nsenter.c may have a resource leak after calling the bail function #3988
Replies: 1 comment 1 reply
-
If you would like to send a patch to fix the "memory leaks" in nsexec, I'd be happy to review them, but I'm not sure how much sense it would make given the following...
This is not possible, exit will always kill the current process. In addition, the C code in
Once nsexec is done, it returns to Go where all of the allocated memory is going to be overwritten by the Go runtime (Go doesn't use libc malloc, so the "allocated memory" disappears once the Go runtime starts working). |
Beta Was this translation helpful? Give feedback.
-
I am learning the code of nsenter.c, and I found that in the join_namespaces function, memory is first allocated for the namespaces variable through realloc, and then there may be a failure when parsing the namespace path, thus calling the bail function. The bail function returns an error, and then calls exit to exit the process.
https://github.com/opencontainers/runc/blob/ff8c4c7b72ae369361ef76d12590c3165f46bca8/libcontainer/nsenter/nsexec.c#L496C1-L511C1
One explanation I can think of is that after the process exits after calling exit, the operating system will reclaim the memory, which may not cause actual impact. However, this way of writing does not meet the requirements of release after use. After all, not all OSes follow this practice.
What's more, join_namespaces is called through the fork child process in the nsexec function. I have doubts about whether the memory of the child process exits but the parent process does not exit.
As runc is an open source library, the code may be referenced by other three parties, and they may call the code of runc in the form of a resident process. There is a possibility of a memory leak.
Beta Was this translation helpful? Give feedback.
All reactions