diff options
author | Kevin Krakauer <krakauer@google.com> | 2019-11-04 10:56:13 -0800 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2019-11-04 10:58:29 -0800 |
commit | 4fdd69d681bb3abb68a043377a2fb0ec8a031d54 (patch) | |
tree | a9f8e172d4c0692e364a240e8ce6d9de7b0a3ec8 /pkg/sentry | |
parent | b23b36e701c40827065217f4652a51eebc5f9913 (diff) |
Check that a file is a regular file with open(O_TRUNC).
It was possible to panic the sentry by opening a cache revalidating folder with
O_TRUNC|O_CREAT.
PiperOrigin-RevId: 278417533
Diffstat (limited to 'pkg/sentry')
-rw-r--r-- | pkg/sentry/fs/inode_operations.go | 2 | ||||
-rw-r--r-- | pkg/sentry/syscalls/linux/sys_file.go | 8 |
2 files changed, 6 insertions, 4 deletions
diff --git a/pkg/sentry/fs/inode_operations.go b/pkg/sentry/fs/inode_operations.go index 5cde9d215..d6c35c2dc 100644 --- a/pkg/sentry/fs/inode_operations.go +++ b/pkg/sentry/fs/inode_operations.go @@ -221,6 +221,8 @@ type InodeOperations interface { // sys_ftruncate. // // Implementations need not check that length >= 0. + // + // Truncate must only be called on regular files. Truncate(ctx context.Context, inode *Inode, size int64) error // Allocate allows the caller to reserve disk space for the inode. diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go index b9a8e3e21..c9f57fe27 100644 --- a/pkg/sentry/syscalls/linux/sys_file.go +++ b/pkg/sentry/syscalls/linux/sys_file.go @@ -169,7 +169,7 @@ func openAt(t *kernel.Task, dirFD int32, addr usermem.Addr, flags uint) (fd uint if dirPath { return syserror.ENOTDIR } - if flags&linux.O_TRUNC != 0 { + if flags&linux.O_TRUNC != 0 && fs.IsRegular(d.Inode.StableAttr) { if err := d.Inode.Truncate(t, d, 0); err != nil { return err } @@ -397,7 +397,7 @@ func createAt(t *kernel.Task, dirFD int32, addr usermem.Addr, flags uint, mode l } // Should we truncate the file? - if flags&linux.O_TRUNC != 0 { + if flags&linux.O_TRUNC != 0 && fs.IsRegular(found.Inode.StableAttr) { if err := found.Inode.Truncate(t, found, 0); err != nil { return err } @@ -1483,7 +1483,7 @@ func Truncate(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc if fs.IsDir(d.Inode.StableAttr) { return syserror.EISDIR } - if !fs.IsFile(d.Inode.StableAttr) { + if !fs.IsRegular(d.Inode.StableAttr) { return syserror.EINVAL } @@ -1523,7 +1523,7 @@ func Ftruncate(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys // Note that this is different from truncate(2) above, where a // directory returns EISDIR. - if !fs.IsFile(file.Dirent.Inode.StableAttr) { + if !fs.IsRegular(file.Dirent.Inode.StableAttr) { return 0, nil, syserror.EINVAL } |