sandbox: Disconnect from agent after VM shutdown

When a one-shot pod dies in CRI-O, the shimv2 process isn't killed until the pod is actually deleted, even though the VM is shut down. In this case, the shim appears to busyloop when attempting to talk to the (now dead) agent via VSOCK. To address this, we disconnect from the agent after the VM is shut down. This is especially catastrophic for one-shot pods that may persist for hours or days, but it also applies to any shimv2 pod where Kata is configured to use VSOCK for communication. Backport of kata-containers/kata-containers#556 to kata-containers/runtime master branch. See github.com/kata-containers#2719 for details. Fixes kata-containers#2719 Signed-off-by: Evan Foster <[email protected]>
jcvenegas · Oct 19, 2020 · 7b09e96 · 7b09e96
1 parent 9d82056
commit 7b09e96
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/virtcontainers/sandbox.go b/virtcontainers/sandbox.go
@@ -1605,6 +1605,11 @@ func (s *Sandbox) Stop(force bool) error {
 		return err
 	}
 
+	// Stop communicating with the agent.
+	if err := s.agent.disconnect(); err != nil && !force {
+		return err
+	}
+
 	return nil
 }