summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
diff options
context:
space:
mode:
authorAndrei Vagin <avagin@google.com>2020-11-17 14:53:06 -0800
committergVisor bot <gvisor-bot@google.com>2020-11-17 14:56:21 -0800
commit10ba578c018294bb037a7eb90010491cdda270a7 (patch)
tree9ccfa71df4eb6e83daa384440b3393894b3f724d /pkg/sentry
parente2d9a68eef9f4d468a2983ab500ea2ab25f00e86 (diff)
tmpfs: make sure that a dentry will not be destroyed before the open() call
If we don't hold a reference, the dentry can be destroyed by another thread. Reported-by: syzbot+f2132e50060c41f6d41f@syzkaller.appspotmail.com PiperOrigin-RevId: 342951940
Diffstat (limited to 'pkg/sentry')
-rw-r--r--pkg/sentry/fsimpl/tmpfs/filesystem.go2
1 files changed, 2 insertions, 0 deletions
diff --git a/pkg/sentry/fsimpl/tmpfs/filesystem.go b/pkg/sentry/fsimpl/tmpfs/filesystem.go
index e39cd305b..61138a7a4 100644
--- a/pkg/sentry/fsimpl/tmpfs/filesystem.go
+++ b/pkg/sentry/fsimpl/tmpfs/filesystem.go
@@ -381,6 +381,8 @@ afterTrailingSymlink:
creds := rp.Credentials()
child := fs.newDentry(fs.newRegularFile(creds.EffectiveKUID, creds.EffectiveKGID, opts.Mode))
parentDir.insertChildLocked(child, name)
+ child.IncRef()
+ defer child.DecRef(ctx)
unlock()
fd, err := child.open(ctx, rp, &opts, true)
if err != nil {