Fix possible race condition destroying container

When the sandbox is destroyed, making URPC calls to destroy the container will fail. The code was checking if the sandbox was running before attempting to make the URPC call, but that is racy. PiperOrigin-RevId: 284093764
author: Fabricio Voznika <fvoznika@google.com> 2019-12-05 17:57:07 -0800
committer: gVisor bot <gvisor-bot@google.com> 2019-12-05 17:58:36 -0800
commit: 40035d7d9c18d0467075cdaebe3d26d2dbd2720b (patch)
tree: b9d738eb35ca2786940a18ab0fe0842f68d88c44 /runsc
parent: 13f0f6069af4d49e236cbee4f0284c190784db37 (diff)
1 files changed, 11 insertions, 5 deletions
diff --git a/runsc/sandbox/sandbox.go b/runsc/sandbox/sandbox.go
index ee9327fc8..805233184 100644
--- a/runsc/sandbox/sandbox.go
+++ b/runsc/sandbox/sandbox.go
@@ -1004,16 +1004,22 @@ func (s *Sandbox) ChangeLogging(args control.LoggingArgs) error {
 // DestroyContainer destroys the given container. If it is the root container,
 // then the entire sandbox is destroyed.
 func (s *Sandbox) DestroyContainer(cid string) error {
+	if err := s.destroyContainer(cid); err != nil {
+		// If the sandbox isn't running, the container has already been destroyed,
+		// ignore the error in this case.
+		if s.IsRunning() {
+			return err
+		}
+	}
+	return nil
+}
+
+func (s *Sandbox) destroyContainer(cid string) error {
 	if s.IsRootContainer(cid) {
 		log.Debugf("Destroying root container %q by destroying sandbox", cid)
 		return s.destroy()
 	}
 
-	if !s.IsRunning() {
-		// Sandbox isn't running anymore, container is already destroyed.
-		return nil
-	}
-
 	log.Debugf("Destroying container %q in sandbox %q", cid, s.ID)
 	conn, err := s.sandboxConnect()
 	if err != nil {
author	Fabricio Voznika <fvoznika@google.com>	2019-12-05 17:57:07 -0800
committer	gVisor bot <gvisor-bot@google.com>	2019-12-05 17:58:36 -0800
commit	40035d7d9c18d0467075cdaebe3d26d2dbd2720b (patch)
tree	b9d738eb35ca2786940a18ab0fe0842f68d88c44 /runsc
parent	13f0f6069af4d49e236cbee4f0284c190784db37 (diff)