diff options
author | Chong Cai <chongc@google.com> | 2021-04-08 17:59:46 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-04-08 18:01:49 -0700 |
commit | 496a3654e7af2ee905c1183c622687c6af29069b (patch) | |
tree | 45a10aef293cd772e1b58fd18956996afed168f3 | |
parent | ae019e39b0f3c6cdff0b1e86771698693fb074e6 (diff) |
Set parent after child is verified
We should only set parent after child is verified. Also, if the parent
is set before verified, destroyLocked() will try to grab parent.dirMu,
which may cause deadlock.
PiperOrigin-RevId: 367543655
-rw-r--r-- | pkg/sentry/fsimpl/verity/filesystem.go | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/pkg/sentry/fsimpl/verity/filesystem.go b/pkg/sentry/fsimpl/verity/filesystem.go index 6cb1a23e0..214ffd095 100644 --- a/pkg/sentry/fsimpl/verity/filesystem.go +++ b/pkg/sentry/fsimpl/verity/filesystem.go @@ -632,8 +632,6 @@ func (fs *filesystem) lookupAndVerifyLocked(ctx context.Context, parent *dentry, childVD.IncRef() childMerkleVD.IncRef() - parent.IncRef() - child.parent = parent child.name = name child.mode = uint32(stat.Mode) @@ -657,6 +655,9 @@ func (fs *filesystem) lookupAndVerifyLocked(ctx context.Context, parent *dentry, } } + parent.IncRef() + child.parent = parent + return child, nil } |