summaryrefslogtreecommitdiffhomepage
path: root/pkg
diff options
context:
space:
mode:
authorMichael Pratt <mpratt@google.com>2018-09-28 11:02:11 -0700
committerShentubot <shentubot@google.com>2018-09-28 11:03:11 -0700
commit3ff24b4f2c6d5a7a872a744150bbfca795afdbfc (patch)
tree7a0d0dab3632048058c3e05fd59383e39b17c15e /pkg
parentc17ea8c6e20f58510b063f064d45608792a014e4 (diff)
Require AF_UNIX sockets from the gofer
host.endpoint already has the check, but it is missing from host.ConnectedEndpoint. PiperOrigin-RevId: 214962762 Change-Id: I88bb13a5c5871775e4e7bf2608433df8a3d348e6
Diffstat (limited to 'pkg')
-rw-r--r--pkg/sentry/fs/gofer/socket.go3
-rw-r--r--pkg/sentry/fs/host/socket.go22
2 files changed, 20 insertions, 5 deletions
diff --git a/pkg/sentry/fs/gofer/socket.go b/pkg/sentry/fs/gofer/socket.go
index 8628b9c69..0190bc006 100644
--- a/pkg/sentry/fs/gofer/socket.go
+++ b/pkg/sentry/fs/gofer/socket.go
@@ -15,6 +15,7 @@
package gofer
import (
+ "gvisor.googlesource.com/gvisor/pkg/log"
"gvisor.googlesource.com/gvisor/pkg/p9"
"gvisor.googlesource.com/gvisor/pkg/sentry/fs"
"gvisor.googlesource.com/gvisor/pkg/sentry/fs/host"
@@ -101,6 +102,7 @@ func (e *endpoint) BidirectionalConnect(ce unix.ConnectingEndpoint, returnConnec
c, terr := host.NewConnectedEndpoint(hostFile, ce.WaiterQueue(), e.path)
if terr != nil {
ce.Unlock()
+ log.Warningf("Gofer returned invalid host socket for BidirectionalConnect; file %+v flags %+v: %v", e.file, cf, terr)
return terr
}
@@ -120,6 +122,7 @@ func (e *endpoint) UnidirectionalConnect() (unix.ConnectedEndpoint, *tcpip.Error
c, terr := host.NewConnectedEndpoint(hostFile, &waiter.Queue{}, e.path)
if terr != nil {
+ log.Warningf("Gofer returned invalid host socket for UnidirectionalConnect; file %+v: %v", e.file, terr)
return nil, terr
}
c.Init()
diff --git a/pkg/sentry/fs/host/socket.go b/pkg/sentry/fs/host/socket.go
index 4ace71c3e..e11772946 100644
--- a/pkg/sentry/fs/host/socket.go
+++ b/pkg/sentry/fs/host/socket.go
@@ -35,6 +35,8 @@ import (
// endpoint encapsulates the state needed to represent a host Unix socket.
//
+// TODO: Remove/merge with ConnectedEndpoint.
+//
// +stateify savable
type endpoint struct {
queue waiter.Queue `state:"zerovalue"`
@@ -288,13 +290,23 @@ func recvMsg(fd int, data [][]byte, numRights uintptr, peek bool, addr *tcpip.Fu
return rl, ml, control.New(nil, nil, newSCMRights(fds)), nil
}
-// NewConnectedEndpoint creates a new ConnectedEndpoint backed by
-// a host FD that will pretend to be bound at a given sentry path.
+// NewConnectedEndpoint creates a new ConnectedEndpoint backed by a host FD
+// that will pretend to be bound at a given sentry path.
//
-// The caller is responsible for calling Init(). Additionaly, Release needs
-// to be called twice because host.ConnectedEndpoint is both a
-// unix.Receiver and unix.ConnectedEndpoint.
+// The caller is responsible for calling Init(). Additionaly, Release needs to
+// be called twice because host.ConnectedEndpoint is both a unix.Receiver and
+// unix.ConnectedEndpoint.
func NewConnectedEndpoint(file *fd.FD, queue *waiter.Queue, path string) (*ConnectedEndpoint, *tcpip.Error) {
+ family, err := syscall.GetsockoptInt(file.FD(), syscall.SOL_SOCKET, syscall.SO_DOMAIN)
+ if err != nil {
+ return nil, translateError(err)
+ }
+
+ if family != syscall.AF_UNIX {
+ // We only allow Unix sockets.
+ return nil, tcpip.ErrInvalidEndpointState
+ }
+
e := &ConnectedEndpoint{path: path, queue: queue, file: file}
// AtomicRefCounters start off with a single reference. We need two.