diff options
| author | Tiwei Bie <tiwei.btw@antgroup.com> | 2020-09-08 15:50:29 +0800 |
|---|---|---|
| committer | Tiwei Bie <tiwei.btw@antgroup.com> | 2020-09-08 15:50:29 +0800 |
| commit | ceab2e21de0856c403dc4e37d7f3b68ee970f3d5 (patch) | |
| tree | 52cb4ff49fe9e3a340ff8dbbf1926c38f421e03e /pkg/sentry | |
| parent | fada564c83b397d2e6c4213067ba3db2335445b4 (diff) | |
Fix the use after nil check on args.MountNamespaceVFS2
The args.MountNamespaceVFS2 is used again after the nil check,
instead, mntnsVFS2 which holds the expected reference should be
used. This patch fixes this issue.
Fixes: #3855
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
Diffstat (limited to 'pkg/sentry')
| -rw-r--r-- | pkg/sentry/kernel/kernel.go | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/pkg/sentry/kernel/kernel.go b/pkg/sentry/kernel/kernel.go index 402aa1718..22f9bb006 100644 --- a/pkg/sentry/kernel/kernel.go +++ b/pkg/sentry/kernel/kernel.go @@ -888,17 +888,18 @@ func (k *Kernel) CreateProcess(args CreateProcessArgs) (*ThreadGroup, ThreadID, opener fsbridge.Lookup fsContext *FSContext mntns *fs.MountNamespace + mntnsVFS2 *vfs.MountNamespace ) if VFS2Enabled { - mntnsVFS2 := args.MountNamespaceVFS2 + mntnsVFS2 = args.MountNamespaceVFS2 if mntnsVFS2 == nil { // MountNamespaceVFS2 adds a reference to the namespace, which is // transferred to the new process. mntnsVFS2 = k.globalInit.Leader().MountNamespaceVFS2() } // Get the root directory from the MountNamespace. - root := args.MountNamespaceVFS2.Root() + root := mntnsVFS2.Root() // The call to newFSContext below will take a reference on root, so we // don't need to hold this one. defer root.DecRef(ctx) @@ -1008,7 +1009,7 @@ func (k *Kernel) CreateProcess(args CreateProcessArgs) (*ThreadGroup, ThreadID, UTSNamespace: args.UTSNamespace, IPCNamespace: args.IPCNamespace, AbstractSocketNamespace: args.AbstractSocketNamespace, - MountNamespaceVFS2: args.MountNamespaceVFS2, + MountNamespaceVFS2: mntnsVFS2, ContainerID: args.ContainerID, } t, err := k.tasks.NewTask(config) |