diff options
Diffstat (limited to 'pkg/sentry')
-rw-r--r-- | pkg/sentry/vfs/resolving_path.go | 57 | ||||
-rw-r--r-- | pkg/sentry/vfs/vfs.go | 1 | ||||
-rw-r--r-- | pkg/sentry/vfs/vfs_state_autogen.go | 40 |
3 files changed, 24 insertions, 74 deletions
diff --git a/pkg/sentry/vfs/resolving_path.go b/pkg/sentry/vfs/resolving_path.go index 634c8b097..97b898aba 100644 --- a/pkg/sentry/vfs/resolving_path.go +++ b/pkg/sentry/vfs/resolving_path.go @@ -44,13 +44,10 @@ type ResolvingPath struct { start *Dentry pit fspath.Iterator - flags uint16 - mustBeDir bool // final file must be a directory? - mustBeDirOrig bool - symlinks uint8 // number of symlinks traversed - symlinksOrig uint8 - curPart uint8 // index into parts - numOrigParts uint8 + flags uint16 + mustBeDir bool // final file must be a directory? + symlinks uint8 // number of symlinks traversed + curPart uint8 // index into parts creds *auth.Credentials @@ -60,14 +57,9 @@ type ResolvingPath struct { nextStart *Dentry // ref held if not nil absSymlinkTarget fspath.Path - // ResolvingPath must track up to two relative paths: the "current" - // relative path, which is updated whenever a relative symlink is - // encountered, and the "original" relative path, which is updated from the - // current relative path by handleError() when resolution must change - // filesystems (due to reaching a mount boundary or absolute symlink) and - // overwrites the current relative path when Restart() is called. - parts [1 + linux.MaxSymlinkTraversals]fspath.Iterator - origParts [1 + linux.MaxSymlinkTraversals]fspath.Iterator + // ResolvingPath tracks relative paths, which is updated whenever a relative + // symlink is encountered. + parts [1 + linux.MaxSymlinkTraversals]fspath.Iterator } const ( @@ -134,13 +126,10 @@ func (vfs *VirtualFilesystem) getResolvingPath(creds *auth.Credentials, pop *Pat rp.flags |= rpflagsFollowFinalSymlink } rp.mustBeDir = pop.Path.Dir - rp.mustBeDirOrig = pop.Path.Dir rp.symlinks = 0 rp.curPart = 0 - rp.numOrigParts = 1 rp.creds = creds rp.parts[0] = pop.Path.Begin - rp.origParts[0] = pop.Path.Begin return rp } @@ -265,25 +254,6 @@ func (rp *ResolvingPath) Advance() { } } -// Restart resets the stream of path components represented by rp to its state -// on entry to the current FilesystemImpl method. -func (rp *ResolvingPath) Restart(ctx context.Context) { - rp.pit = rp.origParts[rp.numOrigParts-1] - rp.mustBeDir = rp.mustBeDirOrig - rp.symlinks = rp.symlinksOrig - rp.curPart = rp.numOrigParts - 1 - copy(rp.parts[:], rp.origParts[:rp.numOrigParts]) - rp.releaseErrorState(ctx) -} - -func (rp *ResolvingPath) relpathCommit() { - rp.mustBeDirOrig = rp.mustBeDir - rp.symlinksOrig = rp.symlinks - rp.numOrigParts = rp.curPart + 1 - copy(rp.origParts[:rp.curPart], rp.parts[:]) - rp.origParts[rp.curPart] = rp.pit -} - // CheckRoot is called before resolving the parent of the Dentry d. If the // Dentry is contextually a VFS root, such that path resolution should treat // d's parent as itself, CheckRoot returns (true, nil). If the Dentry is the @@ -430,11 +400,10 @@ func (rp *ResolvingPath) handleError(ctx context.Context, err error) bool { rp.flags |= rpflagsHaveMountRef | rpflagsHaveStartRef rp.nextMount = nil rp.nextStart = nil - // Commit the previous FileystemImpl's progress through the relative - // path. (Don't consume the path component that caused us to traverse + // Don't consume the path component that caused us to traverse // through the mount root - i.e. the ".." - because we still need to - // resolve the mount point's parent in the new FilesystemImpl.) - rp.relpathCommit() + // resolve the mount point's parent in the new FilesystemImpl. + // // Restart path resolution on the new Mount. Don't bother calling // rp.releaseErrorState() since we already set nextMount and nextStart // to nil above. @@ -450,9 +419,6 @@ func (rp *ResolvingPath) handleError(ctx context.Context, err error) bool { rp.nextMount = nil // Consume the path component that represented the mount point. rp.Advance() - // Commit the previous FilesystemImpl's progress through the relative - // path. - rp.relpathCommit() // Restart path resolution on the new Mount. rp.releaseErrorState(ctx) return true @@ -467,9 +433,6 @@ func (rp *ResolvingPath) handleError(ctx context.Context, err error) bool { rp.Advance() // Prepend the symlink target to the relative path. rp.relpathPrepend(rp.absSymlinkTarget) - // Commit the previous FilesystemImpl's progress through the relative - // path, including the symlink target we just prepended. - rp.relpathCommit() // Restart path resolution on the new Mount. rp.releaseErrorState(ctx) return true diff --git a/pkg/sentry/vfs/vfs.go b/pkg/sentry/vfs/vfs.go index 8b392232a..87fdcf403 100644 --- a/pkg/sentry/vfs/vfs.go +++ b/pkg/sentry/vfs/vfs.go @@ -425,7 +425,6 @@ func (vfs *VirtualFilesystem) OpenAt(ctx context.Context, creds *auth.Credential rp := vfs.getResolvingPath(creds, pop) if opts.Flags&linux.O_DIRECTORY != 0 { rp.mustBeDir = true - rp.mustBeDirOrig = true } // Ignore O_PATH for verity, as verity performs extra operations on the fd for verification. // The underlying filesystem that verity wraps opens the fd with O_PATH. diff --git a/pkg/sentry/vfs/vfs_state_autogen.go b/pkg/sentry/vfs/vfs_state_autogen.go index 206d55ee3..16f85d9d3 100644 --- a/pkg/sentry/vfs/vfs_state_autogen.go +++ b/pkg/sentry/vfs/vfs_state_autogen.go @@ -1733,17 +1733,13 @@ func (rp *ResolvingPath) StateFields() []string { "pit", "flags", "mustBeDir", - "mustBeDirOrig", "symlinks", - "symlinksOrig", "curPart", - "numOrigParts", "creds", "nextMount", "nextStart", "absSymlinkTarget", "parts", - "origParts", } } @@ -1759,17 +1755,13 @@ func (rp *ResolvingPath) StateSave(stateSinkObject state.Sink) { stateSinkObject.Save(4, &rp.pit) stateSinkObject.Save(5, &rp.flags) stateSinkObject.Save(6, &rp.mustBeDir) - stateSinkObject.Save(7, &rp.mustBeDirOrig) - stateSinkObject.Save(8, &rp.symlinks) - stateSinkObject.Save(9, &rp.symlinksOrig) - stateSinkObject.Save(10, &rp.curPart) - stateSinkObject.Save(11, &rp.numOrigParts) - stateSinkObject.Save(12, &rp.creds) - stateSinkObject.Save(13, &rp.nextMount) - stateSinkObject.Save(14, &rp.nextStart) - stateSinkObject.Save(15, &rp.absSymlinkTarget) - stateSinkObject.Save(16, &rp.parts) - stateSinkObject.Save(17, &rp.origParts) + stateSinkObject.Save(7, &rp.symlinks) + stateSinkObject.Save(8, &rp.curPart) + stateSinkObject.Save(9, &rp.creds) + stateSinkObject.Save(10, &rp.nextMount) + stateSinkObject.Save(11, &rp.nextStart) + stateSinkObject.Save(12, &rp.absSymlinkTarget) + stateSinkObject.Save(13, &rp.parts) } func (rp *ResolvingPath) afterLoad() {} @@ -1783,17 +1775,13 @@ func (rp *ResolvingPath) StateLoad(stateSourceObject state.Source) { stateSourceObject.Load(4, &rp.pit) stateSourceObject.Load(5, &rp.flags) stateSourceObject.Load(6, &rp.mustBeDir) - stateSourceObject.Load(7, &rp.mustBeDirOrig) - stateSourceObject.Load(8, &rp.symlinks) - stateSourceObject.Load(9, &rp.symlinksOrig) - stateSourceObject.Load(10, &rp.curPart) - stateSourceObject.Load(11, &rp.numOrigParts) - stateSourceObject.Load(12, &rp.creds) - stateSourceObject.Load(13, &rp.nextMount) - stateSourceObject.Load(14, &rp.nextStart) - stateSourceObject.Load(15, &rp.absSymlinkTarget) - stateSourceObject.Load(16, &rp.parts) - stateSourceObject.Load(17, &rp.origParts) + stateSourceObject.Load(7, &rp.symlinks) + stateSourceObject.Load(8, &rp.curPart) + stateSourceObject.Load(9, &rp.creds) + stateSourceObject.Load(10, &rp.nextMount) + stateSourceObject.Load(11, &rp.nextStart) + stateSourceObject.Load(12, &rp.absSymlinkTarget) + stateSourceObject.Load(13, &rp.parts) } func (r *resolveMountRootOrJumpError) StateTypeName() string { |