+	const char *restrict file,
+	const posix_spawn_file_actions_t *restrict facts,
+	const posix_spawnattr_t *restrict attrp,
+	char *const argv[restrict],
+	char *const envp[restrict]);
+
+int pidfd_spawn (int *restrict pidfd,
+	const char *restrict file,
+	const posix_spawn_file_actions_t *restrict facts,
+	const posix_spawnattr_t *restrict attrp,
+	char *const argv[restrict],
+	char *const envp[restrict])
+{
+	struct utsname buff;
+	if (uname(&buff) == 0) {
+		long ver[16];
+		int i = 0;
+		char *p = buff.release;
+		while (*p) {
+        		if (isdigit(*p)) {
+            			ver[i] = strtol(p, &p, 10);
+            			i++;
+        		} else {
+            			p++;
+        		}
+    		}
+		printf("%ld.%ld.%ld\n", ver[0], ver[1], ver[2]);
+		if (ver[0] <= 5 && ver[0] < 7) {
+			return ENOSYS;
+		}
+	}
+
+	typeof(pidfd_spawn) *f = dlsym(RTLD_NEXT, "pidfd_spawn");
+	if (!f) {
+		return EINVAL;
+	}
+
+	return f(pidfd, file, facts, attrp, argv, envp);
+}