Merge pull request #2498 from wawa0210/bump-hcsshim-v0.8.7

Update vendored dependency hcsshim to v0.8.7

libnetwork/vendor.conf

@@ -1,7 +1,8 @@
 github.com/Azure/go-ansiterm            d6e3b3328b783f23731bc4d058875b0371ff8109
 github.com/BurntSushi/toml              3012a1dbe2e4bd1391d42b32f0577cb7bbc7f005 # v0.3.1
-github.com/Microsoft/go-winio           c599b533b43b1363d7d7c6cfda5ede70ed73ff13
-github.com/Microsoft/hcsshim            ba3d6667710fa905116f39a19d059c4c1016be7c
+github.com/containerd/cgroups  	 bf292b21730f0be58f47cd194dcf447dca57e200
+github.com/Microsoft/go-winio           6c72808b55902eae4c5943626030429ff20f3b63 # v0.4.14
+github.com/Microsoft/hcsshim            b3f49c06ffaeef24d09c6c08ec8ec8425a0303e2 # v0.8.7
 github.com/armon/go-metrics             eb0af217e5e9747e41dd5303755356b62d28e3ec
 github.com/armon/go-radix               e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
 github.com/codegangsta/cli              a65b733b303f0055f8d324d805f393cd3e7a7904
@@ -30,6 +31,7 @@ github.com/hashicorp/errwrap            8a6fb523712970c966eefc6b39ed2c5e74880354
 github.com/hashicorp/go-msgpack         71c2886f5a673a35f909803f38ece5810165097b
 github.com/hashicorp/go-multierror      886a7fbe3eb1c874d46f623bfa70af45f425b3d1 # v1.0.0
 github.com/hashicorp/memberlist         3d8438da9589e7b608a83ffac1ef8211486bcb7c
+github.com/hashicorp/golang-lru         7f827b33c0f158ec5dfbba01bb0b14a4541fd81d # v0.5.3
 github.com/sean-/seed                   e2103e2c35297fb7e17febb81e49b312087a2372
 github.com/hashicorp/go-sockaddr        c7188e74f6acae5a989bdc959aa779f8b9f42faf # v1.0.2
 github.com/hashicorp/serf               598c54895cc5a7b1a24a398d635e8c0ea0959870
@@ -40,7 +42,8 @@ github.com/opencontainers/image-spec    d60099175f88c47cd379c4738d158884749ed235
 github.com/opencontainers/runc          2b18fe1d885ee5083ef9f0838fee39b62d653e30
 github.com/opencontainers/runtime-spec  29686dbc5559d93fb1ef402eeda3e35c38d75af4 # v1.0.1-59-g29686db
 github.com/samuel/go-zookeeper          d0e0d8e11f318e000a8cc434616d69e329edc374
-github.com/sirupsen/logrus              f006c2ac4710855cf0f916dd6b77acf6b048dc6e # v1.0.3
+github.com/sirupsen/logrus              8bdbc7bcc01dcbb8ec23dc8a28e332258d25251f # v1.4.1
+github.com/konsorten/go-windows-terminal-sequences   5c8c8bd35d3832f5d134ae1e1e375b69a4d25242 # v1.0.1
 github.com/ugorji/go                    b4c50a2b199d93b13dc15e78929cfb23bfdf21ab # v1.1.1
 github.com/vishvananda/netlink          a2ad57a690f3caf3015351d2d6e1c0b95c349752 # v1.0.0
 github.com/vishvananda/netns            7109fa855b0ff1ebef7fbd2f6aa613e8db7cfbc0
@@ -50,6 +53,7 @@ golang.org/x/sys                        d455e41777fca6e8a5a79e34a14b8368bc11d9ba
 golang.org/x/sync                       1d60e4601c6fd243af51cc01ddf169918a5407ca
 github.com/pkg/errors                   ba968bfe8b2f7e042a574c888954fccecfa385b4 # v0.8.1
 github.com/ishidawataru/sctp            6e2cb1366111dcf547c13531e3a263a067715847
+go.opencensus.io                        9c377598961b706d1542bd2d84d538b5094d596e # v0.22.0
 
 gotest.tools                            1083505acf35a0bd8a696b26837e1fb3187a7a83 # v2.3.0 
 github.com/google/go-cmp                3af367b6b30c263d47e8895973edcca9a49cf029 # v0.2.0

libnetwork/vendor/github.com/Microsoft/go-winio/file.go

@@ -16,6 +16,7 @@ import (
 //sys createIoCompletionPort(file syscall.Handle, port syscall.Handle, key uintptr, threadCount uint32) (newport syscall.Handle, err error) = CreateIoCompletionPort
 //sys getQueuedCompletionStatus(port syscall.Handle, bytes *uint32, key *uintptr, o **ioOperation, timeout uint32) (err error) = GetQueuedCompletionStatus
 //sys setFileCompletionNotificationModes(h syscall.Handle, flags uint8) (err error) = SetFileCompletionNotificationModes
+//sys wsaGetOverlappedResult(h syscall.Handle, o *syscall.Overlapped, bytes *uint32, wait bool, flags *uint32) (err error) = ws2_32.WSAGetOverlappedResult
 
 type atomicBool int32
 
@@ -79,6 +80,7 @@ type win32File struct {
 	wg            sync.WaitGroup
 	wgLock        sync.RWMutex
 	closing       atomicBool
+	socket        bool
 	readDeadline  deadlineHandler
 	writeDeadline deadlineHandler
 }
@@ -109,7 +111,13 @@ func makeWin32File(h syscall.Handle) (*win32File, error) {
 }
 
 func MakeOpenFile(h syscall.Handle) (io.ReadWriteCloser, error) {
-	return makeWin32File(h)
+	// If we return the result of makeWin32File directly, it can result in an
+	// interface-wrapped nil, rather than a nil interface value.
+	f, err := makeWin32File(h)
+	if err != nil {
+		return nil, err
+	}
+	return f, nil
 }
 
 // closeHandle closes the resources associated with a Win32 handle
@@ -190,6 +198,10 @@ func (f *win32File) asyncIo(c *ioOperation, d *deadlineHandler, bytes uint32, er
 			if f.closing.isSet() {
 				err = ErrFileClosed
 			}
+		} else if err != nil && f.socket {
+			// err is from Win32. Query the overlapped structure to get the winsock error.
+			var bytes, flags uint32
+			err = wsaGetOverlappedResult(f.handle, &c.o, &bytes, false, &flags)
 		}
 	case <-timeout:
 		cancelIoEx(f.handle, &c.o)
@@ -265,6 +277,10 @@ func (f *win32File) Flush() error {
 	return syscall.FlushFileBuffers(f.handle)
 }
 
+func (f *win32File) Fd() uintptr {
+	return uintptr(f.handle)
+}
+
 func (d *deadlineHandler) set(deadline time.Time) error {
 	d.setLock.Lock()
 	defer d.setLock.Unlock()

libnetwork/vendor/github.com/Microsoft/go-winio/go.mod

@@ -0,0 +1,9 @@
+module github.com/Microsoft/go-winio
+
+go 1.12
+
+require (
+	github.com/pkg/errors v0.8.1
+	github.com/sirupsen/logrus v1.4.1
+	golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b
+)

libnetwork/vendor/github.com/Microsoft/go-winio/hvsock.go

@@ -0,0 +1,305 @@
+package winio
+
+import (
+	"fmt"
+	"io"
+	"net"
+	"os"
+	"syscall"
+	"time"
+	"unsafe"
+
+	"github.com/Microsoft/go-winio/pkg/guid"
+)
+
+//sys bind(s syscall.Handle, name unsafe.Pointer, namelen int32) (err error) [failretval==socketError] = ws2_32.bind
+
+const (
+	afHvSock = 34 // AF_HYPERV
+
+	socketError = ^uintptr(0)
+)
+
+// An HvsockAddr is an address for a AF_HYPERV socket.
+type HvsockAddr struct {
+	VMID      guid.GUID
+	ServiceID guid.GUID
+}
+
+type rawHvsockAddr struct {
+	Family    uint16
+	_         uint16
+	VMID      guid.GUID
+	ServiceID guid.GUID
+}
+
+// Network returns the address's network name, "hvsock".
+func (addr *HvsockAddr) Network() string {
+	return "hvsock"
+}
+
+func (addr *HvsockAddr) String() string {
+	return fmt.Sprintf("%s:%s", &addr.VMID, &addr.ServiceID)
+}
+
+// VsockServiceID returns an hvsock service ID corresponding to the specified AF_VSOCK port.
+func VsockServiceID(port uint32) guid.GUID {
+	g, _ := guid.FromString("00000000-facb-11e6-bd58-64006a7986d3")
+	g.Data1 = port
+	return g
+}
+
+func (addr *HvsockAddr) raw() rawHvsockAddr {
+	return rawHvsockAddr{
+		Family:    afHvSock,
+		VMID:      addr.VMID,
+		ServiceID: addr.ServiceID,
+	}
+}
+
+func (addr *HvsockAddr) fromRaw(raw *rawHvsockAddr) {
+	addr.VMID = raw.VMID
+	addr.ServiceID = raw.ServiceID
+}
+
+// HvsockListener is a socket listener for the AF_HYPERV address family.
+type HvsockListener struct {
+	sock *win32File
+	addr HvsockAddr
+}
+
+// HvsockConn is a connected socket of the AF_HYPERV address family.
+type HvsockConn struct {
+	sock          *win32File
+	local, remote HvsockAddr
+}
+
+func newHvSocket() (*win32File, error) {
+	fd, err := syscall.Socket(afHvSock, syscall.SOCK_STREAM, 1)
+	if err != nil {
+		return nil, os.NewSyscallError("socket", err)
+	}
+	f, err := makeWin32File(fd)
+	if err != nil {
+		syscall.Close(fd)
+		return nil, err
+	}
+	f.socket = true
+	return f, nil
+}
+
+// ListenHvsock listens for connections on the specified hvsock address.
+func ListenHvsock(addr *HvsockAddr) (_ *HvsockListener, err error) {
+	l := &HvsockListener{addr: *addr}
+	sock, err := newHvSocket()
+	if err != nil {
+		return nil, l.opErr("listen", err)
+	}
+	sa := addr.raw()
+	err = bind(sock.handle, unsafe.Pointer(&sa), int32(unsafe.Sizeof(sa)))
+	if err != nil {
+		return nil, l.opErr("listen", os.NewSyscallError("socket", err))
+	}
+	err = syscall.Listen(sock.handle, 16)
+	if err != nil {
+		return nil, l.opErr("listen", os.NewSyscallError("listen", err))
+	}
+	return &HvsockListener{sock: sock, addr: *addr}, nil
+}
+
+func (l *HvsockListener) opErr(op string, err error) error {
+	return &net.OpError{Op: op, Net: "hvsock", Addr: &l.addr, Err: err}
+}
+
+// Addr returns the listener's network address.
+func (l *HvsockListener) Addr() net.Addr {
+	return &l.addr
+}
+
+// Accept waits for the next connection and returns it.
+func (l *HvsockListener) Accept() (_ net.Conn, err error) {
+	sock, err := newHvSocket()
+	if err != nil {
+		return nil, l.opErr("accept", err)
+	}
+	defer func() {
+		if sock != nil {
+			sock.Close()
+		}
+	}()
+	c, err := l.sock.prepareIo()
+	if err != nil {
+		return nil, l.opErr("accept", err)
+	}
+	defer l.sock.wg.Done()
+
+	// AcceptEx, per documentation, requires an extra 16 bytes per address.
+	const addrlen = uint32(16 + unsafe.Sizeof(rawHvsockAddr{}))
+	var addrbuf [addrlen * 2]byte
+
+	var bytes uint32
+	err = syscall.AcceptEx(l.sock.handle, sock.handle, &addrbuf[0], 0, addrlen, addrlen, &bytes, &c.o)
+	_, err = l.sock.asyncIo(c, nil, bytes, err)
+	if err != nil {
+		return nil, l.opErr("accept", os.NewSyscallError("acceptex", err))
+	}
+	conn := &HvsockConn{
+		sock: sock,
+	}
+	conn.local.fromRaw((*rawHvsockAddr)(unsafe.Pointer(&addrbuf[0])))
+	conn.remote.fromRaw((*rawHvsockAddr)(unsafe.Pointer(&addrbuf[addrlen])))
+	sock = nil
+	return conn, nil
+}
+
+// Close closes the listener, causing any pending Accept calls to fail.
+func (l *HvsockListener) Close() error {
+	return l.sock.Close()
+}
+
+/* Need to finish ConnectEx handling
+func DialHvsock(ctx context.Context, addr *HvsockAddr) (*HvsockConn, error) {
+	sock, err := newHvSocket()
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		if sock != nil {
+			sock.Close()
+		}
+	}()
+	c, err := sock.prepareIo()
+	if err != nil {
+		return nil, err
+	}
+	defer sock.wg.Done()
+	var bytes uint32
+	err = windows.ConnectEx(windows.Handle(sock.handle), sa, nil, 0, &bytes, &c.o)
+	_, err = sock.asyncIo(ctx, c, nil, bytes, err)
+	if err != nil {
+		return nil, err
+	}
+	conn := &HvsockConn{
+		sock:   sock,
+		remote: *addr,
+	}
+	sock = nil
+	return conn, nil
+}
+*/
+
+func (conn *HvsockConn) opErr(op string, err error) error {
+	return &net.OpError{Op: op, Net: "hvsock", Source: &conn.local, Addr: &conn.remote, Err: err}
+}
+
+func (conn *HvsockConn) Read(b []byte) (int, error) {
+	c, err := conn.sock.prepareIo()
+	if err != nil {
+		return 0, conn.opErr("read", err)
+	}
+	defer conn.sock.wg.Done()
+	buf := syscall.WSABuf{Buf: &b[0], Len: uint32(len(b))}
+	var flags, bytes uint32
+	err = syscall.WSARecv(conn.sock.handle, &buf, 1, &bytes, &flags, &c.o, nil)
+	n, err := conn.sock.asyncIo(c, &conn.sock.readDeadline, bytes, err)
+	if err != nil {
+		if _, ok := err.(syscall.Errno); ok {
+			err = os.NewSyscallError("wsarecv", err)
+		}
+		return 0, conn.opErr("read", err)
+	} else if n == 0 {
+		err = io.EOF
+	}
+	return n, err
+}
+
+func (conn *HvsockConn) Write(b []byte) (int, error) {
+	t := 0
+	for len(b) != 0 {
+		n, err := conn.write(b)
+		if err != nil {
+			return t + n, err
+		}
+		t += n
+		b = b[n:]
+	}
+	return t, nil
+}
+
+func (conn *HvsockConn) write(b []byte) (int, error) {
+	c, err := conn.sock.prepareIo()
+	if err != nil {
+		return 0, conn.opErr("write", err)
+	}
+	defer conn.sock.wg.Done()
+	buf := syscall.WSABuf{Buf: &b[0], Len: uint32(len(b))}
+	var bytes uint32
+	err = syscall.WSASend(conn.sock.handle, &buf, 1, &bytes, 0, &c.o, nil)
+	n, err := conn.sock.asyncIo(c, &conn.sock.writeDeadline, bytes, err)
+	if err != nil {
+		if _, ok := err.(syscall.Errno); ok {
+			err = os.NewSyscallError("wsasend", err)
+		}
+		return 0, conn.opErr("write", err)
+	}
+	return n, err
+}
+
+// Close closes the socket connection, failing any pending read or write calls.
+func (conn *HvsockConn) Close() error {
+	return conn.sock.Close()
+}
+
+func (conn *HvsockConn) shutdown(how int) error {
+	err := syscall.Shutdown(conn.sock.handle, syscall.SHUT_RD)
+	if err != nil {
+		return os.NewSyscallError("shutdown", err)
+	}
+	return nil
+}
+
+// CloseRead shuts down the read end of the socket.
+func (conn *HvsockConn) CloseRead() error {
+	err := conn.shutdown(syscall.SHUT_RD)
+	if err != nil {
+		return conn.opErr("close", err)
+	}
+	return nil
+}
+
+// CloseWrite shuts down the write end of the socket, notifying the other endpoint that
+// no more data will be written.
+func (conn *HvsockConn) CloseWrite() error {
+	err := conn.shutdown(syscall.SHUT_WR)
+	if err != nil {
+		return conn.opErr("close", err)
+	}
+	return nil
+}
+
+// LocalAddr returns the local address of the connection.
+func (conn *HvsockConn) LocalAddr() net.Addr {
+	return &conn.local
+}
+
+// RemoteAddr returns the remote address of the connection.
+func (conn *HvsockConn) RemoteAddr() net.Addr {
+	return &conn.remote
+}
+
+// SetDeadline implements the net.Conn SetDeadline method.
+func (conn *HvsockConn) SetDeadline(t time.Time) error {
+	conn.SetReadDeadline(t)
+	conn.SetWriteDeadline(t)
+	return nil
+}
+
+// SetReadDeadline implements the net.Conn SetReadDeadline method.
+func (conn *HvsockConn) SetReadDeadline(t time.Time) error {
+	return conn.sock.SetReadDeadline(t)
+}
+
+// SetWriteDeadline implements the net.Conn SetWriteDeadline method.
+func (conn *HvsockConn) SetWriteDeadline(t time.Time) error {
+	return conn.sock.SetWriteDeadline(t)
+}

libnetwork/vendor/github.com/Microsoft/go-winio/pipe.go

@@ -3,10 +3,13 @@
 package winio
 
 import (
+	"context"
 	"errors"
+	"fmt"
 	"io"
 	"net"
 	"os"
+	"runtime"
 	"syscall"
 	"time"
 	"unsafe"
@@ -18,6 +21,48 @@ import (
 //sys getNamedPipeInfo(pipe syscall.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) = GetNamedPipeInfo
 //sys getNamedPipeHandleState(pipe syscall.Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) = GetNamedPipeHandleStateW
 //sys localAlloc(uFlags uint32, length uint32) (ptr uintptr) = LocalAlloc
+//sys ntCreateNamedPipeFile(pipe *syscall.Handle, access uint32, oa *objectAttributes, iosb *ioStatusBlock, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (status ntstatus) = ntdll.NtCreateNamedPipeFile
+//sys rtlNtStatusToDosError(status ntstatus) (winerr error) = ntdll.RtlNtStatusToDosErrorNoTeb
+//sys rtlDosPathNameToNtPathName(name *uint16, ntName *unicodeString, filePart uintptr, reserved uintptr) (status ntstatus) = ntdll.RtlDosPathNameToNtPathName_U
+//sys rtlDefaultNpAcl(dacl *uintptr) (status ntstatus) = ntdll.RtlDefaultNpAcl
+
+type ioStatusBlock struct {
+	Status, Information uintptr
+}
+
+type objectAttributes struct {
+	Length             uintptr
+	RootDirectory      uintptr
+	ObjectName         *unicodeString
+	Attributes         uintptr
+	SecurityDescriptor *securityDescriptor
+	SecurityQoS        uintptr
+}
+
+type unicodeString struct {
+	Length        uint16
+	MaximumLength uint16
+	Buffer        uintptr
+}
+
+type securityDescriptor struct {
+	Revision byte
+	Sbz1     byte
+	Control  uint16
+	Owner    uintptr
+	Group    uintptr
+	Sacl     uintptr
+	Dacl     uintptr
+}
+
+type ntstatus int32
+
+func (status ntstatus) Err() error {
+	if status >= 0 {
+		return nil
+	}
+	return rtlNtStatusToDosError(status)
+}
 
 const (
 	cERROR_PIPE_BUSY      = syscall.Errno(231)
@@ -25,21 +70,20 @@ const (
 	cERROR_PIPE_CONNECTED = syscall.Errno(535)
 	cERROR_SEM_TIMEOUT    = syscall.Errno(121)
 
-	cPIPE_ACCESS_DUPLEX            = 0x3
-	cFILE_FLAG_FIRST_PIPE_INSTANCE = 0x80000
-	cSECURITY_SQOS_PRESENT         = 0x100000
-	cSECURITY_ANONYMOUS            = 0
+	cSECURITY_SQOS_PRESENT = 0x100000
+	cSECURITY_ANONYMOUS    = 0
 
-	cPIPE_REJECT_REMOTE_CLIENTS = 0x8
+	cPIPE_TYPE_MESSAGE = 4
 
-	cPIPE_UNLIMITED_INSTANCES = 255
+	cPIPE_READMODE_MESSAGE = 2
 
-	cNMPWAIT_USE_DEFAULT_WAIT = 0
-	cNMPWAIT_NOWAIT           = 1
+	cFILE_OPEN   = 1
+	cFILE_CREATE = 2
 
-	cPIPE_TYPE_MESSAGE = 4
+	cFILE_PIPE_MESSAGE_TYPE          = 1
+	cFILE_PIPE_REJECT_REMOTE_CLIENTS = 2
 
-	cPIPE_READMODE_MESSAGE = 2
+	cSE_DACL_PRESENT = 4
 )
 
 var (
@@ -137,9 +181,30 @@ func (s pipeAddress) String() string {
 	return string(s)
 }
 
+// tryDialPipe attempts to dial the pipe at `path` until `ctx` cancellation or timeout.
+func tryDialPipe(ctx context.Context, path *string) (syscall.Handle, error) {
+	for {
+		select {
+		case <-ctx.Done():
+			return syscall.Handle(0), ctx.Err()
+		default:
+			h, err := createFile(*path, syscall.GENERIC_READ|syscall.GENERIC_WRITE, 0, nil, syscall.OPEN_EXISTING, syscall.FILE_FLAG_OVERLAPPED|cSECURITY_SQOS_PRESENT|cSECURITY_ANONYMOUS, 0)
+			if err == nil {
+				return h, nil
+			}
+			if err != cERROR_PIPE_BUSY {
+				return h, &os.PathError{Err: err, Op: "open", Path: *path}
+			}
+			// Wait 10 msec and try again. This is a rather simplistic
+			// view, as we always try each 10 milliseconds.
+			time.Sleep(time.Millisecond * 10)
+		}
+	}
+}
+
 // DialPipe connects to a named pipe by path, timing out if the connection
 // takes longer than the specified duration. If timeout is nil, then we use
-// a default timeout of 5 seconds.  (We do not use WaitNamedPipe.)
+// a default timeout of 2 seconds.  (We do not use WaitNamedPipe.)
 func DialPipe(path string, timeout *time.Duration) (net.Conn, error) {
 	var absTimeout time.Time
 	if timeout != nil {
@@ -147,23 +212,22 @@ func DialPipe(path string, timeout *time.Duration) (net.Conn, error) {
 	} else {
 		absTimeout = time.Now().Add(time.Second * 2)
 	}
+	ctx, _ := context.WithDeadline(context.Background(), absTimeout)
+	conn, err := DialPipeContext(ctx, path)
+	if err == context.DeadlineExceeded {
+		return nil, ErrTimeout
+	}
+	return conn, err
+}
+
+// DialPipeContext attempts to connect to a named pipe by `path` until `ctx`
+// cancellation or timeout.
+func DialPipeContext(ctx context.Context, path string) (net.Conn, error) {
 	var err error
 	var h syscall.Handle
-	for {
-		h, err = createFile(path, syscall.GENERIC_READ|syscall.GENERIC_WRITE, 0, nil, syscall.OPEN_EXISTING, syscall.FILE_FLAG_OVERLAPPED|cSECURITY_SQOS_PRESENT|cSECURITY_ANONYMOUS, 0)
-		if err != cERROR_PIPE_BUSY {
-			break
-		}
-		if time.Now().After(absTimeout) {
-			return nil, ErrTimeout
-		}
-
-		// Wait 10 msec and try again. This is a rather simplistic
-		// view, as we always try each 10 milliseconds.
-		time.Sleep(time.Millisecond * 10)
-	}
+	h, err = tryDialPipe(ctx, &path)
 	if err != nil {
-		return nil, &os.PathError{Op: "open", Path: path, Err: err}
+		return nil, err
 	}
 
 	var flags uint32
@@ -194,43 +258,87 @@ type acceptResponse struct {
 }
 
 type win32PipeListener struct {
-	firstHandle        syscall.Handle
-	path               string
-	securityDescriptor []byte
-	config             PipeConfig
-	acceptCh           chan (chan acceptResponse)
-	closeCh            chan int
-	doneCh             chan int
+	firstHandle syscall.Handle
+	path        string
+	config      PipeConfig
+	acceptCh    chan (chan acceptResponse)
+	closeCh     chan int
+	doneCh      chan int
 }
 
-func makeServerPipeHandle(path string, securityDescriptor []byte, c *PipeConfig, first bool) (syscall.Handle, error) {
-	var flags uint32 = cPIPE_ACCESS_DUPLEX | syscall.FILE_FLAG_OVERLAPPED
+func makeServerPipeHandle(path string, sd []byte, c *PipeConfig, first bool) (syscall.Handle, error) {
+	path16, err := syscall.UTF16FromString(path)
+	if err != nil {
+		return 0, &os.PathError{Op: "open", Path: path, Err: err}
+	}
+
+	var oa objectAttributes
+	oa.Length = unsafe.Sizeof(oa)
+
+	var ntPath unicodeString
+	if err := rtlDosPathNameToNtPathName(&path16[0], &ntPath, 0, 0).Err(); err != nil {
+		return 0, &os.PathError{Op: "open", Path: path, Err: err}
+	}
+	defer localFree(ntPath.Buffer)
+	oa.ObjectName = &ntPath
+
+	// The security descriptor is only needed for the first pipe.
 	if first {
-		flags |= cFILE_FLAG_FIRST_PIPE_INSTANCE
+		if sd != nil {
+			len := uint32(len(sd))
+			sdb := localAlloc(0, len)
+			defer localFree(sdb)
+			copy((*[0xffff]byte)(unsafe.Pointer(sdb))[:], sd)
+			oa.SecurityDescriptor = (*securityDescriptor)(unsafe.Pointer(sdb))
+		} else {
+			// Construct the default named pipe security descriptor.
+			var dacl uintptr
+			if err := rtlDefaultNpAcl(&dacl).Err(); err != nil {
+				return 0, fmt.Errorf("getting default named pipe ACL: %s", err)
+			}
+			defer localFree(dacl)
+
+			sdb := &securityDescriptor{
+				Revision: 1,
+				Control:  cSE_DACL_PRESENT,
+				Dacl:     dacl,
+			}
+			oa.SecurityDescriptor = sdb
+		}
 	}
 
-	var mode uint32 = cPIPE_REJECT_REMOTE_CLIENTS
+	typ := uint32(cFILE_PIPE_REJECT_REMOTE_CLIENTS)
 	if c.MessageMode {
-		mode |= cPIPE_TYPE_MESSAGE
+		typ |= cFILE_PIPE_MESSAGE_TYPE
 	}
 
-	sa := &syscall.SecurityAttributes{}
-	sa.Length = uint32(unsafe.Sizeof(*sa))
-	if securityDescriptor != nil {
-		len := uint32(len(securityDescriptor))
-		sa.SecurityDescriptor = localAlloc(0, len)
-		defer localFree(sa.SecurityDescriptor)
-		copy((*[0xffff]byte)(unsafe.Pointer(sa.SecurityDescriptor))[:], securityDescriptor)
+	disposition := uint32(cFILE_OPEN)
+	access := uint32(syscall.GENERIC_READ | syscall.GENERIC_WRITE | syscall.SYNCHRONIZE)
+	if first {
+		disposition = cFILE_CREATE
+		// By not asking for read or write access, the named pipe file system
+		// will put this pipe into an initially disconnected state, blocking
+		// client connections until the next call with first == false.
+		access = syscall.SYNCHRONIZE
 	}
-	h, err := createNamedPipe(path, flags, mode, cPIPE_UNLIMITED_INSTANCES, uint32(c.OutputBufferSize), uint32(c.InputBufferSize), 0, sa)
+
+	timeout := int64(-50 * 10000) // 50ms
+
+	var (
+		h    syscall.Handle
+		iosb ioStatusBlock
+	)
+	err = ntCreateNamedPipeFile(&h, access, &oa, &iosb, syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE, disposition, 0, typ, 0, 0, 0xffffffff, uint32(c.InputBufferSize), uint32(c.OutputBufferSize), &timeout).Err()
 	if err != nil {
 		return 0, &os.PathError{Op: "open", Path: path, Err: err}
 	}
+
+	runtime.KeepAlive(ntPath)
 	return h, nil
 }
 
 func (l *win32PipeListener) makeServerPipe() (*win32File, error) {
-	h, err := makeServerPipeHandle(l.path, l.securityDescriptor, &l.config, false)
+	h, err := makeServerPipeHandle(l.path, nil, &l.config, false)
 	if err != nil {
 		return nil, err
 	}
@@ -341,32 +449,13 @@ func ListenPipe(path string, c *PipeConfig) (net.Listener, error) {
 	if err != nil {
 		return nil, err
 	}
-	// Create a client handle and connect it.  This results in the pipe
-	// instance always existing, so that clients see ERROR_PIPE_BUSY
-	// rather than ERROR_FILE_NOT_FOUND.  This ties the first instance
-	// up so that no other instances can be used.  This would have been
-	// cleaner if the Win32 API matched CreateFile with ConnectNamedPipe
-	// instead of CreateNamedPipe.  (Apparently created named pipes are
-	// considered to be in listening state regardless of whether any
-	// active calls to ConnectNamedPipe are outstanding.)
-	h2, err := createFile(path, 0, 0, nil, syscall.OPEN_EXISTING, cSECURITY_SQOS_PRESENT|cSECURITY_ANONYMOUS, 0)
-	if err != nil {
-		syscall.Close(h)
-		return nil, err
-	}
-	// Close the client handle. The server side of the instance will
-	// still be busy, leading to ERROR_PIPE_BUSY instead of
-	// ERROR_NOT_FOUND, as long as we don't close the server handle,
-	// or disconnect the client with DisconnectNamedPipe.
-	syscall.Close(h2)
 	l := &win32PipeListener{
-		firstHandle:        h,
-		path:               path,
-		securityDescriptor: sd,
-		config:             *c,
-		acceptCh:           make(chan (chan acceptResponse)),
-		closeCh:            make(chan int),
-		doneCh:             make(chan int),
+		firstHandle: h,
+		path:        path,
+		config:      *c,
+		acceptCh:    make(chan (chan acceptResponse)),
+		closeCh:     make(chan int),
+		doneCh:      make(chan int),
 	}
 	go l.listenerRoutine()
 	return l, nil

libnetwork/vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go

@@ -0,0 +1,235 @@
+// Package guid provides a GUID type. The backing structure for a GUID is
+// identical to that used by the golang.org/x/sys/windows GUID type.
+// There are two main binary encodings used for a GUID, the big-endian encoding,
+// and the Windows (mixed-endian) encoding. See here for details:
+// https://en.wikipedia.org/wiki/Universally_unique_identifier#Encoding
+package guid
+
+import (
+	"crypto/rand"
+	"crypto/sha1"
+	"encoding"
+	"encoding/binary"
+	"fmt"
+	"strconv"
+
+	"golang.org/x/sys/windows"
+)
+
+// Variant specifies which GUID variant (or "type") of the GUID. It determines
+// how the entirety of the rest of the GUID is interpreted.
+type Variant uint8
+
+// The variants specified by RFC 4122.
+const (
+	// VariantUnknown specifies a GUID variant which does not conform to one of
+	// the variant encodings specified in RFC 4122.
+	VariantUnknown Variant = iota
+	VariantNCS
+	VariantRFC4122
+	VariantMicrosoft
+	VariantFuture
+)
+
+// Version specifies how the bits in the GUID were generated. For instance, a
+// version 4 GUID is randomly generated, and a version 5 is generated from the
+// hash of an input string.
+type Version uint8
+
+var _ = (encoding.TextMarshaler)(GUID{})
+var _ = (encoding.TextUnmarshaler)(&GUID{})
+
+// GUID represents a GUID/UUID. It has the same structure as
+// golang.org/x/sys/windows.GUID so that it can be used with functions expecting
+// that type. It is defined as its own type so that stringification and
+// marshaling can be supported. The representation matches that used by native
+// Windows code.
+type GUID windows.GUID
+
+// NewV4 returns a new version 4 (pseudorandom) GUID, as defined by RFC 4122.
+func NewV4() (GUID, error) {
+	var b [16]byte
+	if _, err := rand.Read(b[:]); err != nil {
+		return GUID{}, err
+	}
+
+	g := FromArray(b)
+	g.setVersion(4) // Version 4 means randomly generated.
+	g.setVariant(VariantRFC4122)
+
+	return g, nil
+}
+
+// NewV5 returns a new version 5 (generated from a string via SHA-1 hashing)
+// GUID, as defined by RFC 4122. The RFC is unclear on the encoding of the name,
+// and the sample code treats it as a series of bytes, so we do the same here.
+//
+// Some implementations, such as those found on Windows, treat the name as a
+// big-endian UTF16 stream of bytes. If that is desired, the string can be
+// encoded as such before being passed to this function.
+func NewV5(namespace GUID, name []byte) (GUID, error) {
+	b := sha1.New()
+	namespaceBytes := namespace.ToArray()
+	b.Write(namespaceBytes[:])
+	b.Write(name)
+
+	a := [16]byte{}
+	copy(a[:], b.Sum(nil))
+
+	g := FromArray(a)
+	g.setVersion(5) // Version 5 means generated from a string.
+	g.setVariant(VariantRFC4122)
+
+	return g, nil
+}
+
+func fromArray(b [16]byte, order binary.ByteOrder) GUID {
+	var g GUID
+	g.Data1 = order.Uint32(b[0:4])
+	g.Data2 = order.Uint16(b[4:6])
+	g.Data3 = order.Uint16(b[6:8])
+	copy(g.Data4[:], b[8:16])
+	return g
+}
+
+func (g GUID) toArray(order binary.ByteOrder) [16]byte {
+	b := [16]byte{}
+	order.PutUint32(b[0:4], g.Data1)
+	order.PutUint16(b[4:6], g.Data2)
+	order.PutUint16(b[6:8], g.Data3)
+	copy(b[8:16], g.Data4[:])
+	return b
+}
+
+// FromArray constructs a GUID from a big-endian encoding array of 16 bytes.
+func FromArray(b [16]byte) GUID {
+	return fromArray(b, binary.BigEndian)
+}
+
+// ToArray returns an array of 16 bytes representing the GUID in big-endian
+// encoding.
+func (g GUID) ToArray() [16]byte {
+	return g.toArray(binary.BigEndian)
+}
+
+// FromWindowsArray constructs a GUID from a Windows encoding array of bytes.
+func FromWindowsArray(b [16]byte) GUID {
+	return fromArray(b, binary.LittleEndian)
+}
+
+// ToWindowsArray returns an array of 16 bytes representing the GUID in Windows
+// encoding.
+func (g GUID) ToWindowsArray() [16]byte {
+	return g.toArray(binary.LittleEndian)
+}
+
+func (g GUID) String() string {
+	return fmt.Sprintf(
+		"%08x-%04x-%04x-%04x-%012x",
+		g.Data1,
+		g.Data2,
+		g.Data3,
+		g.Data4[:2],
+		g.Data4[2:])
+}
+
+// FromString parses a string containing a GUID and returns the GUID. The only
+// format currently supported is the `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
+// format.
+func FromString(s string) (GUID, error) {
+	if len(s) != 36 {
+		return GUID{}, fmt.Errorf("invalid GUID %q", s)
+	}
+	if s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-' {
+		return GUID{}, fmt.Errorf("invalid GUID %q", s)
+	}
+
+	var g GUID
+
+	data1, err := strconv.ParseUint(s[0:8], 16, 32)
+	if err != nil {
+		return GUID{}, fmt.Errorf("invalid GUID %q", s)
+	}
+	g.Data1 = uint32(data1)
+
+	data2, err := strconv.ParseUint(s[9:13], 16, 16)
+	if err != nil {
+		return GUID{}, fmt.Errorf("invalid GUID %q", s)
+	}
+	g.Data2 = uint16(data2)
+
+	data3, err := strconv.ParseUint(s[14:18], 16, 16)
+	if err != nil {
+		return GUID{}, fmt.Errorf("invalid GUID %q", s)
+	}
+	g.Data3 = uint16(data3)
+
+	for i, x := range []int{19, 21, 24, 26, 28, 30, 32, 34} {
+		v, err := strconv.ParseUint(s[x:x+2], 16, 8)
+		if err != nil {
+			return GUID{}, fmt.Errorf("invalid GUID %q", s)
+		}
+		g.Data4[i] = uint8(v)
+	}
+
+	return g, nil
+}
+
+func (g *GUID) setVariant(v Variant) {
+	d := g.Data4[0]
+	switch v {
+	case VariantNCS:
+		d = (d & 0x7f)
+	case VariantRFC4122:
+		d = (d & 0x3f) | 0x80
+	case VariantMicrosoft:
+		d = (d & 0x1f) | 0xc0
+	case VariantFuture:
+		d = (d & 0x0f) | 0xe0
+	case VariantUnknown:
+		fallthrough
+	default:
+		panic(fmt.Sprintf("invalid variant: %d", v))
+	}
+	g.Data4[0] = d
+}
+
+// Variant returns the GUID variant, as defined in RFC 4122.
+func (g GUID) Variant() Variant {
+	b := g.Data4[0]
+	if b&0x80 == 0 {
+		return VariantNCS
+	} else if b&0xc0 == 0x80 {
+		return VariantRFC4122
+	} else if b&0xe0 == 0xc0 {
+		return VariantMicrosoft
+	} else if b&0xe0 == 0xe0 {
+		return VariantFuture
+	}
+	return VariantUnknown
+}
+
+func (g *GUID) setVersion(v Version) {
+	g.Data3 = (g.Data3 & 0x0fff) | (uint16(v) << 12)
+}
+
+// Version returns the GUID version, as defined in RFC 4122.
+func (g GUID) Version() Version {
+	return Version((g.Data3 & 0xF000) >> 12)
+}
+
+// MarshalText returns the textual representation of the GUID.
+func (g GUID) MarshalText() ([]byte, error) {
+	return []byte(g.String()), nil
+}
+
+// UnmarshalText takes the textual representation of a GUID, and unmarhals it
+// into this GUID.
+func (g *GUID) UnmarshalText(text []byte) error {
+	g2, err := FromString(string(text))
+	if err != nil {
+		return err
+	}
+	*g = g2
+	return nil
+}

libnetwork/vendor/github.com/Microsoft/go-winio/syscall.go

@@ -1,3 +1,3 @@
 package winio
 
-//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go file.go pipe.go sd.go fileinfo.go privilege.go backup.go
+//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go file.go pipe.go sd.go fileinfo.go privilege.go backup.go hvsock.go

libnetwork/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go

@@ -1,4 +1,4 @@
-// MACHINE GENERATED BY 'go generate' COMMAND; DO NOT EDIT
+// Code generated by 'go generate'; DO NOT EDIT.
 
 package winio
 
@@ -38,19 +38,25 @@ func errnoErr(e syscall.Errno) error {
 
 var (
 	modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
+	modws2_32   = windows.NewLazySystemDLL("ws2_32.dll")
+	modntdll    = windows.NewLazySystemDLL("ntdll.dll")
 	modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
 
 	procCancelIoEx                                           = modkernel32.NewProc("CancelIoEx")
 	procCreateIoCompletionPort                               = modkernel32.NewProc("CreateIoCompletionPort")
 	procGetQueuedCompletionStatus                            = modkernel32.NewProc("GetQueuedCompletionStatus")
 	procSetFileCompletionNotificationModes                   = modkernel32.NewProc("SetFileCompletionNotificationModes")
+	procWSAGetOverlappedResult                               = modws2_32.NewProc("WSAGetOverlappedResult")
 	procConnectNamedPipe                                     = modkernel32.NewProc("ConnectNamedPipe")
 	procCreateNamedPipeW                                     = modkernel32.NewProc("CreateNamedPipeW")
 	procCreateFileW                                          = modkernel32.NewProc("CreateFileW")
-	procWaitNamedPipeW                                       = modkernel32.NewProc("WaitNamedPipeW")
 	procGetNamedPipeInfo                                     = modkernel32.NewProc("GetNamedPipeInfo")
 	procGetNamedPipeHandleStateW                             = modkernel32.NewProc("GetNamedPipeHandleStateW")
 	procLocalAlloc                                           = modkernel32.NewProc("LocalAlloc")
+	procNtCreateNamedPipeFile                                = modntdll.NewProc("NtCreateNamedPipeFile")
+	procRtlNtStatusToDosErrorNoTeb                           = modntdll.NewProc("RtlNtStatusToDosErrorNoTeb")
+	procRtlDosPathNameToNtPathName_U                         = modntdll.NewProc("RtlDosPathNameToNtPathName_U")
+	procRtlDefaultNpAcl                                      = modntdll.NewProc("RtlDefaultNpAcl")
 	procLookupAccountNameW                                   = modadvapi32.NewProc("LookupAccountNameW")
 	procConvertSidToStringSidW                               = modadvapi32.NewProc("ConvertSidToStringSidW")
 	procConvertStringSecurityDescriptorToSecurityDescriptorW = modadvapi32.NewProc("ConvertStringSecurityDescriptorToSecurityDescriptorW")
@@ -69,6 +75,7 @@ var (
 	procLookupPrivilegeDisplayNameW                          = modadvapi32.NewProc("LookupPrivilegeDisplayNameW")
 	procBackupRead                                           = modkernel32.NewProc("BackupRead")
 	procBackupWrite                                          = modkernel32.NewProc("BackupWrite")
+	procbind                                                 = modws2_32.NewProc("bind")
 )
 
 func cancelIoEx(file syscall.Handle, o *syscall.Overlapped) (err error) {
@@ -120,6 +127,24 @@ func setFileCompletionNotificationModes(h syscall.Handle, flags uint8) (err erro
 	return
 }
 
+func wsaGetOverlappedResult(h syscall.Handle, o *syscall.Overlapped, bytes *uint32, wait bool, flags *uint32) (err error) {
+	var _p0 uint32
+	if wait {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall6(procWSAGetOverlappedResult.Addr(), 5, uintptr(h), uintptr(unsafe.Pointer(o)), uintptr(unsafe.Pointer(bytes)), uintptr(_p0), uintptr(unsafe.Pointer(flags)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
 func connectNamedPipe(pipe syscall.Handle, o *syscall.Overlapped) (err error) {
 	r1, _, e1 := syscall.Syscall(procConnectNamedPipe.Addr(), 2, uintptr(pipe), uintptr(unsafe.Pointer(o)), 0)
 	if r1 == 0 {
@@ -176,27 +201,6 @@ func _createFile(name *uint16, access uint32, mode uint32, sa *syscall.SecurityA
 	return
 }
 
-func waitNamedPipe(name string, timeout uint32) (err error) {
-	var _p0 *uint16
-	_p0, err = syscall.UTF16PtrFromString(name)
-	if err != nil {
-		return
-	}
-	return _waitNamedPipe(_p0, timeout)
-}
-
-func _waitNamedPipe(name *uint16, timeout uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procWaitNamedPipeW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(timeout), 0)
-	if r1 == 0 {
-		if e1 != 0 {
-			err = errnoErr(e1)
-		} else {
-			err = syscall.EINVAL
-		}
-	}
-	return
-}
-
 func getNamedPipeInfo(pipe syscall.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) {
 	r1, _, e1 := syscall.Syscall6(procGetNamedPipeInfo.Addr(), 5, uintptr(pipe), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(outSize)), uintptr(unsafe.Pointer(inSize)), uintptr(unsafe.Pointer(maxInstances)), 0)
 	if r1 == 0 {
@@ -227,6 +231,32 @@ func localAlloc(uFlags uint32, length uint32) (ptr uintptr) {
 	return
 }
 
+func ntCreateNamedPipeFile(pipe *syscall.Handle, access uint32, oa *objectAttributes, iosb *ioStatusBlock, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (status ntstatus) {
+	r0, _, _ := syscall.Syscall15(procNtCreateNamedPipeFile.Addr(), 14, uintptr(unsafe.Pointer(pipe)), uintptr(access), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(share), uintptr(disposition), uintptr(options), uintptr(typ), uintptr(readMode), uintptr(completionMode), uintptr(maxInstances), uintptr(inboundQuota), uintptr(outputQuota), uintptr(unsafe.Pointer(timeout)), 0)
+	status = ntstatus(r0)
+	return
+}
+
+func rtlNtStatusToDosError(status ntstatus) (winerr error) {
+	r0, _, _ := syscall.Syscall(procRtlNtStatusToDosErrorNoTeb.Addr(), 1, uintptr(status), 0, 0)
+	if r0 != 0 {
+		winerr = syscall.Errno(r0)
+	}
+	return
+}
+
+func rtlDosPathNameToNtPathName(name *uint16, ntName *unicodeString, filePart uintptr, reserved uintptr) (status ntstatus) {
+	r0, _, _ := syscall.Syscall6(procRtlDosPathNameToNtPathName_U.Addr(), 4, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(ntName)), uintptr(filePart), uintptr(reserved), 0, 0)
+	status = ntstatus(r0)
+	return
+}
+
+func rtlDefaultNpAcl(dacl *uintptr) (status ntstatus) {
+	r0, _, _ := syscall.Syscall(procRtlDefaultNpAcl.Addr(), 1, uintptr(unsafe.Pointer(dacl)), 0, 0)
+	status = ntstatus(r0)
+	return
+}
+
 func lookupAccountName(systemName *uint16, accountName string, sid *byte, sidSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) {
 	var _p0 *uint16
 	_p0, err = syscall.UTF16PtrFromString(accountName)
@@ -518,3 +548,15 @@ func backupWrite(h syscall.Handle, b []byte, bytesWritten *uint32, abort bool, p
 	}
 	return
 }
+
+func bind(s syscall.Handle, name unsafe.Pointer, namelen int32) (err error) {
+	r1, _, e1 := syscall.Syscall(procbind.Addr(), 3, uintptr(s), uintptr(name), uintptr(namelen))
+	if r1 == socketError {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}

libnetwork/vendor/github.com/Microsoft/hcsshim/container.go

@@ -1,8 +1,10 @@
 package hcsshim
 
 import (
+	"context"
 	"fmt"
 	"os"
+	"sync"
 	"time"
 
 	"github.com/Microsoft/hcsshim/internal/hcs"
@@ -52,7 +54,10 @@ const (
 type ResourceModificationRequestResponse = schema1.ResourceModificationRequestResponse
 
 type container struct {
-	system *hcs.System
+	system   *hcs.System
+	waitOnce sync.Once
+	waitErr  error
+	waitCh   chan struct{}
 }
 
 // createComputeSystemAdditionalJSON is read from the environment at initialisation
@@ -71,61 +76,87 @@ func CreateContainer(id string, c *ContainerConfig) (Container, error) {
 		return nil, fmt.Errorf("failed to merge additional JSON '%s': %s", createContainerAdditionalJSON, err)
 	}
 
-	system, err := hcs.CreateComputeSystem(id, fullConfig)
+	system, err := hcs.CreateComputeSystem(context.Background(), id, fullConfig)
 	if err != nil {
 		return nil, err
 	}
-	return &container{system}, err
+	return &container{system: system}, err
 }
 
 // OpenContainer opens an existing container by ID.
 func OpenContainer(id string) (Container, error) {
-	system, err := hcs.OpenComputeSystem(id)
+	system, err := hcs.OpenComputeSystem(context.Background(), id)
 	if err != nil {
 		return nil, err
 	}
-	return &container{system}, err
+	return &container{system: system}, err
 }
 
 // GetContainers gets a list of the containers on the system that match the query
 func GetContainers(q ComputeSystemQuery) ([]ContainerProperties, error) {
-	return hcs.GetComputeSystems(q)
+	return hcs.GetComputeSystems(context.Background(), q)
 }
 
 // Start synchronously starts the container.
 func (container *container) Start() error {
-	return convertSystemError(container.system.Start(), container)
+	return convertSystemError(container.system.Start(context.Background()), container)
 }
 
 // Shutdown requests a container shutdown, but it may not actually be shutdown until Wait() succeeds.
 func (container *container) Shutdown() error {
-	return convertSystemError(container.system.Shutdown(), container)
+	err := container.system.Shutdown(context.Background())
+	if err != nil {
+		return convertSystemError(err, container)
+	}
+	return &ContainerError{Container: container, Err: ErrVmcomputeOperationPending, Operation: "hcsshim::ComputeSystem::Shutdown"}
 }
 
 // Terminate requests a container terminate, but it may not actually be terminated until Wait() succeeds.
 func (container *container) Terminate() error {
-	return convertSystemError(container.system.Terminate(), container)
+	err := container.system.Terminate(context.Background())
+	if err != nil {
+		return convertSystemError(err, container)
+	}
+	return &ContainerError{Container: container, Err: ErrVmcomputeOperationPending, Operation: "hcsshim::ComputeSystem::Terminate"}
 }
 
 // Waits synchronously waits for the container to shutdown or terminate.
 func (container *container) Wait() error {
-	return convertSystemError(container.system.Wait(), container)
+	err := container.system.Wait()
+	if err == nil {
+		err = container.system.ExitError()
+	}
+	return convertSystemError(err, container)
 }
 
 // WaitTimeout synchronously waits for the container to terminate or the duration to elapse. It
 // returns false if timeout occurs.
-func (container *container) WaitTimeout(t time.Duration) error {
-	return convertSystemError(container.system.WaitTimeout(t), container)
+func (container *container) WaitTimeout(timeout time.Duration) error {
+	container.waitOnce.Do(func() {
+		container.waitCh = make(chan struct{})
+		go func() {
+			container.waitErr = container.Wait()
+			close(container.waitCh)
+		}()
+	})
+	t := time.NewTimer(timeout)
+	defer t.Stop()
+	select {
+	case <-t.C:
+		return &ContainerError{Container: container, Err: ErrTimeout, Operation: "hcsshim::ComputeSystem::Wait"}
+	case <-container.waitCh:
+		return container.waitErr
+	}
 }
 
 // Pause pauses the execution of a container.
 func (container *container) Pause() error {
-	return convertSystemError(container.system.Pause(), container)
+	return convertSystemError(container.system.Pause(context.Background()), container)
 }
 
 // Resume resumes the execution of a container.
 func (container *container) Resume() error {
-	return convertSystemError(container.system.Resume(), container)
+	return convertSystemError(container.system.Resume(context.Background()), container)
 }
 
 // HasPendingUpdates returns true if the container has updates pending to install
@@ -135,7 +166,7 @@ func (container *container) HasPendingUpdates() (bool, error) {
 
 // Statistics returns statistics for the container. This is a legacy v1 call
 func (container *container) Statistics() (Statistics, error) {
-	properties, err := container.system.Properties(schema1.PropertyTypeStatistics)
+	properties, err := container.system.Properties(context.Background(), schema1.PropertyTypeStatistics)
 	if err != nil {
 		return Statistics{}, convertSystemError(err, container)
 	}
@@ -145,7 +176,7 @@ func (container *container) Statistics() (Statistics, error) {
 
 // ProcessList returns an array of ProcessListItems for the container. This is a legacy v1 call
 func (container *container) ProcessList() ([]ProcessListItem, error) {
-	properties, err := container.system.Properties(schema1.PropertyTypeProcessList)
+	properties, err := container.system.Properties(context.Background(), schema1.PropertyTypeProcessList)
 	if err != nil {
 		return nil, convertSystemError(err, container)
 	}
@@ -155,7 +186,7 @@ func (container *container) ProcessList() ([]ProcessListItem, error) {
 
 // This is a legacy v1 call
 func (container *container) MappedVirtualDisks() (map[int]MappedVirtualDiskController, error) {
-	properties, err := container.system.Properties(schema1.PropertyTypeMappedVirtualDisk)
+	properties, err := container.system.Properties(context.Background(), schema1.PropertyTypeMappedVirtualDisk)
 	if err != nil {
 		return nil, convertSystemError(err, container)
 	}
@@ -165,20 +196,20 @@ func (container *container) MappedVirtualDisks() (map[int]MappedVirtualDiskContr
 
 // CreateProcess launches a new process within the container.
 func (container *container) CreateProcess(c *ProcessConfig) (Process, error) {
-	p, err := container.system.CreateProcess(c)
+	p, err := container.system.CreateProcess(context.Background(), c)
 	if err != nil {
 		return nil, convertSystemError(err, container)
 	}
-	return &process{p}, nil
+	return &process{p: p.(*hcs.Process)}, nil
 }
 
 // OpenProcess gets an interface to an existing process within the container.
 func (container *container) OpenProcess(pid int) (Process, error) {
-	p, err := container.system.OpenProcess(pid)
+	p, err := container.system.OpenProcess(context.Background(), pid)
 	if err != nil {
 		return nil, convertSystemError(err, container)
 	}
-	return &process{p}, nil
+	return &process{p: p}, nil
 }
 
 // Close cleans up any state associated with the container but does not terminate or wait for it.
@@ -188,5 +219,5 @@ func (container *container) Close() error {
 
 // Modify the System
 func (container *container) Modify(config *ResourceModificationRequestResponse) error {
-	return convertSystemError(container.system.Modify(config), container)
+	return convertSystemError(container.system.Modify(context.Background(), config), container)
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/go.mod

@@ -0,0 +1,37 @@
+module github.com/Microsoft/hcsshim
+
+go 1.13
+
+require (
+	github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5
+	github.com/blang/semver v3.1.0+incompatible // indirect
+	github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f
+	github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1
+	github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69
+	github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc // indirect
+	github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448 // indirect
+	github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3
+	github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de
+	github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd
+	github.com/gogo/protobuf v1.2.1
+	github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce // indirect
+	github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874 // indirect
+	github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2 // indirect
+	github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f // indirect
+	github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700
+	github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39
+	github.com/pkg/errors v0.8.1
+	github.com/prometheus/procfs v0.0.5 // indirect
+	github.com/sirupsen/logrus v1.4.1
+	github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8 // indirect
+	github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5
+	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f // indirect
+	go.opencensus.io v0.22.0
+	golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6
+	golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3
+	google.golang.org/grpc v1.20.1
+	gotest.tools v2.2.0+incompatible // indirect
+	k8s.io/kubernetes v1.13.0
+)

libnetwork/vendor/github.com/Microsoft/hcsshim/hnsendpoint.go

@@ -39,11 +39,21 @@ func HNSListEndpointRequest() ([]HNSEndpoint, error) {
 
 // HotAttachEndpoint makes a HCS Call to attach the endpoint to the container
 func HotAttachEndpoint(containerID string, endpointID string) error {
+	endpoint, err := GetHNSEndpointByID(endpointID)
+	isAttached, err := endpoint.IsAttached(containerID)
+	if isAttached {
+		return err
+	}
 	return modifyNetworkEndpoint(containerID, endpointID, Add)
 }
 
 // HotDetachEndpoint makes a HCS Call to detach the endpoint from the container
 func HotDetachEndpoint(containerID string, endpointID string) error {
+	endpoint, err := GetHNSEndpointByID(endpointID)
+	isAttached, err := endpoint.IsAttached(containerID)
+	if !isAttached {
+		return err
+	}
 	return modifyNetworkEndpoint(containerID, endpointID, Remove)
 }
 

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go

@@ -0,0 +1,83 @@
+package cow
+
+import (
+	"context"
+	"io"
+
+	"github.com/Microsoft/hcsshim/internal/schema1"
+	hcsschema "github.com/Microsoft/hcsshim/internal/schema2"
+)
+
+// Process is the interface for an OS process running in a container or utility VM.
+type Process interface {
+	// Close releases resources associated with the process and closes the
+	// writer and readers returned by Stdio. Depending on the implementation,
+	// this may also terminate the process.
+	Close() error
+	// CloseStdin causes the process's stdin handle to receive EOF/EPIPE/whatever
+	// is appropriate to indicate that no more data is available.
+	CloseStdin(ctx context.Context) error
+	// Pid returns the process ID.
+	Pid() int
+	// Stdio returns the stdio streams for a process. These may be nil if a stream
+	// was not requested during CreateProcess.
+	Stdio() (_ io.Writer, _ io.Reader, _ io.Reader)
+	// ResizeConsole resizes the virtual terminal associated with the process.
+	ResizeConsole(ctx context.Context, width, height uint16) error
+	// Kill sends a SIGKILL or equivalent signal to the process and returns whether
+	// the signal was delivered. It does not wait for the process to terminate.
+	Kill(ctx context.Context) (bool, error)
+	// Signal sends a signal to the process and returns whether the signal was
+	// delivered. The input is OS specific (either
+	// guestrequest.SignalProcessOptionsWCOW or
+	// guestrequest.SignalProcessOptionsLCOW). It does not wait for the process
+	// to terminate.
+	Signal(ctx context.Context, options interface{}) (bool, error)
+	// Wait waits for the process to complete, or for a connection to the process to be
+	// terminated by some error condition (including calling Close).
+	Wait() error
+	// ExitCode returns the exit code of the process. Returns an error if the process is
+	// not running.
+	ExitCode() (int, error)
+}
+
+// ProcessHost is the interface for creating processes.
+type ProcessHost interface {
+	// CreateProcess creates a process. The configuration is host specific
+	// (either hcsschema.ProcessParameters or lcow.ProcessParameters).
+	CreateProcess(ctx context.Context, config interface{}) (Process, error)
+	// OS returns the host's operating system, "linux" or "windows".
+	OS() string
+	// IsOCI specifies whether this is an OCI-compliant process host. If true,
+	// then the configuration passed to CreateProcess should have an OCI process
+	// spec (or nil if this is the initial process in an OCI container).
+	// Otherwise, it should have the HCS-specific process parameters.
+	IsOCI() bool
+}
+
+// Container is the interface for container objects, either running on the host or
+// in a utility VM.
+type Container interface {
+	ProcessHost
+	// Close releases the resources associated with the container. Depending on
+	// the implementation, this may also terminate the container.
+	Close() error
+	// ID returns the container ID.
+	ID() string
+	// Properties returns the requested container properties targeting a V1 schema container.
+	Properties(ctx context.Context, types ...schema1.PropertyType) (*schema1.ContainerProperties, error)
+	// PropertiesV2 returns the requested container properties targeting a V2 schema container.
+	PropertiesV2(ctx context.Context, types ...hcsschema.PropertyType) (*hcsschema.Properties, error)
+	// Start starts a container.
+	Start(ctx context.Context) error
+	// Shutdown sends a shutdown request to the container (but does not wait for
+	// the shutdown to complete).
+	Shutdown(ctx context.Context) error
+	// Terminate sends a terminate request to the container (but does not wait
+	// for the terminate to complete).
+	Terminate(ctx context.Context) error
+	// Wait waits for the container to terminate, or for the connection to the
+	// container to be terminated by some error condition (including calling
+	// Close).
+	Wait() error
+}

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/guestrequest/types.go

@@ -1,100 +0,0 @@
-package guestrequest
-
-import (
-	"github.com/Microsoft/hcsshim/internal/schema2"
-)
-
-// Arguably, many of these (at least CombinedLayers) should have been generated
-// by swagger.
-//
-// This will also change package name due to an inbound breaking change.
-
-// This class is used by a modify request to add or remove a combined layers
-// structure in the guest. For windows, the GCS applies a filter in ContainerRootPath
-// using the specified layers as the parent content. Ignores property ScratchPath
-// since the container path is already the scratch path. For linux, the GCS unions
-// the specified layers and ScratchPath together, placing the resulting union
-// filesystem at ContainerRootPath.
-type CombinedLayers struct {
-	ContainerRootPath string            `json:"ContainerRootPath,omitempty"`
-	Layers            []hcsschema.Layer `json:"Layers,omitempty"`
-	ScratchPath       string            `json:"ScratchPath,omitempty"`
-}
-
-// Defines the schema for hosted settings passed to GCS and/or OpenGCS
-
-// SCSI. Scratch space for remote file-system commands, or R/W layer for containers
-type LCOWMappedVirtualDisk struct {
-	MountPath  string `json:"MountPath,omitempty"` // /tmp/scratch for an LCOW utility VM being used as a service VM
-	Lun        uint8  `json:"Lun,omitempty"`
-	Controller uint8  `json:"Controller,omitempty"`
-	ReadOnly   bool   `json:"ReadOnly,omitempty"`
-}
-
-type WCOWMappedVirtualDisk struct {
-	ContainerPath string `json:"ContainerPath,omitempty"`
-	Lun           int32  `json:"Lun,omitempty"`
-}
-
-type LCOWMappedDirectory struct {
-	MountPath string `json:"MountPath,omitempty"`
-	Port      int32  `json:"Port,omitempty"`
-	ShareName string `json:"ShareName,omitempty"` // If empty not using ANames (not currently supported)
-	ReadOnly  bool   `json:"ReadOnly,omitempty"`
-}
-
-// Read-only layers over VPMem
-type LCOWMappedVPMemDevice struct {
-	DeviceNumber uint32 `json:"DeviceNumber,omitempty"`
-	MountPath    string `json:"MountPath,omitempty"` // /tmp/pN
-}
-
-type LCOWNetworkAdapter struct {
-	NamespaceID     string `json:",omitempty"`
-	ID              string `json:",omitempty"`
-	MacAddress      string `json:",omitempty"`
-	IPAddress       string `json:",omitempty"`
-	PrefixLength    uint8  `json:",omitempty"`
-	GatewayAddress  string `json:",omitempty"`
-	DNSSuffix       string `json:",omitempty"`
-	DNSServerList   string `json:",omitempty"`
-	EnableLowMetric bool   `json:",omitempty"`
-	EncapOverhead   uint16 `json:",omitempty"`
-}
-
-type ResourceType string
-
-const (
-	// These are constants for v2 schema modify guest requests.
-	ResourceTypeMappedDirectory   ResourceType = "MappedDirectory"
-	ResourceTypeMappedVirtualDisk ResourceType = "MappedVirtualDisk"
-	ResourceTypeNetwork           ResourceType = "Network"
-	ResourceTypeNetworkNamespace  ResourceType = "NetworkNamespace"
-	ResourceTypeCombinedLayers    ResourceType = "CombinedLayers"
-	ResourceTypeVPMemDevice       ResourceType = "VPMemDevice"
-)
-
-// GuestRequest is for modify commands passed to the guest.
-type GuestRequest struct {
-	RequestType  string       `json:"RequestType,omitempty"`
-	ResourceType ResourceType `json:"ResourceType,omitempty"`
-	Settings     interface{}  `json:"Settings,omitempty"`
-}
-
-type NetworkModifyRequest struct {
-	AdapterId   string      `json:"AdapterId,omitempty"`
-	RequestType string      `json:"RequestType,omitempty"`
-	Settings    interface{} `json:"Settings,omitempty"`
-}
-
-type RS4NetworkModifyRequest struct {
-	AdapterInstanceId string      `json:"AdapterInstanceId,omitempty"`
-	RequestType       string      `json:"RequestType,omitempty"`
-	Settings          interface{} `json:"Settings,omitempty"`
-}
-
-// SignalProcessOptions is the options passed to either WCOW or LCOW
-// to signal a given process.
-type SignalProcessOptions struct {
-	Signal int `json:,omitempty`
-}

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/guid/guid.go

@@ -1,69 +0,0 @@
-package guid
-
-import (
-	"crypto/rand"
-	"encoding/json"
-	"fmt"
-	"io"
-	"strconv"
-	"strings"
-)
-
-var _ = (json.Marshaler)(&GUID{})
-var _ = (json.Unmarshaler)(&GUID{})
-
-type GUID [16]byte
-
-func New() GUID {
-	g := GUID{}
-	_, err := io.ReadFull(rand.Reader, g[:])
-	if err != nil {
-		panic(err)
-	}
-	return g
-}
-
-func (g GUID) String() string {
-	return fmt.Sprintf("%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x-%02x", g[3], g[2], g[1], g[0], g[5], g[4], g[7], g[6], g[8:10], g[10:])
-}
-
-func FromString(s string) GUID {
-	if len(s) != 36 {
-		panic(fmt.Sprintf("invalid GUID length: %d", len(s)))
-	}
-	if s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-' {
-		panic("invalid GUID format")
-	}
-	indexOrder := [16]int{
-		0, 2, 4, 6,
-		9, 11,
-		14, 16,
-		19, 21,
-		24, 26, 28, 30, 32, 34,
-	}
-	byteOrder := [16]int{
-		3, 2, 1, 0,
-		5, 4,
-		7, 6,
-		8, 9,
-		10, 11, 12, 13, 14, 15,
-	}
-	var g GUID
-	for i, x := range indexOrder {
-		b, err := strconv.ParseInt(s[x:x+2], 16, 16)
-		if err != nil {
-			panic(err)
-		}
-		g[byteOrder[i]] = byte(b)
-	}
-	return g
-}
-
-func (g GUID) MarshalJSON() ([]byte, error) {
-	return json.Marshal(g.String())
-}
-
-func (g *GUID) UnmarshalJSON(data []byte) error {
-	*g = FromString(strings.Trim(string(data), "\""))
-	return nil
-}

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/hcs/callback.go

@@ -1,10 +1,13 @@
 package hcs
 
 import (
+	"fmt"
 	"sync"
 	"syscall"
 
 	"github.com/Microsoft/hcsshim/internal/interop"
+	"github.com/Microsoft/hcsshim/internal/logfields"
+	"github.com/Microsoft/hcsshim/internal/vmcompute"
 	"github.com/sirupsen/logrus"
 )
 
@@ -40,35 +43,83 @@ var (
 )
 
 type hcsNotification uint32
+
+func (hn hcsNotification) String() string {
+	switch hn {
+	case hcsNotificationSystemExited:
+		return "SystemExited"
+	case hcsNotificationSystemCreateCompleted:
+		return "SystemCreateCompleted"
+	case hcsNotificationSystemStartCompleted:
+		return "SystemStartCompleted"
+	case hcsNotificationSystemPauseCompleted:
+		return "SystemPauseCompleted"
+	case hcsNotificationSystemResumeCompleted:
+		return "SystemResumeCompleted"
+	case hcsNotificationSystemCrashReport:
+		return "SystemCrashReport"
+	case hcsNotificationSystemSiloJobCreated:
+		return "SystemSiloJobCreated"
+	case hcsNotificationSystemSaveCompleted:
+		return "SystemSaveCompleted"
+	case hcsNotificationSystemRdpEnhancedModeStateChanged:
+		return "SystemRdpEnhancedModeStateChanged"
+	case hcsNotificationSystemShutdownFailed:
+		return "SystemShutdownFailed"
+	case hcsNotificationSystemGetPropertiesCompleted:
+		return "SystemGetPropertiesCompleted"
+	case hcsNotificationSystemModifyCompleted:
+		return "SystemModifyCompleted"
+	case hcsNotificationSystemCrashInitiated:
+		return "SystemCrashInitiated"
+	case hcsNotificationSystemGuestConnectionClosed:
+		return "SystemGuestConnectionClosed"
+	case hcsNotificationProcessExited:
+		return "ProcessExited"
+	case hcsNotificationInvalid:
+		return "Invalid"
+	case hcsNotificationServiceDisconnect:
+		return "ServiceDisconnect"
+	default:
+		return fmt.Sprintf("Unknown: %d", hn)
+	}
+}
+
 type notificationChannel chan error
 
 type notifcationWatcherContext struct {
 	channels notificationChannels
-	handle   hcsCallback
+	handle   vmcompute.HcsCallback
+
+	systemID  string
+	processID int
 }
 
 type notificationChannels map[hcsNotification]notificationChannel
 
-func newChannels() notificationChannels {
+func newSystemChannels() notificationChannels {
 	channels := make(notificationChannels)
+	for _, notif := range []hcsNotification{
+		hcsNotificationServiceDisconnect,
+		hcsNotificationSystemExited,
+		hcsNotificationSystemCreateCompleted,
+		hcsNotificationSystemStartCompleted,
+		hcsNotificationSystemPauseCompleted,
+		hcsNotificationSystemResumeCompleted,
+	} {
+		channels[notif] = make(notificationChannel, 1)
+	}
+	return channels
+}
 
-	channels[hcsNotificationSystemExited] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemCreateCompleted] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemStartCompleted] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemPauseCompleted] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemResumeCompleted] = make(notificationChannel, 1)
-	channels[hcsNotificationProcessExited] = make(notificationChannel, 1)
-	channels[hcsNotificationServiceDisconnect] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemCrashReport] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemSiloJobCreated] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemSaveCompleted] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemRdpEnhancedModeStateChanged] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemShutdownFailed] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemGetPropertiesCompleted] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemModifyCompleted] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemCrashInitiated] = make(notificationChannel, 1)
-	channels[hcsNotificationSystemGuestConnectionClosed] = make(notificationChannel, 1)
-
+func newProcessChannels() notificationChannels {
+	channels := make(notificationChannels)
+	for _, notif := range []hcsNotification{
+		hcsNotificationServiceDisconnect,
+		hcsNotificationProcessExited,
+	} {
+		channels[notif] = make(notificationChannel, 1)
+	}
 	return channels
 }
 
@@ -92,12 +143,17 @@ func notificationWatcher(notificationType hcsNotification, callbackNumber uintpt
 		return 0
 	}
 
+	log := logrus.WithFields(logrus.Fields{
+		"notification-type": notificationType.String(),
+		"system-id":         context.systemID,
+	})
+	if context.processID != 0 {
+		log.Data[logfields.ProcessID] = context.processID
+	}
+	log.Debug("HCS notification")
+
 	if channel, ok := context.channels[notificationType]; ok {
 		channel <- result
-	} else {
-		logrus.WithFields(logrus.Fields{
-			"notification-type": notificationType,
-		}).Warn("Received a callback of an unsupported type")
 	}
 
 	return 0

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go

@@ -1,14 +1,14 @@
 package hcs
 
 import (
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
+	"net"
 	"syscall"
 
-	"github.com/Microsoft/hcsshim/internal/interop"
-	"github.com/Microsoft/hcsshim/internal/logfields"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/log"
 )
 
 var (
@@ -117,17 +117,11 @@ func (ev *ErrorEvent) String() string {
 	return evs
 }
 
-func processHcsResult(resultp *uint16) []ErrorEvent {
-	if resultp != nil {
-		resultj := interop.ConvertAndFreeCoTaskMemString(resultp)
-		logrus.WithField(logfields.JSON, resultj).
-			Debug("HCS Result")
+func processHcsResult(ctx context.Context, resultJSON string) []ErrorEvent {
+	if resultJSON != "" {
 		result := &hcsResult{}
-		if err := json.Unmarshal([]byte(resultj), result); err != nil {
-			logrus.WithFields(logrus.Fields{
-				logfields.JSON:  resultj,
-				logrus.ErrorKey: err,
-			}).Warning("Could not unmarshal HCS result")
+		if err := json.Unmarshal([]byte(resultJSON), result); err != nil {
+			log.G(ctx).WithError(err).Warning("Could not unmarshal HCS result")
 			return nil
 		}
 		return result.ErrorEvents
@@ -141,6 +135,8 @@ type HcsError struct {
 	Events []ErrorEvent
 }
 
+var _ net.Error = &HcsError{}
+
 func (e *HcsError) Error() string {
 	s := e.Op + ": " + e.Err.Error()
 	for _, ev := range e.Events {
@@ -149,6 +145,16 @@ func (e *HcsError) Error() string {
 	return s
 }
 
+func (e *HcsError) Temporary() bool {
+	err, ok := e.Err.(net.Error)
+	return ok && err.Temporary()
+}
+
+func (e *HcsError) Timeout() bool {
+	err, ok := e.Err.(net.Error)
+	return ok && err.Timeout()
+}
+
 // ProcessError is an error encountered in HCS during an operation on a Process object
 type ProcessError struct {
 	SystemID string
@@ -158,6 +164,8 @@ type ProcessError struct {
 	Events   []ErrorEvent
 }
 
+var _ net.Error = &ProcessError{}
+
 // SystemError is an error encountered in HCS during an operation on a Container object
 type SystemError struct {
 	ID     string
@@ -167,6 +175,8 @@ type SystemError struct {
 	Events []ErrorEvent
 }
 
+var _ net.Error = &SystemError{}
+
 func (e *SystemError) Error() string {
 	s := e.Op + " " + e.ID + ": " + e.Err.Error()
 	for _, ev := range e.Events {
@@ -178,6 +188,16 @@ func (e *SystemError) Error() string {
 	return s
 }
 
+func (e *SystemError) Temporary() bool {
+	err, ok := e.Err.(net.Error)
+	return ok && err.Temporary()
+}
+
+func (e *SystemError) Timeout() bool {
+	err, ok := e.Err.(net.Error)
+	return ok && err.Timeout()
+}
+
 func makeSystemError(system *System, op string, extra string, err error, events []ErrorEvent) error {
 	// Don't double wrap errors
 	if _, ok := err.(*SystemError); ok {
@@ -200,6 +220,16 @@ func (e *ProcessError) Error() string {
 	return s
 }
 
+func (e *ProcessError) Temporary() bool {
+	err, ok := e.Err.(net.Error)
+	return ok && err.Temporary()
+}
+
+func (e *ProcessError) Timeout() bool {
+	err, ok := e.Err.(net.Error)
+	return ok && err.Timeout()
+}
+
 func makeProcessError(process *Process, op string, err error, events []ErrorEvent) error {
 	// Don't double wrap errors
 	if _, ok := err.(*ProcessError); ok {
@@ -242,6 +272,9 @@ func IsPending(err error) bool {
 // IsTimeout returns a boolean indicating whether the error is caused by
 // a timeout waiting for the operation to complete.
 func IsTimeout(err error) bool {
+	if err, ok := err.(net.Error); ok && err.Timeout() {
+		return true
+	}
 	err = getInnerError(err)
 	return err == ErrTimeout
 }
@@ -272,6 +305,13 @@ func IsNotSupported(err error) bool {
 		err == ErrVmcomputeUnknownMessage
 }
 
+// IsOperationInvalidState returns true when err is caused by
+// `ErrVmcomputeOperationInvalidState`.
+func IsOperationInvalidState(err error) bool {
+	err = getInnerError(err)
+	return err == ErrVmcomputeOperationInvalidState
+}
+
 func getInnerError(err error) error {
 	switch pe := err.(type) {
 	case nil:
@@ -285,3 +325,12 @@ func getInnerError(err error) error {
 	}
 	return err
 }
+
+func getOperationLogResult(err error) (string, error) {
+	switch err {
+	case nil:
+		return "Success", nil
+	default:
+		return "Error", err
+	}
+}

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/hcs/hcs.go

@@ -1,48 +0,0 @@
-// Shim for the Host Compute Service (HCS) to manage Windows Server
-// containers and Hyper-V containers.
-
-package hcs
-
-import (
-	"syscall"
-)
-
-//go:generate go run ../../mksyscall_windows.go -output zsyscall_windows.go hcs.go
-
-//sys hcsEnumerateComputeSystems(query string, computeSystems **uint16, result **uint16) (hr error) = vmcompute.HcsEnumerateComputeSystems?
-//sys hcsCreateComputeSystem(id string, configuration string, identity syscall.Handle, computeSystem *hcsSystem, result **uint16) (hr error) = vmcompute.HcsCreateComputeSystem?
-//sys hcsOpenComputeSystem(id string, computeSystem *hcsSystem, result **uint16) (hr error) = vmcompute.HcsOpenComputeSystem?
-//sys hcsCloseComputeSystem(computeSystem hcsSystem) (hr error) = vmcompute.HcsCloseComputeSystem?
-//sys hcsStartComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsStartComputeSystem?
-//sys hcsShutdownComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsShutdownComputeSystem?
-//sys hcsTerminateComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsTerminateComputeSystem?
-//sys hcsPauseComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsPauseComputeSystem?
-//sys hcsResumeComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsResumeComputeSystem?
-//sys hcsGetComputeSystemProperties(computeSystem hcsSystem, propertyQuery string, properties **uint16, result **uint16) (hr error) = vmcompute.HcsGetComputeSystemProperties?
-//sys hcsModifyComputeSystem(computeSystem hcsSystem, configuration string, result **uint16) (hr error) = vmcompute.HcsModifyComputeSystem?
-//sys hcsRegisterComputeSystemCallback(computeSystem hcsSystem, callback uintptr, context uintptr, callbackHandle *hcsCallback) (hr error) = vmcompute.HcsRegisterComputeSystemCallback?
-//sys hcsUnregisterComputeSystemCallback(callbackHandle hcsCallback) (hr error) = vmcompute.HcsUnregisterComputeSystemCallback?
-
-//sys hcsCreateProcess(computeSystem hcsSystem, processParameters string, processInformation *hcsProcessInformation, process *hcsProcess, result **uint16) (hr error) = vmcompute.HcsCreateProcess?
-//sys hcsOpenProcess(computeSystem hcsSystem, pid uint32, process *hcsProcess, result **uint16) (hr error) = vmcompute.HcsOpenProcess?
-//sys hcsCloseProcess(process hcsProcess) (hr error) = vmcompute.HcsCloseProcess?
-//sys hcsTerminateProcess(process hcsProcess, result **uint16) (hr error) = vmcompute.HcsTerminateProcess?
-//sys hcsSignalProcess(process hcsProcess, options string, result **uint16) (hr error) = vmcompute.HcsTerminateProcess?
-//sys hcsGetProcessInfo(process hcsProcess, processInformation *hcsProcessInformation, result **uint16) (hr error) = vmcompute.HcsGetProcessInfo?
-//sys hcsGetProcessProperties(process hcsProcess, processProperties **uint16, result **uint16) (hr error) = vmcompute.HcsGetProcessProperties?
-//sys hcsModifyProcess(process hcsProcess, settings string, result **uint16) (hr error) = vmcompute.HcsModifyProcess?
-//sys hcsGetServiceProperties(propertyQuery string, properties **uint16, result **uint16) (hr error) = vmcompute.HcsGetServiceProperties?
-//sys hcsRegisterProcessCallback(process hcsProcess, callback uintptr, context uintptr, callbackHandle *hcsCallback) (hr error) = vmcompute.HcsRegisterProcessCallback?
-//sys hcsUnregisterProcessCallback(callbackHandle hcsCallback) (hr error) = vmcompute.HcsUnregisterProcessCallback?
-
-type hcsSystem syscall.Handle
-type hcsProcess syscall.Handle
-type hcsCallback syscall.Handle
-
-type hcsProcessInformation struct {
-	ProcessId uint32
-	Reserved  uint32
-	StdInput  syscall.Handle
-	StdOutput syscall.Handle
-	StdError  syscall.Handle
-}

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/hcs/log.go

@@ -1,20 +0,0 @@
-package hcs
-
-import "github.com/sirupsen/logrus"
-
-func logOperationBegin(ctx logrus.Fields, msg string) {
-	logrus.WithFields(ctx).Debug(msg)
-}
-
-func logOperationEnd(ctx logrus.Fields, msg string, err error) {
-	// Copy the log and fields first.
-	log := logrus.WithFields(ctx)
-	if err == nil {
-		log.Debug(msg)
-	} else {
-		// Edit only the copied field data to avoid race conditions on the
-		// write.
-		log.Data[logrus.ErrorKey] = err
-		log.Error(msg)
-	}
-}

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go

@@ -1,53 +1,47 @@
 package hcs
 
 import (
+	"context"
 	"encoding/json"
 	"io"
 	"sync"
 	"syscall"
 	"time"
 
-	"github.com/Microsoft/hcsshim/internal/guestrequest"
-	"github.com/Microsoft/hcsshim/internal/interop"
-	"github.com/Microsoft/hcsshim/internal/logfields"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/log"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/Microsoft/hcsshim/internal/vmcompute"
+	"go.opencensus.io/trace"
 )
 
 // ContainerError is an error encountered in HCS
 type Process struct {
 	handleLock     sync.RWMutex
-	handle         hcsProcess
+	handle         vmcompute.HcsProcess
 	processID      int
 	system         *System
-	cachedPipes    *cachedPipes
+	hasCachedStdio bool
+	stdioLock      sync.Mutex
+	stdin          io.WriteCloser
+	stdout         io.ReadCloser
+	stderr         io.ReadCloser
 	callbackNumber uintptr
 
-	logctx logrus.Fields
-
 	closedWaitOnce sync.Once
 	waitBlock      chan struct{}
+	exitCode       int
 	waitError      error
 }
 
-func newProcess(process hcsProcess, processID int, computeSystem *System) *Process {
+func newProcess(process vmcompute.HcsProcess, processID int, computeSystem *System) *Process {
 	return &Process{
 		handle:    process,
 		processID: processID,
 		system:    computeSystem,
-		logctx: logrus.Fields{
-			logfields.ContainerID: computeSystem.ID(),
-			logfields.ProcessID:   processID,
-		},
 		waitBlock: make(chan struct{}),
 	}
 }
 
-type cachedPipes struct {
-	stdIn  syscall.Handle
-	stdOut syscall.Handle
-	stdErr syscall.Handle
-}
-
 type processModifyRequest struct {
 	Operation   string
 	ConsoleSize *consoleSize `json:",omitempty"`
@@ -63,7 +57,7 @@ type closeHandle struct {
 	Handle string
 }
 
-type ProcessStatus struct {
+type processStatus struct {
 	ProcessID      uint32
 	Exited         bool
 	ExitCode       uint32
@@ -91,136 +85,153 @@ func (process *Process) SystemID() string {
 	return process.system.ID()
 }
 
-func (process *Process) logOperationBegin(operation string) {
-	logOperationBegin(
-		process.logctx,
-		operation+" - Begin Operation")
-}
-
-func (process *Process) logOperationEnd(operation string, err error) {
-	var result string
-	if err == nil {
-		result = "Success"
-	} else {
-		result = "Error"
+func (process *Process) processSignalResult(ctx context.Context, err error) (bool, error) {
+	switch err {
+	case nil:
+		return true, nil
+	case ErrVmcomputeOperationInvalidState, ErrComputeSystemDoesNotExist, ErrElementNotFound:
+		select {
+		case <-process.waitBlock:
+			// The process exit notification has already arrived.
+		default:
+			// The process should be gone, but we have not received the notification.
+			// After a second, force unblock the process wait to work around a possible
+			// deadlock in the HCS.
+			go func() {
+				time.Sleep(time.Second)
+				process.closedWaitOnce.Do(func() {
+					log.G(ctx).WithError(err).Warn("force unblocking process waits")
+					process.exitCode = -1
+					process.waitError = err
+					close(process.waitBlock)
+				})
+			}()
+		}
+		return false, nil
+	default:
+		return false, err
 	}
-
-	logOperationEnd(
-		process.logctx,
-		operation+" - End Operation - "+result,
-		err)
 }
 
 // Signal signals the process with `options`.
-func (process *Process) Signal(options guestrequest.SignalProcessOptions) (err error) {
+//
+// For LCOW `guestrequest.SignalProcessOptionsLCOW`.
+//
+// For WCOW `guestrequest.SignalProcessOptionsWCOW`.
+func (process *Process) Signal(ctx context.Context, options interface{}) (bool, error) {
 	process.handleLock.RLock()
 	defer process.handleLock.RUnlock()
 
 	operation := "hcsshim::Process::Signal"
-	process.logOperationBegin(operation)
-	defer func() { process.logOperationEnd(operation, err) }()
 
 	if process.handle == 0 {
-		return makeProcessError(process, operation, ErrAlreadyClosed, nil)
+		return false, makeProcessError(process, operation, ErrAlreadyClosed, nil)
 	}
 
 	optionsb, err := json.Marshal(options)
 	if err != nil {
-		return err
+		return false, err
 	}
 
-	optionsStr := string(optionsb)
-
-	var resultp *uint16
-	syscallWatcher(process.logctx, func() {
-		err = hcsSignalProcess(process.handle, optionsStr, &resultp)
-	})
-	events := processHcsResult(resultp)
+	resultJSON, err := vmcompute.HcsSignalProcess(ctx, process.handle, string(optionsb))
+	events := processHcsResult(ctx, resultJSON)
+	delivered, err := process.processSignalResult(ctx, err)
 	if err != nil {
-		return makeProcessError(process, operation, err, events)
+		err = makeProcessError(process, operation, err, events)
 	}
-
-	return nil
+	return delivered, err
 }
 
 // Kill signals the process to terminate but does not wait for it to finish terminating.
-func (process *Process) Kill() (err error) {
+func (process *Process) Kill(ctx context.Context) (bool, error) {
 	process.handleLock.RLock()
 	defer process.handleLock.RUnlock()
 
 	operation := "hcsshim::Process::Kill"
-	process.logOperationBegin(operation)
-	defer func() { process.logOperationEnd(operation, err) }()
 
 	if process.handle == 0 {
-		return makeProcessError(process, operation, ErrAlreadyClosed, nil)
+		return false, makeProcessError(process, operation, ErrAlreadyClosed, nil)
 	}
 
-	var resultp *uint16
-	syscallWatcher(process.logctx, func() {
-		err = hcsTerminateProcess(process.handle, &resultp)
-	})
-	events := processHcsResult(resultp)
+	resultJSON, err := vmcompute.HcsTerminateProcess(ctx, process.handle)
+	events := processHcsResult(ctx, resultJSON)
+	delivered, err := process.processSignalResult(ctx, err)
 	if err != nil {
-		return makeProcessError(process, operation, err, events)
+		err = makeProcessError(process, operation, err, events)
 	}
-
-	return nil
+	return delivered, err
 }
 
 // waitBackground waits for the process exit notification. Once received sets
-// `process.waitError` (if any) and unblocks all `Wait` and `WaitTimeout` calls.
+// `process.waitError` (if any) and unblocks all `Wait` calls.
 //
-// This MUST be called exactly once per `process.handle` but `Wait` and
-// `WaitTimeout` are safe to call multiple times.
+// This MUST be called exactly once per `process.handle` but `Wait` is safe to
+// call multiple times.
 func (process *Process) waitBackground() {
-	process.waitError = waitForNotification(process.callbackNumber, hcsNotificationProcessExited, nil)
+	operation := "hcsshim::Process::waitBackground"
+	ctx, span := trace.StartSpan(context.Background(), operation)
+	defer span.End()
+	span.AddAttributes(
+		trace.StringAttribute("cid", process.SystemID()),
+		trace.Int64Attribute("pid", int64(process.processID)))
+
+	var (
+		err      error
+		exitCode = -1
+	)
+
+	err = waitForNotification(ctx, process.callbackNumber, hcsNotificationProcessExited, nil)
+	if err != nil {
+		err = makeProcessError(process, operation, err, nil)
+		log.G(ctx).WithError(err).Error("failed wait")
+	} else {
+		process.handleLock.RLock()
+		defer process.handleLock.RUnlock()
+
+		// Make sure we didnt race with Close() here
+		if process.handle != 0 {
+			propertiesJSON, resultJSON, err := vmcompute.HcsGetProcessProperties(ctx, process.handle)
+			events := processHcsResult(ctx, resultJSON)
+			if err != nil {
+				err = makeProcessError(process, operation, err, events)
+			} else {
+				properties := &processStatus{}
+				err = json.Unmarshal([]byte(propertiesJSON), properties)
+				if err != nil {
+					err = makeProcessError(process, operation, err, nil)
+				} else {
+					if properties.LastWaitResult != 0 {
+						log.G(ctx).WithField("wait-result", properties.LastWaitResult).Warning("non-zero last wait result")
+					} else {
+						exitCode = int(properties.ExitCode)
+					}
+				}
+			}
+		}
+	}
+	log.G(ctx).WithField("exitCode", exitCode).Debug("process exited")
+
 	process.closedWaitOnce.Do(func() {
+		process.exitCode = exitCode
+		process.waitError = err
 		close(process.waitBlock)
 	})
+	oc.SetSpanStatus(span, err)
 }
 
 // Wait waits for the process to exit. If the process has already exited returns
 // the pervious error (if any).
-func (process *Process) Wait() (err error) {
-	operation := "hcsshim::Process::Wait"
-	process.logOperationBegin(operation)
-	defer func() { process.logOperationEnd(operation, err) }()
-
+func (process *Process) Wait() error {
 	<-process.waitBlock
-	if process.waitError != nil {
-		return makeProcessError(process, operation, err, nil)
-	}
-	return nil
-}
-
-// WaitTimeout waits for the process to exit or the duration to elapse. If the
-// process has already exited returns the pervious error (if any). If a timeout
-// occurs returns `ErrTimeout`.
-func (process *Process) WaitTimeout(timeout time.Duration) (err error) {
-	operation := "hcssshim::Process::WaitTimeout"
-	process.logOperationBegin(operation)
-	defer func() { process.logOperationEnd(operation, err) }()
-
-	select {
-	case <-process.waitBlock:
-		if process.waitError != nil {
-			return makeProcessError(process, operation, process.waitError, nil)
-		}
-		return nil
-	case <-time.After(timeout):
-		return makeProcessError(process, operation, ErrTimeout, nil)
-	}
+	return process.waitError
 }
 
 // ResizeConsole resizes the console of the process.
-func (process *Process) ResizeConsole(width, height uint16) (err error) {
+func (process *Process) ResizeConsole(ctx context.Context, width, height uint16) error {
 	process.handleLock.RLock()
 	defer process.handleLock.RUnlock()
 
 	operation := "hcsshim::Process::ResizeConsole"
-	process.logOperationBegin(operation)
-	defer func() { process.logOperationEnd(operation, err) }()
 
 	if process.handle == 0 {
 		return makeProcessError(process, operation, ErrAlreadyClosed, nil)
@@ -239,11 +250,8 @@ func (process *Process) ResizeConsole(width, height uint16) (err error) {
 		return err
 	}
 
-	modifyRequestStr := string(modifyRequestb)
-
-	var resultp *uint16
-	err = hcsModifyProcess(process.handle, modifyRequestStr, &resultp)
-	events := processHcsResult(resultp)
+	resultJSON, err := vmcompute.HcsModifyProcess(ctx, process.handle, string(modifyRequestb))
+	events := processHcsResult(ctx, resultJSON)
 	if err != nil {
 		return makeProcessError(process, operation, err, events)
 	}
@@ -251,109 +259,55 @@ func (process *Process) ResizeConsole(width, height uint16) (err error) {
 	return nil
 }
 
-func (process *Process) Properties() (_ *ProcessStatus, err error) {
-	process.handleLock.RLock()
-	defer process.handleLock.RUnlock()
-
-	operation := "hcsshim::Process::Properties"
-	process.logOperationBegin(operation)
-	defer func() { process.logOperationEnd(operation, err) }()
-
-	if process.handle == 0 {
-		return nil, makeProcessError(process, operation, ErrAlreadyClosed, nil)
-	}
-
-	var (
-		resultp     *uint16
-		propertiesp *uint16
-	)
-	syscallWatcher(process.logctx, func() {
-		err = hcsGetProcessProperties(process.handle, &propertiesp, &resultp)
-	})
-	events := processHcsResult(resultp)
-	if err != nil {
-		return nil, makeProcessError(process, operation, err, events)
-	}
-
-	if propertiesp == nil {
-		return nil, ErrUnexpectedValue
-	}
-	propertiesRaw := interop.ConvertAndFreeCoTaskMemBytes(propertiesp)
-
-	properties := &ProcessStatus{}
-	if err := json.Unmarshal(propertiesRaw, properties); err != nil {
-		return nil, makeProcessError(process, operation, err, nil)
-	}
-
-	return properties, nil
-}
-
 // ExitCode returns the exit code of the process. The process must have
 // already terminated.
-func (process *Process) ExitCode() (_ int, err error) {
-	operation := "hcsshim::Process::ExitCode"
-	process.logOperationBegin(operation)
-	defer func() { process.logOperationEnd(operation, err) }()
-
-	properties, err := process.Properties()
-	if err != nil {
-		return -1, makeProcessError(process, operation, err, nil)
-	}
-
-	if properties.Exited == false {
-		return -1, makeProcessError(process, operation, ErrInvalidProcessState, nil)
-	}
-
-	if properties.LastWaitResult != 0 {
-		logrus.WithFields(logrus.Fields{
-			logfields.ContainerID: process.SystemID(),
-			logfields.ProcessID:   process.processID,
-			"wait-result":         properties.LastWaitResult,
-		}).Warn("hcsshim::Process::ExitCode - Non-zero last wait result")
-		return -1, nil
+func (process *Process) ExitCode() (int, error) {
+	select {
+	case <-process.waitBlock:
+		if process.waitError != nil {
+			return -1, process.waitError
+		}
+		return process.exitCode, nil
+	default:
+		return -1, makeProcessError(process, "hcsshim::Process::ExitCode", ErrInvalidProcessState, nil)
 	}
-
-	return int(properties.ExitCode), nil
 }
 
-// Stdio returns the stdin, stdout, and stderr pipes, respectively. Closing
-// these pipes does not close the underlying pipes; it should be possible to
-// call this multiple times to get multiple interfaces.
-func (process *Process) Stdio() (_ io.WriteCloser, _ io.ReadCloser, _ io.ReadCloser, err error) {
+// StdioLegacy returns the stdin, stdout, and stderr pipes, respectively. Closing
+// these pipes does not close the underlying pipes. Once returned, these pipes
+// are the responsibility of the caller to close.
+func (process *Process) StdioLegacy() (_ io.WriteCloser, _ io.ReadCloser, _ io.ReadCloser, err error) {
+	operation := "hcsshim::Process::StdioLegacy"
+	ctx, span := trace.StartSpan(context.Background(), operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("cid", process.SystemID()),
+		trace.Int64Attribute("pid", int64(process.processID)))
+
 	process.handleLock.RLock()
 	defer process.handleLock.RUnlock()
 
-	operation := "hcsshim::Process::Stdio"
-	process.logOperationBegin(operation)
-	defer func() { process.logOperationEnd(operation, err) }()
-
 	if process.handle == 0 {
 		return nil, nil, nil, makeProcessError(process, operation, ErrAlreadyClosed, nil)
 	}
 
-	var stdIn, stdOut, stdErr syscall.Handle
-
-	if process.cachedPipes == nil {
-		var (
-			processInfo hcsProcessInformation
-			resultp     *uint16
-		)
-		err = hcsGetProcessInfo(process.handle, &processInfo, &resultp)
-		events := processHcsResult(resultp)
-		if err != nil {
-			return nil, nil, nil, makeProcessError(process, operation, err, events)
-		}
-
-		stdIn, stdOut, stdErr = processInfo.StdInput, processInfo.StdOutput, processInfo.StdError
-	} else {
-		// Use cached pipes
-		stdIn, stdOut, stdErr = process.cachedPipes.stdIn, process.cachedPipes.stdOut, process.cachedPipes.stdErr
+	process.stdioLock.Lock()
+	defer process.stdioLock.Unlock()
+	if process.hasCachedStdio {
+		stdin, stdout, stderr := process.stdin, process.stdout, process.stderr
+		process.stdin, process.stdout, process.stderr = nil, nil, nil
+		process.hasCachedStdio = false
+		return stdin, stdout, stderr, nil
+	}
 
-		// Invalidate the cache
-		process.cachedPipes = nil
+	processInfo, resultJSON, err := vmcompute.HcsGetProcessInfo(ctx, process.handle)
+	events := processHcsResult(ctx, resultJSON)
+	if err != nil {
+		return nil, nil, nil, makeProcessError(process, operation, err, events)
 	}
 
-	pipes, err := makeOpenFiles([]syscall.Handle{stdIn, stdOut, stdErr})
+	pipes, err := makeOpenFiles([]syscall.Handle{processInfo.StdInput, processInfo.StdOutput, processInfo.StdError})
 	if err != nil {
 		return nil, nil, nil, makeProcessError(process, operation, err, nil)
 	}
@@ -361,15 +315,21 @@ func (process *Process) Stdio() (_ io.WriteCloser, _ io.ReadCloser, _ io.ReadClo
 	return pipes[0], pipes[1], pipes[2], nil
 }
 
+// Stdio returns the stdin, stdout, and stderr pipes, respectively.
+// To close them, close the process handle.
+func (process *Process) Stdio() (stdin io.Writer, stdout, stderr io.Reader) {
+	process.stdioLock.Lock()
+	defer process.stdioLock.Unlock()
+	return process.stdin, process.stdout, process.stderr
+}
+
 // CloseStdin closes the write side of the stdin pipe so that the process is
 // notified on the read side that there is no more data in stdin.
-func (process *Process) CloseStdin() (err error) {
+func (process *Process) CloseStdin(ctx context.Context) error {
 	process.handleLock.RLock()
 	defer process.handleLock.RUnlock()
 
 	operation := "hcsshim::Process::CloseStdin"
-	process.logOperationBegin(operation)
-	defer func() { process.logOperationEnd(operation, err) }()
 
 	if process.handle == 0 {
 		return makeProcessError(process, operation, ErrAlreadyClosed, nil)
@@ -387,96 +347,122 @@ func (process *Process) CloseStdin() (err error) {
 		return err
 	}
 
-	modifyRequestStr := string(modifyRequestb)
-
-	var resultp *uint16
-	err = hcsModifyProcess(process.handle, modifyRequestStr, &resultp)
-	events := processHcsResult(resultp)
+	resultJSON, err := vmcompute.HcsModifyProcess(ctx, process.handle, string(modifyRequestb))
+	events := processHcsResult(ctx, resultJSON)
 	if err != nil {
 		return makeProcessError(process, operation, err, events)
 	}
 
+	process.stdioLock.Lock()
+	if process.stdin != nil {
+		process.stdin.Close()
+		process.stdin = nil
+	}
+	process.stdioLock.Unlock()
+
 	return nil
 }
 
 // Close cleans up any state associated with the process but does not kill
 // or wait on it.
 func (process *Process) Close() (err error) {
+	operation := "hcsshim::Process::Close"
+	ctx, span := trace.StartSpan(context.Background(), operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("cid", process.SystemID()),
+		trace.Int64Attribute("pid", int64(process.processID)))
+
 	process.handleLock.Lock()
 	defer process.handleLock.Unlock()
 
-	operation := "hcsshim::Process::Close"
-	process.logOperationBegin(operation)
-	defer func() { process.logOperationEnd(operation, err) }()
-
 	// Don't double free this
 	if process.handle == 0 {
 		return nil
 	}
 
-	if err = process.unregisterCallback(); err != nil {
+	process.stdioLock.Lock()
+	if process.stdin != nil {
+		process.stdin.Close()
+		process.stdin = nil
+	}
+	if process.stdout != nil {
+		process.stdout.Close()
+		process.stdout = nil
+	}
+	if process.stderr != nil {
+		process.stderr.Close()
+		process.stderr = nil
+	}
+	process.stdioLock.Unlock()
+
+	if err = process.unregisterCallback(ctx); err != nil {
 		return makeProcessError(process, operation, err, nil)
 	}
 
-	if err = hcsCloseProcess(process.handle); err != nil {
+	if err = vmcompute.HcsCloseProcess(ctx, process.handle); err != nil {
 		return makeProcessError(process, operation, err, nil)
 	}
 
 	process.handle = 0
 	process.closedWaitOnce.Do(func() {
+		process.exitCode = -1
+		process.waitError = ErrAlreadyClosed
 		close(process.waitBlock)
 	})
 
 	return nil
 }
 
-func (process *Process) registerCallback() error {
-	context := &notifcationWatcherContext{
-		channels: newChannels(),
+func (process *Process) registerCallback(ctx context.Context) error {
+	callbackContext := &notifcationWatcherContext{
+		channels:  newProcessChannels(),
+		systemID:  process.SystemID(),
+		processID: process.processID,
 	}
 
 	callbackMapLock.Lock()
 	callbackNumber := nextCallback
 	nextCallback++
-	callbackMap[callbackNumber] = context
+	callbackMap[callbackNumber] = callbackContext
 	callbackMapLock.Unlock()
 
-	var callbackHandle hcsCallback
-	err := hcsRegisterProcessCallback(process.handle, notificationWatcherCallback, callbackNumber, &callbackHandle)
+	callbackHandle, err := vmcompute.HcsRegisterProcessCallback(ctx, process.handle, notificationWatcherCallback, callbackNumber)
 	if err != nil {
 		return err
 	}
-	context.handle = callbackHandle
+	callbackContext.handle = callbackHandle
 	process.callbackNumber = callbackNumber
 
 	return nil
 }
 
-func (process *Process) unregisterCallback() error {
+func (process *Process) unregisterCallback(ctx context.Context) error {
 	callbackNumber := process.callbackNumber
 
 	callbackMapLock.RLock()
-	context := callbackMap[callbackNumber]
+	callbackContext := callbackMap[callbackNumber]
 	callbackMapLock.RUnlock()
 
-	if context == nil {
+	if callbackContext == nil {
 		return nil
 	}
 
-	handle := context.handle
+	handle := callbackContext.handle
 
 	if handle == 0 {
 		return nil
 	}
 
-	// hcsUnregisterProcessCallback has its own syncronization
-	// to wait for all callbacks to complete. We must NOT hold the callbackMapLock.
-	err := hcsUnregisterProcessCallback(handle)
+	// vmcompute.HcsUnregisterProcessCallback has its own synchronization to
+	// wait for all callbacks to complete. We must NOT hold the callbackMapLock.
+	err := vmcompute.HcsUnregisterProcessCallback(ctx, handle)
 	if err != nil {
 		return err
 	}
 
-	closeChannels(context.channels)
+	closeChannels(callbackContext.channels)
 
 	callbackMapLock.Lock()
 	delete(callbackMap, callbackNumber)

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go

@@ -1,18 +1,24 @@
 package hcs
 
 import (
+	"context"
 	"encoding/json"
+	"errors"
 	"os"
 	"strconv"
+	"strings"
 	"sync"
 	"syscall"
 	"time"
 
-	"github.com/Microsoft/hcsshim/internal/interop"
-	"github.com/Microsoft/hcsshim/internal/logfields"
+	"github.com/Microsoft/hcsshim/internal/cow"
+	"github.com/Microsoft/hcsshim/internal/log"
+	"github.com/Microsoft/hcsshim/internal/oc"
 	"github.com/Microsoft/hcsshim/internal/schema1"
+	hcsschema "github.com/Microsoft/hcsshim/internal/schema2"
 	"github.com/Microsoft/hcsshim/internal/timeout"
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/vmcompute"
+	"go.opencensus.io/trace"
 )
 
 // currentContainerStarts is used to limit the number of concurrent container
@@ -38,54 +44,37 @@ func init() {
 
 type System struct {
 	handleLock     sync.RWMutex
-	handle         hcsSystem
+	handle         vmcompute.HcsSystem
 	id             string
 	callbackNumber uintptr
 
-	logctx logrus.Fields
-
 	closedWaitOnce sync.Once
 	waitBlock      chan struct{}
 	waitError      error
+	exitError      error
+
+	os, typ string
 }
 
 func newSystem(id string) *System {
 	return &System{
-		id: id,
-		logctx: logrus.Fields{
-			logfields.ContainerID: id,
-		},
+		id:        id,
 		waitBlock: make(chan struct{}),
 	}
 }
 
-func (computeSystem *System) logOperationBegin(operation string) {
-	logOperationBegin(
-		computeSystem.logctx,
-		operation+" - Begin Operation")
-}
-
-func (computeSystem *System) logOperationEnd(operation string, err error) {
-	var result string
-	if err == nil {
-		result = "Success"
-	} else {
-		result = "Error"
-	}
-
-	logOperationEnd(
-		computeSystem.logctx,
-		operation+" - End Operation - "+result,
-		err)
-}
-
 // CreateComputeSystem creates a new compute system with the given configuration but does not start it.
-func CreateComputeSystem(id string, hcsDocumentInterface interface{}) (_ *System, err error) {
+func CreateComputeSystem(ctx context.Context, id string, hcsDocumentInterface interface{}) (_ *System, err error) {
 	operation := "hcsshim::CreateComputeSystem"
 
+	// hcsCreateComputeSystemContext is an async operation. Start the outer span
+	// here to measure the full create time.
+	ctx, span := trace.StartSpan(ctx, operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("cid", id))
+
 	computeSystem := newSystem(id)
-	computeSystem.logOperationBegin(operation)
-	defer func() { computeSystem.logOperationEnd(operation, err) }()
 
 	hcsDocumentB, err := json.Marshal(hcsDocumentInterface)
 	if err != nil {
@@ -94,129 +83,114 @@ func CreateComputeSystem(id string, hcsDocumentInterface interface{}) (_ *System
 
 	hcsDocument := string(hcsDocumentB)
 
-	logrus.WithFields(computeSystem.logctx).
-		WithField(logfields.JSON, hcsDocument).
-		Debug("HCS ComputeSystem Document")
-
 	var (
-		resultp     *uint16
 		identity    syscall.Handle
+		resultJSON  string
 		createError error
 	)
-	syscallWatcher(computeSystem.logctx, func() {
-		createError = hcsCreateComputeSystem(id, hcsDocument, identity, &computeSystem.handle, &resultp)
-	})
-
+	computeSystem.handle, resultJSON, createError = vmcompute.HcsCreateComputeSystem(ctx, id, hcsDocument, identity)
 	if createError == nil || IsPending(createError) {
-		if err = computeSystem.registerCallback(); err != nil {
+		defer func() {
+			if err != nil {
+				computeSystem.Close()
+			}
+		}()
+		if err = computeSystem.registerCallback(ctx); err != nil {
 			// Terminate the compute system if it still exists. We're okay to
 			// ignore a failure here.
-			computeSystem.Terminate()
+			computeSystem.Terminate(ctx)
 			return nil, makeSystemError(computeSystem, operation, "", err, nil)
 		}
 	}
 
-	events, err := processAsyncHcsResult(createError, resultp, computeSystem.callbackNumber, hcsNotificationSystemCreateCompleted, &timeout.SystemCreate)
+	events, err := processAsyncHcsResult(ctx, createError, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemCreateCompleted, &timeout.SystemCreate)
 	if err != nil {
 		if err == ErrTimeout {
 			// Terminate the compute system if it still exists. We're okay to
 			// ignore a failure here.
-			computeSystem.Terminate()
+			computeSystem.Terminate(ctx)
 		}
 		return nil, makeSystemError(computeSystem, operation, hcsDocument, err, events)
 	}
-
 	go computeSystem.waitBackground()
-
+	if err = computeSystem.getCachedProperties(ctx); err != nil {
+		return nil, err
+	}
 	return computeSystem, nil
 }
 
 // OpenComputeSystem opens an existing compute system by ID.
-func OpenComputeSystem(id string) (_ *System, err error) {
+func OpenComputeSystem(ctx context.Context, id string) (*System, error) {
 	operation := "hcsshim::OpenComputeSystem"
 
 	computeSystem := newSystem(id)
-	computeSystem.logOperationBegin(operation)
-	defer func() {
-		if IsNotExist(err) {
-			computeSystem.logOperationEnd(operation, nil)
-		} else {
-			computeSystem.logOperationEnd(operation, err)
-		}
-	}()
-
-	var (
-		handle  hcsSystem
-		resultp *uint16
-	)
-	err = hcsOpenComputeSystem(id, &handle, &resultp)
-	events := processHcsResult(resultp)
+	handle, resultJSON, err := vmcompute.HcsOpenComputeSystem(ctx, id)
+	events := processHcsResult(ctx, resultJSON)
 	if err != nil {
 		return nil, makeSystemError(computeSystem, operation, "", err, events)
 	}
-
 	computeSystem.handle = handle
-
-	if err = computeSystem.registerCallback(); err != nil {
+	defer func() {
+		if err != nil {
+			computeSystem.Close()
+		}
+	}()
+	if err = computeSystem.registerCallback(ctx); err != nil {
 		return nil, makeSystemError(computeSystem, operation, "", err, nil)
 	}
 	go computeSystem.waitBackground()
-
+	if err = computeSystem.getCachedProperties(ctx); err != nil {
+		return nil, err
+	}
 	return computeSystem, nil
 }
 
-// GetComputeSystems gets a list of the compute systems on the system that match the query
-func GetComputeSystems(q schema1.ComputeSystemQuery) (_ []schema1.ContainerProperties, err error) {
-	operation := "hcsshim::GetComputeSystems"
-	fields := logrus.Fields{}
-	logOperationBegin(
-		fields,
-		operation+" - Begin Operation")
+func (computeSystem *System) getCachedProperties(ctx context.Context) error {
+	props, err := computeSystem.Properties(ctx)
+	if err != nil {
+		return err
+	}
+	computeSystem.typ = strings.ToLower(props.SystemType)
+	computeSystem.os = strings.ToLower(props.RuntimeOSType)
+	if computeSystem.os == "" && computeSystem.typ == "container" {
+		// Pre-RS5 HCS did not return the OS, but it only supported containers
+		// that ran Windows.
+		computeSystem.os = "windows"
+	}
+	return nil
+}
 
-	defer func() {
-		var result string
-		if err == nil {
-			result = "Success"
-		} else {
-			result = "Error"
-		}
+// OS returns the operating system of the compute system, "linux" or "windows".
+func (computeSystem *System) OS() string {
+	return computeSystem.os
+}
 
-		logOperationEnd(
-			fields,
-			operation+" - End Operation - "+result,
-			err)
-	}()
+// IsOCI returns whether processes in the compute system should be created via
+// OCI.
+func (computeSystem *System) IsOCI() bool {
+	return computeSystem.os == "linux" && computeSystem.typ == "container"
+}
+
+// GetComputeSystems gets a list of the compute systems on the system that match the query
+func GetComputeSystems(ctx context.Context, q schema1.ComputeSystemQuery) ([]schema1.ContainerProperties, error) {
+	operation := "hcsshim::GetComputeSystems"
 
 	queryb, err := json.Marshal(q)
 	if err != nil {
 		return nil, err
 	}
 
-	query := string(queryb)
-
-	logrus.WithFields(fields).
-		WithField(logfields.JSON, query).
-		Debug("HCS ComputeSystem Query")
-
-	var (
-		resultp         *uint16
-		computeSystemsp *uint16
-	)
-
-	syscallWatcher(fields, func() {
-		err = hcsEnumerateComputeSystems(query, &computeSystemsp, &resultp)
-	})
-	events := processHcsResult(resultp)
+	computeSystemsJSON, resultJSON, err := vmcompute.HcsEnumerateComputeSystems(ctx, string(queryb))
+	events := processHcsResult(ctx, resultJSON)
 	if err != nil {
 		return nil, &HcsError{Op: operation, Err: err, Events: events}
 	}
 
-	if computeSystemsp == nil {
+	if computeSystemsJSON == "" {
 		return nil, ErrUnexpectedValue
 	}
-	computeSystemsRaw := interop.ConvertAndFreeCoTaskMemBytes(computeSystemsp)
 	computeSystems := []schema1.ContainerProperties{}
-	if err = json.Unmarshal(computeSystemsRaw, &computeSystems); err != nil {
+	if err = json.Unmarshal([]byte(computeSystemsJSON), &computeSystems); err != nil {
 		return nil, err
 	}
 
@@ -224,16 +198,21 @@ func GetComputeSystems(q schema1.ComputeSystemQuery) (_ []schema1.ContainerPrope
 }
 
 // Start synchronously starts the computeSystem.
-func (computeSystem *System) Start() (err error) {
+func (computeSystem *System) Start(ctx context.Context) (err error) {
+	operation := "hcsshim::System::Start"
+
+	// hcsStartComputeSystemContext is an async operation. Start the outer span
+	// here to measure the full start time.
+	ctx, span := trace.StartSpan(ctx, operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
 
-	operation := "hcsshim::ComputeSystem::Start"
-	computeSystem.logOperationBegin(operation)
-	defer func() { computeSystem.logOperationEnd(operation, err) }()
-
 	if computeSystem.handle == 0 {
-		return makeSystemError(computeSystem, "Start", "", ErrAlreadyClosed, nil)
+		return makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil)
 	}
 
 	// This is a very simple backoff-retry loop to limit the number
@@ -262,13 +241,10 @@ func (computeSystem *System) Start() (err error) {
 		}()
 	}
 
-	var resultp *uint16
-	syscallWatcher(computeSystem.logctx, func() {
-		err = hcsStartComputeSystem(computeSystem.handle, "", &resultp)
-	})
-	events, err := processAsyncHcsResult(err, resultp, computeSystem.callbackNumber, hcsNotificationSystemStartCompleted, &timeout.SystemStart)
+	resultJSON, err := vmcompute.HcsStartComputeSystem(ctx, computeSystem.handle, "")
+	events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemStartCompleted, &timeout.SystemStart)
 	if err != nil {
-		return makeSystemError(computeSystem, "Start", "", err, events)
+		return makeSystemError(computeSystem, operation, "", err, events)
 	}
 
 	return nil
@@ -279,272 +255,257 @@ func (computeSystem *System) ID() string {
 	return computeSystem.id
 }
 
-// Shutdown requests a compute system shutdown, if IsPending() on the error returned is true,
-// it may not actually be shut down until Wait() succeeds.
-func (computeSystem *System) Shutdown() (err error) {
+// Shutdown requests a compute system shutdown.
+func (computeSystem *System) Shutdown(ctx context.Context) error {
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
 
-	operation := "hcsshim::ComputeSystem::Shutdown"
-	computeSystem.logOperationBegin(operation)
-	defer func() {
-		if IsAlreadyClosed(err) || IsAlreadyStopped(err) || IsPending(err) {
-			computeSystem.logOperationEnd(operation, nil)
-		} else {
-			computeSystem.logOperationEnd(operation, err)
-		}
-	}()
+	operation := "hcsshim::System::Shutdown"
 
 	if computeSystem.handle == 0 {
-		return makeSystemError(computeSystem, "Shutdown", "", ErrAlreadyClosed, nil)
+		return nil
 	}
 
-	var resultp *uint16
-	syscallWatcher(computeSystem.logctx, func() {
-		err = hcsShutdownComputeSystem(computeSystem.handle, "", &resultp)
-	})
-	events := processHcsResult(resultp)
-	if err != nil {
-		return makeSystemError(computeSystem, "Shutdown", "", err, events)
+	resultJSON, err := vmcompute.HcsShutdownComputeSystem(ctx, computeSystem.handle, "")
+	events := processHcsResult(ctx, resultJSON)
+	switch err {
+	case nil, ErrVmcomputeAlreadyStopped, ErrComputeSystemDoesNotExist, ErrVmcomputeOperationPending:
+	default:
+		return makeSystemError(computeSystem, operation, "", err, events)
 	}
-
 	return nil
 }
 
-// Terminate requests a compute system terminate, if IsPending() on the error returned is true,
-// it may not actually be shut down until Wait() succeeds.
-func (computeSystem *System) Terminate() (err error) {
+// Terminate requests a compute system terminate.
+func (computeSystem *System) Terminate(ctx context.Context) error {
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
 
-	operation := "hcsshim::ComputeSystem::Terminate"
-	computeSystem.logOperationBegin(operation)
-	defer func() {
-		if IsAlreadyClosed(err) || IsAlreadyStopped(err) || IsPending(err) {
-			computeSystem.logOperationEnd(operation, nil)
-		} else {
-			computeSystem.logOperationEnd(operation, err)
-		}
-	}()
+	operation := "hcsshim::System::Terminate"
 
 	if computeSystem.handle == 0 {
-		return makeSystemError(computeSystem, "Terminate", "", ErrAlreadyClosed, nil)
+		return nil
 	}
 
-	var resultp *uint16
-	syscallWatcher(computeSystem.logctx, func() {
-		err = hcsTerminateComputeSystem(computeSystem.handle, "", &resultp)
-	})
-	events := processHcsResult(resultp)
-	if err != nil && err != ErrVmcomputeAlreadyStopped {
-		return makeSystemError(computeSystem, "Terminate", "", err, events)
+	resultJSON, err := vmcompute.HcsTerminateComputeSystem(ctx, computeSystem.handle, "")
+	events := processHcsResult(ctx, resultJSON)
+	switch err {
+	case nil, ErrVmcomputeAlreadyStopped, ErrComputeSystemDoesNotExist, ErrVmcomputeOperationPending:
+	default:
+		return makeSystemError(computeSystem, operation, "", err, events)
 	}
-
 	return nil
 }
 
 // waitBackground waits for the compute system exit notification. Once received
-// sets `computeSystem.waitError` (if any) and unblocks all `Wait`,
-// `WaitExpectedError`, and `WaitTimeout` calls.
+// sets `computeSystem.waitError` (if any) and unblocks all `Wait` calls.
 //
-// This MUST be called exactly once per `computeSystem.handle` but `Wait`,
-// `WaitExpectedError`, and `WaitTimeout` are safe to call multiple times.
+// This MUST be called exactly once per `computeSystem.handle` but `Wait` is
+// safe to call multiple times.
 func (computeSystem *System) waitBackground() {
-	computeSystem.waitError = waitForNotification(computeSystem.callbackNumber, hcsNotificationSystemExited, nil)
+	operation := "hcsshim::System::waitBackground"
+	ctx, span := trace.StartSpan(context.Background(), operation)
+	defer span.End()
+	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
+	err := waitForNotification(ctx, computeSystem.callbackNumber, hcsNotificationSystemExited, nil)
+	switch err {
+	case nil:
+		log.G(ctx).Debug("system exited")
+	case ErrVmcomputeUnexpectedExit:
+		log.G(ctx).Debug("unexpected system exit")
+		computeSystem.exitError = makeSystemError(computeSystem, operation, "", err, nil)
+		err = nil
+	default:
+		err = makeSystemError(computeSystem, operation, "", err, nil)
+	}
 	computeSystem.closedWaitOnce.Do(func() {
+		computeSystem.waitError = err
 		close(computeSystem.waitBlock)
 	})
+	oc.SetSpanStatus(span, err)
 }
 
 // Wait synchronously waits for the compute system to shutdown or terminate. If
 // the compute system has already exited returns the previous error (if any).
-func (computeSystem *System) Wait() (err error) {
-	operation := "hcsshim::ComputeSystem::Wait"
-	computeSystem.logOperationBegin(operation)
-	defer func() { computeSystem.logOperationEnd(operation, err) }()
-
-	<-computeSystem.waitBlock
-	if computeSystem.waitError != nil {
-		return makeSystemError(computeSystem, "Wait", "", computeSystem.waitError, nil)
-	}
-
-	return nil
-}
-
-// WaitExpectedError synchronously waits for the compute system to shutdown or
-// terminate and returns the error (if any) as long as it does not match
-// `expected`. If the compute system has already exited returns the previous
-// error (if any) as long as it does not match `expected`.
-func (computeSystem *System) WaitExpectedError(expected error) (err error) {
-	operation := "hcsshim::ComputeSystem::WaitExpectedError"
-	computeSystem.logOperationBegin(operation)
-	defer func() { computeSystem.logOperationEnd(operation, err) }()
-
+func (computeSystem *System) Wait() error {
 	<-computeSystem.waitBlock
-	if computeSystem.waitError != nil && getInnerError(computeSystem.waitError) != expected {
-		return makeSystemError(computeSystem, "WaitExpectedError", "", computeSystem.waitError, nil)
-	}
-	return nil
+	return computeSystem.waitError
 }
 
-// WaitTimeout synchronously waits for the compute system to terminate or the
-// duration to elapse. If the timeout expires, `IsTimeout(err) == true`. If
-// the compute system has already exited returns the previous error (if any).
-func (computeSystem *System) WaitTimeout(timeout time.Duration) (err error) {
-	operation := "hcsshim::ComputeSystem::WaitTimeout"
-	computeSystem.logOperationBegin(operation)
-	defer func() { computeSystem.logOperationEnd(operation, err) }()
-
+// ExitError returns an error describing the reason the compute system terminated.
+func (computeSystem *System) ExitError() error {
 	select {
 	case <-computeSystem.waitBlock:
 		if computeSystem.waitError != nil {
-			return makeSystemError(computeSystem, "WaitTimeout", "", computeSystem.waitError, nil)
+			return computeSystem.waitError
 		}
-		return nil
-	case <-time.After(timeout):
-		return makeSystemError(computeSystem, "WaitTimeout", "", ErrTimeout, nil)
+		return computeSystem.exitError
+	default:
+		return errors.New("container not exited")
 	}
 }
 
-func (computeSystem *System) Properties(types ...schema1.PropertyType) (_ *schema1.ContainerProperties, err error) {
+// Properties returns the requested container properties targeting a V1 schema container.
+func (computeSystem *System) Properties(ctx context.Context, types ...schema1.PropertyType) (*schema1.ContainerProperties, error) {
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
 
-	operation := "hcsshim::ComputeSystem::Properties"
-	computeSystem.logOperationBegin(operation)
-	defer func() { computeSystem.logOperationEnd(operation, err) }()
+	operation := "hcsshim::System::Properties"
 
-	queryj, err := json.Marshal(schema1.PropertyQuery{types})
+	queryBytes, err := json.Marshal(schema1.PropertyQuery{PropertyTypes: types})
 	if err != nil {
-		return nil, makeSystemError(computeSystem, "Properties", "", err, nil)
+		return nil, makeSystemError(computeSystem, operation, "", err, nil)
 	}
 
-	logrus.WithFields(computeSystem.logctx).
-		WithField(logfields.JSON, queryj).
-		Debug("HCS ComputeSystem Properties Query")
-
-	var resultp, propertiesp *uint16
-	syscallWatcher(computeSystem.logctx, func() {
-		err = hcsGetComputeSystemProperties(computeSystem.handle, string(queryj), &propertiesp, &resultp)
-	})
-	events := processHcsResult(resultp)
+	propertiesJSON, resultJSON, err := vmcompute.HcsGetComputeSystemProperties(ctx, computeSystem.handle, string(queryBytes))
+	events := processHcsResult(ctx, resultJSON)
 	if err != nil {
-		return nil, makeSystemError(computeSystem, "Properties", "", err, events)
+		return nil, makeSystemError(computeSystem, operation, "", err, events)
 	}
 
-	if propertiesp == nil {
+	if propertiesJSON == "" {
 		return nil, ErrUnexpectedValue
 	}
-	propertiesRaw := interop.ConvertAndFreeCoTaskMemBytes(propertiesp)
 	properties := &schema1.ContainerProperties{}
-	if err := json.Unmarshal(propertiesRaw, properties); err != nil {
-		return nil, makeSystemError(computeSystem, "Properties", "", err, nil)
+	if err := json.Unmarshal([]byte(propertiesJSON), properties); err != nil {
+		return nil, makeSystemError(computeSystem, operation, "", err, nil)
 	}
 
 	return properties, nil
 }
 
-// Pause pauses the execution of the computeSystem. This feature is not enabled in TP5.
-func (computeSystem *System) Pause() (err error) {
+// PropertiesV2 returns the requested container properties targeting a V2 schema container.
+func (computeSystem *System) PropertiesV2(ctx context.Context, types ...hcsschema.PropertyType) (*hcsschema.Properties, error) {
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
 
-	operation := "hcsshim::ComputeSystem::Pause"
-	computeSystem.logOperationBegin(operation)
-	defer func() { computeSystem.logOperationEnd(operation, err) }()
+	operation := "hcsshim::System::PropertiesV2"
+
+	queryBytes, err := json.Marshal(hcsschema.PropertyQuery{PropertyTypes: types})
+	if err != nil {
+		return nil, makeSystemError(computeSystem, operation, "", err, nil)
+	}
+
+	propertiesJSON, resultJSON, err := vmcompute.HcsGetComputeSystemProperties(ctx, computeSystem.handle, string(queryBytes))
+	events := processHcsResult(ctx, resultJSON)
+	if err != nil {
+		return nil, makeSystemError(computeSystem, operation, "", err, events)
+	}
+
+	if propertiesJSON == "" {
+		return nil, ErrUnexpectedValue
+	}
+	properties := &hcsschema.Properties{}
+	if err := json.Unmarshal([]byte(propertiesJSON), properties); err != nil {
+		return nil, makeSystemError(computeSystem, operation, "", err, nil)
+	}
+
+	return properties, nil
+}
+
+// Pause pauses the execution of the computeSystem. This feature is not enabled in TP5.
+func (computeSystem *System) Pause(ctx context.Context) (err error) {
+	operation := "hcsshim::System::Pause"
+
+	// hcsPauseComputeSystemContext is an async peration. Start the outer span
+	// here to measure the full pause time.
+	ctx, span := trace.StartSpan(ctx, operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
+	computeSystem.handleLock.RLock()
+	defer computeSystem.handleLock.RUnlock()
 
 	if computeSystem.handle == 0 {
-		return makeSystemError(computeSystem, "Pause", "", ErrAlreadyClosed, nil)
+		return makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil)
 	}
 
-	var resultp *uint16
-	syscallWatcher(computeSystem.logctx, func() {
-		err = hcsPauseComputeSystem(computeSystem.handle, "", &resultp)
-	})
-	events, err := processAsyncHcsResult(err, resultp, computeSystem.callbackNumber, hcsNotificationSystemPauseCompleted, &timeout.SystemPause)
+	resultJSON, err := vmcompute.HcsPauseComputeSystem(ctx, computeSystem.handle, "")
+	events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemPauseCompleted, &timeout.SystemPause)
 	if err != nil {
-		return makeSystemError(computeSystem, "Pause", "", err, events)
+		return makeSystemError(computeSystem, operation, "", err, events)
 	}
 
 	return nil
 }
 
 // Resume resumes the execution of the computeSystem. This feature is not enabled in TP5.
-func (computeSystem *System) Resume() (err error) {
+func (computeSystem *System) Resume(ctx context.Context) (err error) {
+	operation := "hcsshim::System::Resume"
+
+	// hcsResumeComputeSystemContext is an async operation. Start the outer span
+	// here to measure the full restore time.
+	ctx, span := trace.StartSpan(ctx, operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
 
-	operation := "hcsshim::ComputeSystem::Resume"
-	computeSystem.logOperationBegin(operation)
-	defer func() { computeSystem.logOperationEnd(operation, err) }()
-
 	if computeSystem.handle == 0 {
-		return makeSystemError(computeSystem, "Resume", "", ErrAlreadyClosed, nil)
+		return makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil)
 	}
 
-	var resultp *uint16
-	syscallWatcher(computeSystem.logctx, func() {
-		err = hcsResumeComputeSystem(computeSystem.handle, "", &resultp)
-	})
-	events, err := processAsyncHcsResult(err, resultp, computeSystem.callbackNumber, hcsNotificationSystemResumeCompleted, &timeout.SystemResume)
+	resultJSON, err := vmcompute.HcsResumeComputeSystem(ctx, computeSystem.handle, "")
+	events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemResumeCompleted, &timeout.SystemResume)
 	if err != nil {
-		return makeSystemError(computeSystem, "Resume", "", err, events)
+		return makeSystemError(computeSystem, operation, "", err, events)
 	}
 
 	return nil
 }
 
-// CreateProcess launches a new process within the computeSystem.
-func (computeSystem *System) CreateProcess(c interface{}) (_ *Process, err error) {
+func (computeSystem *System) createProcess(ctx context.Context, operation string, c interface{}) (*Process, *vmcompute.HcsProcessInformation, error) {
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
 
-	operation := "hcsshim::ComputeSystem::CreateProcess"
-	computeSystem.logOperationBegin(operation)
-	defer func() { computeSystem.logOperationEnd(operation, err) }()
-
-	var (
-		processInfo   hcsProcessInformation
-		processHandle hcsProcess
-		resultp       *uint16
-	)
-
 	if computeSystem.handle == 0 {
-		return nil, makeSystemError(computeSystem, "CreateProcess", "", ErrAlreadyClosed, nil)
+		return nil, nil, makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil)
 	}
 
 	configurationb, err := json.Marshal(c)
 	if err != nil {
-		return nil, makeSystemError(computeSystem, "CreateProcess", "", err, nil)
+		return nil, nil, makeSystemError(computeSystem, operation, "", err, nil)
 	}
 
 	configuration := string(configurationb)
+	processInfo, processHandle, resultJSON, err := vmcompute.HcsCreateProcess(ctx, computeSystem.handle, configuration)
+	events := processHcsResult(ctx, resultJSON)
+	if err != nil {
+		return nil, nil, makeSystemError(computeSystem, operation, configuration, err, events)
+	}
 
-	logrus.WithFields(computeSystem.logctx).
-		WithField(logfields.JSON, configuration).
-		Debug("HCS ComputeSystem Process Document")
+	log.G(ctx).WithField("pid", processInfo.ProcessId).Debug("created process pid")
+	return newProcess(processHandle, int(processInfo.ProcessId), computeSystem), &processInfo, nil
+}
 
-	syscallWatcher(computeSystem.logctx, func() {
-		err = hcsCreateProcess(computeSystem.handle, configuration, &processInfo, &processHandle, &resultp)
-	})
-	events := processHcsResult(resultp)
+// CreateProcess launches a new process within the computeSystem.
+func (computeSystem *System) CreateProcess(ctx context.Context, c interface{}) (cow.Process, error) {
+	operation := "hcsshim::System::CreateProcess"
+	process, processInfo, err := computeSystem.createProcess(ctx, operation, c)
 	if err != nil {
-		return nil, makeSystemError(computeSystem, "CreateProcess", configuration, err, events)
+		return nil, err
 	}
+	defer func() {
+		if err != nil {
+			process.Close()
+		}
+	}()
 
-	logrus.WithFields(computeSystem.logctx).
-		WithField(logfields.ProcessID, processInfo.ProcessId).
-		Debug("HCS ComputeSystem CreateProcess PID")
-
-	process := newProcess(processHandle, int(processInfo.ProcessId), computeSystem)
-	process.cachedPipes = &cachedPipes{
-		stdIn:  processInfo.StdInput,
-		stdOut: processInfo.StdOutput,
-		stdErr: processInfo.StdError,
+	pipes, err := makeOpenFiles([]syscall.Handle{processInfo.StdInput, processInfo.StdOutput, processInfo.StdError})
+	if err != nil {
+		return nil, makeSystemError(computeSystem, operation, "", err, nil)
 	}
+	process.stdin = pipes[0]
+	process.stdout = pipes[1]
+	process.stderr = pipes[2]
+	process.hasCachedStdio = true
 
-	if err = process.registerCallback(); err != nil {
-		return nil, makeSystemError(computeSystem, "CreateProcess", "", err, nil)
+	if err = process.registerCallback(ctx); err != nil {
+		return nil, makeSystemError(computeSystem, operation, "", err, nil)
 	}
 	go process.waitBackground()
 
@@ -552,38 +513,25 @@ func (computeSystem *System) CreateProcess(c interface{}) (_ *Process, err error
 }
 
 // OpenProcess gets an interface to an existing process within the computeSystem.
-func (computeSystem *System) OpenProcess(pid int) (_ *Process, err error) {
+func (computeSystem *System) OpenProcess(ctx context.Context, pid int) (*Process, error) {
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
 
-	// Add PID for the context of this operation
-	computeSystem.logctx[logfields.ProcessID] = pid
-	defer delete(computeSystem.logctx, logfields.ProcessID)
-
-	operation := "hcsshim::ComputeSystem::OpenProcess"
-	computeSystem.logOperationBegin(operation)
-	defer func() { computeSystem.logOperationEnd(operation, err) }()
-
-	var (
-		processHandle hcsProcess
-		resultp       *uint16
-	)
+	operation := "hcsshim::System::OpenProcess"
 
 	if computeSystem.handle == 0 {
-		return nil, makeSystemError(computeSystem, "OpenProcess", "", ErrAlreadyClosed, nil)
+		return nil, makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil)
 	}
 
-	syscallWatcher(computeSystem.logctx, func() {
-		err = hcsOpenProcess(computeSystem.handle, uint32(pid), &processHandle, &resultp)
-	})
-	events := processHcsResult(resultp)
+	processHandle, resultJSON, err := vmcompute.HcsOpenProcess(ctx, computeSystem.handle, uint32(pid))
+	events := processHcsResult(ctx, resultJSON)
 	if err != nil {
-		return nil, makeSystemError(computeSystem, "OpenProcess", "", err, events)
+		return nil, makeSystemError(computeSystem, operation, "", err, events)
 	}
 
 	process := newProcess(processHandle, pid, computeSystem)
-	if err = process.registerCallback(); err != nil {
-		return nil, makeSystemError(computeSystem, "OpenProcess", "", err, nil)
+	if err = process.registerCallback(ctx); err != nil {
+		return nil, makeSystemError(computeSystem, operation, "", err, nil)
 	}
 	go process.waitBackground()
 
@@ -592,71 +540,72 @@ func (computeSystem *System) OpenProcess(pid int) (_ *Process, err error) {
 
 // Close cleans up any state associated with the compute system but does not terminate or wait for it.
 func (computeSystem *System) Close() (err error) {
+	operation := "hcsshim::System::Close"
+	ctx, span := trace.StartSpan(context.Background(), operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
 	computeSystem.handleLock.Lock()
 	defer computeSystem.handleLock.Unlock()
 
-	operation := "hcsshim::ComputeSystem::Close"
-	computeSystem.logOperationBegin(operation)
-	defer func() { computeSystem.logOperationEnd(operation, err) }()
-
 	// Don't double free this
 	if computeSystem.handle == 0 {
 		return nil
 	}
 
-	if err = computeSystem.unregisterCallback(); err != nil {
-		return makeSystemError(computeSystem, "Close", "", err, nil)
+	if err = computeSystem.unregisterCallback(ctx); err != nil {
+		return makeSystemError(computeSystem, operation, "", err, nil)
 	}
 
-	syscallWatcher(computeSystem.logctx, func() {
-		err = hcsCloseComputeSystem(computeSystem.handle)
-	})
+	err = vmcompute.HcsCloseComputeSystem(ctx, computeSystem.handle)
 	if err != nil {
-		return makeSystemError(computeSystem, "Close", "", err, nil)
+		return makeSystemError(computeSystem, operation, "", err, nil)
 	}
 
 	computeSystem.handle = 0
 	computeSystem.closedWaitOnce.Do(func() {
+		computeSystem.waitError = ErrAlreadyClosed
 		close(computeSystem.waitBlock)
 	})
 
 	return nil
 }
 
-func (computeSystem *System) registerCallback() error {
-	context := &notifcationWatcherContext{
-		channels: newChannels(),
+func (computeSystem *System) registerCallback(ctx context.Context) error {
+	callbackContext := &notifcationWatcherContext{
+		channels: newSystemChannels(),
+		systemID: computeSystem.id,
 	}
 
 	callbackMapLock.Lock()
 	callbackNumber := nextCallback
 	nextCallback++
-	callbackMap[callbackNumber] = context
+	callbackMap[callbackNumber] = callbackContext
 	callbackMapLock.Unlock()
 
-	var callbackHandle hcsCallback
-	err := hcsRegisterComputeSystemCallback(computeSystem.handle, notificationWatcherCallback, callbackNumber, &callbackHandle)
+	callbackHandle, err := vmcompute.HcsRegisterComputeSystemCallback(ctx, computeSystem.handle, notificationWatcherCallback, callbackNumber)
 	if err != nil {
 		return err
 	}
-	context.handle = callbackHandle
+	callbackContext.handle = callbackHandle
 	computeSystem.callbackNumber = callbackNumber
 
 	return nil
 }
 
-func (computeSystem *System) unregisterCallback() error {
+func (computeSystem *System) unregisterCallback(ctx context.Context) error {
 	callbackNumber := computeSystem.callbackNumber
 
 	callbackMapLock.RLock()
-	context := callbackMap[callbackNumber]
+	callbackContext := callbackMap[callbackNumber]
 	callbackMapLock.RUnlock()
 
-	if context == nil {
+	if callbackContext == nil {
 		return nil
 	}
 
-	handle := context.handle
+	handle := callbackContext.handle
 
 	if handle == 0 {
 		return nil
@@ -664,12 +613,12 @@ func (computeSystem *System) unregisterCallback() error {
 
 	// hcsUnregisterComputeSystemCallback has its own syncronization
 	// to wait for all callbacks to complete. We must NOT hold the callbackMapLock.
-	err := hcsUnregisterComputeSystemCallback(handle)
+	err := vmcompute.HcsUnregisterComputeSystemCallback(ctx, handle)
 	if err != nil {
 		return err
 	}
 
-	closeChannels(context.channels)
+	closeChannels(callbackContext.channels)
 
 	callbackMapLock.Lock()
 	delete(callbackMap, callbackNumber)
@@ -681,36 +630,26 @@ func (computeSystem *System) unregisterCallback() error {
 }
 
 // Modify the System by sending a request to HCS
-func (computeSystem *System) Modify(config interface{}) (err error) {
+func (computeSystem *System) Modify(ctx context.Context, config interface{}) error {
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
 
-	operation := "hcsshim::ComputeSystem::Modify"
-	computeSystem.logOperationBegin(operation)
-	defer func() { computeSystem.logOperationEnd(operation, err) }()
+	operation := "hcsshim::System::Modify"
 
 	if computeSystem.handle == 0 {
-		return makeSystemError(computeSystem, "Modify", "", ErrAlreadyClosed, nil)
+		return makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil)
 	}
 
-	requestJSON, err := json.Marshal(config)
+	requestBytes, err := json.Marshal(config)
 	if err != nil {
 		return err
 	}
 
-	requestString := string(requestJSON)
-
-	logrus.WithFields(computeSystem.logctx).
-		WithField(logfields.JSON, requestString).
-		Debug("HCS ComputeSystem Modify Document")
-
-	var resultp *uint16
-	syscallWatcher(computeSystem.logctx, func() {
-		err = hcsModifyComputeSystem(computeSystem.handle, requestString, &resultp)
-	})
-	events := processHcsResult(resultp)
+	requestJSON := string(requestBytes)
+	resultJSON, err := vmcompute.HcsModifyComputeSystem(ctx, computeSystem.handle, requestJSON)
+	events := processHcsResult(ctx, resultJSON)
 	if err != nil {
-		return makeSystemError(computeSystem, "Modify", requestString, err, events)
+		return makeSystemError(computeSystem, operation, requestJSON, err, events)
 	}
 
 	return nil

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/hcs/waithelper.go

@@ -1,25 +1,26 @@
 package hcs
 
 import (
+	"context"
 	"time"
 
-	"github.com/sirupsen/logrus"
+	"github.com/Microsoft/hcsshim/internal/log"
 )
 
-func processAsyncHcsResult(err error, resultp *uint16, callbackNumber uintptr, expectedNotification hcsNotification, timeout *time.Duration) ([]ErrorEvent, error) {
-	events := processHcsResult(resultp)
+func processAsyncHcsResult(ctx context.Context, err error, resultJSON string, callbackNumber uintptr, expectedNotification hcsNotification, timeout *time.Duration) ([]ErrorEvent, error) {
+	events := processHcsResult(ctx, resultJSON)
 	if IsPending(err) {
-		return nil, waitForNotification(callbackNumber, expectedNotification, timeout)
+		return nil, waitForNotification(ctx, callbackNumber, expectedNotification, timeout)
 	}
 
 	return events, err
 }
 
-func waitForNotification(callbackNumber uintptr, expectedNotification hcsNotification, timeout *time.Duration) error {
+func waitForNotification(ctx context.Context, callbackNumber uintptr, expectedNotification hcsNotification, timeout *time.Duration) error {
 	callbackMapLock.RLock()
 	if _, ok := callbackMap[callbackNumber]; !ok {
 		callbackMapLock.RUnlock()
-		logrus.Errorf("failed to waitForNotification: callbackNumber %d does not exist in callbackMap", callbackNumber)
+		log.G(ctx).WithField("callbackNumber", callbackNumber).Error("failed to waitForNotification: callbackNumber does not exist in callbackMap")
 		return ErrHandleClose
 	}
 	channels := callbackMap[callbackNumber].channels
@@ -27,7 +28,7 @@ func waitForNotification(callbackNumber uintptr, expectedNotification hcsNotific
 
 	expectedChannel := channels[expectedNotification]
 	if expectedChannel == nil {
-		logrus.Errorf("unknown notification type in waitForNotification %x", expectedNotification)
+		log.G(ctx).WithField("type", expectedNotification).Error("unknown notification type in waitForNotification")
 		return ErrInvalidNotificationType
 	}
 

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/hcs/watcher.go

@@ -1,41 +0,0 @@
-package hcs
-
-import (
-	"context"
-
-	"github.com/Microsoft/hcsshim/internal/logfields"
-	"github.com/Microsoft/hcsshim/internal/timeout"
-	"github.com/sirupsen/logrus"
-)
-
-// syscallWatcher is used as a very simple goroutine around calls into
-// the platform. In some cases, we have seen HCS APIs not returning due to
-// various bugs, and the goroutine making the syscall ends up not returning,
-// prior to its async callback. By spinning up a syscallWatcher, it allows
-// us to at least log a warning if a syscall doesn't complete in a reasonable
-// amount of time.
-//
-// Usage is:
-//
-// syscallWatcher(logContext, func() {
-//    err = <syscall>(args...)
-// })
-//
-
-func syscallWatcher(logContext logrus.Fields, syscallLambda func()) {
-	ctx, cancel := context.WithTimeout(context.Background(), timeout.SyscallWatcher)
-	defer cancel()
-	go watchFunc(ctx, logContext)
-	syscallLambda()
-}
-
-func watchFunc(ctx context.Context, logContext logrus.Fields) {
-	select {
-	case <-ctx.Done():
-		if ctx.Err() != context.Canceled {
-			logrus.WithFields(logContext).
-				WithField(logfields.Timeout, timeout.SyscallWatcher).
-				Warning("Syscall did not complete within operation timeout. This may indicate a platform issue. If it appears to be making no forward progress, obtain the stacks and see if there is a syscall stuck in the platform API for a significant length of time.")
-		}
-	}
-}

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go

@@ -3,6 +3,7 @@ package hns
 import (
 	"encoding/json"
 	"net"
+	"strings"
 
 	"github.com/sirupsen/logrus"
 )
@@ -94,6 +95,27 @@ func GetHNSEndpointByName(endpointName string) (*HNSEndpoint, error) {
 	return nil, EndpointNotFoundError{EndpointName: endpointName}
 }
 
+type endpointAttachInfo struct {
+	SharedContainers json.RawMessage `json:",omitempty"`
+}
+
+func (endpoint *HNSEndpoint) IsAttached(vID string) (bool, error) {
+	attachInfo := endpointAttachInfo{}
+	err := hnsCall("GET", "/endpoints/"+endpoint.Id, "", &attachInfo)
+
+	// Return false allows us to just return the err
+	if err != nil {
+		return false, err
+	}
+
+	if strings.Contains(strings.ToLower(string(attachInfo.SharedContainers)), strings.ToLower(vID)) {
+		return true, nil
+	}
+
+	return false, nil
+
+}
+
 // Create Endpoint by sending EndpointRequest to HNS. TODO: Create a separate HNS interface to place all these methods
 func (endpoint *HNSEndpoint) Create() (*HNSEndpoint, error) {
 	operation := "Create"

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsfuncs.go

@@ -9,23 +9,30 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-func hnsCall(method, path, request string, returnResponse interface{}) error {
+func hnsCallRawResponse(method, path, request string) (*hnsResponse, error) {
 	var responseBuffer *uint16
 	logrus.Debugf("[%s]=>[%s] Request : %s", method, path, request)
 
 	err := _hnsCall(method, path, request, &responseBuffer)
 	if err != nil {
-		return hcserror.New(err, "hnsCall ", "")
+		return nil, hcserror.New(err, "hnsCall ", "")
 	}
 	response := interop.ConvertAndFreeCoTaskMemString(responseBuffer)
 
 	hnsresponse := &hnsResponse{}
 	if err = json.Unmarshal([]byte(response), &hnsresponse); err != nil {
-		return err
+		return nil, err
 	}
+	return hnsresponse, nil
+}
 
+func hnsCall(method, path, request string, returnResponse interface{}) error {
+	hnsresponse, err := hnsCallRawResponse(method, path, request)
+	if err != nil {
+		return fmt.Errorf("failed during hnsCallRawResponse: %v", err)
+	}
 	if !hnsresponse.Success {
-		return fmt.Errorf("HNS failed with error : %s", hnsresponse.Error)
+		return fmt.Errorf("hns failed with error : %s", hnsresponse.Error)
 	}
 
 	if len(hnsresponse.Output) == 0 {

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go

@@ -55,8 +55,9 @@ type PaPolicy struct {
 
 type OutboundNatPolicy struct {
 	Policy
-	VIP        string   `json:"VIP,omitempty"`
-	Exceptions []string `json:"ExceptionList,omitempty"`
+	VIP          string   `json:"VIP,omitempty"`
+	Exceptions   []string `json:"ExceptionList,omitempty"`
+	Destinations []string `json:",omitempty"`
 }
 
 type ActionType string

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/interop/interop.go

@@ -15,10 +15,6 @@ func ConvertAndFreeCoTaskMemString(buffer *uint16) string {
 	return str
 }
 
-func ConvertAndFreeCoTaskMemBytes(buffer *uint16) []byte {
-	return []byte(ConvertAndFreeCoTaskMemString(buffer))
-}
-
 func Win32FromHresult(hr uintptr) syscall.Errno {
 	if hr&0x1fff0000 == 0x00070000 {
 		return syscall.Errno(hr & 0xffff)

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/log/g.go

@@ -0,0 +1,23 @@
+package log
+
+import (
+	"context"
+
+	"github.com/sirupsen/logrus"
+	"go.opencensus.io/trace"
+)
+
+// G returns a `logrus.Entry` with the `TraceID, SpanID` from `ctx` if `ctx`
+// contains an OpenCensus `trace.Span`.
+func G(ctx context.Context) *logrus.Entry {
+	span := trace.FromContext(ctx)
+	if span != nil {
+		sctx := span.SpanContext()
+		return logrus.WithFields(logrus.Fields{
+			"traceID": sctx.TraceID.String(),
+			"spanID":  sctx.SpanID.String(),
+			// "parentSpanID": TODO: JTERRY75 - Try to convince OC to export this?
+		})
+	}
+	return logrus.NewEntry(logrus.StandardLogger())
+}

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/oc/exporter.go

@@ -0,0 +1,43 @@
+package oc
+
+import (
+	"github.com/sirupsen/logrus"
+	"go.opencensus.io/trace"
+)
+
+var _ = (trace.Exporter)(&LogrusExporter{})
+
+// LogrusExporter is an OpenCensus `trace.Exporter` that exports
+// `trace.SpanData` to logrus output.
+type LogrusExporter struct {
+}
+
+// ExportSpan exports `s` based on the the following rules:
+//
+// 1. All output will contain `s.Attributes`, `s.TraceID`, `s.SpanID`,
+// `s.ParentSpanID` for correlation
+//
+// 2. Any calls to .Annotate will not be supported.
+//
+// 3. The span itself will be written at `logrus.InfoLevel` unless
+// `s.Status.Code != 0` in which case it will be written at `logrus.ErrorLevel`
+// providing `s.Status.Message` as the error value.
+func (le *LogrusExporter) ExportSpan(s *trace.SpanData) {
+	// Combine all span annotations with traceID, spanID, parentSpanID
+	baseEntry := logrus.WithFields(logrus.Fields(s.Attributes))
+	baseEntry.Data["traceID"] = s.TraceID.String()
+	baseEntry.Data["spanID"] = s.SpanID.String()
+	baseEntry.Data["parentSpanID"] = s.ParentSpanID.String()
+	baseEntry.Data["startTime"] = s.StartTime
+	baseEntry.Data["endTime"] = s.EndTime
+	baseEntry.Data["duration"] = s.EndTime.Sub(s.StartTime).String()
+	baseEntry.Data["name"] = s.Name
+	baseEntry.Time = s.StartTime
+
+	level := logrus.InfoLevel
+	if s.Status.Code != 0 {
+		level = logrus.ErrorLevel
+		baseEntry.Data[logrus.ErrorKey] = s.Status.Message
+	}
+	baseEntry.Log(level, "Span")
+}

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/oc/span.go

@@ -0,0 +1,17 @@
+package oc
+
+import (
+	"go.opencensus.io/trace"
+)
+
+// SetSpanStatus sets `span.SetStatus` to the proper status depending on `err`. If
+// `err` is `nil` assumes `trace.StatusCodeOk`.
+func SetSpanStatus(span *trace.Span, err error) {
+	status := trace.Status{}
+	if err != nil {
+		// TODO: JTERRY75 - Handle errors in a non-generic way
+		status.Code = trace.StatusCodeUnknown
+		status.Message = err.Error()
+	}
+	span.SetStatus(status)
+}

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema1/schema1.go

@@ -4,7 +4,8 @@ import (
 	"encoding/json"
 	"time"
 
-	"github.com/Microsoft/hcsshim/internal/schema2"
+	"github.com/Microsoft/go-winio/pkg/guid"
+	hcsschema "github.com/Microsoft/hcsshim/internal/schema2"
 )
 
 // ProcessConfig is used as both the input of Container.CreateProcess
@@ -62,7 +63,7 @@ type MappedVirtualDisk struct {
 	CreateInUtilityVM bool   `json:",omitempty"`
 	ReadOnly          bool   `json:",omitempty"`
 	Cache             string `json:",omitempty"` // "" (Unspecified); "Disabled"; "Enabled"; "Private"; "PrivateAllowSharing"
-	AttachOnly        bool   `json:",omitempty:`
+	AttachOnly        bool   `json:",omitempty"`
 }
 
 // AssignedDevice represents a device that has been directly assigned to a container
@@ -133,9 +134,10 @@ type ContainerProperties struct {
 	State                        string
 	Name                         string
 	SystemType                   string
+	RuntimeOSType                string `json:"RuntimeOsType,omitempty"`
 	Owner                        string
 	SiloGUID                     string                              `json:"SiloGuid,omitempty"`
-	RuntimeID                    string                              `json:"RuntimeId,omitempty"`
+	RuntimeID                    guid.GUID                           `json:"RuntimeId,omitempty"`
 	IsRuntimeTemplate            bool                                `json:",omitempty"`
 	RuntimeImagePath             string                              `json:",omitempty"`
 	Stopped                      bool                                `json:",omitempty"`
@@ -214,6 +216,7 @@ type MappedVirtualDiskController struct {
 type GuestDefinedCapabilities struct {
 	NamespaceAddRequestSupported bool `json:",omitempty"`
 	SignalProcessSupported       bool `json:",omitempty"`
+	DumpStacksSupported          bool `json:",omitempty"`
 }
 
 // GuestConnectionInfo is the structure of an iterm return by a GuestConnection call on a utility VM

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/attachment.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type Attachment struct {
-
 	Type_ string `json:"Type,omitempty"`
 
 	Path string `json:"Path,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/cache_query_stats_response.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type CacheQueryStatsResponse struct {
-
 	L3OccupancyBytes int32 `json:"L3OccupancyBytes,omitempty"`
 
 	L3TotalBwBytes int32 `json:"L3TotalBwBytes,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/close_handle.go

@@ -10,6 +10,5 @@
 package hcsschema
 
 type CloseHandle struct {
-
 	Handle string `json:"Handle,omitempty"`
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/com_port.go

@@ -11,7 +11,6 @@ package hcsschema
 
 //  ComPort specifies the named pipe that will be used for the port, with empty string indicating a disconnected port.
 type ComPort struct {
-
 	NamedPipe string `json:"NamedPipe,omitempty"`
 
 	OptimizeForDebugger bool `json:"OptimizeForDebugger,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/compute_system.go

@@ -10,14 +10,13 @@
 package hcsschema
 
 type ComputeSystem struct {
-
 	Owner string `json:"Owner,omitempty"`
 
 	SchemaVersion *Version `json:"SchemaVersion,omitempty"`
 
 	HostingSystemId string `json:"HostingSystemId,omitempty"`
 
-	HostedSystem *HostedSystem `json:"HostedSystem,omitempty"`
+	HostedSystem interface{} `json:"HostedSystem,omitempty"`
 
 	Container *Container `json:"Container,omitempty"`
 

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/configuration.go

@@ -25,37 +25,37 @@ func (c contextKey) String() string {
 
 var (
 	// ContextOAuth2 takes a oauth2.TokenSource as authentication for the request.
-	ContextOAuth2    	= contextKey("token")
+	ContextOAuth2 = contextKey("token")
 
 	// ContextBasicAuth takes BasicAuth as authentication for the request.
-	ContextBasicAuth 	= contextKey("basic")
+	ContextBasicAuth = contextKey("basic")
 
 	// ContextAccessToken takes a string oauth2 access token as authentication for the request.
-	ContextAccessToken 	= contextKey("accesstoken")
+	ContextAccessToken = contextKey("accesstoken")
 
 	// ContextAPIKey takes an APIKey as authentication for the request
- 	ContextAPIKey 		= contextKey("apikey")
+	ContextAPIKey = contextKey("apikey")
 )
 
-// BasicAuth provides basic http authentication to a request passed via context using ContextBasicAuth 
+// BasicAuth provides basic http authentication to a request passed via context using ContextBasicAuth
 type BasicAuth struct {
-	UserName      string            `json:"userName,omitempty"`
-	Password      string            `json:"password,omitempty"`	
+	UserName string `json:"userName,omitempty"`
+	Password string `json:"password,omitempty"`
 }
 
 // APIKey provides API key based authentication to a request passed via context using ContextAPIKey
 type APIKey struct {
-	Key 	string
-	Prefix	string
+	Key    string
+	Prefix string
 }
 
 type Configuration struct {
-	BasePath      string            	`json:"basePath,omitempty"`
-	Host          string            	`json:"host,omitempty"`
-	Scheme        string            	`json:"scheme,omitempty"`
-	DefaultHeader map[string]string 	`json:"defaultHeader,omitempty"`
-	UserAgent     string            	`json:"userAgent,omitempty"`
-	HTTPClient 	  *http.Client
+	BasePath      string            `json:"basePath,omitempty"`
+	Host          string            `json:"host,omitempty"`
+	Scheme        string            `json:"scheme,omitempty"`
+	DefaultHeader map[string]string `json:"defaultHeader,omitempty"`
+	UserAgent     string            `json:"userAgent,omitempty"`
+	HTTPClient    *http.Client
 }
 
 func NewConfiguration() *Configuration {
@@ -69,4 +69,4 @@ func NewConfiguration() *Configuration {
 
 func (c *Configuration) AddDefaultHeader(key string, value string) {
 	c.DefaultHeader[key] = value
-}
+}

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/console_size.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type ConsoleSize struct {
-
 	Height int32 `json:"Height,omitempty"`
 
 	Width int32 `json:"Width,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/container.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type Container struct {
-
 	GuestOs *GuestOs `json:"GuestOs,omitempty"`
 
 	Storage *Storage `json:"Storage,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_memory_information.go

@@ -11,7 +11,6 @@ package hcsschema
 
 //  memory usage as viewed from within the container
 type ContainerMemoryInformation struct {
-
 	TotalPhysicalBytes int32 `json:"TotalPhysicalBytes,omitempty"`
 
 	TotalUsage int32 `json:"TotalUsage,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/devices.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type Devices struct {
-
 	ComPorts map[string]ComPort `json:"ComPorts,omitempty"`
 
 	Scsi map[string]Scsi `json:"Scsi,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/enhanced_mode_video.go

@@ -10,6 +10,5 @@
 package hcsschema
 
 type EnhancedModeVideo struct {
-
 	ConnectionOptions *RdpConnectionOptions `json:"ConnectionOptions,omitempty"`
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/flexible_io_device.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type FlexibleIoDevice struct {
-
 	EmulatorId string `json:"EmulatorId,omitempty"`
 
 	HostingModel string `json:"HostingModel,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/guest_crash_reporting.go

@@ -10,6 +10,5 @@
 package hcsschema
 
 type GuestCrashReporting struct {
-
 	WindowsCrashSettings *WindowsCrashReporting `json:"WindowsCrashSettings,omitempty"`
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/guest_os.go

@@ -10,6 +10,5 @@
 package hcsschema
 
 type GuestOs struct {
-
 	HostName string `json:"HostName,omitempty"`
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/hosted_system.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type HostedSystem struct {
-
 	SchemaVersion *Version `json:"SchemaVersion,omitempty"`
 
 	Container *Container `json:"Container,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/hv_socket.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type HvSocket struct {
-
 	Config *HvSocketSystemConfig `json:"Config,omitempty"`
 
 	EnablePowerShellDirect bool `json:"EnablePowerShellDirect,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/hv_socket_2.go

@@ -11,6 +11,5 @@ package hcsschema
 
 //  HvSocket configuration for a VM
 type HvSocket2 struct {
-
 	HvSocketConfig *HvSocketSystemConfig `json:"HvSocketConfig,omitempty"`
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/layer.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type Layer struct {
-
 	Id string `json:"Id,omitempty"`
 
 	Path string `json:"Path,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/mapped_directory.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type MappedDirectory struct {
-
 	HostPath string `json:"HostPath,omitempty"`
 
 	HostPathType string `json:"HostPathType,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/mapped_pipe.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type MappedPipe struct {
-
 	ContainerPipeName string `json:"ContainerPipeName,omitempty"`
 
 	HostPath string `json:"HostPath,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/memory.go

@@ -10,6 +10,5 @@
 package hcsschema
 
 type Memory struct {
-
 	SizeInMB int32 `json:"SizeInMB,omitempty"`
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/memory_2.go

@@ -22,4 +22,9 @@ type Memory2 struct {
 
 	// EnableDeferredCommit is private in the schema. If regenerated need to add back.
 	EnableDeferredCommit bool `json:"EnableDeferredCommit,omitempty"`
+
+	// EnableColdDiscardHint if enabled, then the memory cold discard hint feature is exposed
+	// to the VM, allowing it to trim non-zeroed pages from the working set (if supported by
+	// the guest operating system).
+	EnableColdDiscardHint bool `json:"EnableColdDiscardHint,omitempty"`
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/memory_information_for_vm.go

@@ -10,8 +10,7 @@
 package hcsschema
 
 type MemoryInformationForVm struct {
-
-	VirtualNodeCount int32 `json:"VirtualNodeCount,omitempty"`
+	VirtualNodeCount uint32 `json:"VirtualNodeCount,omitempty"`
 
 	VirtualMachineMemory *VmMemory `json:"VirtualMachineMemory,omitempty"`
 

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/memory_stats.go

@@ -11,10 +11,9 @@ package hcsschema
 
 //  Memory runtime statistics
 type MemoryStats struct {
+	MemoryUsageCommitBytes uint64 `json:"MemoryUsageCommitBytes,omitempty"`
 
-	MemoryUsageCommitBytes int32 `json:"MemoryUsageCommitBytes,omitempty"`
+	MemoryUsageCommitPeakBytes uint64 `json:"MemoryUsageCommitPeakBytes,omitempty"`
 
-	MemoryUsageCommitPeakBytes int32 `json:"MemoryUsageCommitPeakBytes,omitempty"`
-
-	MemoryUsagePrivateWorkingSetBytes int32 `json:"MemoryUsagePrivateWorkingSetBytes,omitempty"`
+	MemoryUsagePrivateWorkingSetBytes uint64 `json:"MemoryUsagePrivateWorkingSetBytes,omitempty"`
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/network_adapter.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type NetworkAdapter struct {
-
 	EndpointId string `json:"EndpointId,omitempty"`
 
 	MacAddress string `json:"MacAddress,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/networking.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type Networking struct {
-
 	AllowUnqualifiedDnsQuery bool `json:"AllowUnqualifiedDnsQuery,omitempty"`
 
 	DnsSearchList string `json:"DnsSearchList,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/pause_notification.go

@@ -11,6 +11,5 @@ package hcsschema
 
 //  Notification data that is indicated to components running in the Virtual Machine.
 type PauseNotification struct {
-
 	Reason string `json:"Reason,omitempty"`
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/pause_options.go

@@ -11,7 +11,6 @@ package hcsschema
 
 //  Options for HcsPauseComputeSystem
 type PauseOptions struct {
-
 	SuspensionLevel string `json:"SuspensionLevel,omitempty"`
 
 	HostedNotification *PauseNotification `json:"HostedNotification,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/plan9.go

@@ -10,6 +10,5 @@
 package hcsschema
 
 type Plan9 struct {
-
 	Shares []Plan9Share `json:"Shares,omitempty"`
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/process_details.go

@@ -15,7 +15,6 @@ import (
 
 //  Information about a process running in a container
 type ProcessDetails struct {
-
 	ProcessId int32 `json:"ProcessId,omitempty"`
 
 	ImageName string `json:"ImageName,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/process_modify_request.go

@@ -11,7 +11,6 @@ package hcsschema
 
 //  Passed to HcsRpc_ModifyProcess
 type ProcessModifyRequest struct {
-
 	Operation string `json:"Operation,omitempty"`
 
 	ConsoleSize *ConsoleSize `json:"ConsoleSize,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/process_parameters.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type ProcessParameters struct {
-
 	ApplicationName string `json:"ApplicationName,omitempty"`
 
 	CommandLine string `json:"CommandLine,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/process_status.go

@@ -11,7 +11,6 @@ package hcsschema
 
 //  Status of a process running in a container
 type ProcessStatus struct {
-
 	ProcessId int32 `json:"ProcessId,omitempty"`
 
 	Exited bool `json:"Exited,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/processor.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type Processor struct {
-
 	Count int32 `json:"Count,omitempty"`
 
 	Maximum int32 `json:"Maximum,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/processor_2.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type Processor2 struct {
-
 	Count int32 `json:"Count,omitempty"`
 
 	Limit int32 `json:"Limit,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/processor_stats.go

@@ -11,10 +11,9 @@ package hcsschema
 
 //  CPU runtime statistics
 type ProcessorStats struct {
+	TotalRuntime100ns uint64 `json:"TotalRuntime100ns,omitempty"`
 
-	TotalRuntime100ns int32 `json:"TotalRuntime100ns,omitempty"`
+	RuntimeUser100ns uint64 `json:"RuntimeUser100ns,omitempty"`
 
-	RuntimeUser100ns int32 `json:"RuntimeUser100ns,omitempty"`
-
-	RuntimeKernel100ns int32 `json:"RuntimeKernel100ns,omitempty"`
+	RuntimeKernel100ns uint64 `json:"RuntimeKernel100ns,omitempty"`
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/properties.go

@@ -9,8 +9,11 @@
 
 package hcsschema
 
-type Properties struct {
+import (
+	v1 "github.com/containerd/cgroups/stats/v1"
+)
 
+type Properties struct {
 	Id string `json:"Id,omitempty"`
 
 	SystemType string `json:"SystemType,omitempty"`
@@ -44,4 +47,8 @@ type Properties struct {
 	SharedMemoryRegionInfo []SharedMemoryRegionInfo `json:"SharedMemoryRegionInfo,omitempty"`
 
 	GuestConnectionInfo *GuestConnectionInfo `json:"GuestConnectionInfo,omitempty"`
+
+	// Metrics is not part of the API for HCS but this is used for LCOW v2 to
+	// return the full cgroup metrics from the guest.
+	Metrics *v1.Metrics `json:"LCOWMetrics,omitempty"`
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/property_query.go

@@ -9,8 +9,7 @@
 
 package hcsschema
 
-//   By default the basic properties will be returned. This query provides a way to  request specific properties. 
+//   By default the basic properties will be returned. This query provides a way to  request specific properties.
 type PropertyQuery struct {
-
-	PropertyTypes []string `json:"PropertyTypes,omitempty"`
+	PropertyTypes []PropertyType `json:"PropertyTypes,omitempty"`
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/property_type.go

@@ -0,0 +1,23 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type PropertyType string
+
+const (
+	PTMemory                      PropertyType = "Memory"
+	PTGuestMemory                 PropertyType = "GuestMemory"
+	PTStatistics                  PropertyType = "Statistics"
+	PTProcessList                 PropertyType = "ProcessList"
+	PTTerminateOnLastHandleClosed PropertyType = "TerminateOnLastHandleClosed"
+	PTSharedMemoryRegion          PropertyType = "SharedMemoryRegion"
+	PTGuestConnection             PropertyType = "GuestConnection"
+	PTICHeartbeatStatus           PropertyType = "ICHeartbeatStatus"
+)

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/rdp_connection_options.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type RdpConnectionOptions struct {
-
 	AccessSids []string `json:"AccessSids,omitempty"`
 
 	NamedPipe string `json:"NamedPipe,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/registry_changes.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type RegistryChanges struct {
-
 	AddValues []RegistryValue `json:"AddValues,omitempty"`
 
 	DeleteKeys []RegistryKey `json:"DeleteKeys,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/registry_key.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type RegistryKey struct {
-
 	Hive string `json:"Hive,omitempty"`
 
 	Name string `json:"Name,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/registry_value.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type RegistryValue struct {
-
 	Key *RegistryKey `json:"Key,omitempty"`
 
 	Name string `json:"Name,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/shared_memory_configuration.go

@@ -10,6 +10,5 @@
 package hcsschema
 
 type SharedMemoryConfiguration struct {
-
 	Regions []SharedMemoryRegion `json:"Regions,omitempty"`
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/shared_memory_region.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type SharedMemoryRegion struct {
-
 	SectionName string `json:"SectionName,omitempty"`
 
 	StartOffset int32 `json:"StartOffset,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/shared_memory_region_info.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type SharedMemoryRegionInfo struct {
-
 	SectionName string `json:"SectionName,omitempty"`
 
 	GuestPhysicalAddress int32 `json:"GuestPhysicalAddress,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/silo_properties.go

@@ -11,7 +11,6 @@ package hcsschema
 
 //  Silo job information
 type SiloProperties struct {
-
 	Enabled bool `json:"Enabled,omitempty"`
 
 	JobName string `json:"JobName,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/statistics.go

@@ -15,12 +15,11 @@ import (
 
 //  Runtime statistics for a container
 type Statistics struct {
-
 	Timestamp time.Time `json:"Timestamp,omitempty"`
 
 	ContainerStartTime time.Time `json:"ContainerStartTime,omitempty"`
 
-	Uptime100ns int32 `json:"Uptime100ns,omitempty"`
+	Uptime100ns uint64 `json:"Uptime100ns,omitempty"`
 
 	Processor *ProcessorStats `json:"Processor,omitempty"`
 

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/storage_qo_s.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type StorageQoS struct {
-
 	IopsMaximum int32 `json:"IopsMaximum,omitempty"`
 
 	BandwidthMaximum int32 `json:"BandwidthMaximum,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/storage_stats.go

@@ -11,12 +11,11 @@ package hcsschema
 
 //  Storage runtime statistics
 type StorageStats struct {
+	ReadCountNormalized uint64 `json:"ReadCountNormalized,omitempty"`
 
-	ReadCountNormalized int32 `json:"ReadCountNormalized,omitempty"`
+	ReadSizeBytes uint64 `json:"ReadSizeBytes,omitempty"`
 
-	ReadSizeBytes int32 `json:"ReadSizeBytes,omitempty"`
+	WriteCountNormalized uint64 `json:"WriteCountNormalized,omitempty"`
 
-	WriteCountNormalized int32 `json:"WriteCountNormalized,omitempty"`
-
-	WriteSizeBytes int32 `json:"WriteSizeBytes,omitempty"`
+	WriteSizeBytes uint64 `json:"WriteSizeBytes,omitempty"`
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/topology.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type Topology struct {
-
 	Memory *Memory2 `json:"Memory,omitempty"`
 
 	Processor *Processor2 `json:"Processor,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/uefi.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type Uefi struct {
-
 	EnableDebugger bool `json:"EnableDebugger,omitempty"`
 
 	SecureBootTemplateId string `json:"SecureBootTemplateId,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/uefi_boot_entry.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type UefiBootEntry struct {
-
 	DeviceType string `json:"DeviceType,omitempty"`
 
 	DevicePath string `json:"DevicePath,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/version.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type Version struct {
-
 	Major int32 `json:"Major,omitempty"`
 
 	Minor int32 `json:"Minor,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/video_monitor.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type VideoMonitor struct {
-
 	HorizontalResolution int32 `json:"HorizontalResolution,omitempty"`
 
 	VerticalResolution int32 `json:"VerticalResolution,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/virtual_node_info.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type VirtualNodeInfo struct {
-
 	VirtualNodeIndex int32 `json:"VirtualNodeIndex,omitempty"`
 
 	PhysicalNodeNumber int32 `json:"PhysicalNodeNumber,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/virtual_p_mem_device.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type VirtualPMemDevice struct {
-
 	HostPath string `json:"HostPath,omitempty"`
 
 	ReadOnly bool `json:"ReadOnly,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/virtual_smb.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type VirtualSmb struct {
-
 	Shares []VirtualSmbShare `json:"Shares,omitempty"`
 
 	DirectFileMappingInMB int64 `json:"DirectFileMappingInMB,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/virtual_smb_share.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type VirtualSmbShare struct {
-
 	Name string `json:"Name,omitempty"`
 
 	Path string `json:"Path,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/virtual_smb_share_options.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type VirtualSmbShareOptions struct {
-
 	ReadOnly bool `json:"ReadOnly,omitempty"`
 
 	//  convert exclusive access to shared read access

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/vm_memory.go

@@ -10,14 +10,13 @@
 package hcsschema
 
 type VmMemory struct {
-
 	AvailableMemory int32 `json:"AvailableMemory,omitempty"`
 
 	AvailableMemoryBuffer int32 `json:"AvailableMemoryBuffer,omitempty"`
 
-	ReservedMemory int32 `json:"ReservedMemory,omitempty"`
+	ReservedMemory uint64 `json:"ReservedMemory,omitempty"`
 
-	AssignedMemory int32 `json:"AssignedMemory,omitempty"`
+	AssignedMemory uint64 `json:"AssignedMemory,omitempty"`
 
 	SlpActive bool `json:"SlpActive,omitempty"`
 

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/schema2/windows_crash_reporting.go

@@ -10,7 +10,6 @@
 package hcsschema
 
 type WindowsCrashReporting struct {
-
 	DumpFileName string `json:"DumpFileName,omitempty"`
 
 	MaxDumpSize int64 `json:"MaxDumpSize,omitempty"`

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go

@@ -0,0 +1,565 @@
+package vmcompute
+
+import (
+	gcontext "context"
+	"syscall"
+	"time"
+
+	"github.com/Microsoft/hcsshim/internal/interop"
+	"github.com/Microsoft/hcsshim/internal/log"
+	"github.com/Microsoft/hcsshim/internal/logfields"
+	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/Microsoft/hcsshim/internal/timeout"
+	"go.opencensus.io/trace"
+)
+
+//go:generate go run ../../mksyscall_windows.go -output zsyscall_windows.go vmcompute.go
+
+//sys hcsEnumerateComputeSystems(query string, computeSystems **uint16, result **uint16) (hr error) = vmcompute.HcsEnumerateComputeSystems?
+//sys hcsCreateComputeSystem(id string, configuration string, identity syscall.Handle, computeSystem *HcsSystem, result **uint16) (hr error) = vmcompute.HcsCreateComputeSystem?
+//sys hcsOpenComputeSystem(id string, computeSystem *HcsSystem, result **uint16) (hr error) = vmcompute.HcsOpenComputeSystem?
+//sys hcsCloseComputeSystem(computeSystem HcsSystem) (hr error) = vmcompute.HcsCloseComputeSystem?
+//sys hcsStartComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsStartComputeSystem?
+//sys hcsShutdownComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsShutdownComputeSystem?
+//sys hcsTerminateComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsTerminateComputeSystem?
+//sys hcsPauseComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsPauseComputeSystem?
+//sys hcsResumeComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsResumeComputeSystem?
+//sys hcsGetComputeSystemProperties(computeSystem HcsSystem, propertyQuery string, properties **uint16, result **uint16) (hr error) = vmcompute.HcsGetComputeSystemProperties?
+//sys hcsModifyComputeSystem(computeSystem HcsSystem, configuration string, result **uint16) (hr error) = vmcompute.HcsModifyComputeSystem?
+//sys hcsRegisterComputeSystemCallback(computeSystem HcsSystem, callback uintptr, context uintptr, callbackHandle *HcsCallback) (hr error) = vmcompute.HcsRegisterComputeSystemCallback?
+//sys hcsUnregisterComputeSystemCallback(callbackHandle HcsCallback) (hr error) = vmcompute.HcsUnregisterComputeSystemCallback?
+
+//sys hcsCreateProcess(computeSystem HcsSystem, processParameters string, processInformation *HcsProcessInformation, process *HcsProcess, result **uint16) (hr error) = vmcompute.HcsCreateProcess?
+//sys hcsOpenProcess(computeSystem HcsSystem, pid uint32, process *HcsProcess, result **uint16) (hr error) = vmcompute.HcsOpenProcess?
+//sys hcsCloseProcess(process HcsProcess) (hr error) = vmcompute.HcsCloseProcess?
+//sys hcsTerminateProcess(process HcsProcess, result **uint16) (hr error) = vmcompute.HcsTerminateProcess?
+//sys hcsSignalProcess(process HcsProcess, options string, result **uint16) (hr error) = vmcompute.HcsSignalProcess?
+//sys hcsGetProcessInfo(process HcsProcess, processInformation *HcsProcessInformation, result **uint16) (hr error) = vmcompute.HcsGetProcessInfo?
+//sys hcsGetProcessProperties(process HcsProcess, processProperties **uint16, result **uint16) (hr error) = vmcompute.HcsGetProcessProperties?
+//sys hcsModifyProcess(process HcsProcess, settings string, result **uint16) (hr error) = vmcompute.HcsModifyProcess?
+//sys hcsGetServiceProperties(propertyQuery string, properties **uint16, result **uint16) (hr error) = vmcompute.HcsGetServiceProperties?
+//sys hcsRegisterProcessCallback(process HcsProcess, callback uintptr, context uintptr, callbackHandle *HcsCallback) (hr error) = vmcompute.HcsRegisterProcessCallback?
+//sys hcsUnregisterProcessCallback(callbackHandle HcsCallback) (hr error) = vmcompute.HcsUnregisterProcessCallback?
+
+// errVmcomputeOperationPending is an error encountered when the operation is being completed asynchronously
+const errVmcomputeOperationPending = syscall.Errno(0xC0370103)
+
+// HcsSystem is the handle associated with a created compute system.
+type HcsSystem syscall.Handle
+
+// HcsProcess is the handle associated with a created process in a compute
+// system.
+type HcsProcess syscall.Handle
+
+// HcsCallback is the handle associated with the function to call when events
+// occur.
+type HcsCallback syscall.Handle
+
+// HcsProcessInformation is the structure used when creating or getting process
+// info.
+type HcsProcessInformation struct {
+	// ProcessId is the pid of the created process.
+	ProcessId uint32
+	reserved  uint32
+	// StdInput is the handle associated with the stdin of the process.
+	StdInput syscall.Handle
+	// StdOutput is the handle associated with the stdout of the process.
+	StdOutput syscall.Handle
+	// StdError is the handle associated with the stderr of the process.
+	StdError syscall.Handle
+}
+
+func execute(ctx gcontext.Context, timeout time.Duration, f func() error) error {
+	if timeout > 0 {
+		var cancel gcontext.CancelFunc
+		ctx, cancel = gcontext.WithTimeout(ctx, timeout)
+		defer cancel()
+	}
+
+	done := make(chan error, 1)
+	go func() {
+		done <- f()
+	}()
+	select {
+	case <-ctx.Done():
+		if ctx.Err() == gcontext.DeadlineExceeded {
+			log.G(ctx).WithField(logfields.Timeout, timeout).
+				Warning("Syscall did not complete within operation timeout. This may indicate a platform issue. If it appears to be making no forward progress, obtain the stacks and see if there is a syscall stuck in the platform API for a significant length of time.")
+		}
+		return ctx.Err()
+	case err := <-done:
+		return err
+	}
+}
+
+func HcsEnumerateComputeSystems(ctx gcontext.Context, query string) (computeSystems, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsEnumerateComputeSystems")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.StringAttribute("query", query))
+
+	return computeSystems, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var (
+			computeSystemsp *uint16
+			resultp         *uint16
+		)
+		err := hcsEnumerateComputeSystems(query, &computeSystemsp, &resultp)
+		if computeSystemsp != nil {
+			computeSystems = interop.ConvertAndFreeCoTaskMemString(computeSystemsp)
+		}
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsCreateComputeSystem(ctx gcontext.Context, id string, configuration string, identity syscall.Handle) (computeSystem HcsSystem, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsCreateComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		if hr != errVmcomputeOperationPending {
+			oc.SetSpanStatus(span, hr)
+		}
+	}()
+	span.AddAttributes(
+		trace.StringAttribute("id", id),
+		trace.StringAttribute("configuration", configuration))
+
+	return computeSystem, result, execute(ctx, timeout.SystemCreate, func() error {
+		var resultp *uint16
+		err := hcsCreateComputeSystem(id, configuration, identity, &computeSystem, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsOpenComputeSystem(ctx gcontext.Context, id string) (computeSystem HcsSystem, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsOpenComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+
+	return computeSystem, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsOpenComputeSystem(id, &computeSystem, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsCloseComputeSystem(ctx gcontext.Context, computeSystem HcsSystem) (hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsCloseComputeSystem")
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, hr) }()
+
+	return execute(ctx, timeout.SyscallWatcher, func() error {
+		return hcsCloseComputeSystem(computeSystem)
+	})
+}
+
+func HcsStartComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsStartComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		if hr != errVmcomputeOperationPending {
+			oc.SetSpanStatus(span, hr)
+		}
+	}()
+	span.AddAttributes(trace.StringAttribute("options", options))
+
+	return result, execute(ctx, timeout.SystemStart, func() error {
+		var resultp *uint16
+		err := hcsStartComputeSystem(computeSystem, options, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsShutdownComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsShutdownComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		if hr != errVmcomputeOperationPending {
+			oc.SetSpanStatus(span, hr)
+		}
+	}()
+	span.AddAttributes(trace.StringAttribute("options", options))
+
+	return result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsShutdownComputeSystem(computeSystem, options, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsTerminateComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsTerminateComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		if hr != errVmcomputeOperationPending {
+			oc.SetSpanStatus(span, hr)
+		}
+	}()
+	span.AddAttributes(trace.StringAttribute("options", options))
+
+	return result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsTerminateComputeSystem(computeSystem, options, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsPauseComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsPauseComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		if hr != errVmcomputeOperationPending {
+			oc.SetSpanStatus(span, hr)
+		}
+	}()
+	span.AddAttributes(trace.StringAttribute("options", options))
+
+	return result, execute(ctx, timeout.SystemPause, func() error {
+		var resultp *uint16
+		err := hcsPauseComputeSystem(computeSystem, options, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsResumeComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsResumeComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		if hr != errVmcomputeOperationPending {
+			oc.SetSpanStatus(span, hr)
+		}
+	}()
+	span.AddAttributes(trace.StringAttribute("options", options))
+
+	return result, execute(ctx, timeout.SystemResume, func() error {
+		var resultp *uint16
+		err := hcsResumeComputeSystem(computeSystem, options, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsGetComputeSystemProperties(ctx gcontext.Context, computeSystem HcsSystem, propertyQuery string) (properties, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsGetComputeSystemProperties")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.StringAttribute("propertyQuery", propertyQuery))
+
+	return properties, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var (
+			propertiesp *uint16
+			resultp     *uint16
+		)
+		err := hcsGetComputeSystemProperties(computeSystem, propertyQuery, &propertiesp, &resultp)
+		if propertiesp != nil {
+			properties = interop.ConvertAndFreeCoTaskMemString(propertiesp)
+		}
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsModifyComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, configuration string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsModifyComputeSystem")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.StringAttribute("configuration", configuration))
+
+	return result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsModifyComputeSystem(computeSystem, configuration, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsRegisterComputeSystemCallback(ctx gcontext.Context, computeSystem HcsSystem, callback uintptr, context uintptr) (callbackHandle HcsCallback, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsRegisterComputeSystemCallback")
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, hr) }()
+
+	return callbackHandle, execute(ctx, timeout.SyscallWatcher, func() error {
+		return hcsRegisterComputeSystemCallback(computeSystem, callback, context, &callbackHandle)
+	})
+}
+
+func HcsUnregisterComputeSystemCallback(ctx gcontext.Context, callbackHandle HcsCallback) (hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsUnregisterComputeSystemCallback")
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, hr) }()
+
+	return execute(ctx, timeout.SyscallWatcher, func() error {
+		return hcsUnregisterComputeSystemCallback(callbackHandle)
+	})
+}
+
+func HcsCreateProcess(ctx gcontext.Context, computeSystem HcsSystem, processParameters string) (processInformation HcsProcessInformation, process HcsProcess, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsCreateProcess")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.StringAttribute("processParameters", processParameters))
+
+	return processInformation, process, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsCreateProcess(computeSystem, processParameters, &processInformation, &process, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsOpenProcess(ctx gcontext.Context, computeSystem HcsSystem, pid uint32) (process HcsProcess, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsOpenProcess")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.Int64Attribute("pid", int64(pid)))
+
+	return process, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsOpenProcess(computeSystem, pid, &process, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsCloseProcess(ctx gcontext.Context, process HcsProcess) (hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsCloseProcess")
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, hr) }()
+
+	return execute(ctx, timeout.SyscallWatcher, func() error {
+		return hcsCloseProcess(process)
+	})
+}
+
+func HcsTerminateProcess(ctx gcontext.Context, process HcsProcess) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsTerminateProcess")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+
+	return result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsTerminateProcess(process, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsSignalProcess(ctx gcontext.Context, process HcsProcess, options string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsSignalProcess")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.StringAttribute("options", options))
+
+	return result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsSignalProcess(process, options, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsGetProcessInfo(ctx gcontext.Context, process HcsProcess) (processInformation HcsProcessInformation, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsGetProcessInfo")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+
+	return processInformation, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsGetProcessInfo(process, &processInformation, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsGetProcessProperties(ctx gcontext.Context, process HcsProcess) (processProperties, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsGetProcessProperties")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+
+	return processProperties, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var (
+			processPropertiesp *uint16
+			resultp            *uint16
+		)
+		err := hcsGetProcessProperties(process, &processPropertiesp, &resultp)
+		if processPropertiesp != nil {
+			processProperties = interop.ConvertAndFreeCoTaskMemString(processPropertiesp)
+		}
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsModifyProcess(ctx gcontext.Context, process HcsProcess, settings string) (result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsModifyProcess")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.StringAttribute("settings", settings))
+
+	return result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var resultp *uint16
+		err := hcsModifyProcess(process, settings, &resultp)
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsGetServiceProperties(ctx gcontext.Context, propertyQuery string) (properties, result string, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsGetServiceProperties")
+	defer span.End()
+	defer func() {
+		if result != "" {
+			span.AddAttributes(trace.StringAttribute("result", result))
+		}
+		oc.SetSpanStatus(span, hr)
+	}()
+	span.AddAttributes(trace.StringAttribute("propertyQuery", propertyQuery))
+
+	return properties, result, execute(ctx, timeout.SyscallWatcher, func() error {
+		var (
+			propertiesp *uint16
+			resultp     *uint16
+		)
+		err := hcsGetServiceProperties(propertyQuery, &propertiesp, &resultp)
+		if propertiesp != nil {
+			properties = interop.ConvertAndFreeCoTaskMemString(propertiesp)
+		}
+		if resultp != nil {
+			result = interop.ConvertAndFreeCoTaskMemString(resultp)
+		}
+		return err
+	})
+}
+
+func HcsRegisterProcessCallback(ctx gcontext.Context, process HcsProcess, callback uintptr, context uintptr) (callbackHandle HcsCallback, hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsRegisterProcessCallback")
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, hr) }()
+
+	return callbackHandle, execute(ctx, timeout.SyscallWatcher, func() error {
+		return hcsRegisterProcessCallback(process, callback, context, &callbackHandle)
+	})
+}
+
+func HcsUnregisterProcessCallback(ctx gcontext.Context, callbackHandle HcsCallback) (hr error) {
+	ctx, span := trace.StartSpan(ctx, "HcsUnregisterProcessCallback")
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, hr) }()
+
+	return execute(ctx, timeout.SyscallWatcher, func() error {
+		return hcsUnregisterProcessCallback(callbackHandle)
+	})
+}

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/hcs/zsyscall_windows.go → libnetwork/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/zsyscall_windows.go

@@ -1,6 +1,6 @@
 // Code generated mksyscall_windows.exe DO NOT EDIT
 
-package hcs
+package vmcompute
 
 import (
 	"syscall"
@@ -56,13 +56,13 @@ var (
 	procHcsOpenProcess                     = modvmcompute.NewProc("HcsOpenProcess")
 	procHcsCloseProcess                    = modvmcompute.NewProc("HcsCloseProcess")
 	procHcsTerminateProcess                = modvmcompute.NewProc("HcsTerminateProcess")
-
-	procHcsGetProcessInfo            = modvmcompute.NewProc("HcsGetProcessInfo")
-	procHcsGetProcessProperties      = modvmcompute.NewProc("HcsGetProcessProperties")
-	procHcsModifyProcess             = modvmcompute.NewProc("HcsModifyProcess")
-	procHcsGetServiceProperties      = modvmcompute.NewProc("HcsGetServiceProperties")
-	procHcsRegisterProcessCallback   = modvmcompute.NewProc("HcsRegisterProcessCallback")
-	procHcsUnregisterProcessCallback = modvmcompute.NewProc("HcsUnregisterProcessCallback")
+	procHcsSignalProcess                   = modvmcompute.NewProc("HcsSignalProcess")
+	procHcsGetProcessInfo                  = modvmcompute.NewProc("HcsGetProcessInfo")
+	procHcsGetProcessProperties            = modvmcompute.NewProc("HcsGetProcessProperties")
+	procHcsModifyProcess                   = modvmcompute.NewProc("HcsModifyProcess")
+	procHcsGetServiceProperties            = modvmcompute.NewProc("HcsGetServiceProperties")
+	procHcsRegisterProcessCallback         = modvmcompute.NewProc("HcsRegisterProcessCallback")
+	procHcsUnregisterProcessCallback       = modvmcompute.NewProc("HcsUnregisterProcessCallback")
 )
 
 func hcsEnumerateComputeSystems(query string, computeSystems **uint16, result **uint16) (hr error) {
@@ -88,7 +88,7 @@ func _hcsEnumerateComputeSystems(query *uint16, computeSystems **uint16, result
 	return
 }
 
-func hcsCreateComputeSystem(id string, configuration string, identity syscall.Handle, computeSystem *hcsSystem, result **uint16) (hr error) {
+func hcsCreateComputeSystem(id string, configuration string, identity syscall.Handle, computeSystem *HcsSystem, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(id)
 	if hr != nil {
@@ -102,7 +102,7 @@ func hcsCreateComputeSystem(id string, configuration string, identity syscall.Ha
 	return _hcsCreateComputeSystem(_p0, _p1, identity, computeSystem, result)
 }
 
-func _hcsCreateComputeSystem(id *uint16, configuration *uint16, identity syscall.Handle, computeSystem *hcsSystem, result **uint16) (hr error) {
+func _hcsCreateComputeSystem(id *uint16, configuration *uint16, identity syscall.Handle, computeSystem *HcsSystem, result **uint16) (hr error) {
 	if hr = procHcsCreateComputeSystem.Find(); hr != nil {
 		return
 	}
@@ -116,7 +116,7 @@ func _hcsCreateComputeSystem(id *uint16, configuration *uint16, identity syscall
 	return
 }
 
-func hcsOpenComputeSystem(id string, computeSystem *hcsSystem, result **uint16) (hr error) {
+func hcsOpenComputeSystem(id string, computeSystem *HcsSystem, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(id)
 	if hr != nil {
@@ -125,7 +125,7 @@ func hcsOpenComputeSystem(id string, computeSystem *hcsSystem, result **uint16)
 	return _hcsOpenComputeSystem(_p0, computeSystem, result)
 }
 
-func _hcsOpenComputeSystem(id *uint16, computeSystem *hcsSystem, result **uint16) (hr error) {
+func _hcsOpenComputeSystem(id *uint16, computeSystem *HcsSystem, result **uint16) (hr error) {
 	if hr = procHcsOpenComputeSystem.Find(); hr != nil {
 		return
 	}
@@ -139,7 +139,7 @@ func _hcsOpenComputeSystem(id *uint16, computeSystem *hcsSystem, result **uint16
 	return
 }
 
-func hcsCloseComputeSystem(computeSystem hcsSystem) (hr error) {
+func hcsCloseComputeSystem(computeSystem HcsSystem) (hr error) {
 	if hr = procHcsCloseComputeSystem.Find(); hr != nil {
 		return
 	}
@@ -153,7 +153,7 @@ func hcsCloseComputeSystem(computeSystem hcsSystem) (hr error) {
 	return
 }
 
-func hcsStartComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) {
+func hcsStartComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(options)
 	if hr != nil {
@@ -162,7 +162,7 @@ func hcsStartComputeSystem(computeSystem hcsSystem, options string, result **uin
 	return _hcsStartComputeSystem(computeSystem, _p0, result)
 }
 
-func _hcsStartComputeSystem(computeSystem hcsSystem, options *uint16, result **uint16) (hr error) {
+func _hcsStartComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
 	if hr = procHcsStartComputeSystem.Find(); hr != nil {
 		return
 	}
@@ -176,7 +176,7 @@ func _hcsStartComputeSystem(computeSystem hcsSystem, options *uint16, result **u
 	return
 }
 
-func hcsShutdownComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) {
+func hcsShutdownComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(options)
 	if hr != nil {
@@ -185,7 +185,7 @@ func hcsShutdownComputeSystem(computeSystem hcsSystem, options string, result **
 	return _hcsShutdownComputeSystem(computeSystem, _p0, result)
 }
 
-func _hcsShutdownComputeSystem(computeSystem hcsSystem, options *uint16, result **uint16) (hr error) {
+func _hcsShutdownComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
 	if hr = procHcsShutdownComputeSystem.Find(); hr != nil {
 		return
 	}
@@ -199,7 +199,7 @@ func _hcsShutdownComputeSystem(computeSystem hcsSystem, options *uint16, result
 	return
 }
 
-func hcsTerminateComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) {
+func hcsTerminateComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(options)
 	if hr != nil {
@@ -208,7 +208,7 @@ func hcsTerminateComputeSystem(computeSystem hcsSystem, options string, result *
 	return _hcsTerminateComputeSystem(computeSystem, _p0, result)
 }
 
-func _hcsTerminateComputeSystem(computeSystem hcsSystem, options *uint16, result **uint16) (hr error) {
+func _hcsTerminateComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
 	if hr = procHcsTerminateComputeSystem.Find(); hr != nil {
 		return
 	}
@@ -222,7 +222,7 @@ func _hcsTerminateComputeSystem(computeSystem hcsSystem, options *uint16, result
 	return
 }
 
-func hcsPauseComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) {
+func hcsPauseComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(options)
 	if hr != nil {
@@ -231,7 +231,7 @@ func hcsPauseComputeSystem(computeSystem hcsSystem, options string, result **uin
 	return _hcsPauseComputeSystem(computeSystem, _p0, result)
 }
 
-func _hcsPauseComputeSystem(computeSystem hcsSystem, options *uint16, result **uint16) (hr error) {
+func _hcsPauseComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
 	if hr = procHcsPauseComputeSystem.Find(); hr != nil {
 		return
 	}
@@ -245,7 +245,7 @@ func _hcsPauseComputeSystem(computeSystem hcsSystem, options *uint16, result **u
 	return
 }
 
-func hcsResumeComputeSystem(computeSystem hcsSystem, options string, result **uint16) (hr error) {
+func hcsResumeComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(options)
 	if hr != nil {
@@ -254,7 +254,7 @@ func hcsResumeComputeSystem(computeSystem hcsSystem, options string, result **ui
 	return _hcsResumeComputeSystem(computeSystem, _p0, result)
 }
 
-func _hcsResumeComputeSystem(computeSystem hcsSystem, options *uint16, result **uint16) (hr error) {
+func _hcsResumeComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
 	if hr = procHcsResumeComputeSystem.Find(); hr != nil {
 		return
 	}
@@ -268,7 +268,7 @@ func _hcsResumeComputeSystem(computeSystem hcsSystem, options *uint16, result **
 	return
 }
 
-func hcsGetComputeSystemProperties(computeSystem hcsSystem, propertyQuery string, properties **uint16, result **uint16) (hr error) {
+func hcsGetComputeSystemProperties(computeSystem HcsSystem, propertyQuery string, properties **uint16, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(propertyQuery)
 	if hr != nil {
@@ -277,7 +277,7 @@ func hcsGetComputeSystemProperties(computeSystem hcsSystem, propertyQuery string
 	return _hcsGetComputeSystemProperties(computeSystem, _p0, properties, result)
 }
 
-func _hcsGetComputeSystemProperties(computeSystem hcsSystem, propertyQuery *uint16, properties **uint16, result **uint16) (hr error) {
+func _hcsGetComputeSystemProperties(computeSystem HcsSystem, propertyQuery *uint16, properties **uint16, result **uint16) (hr error) {
 	if hr = procHcsGetComputeSystemProperties.Find(); hr != nil {
 		return
 	}
@@ -291,7 +291,7 @@ func _hcsGetComputeSystemProperties(computeSystem hcsSystem, propertyQuery *uint
 	return
 }
 
-func hcsModifyComputeSystem(computeSystem hcsSystem, configuration string, result **uint16) (hr error) {
+func hcsModifyComputeSystem(computeSystem HcsSystem, configuration string, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(configuration)
 	if hr != nil {
@@ -300,7 +300,7 @@ func hcsModifyComputeSystem(computeSystem hcsSystem, configuration string, resul
 	return _hcsModifyComputeSystem(computeSystem, _p0, result)
 }
 
-func _hcsModifyComputeSystem(computeSystem hcsSystem, configuration *uint16, result **uint16) (hr error) {
+func _hcsModifyComputeSystem(computeSystem HcsSystem, configuration *uint16, result **uint16) (hr error) {
 	if hr = procHcsModifyComputeSystem.Find(); hr != nil {
 		return
 	}
@@ -314,7 +314,7 @@ func _hcsModifyComputeSystem(computeSystem hcsSystem, configuration *uint16, res
 	return
 }
 
-func hcsRegisterComputeSystemCallback(computeSystem hcsSystem, callback uintptr, context uintptr, callbackHandle *hcsCallback) (hr error) {
+func hcsRegisterComputeSystemCallback(computeSystem HcsSystem, callback uintptr, context uintptr, callbackHandle *HcsCallback) (hr error) {
 	if hr = procHcsRegisterComputeSystemCallback.Find(); hr != nil {
 		return
 	}
@@ -328,7 +328,7 @@ func hcsRegisterComputeSystemCallback(computeSystem hcsSystem, callback uintptr,
 	return
 }
 
-func hcsUnregisterComputeSystemCallback(callbackHandle hcsCallback) (hr error) {
+func hcsUnregisterComputeSystemCallback(callbackHandle HcsCallback) (hr error) {
 	if hr = procHcsUnregisterComputeSystemCallback.Find(); hr != nil {
 		return
 	}
@@ -342,7 +342,7 @@ func hcsUnregisterComputeSystemCallback(callbackHandle hcsCallback) (hr error) {
 	return
 }
 
-func hcsCreateProcess(computeSystem hcsSystem, processParameters string, processInformation *hcsProcessInformation, process *hcsProcess, result **uint16) (hr error) {
+func hcsCreateProcess(computeSystem HcsSystem, processParameters string, processInformation *HcsProcessInformation, process *HcsProcess, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(processParameters)
 	if hr != nil {
@@ -351,7 +351,7 @@ func hcsCreateProcess(computeSystem hcsSystem, processParameters string, process
 	return _hcsCreateProcess(computeSystem, _p0, processInformation, process, result)
 }
 
-func _hcsCreateProcess(computeSystem hcsSystem, processParameters *uint16, processInformation *hcsProcessInformation, process *hcsProcess, result **uint16) (hr error) {
+func _hcsCreateProcess(computeSystem HcsSystem, processParameters *uint16, processInformation *HcsProcessInformation, process *HcsProcess, result **uint16) (hr error) {
 	if hr = procHcsCreateProcess.Find(); hr != nil {
 		return
 	}
@@ -365,7 +365,7 @@ func _hcsCreateProcess(computeSystem hcsSystem, processParameters *uint16, proce
 	return
 }
 
-func hcsOpenProcess(computeSystem hcsSystem, pid uint32, process *hcsProcess, result **uint16) (hr error) {
+func hcsOpenProcess(computeSystem HcsSystem, pid uint32, process *HcsProcess, result **uint16) (hr error) {
 	if hr = procHcsOpenProcess.Find(); hr != nil {
 		return
 	}
@@ -379,7 +379,7 @@ func hcsOpenProcess(computeSystem hcsSystem, pid uint32, process *hcsProcess, re
 	return
 }
 
-func hcsCloseProcess(process hcsProcess) (hr error) {
+func hcsCloseProcess(process HcsProcess) (hr error) {
 	if hr = procHcsCloseProcess.Find(); hr != nil {
 		return
 	}
@@ -393,7 +393,7 @@ func hcsCloseProcess(process hcsProcess) (hr error) {
 	return
 }
 
-func hcsTerminateProcess(process hcsProcess, result **uint16) (hr error) {
+func hcsTerminateProcess(process HcsProcess, result **uint16) (hr error) {
 	if hr = procHcsTerminateProcess.Find(); hr != nil {
 		return
 	}
@@ -407,7 +407,7 @@ func hcsTerminateProcess(process hcsProcess, result **uint16) (hr error) {
 	return
 }
 
-func hcsSignalProcess(process hcsProcess, options string, result **uint16) (hr error) {
+func hcsSignalProcess(process HcsProcess, options string, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(options)
 	if hr != nil {
@@ -416,11 +416,11 @@ func hcsSignalProcess(process hcsProcess, options string, result **uint16) (hr e
 	return _hcsSignalProcess(process, _p0, result)
 }
 
-func _hcsSignalProcess(process hcsProcess, options *uint16, result **uint16) (hr error) {
-	if hr = procHcsTerminateProcess.Find(); hr != nil {
+func _hcsSignalProcess(process HcsProcess, options *uint16, result **uint16) (hr error) {
+	if hr = procHcsSignalProcess.Find(); hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcsTerminateProcess.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
+	r0, _, _ := syscall.Syscall(procHcsSignalProcess.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -430,7 +430,7 @@ func _hcsSignalProcess(process hcsProcess, options *uint16, result **uint16) (hr
 	return
 }
 
-func hcsGetProcessInfo(process hcsProcess, processInformation *hcsProcessInformation, result **uint16) (hr error) {
+func hcsGetProcessInfo(process HcsProcess, processInformation *HcsProcessInformation, result **uint16) (hr error) {
 	if hr = procHcsGetProcessInfo.Find(); hr != nil {
 		return
 	}
@@ -444,7 +444,7 @@ func hcsGetProcessInfo(process hcsProcess, processInformation *hcsProcessInforma
 	return
 }
 
-func hcsGetProcessProperties(process hcsProcess, processProperties **uint16, result **uint16) (hr error) {
+func hcsGetProcessProperties(process HcsProcess, processProperties **uint16, result **uint16) (hr error) {
 	if hr = procHcsGetProcessProperties.Find(); hr != nil {
 		return
 	}
@@ -458,7 +458,7 @@ func hcsGetProcessProperties(process hcsProcess, processProperties **uint16, res
 	return
 }
 
-func hcsModifyProcess(process hcsProcess, settings string, result **uint16) (hr error) {
+func hcsModifyProcess(process HcsProcess, settings string, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(settings)
 	if hr != nil {
@@ -467,7 +467,7 @@ func hcsModifyProcess(process hcsProcess, settings string, result **uint16) (hr
 	return _hcsModifyProcess(process, _p0, result)
 }
 
-func _hcsModifyProcess(process hcsProcess, settings *uint16, result **uint16) (hr error) {
+func _hcsModifyProcess(process HcsProcess, settings *uint16, result **uint16) (hr error) {
 	if hr = procHcsModifyProcess.Find(); hr != nil {
 		return
 	}
@@ -504,7 +504,7 @@ func _hcsGetServiceProperties(propertyQuery *uint16, properties **uint16, result
 	return
 }
 
-func hcsRegisterProcessCallback(process hcsProcess, callback uintptr, context uintptr, callbackHandle *hcsCallback) (hr error) {
+func hcsRegisterProcessCallback(process HcsProcess, callback uintptr, context uintptr, callbackHandle *HcsCallback) (hr error) {
 	if hr = procHcsRegisterProcessCallback.Find(); hr != nil {
 		return
 	}
@@ -518,7 +518,7 @@ func hcsRegisterProcessCallback(process hcsProcess, callback uintptr, context ui
 	return
 }
 
-func hcsUnregisterProcessCallback(callbackHandle hcsCallback) (hr error) {
+func hcsUnregisterProcessCallback(callbackHandle HcsCallback) (hr error) {
 	if hr = procHcsUnregisterProcessCallback.Find(); hr != nil {
 		return
 	}

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/wclayer/expandscratchsize.go

@@ -1,7 +1,13 @@
 package wclayer
 
 import (
+	"os"
+	"path/filepath"
+	"syscall"
+	"unsafe"
+
 	"github.com/Microsoft/hcsshim/internal/hcserror"
+	"github.com/Microsoft/hcsshim/osversion"
 	"github.com/sirupsen/logrus"
 )
 
@@ -26,5 +32,114 @@ func ExpandScratchSize(path string, size uint64) (err error) {
 	if err != nil {
 		return hcserror.New(err, title+" - failed", "")
 	}
+
+	// Manually expand the volume now in order to work around bugs in 19H1 and
+	// prerelease versions of Vb. Remove once this is fixed in Windows.
+	if build := osversion.Get().Build; build >= osversion.V19H1 && build < 19020 {
+		err = expandSandboxVolume(path)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+type virtualStorageType struct {
+	DeviceID uint32
+	VendorID [16]byte
+}
+
+type openVersion2 struct {
+	GetInfoOnly    int32    // bool but 4-byte aligned
+	ReadOnly       int32    // bool but 4-byte aligned
+	ResiliencyGUID [16]byte // GUID
+}
+
+type openVirtualDiskParameters struct {
+	Version  uint32 // Must always be set to 2
+	Version2 openVersion2
+}
+
+func attachVhd(path string) (syscall.Handle, error) {
+	var (
+		defaultType virtualStorageType
+		handle      syscall.Handle
+	)
+	parameters := openVirtualDiskParameters{Version: 2}
+	err := openVirtualDisk(
+		&defaultType,
+		path,
+		0,
+		0,
+		&parameters,
+		&handle)
+	if err != nil {
+		return 0, &os.PathError{Op: "OpenVirtualDisk", Path: path, Err: err}
+	}
+	err = attachVirtualDisk(handle, 0, 0, 0, 0, 0)
+	if err != nil {
+		syscall.Close(handle)
+		return 0, &os.PathError{Op: "AttachVirtualDisk", Path: path, Err: err}
+	}
+	return handle, nil
+}
+
+func expandSandboxVolume(path string) error {
+	// Mount the sandbox VHD temporarily.
+	vhdPath := filepath.Join(path, "sandbox.vhdx")
+	vhd, err := attachVhd(vhdPath)
+	if err != nil {
+		return &os.PathError{Op: "OpenVirtualDisk", Path: vhdPath, Err: err}
+	}
+	defer syscall.Close(vhd)
+
+	// Open the volume.
+	volumePath, err := GetLayerMountPath(path)
+	if err != nil {
+		return err
+	}
+	if volumePath[len(volumePath)-1] == '\\' {
+		volumePath = volumePath[:len(volumePath)-1]
+	}
+	volume, err := os.OpenFile(volumePath, os.O_RDWR, 0)
+	if err != nil {
+		return err
+	}
+	defer volume.Close()
+
+	// Get the volume's underlying partition size in NTFS clusters.
+	var (
+		partitionSize int64
+		bytes         uint32
+	)
+	const _IOCTL_DISK_GET_LENGTH_INFO = 0x0007405C
+	err = syscall.DeviceIoControl(syscall.Handle(volume.Fd()), _IOCTL_DISK_GET_LENGTH_INFO, nil, 0, (*byte)(unsafe.Pointer(&partitionSize)), 8, &bytes, nil)
+	if err != nil {
+		return &os.PathError{Op: "IOCTL_DISK_GET_LENGTH_INFO", Path: volume.Name(), Err: err}
+	}
+	const (
+		clusterSize = 4096
+		sectorSize  = 512
+	)
+	targetClusters := partitionSize / clusterSize
+
+	// Get the volume's current size in NTFS clusters.
+	var volumeSize int64
+	err = getDiskFreeSpaceEx(volume.Name()+"\\", nil, &volumeSize, nil)
+	if err != nil {
+		return &os.PathError{Op: "GetDiskFreeSpaceEx", Path: volume.Name(), Err: err}
+	}
+	volumeClusters := volumeSize / clusterSize
+
+	// Only resize the volume if there is space to grow, otherwise this will
+	// fail with invalid parameter. NTFS reserves one cluster.
+	if volumeClusters+1 < targetClusters {
+		targetSectors := targetClusters * (clusterSize / sectorSize)
+		const _FSCTL_EXTEND_VOLUME = 0x000900F0
+		err = syscall.DeviceIoControl(syscall.Handle(volume.Fd()), _FSCTL_EXTEND_VOLUME, (*byte)(unsafe.Pointer(&targetSectors)), 8, nil, 0, &bytes, nil)
+		if err != nil {
+			return &os.PathError{Op: "FSCTL_EXTEND_VOLUME", Path: volume.Name(), Err: err}
+		}
+	}
 	return nil
 }

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerid.go

@@ -3,7 +3,7 @@ package wclayer
 import (
 	"path/filepath"
 
-	"github.com/Microsoft/hcsshim/internal/guid"
+	"github.com/Microsoft/go-winio/pkg/guid"
 )
 
 // LayerID returns the layer ID of a layer on disk.

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerutils.go

@@ -6,7 +6,7 @@ package wclayer
 import (
 	"syscall"
 
-	"github.com/Microsoft/hcsshim/internal/guid"
+	"github.com/Microsoft/go-winio/pkg/guid"
 	"github.com/sirupsen/logrus"
 )
 

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/wclayer/nametoguid.go

@@ -1,7 +1,7 @@
 package wclayer
 
 import (
-	"github.com/Microsoft/hcsshim/internal/guid"
+	"github.com/Microsoft/go-winio/pkg/guid"
 	"github.com/Microsoft/hcsshim/internal/hcserror"
 	"github.com/sirupsen/logrus"
 )

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go

@@ -1,6 +1,6 @@
 package wclayer
 
-import "github.com/Microsoft/hcsshim/internal/guid"
+import "github.com/Microsoft/go-winio/pkg/guid"
 
 //go:generate go run ../../mksyscall_windows.go -output zsyscall_windows.go wclayer.go
 
@@ -24,4 +24,9 @@ import "github.com/Microsoft/hcsshim/internal/guid"
 
 //sys grantVmAccess(vmid string, filepath string) (hr error) = vmcompute.GrantVmAccess?
 
+//sys openVirtualDisk(virtualStorageType *virtualStorageType, path string, virtualDiskAccessMask uint32, flags uint32, parameters *openVirtualDiskParameters, handle *syscall.Handle) (err error) [failretval != 0] = virtdisk.OpenVirtualDisk
+//sys attachVirtualDisk(handle syscall.Handle, sd uintptr, flags uint32, providerFlags uint32, params uintptr, overlapped uintptr) (err error) [failretval != 0] = virtdisk.AttachVirtualDisk
+
+//sys getDiskFreeSpaceEx(directoryName string, freeBytesAvailableToCaller *int64, totalNumberOfBytes *int64, totalNumberOfFreeBytes *int64) (err error) = GetDiskFreeSpaceExW
+
 type _guid = guid.GUID

libnetwork/vendor/github.com/Microsoft/hcsshim/internal/wclayer/zsyscall_windows.go

@@ -38,6 +38,8 @@ func errnoErr(e syscall.Errno) error {
 
 var (
 	modvmcompute = windows.NewLazySystemDLL("vmcompute.dll")
+	modvirtdisk  = windows.NewLazySystemDLL("virtdisk.dll")
+	modkernel32  = windows.NewLazySystemDLL("kernel32.dll")
 
 	procActivateLayer       = modvmcompute.NewProc("ActivateLayer")
 	procCopyLayer           = modvmcompute.NewProc("CopyLayer")
@@ -57,6 +59,9 @@ var (
 	procProcessBaseImage    = modvmcompute.NewProc("ProcessBaseImage")
 	procProcessUtilityImage = modvmcompute.NewProc("ProcessUtilityImage")
 	procGrantVmAccess       = modvmcompute.NewProc("GrantVmAccess")
+	procOpenVirtualDisk     = modvirtdisk.NewProc("OpenVirtualDisk")
+	procAttachVirtualDisk   = modvirtdisk.NewProc("AttachVirtualDisk")
+	procGetDiskFreeSpaceExW = modkernel32.NewProc("GetDiskFreeSpaceExW")
 )
 
 func activateLayer(info *driverInfo, id string) (hr error) {
@@ -508,3 +513,57 @@ func _grantVmAccess(vmid *uint16, filepath *uint16) (hr error) {
 	}
 	return
 }
+
+func openVirtualDisk(virtualStorageType *virtualStorageType, path string, virtualDiskAccessMask uint32, flags uint32, parameters *openVirtualDiskParameters, handle *syscall.Handle) (err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(path)
+	if err != nil {
+		return
+	}
+	return _openVirtualDisk(virtualStorageType, _p0, virtualDiskAccessMask, flags, parameters, handle)
+}
+
+func _openVirtualDisk(virtualStorageType *virtualStorageType, path *uint16, virtualDiskAccessMask uint32, flags uint32, parameters *openVirtualDiskParameters, handle *syscall.Handle) (err error) {
+	r1, _, e1 := syscall.Syscall6(procOpenVirtualDisk.Addr(), 6, uintptr(unsafe.Pointer(virtualStorageType)), uintptr(unsafe.Pointer(path)), uintptr(virtualDiskAccessMask), uintptr(flags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(handle)))
+	if r1 != 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func attachVirtualDisk(handle syscall.Handle, sd uintptr, flags uint32, providerFlags uint32, params uintptr, overlapped uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall6(procAttachVirtualDisk.Addr(), 6, uintptr(handle), uintptr(sd), uintptr(flags), uintptr(providerFlags), uintptr(params), uintptr(overlapped))
+	if r1 != 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getDiskFreeSpaceEx(directoryName string, freeBytesAvailableToCaller *int64, totalNumberOfBytes *int64, totalNumberOfFreeBytes *int64) (err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(directoryName)
+	if err != nil {
+		return
+	}
+	return _getDiskFreeSpaceEx(_p0, freeBytesAvailableToCaller, totalNumberOfBytes, totalNumberOfFreeBytes)
+}
+
+func _getDiskFreeSpaceEx(directoryName *uint16, freeBytesAvailableToCaller *int64, totalNumberOfBytes *int64, totalNumberOfFreeBytes *int64) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetDiskFreeSpaceExW.Addr(), 4, uintptr(unsafe.Pointer(directoryName)), uintptr(unsafe.Pointer(freeBytesAvailableToCaller)), uintptr(unsafe.Pointer(totalNumberOfBytes)), uintptr(unsafe.Pointer(totalNumberOfFreeBytes)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}