Fix incorrect lock order in execve(2) around TaskSet.mu

shailend-g · gvisor-bot · commit 973cf7601abe · 2025-09-11T11:18:54.000-07:00
FSContext.mu is made a lockdep mutex. Fixes the following cycle detected by
syzcaller:

goroutine 1 (execve):        fs.mu.Lock() -&gt; ts.mu.Rlock()
goroutine 2 (CreateProcess): ts.mu.Lock() -&gt; t.mu.Lock()
goroutine 3 (unshare):       t.mu.Lock() -&gt; fs.mu.Lock()

PiperOrigin-RevId: 805914251
diff --git a/pkg/sentry/kernel/BUILD b/pkg/sentry/kernel/BUILD
@@ -94,6 +94,13 @@ declare_mutex(
     prefix = "fdTable",
 )
 
+declare_mutex(
+    name = "fs_context_mutex",
+    out = "fs_context_mutex.go",
+    package = "kernel",
+    prefix = "fsContext",
+)
+
 declare_mutex(
     name = "running_tasks_mutex",
     out = "running_tasks_mutex.go",
@@ -245,6 +252,7 @@ go_library(
         "fd_table_refs.go",
         "fd_table_unsafe.go",
         "fs_context.go",
+        "fs_context_mutex.go",
         "fs_context_refs.go",
         "ipc_namespace.go",
         "kcov.go",
diff --git a/pkg/sentry/kernel/fs_context.go b/pkg/sentry/kernel/fs_context.go
@@ -19,7 +19,6 @@ import (
 
 	"gvisor.dev/gvisor/pkg/context"
 	"gvisor.dev/gvisor/pkg/sentry/vfs"
-	"gvisor.dev/gvisor/pkg/sync"
 )
 
 // FSContext contains filesystem context.
@@ -31,7 +30,7 @@ type FSContext struct {
 	FSContextRefs
 
 	// mu protects below.
-	mu sync.Mutex `state:"nosave"`
+	mu fsContextMutex `state:"nosave"`
 
 	// root is the filesystem root.
 	root vfs.VirtualDentry
@@ -203,16 +202,17 @@ func (f *FSContext) SwapUmask(mask uint) uint {
 //
 // See Linux's fs_struct->in_exec.
 func (f *FSContext) checkAndPreventSharingOutsideTG(tg *ThreadGroup) bool {
+	tg.pidns.owner.mu.RLock()
+	defer tg.pidns.owner.mu.RUnlock()
 	f.mu.Lock()
 	defer f.mu.Unlock()
 
 	tgCount := int64(0)
-	tg.ForEachTask(func(t *Task) bool {
+	for t := tg.tasks.Front(); t != nil; t = t.Next() {
 		if t.FSContext() == f {
 			tgCount++
 		}
-		return true
-	})
+	}
 
 	shared := f.ReadRefs() > tgCount
 	if !shared {
diff --git a/pkg/sentry/kernel/kernel.go b/pkg/sentry/kernel/kernel.go
@@ -26,6 +26,7 @@
 //	      TaskSet.mu
 //	        SignalHandlers.mu
 //	          Task.mu
+//	            FSContext.mu
 //	      runningTasksMu
 //
 // Locking SignalHandlers.mu in multiple SignalHandlers requires locking
