Remove references to replaced child in Rename in ramfs/agentfs

In the case of a rename replacing an existing destination inode, ramfs
Rename failed to first remove the replaced inode. This caused:

1. A leak of a reference to the inode (making it live indefinitely).
2. For directories, a leak of the replaced directory's .. link to the
   parent. This would cause the parent's link count to incorrectly
   increase.

(2) is much simpler to test than (1), so that's what I've done.

agentfs has a similar bug with link count only, so the Dirent layer
informs the Inode if this is a replacing rename.

Fixes #133

PiperOrigin-RevId: 239105698
Change-Id: I4450af2462d8ae3339def812287213d2cbeebde0

1 files changed, 8 insertions, 5 deletions

diff --git a/pkg/sentry/fs/inode_operations.go b/pkg/sentry/fs/inode_operations.go
index db40b5256..548f1eb8b 100644
--- a/pkg/sentry/fs/inode_operations.go
+++ b/pkg/sentry/fs/inode_operations.go
@@ -133,12 +133,15 @@ type InodeOperations interface {
 	// removed is empty.
 	RemoveDirectory(ctx context.Context, dir *Inode, name string) error
 
-	// Rename atomically renames oldName under oldParent to newName
-	// under newParent where oldParent and newParent are directories.
+	// Rename atomically renames oldName under oldParent to newName under
+	// newParent where oldParent and newParent are directories.
 	//
-	// Implementations are responsible for rejecting renames that
-	// replace non-empty directories.
-	Rename(ctx context.Context, oldParent *Inode, oldName string, newParent *Inode, newName string) error
+	// If replacement is true, then newName already exists and this call
+	// will replace it with oldName.
+	//
+	// Implementations are responsible for rejecting renames that replace
+	// non-empty directories.
+	Rename(ctx context.Context, oldParent *Inode, oldName string, newParent *Inode, newName string, replacement bool) error
 
 	// Bind binds a new socket under dir at the given name.
 	// Implementations must ensure that name does not already exist.