Simplify synchronization between runsc and sandbox process

Make 'runsc create' join cgroup before creating sandbox process.
This removes the need to synchronize platform creation and ensure
that sandbox process is charged to the right cgroup from the start.

PiperOrigin-RevId: 227166451
Change-Id: Ieb4b18e6ca0daf7b331dc897699ca419bc5ee3a2

2 files changed, 23 insertions, 47 deletions

diff --git a/runsc/boot/controller.go b/runsc/boot/controller.go
index 05d4f3a5b..36e9d2c6b 100644
--- a/runsc/boot/controller.go
+++ b/runsc/boot/controller.go
@@ -81,9 +81,6 @@ const (
 	// and return its ExitStatus.
 	ContainerWait = "containerManager.Wait"
 
-	// ContainerWaitForLoader blocks until the container's loader has been created.
-	ContainerWaitForLoader = "containerManager.WaitForLoader"
-
 	// ContainerWaitPID is used to wait on a process with a certain PID in
 	// the sandbox and return its ExitStatus.
 	ContainerWaitPID = "containerManager.WaitPID"
@@ -115,21 +112,22 @@ type controller struct {
 	manager *containerManager
 }
 
-// newController creates a new controller and starts it listening.
-func newController(fd int, k *kernel.Kernel, w *watchdog.Watchdog) (*controller, error) {
+// newController creates a new controller. The caller must call
+// controller.srv.StartServing() to start the controller.
+func newController(fd int, l *Loader) (*controller, error) {
 	srv, err := server.CreateFromFD(fd)
 	if err != nil {
 		return nil, err
 	}
 
 	manager := &containerManager{
-		startChan:         make(chan struct{}),
-		startResultChan:   make(chan error),
-		loaderCreatedChan: make(chan struct{}),
+		startChan:       make(chan struct{}),
+		startResultChan: make(chan error),
+		l:               l,
 	}
 	srv.Register(manager)
 
-	if eps, ok := k.NetworkStack().(*epsocket.Stack); ok {
+	if eps, ok := l.k.NetworkStack().(*epsocket.Stack); ok {
 		net := &Network{
 			Stack: eps.Stack,
 		}
@@ -138,10 +136,6 @@ func newController(fd int, k *kernel.Kernel, w *watchdog.Watchdog) (*controller,
 
 	srv.Register(&debug{})
 
-	if err := srv.StartServing(); err != nil {
-		return nil, err
-	}
-
 	return &controller{
 		srv:     srv,
 		manager: manager,
@@ -161,11 +155,6 @@ type containerManager struct {
 
 	// l is the loader that creates containers and sandboxes.
 	l *Loader
-
-	// loaderCreatedChan is used to signal when the loader has been created.
-	// After a loader is created, a notify method is called that writes to
-	// this channel.
-	loaderCreatedChan chan struct{}
 }
 
 // StartRoot will start the root container process.
@@ -291,13 +280,6 @@ func (cm *containerManager) Pause(_, _ *struct{}) error {
 	return nil
 }
 
-// WaitForLoader blocks until the container's loader has been created.
-func (cm *containerManager) WaitForLoader(_, _ *struct{}) error {
-	log.Debugf("containerManager.WaitForLoader")
-	<-cm.loaderCreatedChan
-	return nil
-}
-
 // RestoreOpts contains options related to restoring a container's file system.
 type RestoreOpts struct {
 	// FilePayload contains the state file to be restored, followed by the
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index a9c549790..3c6892446 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -277,20 +277,6 @@ func New(args Args) (*Loader, error) {
 	// Create a watchdog.
 	watchdog := watchdog.New(k, watchdog.DefaultTimeout, args.Conf.WatchdogAction)
 
-	// Create the control server using the provided FD.
-	//
-	// This must be done *after* we have initialized the kernel since the
-	// controller is used to configure the kernel's network stack.
-	//
-	// This should also be *before* we create the process, since a
-	// misconfigured process will cause an error, and we want the control
-	// server up before that so that we don't time out trying to connect to
-	// it.
-	ctrl, err := newController(args.ControllerFD, k, watchdog)
-	if err != nil {
-		return nil, fmt.Errorf("error creating control server: %v", err)
-	}
-
 	procArgs, err := newProcess(args.ID, args.Spec, creds, k)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create init process for root container: %v", err)
@@ -303,7 +289,6 @@ func New(args Args) (*Loader, error) {
 	eid := execID{cid: args.ID}
 	l := &Loader{
 		k:            k,
-		ctrl:         ctrl,
 		conf:         args.Conf,
 		console:      args.Console,
 		watchdog:     watchdog,
@@ -348,7 +333,22 @@ func New(args Args) (*Loader, error) {
 		}
 	})
 
-	ctrl.manager.l = l
+	// Create the control server using the provided FD.
+	//
+	// This must be done *after* we have initialized the kernel since the
+	// controller is used to configure the kernel's network stack.
+	ctrl, err := newController(args.ControllerFD, l)
+	if err != nil {
+		return nil, fmt.Errorf("creating control server: %v", err)
+	}
+	l.ctrl = ctrl
+
+	// Only start serving after Loader is set to controller and controller is set
+	// to Loader, because they are both used in the urpc methods.
+	if err := ctrl.srv.StartServing(); err != nil {
+		return nil, fmt.Errorf("starting control server: %v", err)
+	}
+
 	return l, nil
 }
 
@@ -745,12 +745,6 @@ func (l *Loader) WaitForStartSignal() {
 	<-l.ctrl.manager.startChan
 }
 
-// NotifyLoaderCreated sends a signal to the container manager that this
-// loader has been created.
-func (l *Loader) NotifyLoaderCreated() {
-	l.ctrl.manager.loaderCreatedChan <- struct{}{}
-}
-
 // WaitExit waits for the root container to exit, and returns its exit status.
 func (l *Loader) WaitExit() kernel.ExitStatus {
 	// Wait for container.