pkg/sentry: add cleanup to avoid mntns/FSContext refcount leak #12055
+23
−14
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tianyuzhou95
changed the title
tianyuzhou95
changed the title
|
thanks! |
ayushr2
reviewed
Aug 18, 2025
tianyuzhou95
force-pushed
the
albert/refcount
branch
from
0b61c41 to
cc50e27
Compare
ayushr2
reviewed
Aug 18, 2025
tianyuzhou95
force-pushed
the
albert/refcount
branch
from
cc50e27 to
523f581
Compare
|
Please hold off on this PR — it appears that even with this patch, the filesystem leaks for gofer, overlay, and tmpfs can still be triggered using the method described in the issue. I'm currently investigating the root cause and will include the fix in this PR. |
tianyuzhou95
force-pushed
the
albert/refcount
branch
from
523f581 to
7c18f54
Compare
tianyuzhou95
changed the title
The root cause has been identified: the cc @ayushr2 |
Currently, on certain error paths during task creation (e.g., when "runsc exec" fails), we do not properly handle the refcount of the mntns/FSContext, leading to a refcount leak. This patch adds cleanup that would be released before the reference ownership is transferred to callee, ensuring that the refcount is correctly decremented. Fixes google#12054 Signed-off-by: Tianyu Zhou <albert.zty@antgroup.com>
tianyuzhou95
force-pushed
the
albert/refcount
branch
from
7c18f54 to
512b9a4
Compare
ayushr2
approved these changes
Aug 20, 2025
copybara-service bot
pushed a commit
that referenced
this pull request
Aug 20, 2025
Currently, on certain error paths during task creation (e.g., when "runsc exec" fails), we do not properly handle the refcount of the mount namespace, leading to a refcount leak. This patch adds cleanup that would be released before the reference ownership is transferred to callee, ensuring that the refcount is correctly decremented. Fixes #12054 FUTURE_COPYBARA_INTEGRATE_REVIEW=#12055 from tianyuzhou95:albert/refcount 512b9a4 PiperOrigin-RevId: 797155567
copybara-service bot
pushed a commit
that referenced
this pull request
Aug 20, 2025
Currently, on certain error paths during task creation (e.g., when "runsc exec" fails), we do not properly handle the refcount of the mount namespace, leading to a refcount leak. This patch adds cleanup that would be released before the reference ownership is transferred to callee, ensuring that the refcount is correctly decremented. Fixes #12054 FUTURE_COPYBARA_INTEGRATE_REVIEW=#12055 from tianyuzhou95:albert/refcount 512b9a4 PiperOrigin-RevId: 797155567
copybara-service bot
pushed a commit
that referenced
this pull request
Aug 20, 2025
Currently, on certain error paths during task creation (e.g., when "runsc exec" fails), we do not properly handle the refcount of the mount namespace, leading to a refcount leak. This patch adds cleanup that would be released before the reference ownership is transferred to callee, ensuring that the refcount is correctly decremented. Fixes #12054 FUTURE_COPYBARA_INTEGRATE_REVIEW=#12055 from tianyuzhou95:albert/refcount 512b9a4 PiperOrigin-RevId: 797155567
copybara-service bot
pushed a commit
that referenced
this pull request
Aug 20, 2025
Currently, on certain error paths during task creation (e.g., when "runsc exec" fails), we do not properly handle the refcount of the mount namespace, leading to a refcount leak. This patch adds cleanup that would be released before the reference ownership is transferred to callee, ensuring that the refcount is correctly decremented. Fixes #12054 FUTURE_COPYBARA_INTEGRATE_REVIEW=#12055 from tianyuzhou95:albert/refcount 512b9a4 PiperOrigin-RevId: 797155567
ayushr2
approved these changes
Aug 28, 2025
copybara-service bot
pushed a commit
that referenced
this pull request
Aug 28, 2025
Currently, on certain error paths during task creation (e.g., when "runsc exec" fails), we do not properly handle the refcount of the mount namespace, leading to a refcount leak. This patch adds cleanup that would be released before the reference ownership is transferred to callee, ensuring that the refcount is correctly decremented. Fixes #12054 FUTURE_COPYBARA_INTEGRATE_REVIEW=#12055 from tianyuzhou95:albert/refcount 512b9a4 PiperOrigin-RevId: 800615196
copybara-service bot
pushed a commit
that referenced
this pull request
Aug 28, 2025
Currently, on certain error paths during task creation (e.g., when "runsc exec" fails), we do not properly handle the refcount of the mount namespace, leading to a refcount leak. This patch adds cleanup that would be released before the reference ownership is transferred to callee, ensuring that the refcount is correctly decremented. Fixes #12054 FUTURE_COPYBARA_INTEGRATE_REVIEW=#12055 from tianyuzhou95:albert/refcount 512b9a4 PiperOrigin-RevId: 800615196
copybara-service bot
pushed a commit
that referenced
this pull request
Aug 28, 2025
Currently, on certain error paths during task creation (e.g., when "runsc exec" fails), we do not properly handle the refcount of the mount namespace, leading to a refcount leak. This patch adds cleanup that would be released before the reference ownership is transferred to callee, ensuring that the refcount is correctly decremented. Fixes #12054 FUTURE_COPYBARA_INTEGRATE_REVIEW=#12055 from tianyuzhou95:albert/refcount 512b9a4 PiperOrigin-RevId: 800615196
copybara-service bot
pushed a commit
that referenced
this pull request
Aug 28, 2025
Currently, on certain error paths during task creation (e.g., when "runsc exec" fails), we do not properly handle the refcount of the mount namespace, leading to a refcount leak. This patch adds cleanup that would be released before the reference ownership is transferred to callee, ensuring that the refcount is correctly decremented. Fixes #12054 FUTURE_COPYBARA_INTEGRATE_REVIEW=#12055 from tianyuzhou95:albert/refcount 512b9a4 PiperOrigin-RevId: 800615196
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently, on certain error paths during task creation (e.g., when "runsc exec" fails), we do not properly handle the refcount of the mount namespace, leading to a refcount leak. This patch adds cleanup that would be released before the reference ownership is transferred to callee, ensuring that the refcount is correctly decremented.
Fixes #12054