summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/loader/vdso.go
diff options
context:
space:
mode:
authorIan Gudger <igudger@google.com>2018-06-13 20:00:00 -0700
committerShentubot <shentubot@google.com>2018-06-13 20:00:55 -0700
commitf5d0c59f5c736f5f7fceb566e134f41b03229c22 (patch)
treef2a68a0f3f31a6b299097cfe8548a4c2b072fe59 /pkg/sentry/loader/vdso.go
parent1170039e788db368615451a0a1f5cfccb1d28d41 (diff)
Fix reference leak in VDSO validation
PiperOrigin-RevId: 200496070 Change-Id: I33adb717c44e5b4bcadece882be3ab1ee3920556
Diffstat (limited to 'pkg/sentry/loader/vdso.go')
-rw-r--r--pkg/sentry/loader/vdso.go20
1 files changed, 19 insertions, 1 deletions
diff --git a/pkg/sentry/loader/vdso.go b/pkg/sentry/loader/vdso.go
index ce4f6f5d9..037576e41 100644
--- a/pkg/sentry/loader/vdso.go
+++ b/pkg/sentry/loader/vdso.go
@@ -20,10 +20,12 @@ import (
"io"
"gvisor.googlesource.com/gvisor/pkg/abi"
+ "gvisor.googlesource.com/gvisor/pkg/abi/linux"
"gvisor.googlesource.com/gvisor/pkg/log"
"gvisor.googlesource.com/gvisor/pkg/sentry/arch"
"gvisor.googlesource.com/gvisor/pkg/sentry/context"
"gvisor.googlesource.com/gvisor/pkg/sentry/fs"
+ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/anon"
"gvisor.googlesource.com/gvisor/pkg/sentry/fs/fsutil"
"gvisor.googlesource.com/gvisor/pkg/sentry/memmap"
"gvisor.googlesource.com/gvisor/pkg/sentry/mm"
@@ -63,8 +65,23 @@ func (f *fileContext) Value(key interface{}) interface{} {
}
}
+// newByteReaderFile creates a fake file to read data from.
func newByteReaderFile(data []byte) *fs.File {
- dirent := fs.NewTransientDirent(nil)
+ // Create a fake inode.
+ inode := fs.NewInode(fsutil.NewSimpleInodeOperations(fsutil.InodeSimpleAttributes{
+ FSType: linux.ANON_INODE_FS_MAGIC,
+ }), fs.NewNonCachingMountSource(nil, fs.MountSourceFlags{}), fs.StableAttr{
+ Type: fs.Anonymous,
+ DeviceID: anon.PseudoDevice.DeviceID(),
+ InodeID: anon.PseudoDevice.NextIno(),
+ BlockSize: usermem.PageSize,
+ })
+
+ // Use the fake inode to create a fake dirent.
+ dirent := fs.NewTransientDirent(inode)
+ defer dirent.DecRef()
+
+ // Use the fake dirent to make a fake file.
flags := fs.FileFlags{Read: true, Pread: true}
return fs.NewFile(&fileContext{Context: context.Background()}, dirent, flags, &byteReader{
data: data,
@@ -202,6 +219,7 @@ func PrepareVDSO(p platform.Platform) (*VDSO, error) {
// First make sure the VDSO is valid. vdsoFile does not use ctx, so a
// nil context can be passed.
info, err := validateVDSO(nil, vdsoFile, uint64(len(vdsoBin)))
+ vdsoFile.DecRef()
if err != nil {
return nil, err
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 06:32:59 +0000