From ca9a45f282a08a88df19c93d5968d720b5153c41 Mon Sep 17 00:00:00 2001
From: Jamie Liu <jamieliu@google.com>
Date: Wed, 20 Jan 2021 16:46:18 -0800
Subject: Fix refcount increments in gofer.filesystem.Sync.

Fixes #5263

PiperOrigin-RevId: 352903844
---
 pkg/sentry/fsimpl/gofer/filesystem.go | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'pkg/sentry/fsimpl/gofer/filesystem.go')

diff --git a/pkg/sentry/fsimpl/gofer/filesystem.go b/pkg/sentry/fsimpl/gofer/filesystem.go
index 91d5dc174..8f95473b6 100644
--- a/pkg/sentry/fsimpl/gofer/filesystem.go
+++ b/pkg/sentry/fsimpl/gofer/filesystem.go
@@ -36,16 +36,26 @@ import (
 // Sync implements vfs.FilesystemImpl.Sync.
 func (fs *filesystem) Sync(ctx context.Context) error {
 	// Snapshot current syncable dentries and special file FDs.
+	fs.renameMu.RLock()
 	fs.syncMu.Lock()
 	ds := make([]*dentry, 0, len(fs.syncableDentries))
 	for d := range fs.syncableDentries {
+		// It's safe to use IncRef here even though fs.syncableDentries doesn't
+		// hold references since we hold fs.renameMu. Note that we can't use
+		// TryIncRef since cached dentries at zero references should still be
+		// synced.
 		d.IncRef()
 		ds = append(ds, d)
 	}
+	fs.renameMu.RUnlock()
 	sffds := make([]*specialFileFD, 0, len(fs.specialFileFDs))
 	for sffd := range fs.specialFileFDs {
-		sffd.vfsfd.IncRef()
-		sffds = append(sffds, sffd)
+		// As above, fs.specialFileFDs doesn't hold references. However, unlike
+		// dentries, an FD that has reached zero references can't be
+		// resurrected, so we can use TryIncRef.
+		if sffd.vfsfd.TryIncRef() {
+			sffds = append(sffds, sffd)
+		}
 	}
 	fs.syncMu.Unlock()
 
-- 
cgit v1.2.3