From 4fdd69d681bb3abb68a043377a2fb0ec8a031d54 Mon Sep 17 00:00:00 2001 From: Kevin Krakauer Date: Mon, 4 Nov 2019 10:56:13 -0800 Subject: Check that a file is a regular file with open(O_TRUNC). It was possible to panic the sentry by opening a cache revalidating folder with O_TRUNC|O_CREAT. PiperOrigin-RevId: 278417533 --- pkg/sentry/syscalls/linux/sys_file.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'pkg/sentry/syscalls') diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go index b9a8e3e21..c9f57fe27 100644 --- a/pkg/sentry/syscalls/linux/sys_file.go +++ b/pkg/sentry/syscalls/linux/sys_file.go @@ -169,7 +169,7 @@ func openAt(t *kernel.Task, dirFD int32, addr usermem.Addr, flags uint) (fd uint if dirPath { return syserror.ENOTDIR } - if flags&linux.O_TRUNC != 0 { + if flags&linux.O_TRUNC != 0 && fs.IsRegular(d.Inode.StableAttr) { if err := d.Inode.Truncate(t, d, 0); err != nil { return err } @@ -397,7 +397,7 @@ func createAt(t *kernel.Task, dirFD int32, addr usermem.Addr, flags uint, mode l } // Should we truncate the file? - if flags&linux.O_TRUNC != 0 { + if flags&linux.O_TRUNC != 0 && fs.IsRegular(found.Inode.StableAttr) { if err := found.Inode.Truncate(t, found, 0); err != nil { return err } @@ -1483,7 +1483,7 @@ func Truncate(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc if fs.IsDir(d.Inode.StableAttr) { return syserror.EISDIR } - if !fs.IsFile(d.Inode.StableAttr) { + if !fs.IsRegular(d.Inode.StableAttr) { return syserror.EINVAL } @@ -1523,7 +1523,7 @@ func Ftruncate(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys // Note that this is different from truncate(2) above, where a // directory returns EISDIR. - if !fs.IsFile(file.Dirent.Inode.StableAttr) { + if !fs.IsRegular(file.Dirent.Inode.StableAttr) { return 0, nil, syserror.EINVAL } -- cgit v1.2.3