diff options
| author | Nicolas Lacasse <nlacasse@google.com> | 2018-07-18 11:48:56 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-07-18 11:49:50 -0700 |
| commit | 63e2820f7bc5b15eacd406ac10b8e83b3bc87fa4 (patch) | |
| tree | 10df87de3d01fa817b187da8afb89603fa6f2846 /pkg/sentry/fs/gofer/inode.go | |
| parent | 733ebe7c09404ea2e443e12143edc768a81cd415 (diff) | |
Fix lock-ordering violation in Create by logging BaseName instead of FullName.
Dirent.FullName takes the global renameMu, but can be called during Create,
which itself takes dirent.mu and dirent.dirMu, which is a lock-order violation:
Dirent.Create
d.dirMu.Lock
d.mu.Lock
Inode.Create
gofer.inodeOperations.Create
gofer.NewFile
Dirent.FullName
d.renameMu.RLock
We only use the FullName here for logging, and in this case we can get by with
logging only the BaseName.
A `BaseName` method was added to Dirent, which simply returns the name, taking
d.parent.mu as required.
In the Create pathway, we can't call d.BaseName() because taking d.parent.mu
after d.mu violates the lock order. But we already know the base name of the
file we just created, so that's OK.
In the Open/GetFile pathway, we are free to call d.BaseName() because the other
dirent locks are not held.
PiperOrigin-RevId: 205112278
Change-Id: Ib45c734081aecc9b225249a65fa8093eb4995f10
Diffstat (limited to 'pkg/sentry/fs/gofer/inode.go')
| -rw-r--r-- | pkg/sentry/fs/gofer/inode.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/pkg/sentry/fs/gofer/inode.go b/pkg/sentry/fs/gofer/inode.go index fa9013b75..df584c382 100644 --- a/pkg/sentry/fs/gofer/inode.go +++ b/pkg/sentry/fs/gofer/inode.go @@ -391,7 +391,7 @@ func (i *inodeOperations) getFilePipe(ctx context.Context, d *fs.Dirent, flags f if err != nil { return nil, err } - return NewFile(ctx, d, flags, i, h), nil + return NewFile(ctx, d, d.BaseName(), flags, i, h), nil } // errNotHostFile indicates that the file is not a host file. @@ -430,7 +430,7 @@ func (i *inodeOperations) getFileDefault(ctx context.Context, d *fs.Dirent, flag if err != nil { return nil, err } - return NewFile(ctx, d, flags, i, h), nil + return NewFile(ctx, d, d.BaseName(), flags, i, h), nil } h, ok := i.fileState.getCachedHandles(ctx, flags, d.Inode.MountSource) @@ -443,7 +443,7 @@ func (i *inodeOperations) getFileDefault(ctx context.Context, d *fs.Dirent, flag } i.fileState.setHandlesForCachedIO(flags, h) - return NewFile(ctx, d, flags, i, h), nil + return NewFile(ctx, d, d.BaseName(), flags, i, h), nil } // SetPermissions implements fs.InodeOperations.SetPermissions. |