From 282bff9f94322f7b78081aff97bb0357afef0513 Mon Sep 17 00:00:00 2001
From: Evan Foster <efoster@adobe.com>
Date: Fri, 21 Aug 2020 18:00:41 -0600
Subject: [PATCH] sandbox: Disconnect from agent after VM shutdown

When a one-shot pod dies in CRI-O, the shimv2 process isn't killed until
the pod is actually deleted, even though the VM is shut down. In this
case, the shim appears to busyloop when attempting to talk to the (now
dead) agent via VSOCK. To address this, we disconnect from the agent
after the VM is shut down.

This is especially catastrophic for one-shot pods that may persist for
hours or days, but it also applies to any shimv2 pod where Kata is
configured to use VSOCK for communication.

See github.com/kata-containers/runtime#2719 for details.
Fixes #2719

Signed-off-by: Evan Foster <efoster@adobe.com>
---
 src/runtime/virtcontainers/sandbox.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/runtime/virtcontainers/sandbox.go b/src/runtime/virtcontainers/sandbox.go
index c7cfedb574..f056ae902a 100644
--- a/src/runtime/virtcontainers/sandbox.go
+++ b/src/runtime/virtcontainers/sandbox.go
@@ -1623,6 +1623,11 @@ func (s *Sandbox) Stop(force bool) error {
 		return err
 	}
 
+	// Stop communicating with the agent.
+	if err := s.agent.disconnect(); err != nil && !force {
+		return err
+	}
+
 	return nil
 }