From 505bebae43183a68ee8873764817d282a6c49ec6 Mon Sep 17 00:00:00 2001 From: Tiwei Bie Date: Wed, 15 Jul 2020 22:02:26 +0800 Subject: hostinet: fix fd leak in fdnotifier for VFS2 When we failed to create the new socket after adding the fd to fdnotifier, we should remove the fd from fdnotifier, because we are going to close the fd directly. Fixes: #3241 Signed-off-by: Tiwei Bie --- pkg/sentry/socket/hostinet/socket_vfs2.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/sentry/socket/hostinet/socket_vfs2.go b/pkg/sentry/socket/hostinet/socket_vfs2.go index 8f192c62f..8a1d52ebf 100644 --- a/pkg/sentry/socket/hostinet/socket_vfs2.go +++ b/pkg/sentry/socket/hostinet/socket_vfs2.go @@ -71,6 +71,7 @@ func newVFS2Socket(t *kernel.Task, family int, stype linux.SockType, protocol in DenyPWrite: true, UseDentryMetadata: true, }); err != nil { + fdnotifier.RemoveFD(int32(s.fd)) return nil, syserr.FromError(err) } return vfsfd, nil -- cgit v1.2.3