@@ -22,7 +22,7 @@ import (

 	"github.com/moby/buildkit/frontend/gateway"

 	"github.com/moby/buildkit/frontend/gateway/forwarder"

 	"github.com/moby/buildkit/snapshot/blobmapping"

-	"github.com/moby/buildkit/solver/boltdbcachestorage"

+	"github.com/moby/buildkit/solver/bboltcachestorage"

 	"github.com/moby/buildkit/worker"

 	"github.com/pkg/errors"

 )

@@ -122,7 +122,7 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {

 		return nil, err

 	}

-	cacheStorage, err := boltdbcachestorage.NewStore(filepath.Join(opt.Root, "cache.db"))

+	cacheStorage, err := bboltcachestorage.NewStore(filepath.Join(opt.Root, "cache.db"))

 	if err != nil {

 		return nil, err

 	}

@@ -137,8 +137,12 @@ func (w *Worker) GCPolicy() []client.PruneInfo {

 }

 // LoadRef loads a reference by ID

-func (w *Worker) LoadRef(id string) (cache.ImmutableRef, error) {

-	return w.CacheManager.Get(context.TODO(), id)

+func (w *Worker) LoadRef(id string, hidden bool) (cache.ImmutableRef, error) {

+	var opts []cache.RefOption

+	if hidden {

+		opts = append(opts, cache.NoUpdateLastUsed)

+	}

+	return w.CacheManager.Get(context.TODO(), id, opts...)

 }

 // ResolveOp converts a LLB vertex into a LLB operation

@@ -26,7 +26,7 @@ github.com/imdario/mergo v0.3.6

 golang.org/x/sync 1d60e4601c6fd243af51cc01ddf169918a5407ca

 # buildkit

-github.com/moby/buildkit d88354f7856a1fafef6f23bc9c5a538c246f4023

+github.com/moby/buildkit 39404586a50d1b9d0fb1c578cf0f4de7bdb7afe5

 github.com/tonistiigi/fsutil b19464cd1b6a00773b4f2eb7acf9c30426f9df42

 github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746

 github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7

deleted file mode 100644

@@ -1,27 +0,0 @@

-package cache

-

-import (

-	"context"

-	"errors"

-	"time"

-)

-

-// GCPolicy defines policy for garbage collection

-type GCPolicy struct {

-	MaxSize         uint64

-	MaxKeepDuration time.Duration

-}

-

-// // CachePolicy defines policy for keeping a resource in cache

-// type CachePolicy struct {

-// 	Priority int

-// 	LastUsed time.Time

-// }

-//

-// func defaultCachePolicy() CachePolicy {

-// 	return CachePolicy{Priority: 10, LastUsed: time.Now()}

-// }

-

-func (cm *cacheManager) GC(ctx context.Context) error {

-	return errors.New("GC not implemented")

-}

@@ -25,7 +25,6 @@ var (

 type ManagerOpt struct {

 	Snapshotter     snapshot.SnapshotterBase

-	GCPolicy        GCPolicy

 	MetadataStore   *metadata.Store

 	PruneRefChecker ExternalRefCheckerFunc

 }

@@ -40,7 +39,6 @@ type Accessor interface {

 type Controller interface {

 	DiskUsage(ctx context.Context, info client.DiskUsageInfo) ([]*client.UsageInfo, error)

 	Prune(ctx context.Context, ch chan client.UsageInfo, info ...client.PruneInfo) error

-	GC(ctx context.Context) error

 }

 type Manager interface {

@@ -128,17 +126,24 @@ func (cm *cacheManager) get(ctx context.Context, id string, fromSnapshotter bool

 	rec.mu.Lock()

 	defer rec.mu.Unlock()

+	triggerUpdate := true

+	for _, o := range opts {

+		if o == NoUpdateLastUsed {

+			triggerUpdate = false

+		}

+	}

+

 	if rec.mutable {

 		if len(rec.refs) != 0 {

 			return nil, errors.Wrapf(ErrLocked, "%s is locked", id)

 		}

 		if rec.equalImmutable != nil {

-			return rec.equalImmutable.ref(), nil

+			return rec.equalImmutable.ref(triggerUpdate), nil

 		}

-		return rec.mref().commit(ctx)

+		return rec.mref(triggerUpdate).commit(ctx)

 	}

-	return rec.ref(), nil

+	return rec.ref(triggerUpdate), nil

 }

 // getRecord returns record for id. Requires manager lock.

@@ -166,8 +171,8 @@ func (cm *cacheManager) getRecord(ctx context.Context, id string, fromSnapshotte

 		rec := &cacheRecord{

 			mu:           &sync.Mutex{},

 			cm:           cm,

-			refs:         make(map[Mountable]struct{}),

-			parent:       mutable.Parent(),

+			refs:         make(map[ref]struct{}),

+			parent:       mutable.parentRef(false),

 			md:           md,

 			equalMutable: &mutableRef{cacheRecord: mutable},

 		}

@@ -183,7 +188,7 @@ func (cm *cacheManager) getRecord(ctx context.Context, id string, fromSnapshotte

 	var parent ImmutableRef

 	if info.Parent != "" {

-		parent, err = cm.get(ctx, info.Parent, fromSnapshotter, opts...)

+		parent, err = cm.get(ctx, info.Parent, fromSnapshotter, append(opts, NoUpdateLastUsed)...)

 		if err != nil {

 			return nil, err

 		}

@@ -198,7 +203,7 @@ func (cm *cacheManager) getRecord(ctx context.Context, id string, fromSnapshotte

 		mu:      &sync.Mutex{},

 		mutable: info.Kind != snapshots.KindCommitted,

 		cm:      cm,

-		refs:    make(map[Mountable]struct{}),

+		refs:    make(map[ref]struct{}),

 		parent:  parent,

 		md:      md,

 	}

@@ -229,7 +234,7 @@ func (cm *cacheManager) New(ctx context.Context, s ImmutableRef, opts ...RefOpti

 	var parentID string

 	if s != nil {

 		var err error

-		parent, err = cm.Get(ctx, s.ID())

+		parent, err = cm.Get(ctx, s.ID(), NoUpdateLastUsed)

 		if err != nil {

 			return nil, err

 		}

@@ -252,7 +257,7 @@ func (cm *cacheManager) New(ctx context.Context, s ImmutableRef, opts ...RefOpti

 		mu:      &sync.Mutex{},

 		mutable: true,

 		cm:      cm,

-		refs:    make(map[Mountable]struct{}),

+		refs:    make(map[ref]struct{}),

 		parent:  parent,

 		md:      md,

 	}

@@ -269,7 +274,7 @@ func (cm *cacheManager) New(ctx context.Context, s ImmutableRef, opts ...RefOpti

 	cm.records[id] = rec // TODO: save to db

-	return rec.mref(), nil

+	return rec.mref(true), nil

 }

 func (cm *cacheManager) GetMutable(ctx context.Context, id string) (MutableRef, error) {

 	cm.mu.Lock()

@@ -301,7 +306,7 @@ func (cm *cacheManager) GetMutable(ctx context.Context, id string) (MutableRef,

 		rec.equalImmutable = nil

 	}

-	return rec.mref(), nil

+	return rec.mref(true), nil

 }

 func (cm *cacheManager) Prune(ctx context.Context, ch chan client.UsageInfo, opts ...client.PruneInfo) error {

@@ -669,7 +674,7 @@ func (cm *cacheManager) DiskUsage(ctx context.Context, opt client.DiskUsageInfo)

 		if d.Size == sizeUnknown {

 			func(d *client.UsageInfo) {

 				eg.Go(func() error {

-					ref, err := cm.Get(ctx, d.ID)

+					ref, err := cm.Get(ctx, d.ID, NoUpdateLastUsed)

 					if err != nil {

 						d.Size = 0

 						return nil

@@ -700,7 +705,7 @@ func IsNotFound(err error) bool {

 	return errors.Cause(err) == errNotFound

 }

-type RefOption func(withMetadata) error

+type RefOption interface{}

 type cachePolicy int

@@ -713,6 +718,10 @@ type withMetadata interface {

 	Metadata() *metadata.StorageItem

 }

+type noUpdateLastUsed struct{}

+

+var NoUpdateLastUsed noUpdateLastUsed

+

 func HasCachePolicyRetain(m withMetadata) bool {

 	return getCachePolicy(m.Metadata()) == cachePolicyRetain

 }

@@ -750,8 +759,10 @@ func initializeMetadata(m withMetadata, opts ...RefOption) error {

 	}

 	for _, opt := range opts {

-		if err := opt(m); err != nil {

-			return err

+		if fn, ok := opt.(func(withMetadata) error); ok {

+			if err := fn(m); err != nil {

+				return err

+			}

 		}

 	}

@@ -3,10 +3,10 @@ package cache

 import (

 	"time"

-	"github.com/boltdb/bolt"

 	"github.com/moby/buildkit/cache/metadata"

 	"github.com/moby/buildkit/client"

 	"github.com/pkg/errors"

+	bolt "go.etcd.io/bbolt"

 )

 const sizeUnknown int64 = -1

@@ -6,9 +6,9 @@ import (

 	"strings"

 	"sync"

-	"github.com/boltdb/bolt"

 	"github.com/pkg/errors"

 	"github.com/sirupsen/logrus"

+	bolt "go.etcd.io/bbolt"

 )

 const (

@@ -38,12 +38,16 @@ type Mountable interface {

 	Mount(ctx context.Context, readonly bool) (snapshot.Mountable, error)

 }

+type ref interface {

+	updateLastUsed() bool

+}

+

 type cacheRecord struct {

 	cm *cacheManager

 	mu *sync.Mutex // the mutex is shared by records sharing data

 	mutable bool

-	refs    map[Mountable]struct{}

+	refs    map[ref]struct{}

 	parent  ImmutableRef

 	md      *metadata.StorageItem

@@ -61,15 +65,15 @@ type cacheRecord struct {

 }

 // hold ref lock before calling

-func (cr *cacheRecord) ref() *immutableRef {

-	ref := &immutableRef{cacheRecord: cr}

+func (cr *cacheRecord) ref(triggerLastUsed bool) *immutableRef {

+	ref := &immutableRef{cacheRecord: cr, triggerLastUsed: triggerLastUsed}

 	cr.refs[ref] = struct{}{}

 	return ref

 }

 // hold ref lock before calling

-func (cr *cacheRecord) mref() *mutableRef {

-	ref := &mutableRef{cacheRecord: cr}

+func (cr *cacheRecord) mref(triggerLastUsed bool) *mutableRef {

+	ref := &mutableRef{cacheRecord: cr, triggerLastUsed: triggerLastUsed}

 	cr.refs[ref] = struct{}{}

 	return ref

 }

@@ -116,13 +120,17 @@ func (cr *cacheRecord) Size(ctx context.Context) (int64, error) {

 }

 func (cr *cacheRecord) Parent() ImmutableRef {

+	return cr.parentRef(true)

+}

+

+func (cr *cacheRecord) parentRef(hidden bool) ImmutableRef {

 	if cr.parent == nil {

 		return nil

 	}

 	p := cr.parent.(*immutableRef)

 	p.mu.Lock()

 	defer p.mu.Unlock()

-	return p.ref()

+	return p.ref(hidden)

 }

 func (cr *cacheRecord) Mount(ctx context.Context, readonly bool) (snapshot.Mountable, error) {

@@ -188,15 +196,17 @@ func (cr *cacheRecord) ID() string {

 type immutableRef struct {

 	*cacheRecord

+	triggerLastUsed bool

 }

 type mutableRef struct {

 	*cacheRecord

+	triggerLastUsed bool

 }

 func (sr *immutableRef) Clone() ImmutableRef {

 	sr.mu.Lock()

-	ref := sr.ref()

+	ref := sr.ref(false)

 	sr.mu.Unlock()

 	return ref

 }

@@ -211,11 +221,33 @@ func (sr *immutableRef) Release(ctx context.Context) error {

 	return sr.release(ctx)

 }

+func (sr *immutableRef) updateLastUsed() bool {

+	return sr.triggerLastUsed

+}

+

+func (sr *immutableRef) updateLastUsedNow() bool {

+	if !sr.triggerLastUsed {

+		return false

+	}

+	for r := range sr.refs {

+		if r.updateLastUsed() {

+			return false

+		}

+	}

+	return true

+}

+

 func (sr *immutableRef) release(ctx context.Context) error {

 	delete(sr.refs, sr)

-	if len(sr.refs) == 0 {

+	if sr.updateLastUsedNow() {

 		updateLastUsed(sr.md)

+		if sr.equalMutable != nil {

+			sr.equalMutable.triggerLastUsed = true

+		}

+	}

+

+	if len(sr.refs) == 0 {

 		if sr.viewMount != nil { // TODO: release viewMount earlier if possible

 			if err := sr.cm.Snapshotter.Remove(ctx, sr.view); err != nil {

 				return err

@@ -273,6 +305,10 @@ func (cr *cacheRecord) finalize(ctx context.Context, commit bool) error {

 	return cr.md.Commit()

 }

+func (sr *mutableRef) updateLastUsed() bool {

+	return sr.triggerLastUsed

+}

+

 func (sr *mutableRef) commit(ctx context.Context) (ImmutableRef, error) {

 	if !sr.mutable || len(sr.refs) == 0 {

 		return nil, errors.Wrapf(errInvalid, "invalid mutable ref")

@@ -280,13 +316,12 @@ func (sr *mutableRef) commit(ctx context.Context) (ImmutableRef, error) {

 	id := identity.NewID()

 	md, _ := sr.cm.md.Get(id)

-

 	rec := &cacheRecord{

 		mu:           sr.mu,

 		cm:           sr.cm,

-		parent:       sr.Parent(),

+		parent:       sr.parentRef(false),

 		equalMutable: sr,

-		refs:         make(map[Mountable]struct{}),

+		refs:         make(map[ref]struct{}),

 		md:           md,

 	}

@@ -312,11 +347,15 @@ func (sr *mutableRef) commit(ctx context.Context) (ImmutableRef, error) {

 		return nil, err

 	}

-	ref := rec.ref()

+	ref := rec.ref(true)

 	sr.equalImmutable = ref

 	return ref, nil

 }

+func (sr *mutableRef) updatesLastUsed() bool {

+	return sr.triggerLastUsed

+}

+

 func (sr *mutableRef) Commit(ctx context.Context) (ImmutableRef, error) {

 	sr.cm.mu.Lock()

 	defer sr.cm.mu.Unlock()

@@ -342,6 +381,10 @@ func (sr *mutableRef) release(ctx context.Context) error {

 	if getCachePolicy(sr.md) != cachePolicyRetain {

 		if sr.equalImmutable != nil {

 			if getCachePolicy(sr.equalImmutable.md) == cachePolicyRetain {

+				if sr.updateLastUsed() {

+					updateLastUsed(sr.md)

+					sr.triggerLastUsed = false

+				}

 				return nil

 			}

 			if err := sr.equalImmutable.remove(ctx, false); err != nil {

@@ -355,7 +398,10 @@ func (sr *mutableRef) release(ctx context.Context) error {

 		}

 		return sr.remove(ctx, true)

 	} else {

-		updateLastUsed(sr.md)

+		if sr.updateLastUsed() {

+			updateLastUsed(sr.md)

+			sr.triggerLastUsed = false

+		}

 	}

 	return nil

 }

@@ -25,12 +25,11 @@ type ClientOpt interface{}

 func New(ctx context.Context, address string, opts ...ClientOpt) (*Client, error) {

 	gopts := []grpc.DialOption{

 		grpc.WithDialer(dialer),

-		grpc.FailOnNonTempDialError(true),

 	}

 	needWithInsecure := true

 	for _, o := range opts {

-		if _, ok := o.(*withBlockOpt); ok {

-			gopts = append(gopts, grpc.WithBlock(), grpc.FailOnNonTempDialError(true))

+		if _, ok := o.(*withFailFast); ok {

+			gopts = append(gopts, grpc.FailOnNonTempDialError(true))

 		}

 		if credInfo, ok := o.(*withCredentials); ok {

 			opt, err := loadCredentials(credInfo)

@@ -52,7 +51,6 @@ func New(ctx context.Context, address string, opts ...ClientOpt) (*Client, error

 	if address == "" {

 		address = appdefaults.Address

 	}

-

 	conn, err := grpc.DialContext(ctx, address, gopts...)

 	if err != nil {

 		return nil, errors.Wrapf(err, "failed to dial %q . make sure buildkitd is running", address)

@@ -71,10 +69,10 @@ func (c *Client) Close() error {

 	return c.conn.Close()

 }

-type withBlockOpt struct{}

+type withFailFast struct{}

-func WithBlock() ClientOpt {

-	return &withBlockOpt{}

+func WithFailFast() ClientOpt {

+	return &withFailFast{}

 }

 type withCredentials struct {

@@ -2,6 +2,7 @@ package llb

 import (

 	_ "crypto/sha256"

+	"fmt"

 	"net"

 	"sort"

@@ -61,6 +62,7 @@ type ExecOp struct {

 	constraints Constraints

 	isValidated bool

 	secrets     []SecretInfo

+	ssh         []SSHInfo

 }

 func (e *ExecOp) AddMount(target string, source Output, opt ...MountOption) Output {

@@ -130,6 +132,17 @@ func (e *ExecOp) Marshal(c *Constraints) (digest.Digest, []byte, *pb.OpMetadata,

 		return e.mounts[i].target < e.mounts[j].target

 	})

+	if len(e.ssh) > 0 {

+		for i, s := range e.ssh {

+			if s.Target == "" {

+				e.ssh[i].Target = fmt.Sprintf("/run/buildkit/ssh_agent.%d", i)

+			}

+		}

+		if _, ok := e.meta.Env.Get("SSH_AUTH_SOCK"); !ok {

+			e.meta.Env = e.meta.Env.AddOrReplace("SSH_AUTH_SOCK", e.ssh[0].Target)

+		}

+	}

+

 	meta := &pb.Meta{

 		Args: e.meta.Args,

 		Env:  e.meta.Env.ToArray(),

@@ -264,6 +277,21 @@ func (e *ExecOp) Marshal(c *Constraints) (digest.Digest, []byte, *pb.OpMetadata,

 		peo.Mounts = append(peo.Mounts, pm)

 	}

+	for _, s := range e.ssh {

+		pm := &pb.Mount{

+			Dest:      s.Target,

+			MountType: pb.MountType_SSH,

+			SSHOpt: &pb.SSHOpt{

+				ID:       s.ID,

+				Uid:      uint32(s.UID),

+				Gid:      uint32(s.GID),

+				Mode:     uint32(s.Mode),

+				Optional: s.Optional,

+			},

+		}

+		peo.Mounts = append(peo.Mounts, pm)

+	}

+

 	dt, err := pop.Marshal()

 	if err != nil {

 		return "", nil, nil, err

@@ -432,6 +460,56 @@ func AddMount(dest string, mountState State, opts ...MountOption) RunOption {

 	})

 }

+func AddSSHSocket(opts ...SSHOption) RunOption {

+	return runOptionFunc(func(ei *ExecInfo) {

+		s := &SSHInfo{

+			Mode: 0600,

+		}

+		for _, opt := range opts {

+			opt.SetSSHOption(s)

+		}

+		ei.SSH = append(ei.SSH, *s)

+	})

+}

+

+type SSHOption interface {

+	SetSSHOption(*SSHInfo)

+}

+

+type sshOptionFunc func(*SSHInfo)

+

+func (fn sshOptionFunc) SetSSHOption(si *SSHInfo) {

+	fn(si)

+}

+

+func SSHID(id string) SSHOption {

+	return sshOptionFunc(func(si *SSHInfo) {

+		si.ID = id

+	})

+}

+

+func SSHSocketOpt(target string, uid, gid, mode int) SSHOption {

+	return sshOptionFunc(func(si *SSHInfo) {

+		si.Target = target

+		si.UID = uid

+		si.GID = gid

+		si.Mode = mode

+	})

+}

+

+var SSHOptional = sshOptionFunc(func(si *SSHInfo) {

+	si.Optional = true

+})

+

+type SSHInfo struct {

+	ID       string

+	Target   string

+	Mode     int

+	UID      int

+	GID      int

+	Optional bool

+}

+

 func AddSecret(dest string, opts ...SecretOption) RunOption {

 	return runOptionFunc(func(ei *ExecInfo) {

 		s := &SecretInfo{ID: dest, Target: dest, Mode: 0400}

@@ -498,6 +576,7 @@ type ExecInfo struct {

 	ReadonlyRootFS bool

 	ProxyEnv       *ProxyEnv

 	Secrets        []SecretInfo

+	SSH            []SSHInfo

 }

 type MountInfo struct {

@@ -7,12 +7,14 @@ import (

 	digest "github.com/opencontainers/go-digest"

 )

+// WithMetaResolver adds a metadata resolver to an image

 func WithMetaResolver(mr ImageMetaResolver) ImageOption {

 	return imageOptionFunc(func(ii *ImageInfo) {

 		ii.metaResolver = mr

 	})

 }

+// ImageMetaResolver can resolve image config metadata from a reference

 type ImageMetaResolver interface {

 	ResolveImageConfig(ctx context.Context, ref string, opt gw.ResolveImageConfigOpt) (digest.Digest, []byte, error)

 }

@@ -196,6 +196,7 @@ func (s State) Run(ro ...RunOption) ExecState {

 		exec.AddMount(m.Target, m.Source, m.Opts...)

 	}

 	exec.secrets = ei.Secrets

+	exec.ssh = ei.SSH

 	return ExecState{

 		State: s.WithOutput(exec.Output()),

@@ -11,6 +11,7 @@ import (

 	"github.com/pkg/errors"

 )

+// WorkerInfo contains information about a worker

 type WorkerInfo struct {

 	ID        string

 	Labels    map[string]string

@@ -18,6 +19,7 @@ type WorkerInfo struct {

 	GCPolicy  []PruneInfo

 }

+// ListWorkers lists all active workers

 func (c *Client) ListWorkers(ctx context.Context, opts ...ListWorkersOption) ([]*WorkerInfo, error) {

 	info := &ListWorkersInfo{}

 	for _, o := range opts {

@@ -44,10 +46,12 @@ func (c *Client) ListWorkers(ctx context.Context, opts ...ListWorkersOption) ([]

 	return wi, nil

 }

+// ListWorkersOption is an option for a worker list query

 type ListWorkersOption interface {

 	SetListWorkersOption(*ListWorkersInfo)

 }

+// ListWorkersInfo is a payload for worker list query

 type ListWorkersInfo struct {

 	Filter []string

 }

@@ -127,7 +127,7 @@ func (c *Controller) Prune(req *controlapi.PruneRequest, stream controlapi.Contr

 				ReleaseUnreferenced() error

 			}); ok {

 				if err := c.ReleaseUnreferenced(); err != nil {

-					logrus.Errorf("failed to release cache metadata: %+v")

+					logrus.Errorf("failed to release cache metadata: %+v", err)

 				}

 			}

 		}

@@ -11,6 +11,7 @@ import (

 	"strconv"

 	"strings"

 	"syscall"

+	"time"

 	"github.com/containerd/containerd/contrib/seccomp"

 	"github.com/containerd/containerd/mount"

@@ -88,7 +89,7 @@ func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Ex

 		Command:      cmd,

 		Log:          filepath.Join(root, "runc-log.json"),

 		LogFormat:    runc.JSON,

-		PdeathSignal: syscall.SIGKILL,

+		PdeathSignal: syscall.SIGKILL, // this can still leak the process

 		Setpgid:      true,

 		// we don't execute runc with --rootless=(true|false) explicitly,

 		// so as to support non-runc runtimes

@@ -220,16 +221,43 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.

 		return err

 	}

-	forwardIO, err := newForwardIO(stdin, stdout, stderr)

-	if err != nil {

-		return errors.Wrap(err, "creating new forwarding IO")

-	}

-	defer forwardIO.Close()

+	// runCtx/killCtx is used for extra check in case the kill command blocks

+	runCtx, cancelRun := context.WithCancel(context.Background())

+	defer cancelRun()

+

+	done := make(chan struct{})

+	go func() {

+		for {

+			select {

+			case <-ctx.Done():

+				killCtx, timeout := context.WithTimeout(context.Background(), 7*time.Second)

+				if err := w.runc.Kill(killCtx, id, int(syscall.SIGKILL), nil); err != nil {

+					logrus.Errorf("failed to kill runc %s: %+v", id, err)

+					select {

+					case <-killCtx.Done():

+						timeout()

+						cancelRun()

+						return

+					default:

+					}

+				}

+				timeout()

+				select {

+				case <-time.After(50 * time.Millisecond):

+				case <-done:

+					return

+				}

+			case <-done:

+				return

+			}

+		}

+	}()

 	logrus.Debugf("> creating %s %v", id, meta.Args)

-	status, err := w.runc.Run(ctx, id, bundle, &runc.CreateOpts{

-		IO: forwardIO,

+	status, err := w.runc.Run(runCtx, id, bundle, &runc.CreateOpts{

+		IO: &forwardIO{stdin: stdin, stdout: stdout, stderr: stderr},

 	})

+	close(done)

 	if err != nil {

 		return err

 	}

@@ -242,57 +270,11 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.

 }

 type forwardIO struct {

-	stdin, stdout, stderr *os.File

-	toRelease             []io.Closer

-	toClose               []io.Closer

-}

-

-func newForwardIO(stdin io.ReadCloser, stdout, stderr io.WriteCloser) (f *forwardIO, err error) {

-	fio := &forwardIO{}

-	defer func() {

-		if err != nil {

-			fio.Close()

-		}

-	}()

-	if stdin != nil {

-		fio.stdin, err = fio.readCloserToFile(stdin)

-		if err != nil {

-			return nil, err

-		}

-	}

-	if stdout != nil {

-		fio.stdout, err = fio.writeCloserToFile(stdout)

-		if err != nil {

-			return nil, err

-		}

-	}

-	if stderr != nil {

-		fio.stderr, err = fio.writeCloserToFile(stderr)

-		if err != nil {

-			return nil, err

-		}

-	}

-	return fio, nil

+	stdin          io.ReadCloser

+	stdout, stderr io.WriteCloser

 }

 func (s *forwardIO) Close() error {

-	s.CloseAfterStart()

-	var err error

-	for _, cl := range s.toClose {

-		if err1 := cl.Close(); err == nil {

-			err = err1

-		}

-	}

-	s.toClose = nil

-	return err

-}

-

-// release releases active FDs if the process doesn't need them any more

-func (s *forwardIO) CloseAfterStart() error {

-	for _, cl := range s.toRelease {

-		cl.Close()

-	}

-	s.toRelease = nil

 	return nil

 }

@@ -302,46 +284,6 @@ func (s *forwardIO) Set(cmd *exec.Cmd) {

 	cmd.Stderr = s.stderr

 }

-func (s *forwardIO) readCloserToFile(rc io.ReadCloser) (*os.File, error) {

-	if f, ok := rc.(*os.File); ok {

-		return f, nil

-	}

-	pr, pw, err := os.Pipe()

-	if err != nil {

-		return nil, err

-	}

-	s.toClose = append(s.toClose, pw)

-	s.toRelease = append(s.toRelease, pr)

-	go func() {

-		_, err := io.Copy(pw, rc)

-		if err1 := pw.Close(); err == nil {

-			err = err1

-		}

-		_ = err

-	}()

-	return pr, nil

-}

-

-func (s *forwardIO) writeCloserToFile(wc io.WriteCloser) (*os.File, error) {

-	if f, ok := wc.(*os.File); ok {

-		return f, nil

-	}

-	pr, pw, err := os.Pipe()

-	if err != nil {

-		return nil, err

-	}

-	s.toClose = append(s.toClose, pr)

-	s.toRelease = append(s.toRelease, pw)

-	go func() {

-		_, err := io.Copy(wc, pr)

-		if err1 := pw.Close(); err == nil {

-			err = err1

-		}

-		_ = err

-	}()

-	return pw, nil

-}

-

 func (s *forwardIO) Stdin() io.WriteCloser {

 	return nil

 }

@@ -23,6 +23,7 @@ import (

 	"github.com/moby/buildkit/frontend/dockerfile/shell"

 	gw "github.com/moby/buildkit/frontend/gateway/client"

 	"github.com/moby/buildkit/solver/pb"

+	"github.com/moby/buildkit/util/system"

 	specs "github.com/opencontainers/image-spec/specs-go/v1"

 	"github.com/pkg/errors"

 	"golang.org/x/sync/errgroup"

@@ -133,8 +134,12 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,

 			}

 			ds.platform = &p

 		}

+		allDispatchStates.addState(ds)

-		total := 1

+		total := 0

+		if ds.stage.BaseName != emptyImageName && ds.base == nil {

+			total = 1

+		}

 		for _, cmd := range ds.stage.Commands {

 			switch cmd.(type) {

 			case *instructions.AddCommand, *instructions.CopyCommand, *instructions.RunCommand:

@@ -143,7 +148,6 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,

 		}

 		ds.cmdTotal = total

-		allDispatchStates.addState(ds)

 		if opt.IgnoreCache != nil {

 			if len(opt.IgnoreCache) == 0 {

 				ds.ignoreCache = true

@@ -215,10 +219,15 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,

 					d.stage.BaseName = reference.TagNameOnly(ref).String()

 					var isScratch bool

 					if metaResolver != nil && reachable && !d.unregistered {

+						prefix := "["

+						if opt.PrefixPlatform && platform != nil {

+							prefix += platforms.Format(*platform) + " "

+						}

+						prefix += "internal]"

 						dgst, dt, err := metaResolver.ResolveImageConfig(ctx, d.stage.BaseName, gw.ResolveImageConfigOpt{

 							Platform:    platform,

 							ResolveMode: opt.ImageResolveMode.String(),

-							LogName:     fmt.Sprintf("[internal] load metadata for %s", d.stage.BaseName),

+							LogName:     fmt.Sprintf("%s load metadata for %s", prefix, d.stage.BaseName),

 						})

 						if err == nil { // handle the error while builder is actually running