diff options
| author | Andrei Vagin <avagin@google.com> | 2020-11-17 14:53:06 -0800 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2020-11-17 14:56:21 -0800 |
| commit | 10ba578c018294bb037a7eb90010491cdda270a7 (patch) | |
| tree | 9ccfa71df4eb6e83daa384440b3393894b3f724d /pkg | |
| parent | e2d9a68eef9f4d468a2983ab500ea2ab25f00e86 (diff) | |
tmpfs: make sure that a dentry will not be destroyed before the open() call
If we don't hold a reference, the dentry can be destroyed by another thread.
Reported-by: syzbot+f2132e50060c41f6d41f@syzkaller.appspotmail.com
PiperOrigin-RevId: 342951940
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/sentry/fsimpl/tmpfs/filesystem.go | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/pkg/sentry/fsimpl/tmpfs/filesystem.go b/pkg/sentry/fsimpl/tmpfs/filesystem.go index e39cd305b..61138a7a4 100644 --- a/pkg/sentry/fsimpl/tmpfs/filesystem.go +++ b/pkg/sentry/fsimpl/tmpfs/filesystem.go @@ -381,6 +381,8 @@ afterTrailingSymlink: creds := rp.Credentials() child := fs.newDentry(fs.newRegularFile(creds.EffectiveKUID, creds.EffectiveKGID, opts.Mode)) parentDir.insertChildLocked(child, name) + child.IncRef() + defer child.DecRef(ctx) unlock() fd, err := child.open(ctx, rp, &opts, true) if err != nil { |