Merge release-20210726.0-52-g5456fa647 (automated)

1 files changed, 15 insertions, 3 deletions

diff --git a/pkg/sentry/fsimpl/verity/verity.go b/pkg/sentry/fsimpl/verity/verity.go
index c5fa9855b..d05fa8390 100644
--- a/pkg/sentry/fsimpl/verity/verity.go
+++ b/pkg/sentry/fsimpl/verity/verity.go
@@ -1091,6 +1091,21 @@ func (fd *fileDescription) enableVerity(ctx context.Context) (uintptr, error) {
 		return 0, fd.d.fs.alertIntegrityViolation("Unexpected verity fd: missing expected underlying fds")
 	}
 
+	// Populate children names here. We cannot rely on the children
+	// dentries to populate parent dentry's children names, because the
+	// parent dentry may be destroyed before users enable verity if its ref
+	// count drops to zero.
+	if fd.d.isDir() {
+		if err := fd.IterDirents(ctx, vfs.IterDirentsCallbackFunc(func(dirent vfs.Dirent) error {
+			if dirent.Name != "." && dirent.Name != ".." {
+				fd.d.childrenNames[dirent.Name] = struct{}{}
+			}
+			return nil
+		})); err != nil {
+			return 0, err
+		}
+	}
+
 	hash, dataSize, err := fd.generateMerkleLocked(ctx)
 	if err != nil {
 		return 0, err
@@ -1118,9 +1133,6 @@ func (fd *fileDescription) enableVerity(ctx context.Context) (uintptr, error) {
 		}); err != nil {
 			return 0, err
 		}
-
-		// Add the current child's name to parent's childrenNames.
-		fd.d.parent.childrenNames[fd.d.name] = struct{}{}
 	}
 
 	// Record the size of the data being hashed for fd.