From 496a3654e7af2ee905c1183c622687c6af29069b Mon Sep 17 00:00:00 2001 From: Chong Cai Date: Thu, 8 Apr 2021 17:59:46 -0700 Subject: Set parent after child is verified We should only set parent after child is verified. Also, if the parent is set before verified, destroyLocked() will try to grab parent.dirMu, which may cause deadlock. PiperOrigin-RevId: 367543655 --- pkg/sentry/fsimpl/verity/filesystem.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'pkg') diff --git a/pkg/sentry/fsimpl/verity/filesystem.go b/pkg/sentry/fsimpl/verity/filesystem.go index 6cb1a23e0..214ffd095 100644 --- a/pkg/sentry/fsimpl/verity/filesystem.go +++ b/pkg/sentry/fsimpl/verity/filesystem.go @@ -632,8 +632,6 @@ func (fs *filesystem) lookupAndVerifyLocked(ctx context.Context, parent *dentry, childVD.IncRef() childMerkleVD.IncRef() - parent.IncRef() - child.parent = parent child.name = name child.mode = uint32(stat.Mode) @@ -657,6 +655,9 @@ func (fs *filesystem) lookupAndVerifyLocked(ctx context.Context, parent *dentry, } } + parent.IncRef() + child.parent = parent + return child, nil } -- cgit v1.2.3