Skip to content

libct: close child fds on prepareCgroupFD error#4930

Merged
cyphar merged 2 commits intoopencontainers:mainfrom
kolyshkin:fix-close
Oct 15, 2025
Merged

libct: close child fds on prepareCgroupFD error#4930
cyphar merged 2 commits intoopencontainers:mainfrom
kolyshkin:fix-close

Conversation

@kolyshkin
Copy link
Copy Markdown
Contributor

@kolyshkin kolyshkin commented Oct 13, 2025
edited
Loading

The (*setns).start is supposed to close child fds once the child has started, or upon returning an error.
There was no code to return an error before calling start, but commit 5af4dd4 added it, together with
a bug -- child fds are not closed if prepareCgroupFD fails.

I'm not sure ifhow to add a good test case for it. Found when working on PR #4928 (which modified the code
to read the child logs even when start() fails).

Fixes: 5af4dd4 / PR #4812.

This PR also includes the refactoring of start to avoid similar problems in the future.

@kolyshkin kolyshkin added the backport/1.4-todo A PR in main branch which needs to backported to release-1.4 label Oct 13, 2025
@kolyshkin
Copy link
Copy Markdown
Contributor Author

kolyshkin commented Oct 13, 2025

Technically, this is just leaking unclosed fds if prepareCgroupFD returns an error, which is a minor issue. But together with changes in #4928 this creates a case when runc waits on log forwarder forever because the other side of the log pipe is never closed.

kolyshkin
kolyshkin commented Oct 13, 2025
View reviewed changes
Comment thread libcontainer/process_linux.go Outdated
Copilot AI reviewed Oct 13, 2025
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes a resource leak bug where child file descriptors were not being properly closed when prepareCgroupFD() fails in the (*setns).start() method. The fix ensures that child fds are closed consistently in all error paths, maintaining the expected behavior that child fds are closed either when the child starts successfully or when an error occurs.

  • Adds missing p.comm.closeChild() call in the prepareCgroupFD() error path
  • Ensures consistent resource cleanup across all error scenarios in the start method

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@kolyshkin kolyshkin requested a review from cyphar October 13, 2025 23:55
@kolyshkin kolyshkin added this to the 1.4.0 milestone Oct 13, 2025
lifubang
lifubang reviewed Oct 14, 2025
View reviewed changes
Comment thread libcontainer/process_linux.go
@kolyshkin kolyshkin force-pushed the fix-close branch 2 times, most recently from 0c18cce to 2e5864c Compare October 14, 2025 18:40
@kolyshkin kolyshkin requested review from Copilot and lifubang October 14, 2025 18:44
Copilot AI reviewed Oct 14, 2025
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@kolyshkin kolyshkin mentioned this pull request Oct 14, 2025
Merged
@kolyshkin
Copy link
Copy Markdown
Contributor Author

kolyshkin commented Oct 14, 2025

Updated, and rebased #4928 (which also serves as a test for the fix in here).

kolyshkin and others added 2 commits October 14, 2025 11:48
@kolyshkin
libct: close child fds on prepareCgroupFD error
4e26250 
The (*setns).start is supposed to close child fds once the child has
started, or upon an error. Commit 5af4dd4 added a bug -- child fds
are not closed if prepareCgroupFD fails.

Fix by adding a missing call to closeChild.

I'm not sure how to write a good test case for it. Found when working
on PR 4928 (and tested in there).

Fixes: 5af4dd4
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin @lifubang
libct: refactor setnsProcess.start
871052b 
Factor startWithCgroupFD out of start to reduce the start complexity.
This also implements a more future-proof way of calling p.comm.closeChild.

Co-authored-by: lifubang <lifubang@acmcoder.com>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin kolyshkin requested a review from Copilot October 15, 2025 19:18
Copilot AI reviewed Oct 15, 2025
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Comment thread libcontainer/process_linux.go
Comment thread libcontainer/process_linux.go
@cyphar cyphar merged commit ef90082 into opencontainers:main Oct 15, 2025
36 checks passed
@cyphar cyphar mentioned this pull request Oct 15, 2025
Merged
@kolyshkin kolyshkin added backport/1.4-done A PR in main branch which has been backported to release-1.4 and removed backport/1.4-todo A PR in main branch which needs to backported to release-1.4 labels Oct 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lifubang lifubang lifubang approved these changes

@cyphar cyphar cyphar approved these changes

@rata rata Awaiting requested review from rata

Assignees

No one assigned

Labels

backport/1.4-done A PR in main branch which has been backported to release-1.4

Projects

None yet

Milestone

1.4.0

Development

Successfully merging this pull request may close these issues.

4 participants

@kolyshkin @lifubang @cyphar