Description
Volume Store does have a lock mechanism preventing race conditions between volume creation and volume removal / pruning.
However, calls to usedVolumes, which will decide which volumes are safe to remove, are not protected.
From a casual reading of the source, it seems to me that container creation or removal could race a call to usedVolumes, resulting in removal or pruning to either fail to remove volumes that should have been (this case is ok IMHO), but also possibly removing volumes that should not be as they are NOW in use (this one is probably really bad).
Solution could be that we enforce the volume lock mechanism so that container creation has to get an exclusive lock, and then we also put usedVolumes inside the locked function.
That would definitely solve the bad scenario:
- usedVolume check -> container is created with volume -> volume destroy
Trying to lock as well on container remove or prune is unlikely to bring joy - but again, in that case, it is not too bad (we just fail to remove stuff that could have been).
Furthermore, other calls to volStore.Get with the intent of creating volumes dependent on results are also susceptible to the same problem.
Since we now changed the behavior of Create to align with docker, I will fix the simplest / most egregious cases ("get" then "create") and overall revamp Get which is not safe.
But for the rest (locking volStore on container create):
Is this reading overall accurate?
Thoughts?
Steps to reproduce the issue
na
Describe the results you received and expected
na
What version of nerdctl are you using?
main
Are you using a variant of nerdctl? (e.g., Rancher Desktop)
None
Host information
No response
Description
Volume Store does have a lock mechanism preventing race conditions between volume creation and volume removal / pruning.
However, calls to
usedVolumes, which will decide which volumes are safe to remove, are not protected.From a casual reading of the source, it seems to me that container creation or removal could race a call to
usedVolumes, resulting in removal or pruning to either fail to remove volumes that should have been (this case is ok IMHO), but also possibly removing volumes that should not be as they are NOW in use (this one is probably really bad).Solution could be that we enforce the volume lock mechanism so that container
creationhas to get an exclusive lock, and then we also putusedVolumesinside the locked function.That would definitely solve the bad scenario:
Trying to lock as well on container remove or prune is unlikely to bring joy - but again, in that case, it is not too bad (we just fail to remove stuff that could have been).
Furthermore, other calls to
volStore.Getwith the intent of creating volumes dependent on results are also susceptible to the same problem.Since we now changed the behavior of
Createto align with docker, I will fix the simplest / most egregious cases ("get" then "create") and overall revampGetwhich is not safe.But for the rest (locking volStore on container create):
Is this reading overall accurate?
Thoughts?
Steps to reproduce the issue
na
Describe the results you received and expected
na
What version of nerdctl are you using?
main
Are you using a variant of nerdctl? (e.g., Rancher Desktop)
None
Host information
No response