Don't allow rename across different gofer or tmpfs mounts.

Fixes #2651.

PiperOrigin-RevId: 311193661

2 files changed, 16 insertions, 19 deletions

diff --git a/pkg/sentry/fs/gofer/path.go b/pkg/sentry/fs/gofer/path.go
index a35c3a23d..cf9800100 100644
--- a/pkg/sentry/fs/gofer/path.go
+++ b/pkg/sentry/fs/gofer/path.go
@@ -16,7 +16,6 @@ package gofer
 
 import (
 	"fmt"
-	"syscall"
 
 	"gvisor.dev/gvisor/pkg/context"
 	"gvisor.dev/gvisor/pkg/log"
@@ -68,7 +67,7 @@ func (i *inodeOperations) Lookup(ctx context.Context, dir *fs.Inode, name string
 	// Get a p9.File for name.
 	qids, newFile, mask, p9attr, err := i.fileState.file.walkGetAttr(ctx, []string{name})
 	if err != nil {
-		if err == syscall.ENOENT {
+		if err == syserror.ENOENT {
 			if cp.cacheNegativeDirents() {
 				// Return a negative Dirent. It will stay cached until something
 				// is created over it.
@@ -207,7 +206,7 @@ func (i *inodeOperations) CreateHardLink(ctx context.Context, inode *fs.Inode, t
 
 	targetOpts, ok := target.InodeOperations.(*inodeOperations)
 	if !ok {
-		return syscall.EXDEV
+		return syserror.EXDEV
 	}
 
 	if err := i.fileState.file.link(ctx, &targetOpts.fileState.file, newName); err != nil {
@@ -251,7 +250,7 @@ func (i *inodeOperations) Bind(ctx context.Context, dir *fs.Inode, name string,
 	}
 
 	if i.session().overrides == nil {
-		return nil, syscall.EOPNOTSUPP
+		return nil, syserror.EOPNOTSUPP
 	}
 
 	// Stabilize the override map while creation is in progress.
@@ -280,7 +279,7 @@ func (i *inodeOperations) CreateFifo(ctx context.Context, dir *fs.Inode, name st
 
 	// N.B. FIFOs use major/minor numbers 0.
 	if _, err := i.fileState.file.mknod(ctx, name, mode, 0, 0, p9.UID(owner.UID), p9.GID(owner.GID)); err != nil {
-		if i.session().overrides == nil || err != syscall.EPERM {
+		if i.session().overrides == nil || err != syserror.EPERM {
 			return err
 		}
 		// If gofer doesn't support mknod, check if we can create an internal fifo.
@@ -427,17 +426,16 @@ func (i *inodeOperations) Rename(ctx context.Context, inode *fs.Inode, oldParent
 		return syserror.ENAMETOOLONG
 	}
 
-	// Unwrap the new parent to a *inodeOperations.
-	newParentInodeOperations, ok := newParent.InodeOperations.(*inodeOperations)
-	if !ok {
-		return syscall.EXDEV
+	// Don't allow renames across different mounts.
+	if newParent.MountSource != oldParent.MountSource {
+		return syserror.EXDEV
 	}
 
+	// Unwrap the new parent to a *inodeOperations.
+	newParentInodeOperations := newParent.InodeOperations.(*inodeOperations)
+
 	// Unwrap the old parent to a *inodeOperations.
-	oldParentInodeOperations, ok := oldParent.InodeOperations.(*inodeOperations)
-	if !ok {
-		return syscall.EXDEV
-	}
+	oldParentInodeOperations := oldParent.InodeOperations.(*inodeOperations)
 
 	// Do the rename.
 	if err := i.fileState.file.rename(ctx, newParentInodeOperations.fileState.file, newName); err != nil {
diff --git a/pkg/sentry/fs/tmpfs/tmpfs.go b/pkg/sentry/fs/tmpfs/tmpfs.go
index 3c2b583ae..b095312fe 100644
--- a/pkg/sentry/fs/tmpfs/tmpfs.go
+++ b/pkg/sentry/fs/tmpfs/tmpfs.go
@@ -39,14 +39,13 @@ var fsInfo = fs.Info{
 
 // rename implements fs.InodeOperations.Rename for tmpfs nodes.
 func rename(ctx context.Context, oldParent *fs.Inode, oldName string, newParent *fs.Inode, newName string, replacement bool) error {
-	op, ok := oldParent.InodeOperations.(*Dir)
-	if !ok {
-		return syserror.EXDEV
-	}
-	np, ok := newParent.InodeOperations.(*Dir)
-	if !ok {
+	// Don't allow renames across different mounts.
+	if newParent.MountSource != oldParent.MountSource {
 		return syserror.EXDEV
 	}
+
+	op := oldParent.InodeOperations.(*Dir)
+	np := newParent.InodeOperations.(*Dir)
 	return ramfs.Rename(ctx, op.ramfsDir, oldName, np.ramfsDir, newName, replacement)
 }