summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/fsimpl/verity
AgeCommit message (Collapse)Author
2021-04-30Do not return content if verity translate failsChong Cai
If verification fails for translating mmapped memory, the content should not be returned. This is not an issue for panic mode, but for error mode we should return empty content along with the error. PiperOrigin-RevId: 371393519
2021-04-29Remove outdated TODOs in verityChong Cai
PiperOrigin-RevId: 371198372
2021-04-19Change verity action to be a fs memberChong Cai
Currently the verity action is a global variable, which causes the same action for all verity mounts, and is overwritten for each new verity mount. Changed it to a member of verity fs. PiperOrigin-RevId: 369348522
2021-04-12Add DecRef for verity FDs that were missingChong Cai
Some FileDescriptions in verity fs were opened but DecRef() were missing after used. This could result in a ref leak. PiperOrigin-RevId: 368096759
2021-04-09Return integrity failure only if enabledChong Cai
If the parent is not enabled in verity stepLocked(), failure to find the child dentry could just mean an incorrect path. PiperOrigin-RevId: 367733412
2021-04-08Set root dentry and hash for verity before verifyChong Cai
Set root dentry and root hash in verity fs before we verify the root directory if a root hash is provided. These are used during verification. PiperOrigin-RevId: 367547346
2021-04-08Set parent after child is verifiedChong Cai
We should only set parent after child is verified. Also, if the parent is set before verified, destroyLocked() will try to grab parent.dirMu, which may cause deadlock. PiperOrigin-RevId: 367543655
2021-04-05Allow user mount for verity fsChong Cai
Allow user mounting a verity fs on an existing mount by specifying mount flags root_hash and lower_path. PiperOrigin-RevId: 366843846
2021-04-02Internal change.gVisor bot
PiperOrigin-RevId: 366462448
2021-03-29[syserror] Split usermem packageZach Koopmans
Split usermem package to help remove syserror dependency in go_marshal. New hostarch package contains code not dependent on syserror. PiperOrigin-RevId: 365651233
2021-03-11Clear Merkle tree files in RuntimeEnable modeChong Cai
The Merkle tree files need to be cleared before enabling to avoid redundant content. PiperOrigin-RevId: 362409591
2021-03-11Report filesystem-specific mount options.Rahat Mahmood
PiperOrigin-RevId: 362406813
2021-03-05Implement IterDirent in verity fsChong Cai
PiperOrigin-RevId: 361196154
2021-02-11Internal change.gVisor bot
PiperOrigin-RevId: 357090170
2021-01-22Implement F_GETLK fcntl.Dean Deng
Fixes #5113. PiperOrigin-RevId: 353313374
2021-01-20Don't use task goroutine context in fsimpl tests.Jamie Liu
PiperOrigin-RevId: 352908368
2021-01-20Move Lock/UnlockPOSIX into LockFD util.Dean Deng
PiperOrigin-RevId: 352904728
2020-12-17Set verityMu to be state nosaveChong Cai
PiperOrigin-RevId: 348092999
2020-12-15Change violation mode to an enumChong Cai
PiperOrigin-RevId: 347706953
2020-12-15Internal change.gVisor bot
PiperOrigin-RevId: 347671070
2020-12-11Internal change.gVisor bot
PiperOrigin-RevId: 347091372
2020-12-10Change merkle root file name to avoid collisionChong Cai
PiperOrigin-RevId: 346923826
2020-12-02Remove FileReadWriteSeeker from vfs.Jamie Liu
Previous experience has shown that these types of wrappers tends to create two kinds of problems: hidden allocations (e.g. each call to FileReadWriteSeeker.Read/Write allocates a usermem.BytesIO on the heap) and hidden lock ordering problems (e.g. VFS1 splice deadlocks). Since this is only needed by fsimpl/verity, move it there. PiperOrigin-RevId: 345377830
2020-12-02Clean up verity tests.Dean Deng
Refactor some utilities and rename some others for clarity. PiperOrigin-RevId: 345247836
2020-11-24Remove outdated TODO.Dean Deng
The bug has been fixed. PiperOrigin-RevId: 344088206
2020-11-20Refactor verity test for readabilityChong Cai
1. Add getD/getDentry methods to avoid long casting line in each test 2. Factor all calls to vfs.OpenAt/UnlinkAt/RenameAt on lower filesystem to their own method (for both lower file and lower Merkle file) so the tests are more readable 3. Add descriptive test names for delete/remove tests PiperOrigin-RevId: 343540202
2020-11-17Add consistent precondition formatting for verityChong Cai
Also add the lock order for verity fs, and add a lock to protect dentry hash. PiperOrigin-RevId: 342946537
2020-11-12Add children names into verity hashChong Cai
children names map can be used to verify whether a child is expected during walking, so that we can detect unexpected modifications that deleted/renamed both the target file and the corresponding merkle tree file. PiperOrigin-RevId: 342170715
2020-11-09Initialize references with a value of 1.Dean Deng
This lets us avoid treating a value of 0 as one reference. All references using the refsvfs2 template must call InitRefs() before the reference is incremented/decremented, or else a panic will occur. Therefore, it should be pretty easy to identify missing InitRef calls during testing. Updates #1486. PiperOrigin-RevId: 341411151
2020-11-02Pass hashing algorithms in verity fs optsChong Cai
PiperOrigin-RevId: 340275942
2020-10-28Add logging option to leak checker.Dean Deng
Also refactor the template and CheckedObject interface to make this cleaner. Updates #1486. PiperOrigin-RevId: 339577120
2020-10-27Add SHA512 to merkle tree libraryChong Cai
PiperOrigin-RevId: 339377254
2020-10-26Add verity tests for deleted/renamed casesChong Cai
Also change verity test to use a context with an active task. This is required to delete/rename the file in the underlying file system. PiperOrigin-RevId: 339146445
2020-10-24Implement Seek in verity fsChong Cai
PiperOrigin-RevId: 338847417
2020-10-24Add leak checking to vfs2 structures that cannot use the refs_vfs2 template.Dean Deng
Updates #1486. PiperOrigin-RevId: 338832085
2020-10-23Internal change.Chong Cai
PiperOrigin-RevId: 338798433
2020-10-23Implement Read in gvisor verity fsChong Cai
Read is implemented by PRead, with offset obtained from Seek. PiperOrigin-RevId: 338718587
2020-10-23Check for verity file/Merkle file when reopenChong Cai
Even if the child dentry has been cached, we should still check whether the file and the corresponding Merkle tree file exist as expected. This ensures that we can detect deletion/renaming of files that have been previous enabled and opened. Also make all verification failures to return EIO. This helps to test verify failures. PiperOrigin-RevId: 338709055
2020-10-15Change verity isEnable to be a member of dentryChong Cai
PiperOrigin-RevId: 337384146
2020-10-13[vfs2] Don't take reference in Task.MountNamespaceVFS2 and MountNamespace.Root.Dean Deng
This fixes reference leaks related to accidentally forgetting to DecRef() after calling one or the other. PiperOrigin-RevId: 336918922
2020-10-13[vfs2] Add FilesystemType.Release to avoid reference leaks.Dean Deng
Singleton filesystem like devpts and devtmpfs have a single filesystem shared among all mounts, so they acquire a "self-reference" when initialized that must be released when the entire virtual filesystem is released at sandbox exit. PiperOrigin-RevId: 336828852
2020-10-12Change verity mu to be per file systemChong Cai
verity Mu should be per file system instead of global, so that enabling and verifying in different file systems won't block each other. Also Lock verity Mu in PRead. PiperOrigin-RevId: 336779356
2020-10-12Change Merkle tree library to use ReaderAtChong Cai
Merkle tree library was originally using Read/Seek to access data and tree, since the parameters are io.ReadSeeker. This could cause race conditions if multiple threads accesses the same fd to read. Here we change to use ReaderAt, and implement it with PRead to make it thread safe. PiperOrigin-RevId: 336779260
2020-10-09Include stat in Verity hashChong Cai
PiperOrigin-RevId: 336395445
2020-10-01Add a verity test for modified parent Merkle fileChong Cai
When a child's root hash or its Merkle path is modified in its parent's Merkle tree file, opening the file should fail, provided the directory is verity enabled. The test for this behavior is added. PiperOrigin-RevId: 334963690
2020-09-30Implement ioctl with measure in verity fsChong Cai
PiperOrigin-RevId: 334682753
2020-09-30Internal change.Chong Cai
PiperOrigin-RevId: 334678513
2020-09-30Add verity fs testsChong Cai
The tests confirms that when a file is opened in verity, the corresponding Merkle trees are generated. Also a normal read succeeds on verity enabled files, but fails if either the verity file or the Merkle tree file is modified. PiperOrigin-RevId: 334640331
2020-09-24Add basic stateify annotations.Adin Scannell
Updates #1663 PiperOrigin-RevId: 333539293
2020-09-23Let underlying fs handle LockFD in verity fsChong Cai
PiperOrigin-RevId: 333412836