summaryrefslogtreecommitdiffhomepage
path: root/runsc
diff options
context:
space:
mode:
authorDean Deng <deandeng@google.com>2020-10-13 11:29:21 -0700
committergVisor bot <gvisor-bot@google.com>2020-10-13 11:31:22 -0700
commit432963dd2d9f4797f26a8b2555464a50f8319537 (patch)
tree8cf1e7fd7529fa98af146a70ce508cdad8a797e0 /runsc
parentd9b32efb306444440daa89a79e4d85516ff8f340 (diff)
[vfs2] Don't take reference in Task.MountNamespaceVFS2 and MountNamespace.Root.
This fixes reference leaks related to accidentally forgetting to DecRef() after calling one or the other. PiperOrigin-RevId: 336918922
Diffstat (limited to 'runsc')
-rw-r--r--runsc/boot/loader.go3
-rw-r--r--runsc/boot/loader_test.go1
-rw-r--r--runsc/boot/vfs.go5
3 files changed, 7 insertions, 2 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index 9a08ebc60..8ad000497 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -903,7 +903,7 @@ func (l *Loader) executeAsync(args *control.ExecArgs) (kernel.ThreadID, error) {
// Get the container MountNamespace from the Task. Try to acquire ref may fail
// in case it raced with task exit.
if kernel.VFS2Enabled {
- // task.MountNamespace() does not take a ref, so we must do so ourselves.
+ // task.MountNamespaceVFS2() does not take a ref, so we must do so ourselves.
args.MountNamespaceVFS2 = tg.Leader().MountNamespaceVFS2()
if !args.MountNamespaceVFS2.TryIncRef() {
return 0, fmt.Errorf("container %q has stopped", args.ContainerID)
@@ -925,7 +925,6 @@ func (l *Loader) executeAsync(args *control.ExecArgs) (kernel.ThreadID, error) {
root := args.MountNamespaceVFS2.Root()
ctx := vfs.WithRoot(l.k.SupervisorContext(), root)
defer args.MountNamespaceVFS2.DecRef(ctx)
- defer root.DecRef(ctx)
envv, err := user.MaybeAddExecUserHomeVFS2(ctx, args.MountNamespaceVFS2, args.KUID, args.Envv)
if err != nil {
return 0, err
diff --git a/runsc/boot/loader_test.go b/runsc/boot/loader_test.go
index 1f49431a2..e376f944b 100644
--- a/runsc/boot/loader_test.go
+++ b/runsc/boot/loader_test.go
@@ -491,6 +491,7 @@ func TestCreateMountNamespaceVFS2(t *testing.T) {
}
root := mns.Root()
+ root.IncRef()
defer root.DecRef(ctx)
for _, p := range tc.expectedPaths {
target := &vfs.PathOperation{
diff --git a/runsc/boot/vfs.go b/runsc/boot/vfs.go
index e36664938..82e459f46 100644
--- a/runsc/boot/vfs.go
+++ b/runsc/boot/vfs.go
@@ -170,6 +170,7 @@ func (c *containerMounter) mountAll(conf *config.Config, procArgs *kernel.Create
rootProcArgs.MountNamespaceVFS2 = mns
root := mns.Root()
+ root.IncRef()
defer root.DecRef(rootCtx)
if root.Mount().ReadOnly() {
// Switch to ReadWrite while we setup submounts.
@@ -377,6 +378,7 @@ func (c *containerMounter) mountSubmountVFS2(ctx context.Context, conf *config.C
}
root := mns.Root()
+ root.IncRef()
defer root.DecRef(ctx)
target := &vfs.PathOperation{
Root: root,
@@ -474,6 +476,7 @@ func (c *containerMounter) mountTmpVFS2(ctx context.Context, conf *config.Config
}
root := mns.Root()
+ root.IncRef()
defer root.DecRef(ctx)
pop := vfs.PathOperation{
Root: root,
@@ -597,6 +600,7 @@ func (c *containerMounter) mountSharedSubmountVFS2(ctx context.Context, conf *co
defer newMnt.DecRef(ctx)
root := mns.Root()
+ root.IncRef()
defer root.DecRef(ctx)
target := &vfs.PathOperation{
Root: root,
@@ -617,6 +621,7 @@ func (c *containerMounter) mountSharedSubmountVFS2(ctx context.Context, conf *co
func (c *containerMounter) makeMountPoint(ctx context.Context, creds *auth.Credentials, mns *vfs.MountNamespace, dest string) error {
root := mns.Root()
+ root.IncRef()
defer root.DecRef(ctx)
target := &vfs.PathOperation{
Root: root,