diff options
| author | gVisor bot <gvisor-bot@google.com> | 2021-08-27 20:25:51 +0000 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2021-08-27 20:25:51 +0000 |
| commit | ac5bbb582c3d828b337dc3b0ce8b7ce41519d4dd (patch) | |
| tree | b7b4198cd4ba286ee37e407b1f643aa9407994b2 /pkg/sentry/kernel | |
| parent | 8416dca58aa8e1c9ab0ed5dfd4a3cdf8bd9ffef6 (diff) | |
| parent | f7281c6cb9bbf3e5757adf52a7820499b5a7483b (diff) | |
Merge release-20210816.0-52-gf7281c6cb (automated)
Diffstat (limited to 'pkg/sentry/kernel')
| -rw-r--r-- | pkg/sentry/kernel/task_exec.go | 8 | ||||
| -rw-r--r-- | pkg/sentry/kernel/task_exit.go | 9 | ||||
| -rw-r--r-- | pkg/sentry/kernel/task_image.go | 2 |
3 files changed, 16 insertions, 3 deletions
diff --git a/pkg/sentry/kernel/task_exec.go b/pkg/sentry/kernel/task_exec.go index 9175b911c..db91fc4d8 100644 --- a/pkg/sentry/kernel/task_exec.go +++ b/pkg/sentry/kernel/task_exec.go @@ -222,9 +222,15 @@ func (r *runSyscallAfterExecStop) execute(t *Task) taskRunState { // Update credentials to reflect the execve. This should precede switching // MMs to ensure that dumpability has been reset first, if needed. t.updateCredsForExecLocked() - t.image.release() + oldImage := t.image t.image = *r.image t.mu.Unlock() + + // Don't hold t.mu while calling t.image.release(), that may + // attempt to acquire TaskImage.MemoryManager.mappingMu, a lock order + // violation. + oldImage.release() + t.unstopVforkParent() t.p.FullStateChanged() // NOTE(b/30316266): All locks must be dropped prior to calling Activate. diff --git a/pkg/sentry/kernel/task_exit.go b/pkg/sentry/kernel/task_exit.go index 342e5debe..b3931445b 100644 --- a/pkg/sentry/kernel/task_exit.go +++ b/pkg/sentry/kernel/task_exit.go @@ -230,9 +230,16 @@ func (*runExitMain) execute(t *Task) taskRunState { t.tg.pidns.owner.mu.Lock() t.updateRSSLocked() t.tg.pidns.owner.mu.Unlock() + + // Release the task image resources. Accessing these fields must be + // done with t.mu held, but the mm.DecUsers() call must be done outside + // of that lock. t.mu.Lock() - t.image.release() + mm := t.image.MemoryManager + t.image.MemoryManager = nil + t.image.fu = nil t.mu.Unlock() + mm.DecUsers(t) // Releasing the MM unblocks a blocked CLONE_VFORK parent. t.unstopVforkParent() diff --git a/pkg/sentry/kernel/task_image.go b/pkg/sentry/kernel/task_image.go index c132c27ef..6002ffb42 100644 --- a/pkg/sentry/kernel/task_image.go +++ b/pkg/sentry/kernel/task_image.go @@ -53,7 +53,7 @@ type TaskImage struct { } // release releases all resources held by the TaskImage. release is called by -// the task when it execs into a new TaskImage or exits. +// the task when it execs into a new TaskImage. func (image *TaskImage) release() { // Nil out pointers so that if the task is saved after release, it doesn't // follow the pointers to possibly now-invalid objects. |