Skip to content

Fix invalid ATIME mask when clearing recursive mount options #5096

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
arnavgogia20 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Fix invalid ATIME mask when clearing recursive mount options #5096

arnavgogia20 wants to merge 3 commits into from
+47 −0

Conversation

@arnavgogia20
Copy link

@arnavgogia20 arnavgogia20 commented Feb 2, 2026

Summary

Fix an issue where clearing recursive mount ATIME options could generate an invalid partial ATIME mask, causing mount_setattr(2) to fail with EINVAL.

Problem

The mount_setattr(2) syscall requires that if any ATIME-related bit is modified, the entire MOUNT_ATTR__ATIME mask must be provided in attr_clr.

While parseMountOptions correctly handled this requirement when setting ATIME flags, the clear path (used by ratime, rnorelatime, rnostrictatime) only cleared individual bits. This resulted in invalid partial masks (e.g. 0x10) being passed to the kernel, triggering EINVAL.

Solution

  • Extend the clear branch of parseMountOptions to ensure that whenever an ATIME-related flag is cleared, unix.MOUNT_ATTR__ATIME is included in attr_clr.
  • This aligns runc’s behavior with kernel documentation and matches the existing logic used for setting ATIME attributes.

Tests

  • Added TestParseMountOptionsRecursiveAtime to validate correct behavior when clearing recursive ATIME options.
  • The test ensures a full ATIME mask is emitted, preventing regressions.

Verification

Manually verified using a local reproduction script simulating parseMountOptions behavior:

Case attr_clr
Before (ratime) 0x10 (invalid)
After (ratime) 0x30 (valid full ATIME mask)

Impact

  • Safety: Strictly follows kernel mount_setattr semantics.
  • Scope: Limited to recursive ATIME flag handling.
  • Compatibility: No behavior change for non-ATIME mount attributes.
  • Regression Risk: Low — existing "set" logic remains untouched.

Related Issue

Fixes #5095

@arnavgogia20
specconv: fix recursive mount access-time clearing
9d4e62e 
When clearing an access-time related flag (e.g. via 'ratime',
'rnostrictatime', 'rnorelatime'), only the specific bit was being added
to recAttrClr (e.g. MOUNT_ATTR_NOATIME).

The kernel's mount_setattr(2) requires that if any bit of the
MOUNT_ATTR__ATIME mask is changed, the full mask must be present in
attr_clr. Partial masks result in EINVAL.

This patch ensures that if we are clearing a flag that is part of the
ATIME mask, we add the full MOUNT_ATTR__ATIME mask to recAttrClr,
allowing the kernel to atomically change the setting (e.g. resetting to
relatime).

Fixes: opencontainers#5095
Signed-off-by: arnavgogia20 <[email protected]>
@arnavgogia20
specconv: add test for recursive mount access-time clearing
6b3a819 
Add regression test to ensure that clearing proper recursive access-time
flags (ratime, rnostrictatime, rnorelatime) results in the full ATIME
mask being added to attr_clr, satisfying kernel requirements.

Signed-off-by: arnavgogia20 <[email protected]>
@arnavgogia20
specconv: use explicit ATIME mask constant checks
c65be45 
The definition of MOUNT_ATTR__ATIME in golang.org/x/sys/unix might vary
or include bits (like NODIRATIME) that incorrectly trigger on some
kernels or fail strict checks. This patch defines a local constant
containing only the ATIME-related bits (NOATIME|RELATIME|STRICTATIME)
to ensure correct and consistent behavior across build environments.

This fixes CI failures where 0x70 (likely including NODIRATIME) was
being used.

Signed-off-by: arnavgogia20 <[email protected]>
@saku3
Copy link
Contributor

saku3 commented Feb 2, 2026
edited
Loading

It’s best to refer to the kernel definitions and the mount_setattr(2) documentation.

https://github.com/torvalds/linux/blob/master/include/uapi/linux/mount.h#L120

Ultimately, what we need to specify in attr_clr is MOUNT_ATTR__ATIME = (0x70).
unix.MOUNT_ATTR_RELATIME | unix.MOUNT_ATTR_NOATIME | unix.MOUNT_ATTR_STRICTATIME equals 0x30, but that is not sufficient.

I also think we should verify runc’s actual behavior, not just parseMountOptions. This change does not fix the issue.

@kolyshkin
Copy link
Contributor

kolyshkin commented Feb 2, 2026

I'm inclined to close this for reasons similar to ones laid out here: #5097 (comment) but will keep it open for now, letting @arnavgogia20 address the comment above, and @lifubang to take a look as he's working on the same issue.

@lifubang lifubang mentioned this pull request Feb 3, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Recursive mounts with access-time settings do not work correctly

3 participants

@arnavgogia20 @saku3 @kolyshkin