Fix race condition with daemonized jailer in startVMM #666
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When using jailer with Daemonize: true, the jailer parent process exits immediately after forking the child firecracker process. This caused a race condition where the SDK's process monitoring goroutine would detect the parent exit and send to errCh before waitForSocket() could establish the socket connection, causing startVMM to fail prematurely. This change modifies the process monitoring logic to treat a clean exit (status=0) of a daemonized jailer parent as expected behavior rather than an error condition. The goroutine now returns early in this case, allowing waitForSocket() and other initialization logic to complete normally. The actual firecracker child process continues running in daemon mode and creates the API socket as expected. Signed-off-by: Adam Thomason <[email protected]>
…rom the Shutdown receiver to trigger startVMM to continue when using daemonized jailer process. Signed-off-by: Adam Thomason <[email protected]>
Contributor
Author
|
The initial commit for this PR caused issues with cleanup, as the startVMM cleanup methods were never called due to immediate return. I've implemented an additional "shutdownCh" channel on the Machine struct which is closed when the Shtudown receiver is called. |
sondavidb
approved these changes
Aug 1, 2025
Contributor
sondavidb
left a comment
sondavidb
left a comment
There was a problem hiding this comment.
Hey, thanks for the contribution! The changes look fine to me, ideally we'd add this to out testing suite but I can't really think of a good way to test this race condition. (Maybe someone else might have an idea for this?)
Contributor
Author
|
Thanks for the review @sondavidb. Agreed, it would be nice for it to be added to tests but I too couldn't quite think of a nice way of doing this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
When using jailer with Daemonize: true, the jailer parent process exits immediately after forking the child firecracker process. This caused a race condition where the SDK's process monitoring goroutine would detect the parent exit and send to errCh before waitForSocket() could establish the socket connection, causing startVMM to fail prematurely.
This change modifies the process monitoring logic to treat a clean exit (status=0) of a daemonized jailer parent as expected behavior rather than an error condition. The goroutine now returns early in this case, allowing waitForSocket() and other initialization logic to complete normally.
The actual firecracker child process continues running in daemon mode and creates the API socket as expected.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.