From a17d083f3b6a5dbd122144d731fdda088974c39c Mon Sep 17 00:00:00 2001 From: gVisor bot Date: Tue, 8 Sep 2020 15:54:22 -0700 Subject: Add check for both child and childMerkle ENOENT The check in verity walk returns error for non ENOENT cases, and all ENOENT results should be checked. This case was missing. PiperOrigin-RevId: 330604771 --- pkg/sentry/fsimpl/verity/filesystem.go | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'pkg/sentry/fsimpl') diff --git a/pkg/sentry/fsimpl/verity/filesystem.go b/pkg/sentry/fsimpl/verity/filesystem.go index e944fd5d2..2cf0a38c9 100644 --- a/pkg/sentry/fsimpl/verity/filesystem.go +++ b/pkg/sentry/fsimpl/verity/filesystem.go @@ -414,6 +414,14 @@ func (fs *filesystem) lookupAndVerifyLocked(ctx context.Context, parent *dentry, } panic(fmt.Sprintf("Expected Merkle file for target %s but none found", parentPath+"/"+name)) } + } else if childErr == syserror.ENOENT && childMerkleErr == syserror.ENOENT { + // Both the child and the corresponding Merkle tree are missing. + // This could be an unexpected modification or due to incorrect + // parameter. + // TODO(b/167752508): Investigate possible ways to differentiate + // cases that both files are deleted from cases that they never + // exist in the file system. + panic(fmt.Sprintf("Failed to find file %s", parentPath+"/"+name)) } mask := uint32(linux.STATX_TYPE | linux.STATX_MODE | linux.STATX_UID | linux.STATX_GID) -- cgit v1.2.3