From 783391231e5ff14e1a88516f186e277d8ea75026 Mon Sep 17 00:00:00 2001
From: Abel Feng <fshb1988@gmail.com>
Date: Tue, 5 Nov 2024 14:38:41 +0800
Subject: [PATCH] libct: reduce the delete delay

When using unix.Kill to kill the container, we need a for loop to detect
the init process exited or not manually, we sleep 100ms each time in the
current, but for stopped containers or containers running in a low load
machine, we don't need to wait so long time. This change will reduce the
delete delay in some situations, especially for those pods with many
containers in.

Co-authored-by: Abel Feng <fshb1988@gmail.com>
Signed-off-by: lfbzhm <lifubang@acmcoder.com>
---
 delete.go                       | 21 +++++++++++++--------
 libcontainer/container_linux.go |  9 +++++++++
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/delete.go b/delete.go
index 7cb31a875f5..51f909c0cc0 100644
--- a/delete.go
+++ b/delete.go
@@ -7,6 +7,7 @@ import (
 	"path/filepath"
 
 	"github.com/opencontainers/runc/libcontainer"
+	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/urfave/cli"
 )
 
@@ -58,24 +59,28 @@ status of "ubuntu01" as "stopped" the following will delete resources held for
 			}
 			return err
 		}
-		// When --force is given, we kill all container processes and
-		// then destroy the container. This is done even for a stopped
-		// container, because (in case it does not have its own PID
-		// namespace) there may be some leftover processes in the
-		// container's cgroup.
-		if force {
-			return killContainer(container)
-		}
+
 		s, err := container.Status()
 		if err != nil {
 			return err
 		}
 		switch s {
 		case libcontainer.Stopped:
+			// For a stopped container, because (in case it does not have
+			// its own PID namespace) there may be some leftover processes
+			// in the container's cgroup.
+			if !container.Config().Namespaces.IsPrivate(configs.NEWPID) {
+				return killContainer(container)
+			}
 			return container.Destroy()
 		case libcontainer.Created:
 			return killContainer(container)
 		default:
+			// When --force is given, we kill all container processes and
+			// then destroy the container.
+			if force {
+				return killContainer(container)
+			}
 			return fmt.Errorf("cannot delete container %s that is not stopped: %s", id, s)
 		}
 	},
diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go
index 0f6e4395d3f..e9a09c86cc6 100644
--- a/libcontainer/container_linux.go
+++ b/libcontainer/container_linux.go
@@ -473,6 +473,15 @@ func (c *Container) killViaPidfd() error {
 
 func (c *Container) kill() error {
 	_ = c.Signal(unix.SIGKILL)
+
+	// For containers running in a low load machine, we only need to wait about 1ms.
+	time.Sleep(time.Millisecond)
+	if err := c.Signal(unix.Signal(0)); err != nil {
+		return nil
+	}
+
+	// For some containers in a heavy load machine, we need to wait more time.
+	logrus.Debugln("We need more time to wait the init process exit.")
 	for i := 0; i < 100; i++ {
 		time.Sleep(100 * time.Millisecond)
 		if err := c.Signal(unix.Signal(0)); err != nil {