diff options
| author | Chirantan Ekbote <chirantan@chromium.org> | 2019-11-18 14:50:10 +0900 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2019-11-22 05:54:03 +0000 |
| commit | 37bd738b783053c2e94b4c215c32496bae5081ed (patch) | |
| tree | 41b282401ced41bfb926ab987cdf7e8821a51368 | |
| parent | 6576091e5623bb64af7076672b4ec4e42923ef3c (diff) | |
| download | crosvm-37bd738b783053c2e94b4c215c32496bae5081ed.tar crosvm-37bd738b783053c2e94b4c215c32496bae5081ed.tar.gz crosvm-37bd738b783053c2e94b4c215c32496bae5081ed.tar.bz2 crosvm-37bd738b783053c2e94b4c215c32496bae5081ed.tar.lz crosvm-37bd738b783053c2e94b4c215c32496bae5081ed.tar.xz crosvm-37bd738b783053c2e94b4c215c32496bae5081ed.tar.zst crosvm-37bd738b783053c2e94b4c215c32496bae5081ed.zip | |
devices: fs: Use 32-bit uid/gid values on arm
The setres{u,g}id and the gete{u,g}id system calls on arm use 16 bit
values for uid_t and gid_t. This causes the kernel to interpret a
uid/gid of 65535 as -1, which means do nothing.
Use the 32-bit variants of these system calls instead so that we can use
32-bit values. Normally, libc would take care of hiding these kinds of
implementation details but since we can't use the libc wrappers for
these system calls, we have to do it ourselves.
BUG=b:136128319
TEST=`tast run vm.Virtiofs` on kevin
Change-Id: I6c0fda42c131e059139000828b3a53d4a73f340c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1923569
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
| -rw-r--r-- | devices/src/virtio/fs/passthrough.rs | 21 | ||||
| -rw-r--r-- | seccomp/arm/fs_device.policy | 8 |
2 files changed, 23 insertions, 6 deletions
diff --git a/devices/src/virtio/fs/passthrough.rs b/devices/src/virtio/fs/passthrough.rs index 6b843fc..7f6e3bb 100644 --- a/devices/src/virtio/fs/passthrough.rs +++ b/devices/src/virtio/fs/passthrough.rs @@ -116,14 +116,31 @@ macro_rules! scoped_cred { } }; } +#[cfg(not(target_arch = "arm"))] scoped_cred!(ScopedUid, libc::uid_t, libc::SYS_setresuid); +#[cfg(target_arch = "arm")] +scoped_cred!(ScopedUid, libc::uid_t, libc::SYS_setresuid32); + +#[cfg(not(target_arch = "arm"))] scoped_cred!(ScopedGid, libc::gid_t, libc::SYS_setresgid); +#[cfg(target_arch = "arm")] +scoped_cred!(ScopedGid, libc::gid_t, libc::SYS_setresgid32); + +#[cfg(not(target_arch = "arm"))] +const SYS_GETEUID: libc::c_long = libc::SYS_geteuid; +#[cfg(target_arch = "arm")] +const SYS_GETEUID: libc::c_long = libc::SYS_geteuid32; + +#[cfg(not(target_arch = "arm"))] +const SYS_GETEGID: libc::c_long = libc::SYS_getegid; +#[cfg(target_arch = "arm")] +const SYS_GETEGID: libc::c_long = libc::SYS_getegid32; thread_local! { // Both these calls are safe because they take no parameters, and only return an integer value. // The kernel also guarantees that they can never fail. - static THREAD_EUID: libc::uid_t = unsafe { libc::syscall(libc::SYS_geteuid) as libc::uid_t }; - static THREAD_EGID: libc::gid_t = unsafe { libc::syscall(libc::SYS_getegid) as libc::gid_t }; + static THREAD_EUID: libc::uid_t = unsafe { libc::syscall(SYS_GETEUID) as libc::uid_t }; + static THREAD_EGID: libc::gid_t = unsafe { libc::syscall(SYS_GETEGID) as libc::gid_t }; } fn set_creds( diff --git a/seccomp/arm/fs_device.policy b/seccomp/arm/fs_device.policy index 2d90307..0ea7fe0 100644 --- a/seccomp/arm/fs_device.policy +++ b/seccomp/arm/fs_device.policy @@ -14,8 +14,8 @@ fstatat64: 1 fstatfs64: 1 ftruncate64: 1 getdents64: 1 -getegid: 1 -geteuid: 1 +getegid32: 1 +geteuid32: 1 linkat: 1 _llseek: 1 mkdirat: 1 @@ -24,8 +24,8 @@ preadv: 1 pwritev: 1 readlinkat: 1 renameat2: 1 -setresgid: 1 -setresuid: 1 +setresgid32: 1 +setresuid32: 1 symlinkat: 1 umask: 1 unlinkat: 1 |