From 2c3ee1eda5575b01f2c486c340bfb4ed2f274baf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bombo?= Date: Thu, 29 Jan 2026 22:09:33 -0600 Subject: [PATCH] debug: fix cache key MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aurélien Bombo --- src/runtime/virtcontainers/fs_share_linux.go | 37 ++++++++++++++------ 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/src/runtime/virtcontainers/fs_share_linux.go b/src/runtime/virtcontainers/fs_share_linux.go index 432fff72b9..28c490d1de 100644 --- a/src/runtime/virtcontainers/fs_share_linux.go +++ b/src/runtime/virtcontainers/fs_share_linux.go @@ -76,6 +76,14 @@ func resolveRootDir() string { return rootDir } +// mountCacheKey uniquely identifies a mount within a sandbox. +// The cache is keyed by container ID and source path because guestPath +// is container-specific (includes container ID and random bytes). +type mountCacheKey struct { + containerID string + source string +} + type FilesystemShare struct { sandbox *Sandbox watcher *fsnotify.Watcher @@ -86,9 +94,9 @@ type FilesystemShare struct { // srcDstMap tracks file-level source to destination mappings for configmap/secret watching srcDstMap map[string][]string srcDstMapLock sync.Mutex - // srcGuestMap caches volume source path to guest path, enabling multiple containers - // in the same pod to share the same volume mount - srcGuestMap map[string]string + // srcGuestMap caches volume source path to guest path, enabling caching + // within a container if it mounts the same source multiple times + srcGuestMap map[mountCacheKey]string srcGuestMapLock sync.Mutex eventLoopStarted bool eventLoopStartedLock sync.Mutex @@ -112,7 +120,7 @@ func NewFilesystemShare(s *Sandbox) (*FilesystemShare, error) { sandbox: s, watcherDoneChannel: make(chan bool), srcDstMap: make(map[string][]string), - srcGuestMap: make(map[string]string), + srcGuestMap: make(map[mountCacheKey]string), watcher: watcher, configVolRegex: configVolRegex, timestampDirRegex: timestampDirRegex, @@ -304,14 +312,19 @@ func (f *FilesystemShare) Cleanup(ctx context.Context) error { func (f *FilesystemShare) ShareFile(ctx context.Context, c *Container, m *Mount) (*SharedFile, error) { caps := f.sandbox.hypervisor.Capabilities(ctx) - // Check if this volume source has already been shared by another container in this pod + // Cache key includes container ID because guestPath is container-specific. + // This allows caching within a single container (if it mounts the same source multiple times) + // while ensuring different containers get their own mounts. + cacheKey := mountCacheKey{containerID: c.id, source: m.Source} + + // Check if this volume source has already been shared by this container f.srcGuestMapLock.Lock() - if guestPath, ok := f.srcGuestMap[m.Source]; ok { + if cachedGuestPath, ok := f.srcGuestMap[cacheKey]; ok { f.srcGuestMapLock.Unlock() if caps.IsFsSharingSupported() { - m.HostPath = filepath.Join(getMountPath(f.sandbox.ID()), filepath.Base(guestPath)) + m.HostPath = filepath.Join(getMountPath(f.sandbox.ID()), filepath.Base(cachedGuestPath)) } - return &SharedFile{guestPath: guestPath}, nil + return &SharedFile{guestPath: cachedGuestPath}, nil } f.srcGuestMapLock.Unlock() @@ -435,10 +448,10 @@ func (f *FilesystemShare) ShareFile(ctx context.Context, c *Container, m *Mount) m.HostPath = mountDest } - // Cache the guestPath for this volume source so other containers can share it + // Cache the guestPath for this container and volume source f.srcGuestMapLock.Lock() defer f.srcGuestMapLock.Unlock() - f.srcGuestMap[m.Source] = guestPath + f.srcGuestMap[cacheKey] = guestPath return &SharedFile{ guestPath: guestPath, @@ -464,8 +477,10 @@ func (f *FilesystemShare) UnshareFile(ctx context.Context, c *Container, m *Moun } } + // Remove the cache entry for this container and volume source + cacheKey := mountCacheKey{containerID: c.id, source: m.Source} f.srcGuestMapLock.Lock() - delete(f.srcGuestMap, m.Source) + delete(f.srcGuestMap, cacheKey) f.srcGuestMapLock.Unlock() return nil