From 763d7e6e396d8d4c67d650e02bd2350b22606ada Mon Sep 17 00:00:00 2001 From: Ayush Ranjan Date: Tue, 26 Oct 2021 11:56:09 -0700 Subject: Obtain ref on root dentry in mqfs.GetFilesystem. As documented in FilesystemType.GetFilesystem, a reference should be taken on the returned dentry and filesystem by GetFilesystem implementation. mqfs did not do that. Additionally cleanup and clarify ref counting of dentry, filesystem and mount in mqfs. Reported-by: syzbot+a2c54bfb6e1525228e5f@syzkaller.appspotmail.com Reported-by: syzbot+ccd305cdab11cfebbfff@syzkaller.appspotmail.com PiperOrigin-RevId: 405700565 --- test/syscalls/linux/BUILD | 1 + test/syscalls/linux/mq.cc | 22 +++++++++++++++------- 2 files changed, 16 insertions(+), 7 deletions(-) (limited to 'test/syscalls/linux') diff --git a/test/syscalls/linux/BUILD b/test/syscalls/linux/BUILD index 9d975c614..6217ff4dc 100644 --- a/test/syscalls/linux/BUILD +++ b/test/syscalls/linux/BUILD @@ -4209,6 +4209,7 @@ cc_binary( linkstatic = 1, deps = [ "//test/util:capability_util", + "//test/util:cleanup", "//test/util:fs_util", "//test/util:mount_util", "//test/util:posix_error", diff --git a/test/syscalls/linux/mq.cc b/test/syscalls/linux/mq.cc index 839877a67..013994fd9 100644 --- a/test/syscalls/linux/mq.cc +++ b/test/syscalls/linux/mq.cc @@ -22,6 +22,7 @@ #include #include "test/util/capability_util.h" +#include "test/util/cleanup.h" #include "test/util/fs_util.h" #include "test/util/mount_util.h" #include "test/util/posix_error.h" @@ -286,18 +287,25 @@ TEST(MqTest, Mount) { TEST(MqTest, MountSeveral) { SKIP_IF(IsRunningWithVFS1() || !ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_SYS_ADMIN))); + constexpr int numMounts = 3; + // mountDirs should outlive mountCUs and queue so that its destructor succeeds + // in unlinking the mountpoints and does not interfere with queue destruction. + testing::TempPath mountDirs[numMounts]; + testing::Cleanup mountCUs[numMounts]; PosixQueue queue = ASSERT_NO_ERRNO_AND_VALUE( MqOpen(O_RDWR | O_CREAT | O_EXCL, 0777, nullptr)); - auto const dir1 = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); - // Assign the pointer so it doesn't get destroyed before the second mount is - // created. - auto mnt = - ASSERT_NO_ERRNO_AND_VALUE(Mount("none", dir1.path(), "mqueue", 0, "", 0)); + for (int i = 0; i < numMounts; ++i) { + mountDirs[i] = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); + mountCUs[i] = ASSERT_NO_ERRNO_AND_VALUE( + Mount("none", mountDirs[i].path(), "mqueue", 0, "", 0)); + } - auto const dir2 = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); - ASSERT_NO_ERRNO(Mount("none", dir2.path(), "mqueue", 0, "", 0)); + // Ensure that queue is visible from all mounts. + for (int i = 0; i < numMounts; ++i) { + ASSERT_NO_ERRNO(Stat(JoinPath(mountDirs[i].path(), queue.name()))); + } } // Test mounting mqueue and opening a queue as normal file. -- cgit v1.2.3