diff options
author | Rahat Mahmood <rahat@google.com> | 2020-09-17 23:35:43 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-09-17 23:37:41 -0700 |
commit | 07d832dbb539e0bcca74800d09d0ea607d8173a3 (patch) | |
tree | 975c8ed10240ac6dadb31c82c7ba6b0c8e68bd23 | |
parent | 2fbd31e726c5d7bcdd44f0498e73124807052d59 (diff) |
fuse.DeviceFD needs to hold a reference on the associated filesystem.
This fixes a use-after-free in fuse.DeviceFD.Release.
PiperOrigin-RevId: 332394146
-rw-r--r-- | pkg/sentry/fsimpl/fuse/dev.go | 7 | ||||
-rw-r--r-- | pkg/sentry/fsimpl/fuse/fusefs.go | 1 |
2 files changed, 7 insertions, 1 deletions
diff --git a/pkg/sentry/fsimpl/fuse/dev.go b/pkg/sentry/fsimpl/fuse/dev.go index 5539466ff..f690ef5ad 100644 --- a/pkg/sentry/fsimpl/fuse/dev.go +++ b/pkg/sentry/fsimpl/fuse/dev.go @@ -95,9 +95,14 @@ type DeviceFD struct { } // Release implements vfs.FileDescriptionImpl.Release. -func (fd *DeviceFD) Release(context.Context) { +func (fd *DeviceFD) Release(ctx context.Context) { if fd.fs != nil { + fd.fs.conn.mu.Lock() fd.fs.conn.connected = false + fd.fs.conn.mu.Unlock() + + fd.fs.VFSFilesystem().DecRef(ctx) + fd.fs = nil } } diff --git a/pkg/sentry/fsimpl/fuse/fusefs.go b/pkg/sentry/fsimpl/fuse/fusefs.go index f1ffd2343..8f37fd40c 100644 --- a/pkg/sentry/fsimpl/fuse/fusefs.go +++ b/pkg/sentry/fsimpl/fuse/fusefs.go @@ -218,6 +218,7 @@ func newFUSEFilesystem(ctx context.Context, devMinor uint32, opts *filesystemOpt conn: conn, } + fs.VFSFilesystem().IncRef() fuseFD.fs = fs return fs, nil |