diff options
Diffstat (limited to 'pkg/sentry')
-rw-r--r-- | pkg/sentry/kernel/fd_map.go | 6 | ||||
-rw-r--r-- | pkg/sentry/syscalls/linux/flags.go | 14 | ||||
-rw-r--r-- | pkg/sentry/syscalls/linux/sys_file.go | 32 | ||||
-rw-r--r-- | pkg/sentry/syscalls/linux/sys_pipe.go | 7 |
4 files changed, 28 insertions, 31 deletions
diff --git a/pkg/sentry/kernel/fd_map.go b/pkg/sentry/kernel/fd_map.go index d5d4aaacb..cad0b0a20 100644 --- a/pkg/sentry/kernel/fd_map.go +++ b/pkg/sentry/kernel/fd_map.go @@ -53,7 +53,8 @@ type FDFlags struct { CloseOnExec bool } -// ToLinuxFileFlags converts a kernel.FDFlags object to a Linux file flags representation. +// ToLinuxFileFlags converts a kernel.FDFlags object to a Linux file flags +// representation. func (f FDFlags) ToLinuxFileFlags() (mask uint) { if f.CloseOnExec { mask |= linux.O_CLOEXEC @@ -61,7 +62,8 @@ func (f FDFlags) ToLinuxFileFlags() (mask uint) { return } -// ToLinuxFDFlags converts a kernel.FDFlags object to a Linux descriptor flags representation. +// ToLinuxFDFlags converts a kernel.FDFlags object to a Linux descriptor flags +// representation. func (f FDFlags) ToLinuxFDFlags() (mask uint) { if f.CloseOnExec { mask |= linux.FD_CLOEXEC diff --git a/pkg/sentry/syscalls/linux/flags.go b/pkg/sentry/syscalls/linux/flags.go index e8db3e0de..f01483cd3 100644 --- a/pkg/sentry/syscalls/linux/flags.go +++ b/pkg/sentry/syscalls/linux/flags.go @@ -34,8 +34,8 @@ func flagsToPermissions(mask uint) (p fs.PermMask) { return } -// linuxToFlags converts linux file flags to a FileFlags object. -func linuxToFlags(mask uint) (flags fs.FileFlags) { +// linuxToFlags converts Linux file flags to a FileFlags object. +func linuxToFlags(mask uint) fs.FileFlags { return fs.FileFlags{ Direct: mask&linux.O_DIRECT != 0, Sync: mask&linux.O_SYNC != 0, @@ -48,13 +48,3 @@ func linuxToFlags(mask uint) (flags fs.FileFlags) { LargeFile: mask&linux.O_LARGEFILE != 0, } } - -// linuxToSettableFlags converts linux file flags to a SettableFileFlags object. -func linuxToSettableFlags(mask uint) fs.SettableFileFlags { - return fs.SettableFileFlags{ - Direct: mask&linux.O_DIRECT != 0, - NonBlocking: mask&linux.O_NONBLOCK != 0, - Append: mask&linux.O_APPEND != 0, - Async: mask&linux.O_ASYNC != 0, - } -} diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go index 94b7ac7a5..2cf429f5c 100644 --- a/pkg/sentry/syscalls/linux/sys_file.go +++ b/pkg/sentry/syscalls/linux/sys_file.go @@ -164,7 +164,7 @@ func openAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint) (fd u if dirPath { return syserror.ENOTDIR } - if fileFlags.Write && flags&syscall.O_TRUNC != 0 { + if fileFlags.Write && flags&linux.O_TRUNC != 0 { if err := d.Inode.Truncate(t, d, 0); err != nil { return err } @@ -178,7 +178,7 @@ func openAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint) (fd u defer file.DecRef() // Success. - fdFlags := kernel.FDFlags{CloseOnExec: flags&syscall.O_CLOEXEC != 0} + fdFlags := kernel.FDFlags{CloseOnExec: flags&linux.O_CLOEXEC != 0} newFD, err := t.FDMap().NewFDFrom(0, file, fdFlags, t.ThreadGroup().Limits()) if err != nil { return err @@ -302,6 +302,10 @@ func createAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint, mod return syserror.ENOTDIR } + fileFlags := linuxToFlags(flags) + // Linux always adds the O_LARGEFILE flag when running in 64-bit mode. + fileFlags.LargeFile = true + // Does this file exist already? targetDirent, err := t.MountNamespace().FindInode(t, root, d, name, linux.MaxSymlinkTraversals) var newFile *fs.File @@ -311,7 +315,7 @@ func createAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint, mod defer targetDirent.DecRef() // Check if we wanted to create. - if flags&syscall.O_EXCL != 0 { + if flags&linux.O_EXCL != 0 { return syserror.EEXIST } @@ -323,14 +327,14 @@ func createAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint, mod } // Should we truncate the file? - if flags&syscall.O_TRUNC != 0 { + if flags&linux.O_TRUNC != 0 { if err := targetDirent.Inode.Truncate(t, targetDirent, 0); err != nil { return err } } // Create a new fs.File. - newFile, err = targetDirent.Inode.GetFile(t, targetDirent, linuxToFlags(flags)) + newFile, err = targetDirent.Inode.GetFile(t, targetDirent, fileFlags) if err != nil { return syserror.ConvertIntr(err, kernel.ERESTARTSYS) } @@ -346,7 +350,7 @@ func createAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint, mod // Attempt a creation. perms := fs.FilePermsFromMode(mode &^ linux.FileMode(t.FSContext().Umask())) - newFile, err = d.Create(t, root, name, linuxToFlags(flags), perms) + newFile, err = d.Create(t, root, name, fileFlags, perms) if err != nil { // No luck, bail. return err @@ -356,7 +360,7 @@ func createAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint, mod } // Success. - fdFlags := kernel.FDFlags{CloseOnExec: flags&syscall.O_CLOEXEC != 0} + fdFlags := kernel.FDFlags{CloseOnExec: flags&linux.O_CLOEXEC != 0} newFD, err := t.FDMap().NewFDFrom(0, newFile, fdFlags, t.ThreadGroup().Limits()) if err != nil { return err @@ -380,7 +384,7 @@ func createAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint, mod func Open(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { addr := args[0].Pointer() flags := uint(args[1].Uint()) - if flags&syscall.O_CREAT != 0 { + if flags&linux.O_CREAT != 0 { mode := linux.FileMode(args[2].ModeT()) n, err := createAt(t, linux.AT_FDCWD, addr, flags, mode) return n, nil, err @@ -394,7 +398,7 @@ func Openat(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal dirFD := kdefs.FD(args[0].Int()) addr := args[1].Pointer() flags := uint(args[2].Uint()) - if flags&syscall.O_CREAT != 0 { + if flags&linux.O_CREAT != 0 { mode := linux.FileMode(args[3].ModeT()) n, err := createAt(t, dirFD, addr, flags, mode) return n, nil, err @@ -407,7 +411,7 @@ func Openat(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal func Creat(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { addr := args[0].Pointer() mode := linux.FileMode(args[1].ModeT()) - n, err := createAt(t, linux.AT_FDCWD, addr, syscall.O_WRONLY|syscall.O_TRUNC, mode) + n, err := createAt(t, linux.AT_FDCWD, addr, linux.O_WRONLY|linux.O_TRUNC, mode) return n, nil, err } @@ -747,7 +751,7 @@ func Dup3(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC } defer oldFile.DecRef() - err := t.FDMap().NewFDAt(newfd, oldFile, kernel.FDFlags{CloseOnExec: flags&syscall.O_CLOEXEC != 0}, t.ThreadGroup().Limits()) + err := t.FDMap().NewFDAt(newfd, oldFile, kernel.FDFlags{CloseOnExec: flags&linux.O_CLOEXEC != 0}, t.ThreadGroup().Limits()) if err != nil { return 0, nil, err } @@ -802,7 +806,7 @@ func Fcntl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall switch cmd { case linux.F_DUPFD, linux.F_DUPFD_CLOEXEC: from := kdefs.FD(args[2].Int()) - fdFlags := kernel.FDFlags{CloseOnExec: cmd == syscall.F_DUPFD_CLOEXEC} + fdFlags := kernel.FDFlags{CloseOnExec: cmd == linux.F_DUPFD_CLOEXEC} fd, err := t.FDMap().NewFDFrom(from, file, fdFlags, t.ThreadGroup().Limits()) if err != nil { return 0, nil, err @@ -813,13 +817,13 @@ func Fcntl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall case linux.F_SETFD: flags := args[2].Uint() t.FDMap().SetFlags(fd, kernel.FDFlags{ - CloseOnExec: flags&syscall.FD_CLOEXEC != 0, + CloseOnExec: flags&linux.FD_CLOEXEC != 0, }) case linux.F_GETFL: return uintptr(file.Flags().ToLinux()), nil, nil case linux.F_SETFL: flags := uint(args[2].Uint()) - file.SetFlags(linuxToSettableFlags(flags)) + file.SetFlags(linuxToFlags(flags).Settable()) case linux.F_SETLK, linux.F_SETLKW: // In Linux the file system can choose to provide lock operations for an inode. // Normally pipe and socket types lack lock operations. We diverge and use a heavy diff --git a/pkg/sentry/syscalls/linux/sys_pipe.go b/pkg/sentry/syscalls/linux/sys_pipe.go index 3efc06a27..2b544f145 100644 --- a/pkg/sentry/syscalls/linux/sys_pipe.go +++ b/pkg/sentry/syscalls/linux/sys_pipe.go @@ -17,6 +17,7 @@ package linux import ( "syscall" + "gvisor.googlesource.com/gvisor/pkg/abi/linux" "gvisor.googlesource.com/gvisor/pkg/sentry/arch" "gvisor.googlesource.com/gvisor/pkg/sentry/kernel" "gvisor.googlesource.com/gvisor/pkg/sentry/kernel/kdefs" @@ -26,7 +27,7 @@ import ( // pipe2 implements the actual system call with flags. func pipe2(t *kernel.Task, addr usermem.Addr, flags uint) (uintptr, error) { - if flags&^(syscall.O_NONBLOCK|syscall.O_CLOEXEC) != 0 { + if flags&^(linux.O_NONBLOCK|linux.O_CLOEXEC) != 0 { return 0, syscall.EINVAL } r, w := pipe.NewConnectedPipe(t, pipe.DefaultPipeSize, usermem.PageSize) @@ -38,14 +39,14 @@ func pipe2(t *kernel.Task, addr usermem.Addr, flags uint) (uintptr, error) { defer w.DecRef() rfd, err := t.FDMap().NewFDFrom(0, r, kernel.FDFlags{ - CloseOnExec: flags&syscall.O_CLOEXEC != 0}, + CloseOnExec: flags&linux.O_CLOEXEC != 0}, t.ThreadGroup().Limits()) if err != nil { return 0, err } wfd, err := t.FDMap().NewFDFrom(0, w, kernel.FDFlags{ - CloseOnExec: flags&syscall.O_CLOEXEC != 0}, + CloseOnExec: flags&linux.O_CLOEXEC != 0}, t.ThreadGroup().Limits()) if err != nil { t.FDMap().Remove(rfd) |