diff options
author | Chirantan Ekbote <chirantan@chromium.org> | 2018-11-16 11:35:24 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2019-01-07 19:40:14 -0800 |
commit | 2d292331df330b15365d0d2909b9fcaf8fca97ce (patch) | |
tree | 20dba369353353ecd5c1a9ed398af0cfddf57132 /sys_util/src/lib.rs | |
parent | 37c4a788a32d5b9c90b63e34062dab26f7280443 (diff) | |
download | crosvm-2d292331df330b15365d0d2909b9fcaf8fca97ce.tar crosvm-2d292331df330b15365d0d2909b9fcaf8fca97ce.tar.gz crosvm-2d292331df330b15365d0d2909b9fcaf8fca97ce.tar.bz2 crosvm-2d292331df330b15365d0d2909b9fcaf8fca97ce.tar.lz crosvm-2d292331df330b15365d0d2909b9fcaf8fca97ce.tar.xz crosvm-2d292331df330b15365d0d2909b9fcaf8fca97ce.tar.zst crosvm-2d292331df330b15365d0d2909b9fcaf8fca97ce.zip |
Move validate_raw_fd to sys_util
validate_raw_fd is needed for the plugin crate. Move it into a common location so that it can be shared by both the linux and plugin code. BUG=b:80150167 TEST=manual Change-Id: I427e10716e75b2619fd0f4ba6725fa40446db4af Signed-off-by: Chirantan Ekbote <chirantan@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1341101 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Reviewed-by: Dylan Reid <dgreid@chromium.org>
Diffstat (limited to 'sys_util/src/lib.rs')
-rw-r--r-- | sys_util/src/lib.rs | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/sys_util/src/lib.rs b/sys_util/src/lib.rs index 141c8b5..8e902ab50 100644 --- a/sys_util/src/lib.rs +++ b/sys_util/src/lib.rs @@ -73,7 +73,7 @@ pub use write_zeroes::{PunchHole, WriteZeroes}; use std::ffi::CStr; use std::fs::{remove_file, File}; -use std::os::unix::io::{AsRawFd, FromRawFd}; +use std::os::unix::io::{AsRawFd, FromRawFd, RawFd}; use std::os::unix::net::UnixDatagram; use std::ptr; @@ -301,3 +301,24 @@ impl Drop for UnlinkUnixDatagram { } } } + +/// Verifies that |raw_fd| is actually owned by this process and duplicates it to ensure that +/// we have a unique handle to it. +pub fn validate_raw_fd(raw_fd: RawFd) -> Result<RawFd> { + // Checking that close-on-exec isn't set helps filter out FDs that were opened by + // crosvm as all crosvm FDs are close on exec. + // Safe because this doesn't modify any memory and we check the return value. + let flags = unsafe { libc::fcntl(raw_fd, libc::F_GETFD) }; + if flags < 0 || (flags & libc::FD_CLOEXEC) != 0 { + return Err(Error::new(libc::EBADF)); + } + + // Duplicate the fd to ensure that we don't accidentally close an fd previously + // opened by another subsystem. Safe because this doesn't modify any memory and + // we check the return value. + let dup_fd = unsafe { libc::fcntl(raw_fd, libc::F_DUPFD_CLOEXEC, 0) }; + if dup_fd < 0 { + return Err(Error::last()); + } + Ok(dup_fd as RawFd) +} |