go
/
gvisor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add DecRef for verity FDs that were missing 

Some FileDescriptions in verity fs were opened but DecRef() were missing
after used. This could result in a ref leak.

PiperOrigin-RevId: 368096759
This commit is contained in:
Chong Cai 2021-04-12 15:24:49 -07:00 committed by gVisor bot
parent f4f6ce337a
commit c4c6a71fb9
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/sentry/fsimpl/verity/filesystem.go
View File

@ -229,6 +229,8 @@ func (fs *filesystem) verifyChildLocked(ctx context.Context, parent *dentry, chi
return nil, err return nil, err
} }
defer parentMerkleFD.DecRef(ctx)
// dataSize is the size of raw data for the Merkle tree. For a file, // dataSize is the size of raw data for the Merkle tree. For a file,
// dataSize is the size of the whole file. For a directory, dataSize is // dataSize is the size of the whole file. For a directory, dataSize is
// the size of all its children's hashes. // the size of all its children's hashes.
@ -337,6 +339,8 @@ func (fs *filesystem) verifyStatAndChildrenLocked(ctx context.Context, d *dentry
return err return err
} }
defer fd.DecRef(ctx)
merkleSize, err := fd.GetXattr(ctx, &vfs.GetXattrOptions{ merkleSize, err := fd.GetXattr(ctx, &vfs.GetXattrOptions{
Name: merkleSizeXattr, Name: merkleSizeXattr,
Size: sizeOfStringInt32, Size: sizeOfStringInt32,

2
pkg/sentry/fsimpl/verity/verity.go
View File

@ -494,6 +494,8 @@ func (fstype FilesystemType) GetFilesystem(ctx context.Context, vfsObj *vfs.Virt
return nil, nil, err return nil, nil, err
} }
defer lowerMerkleFD.DecRef(ctx)
childrenNames := make([]byte, size) childrenNames := make([]byte, size)
if _, err := lowerMerkleFD.PRead(ctx, usermem.BytesIOSequence(childrenNames), int64(off), vfs.ReadOptions{}); err != nil { if _, err := lowerMerkleFD.PRead(ctx, usermem.BytesIOSequence(childrenNames), int64(off), vfs.ReadOptions{}); err != nil {
return nil, nil, alertIntegrityViolation(fmt.Sprintf("Failed to read root children map: %v", err)) return nil, nil, alertIntegrityViolation(fmt.Sprintf("Failed to read root children map: %v", err))