diff options
| author | Ayush Ranjan <ayushranjan@google.com> | 2021-10-25 13:43:37 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2021-10-25 13:46:41 -0700 |
| commit | 4d07fc952d6bb5aa70b4bc9ff5e6457987f1721c (patch) | |
| tree | 75442613af4360c670d235f541e0811d68dd1442 | |
| parent | a8a66d899fe075c2a23b21edd0aab4e658ad7e81 (diff) | |
Do not leak non-permission mode bits in mq_open(2).
As caught by syzkaller, we were leaking non-permission bits while passing the
user generated mode. DynamicBytesFile panics in this case.
Reported-by: syzbot+5abe52d47d56a5a98c89@syzkaller.appspotmail.com
PiperOrigin-RevId: 405481392
| -rw-r--r-- | pkg/sentry/kernel/mq/mq.go | 6 | ||||
| -rw-r--r-- | test/syscalls/linux/mq.cc | 11 |
2 files changed, 10 insertions, 7 deletions
diff --git a/pkg/sentry/kernel/mq/mq.go b/pkg/sentry/kernel/mq/mq.go index 50ca6d34a..07482decf 100644 --- a/pkg/sentry/kernel/mq/mq.go +++ b/pkg/sentry/kernel/mq/mq.go @@ -122,7 +122,7 @@ type OpenOpts struct { // FindOrCreate creates a new POSIX message queue or opens an existing queue. // See mq_open(2). -func (r *Registry) FindOrCreate(ctx context.Context, opts OpenOpts, perm linux.FileMode, attr *linux.MqAttr) (*vfs.FileDescription, error) { +func (r *Registry) FindOrCreate(ctx context.Context, opts OpenOpts, mode linux.FileMode, attr *linux.MqAttr) (*vfs.FileDescription, error) { // mq_overview(7) mentions that: "Each message queue is identified by a name // of the form '/somename'", but the mq_open(3) man pages mention: // "The mq_open() library function is implemented on top of a system call @@ -182,11 +182,11 @@ func (r *Registry) FindOrCreate(ctx context.Context, opts OpenOpts, perm linux.F return nil, linuxerr.ENOENT } - q, err := r.newQueueLocked(auth.CredentialsFromContext(ctx), fs.FileOwnerFromContext(ctx), fs.FilePermsFromMode(perm), attr) + q, err := r.newQueueLocked(auth.CredentialsFromContext(ctx), fs.FileOwnerFromContext(ctx), fs.FilePermsFromMode(mode), attr) if err != nil { return nil, err } - return r.impl.New(ctx, opts.Name, q, opts.Access, opts.Block, perm, flags) + return r.impl.New(ctx, opts.Name, q, opts.Access, opts.Block, mode.Permissions(), flags) } // newQueueLocked creates a new queue using the given attributes. If attr is nil diff --git a/test/syscalls/linux/mq.cc b/test/syscalls/linux/mq.cc index 36181f149..839877a67 100644 --- a/test/syscalls/linux/mq.cc +++ b/test/syscalls/linux/mq.cc @@ -34,8 +34,6 @@ namespace gvisor { namespace testing { namespace { -using ::testing::_; - // PosixQueue is a RAII class used to automatically clean POSIX message queues. class PosixQueue { public: @@ -124,8 +122,13 @@ PosixError MqClose(mqd_t fd) { // Test simple opening and closing of a message queue. TEST(MqTest, Open) { SKIP_IF(IsRunningWithVFS1()); - EXPECT_THAT(MqOpen(O_RDWR | O_CREAT | O_EXCL, 0777, nullptr), - IsPosixErrorOkAndHolds(_)); + ASSERT_NO_ERRNO(MqOpen(O_RDWR | O_CREAT | O_EXCL, 0777, nullptr)); +} + +TEST(MqTest, ModeWithFileType) { + SKIP_IF(IsRunningWithVFS1()); + // S_IFIFO should be ignored. + ASSERT_NO_ERRNO(MqOpen(O_RDWR | O_CREAT | O_EXCL, 0777 | S_IFIFO, nullptr)); } // Test mq_open(2) after mq_unlink(2). |