Add DecRef for verity FDs that were missing

Some FileDescriptions in verity fs were opened but DecRef() were missing after used. This could result in a ref leak. PiperOrigin-RevId: 368096759
author: Chong Cai <chongc@google.com> 2021-04-12 15:24:49 -0700
committer: gVisor bot <gvisor-bot@google.com> 2021-04-12 15:26:57 -0700
commit: c4c6a71fb9d5ed51d0e9e2d6a78eaabf96174849 (patch)
tree: ad7634a70326f9096d8ccb9e621025c873c785d1 /pkg/sentry/fsimpl/verity/verity.go
parent: f4f6ce337aa8ceb46a5a8f783efb770c9a8a2858 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/pkg/sentry/fsimpl/verity/verity.go b/pkg/sentry/fsimpl/verity/verity.go
index 06f2c211c..6b1bfaba3 100644
--- a/pkg/sentry/fsimpl/verity/verity.go
+++ b/pkg/sentry/fsimpl/verity/verity.go
@@ -494,6 +494,8 @@ func (fstype FilesystemType) GetFilesystem(ctx context.Context, vfsObj *vfs.Virt
 			return nil, nil, err
 		}
 
+		defer lowerMerkleFD.DecRef(ctx)
+
 		childrenNames := make([]byte, size)
 		if _, err := lowerMerkleFD.PRead(ctx, usermem.BytesIOSequence(childrenNames), int64(off), vfs.ReadOptions{}); err != nil {
 			return nil, nil, alertIntegrityViolation(fmt.Sprintf("Failed to read root children map: %v", err))
author	Chong Cai <chongc@google.com>	2021-04-12 15:24:49 -0700
committer	gVisor bot <gvisor-bot@google.com>	2021-04-12 15:26:57 -0700
commit	c4c6a71fb9d5ed51d0e9e2d6a78eaabf96174849 (patch)
tree	ad7634a70326f9096d8ccb9e621025c873c785d1 /pkg/sentry/fsimpl/verity/verity.go
parent	f4f6ce337aa8ceb46a5a8f783efb770c9a8a2858 (diff)