diff options
author | Nicolas Lacasse <nlacasse@google.com> | 2018-09-13 09:49:17 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-09-13 09:50:35 -0700 |
commit | e2d79480f57d96ea90bb73b241f248573c2a33fc (patch) | |
tree | 9ccdd4cff7a79bc8b901e15ab4a96a3425a8f6af /pkg/sentry | |
parent | d689f8422fd55f74f6fc677f33b2bbf3720de89e (diff) |
initArgs must hold a reference on the Root if it is not nil.
The contract in ExecArgs says that a reference on ExecArgs.Root must be held
for the lifetime of the struct, but the caller is free to drop the ref after
that.
As a result, proc.Exec must take an additional ref on Root when it constructs
the CreateProcessArgs, since that holds a pointer to Root as well. That ref is
dropped in CreateProcess.
PiperOrigin-RevId: 212828348
Change-Id: I7f44a612f337ff51a02b873b8a845d3119408707
Diffstat (limited to 'pkg/sentry')
-rw-r--r-- | pkg/sentry/control/proc.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/pkg/sentry/control/proc.go b/pkg/sentry/control/proc.go index 1623ed19a..19bc76f5c 100644 --- a/pkg/sentry/control/proc.go +++ b/pkg/sentry/control/proc.go @@ -132,6 +132,11 @@ func (proc *Proc) execAsync(args *ExecArgs) (*kernel.ThreadGroup, error) { IPCNamespace: proc.Kernel.RootIPCNamespace(), AbstractSocketNamespace: proc.Kernel.RootAbstractSocketNamespace(), } + if initArgs.Root != nil { + // initArgs must hold a reference on Root. This ref is dropped + // in CreateProcess. + initArgs.Root.IncRef() + } ctx := initArgs.NewContext(proc.Kernel) if initArgs.Filename == "" { |