-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement
personality(2)
for no-op personality bits.
This PR implements the [`personality(2)` syscall](https://www.man7.org/linux/man-pages/man2/personality.2.html) for personality bits that are no-ops on Linux. Fixes #10756. FUTURE_COPYBARA_INTEGRATE_REVIEW=#10757 from EtiennePerot:linux-is-not-a-personality-trait 91d3665 PiperOrigin-RevId: 665427818
- Loading branch information
1 parent
e0643b8
commit 693258e
Showing
12 changed files
with
277 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
// Copyright 2024 The gVisor Authors. | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package linux | ||
|
||
// Personality flags, used by personality(2), | ||
// from include/uapi/linux/personality.h. | ||
const ( | ||
SHORT_INODE = 0x1000000 | ||
WHOLE_SECONDS = 0x2000000 | ||
PER_LINUX = 0x0000 | ||
PER_BSD = 0x0006 | ||
) | ||
|
||
// NOTE: All of the above flags are non-security-sensitive and may be copied | ||
// from parent task to child task. However, this is not the case for all | ||
// personality bits. If adding more, check PER_CLEAR_ON_SETID and ensure that | ||
// these are cleared on suid/sgid execs. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
// Copyright 2024 The gVisor Authors. | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package linux | ||
|
||
import ( | ||
"gvisor.dev/gvisor/pkg/abi/linux" | ||
"gvisor.dev/gvisor/pkg/errors/linuxerr" | ||
"gvisor.dev/gvisor/pkg/sentry/arch" | ||
"gvisor.dev/gvisor/pkg/sentry/kernel" | ||
) | ||
|
||
const ( | ||
// getPersonality may be passed to `personality(2)` to get the current | ||
// personality bits without modifying them. | ||
getPersonality = 0xffffffff | ||
) | ||
|
||
// Personality implements Linux syscall personality(2). | ||
func Personality(t *kernel.Task, sysno uintptr, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { | ||
// allowedPersonalityBits are the personality bits that are allowed to be set. | ||
const allowedPersonalityBits = linux.PER_LINUX | linux.PER_BSD | linux.SHORT_INODE | linux.WHOLE_SECONDS | ||
|
||
personality := args[0].Uint() | ||
if personality == getPersonality { | ||
return uintptr(t.Personality()), nil, nil | ||
} | ||
if personality&allowedPersonalityBits != personality { | ||
return 0, nil, linuxerr.EINVAL | ||
} | ||
return uintptr(t.SetPersonality(personality)), nil, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,163 @@ | ||
// Copyright 2024 The gVisor Authors. | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
#include <sys/personality.h> | ||
|
||
#include "gtest/gtest.h" | ||
#include "test/util/multiprocess_util.h" | ||
#include "test/util/posix_error.h" | ||
#include "test/util/test_util.h" | ||
|
||
namespace gvisor { | ||
namespace testing { | ||
|
||
namespace { | ||
|
||
constexpr uint64_t kGetPersonality = 0xffffffff; | ||
constexpr uint64_t kUndefinedPersonalityBit = 0x00001000; | ||
|
||
TEST(PersonalityTest, DefaultPersonality) { | ||
EXPECT_THAT(personality(kGetPersonality), | ||
SyscallSucceedsWithValue(PER_LINUX)); | ||
} | ||
|
||
TEST(PersonalityTest, SetLinux) { | ||
EXPECT_THAT(personality(kGetPersonality), | ||
SyscallSucceedsWithValue(PER_LINUX)); | ||
EXPECT_THAT(InForkedProcess([&] { | ||
TEST_CHECK(personality(PER_LINUX) == PER_LINUX); | ||
TEST_CHECK(personality(kGetPersonality) == PER_LINUX); | ||
TEST_CHECK(personality(kGetPersonality) == PER_LINUX); | ||
}), | ||
IsPosixErrorOkAndHolds(0)); | ||
EXPECT_THAT(personality(kGetPersonality), | ||
SyscallSucceedsWithValue(PER_LINUX)); | ||
} | ||
|
||
TEST(PersonalityTest, SetBSD) { | ||
EXPECT_THAT(personality(kGetPersonality), | ||
SyscallSucceedsWithValue(PER_LINUX)); | ||
EXPECT_THAT(InForkedProcess([&] { | ||
TEST_CHECK(personality(PER_BSD) == PER_LINUX); | ||
TEST_CHECK(personality(kGetPersonality) == PER_BSD); | ||
}), | ||
IsPosixErrorOkAndHolds(0)); | ||
} | ||
|
||
TEST(PersonalityTest, PersonalityIsInheritable) { | ||
EXPECT_THAT( | ||
InForkedProcess([&] { | ||
TEST_CHECK(personality(PER_BSD) == PER_LINUX); | ||
TEST_CHECK(personality(kGetPersonality) == PER_BSD); | ||
TEST_CHECK( | ||
InForkedProcess([&] { | ||
TEST_CHECK(personality(kGetPersonality) == PER_BSD); | ||
TEST_CHECK(InForkedProcess([&] { | ||
TEST_CHECK(personality(kGetPersonality) == PER_BSD); | ||
}).ok()); | ||
TEST_CHECK(personality(PER_SOLARIS) == PER_BSD); | ||
TEST_CHECK(InForkedProcess([&] { | ||
TEST_CHECK(personality(kGetPersonality) == | ||
PER_SOLARIS); | ||
}).ok()); | ||
TEST_CHECK(personality(PER_BSD) == PER_SOLARIS); | ||
TEST_CHECK(InForkedProcess([&] { | ||
TEST_CHECK(personality(kGetPersonality) == PER_BSD); | ||
}).ok()); | ||
TEST_CHECK(personality(kGetPersonality) == PER_BSD); | ||
}).ok()); | ||
}), | ||
IsPosixErrorOkAndHolds(0)); | ||
} | ||
|
||
TEST(PersonalityTest, ChildPersonalityDoesNotAffectParent) { | ||
EXPECT_THAT( | ||
InForkedProcess([&] { | ||
TEST_CHECK(personality(PER_BSD) == PER_LINUX); | ||
TEST_CHECK(personality(kGetPersonality) == PER_BSD); | ||
TEST_CHECK(InForkedProcess([&] { | ||
TEST_CHECK(personality(PER_SOLARIS) == PER_BSD); | ||
TEST_CHECK(personality(kGetPersonality) == PER_SOLARIS); | ||
}).ok()); | ||
TEST_CHECK(personality(kGetPersonality) == PER_BSD); | ||
}), | ||
IsPosixErrorOkAndHolds(0)); | ||
TEST_CHECK(personality(kGetPersonality) == PER_LINUX); | ||
} | ||
|
||
TEST(PersonalityTest, SetShortInode) { | ||
EXPECT_THAT(InForkedProcess([&] { | ||
TEST_CHECK(personality(SHORT_INODE) == PER_LINUX); | ||
TEST_CHECK(personality(kGetPersonality) == SHORT_INODE); | ||
}), | ||
IsPosixErrorOkAndHolds(0)); | ||
} | ||
|
||
TEST(PersonalityTest, SetWholeSeconds) { | ||
EXPECT_THAT(InForkedProcess([&] { | ||
TEST_CHECK(personality(WHOLE_SECONDS) == PER_LINUX); | ||
TEST_CHECK(personality(kGetPersonality) == WHOLE_SECONDS); | ||
}), | ||
IsPosixErrorOkAndHolds(0)); | ||
} | ||
|
||
TEST(PersonalityTest, SetMultiple) { | ||
EXPECT_THAT(InForkedProcess([&] { | ||
TEST_CHECK(personality(PER_BSD | SHORT_INODE | WHOLE_SECONDS) == | ||
PER_LINUX); | ||
TEST_CHECK(personality(kGetPersonality) == | ||
(PER_BSD | SHORT_INODE | WHOLE_SECONDS)); | ||
}), | ||
IsPosixErrorOkAndHolds(0)); | ||
} | ||
|
||
TEST(PersonalityTest, SetThenUnset) { | ||
EXPECT_THAT( | ||
InForkedProcess([&] { | ||
TEST_CHECK(personality(PER_BSD | SHORT_INODE) == PER_LINUX); | ||
TEST_CHECK(personality(WHOLE_SECONDS | SHORT_INODE) == | ||
(PER_BSD | SHORT_INODE)); | ||
TEST_CHECK(personality(PER_BSD) == (WHOLE_SECONDS | SHORT_INODE)); | ||
TEST_CHECK(personality(kGetPersonality) == PER_BSD); | ||
}), | ||
IsPosixErrorOkAndHolds(0)); | ||
} | ||
|
||
TEST(PersonalityTest, UnsupportedPersonalityBitsAreRejected) { | ||
SKIP_IF(!IsRunningOnGvisor()); | ||
EXPECT_THAT(personality(kGetPersonality), | ||
SyscallSucceedsWithValue(PER_LINUX)); | ||
EXPECT_THAT(personality(MMAP_PAGE_ZERO), SyscallFailsWithErrno(EINVAL)); | ||
EXPECT_THAT(personality(ADDR_LIMIT_3GB), SyscallFailsWithErrno(EINVAL)); | ||
EXPECT_THAT(personality(ADDR_LIMIT_32BIT), SyscallFailsWithErrno(EINVAL)); | ||
EXPECT_THAT(personality(ADDR_NO_RANDOMIZE), SyscallFailsWithErrno(EINVAL)); | ||
EXPECT_THAT(personality(ADDR_COMPAT_LAYOUT), SyscallFailsWithErrno(EINVAL)); | ||
EXPECT_THAT(personality(READ_IMPLIES_EXEC), SyscallFailsWithErrno(EINVAL)); | ||
EXPECT_THAT(personality(STICKY_TIMEOUTS), SyscallFailsWithErrno(EINVAL)); | ||
EXPECT_THAT(personality(UNAME26), SyscallFailsWithErrno(EINVAL)); | ||
EXPECT_THAT(personality(FDPIC_FUNCPTRS), SyscallFailsWithErrno(EINVAL)); | ||
EXPECT_THAT(personality(PER_LINUX32), SyscallFailsWithErrno(EINVAL)); | ||
EXPECT_THAT(personality(PER_LINUX32_3GB), SyscallFailsWithErrno(EINVAL)); | ||
EXPECT_THAT(personality(PER_LINUX_32BIT), SyscallFailsWithErrno(EINVAL)); | ||
EXPECT_THAT(personality(PER_LINUX_FDPIC), SyscallFailsWithErrno(EINVAL)); | ||
EXPECT_THAT(personality(PER_RISCOS), SyscallFailsWithErrno(EINVAL)); | ||
EXPECT_THAT(personality(PER_SOLARIS), SyscallFailsWithErrno(EINVAL)); | ||
EXPECT_THAT(personality(kGetPersonality), | ||
SyscallSucceedsWithValue(PER_LINUX)); | ||
} | ||
|
||
} // namespace | ||
|
||
} // namespace testing | ||
} // namespace gvisor |