Merge pull request #2411 from crazy-max/tpmfs-size

add size to tmpfs mounts
moby · Oct 18, 2021 · 41c0a18 · 41c0a18
2 parents 9dd4ec0 + 32d95c8
commit 41c0a18
Show file tree

Hide file tree

Showing 18 changed files with 570 additions and 304 deletions.
diff --git a/client/client_test.go b/client/client_test.go
@@ -536,8 +536,10 @@ func testShmSize(t *testing.T, sb integration.Sandbox) {
 	require.NoError(t, err)
 	defer c.Close()
 
-	st := llb.Image("busybox:latest").
-		Run(llb.Shlex(`sh -c 'mount | grep /dev/shm > /out/out'`), llb.WithShmSize(128*1024))
+	st := llb.Image("busybox:latest").Run(
+		llb.AddMount("/dev/shm", llb.Scratch(), llb.Tmpfs(llb.TmpfsSize(128*1024))),
+		llb.Shlex(`sh -c 'mount | grep /dev/shm > /out/out'`),
+	)
 
 	out := st.AddMount("/out", llb.Scratch())
 	def, err := out.Marshal(sb.Context())

diff --git a/client/llb/exec.go b/client/llb/exec.go
@@ -43,6 +43,7 @@ type mount struct {
 	selector     string
 	cacheID      string
 	tmpfs        bool
+	tmpfsOpt     TmpfsInfo
 	cacheSharing CacheMountSharingMode
 	noOutput     bool
 }
@@ -205,14 +206,6 @@ func (e *ExecOp) Marshal(ctx context.Context, c *Constraints) (digest.Digest, []
 		meta.ExtraHosts = hosts
 	}
 
-	shmSize, err := getShmSize(e.base)(ctx, c)
-	if err != nil {
-		return "", nil, nil, nil, err
-	}
-	if shmSize != nil {
-		meta.ShmSize = *shmSize
-	}
-
 	ulimits, err := getUlimit(e.base)(ctx, c)
 	if err != nil {
 		return "", nil, nil, nil, err
@@ -275,6 +268,9 @@ func (e *ExecOp) Marshal(ctx context.Context, c *Constraints) (digest.Digest, []
 			addCap(&e.constraints, pb.CapExecMountCacheSharing)
 		} else if m.tmpfs {
 			addCap(&e.constraints, pb.CapExecMountTmpfs)
+			if m.tmpfsOpt.Size > 0 {
+				addCap(&e.constraints, pb.CapExecMountTmpfsSize)
+			}
 		} else if m.source != nil {
 			addCap(&e.constraints, pb.CapExecMountBind)
 		}
@@ -359,6 +355,9 @@ func (e *ExecOp) Marshal(ctx context.Context, c *Constraints) (digest.Digest, []
 		}
 		if m.tmpfs {
 			pm.MountType = pb.MountType_TMPFS
+			pm.TmpfsOpt = &pb.TmpfsOpt{
+				Size_: m.tmpfsOpt.Size,
+			}
 		}
 		peo.Mounts = append(peo.Mounts, pm)
 	}
@@ -479,12 +478,37 @@ func AsPersistentCacheDir(id string, sharing CacheMountSharingMode) MountOption
 	}
 }
 
-func Tmpfs() MountOption {
+func Tmpfs(opts ...TmpfsOption) MountOption {
 	return func(m *mount) {
+		t := &TmpfsInfo{}
+		for _, opt := range opts {
+			opt.SetTmpfsOption(t)
+		}
 		m.tmpfs = true
+		m.tmpfsOpt = *t
 	}
 }
 
+type TmpfsOption interface {
+	SetTmpfsOption(*TmpfsInfo)
+}
+
+type tmpfsOptionFunc func(*TmpfsInfo)
+
+func (fn tmpfsOptionFunc) SetTmpfsOption(ti *TmpfsInfo) {
+	fn(ti)
+}
+
+func TmpfsSize(kb int64) TmpfsOption {
+	return tmpfsOptionFunc(func(ti *TmpfsInfo) {
+		ti.Size = kb
+	})
+}
+
+type TmpfsInfo struct {
+	Size int64
+}
+
 type RunOption interface {
 	SetRunOption(es *ExecInfo)
 }
@@ -524,12 +548,6 @@ func AddExtraHost(host string, ip net.IP) RunOption {
 	})
 }
 
-func WithShmSize(kb int64) RunOption {
-	return runOptionFunc(func(ei *ExecInfo) {
-		ei.State = ei.State.WithShmSize(kb)
-	})
-}
-
 func AddUlimit(name UlimitName, soft int64, hard int64) RunOption {
 	return runOptionFunc(func(ei *ExecInfo) {
 		ei.State = ei.State.AddUlimit(name, soft, hard)

diff --git a/client/llb/meta.go b/client/llb/meta.go
@@ -20,7 +20,6 @@ var (
 	keyEnv       = contextKeyT("llb.exec.env")
 	keyExtraHost = contextKeyT("llb.exec.extrahost")
 	keyHostname  = contextKeyT("llb.exec.hostname")
-	keyShmSize   = contextKeyT("llb.exec.shmsize")
 	keyUlimit    = contextKeyT("llb.exec.ulimit")
 	keyUser      = contextKeyT("llb.exec.user")
 
@@ -235,26 +234,6 @@ type HostIP struct {
 	IP   net.IP
 }
 
-func shmSize(kb int64) StateOption {
-	return func(s State) State {
-		return s.WithValue(keyShmSize, kb)
-	}
-}
-
-func getShmSize(s State) func(context.Context, *Constraints) (*int64, error) {
-	return func(ctx context.Context, c *Constraints) (*int64, error) {
-		v, err := s.getValue(keyShmSize)(ctx, c)
-		if err != nil {
-			return nil, err
-		}
-		if v != nil {
-			kb := v.(int64)
-			return &kb, nil
-		}
-		return nil, nil
-	}
-}
-
 func ulimit(name UlimitName, soft int64, hard int64) StateOption {
 	return func(s State) State {
 		return s.withValue(keyUlimit, func(ctx context.Context, c *Constraints) (interface{}, error) {

diff --git a/client/llb/state.go b/client/llb/state.go
@@ -397,10 +397,6 @@ func (s State) AddExtraHost(host string, ip net.IP) State {
 	return extraHost(host, ip)(s)
 }
 
-func (s State) WithShmSize(kb int64) State {
-	return shmSize(kb)(s)
-}
-
 func (s State) AddUlimit(name UlimitName, soft int64, hard int64) State {
 	return ulimit(name, soft, hard)(s)
 }

diff --git a/executor/executor.go b/executor/executor.go
@@ -18,7 +18,6 @@ type Meta struct {
 	Tty            bool
 	ReadonlyRootFS bool
 	ExtraHosts     []HostIP
-	ShmSize        int64
 	Ulimit         []*pb.Ulimit
 	NetMode        pb.NetMode
 	SecurityMode   pb.SecurityMode

diff --git a/executor/oci/mounts.go b/executor/oci/mounts.go
@@ -100,3 +100,17 @@ func withBoundProc() oci.SpecOpts {
 		return nil
 	}
 }
+
+func dedupMounts(mnts []specs.Mount) []specs.Mount {
+	ret := make([]specs.Mount, 0, len(mnts))
+	visited := make(map[string]int)
+	for i, mnt := range mnts {
+		if j, ok := visited[mnt.Destination]; ok {
+			ret[j] = mnt
+		} else {
+			visited[mnt.Destination] = i
+			ret = append(ret, mnt)
+		}
+	}
+	return ret
+}
diff --git a/executor/oci/mounts_test.go b/executor/oci/mounts_test.go
@@ -8,8 +8,56 @@ import (
 	"github.com/moby/buildkit/util/appcontext"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
+// The default mount-list from containerd
+// https://github.com/containerd/containerd/blob/main/oci/mounts.go
+var containerdDefMounts = []specs.Mount{
+	{
+		Destination: "/proc",
+		Type:        "proc",
+		Source:      "proc",
+		Options:     []string{"nosuid", "noexec", "nodev"},
+	},
+	{
+		Destination: "/dev",
+		Type:        "tmpfs",
+		Source:      "tmpfs",
+		Options:     []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
+	},
+	{
+		Destination: "/dev/pts",
+		Type:        "devpts",
+		Source:      "devpts",
+		Options:     []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"},
+	},
+	{
+		Destination: "/dev/shm",
+		Type:        "tmpfs",
+		Source:      "shm",
+		Options:     []string{"nosuid", "noexec", "nodev", "mode=1777", "size=65536k"},
+	},
+	{
+		Destination: "/dev/mqueue",
+		Type:        "mqueue",
+		Source:      "mqueue",
+		Options:     []string{"nosuid", "noexec", "nodev"},
+	},
+	{
+		Destination: "/sys",
+		Type:        "sysfs",
+		Source:      "sysfs",
+		Options:     []string{"nosuid", "noexec", "nodev", "ro"},
+	},
+	{
+		Destination: "/run",
+		Type:        "tmpfs",
+		Source:      "tmpfs",
+		Options:     []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
+	},
+}
+
 func TestHasPrefix(t *testing.T) {
 	type testCase struct {
 		path     string
@@ -99,56 +147,53 @@ func TestHasPrefix(t *testing.T) {
 }
 
 func TestWithRemovedMounts(t *testing.T) {
-	// The default mount-list from containerd
 	s := oci.Spec{
-		Mounts: []specs.Mount{
-			{
-				Destination: "/proc",
-				Type:        "proc",
-				Source:      "proc",
-				Options:     []string{"nosuid", "noexec", "nodev"},
-			},
-			{
-				Destination: "/dev",
-				Type:        "tmpfs",
-				Source:      "tmpfs",
-				Options:     []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
-			},
-			{
-				Destination: "/dev/pts",
-				Type:        "devpts",
-				Source:      "devpts",
-				Options:     []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"},
-			},
+		Mounts: containerdDefMounts,
+	}
+
+	oldLen := len(s.Mounts)
+	err := withRemovedMount("/run")(appcontext.Context(), nil, nil, &s)
+	assert.NoError(t, err)
+	assert.Equal(t, oldLen-1, len(s.Mounts))
+}
+
+func TestDedupMounts(t *testing.T) {
+	s := oci.Spec{
+		Mounts: append(containerdDefMounts, []specs.Mount{
 			{
 				Destination: "/dev/shm",
 				Type:        "tmpfs",
 				Source:      "shm",
-				Options:     []string{"nosuid", "noexec", "nodev", "mode=1777", "size=65536k"},
+				Options:     []string{"nosuid", "size=131072k"},
+			},
+			{
+				Destination: "/foo",
+				Type:        "bind",
+				Source:      "/bar",
+				Options:     []string{"nosuid", "noexec", "nodev", "rbind", "ro"},
 			},
 			{
 				Destination: "/dev/mqueue",
 				Type:        "mqueue",
 				Source:      "mqueue",
-				Options:     []string{"nosuid", "noexec", "nodev"},
-			},
-			{
-				Destination: "/sys",
-				Type:        "sysfs",
-				Source:      "sysfs",
-				Options:     []string{"nosuid", "noexec", "nodev", "ro"},
+				Options:     []string{"nosuid"},
 			},
-			{
-				Destination: "/run",
-				Type:        "tmpfs",
-				Source:      "tmpfs",
-				Options:     []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
-			},
-		},
+		}...),
 	}
 
-	oldLen := len(s.Mounts)
-	err := withRemovedMount("/run")(appcontext.Context(), nil, nil, &s)
-	assert.NoError(t, err)
-	assert.Equal(t, oldLen-1, len(s.Mounts))
+	mntsLen := len(s.Mounts)
+	s.Mounts = dedupMounts(s.Mounts)
+	require.Equal(t, mntsLen-2, len(s.Mounts))
+	assert.Equal(t, specs.Mount{
+		Destination: "/dev/shm",
+		Type:        "tmpfs",
+		Source:      "shm",
+		Options:     []string{"nosuid", "size=131072k"},
+	}, s.Mounts[3])
+	assert.Equal(t, specs.Mount{
+		Destination: "/foo",
+		Type:        "bind",
+		Source:      "/bar",
+		Options:     []string{"nosuid", "noexec", "nodev", "rbind", "ro"},
+	}, s.Mounts[len(s.Mounts)-1])
 }
diff --git a/executor/oci/spec.go b/executor/oci/spec.go
@@ -97,10 +97,6 @@ func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mou
 		oci.WithHostname(hostname),
 	)
 
-	if meta.ShmSize > 0 {
-		opts = append(opts, oci.WithDevShmSize(meta.ShmSize))
-	}
-
 	s, err := oci.GenerateSpec(ctx, nil, c, opts...)
 	if err != nil {
 		return nil, nil, err
@@ -168,6 +164,7 @@ func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mou
 		})
 	}
 
+	s.Mounts = dedupMounts(s.Mounts)
 	return s, releaseAll, nil
 }
 

diff --git a/frontend/dockerfile/dockerfile2llb/convert.go b/frontend/dockerfile/dockerfile2llb/convert.go
@@ -810,8 +810,11 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE
 	for _, h := range dopt.extraHosts {
 		opt = append(opt, llb.AddExtraHost(h.Host, h.IP))
 	}
-	if dopt.shmSize > 0 {
-		opt = append(opt, llb.WithShmSize(dopt.shmSize))
+
+	if dopt.llbCaps != nil && dopt.llbCaps.Supports(pb.CapExecMountTmpfsSize) == nil {
+		if dopt.shmSize > 0 {
+			opt = append(opt, llb.AddMount("/dev/shm", llb.Scratch(), llb.Tmpfs(llb.TmpfsSize(dopt.shmSize))))
+		}
 	}
 
 	d.state = d.state.Run(opt...).Root()

diff --git a/frontend/dockerfile/dockerfile2llb/convert_runmount.go b/frontend/dockerfile/dockerfile2llb/convert_runmount.go
@@ -95,7 +95,9 @@ func dispatchRunMounts(d *dispatchState, c *instructions.RunCommand, sources []*
 		var mountOpts []llb.MountOption
 		if mount.Type == instructions.MountTypeTmpfs {
 			st = llb.Scratch()
-			mountOpts = append(mountOpts, llb.Tmpfs())
+			mountOpts = append(mountOpts, llb.Tmpfs(
+				llb.TmpfsSize(mount.SizeLimit),
+			))
 		}
 		if mount.Type == instructions.MountTypeSecret {
 			secret, err := dispatchSecret(mount)

diff --git a/frontend/dockerfile/docs/syntax.md b/frontend/dockerfile/docs/syntax.md
@@ -96,6 +96,7 @@ This mount type allows mounting tmpfs in the build container.
 |Option               |Description|
 |---------------------|-----------|
 |`target` (required)  | Mount path.|
+|`size`               | Specify an upper limit on the size of the filesystem.|
 
 
 ### `RUN --mount=type=secret`