deps: update runc to 1.1.0

This updates vendored runc/libcontainer to 1.1.0,
and google/cadvisor to a version updated to runc 1.1.0
(google/cadvisor#3048).

Changes in vendor are generated by (roughly):

        ./hack/pin-dependency.sh github.com/google/cadvisor v0.44.0
        ./hack/pin-dependency.sh github.com/opencontainers/runc v1.1.0
        ./hack/update-vendor.sh
        ./hack/lint-dependencies.sh # And follow all its recommendations.
        ./hack/update-vendor.sh
        ./hack/update-internal-modules.sh
        ./hack/lint-dependencies.sh # Re-check everything again.

Co-Authored-By: Kir Kolyshkin <kolyshkin@gmail.com>

vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs2/cpu.go

@@ -1,5 +1,3 @@
-// +build linux
-
 package fs2
 
 import (
@@ -49,7 +47,8 @@ func setCpu(dirPath string, r *configs.Resources) error {
 }
 
 func statCpu(dirPath string, stats *cgroups.Stats) error {
-	f, err := cgroups.OpenFile(dirPath, "cpu.stat", os.O_RDONLY)
+	const file = "cpu.stat"
+	f, err := cgroups.OpenFile(dirPath, file, os.O_RDONLY)
 	if err != nil {
 		return err
 	}
@@ -59,7 +58,7 @@ func statCpu(dirPath string, stats *cgroups.Stats) error {
 	for sc.Scan() {
 		t, v, err := fscommon.ParseKeyValue(sc.Text())
 		if err != nil {
-			return err
+			return &parseError{Path: dirPath, File: file, Err: err}
 		}
 		switch t {
 		case "usage_usec":
@@ -81,5 +80,8 @@ func statCpu(dirPath string, stats *cgroups.Stats) error {
 			stats.CpuStats.ThrottlingData.ThrottledTime = v * 1000
 		}
 	}
+	if err := sc.Err(); err != nil {
+		return &parseError{Path: dirPath, File: file, Err: err}
+	}
 	return nil
 }

vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs2/cpuset.go

@@ -1,5 +1,3 @@
-// +build linux
-
 package fs2
 
 import (

vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs2/defaultpath.go

@@ -18,41 +18,37 @@ package fs2
 
 import (
 	"bufio"
+	"errors"
+	"fmt"
 	"io"
 	"os"
 	"path/filepath"
 	"strings"
 
 	"github.com/opencontainers/runc/libcontainer/configs"
-	libcontainerUtils "github.com/opencontainers/runc/libcontainer/utils"
-	"github.com/pkg/errors"
+	"github.com/opencontainers/runc/libcontainer/utils"
 )
 
 const UnifiedMountpoint = "/sys/fs/cgroup"
 
 func defaultDirPath(c *configs.Cgroup) (string, error) {
 	if (c.Name != "" || c.Parent != "") && c.Path != "" {
-		return "", errors.Errorf("cgroup: either Path or Name and Parent should be used, got %+v", c)
-	}
-	if len(c.Paths) != 0 {
-		// never set by specconv
-		return "", errors.Errorf("cgroup: Paths is unsupported, use Path, got %+v", c)
+		return "", fmt.Errorf("cgroup: either Path or Name and Parent should be used, got %+v", c)
 	}
 
-	// XXX: Do not remove this code. Path safety is important! -- cyphar
-	cgPath := libcontainerUtils.CleanPath(c.Path)
-	cgParent := libcontainerUtils.CleanPath(c.Parent)
-	cgName := libcontainerUtils.CleanPath(c.Name)
-
-	return _defaultDirPath(UnifiedMountpoint, cgPath, cgParent, cgName)
+	return _defaultDirPath(UnifiedMountpoint, c.Path, c.Parent, c.Name)
 }
 
 func _defaultDirPath(root, cgPath, cgParent, cgName string) (string, error) {
 	if (cgName != "" || cgParent != "") && cgPath != "" {
 		return "", errors.New("cgroup: either Path or Name and Parent should be used")
 	}
-	innerPath := cgPath
+
+	// XXX: Do not remove CleanPath. Path safety is important! -- cyphar
+	innerPath := utils.CleanPath(cgPath)
 	if innerPath == "" {
+		cgParent := utils.CleanPath(cgParent)
+		cgName := utils.CleanPath(cgName)
 		innerPath = filepath.Join(cgParent, cgName)
 	}
 	if filepath.IsAbs(innerPath) {
@@ -89,7 +85,7 @@ func parseCgroupFromReader(r io.Reader) (string, error) {
 			parts = strings.SplitN(text, ":", 3)
 		)
 		if len(parts) < 3 {
-			return "", errors.Errorf("invalid cgroup entry: %q", text)
+			return "", fmt.Errorf("invalid cgroup entry: %q", text)
 		}
 		// text is like "0::/user.slice/user-1001.slice/session-1.scope"
 		if parts[0] == "0" && parts[1] == "" {

vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs2/devices.go

@@ -1,16 +1,15 @@
-// +build linux
-
 package fs2
 
 import (
+	"fmt"
+
+	"golang.org/x/sys/unix"
+
 	"github.com/opencontainers/runc/libcontainer/cgroups/ebpf"
 	"github.com/opencontainers/runc/libcontainer/cgroups/ebpf/devicefilter"
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libcontainer/devices"
 	"github.com/opencontainers/runc/libcontainer/userns"
-
-	"github.com/pkg/errors"
-	"golang.org/x/sys/unix"
 )
 
 func isRWM(perms devices.Permissions) bool {
@@ -64,7 +63,7 @@ func setDevices(dirPath string, r *configs.Resources) error {
 	}
 	dirFD, err := unix.Open(dirPath, unix.O_DIRECTORY|unix.O_RDONLY, 0o600)
 	if err != nil {
-		return errors.Errorf("cannot get dir FD for %s", dirPath)
+		return fmt.Errorf("cannot get dir FD for %s", dirPath)
 	}
 	defer unix.Close(dirFD)
 	if _, err := ebpf.LoadAttachCgroupDeviceFilter(insts, license, dirFD); err != nil {

vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs2/freezer.go

@@ -1,19 +1,17 @@
-// +build linux
-
 package fs2
 
 import (
 	"bufio"
-	stdErrors "errors"
+	"errors"
 	"fmt"
 	"os"
 	"strings"
 	"time"
 
+	"golang.org/x/sys/unix"
+
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/pkg/errors"
-	"golang.org/x/sys/unix"
 )
 
 func setFreezer(dirPath string, state configs.FreezerState) error {
@@ -26,7 +24,7 @@ func setFreezer(dirPath string, state configs.FreezerState) error {
 	case configs.Thawed:
 		stateStr = "0"
 	default:
-		return errors.Errorf("invalid freezer state %q requested", state)
+		return fmt.Errorf("invalid freezer state %q requested", state)
 	}
 
 	fd, err := cgroups.OpenFile(dirPath, "cgroup.freeze", unix.O_RDWR)
@@ -37,7 +35,7 @@ func setFreezer(dirPath string, state configs.FreezerState) error {
 		if state != configs.Frozen {
 			return nil
 		}
-		return errors.Wrap(err, "freezer not supported")
+		return fmt.Errorf("freezer not supported: %w", err)
 	}
 	defer fd.Close()
 
@@ -48,7 +46,7 @@ func setFreezer(dirPath string, state configs.FreezerState) error {
 	if actualState, err := readFreezer(dirPath, fd); err != nil {
 		return err
 	} else if actualState != state {
-		return errors.Errorf(`expected "cgroup.freeze" to be in state %q but was in %q`, state, actualState)
+		return fmt.Errorf(`expected "cgroup.freeze" to be in state %q but was in %q`, state, actualState)
 	}
 	return nil
 }
@@ -58,7 +56,7 @@ func getFreezer(dirPath string) (configs.FreezerState, error) {
 	if err != nil {
 		// If the kernel is too old, then we just treat the freezer as being in
 		// an "undefined" state.
-		if os.IsNotExist(err) || stdErrors.Is(err, unix.ENODEV) {
+		if os.IsNotExist(err) || errors.Is(err, unix.ENODEV) {
 			err = nil
 		}
 		return configs.Undefined, err
@@ -82,7 +80,7 @@ func readFreezer(dirPath string, fd *os.File) (configs.FreezerState, error) {
 	case "1\n":
 		return waitFrozen(dirPath)
 	default:
-		return configs.Undefined, errors.Errorf(`unknown "cgroup.freeze" state: %q`, state)
+		return configs.Undefined, fmt.Errorf(`unknown "cgroup.freeze" state: %q`, state)
 	}
 }
 

vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs2/fs2.go

@@ -1,8 +1,7 @@
-// +build linux
-
 package fs2
 
 import (
+	"errors"
 	"fmt"
 	"os"
 	"strings"
@@ -10,9 +9,10 @@ import (
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/opencontainers/runc/libcontainer/cgroups/fscommon"
 	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/pkg/errors"
 )
 
+type parseError = fscommon.ParseError
+
 type manager struct {
 	config *configs.Cgroup
 	// dirPath is like "/sys/fs/cgroup/user.slice/user-1001.slice/session-1.scope"
@@ -20,16 +20,12 @@ type manager struct {
 	// controllers is content of "cgroup.controllers" file.
 	// excludes pseudo-controllers ("devices" and "freezer").
 	controllers map[string]struct{}
-	rootless    bool
 }
 
 // NewManager creates a manager for cgroup v2 unified hierarchy.
 // dirPath is like "/sys/fs/cgroup/user.slice/user-1001.slice/session-1.scope".
 // If dirPath is empty, it is automatically set using config.
-func NewManager(config *configs.Cgroup, dirPath string, rootless bool) (cgroups.Manager, error) {
-	if config == nil {
-		config = &configs.Cgroup{}
-	}
+func NewManager(config *configs.Cgroup, dirPath string) (cgroups.Manager, error) {
 	if dirPath == "" {
 		var err error
 		dirPath, err = defaultDirPath(config)
@@ -39,9 +35,8 @@ func NewManager(config *configs.Cgroup, dirPath string, rootless bool) (cgroups.
 	}
 
 	m := &manager{
-		config:   config,
-		dirPath:  dirPath,
-		rootless: rootless,
+		config:  config,
+		dirPath: dirPath,
 	}
 	return m, nil
 }
@@ -53,7 +48,7 @@ func (m *manager) getControllers() error {
 
 	data, err := cgroups.ReadFile(m.dirPath, "cgroup.controllers")
 	if err != nil {
-		if m.rootless && m.config.Path == "" {
+		if m.config.Rootless && m.config.Path == "" {
 			return nil
 		}
 		return err
@@ -73,12 +68,12 @@ func (m *manager) Apply(pid int) error {
 		// - "runc create (no limits + no cgrouppath + no permission) succeeds"
 		// - "runc create (rootless + no limits + cgrouppath + no permission) fails with permission error"
 		// - "runc create (rootless + limits + no cgrouppath + no permission) fails with informative error"
-		if m.rootless {
+		if m.config.Rootless {
 			if m.config.Path == "" {
 				if blNeed, nErr := needAnyControllers(m.config.Resources); nErr == nil && !blNeed {
 					return nil
 				}
-				return errors.Wrap(err, "rootless needs no limits + no cgrouppath when no permission is granted for cgroups")
+				return fmt.Errorf("rootless needs no limits + no cgrouppath when no permission is granted for cgroups: %w", err)
 			}
 		}
 		return err
@@ -123,13 +118,20 @@ func (m *manager) GetStats() (*cgroups.Stats, error) {
 	if err := statHugeTlb(m.dirPath, st); err != nil && !os.IsNotExist(err) {
 		errs = append(errs, err)
 	}
-	if len(errs) > 0 && !m.rootless {
-		return st, errors.Errorf("error while statting cgroup v2: %+v", errs)
+	// rdma (since kernel 4.11)
+	if err := fscommon.RdmaGetStats(m.dirPath, st); err != nil && !os.IsNotExist(err) {
+		errs = append(errs, err)
+	}
+	if len(errs) > 0 && !m.config.Rootless {
+		return st, fmt.Errorf("error while statting cgroup v2: %+v", errs)
 	}
 	return st, nil
 }
 
 func (m *manager) Freeze(state configs.FreezerState) error {
+	if m.config.Resources == nil {
+		return errors.New("cannot toggle freezer: cgroups not configured for container")
+	}
 	if err := setFreezer(m.dirPath, state); err != nil {
 		return err
 	}
@@ -146,6 +148,9 @@ func (m *manager) Path(_ string) string {
 }
 
 func (m *manager) Set(r *configs.Resources) error {
+	if r == nil {
+		return nil
+	}
 	if err := m.getControllers(); err != nil {
 		return err
 	}
@@ -167,10 +172,10 @@ func (m *manager) Set(r *configs.Resources) error {
 	}
 	// devices (since kernel 4.15, pseudo-controller)
 	//
-	// When m.rootless is true, errors from the device subsystem are ignored because it is really not expected to work.
+	// When rootless is true, errors from the device subsystem are ignored because it is really not expected to work.
 	// However, errors from other subsystems are not ignored.
 	// see @test "runc create (rootless + limits + no cgrouppath + no permission) fails with informative error"
-	if err := setDevices(m.dirPath, r); err != nil && !m.rootless {
+	if err := setDevices(m.dirPath, r); err != nil && !m.config.Rootless {
 		return err
 	}
 	// cpuset (since kernel 5.0)
@@ -181,6 +186,10 @@ func (m *manager) Set(r *configs.Resources) error {
 	if err := setHugeTlb(m.dirPath, r); err != nil {
 		return err
 	}
+	// rdma (since kernel 4.11)
+	if err := fscommon.RdmaSet(m.dirPath, r); err != nil {
+		return err
+	}
 	// freezer (since kernel 5.2, pseudo-controller)
 	if err := setFreezer(m.dirPath, r.Freezer); err != nil {
 		return err
@@ -198,9 +207,8 @@ func (m *manager) setUnified(res map[string]string) error {
 			return fmt.Errorf("unified resource %q must be a file name (no slashes)", k)
 		}
 		if err := cgroups.WriteFile(m.dirPath, k, v); err != nil {
-			errC := errors.Cause(err)
 			// Check for both EPERM and ENOENT since O_CREAT is used by WriteFile.
-			if errors.Is(errC, os.ErrPermission) || errors.Is(errC, os.ErrNotExist) {
+			if errors.Is(err, os.ErrPermission) || errors.Is(err, os.ErrNotExist) {
 				// Check if a controller is available,
 				// to give more specific error if not.
 				sk := strings.SplitN(k, ".", 2)
@@ -212,7 +220,7 @@ func (m *manager) setUnified(res map[string]string) error {
 					return fmt.Errorf("unified resource %q can't be set: controller %q not available", k, c)
 				}
 			}
-			return errors.Wrapf(err, "can't set unified resource %q", k)
+			return fmt.Errorf("unable to set unified resource %q: %w", k, err)
 		}
 	}
 
@@ -243,7 +251,7 @@ func OOMKillCount(path string) (uint64, error) {
 
 func (m *manager) OOMKillCount() (uint64, error) {
 	c, err := OOMKillCount(m.dirPath)
-	if err != nil && m.rootless && os.IsNotExist(err) {
+	if err != nil && m.config.Rootless && os.IsNotExist(err) {
 		err = nil
 	}
 

vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs2/hugetlb.go

@@ -1,12 +1,8 @@
-// +build linux
-
 package fs2
 
 import (
 	"strconv"
 
-	"github.com/pkg/errors"
-
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/opencontainers/runc/libcontainer/cgroups/fscommon"
 	"github.com/opencontainers/runc/libcontainer/configs"
@@ -30,10 +26,8 @@ func setHugeTlb(dirPath string, r *configs.Resources) error {
 }
 
 func statHugeTlb(dirPath string, stats *cgroups.Stats) error {
-	hugePageSizes, _ := cgroups.GetHugePageSize()
 	hugetlbStats := cgroups.HugetlbStats{}
-
-	for _, pagesize := range hugePageSizes {
+	for _, pagesize := range cgroups.HugePageSizes() {
 		value, err := fscommon.GetCgroupParamUint(dirPath, "hugetlb."+pagesize+".current")
 		if err != nil {
 			return err
@@ -43,7 +37,7 @@ func statHugeTlb(dirPath string, stats *cgroups.Stats) error {
 		fileName := "hugetlb." + pagesize + ".events"
 		value, err = fscommon.GetValueByKey(dirPath, fileName, "max")
 		if err != nil {
-			return errors.Wrap(err, "failed to read stats")
+			return err
 		}
 		hugetlbStats.Failcnt = value
 

vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs2/io.go

@@ -1,5 +1,3 @@
-// +build linux
-
 package fs2
 
 import (
@@ -117,13 +115,14 @@ func readCgroup2MapFile(dirPath string, name string) (map[string][]string, error
 		ret[parts[0]] = parts[1:]
 	}
 	if err := scanner.Err(); err != nil {
-		return nil, err
+		return nil, &parseError{Path: dirPath, File: name, Err: err}
 	}
 	return ret, nil
 }
 
 func statIo(dirPath string, stats *cgroups.Stats) error {
-	values, err := readCgroup2MapFile(dirPath, "io.stat")
+	const file = "io.stat"
+	values, err := readCgroup2MapFile(dirPath, file)
 	if err != nil {
 		return err
 	}
@@ -136,11 +135,11 @@ func statIo(dirPath string, stats *cgroups.Stats) error {
 		}
 		major, err := strconv.ParseUint(d[0], 10, 64)
 		if err != nil {
-			return err
+			return &parseError{Path: dirPath, File: file, Err: err}
 		}
 		minor, err := strconv.ParseUint(d[1], 10, 64)
 		if err != nil {
-			return err
+			return &parseError{Path: dirPath, File: file, Err: err}
 		}
 
 		for _, item := range v {
@@ -177,7 +176,7 @@ func statIo(dirPath string, stats *cgroups.Stats) error {
 
 			value, err := strconv.ParseUint(d[1], 10, 64)
 			if err != nil {
-				return err
+				return &parseError{Path: dirPath, File: file, Err: err}
 			}
 
 			entry := cgroups.BlkioStatEntry{

vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs2/memory.go

@@ -1,19 +1,18 @@
-// +build linux
-
 package fs2
 
 import (
 	"bufio"
+	"errors"
 	"math"
 	"os"
 	"strconv"
 	"strings"
 
+	"golang.org/x/sys/unix"
+
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/opencontainers/runc/libcontainer/cgroups/fscommon"
 	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/pkg/errors"
-	"golang.org/x/sys/unix"
 )
 
 // numToStr converts an int64 value to a string for writing to a
@@ -75,8 +74,8 @@ func setMemory(dirPath string, r *configs.Resources) error {
 }
 
 func statMemory(dirPath string, stats *cgroups.Stats) error {
-	// Set stats from memory.stat.
-	statsFile, err := cgroups.OpenFile(dirPath, "memory.stat", os.O_RDONLY)
+	const file = "memory.stat"
+	statsFile, err := cgroups.OpenFile(dirPath, file, os.O_RDONLY)
 	if err != nil {
 		return err
 	}
@@ -86,10 +85,13 @@ func statMemory(dirPath string, stats *cgroups.Stats) error {
 	for sc.Scan() {
 		t, v, err := fscommon.ParseKeyValue(sc.Text())
 		if err != nil {
-			return errors.Wrapf(err, "failed to parse memory.stat (%q)", sc.Text())
+			return &parseError{Path: dirPath, File: file, Err: err}
 		}
 		stats.MemoryStats.Stats[t] = v
 	}
+	if err := sc.Err(); err != nil {
+		return &parseError{Path: dirPath, File: file, Err: err}
+	}
 	stats.MemoryStats.Cache = stats.MemoryStats.Stats["file"]
 	// Unlike cgroup v1 which has memory.use_hierarchy binary knob,
 	// cgroup v2 is always hierarchical.
@@ -139,13 +141,13 @@ func getMemoryDataV2(path, name string) (cgroups.MemoryData, error) {
 			// swapaccount=0 kernel boot parameter is given.
 			return cgroups.MemoryData{}, nil
 		}
-		return cgroups.MemoryData{}, errors.Wrapf(err, "failed to parse %s", usage)
+		return cgroups.MemoryData{}, err
 	}
 	memoryData.Usage = value
 
 	value, err = fscommon.GetCgroupParamUint(path, limit)
 	if err != nil {
-		return cgroups.MemoryData{}, errors.Wrapf(err, "failed to parse %s", limit)
+		return cgroups.MemoryData{}, err
 	}
 	memoryData.Limit = value
 
@@ -153,7 +155,8 @@ func getMemoryDataV2(path, name string) (cgroups.MemoryData, error) {
 }
 
 func statsFromMeminfo(stats *cgroups.Stats) error {
-	f, err := os.Open("/proc/meminfo")
+	const file = "/proc/meminfo"
+	f, err := os.Open(file)
 	if err != nil {
 		return err
 	}
@@ -190,7 +193,7 @@ func statsFromMeminfo(stats *cgroups.Stats) error {
 		vStr := strings.TrimSpace(strings.TrimSuffix(parts[1], " kB"))
 		*p, err = strconv.ParseUint(vStr, 10, 64)
 		if err != nil {
-			return errors.Wrap(err, "parsing /proc/meminfo "+k)
+			return &parseError{File: file, Err: errors.New("bad value for " + k)}
 		}
 
 		found++
@@ -199,8 +202,8 @@ func statsFromMeminfo(stats *cgroups.Stats) error {
 			break
 		}
 	}
-	if sc.Err() != nil {
-		return sc.Err()
+	if err := sc.Err(); err != nil {
+		return &parseError{Path: "", File: file, Err: err}
 	}
 
 	stats.MemoryStats.SwapUsage.Usage = (swap_total - swap_free) * 1024

vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs2/pids.go

@@ -1,17 +1,16 @@
-// +build linux
-
 package fs2
 
 import (
+	"errors"
+	"math"
 	"os"
-	"path/filepath"
 	"strings"
 
+	"golang.org/x/sys/unix"
+
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/opencontainers/runc/libcontainer/cgroups/fscommon"
 	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/pkg/errors"
-	"golang.org/x/sys/unix"
 )
 
 func isPidsSet(r *configs.Resources) bool {
@@ -53,22 +52,18 @@ func statPids(dirPath string, stats *cgroups.Stats) error {
 		if os.IsNotExist(err) {
 			return statPidsFromCgroupProcs(dirPath, stats)
 		}
-		return errors.Wrap(err, "failed to parse pids.current")
+		return err
 	}
 
-	maxString, err := fscommon.GetCgroupParamString(dirPath, "pids.max")
+	max, err := fscommon.GetCgroupParamUint(dirPath, "pids.max")
 	if err != nil {
-		return errors.Wrap(err, "failed to parse pids.max")
+		return err
 	}
-
-	// Default if pids.max == "max" is 0 -- which represents "no limit".
-	var max uint64
-	if maxString != "max" {
-		max, err = fscommon.ParseUint(maxString, 10, 64)
-		if err != nil {
-			return errors.Wrapf(err, "failed to parse pids.max - unable to parse %q as a uint from Cgroup file %q",
-				maxString, filepath.Join(dirPath, "pids.max"))
-		}
+	// If no limit is set, read from pids.max returns "max", which is
+	// converted to MaxUint64 by GetCgroupParamUint. Historically, we
+	// represent "no limit" for pids as 0, thus this conversion.
+	if max == math.MaxUint64 {
+		max = 0
 	}
 
 	stats.PidsStats.Current = current