github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/pkg/sentry/syscalls/linux/vfs2/stat.go (about) 1 // Copyright 2020 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package vfs2 16 17 import ( 18 "github.com/SagerNet/gvisor/pkg/abi/linux" 19 "github.com/SagerNet/gvisor/pkg/bits" 20 "github.com/SagerNet/gvisor/pkg/errors/linuxerr" 21 "github.com/SagerNet/gvisor/pkg/fspath" 22 "github.com/SagerNet/gvisor/pkg/gohacks" 23 "github.com/SagerNet/gvisor/pkg/hostarch" 24 "github.com/SagerNet/gvisor/pkg/sentry/arch" 25 "github.com/SagerNet/gvisor/pkg/sentry/kernel" 26 "github.com/SagerNet/gvisor/pkg/sentry/kernel/auth" 27 "github.com/SagerNet/gvisor/pkg/sentry/vfs" 28 "github.com/SagerNet/gvisor/pkg/syserror" 29 ) 30 31 // Stat implements Linux syscall stat(2). 32 func Stat(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { 33 pathAddr := args[0].Pointer() 34 statAddr := args[1].Pointer() 35 return 0, nil, fstatat(t, linux.AT_FDCWD, pathAddr, statAddr, 0 /* flags */) 36 } 37 38 // Lstat implements Linux syscall lstat(2). 39 func Lstat(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { 40 pathAddr := args[0].Pointer() 41 statAddr := args[1].Pointer() 42 return 0, nil, fstatat(t, linux.AT_FDCWD, pathAddr, statAddr, linux.AT_SYMLINK_NOFOLLOW) 43 } 44 45 // Newfstatat implements Linux syscall newfstatat, which backs fstatat(2). 46 func Newfstatat(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { 47 dirfd := args[0].Int() 48 pathAddr := args[1].Pointer() 49 statAddr := args[2].Pointer() 50 flags := args[3].Int() 51 return 0, nil, fstatat(t, dirfd, pathAddr, statAddr, flags) 52 } 53 54 func fstatat(t *kernel.Task, dirfd int32, pathAddr, statAddr hostarch.Addr, flags int32) error { 55 if flags&^(linux.AT_EMPTY_PATH|linux.AT_SYMLINK_NOFOLLOW) != 0 { 56 return linuxerr.EINVAL 57 } 58 59 opts := vfs.StatOptions{ 60 Mask: linux.STATX_BASIC_STATS, 61 } 62 63 path, err := copyInPath(t, pathAddr) 64 if err != nil { 65 return err 66 } 67 68 root := t.FSContext().RootDirectoryVFS2() 69 defer root.DecRef(t) 70 start := root 71 if !path.Absolute { 72 if !path.HasComponents() && flags&linux.AT_EMPTY_PATH == 0 { 73 return syserror.ENOENT 74 } 75 if dirfd == linux.AT_FDCWD { 76 start = t.FSContext().WorkingDirectoryVFS2() 77 defer start.DecRef(t) 78 } else { 79 dirfile := t.GetFileVFS2(dirfd) 80 if dirfile == nil { 81 return linuxerr.EBADF 82 } 83 if !path.HasComponents() { 84 // Use FileDescription.Stat() instead of 85 // VirtualFilesystem.StatAt() for fstatat(fd, ""), since the 86 // former may be able to use opened file state to expedite the 87 // Stat. 88 statx, err := dirfile.Stat(t, opts) 89 dirfile.DecRef(t) 90 if err != nil { 91 return err 92 } 93 var stat linux.Stat 94 convertStatxToUserStat(t, &statx, &stat) 95 _, err = stat.CopyOut(t, statAddr) 96 return err 97 } 98 start = dirfile.VirtualDentry() 99 start.IncRef() 100 defer start.DecRef(t) 101 dirfile.DecRef(t) 102 } 103 } 104 105 statx, err := t.Kernel().VFS().StatAt(t, t.Credentials(), &vfs.PathOperation{ 106 Root: root, 107 Start: start, 108 Path: path, 109 FollowFinalSymlink: flags&linux.AT_SYMLINK_NOFOLLOW == 0, 110 }, &opts) 111 if err != nil { 112 return err 113 } 114 var stat linux.Stat 115 convertStatxToUserStat(t, &statx, &stat) 116 _, err = stat.CopyOut(t, statAddr) 117 return err 118 } 119 120 func timespecFromStatxTimestamp(sxts linux.StatxTimestamp) linux.Timespec { 121 return linux.Timespec{ 122 Sec: sxts.Sec, 123 Nsec: int64(sxts.Nsec), 124 } 125 } 126 127 // Fstat implements Linux syscall fstat(2). 128 func Fstat(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { 129 fd := args[0].Int() 130 statAddr := args[1].Pointer() 131 132 file := t.GetFileVFS2(fd) 133 if file == nil { 134 return 0, nil, linuxerr.EBADF 135 } 136 defer file.DecRef(t) 137 138 statx, err := file.Stat(t, vfs.StatOptions{ 139 Mask: linux.STATX_BASIC_STATS, 140 }) 141 if err != nil { 142 return 0, nil, err 143 } 144 var stat linux.Stat 145 convertStatxToUserStat(t, &statx, &stat) 146 _, err = stat.CopyOut(t, statAddr) 147 return 0, nil, err 148 } 149 150 // Statx implements Linux syscall statx(2). 151 func Statx(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { 152 dirfd := args[0].Int() 153 pathAddr := args[1].Pointer() 154 flags := args[2].Int() 155 mask := args[3].Uint() 156 statxAddr := args[4].Pointer() 157 158 if flags&^(linux.AT_EMPTY_PATH|linux.AT_SYMLINK_NOFOLLOW|linux.AT_STATX_SYNC_TYPE) != 0 { 159 return 0, nil, linuxerr.EINVAL 160 } 161 // Make sure that only one sync type option is set. 162 syncType := uint32(flags & linux.AT_STATX_SYNC_TYPE) 163 if syncType != 0 && !bits.IsPowerOfTwo32(syncType) { 164 return 0, nil, linuxerr.EINVAL 165 } 166 if mask&linux.STATX__RESERVED != 0 { 167 return 0, nil, linuxerr.EINVAL 168 } 169 170 opts := vfs.StatOptions{ 171 Mask: mask, 172 Sync: uint32(flags & linux.AT_STATX_SYNC_TYPE), 173 } 174 175 path, err := copyInPath(t, pathAddr) 176 if err != nil { 177 return 0, nil, err 178 } 179 180 root := t.FSContext().RootDirectoryVFS2() 181 defer root.DecRef(t) 182 start := root 183 if !path.Absolute { 184 if !path.HasComponents() && flags&linux.AT_EMPTY_PATH == 0 { 185 return 0, nil, syserror.ENOENT 186 } 187 if dirfd == linux.AT_FDCWD { 188 start = t.FSContext().WorkingDirectoryVFS2() 189 defer start.DecRef(t) 190 } else { 191 dirfile := t.GetFileVFS2(dirfd) 192 if dirfile == nil { 193 return 0, nil, linuxerr.EBADF 194 } 195 if !path.HasComponents() { 196 // Use FileDescription.Stat() instead of 197 // VirtualFilesystem.StatAt() for statx(fd, ""), since the 198 // former may be able to use opened file state to expedite the 199 // Stat. 200 statx, err := dirfile.Stat(t, opts) 201 dirfile.DecRef(t) 202 if err != nil { 203 return 0, nil, err 204 } 205 userifyStatx(t, &statx) 206 _, err = statx.CopyOut(t, statxAddr) 207 return 0, nil, err 208 } 209 start = dirfile.VirtualDentry() 210 start.IncRef() 211 defer start.DecRef(t) 212 dirfile.DecRef(t) 213 } 214 } 215 216 statx, err := t.Kernel().VFS().StatAt(t, t.Credentials(), &vfs.PathOperation{ 217 Root: root, 218 Start: start, 219 Path: path, 220 FollowFinalSymlink: flags&linux.AT_SYMLINK_NOFOLLOW == 0, 221 }, &opts) 222 if err != nil { 223 return 0, nil, err 224 } 225 userifyStatx(t, &statx) 226 _, err = statx.CopyOut(t, statxAddr) 227 return 0, nil, err 228 } 229 230 func userifyStatx(t *kernel.Task, statx *linux.Statx) { 231 userns := t.UserNamespace() 232 statx.UID = uint32(auth.KUID(statx.UID).In(userns).OrOverflow()) 233 statx.GID = uint32(auth.KGID(statx.GID).In(userns).OrOverflow()) 234 } 235 236 // Readlink implements Linux syscall readlink(2). 237 func Readlink(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { 238 pathAddr := args[0].Pointer() 239 bufAddr := args[1].Pointer() 240 size := args[2].SizeT() 241 return readlinkat(t, linux.AT_FDCWD, pathAddr, bufAddr, size) 242 } 243 244 // Access implements Linux syscall access(2). 245 func Access(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { 246 addr := args[0].Pointer() 247 mode := args[1].ModeT() 248 249 return 0, nil, accessAt(t, linux.AT_FDCWD, addr, mode) 250 } 251 252 // Faccessat implements Linux syscall faccessat(2). 253 // 254 // Note that the faccessat() system call does not take a flags argument: 255 // "The raw faccessat() system call takes only the first three arguments. The 256 // AT_EACCESS and AT_SYMLINK_NOFOLLOW flags are actually implemented within 257 // the glibc wrapper function for faccessat(). If either of these flags is 258 // specified, then the wrapper function employs fstatat(2) to determine access 259 // permissions." - faccessat(2) 260 func Faccessat(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { 261 dirfd := args[0].Int() 262 addr := args[1].Pointer() 263 mode := args[2].ModeT() 264 265 return 0, nil, accessAt(t, dirfd, addr, mode) 266 } 267 268 func accessAt(t *kernel.Task, dirfd int32, pathAddr hostarch.Addr, mode uint) error { 269 const rOK = 4 270 const wOK = 2 271 const xOK = 1 272 273 // Sanity check the mode. 274 if mode&^(rOK|wOK|xOK) != 0 { 275 return linuxerr.EINVAL 276 } 277 278 path, err := copyInPath(t, pathAddr) 279 if err != nil { 280 return err 281 } 282 tpop, err := getTaskPathOperation(t, dirfd, path, disallowEmptyPath, followFinalSymlink) 283 if err != nil { 284 return err 285 } 286 defer tpop.Release(t) 287 288 // access(2) and faccessat(2) check permissions using real 289 // UID/GID, not effective UID/GID. 290 // 291 // "access() needs to use the real uid/gid, not the effective 292 // uid/gid. We do this by temporarily clearing all FS-related 293 // capabilities and switching the fsuid/fsgid around to the 294 // real ones." -fs/open.c:faccessat 295 creds := t.Credentials().Fork() 296 creds.EffectiveKUID = creds.RealKUID 297 creds.EffectiveKGID = creds.RealKGID 298 if creds.EffectiveKUID.In(creds.UserNamespace) == auth.RootUID { 299 creds.EffectiveCaps = creds.PermittedCaps 300 } else { 301 creds.EffectiveCaps = 0 302 } 303 304 return t.Kernel().VFS().AccessAt(t, creds, vfs.AccessTypes(mode), &tpop.pop) 305 } 306 307 // Readlinkat implements Linux syscall mknodat(2). 308 func Readlinkat(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { 309 dirfd := args[0].Int() 310 pathAddr := args[1].Pointer() 311 bufAddr := args[2].Pointer() 312 size := args[3].SizeT() 313 return readlinkat(t, dirfd, pathAddr, bufAddr, size) 314 } 315 316 func readlinkat(t *kernel.Task, dirfd int32, pathAddr, bufAddr hostarch.Addr, size uint) (uintptr, *kernel.SyscallControl, error) { 317 if int(size) <= 0 { 318 return 0, nil, linuxerr.EINVAL 319 } 320 321 path, err := copyInPath(t, pathAddr) 322 if err != nil { 323 return 0, nil, err 324 } 325 // "Since Linux 2.6.39, pathname can be an empty string, in which case the 326 // call operates on the symbolic link referred to by dirfd ..." - 327 // readlinkat(2) 328 tpop, err := getTaskPathOperation(t, dirfd, path, allowEmptyPath, nofollowFinalSymlink) 329 if err != nil { 330 return 0, nil, err 331 } 332 defer tpop.Release(t) 333 334 target, err := t.Kernel().VFS().ReadlinkAt(t, t.Credentials(), &tpop.pop) 335 if err != nil { 336 return 0, nil, err 337 } 338 339 if len(target) > int(size) { 340 target = target[:size] 341 } 342 n, err := t.CopyOutBytes(bufAddr, gohacks.ImmutableBytesFromString(target)) 343 if n == 0 { 344 return 0, nil, err 345 } 346 return uintptr(n), nil, nil 347 } 348 349 // Statfs implements Linux syscall statfs(2). 350 func Statfs(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { 351 pathAddr := args[0].Pointer() 352 bufAddr := args[1].Pointer() 353 354 path, err := copyInPath(t, pathAddr) 355 if err != nil { 356 return 0, nil, err 357 } 358 tpop, err := getTaskPathOperation(t, linux.AT_FDCWD, path, disallowEmptyPath, followFinalSymlink) 359 if err != nil { 360 return 0, nil, err 361 } 362 defer tpop.Release(t) 363 364 statfs, err := t.Kernel().VFS().StatFSAt(t, t.Credentials(), &tpop.pop) 365 if err != nil { 366 return 0, nil, err 367 } 368 _, err = statfs.CopyOut(t, bufAddr) 369 return 0, nil, err 370 } 371 372 // Fstatfs implements Linux syscall fstatfs(2). 373 func Fstatfs(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { 374 fd := args[0].Int() 375 bufAddr := args[1].Pointer() 376 377 tpop, err := getTaskPathOperation(t, fd, fspath.Path{}, allowEmptyPath, nofollowFinalSymlink) 378 if err != nil { 379 return 0, nil, err 380 } 381 defer tpop.Release(t) 382 383 statfs, err := t.Kernel().VFS().StatFSAt(t, t.Credentials(), &tpop.pop) 384 if err != nil { 385 return 0, nil, err 386 } 387 _, err = statfs.CopyOut(t, bufAddr) 388 return 0, nil, err 389 }