Set root dentry and hash for verity before verify

Set root dentry and root hash in verity fs before we verify the root directory if a root hash is provided. These are used during verification. PiperOrigin-RevId: 367547346
author: Chong Cai <chongc@google.com> 2021-04-08 18:31:11 -0700
committer: gVisor bot <gvisor-bot@google.com> 2021-04-08 18:33:20 -0700
commit: edf30a9bc5a645a7e03fca81f3e5852214588021 (patch)
tree: f1adec56d67894993f0912468850e962f1158c28
parent: 496a3654e7af2ee905c1183c622687c6af29069b (diff)
1 files changed, 7 insertions, 6 deletions
diff --git a/pkg/sentry/fsimpl/verity/verity.go b/pkg/sentry/fsimpl/verity/verity.go
index 6d6e0e77a..06f2c211c 100644
--- a/pkg/sentry/fsimpl/verity/verity.go
+++ b/pkg/sentry/fsimpl/verity/verity.go
@@ -428,9 +428,15 @@ func (fstype FilesystemType) GetFilesystem(ctx context.Context, vfsObj *vfs.Virt
 	d.mode = uint32(stat.Mode)
 	d.uid = stat.UID
 	d.gid = stat.GID
-	d.hash = make([]byte, len(rootHash))
 	d.childrenNames = make(map[string]struct{})
 
+	d.hashMu.Lock()
+	d.hash = make([]byte, len(rootHash))
+	copy(d.hash, rootHash)
+	d.hashMu.Unlock()
+
+	fs.rootDentry = d
+
 	if !d.isDir() {
 		ctx.Warningf("verity root must be a directory")
 		return nil, nil, syserror.EINVAL
@@ -502,13 +508,8 @@ func (fstype FilesystemType) GetFilesystem(ctx context.Context, vfsObj *vfs.Virt
 		}
 	}
 
-	d.hashMu.Lock()
-	copy(d.hash, rootHash)
-	d.hashMu.Unlock()
 	d.vfsd.Init(d)
 
-	fs.rootDentry = d
-
 	return &fs.vfsfs, &d.vfsd, nil
 }
author	Chong Cai <chongc@google.com>	2021-04-08 18:31:11 -0700
committer	gVisor bot <gvisor-bot@google.com>	2021-04-08 18:33:20 -0700
commit	edf30a9bc5a645a7e03fca81f3e5852214588021 (patch)
tree	f1adec56d67894993f0912468850e962f1158c28
parent	496a3654e7af2ee905c1183c622687c6af29069b (diff)