Fix file descriptor leaks in remote import, save, and checkpoint operations#28741
Open
SebTardif wants to merge 1 commit into
Open
Fix file descriptor leaks in remote import, save, and checkpoint operations#28741SebTardif wants to merge 1 commit into
SebTardif wants to merge 1 commit into
Conversation
…ations Fix four file descriptor leaks: 1. tunnel/images.go Import: os.Open(opts.Source) never closed 2. tunnel/images.go Save: second os.Open for oci-dir/docker-dir never closed 3. bindings/checkpoint.go Restore: os.Open(importPath) never closed 4. container_internal_common.go: os.Create in checkpoint volume export loop not closed on five error paths These are the same class of bug fixed in containers#28723 and containers#28724. Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Fixes four file descriptor leaks across remote operations and checkpoint:
tunnel/images.goImport:os.Open(opts.Source)opens the import source file but never closes it. Everypodman --remote importfrom a local file leaks one FD. Addeddefer f.Close().tunnel/images.goSave: Foroci-dir/docker-dirformats, a secondos.Open(f.Name())reopens the temp file for untarring but the handle is never closed. Three error paths also leak. Addeddefer f.Close().bindings/checkpoint.goRestore:os.Open(i)opens the checkpoint import archive, but the result is assigned to anio.Readervariable, hiding the*os.File. No close anywhere. Introduced a typed*os.Filevariable withdefer Close().container_internal_common.goexportCheckpoint: Inside aforloop,os.Create()opens a volume tar file. The explicit close at the end is only reached on the happy path; five error return paths skip it. Added explicitClose()on each error path (notdefer, which would accumulate in a loop).These are the same class of bug fixed in #28723 and #28724.
Bug origins
How was this tested?
All fixes are minimal close/defer additions with no behavioral change.
go vetandgo buildpass on all affected packages. The affected remote packages (tunnel/,bindings/containers/) have no existing test files. RequestingNo New Testslabel.Does this PR introduce a user-facing change?
No. The FD leaks are invisible to the user but waste system resources on every affected operation.