Add check for both child and childMerkle ENOENT

The check in verity walk returns error for non ENOENT cases, and all ENOENT results should be checked. This case was missing. PiperOrigin-RevId: 330604771
author: gVisor bot <gvisor-bot@google.com> 2020-09-08 15:54:22 -0700
committer: Andrei Vagin <avagin@gmail.com> 2020-09-09 17:53:10 -0700
commit: 6b2ba821c791ab1713cada80d9b722496224f663 (patch)
tree: ed8e04a167e92727df203439545b930300917759 /pkg
parent: 0170be90f67b4dc075710d1cd82ccd8d3ac9156a (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/sentry/fsimpl/verity/filesystem.go b/pkg/sentry/fsimpl/verity/filesystem.go
index e944fd5d2..2cf0a38c9 100644
--- a/pkg/sentry/fsimpl/verity/filesystem.go
+++ b/pkg/sentry/fsimpl/verity/filesystem.go
@@ -414,6 +414,14 @@ func (fs *filesystem) lookupAndVerifyLocked(ctx context.Context, parent *dentry,
 			}
 			panic(fmt.Sprintf("Expected Merkle file for target %s but none found", parentPath+"/"+name))
 		}
+	} else if childErr == syserror.ENOENT && childMerkleErr == syserror.ENOENT {
+		// Both the child and the corresponding Merkle tree are missing.
+		// This could be an unexpected modification or due to incorrect
+		// parameter.
+		// TODO(b/167752508): Investigate possible ways to differentiate
+		// cases that both files are deleted from cases that they never
+		// exist in the file system.
+		panic(fmt.Sprintf("Failed to find file %s", parentPath+"/"+name))
 	}
 
 	mask := uint32(linux.STATX_TYPE | linux.STATX_MODE | linux.STATX_UID | linux.STATX_GID)
author	gVisor bot <gvisor-bot@google.com>	2020-09-08 15:54:22 -0700
committer	Andrei Vagin <avagin@gmail.com>	2020-09-09 17:53:10 -0700
commit	6b2ba821c791ab1713cada80d9b722496224f663 (patch)
tree	ed8e04a167e92727df203439545b930300917759 /pkg
parent	0170be90f67b4dc075710d1cd82ccd8d3ac9156a (diff)