// Copyright 2018 The gVisor Authors. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. #include <errno.h> #include <fcntl.h> #include <linux/capability.h> #include <sys/stat.h> #include <sys/types.h> #include <unistd.h> #include "gmock/gmock.h" #include "gtest/gtest.h" #include "absl/memory/memory.h" #include "test/syscalls/linux/file_base.h" #include "test/util/capability_util.h" #include "test/util/cleanup.h" #include "test/util/file_descriptor.h" #include "test/util/fs_util.h" #include "test/util/temp_path.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" namespace gvisor { namespace testing { namespace { // This test is currently very rudimentary. // // There are plenty of extra cases to cover once the sentry supports them. // // Different types of opens: // * O_CREAT // * O_DIRECTORY // * O_NOFOLLOW // * O_PATH <- Will we ever support this? // // Special operations on open: // * O_EXCL // // Special files: // * Blocking behavior for a named pipe. // // Different errors: // * EACCES // * EEXIST // * ENAMETOOLONG // * ELOOP // * ENOTDIR // * EPERM class OpenTest : public FileTest { void SetUp() override { FileTest::SetUp(); ASSERT_THAT( write(test_file_fd_.get(), test_data_.c_str(), test_data_.length()), SyscallSucceedsWithValue(test_data_.length())); EXPECT_THAT(lseek(test_file_fd_.get(), 0, SEEK_SET), SyscallSucceeds()); } public: const std::string test_data_ = "hello world\n"; }; TEST_F(OpenTest, OTrunc) { auto dirpath = JoinPath(GetAbsoluteTestTmpdir(), "truncd"); ASSERT_THAT(mkdir(dirpath.c_str(), 0777), SyscallSucceeds()); ASSERT_THAT(open(dirpath.c_str(), O_TRUNC, 0666), SyscallFailsWithErrno(EISDIR)); } TEST_F(OpenTest, OTruncAndReadOnlyDir) { auto dirpath = JoinPath(GetAbsoluteTestTmpdir(), "truncd"); ASSERT_THAT(mkdir(dirpath.c_str(), 0777), SyscallSucceeds()); ASSERT_THAT(open(dirpath.c_str(), O_TRUNC | O_RDONLY, 0666), SyscallFailsWithErrno(EISDIR)); } TEST_F(OpenTest, OTruncAndReadOnlyFile) { auto dirpath = JoinPath(GetAbsoluteTestTmpdir(), "truncfile"); const FileDescriptor existing = ASSERT_NO_ERRNO_AND_VALUE(Open(dirpath.c_str(), O_RDWR | O_CREAT, 0666)); const FileDescriptor otrunc = ASSERT_NO_ERRNO_AND_VALUE( Open(dirpath.c_str(), O_TRUNC | O_RDONLY, 0666)); } TEST_F(OpenTest, ReadOnly) { char buf; const FileDescriptor ro_file = ASSERT_NO_ERRNO_AND_VALUE(Open(test_file_name_, O_RDONLY)); EXPECT_THAT(read(ro_file.get(), &buf, 1), SyscallSucceedsWithValue(1)); EXPECT_THAT(lseek(ro_file.get(), 0, SEEK_SET), SyscallSucceeds()); EXPECT_THAT(write(ro_file.get(), &buf, 1), SyscallFailsWithErrno(EBADF)); } TEST_F(OpenTest, WriteOnly) { char buf; const FileDescriptor wo_file = ASSERT_NO_ERRNO_AND_VALUE(Open(test_file_name_, O_WRONLY)); EXPECT_THAT(read(wo_file.get(), &buf, 1), SyscallFailsWithErrno(EBADF)); EXPECT_THAT(lseek(wo_file.get(), 0, SEEK_SET), SyscallSucceeds()); EXPECT_THAT(write(wo_file.get(), &buf, 1), SyscallSucceedsWithValue(1)); } TEST_F(OpenTest, ReadWrite) { char buf; const FileDescriptor rw_file = ASSERT_NO_ERRNO_AND_VALUE(Open(test_file_name_, O_RDWR)); EXPECT_THAT(read(rw_file.get(), &buf, 1), SyscallSucceedsWithValue(1)); EXPECT_THAT(lseek(rw_file.get(), 0, SEEK_SET), SyscallSucceeds()); EXPECT_THAT(write(rw_file.get(), &buf, 1), SyscallSucceedsWithValue(1)); } TEST_F(OpenTest, RelPath) { auto name = std::string(Basename(test_file_name_)); ASSERT_THAT(chdir(GetAbsoluteTestTmpdir().c_str()), SyscallSucceeds()); const FileDescriptor fd = ASSERT_NO_ERRNO_AND_VALUE(Open(name, O_RDONLY)); } TEST_F(OpenTest, AbsPath) { const FileDescriptor fd = ASSERT_NO_ERRNO_AND_VALUE(Open(test_file_name_, O_RDONLY)); } TEST_F(OpenTest, AtRelPath) { auto name = std::string(Basename(test_file_name_)); const FileDescriptor dirfd = ASSERT_NO_ERRNO_AND_VALUE( Open(GetAbsoluteTestTmpdir(), O_RDONLY | O_DIRECTORY)); const FileDescriptor fd = ASSERT_NO_ERRNO_AND_VALUE(OpenAt(dirfd.get(), name, O_RDONLY)); } TEST_F(OpenTest, AtAbsPath) { const FileDescriptor dirfd = ASSERT_NO_ERRNO_AND_VALUE( Open(GetAbsoluteTestTmpdir(), O_RDONLY | O_DIRECTORY)); const FileDescriptor fd = ASSERT_NO_ERRNO_AND_VALUE(OpenAt(dirfd.get(), test_file_name_, O_RDONLY)); } TEST_F(OpenTest, OpenNoFollowSymlink) { const std::string link_path = JoinPath(GetAbsoluteTestTmpdir(), "link"); ASSERT_THAT(symlink(test_file_name_.c_str(), link_path.c_str()), SyscallSucceeds()); auto cleanup = Cleanup([link_path]() { EXPECT_THAT(unlink(link_path.c_str()), SyscallSucceeds()); }); // Open will succeed without O_NOFOLLOW and fails with O_NOFOLLOW. const FileDescriptor fd2 = ASSERT_NO_ERRNO_AND_VALUE(Open(link_path, O_RDONLY)); ASSERT_THAT(open(link_path.c_str(), O_RDONLY | O_NOFOLLOW), SyscallFailsWithErrno(ELOOP)); } TEST_F(OpenTest, OpenNoFollowStillFollowsLinksInPath) { // We will create the following structure: // tmp_folder/real_folder/file // tmp_folder/sym_folder -> tmp_folder/real_folder // // We will then open tmp_folder/sym_folder/file with O_NOFOLLOW and it // should succeed as O_NOFOLLOW only applies to the final path component. auto tmp_path = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDirIn(GetAbsoluteTestTmpdir())); auto sym_path = ASSERT_NO_ERRNO_AND_VALUE( TempPath::CreateSymlinkTo(GetAbsoluteTestTmpdir(), tmp_path.path())); auto file_path = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFileIn(tmp_path.path())); auto path_via_symlink = JoinPath(sym_path.path(), Basename(file_path.path())); const FileDescriptor fd2 = ASSERT_NO_ERRNO_AND_VALUE(Open(path_via_symlink, O_RDONLY | O_NOFOLLOW)); } // Test that open(2) can follow symlinks that point back to the same tree. // Test sets up files as follows: // root/child/symlink => redirects to ../.. // root/child/target => regular file // // open("root/child/symlink/root/child/file") TEST_F(OpenTest, SymlinkRecurse) { auto root = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDirIn(GetAbsoluteTestTmpdir())); auto child = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDirIn(root.path())); auto symlink = ASSERT_NO_ERRNO_AND_VALUE( TempPath::CreateSymlinkTo(child.path(), "../..")); auto target = ASSERT_NO_ERRNO_AND_VALUE( TempPath::CreateFileWith(child.path(), "abc", 0644)); auto path_via_symlink = JoinPath(symlink.path(), Basename(root.path()), Basename(child.path()), Basename(target.path())); const auto contents = ASSERT_NO_ERRNO_AND_VALUE(GetContents(path_via_symlink)); ASSERT_EQ(contents, "abc"); } TEST_F(OpenTest, Fault) { char* totally_not_null = nullptr; ASSERT_THAT(open(totally_not_null, O_RDONLY), SyscallFailsWithErrno(EFAULT)); } TEST_F(OpenTest, AppendOnly) { // First write some data to the fresh file. const int64_t kBufSize = 1024; std::vector<char> buf(kBufSize, 'a'); FileDescriptor fd0 = ASSERT_NO_ERRNO_AND_VALUE(Open(test_file_name_, O_RDWR)); std::fill(buf.begin(), buf.end(), 'a'); EXPECT_THAT(WriteFd(fd0.get(), buf.data(), buf.size()), SyscallSucceedsWithValue(buf.size())); fd0.reset(); // Close the file early. // Next get two handles to the same file. We open two files because we want // to make sure that appending is respected between them. const FileDescriptor fd1 = ASSERT_NO_ERRNO_AND_VALUE(Open(test_file_name_, O_RDWR | O_APPEND)); EXPECT_THAT(lseek(fd1.get(), 0, SEEK_CUR), SyscallSucceedsWithValue(0)); const FileDescriptor fd2 = ASSERT_NO_ERRNO_AND_VALUE(Open(test_file_name_, O_RDWR | O_APPEND)); EXPECT_THAT(lseek(fd2.get(), 0, SEEK_CUR), SyscallSucceedsWithValue(0)); // Then try to write to the first file and make sure the bytes are appended. EXPECT_THAT(WriteFd(fd1.get(), buf.data(), buf.size()), SyscallSucceedsWithValue(buf.size())); // Check that the size of the file is correct and that the offset has been // incremented to that size. struct stat s0; EXPECT_THAT(fstat(fd1.get(), &s0), SyscallSucceeds()); EXPECT_EQ(s0.st_size, kBufSize * 2); EXPECT_THAT(lseek(fd1.get(), 0, SEEK_CUR), SyscallSucceedsWithValue(kBufSize * 2)); // Then try to write to the second file and make sure the bytes are appended. EXPECT_THAT(WriteFd(fd2.get(), buf.data(), buf.size()), SyscallSucceedsWithValue(buf.size())); // Check that the size of the file is correct and that the offset has been // incremented to that size. struct stat s1; EXPECT_THAT(fstat(fd2.get(), &s1), SyscallSucceeds()); EXPECT_EQ(s1.st_size, kBufSize * 3); EXPECT_THAT(lseek(fd2.get(), 0, SEEK_CUR), SyscallSucceedsWithValue(kBufSize * 3)); } TEST_F(OpenTest, AppendConcurrentWrite) { constexpr int kThreadCount = 5; constexpr int kBytesPerThread = 10000; std::unique_ptr<ScopedThread> threads[kThreadCount]; // In case of the uncached policy, we expect that a file system can be changed // externally, so we create a new inode each time when we open a file and we // can't guarantee that writes to files with O_APPEND will work correctly. SKIP_IF(getenv("GVISOR_GOFER_UNCACHED")); EXPECT_THAT(truncate(test_file_name_.c_str(), 0), SyscallSucceeds()); std::string filename = test_file_name_; DisableSave ds; // Too many syscalls. // Start kThreadCount threads which will write concurrently into the same // file. for (int i = 0; i < kThreadCount; i++) { threads[i] = absl::make_unique<ScopedThread>([filename]() { const FileDescriptor fd = ASSERT_NO_ERRNO_AND_VALUE(Open(filename, O_RDWR | O_APPEND)); for (int j = 0; j < kBytesPerThread; j++) { EXPECT_THAT(WriteFd(fd.get(), &j, 1), SyscallSucceedsWithValue(1)); } }); } for (int i = 0; i < kThreadCount; i++) { threads[i]->Join(); } // Check that the size of the file is correct. struct stat st; EXPECT_THAT(stat(test_file_name_.c_str(), &st), SyscallSucceeds()); EXPECT_EQ(st.st_size, kThreadCount * kBytesPerThread); } TEST_F(OpenTest, Truncate) { { // First write some data to the new file and close it. FileDescriptor fd0 = ASSERT_NO_ERRNO_AND_VALUE(Open(test_file_name_, O_WRONLY)); std::vector<char> orig(10, 'a'); EXPECT_THAT(WriteFd(fd0.get(), orig.data(), orig.size()), SyscallSucceedsWithValue(orig.size())); } // Then open with truncate and verify that offset is set to 0. const FileDescriptor fd1 = ASSERT_NO_ERRNO_AND_VALUE(Open(test_file_name_, O_RDWR | O_TRUNC)); EXPECT_THAT(lseek(fd1.get(), 0, SEEK_CUR), SyscallSucceedsWithValue(0)); // Then write less data to the file and ensure the old content is gone. std::vector<char> want(5, 'b'); EXPECT_THAT(WriteFd(fd1.get(), want.data(), want.size()), SyscallSucceedsWithValue(want.size())); struct stat stat; EXPECT_THAT(fstat(fd1.get(), &stat), SyscallSucceeds()); EXPECT_EQ(stat.st_size, want.size()); EXPECT_THAT(lseek(fd1.get(), 0, SEEK_CUR), SyscallSucceedsWithValue(want.size())); // Read the data and ensure only the latest write is in the file. std::vector<char> got(want.size() + 1, 'c'); ASSERT_THAT(pread(fd1.get(), got.data(), got.size(), 0), SyscallSucceedsWithValue(want.size())); EXPECT_EQ(memcmp(want.data(), got.data(), want.size()), 0) << "rbuf=" << got.data(); EXPECT_EQ(got.back(), 'c'); // Last byte should not have been modified. } TEST_F(OpenTest, NameTooLong) { char buf[4097] = {}; memset(buf, 'a', 4097); EXPECT_THAT(open(buf, O_RDONLY), SyscallFailsWithErrno(ENAMETOOLONG)); } TEST_F(OpenTest, DotsFromRoot) { const FileDescriptor rootfd = ASSERT_NO_ERRNO_AND_VALUE(Open("/", O_RDONLY | O_DIRECTORY)); const FileDescriptor other_rootfd = ASSERT_NO_ERRNO_AND_VALUE(OpenAt(rootfd.get(), "..", O_RDONLY)); } TEST_F(OpenTest, DirectoryWritableFails) { ASSERT_THAT(open(GetAbsoluteTestTmpdir().c_str(), O_RDWR), SyscallFailsWithErrno(EISDIR)); } TEST_F(OpenTest, FileNotDirectory) { // Create a file and try to open it with O_DIRECTORY. auto file = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFile()); ASSERT_THAT(open(file.path().c_str(), O_RDONLY | O_DIRECTORY), SyscallFailsWithErrno(ENOTDIR)); } TEST_F(OpenTest, Null) { char c = '\0'; ASSERT_THAT(open(&c, O_RDONLY), SyscallFailsWithErrno(ENOENT)); } // NOTE(b/119785738): While the man pages specify that this behavior should be // undefined, Linux truncates the file on opening read only if we have write // permission, so we will too. TEST_F(OpenTest, CanTruncateReadOnly) { const FileDescriptor fd1 = ASSERT_NO_ERRNO_AND_VALUE(Open(test_file_name_, O_RDONLY | O_TRUNC)); struct stat stat; EXPECT_THAT(fstat(fd1.get(), &stat), SyscallSucceeds()); EXPECT_EQ(stat.st_size, 0); } // If we don't have read permission on the file, opening with // O_TRUNC should fail. TEST_F(OpenTest, CanTruncateReadOnlyNoWritePermission_NoRandomSave) { // Drop capabilities that allow us to override file permissions. ASSERT_NO_ERRNO(SetCapability(CAP_DAC_OVERRIDE, false)); const DisableSave ds; // Permissions are dropped. ASSERT_THAT(chmod(test_file_name_.c_str(), S_IRUSR | S_IRGRP), SyscallSucceeds()); ASSERT_THAT(open(test_file_name_.c_str(), O_RDONLY | O_TRUNC), SyscallFailsWithErrno(EACCES)); const FileDescriptor fd1 = ASSERT_NO_ERRNO_AND_VALUE(Open(test_file_name_, O_RDONLY)); struct stat stat; EXPECT_THAT(fstat(fd1.get(), &stat), SyscallSucceeds()); EXPECT_EQ(stat.st_size, test_data_.size()); } // If we don't have read permission but have write permission, opening O_WRONLY // and O_TRUNC should succeed. TEST_F(OpenTest, CanTruncateWriteOnlyNoReadPermission_NoRandomSave) { const DisableSave ds; // Permissions are dropped. EXPECT_THAT(fchmod(test_file_fd_.get(), S_IWUSR | S_IWGRP), SyscallSucceeds()); const FileDescriptor fd1 = ASSERT_NO_ERRNO_AND_VALUE(Open(test_file_name_, O_WRONLY | O_TRUNC)); EXPECT_THAT(fchmod(test_file_fd_.get(), S_IRUSR | S_IRGRP), SyscallSucceeds()); const FileDescriptor fd2 = ASSERT_NO_ERRNO_AND_VALUE(Open(test_file_name_, O_RDONLY)); struct stat stat; EXPECT_THAT(fstat(fd2.get(), &stat), SyscallSucceeds()); EXPECT_EQ(stat.st_size, 0); } TEST_F(OpenTest, CanTruncateWithStrangePermissions) { ASSERT_NO_ERRNO(SetCapability(CAP_DAC_OVERRIDE, false)); ASSERT_NO_ERRNO(SetCapability(CAP_DAC_READ_SEARCH, false)); const DisableSave ds; // Permissions are dropped. std::string path = NewTempAbsPath(); int fd; // Create a file without user permissions. EXPECT_THAT( // SAVE_BELOW fd = open(path.c_str(), O_CREAT | O_TRUNC | O_WRONLY, 055), SyscallSucceeds()); EXPECT_THAT(close(fd), SyscallSucceeds()); // Cannot open file because we are owner and have no permissions set. EXPECT_THAT(open(path.c_str(), O_RDONLY), SyscallFailsWithErrno(EACCES)); // We *can* chmod the file, because we are the owner. EXPECT_THAT(chmod(path.c_str(), 0755), SyscallSucceeds()); // Now we can open the file again. EXPECT_THAT(fd = open(path.c_str(), O_RDWR), SyscallSucceeds()); EXPECT_THAT(close(fd), SyscallSucceeds()); } } // namespace } // namespace testing } // namespace gvisor