Merge pull request #41 from sysprog21/fix-proc

Fix /proc dispatch for host-passthrough dirfds

Author: jserv

include/kbox/path.h

@@ -37,6 +37,17 @@ bool kbox_is_tty_like_path(const char *path);
 /* Check if path is a loader/runtime path (ld.so.cache, /lib, etc.). */
 bool kbox_is_loader_runtime_path(const char *path);
 
+/* Check whether a relative path contains ".." as a standalone component. */
+bool kbox_relative_path_has_dotdot(const char *path);
+
+/* Check if a relative lookup under a /proc-based host dirfd would resolve
+ * through a magic proc escape entry.
+ *
+ * This covers lookups rooted at /proc, /proc/self, /proc/thread-self, or
+ * /proc/<pid>, including task/<tid>/... relative paths under per-thread views.
+ */
+bool kbox_relative_proc_escape_path(const char *path);
+
 /* Normalize path relative to base, resolving . and .. lexically.
  * If @input is absolute, @base is ignored. Result is written to @out (must be
  * KBOX_MAX_PATH bytes).

src/dispatch-misc.c

@@ -108,10 +108,10 @@ struct kbox_dispatch forward_readlinkat(const struct kbox_syscall_request *req,
                                         struct kbox_supervisor_ctx *ctx)
 {
     pid_t pid = kbox_syscall_request_pid(req);
-    long dirfd_raw = to_dirfd_arg(kbox_syscall_request_arg(req, 0));
-    char pathbuf[KBOX_MAX_PATH];
-    int rc = guest_mem_read_string(ctx, pid, kbox_syscall_request_arg(req, 1),
-                                   pathbuf, sizeof(pathbuf));
+    char translated[KBOX_MAX_PATH];
+    long lkl_dirfd;
+    int rc = translate_request_at_path(req, ctx, 0, 1, translated,
+                                       sizeof(translated), &lkl_dirfd);
     if (rc < 0)
         return kbox_dispatch_errno(-rc);
 
@@ -123,15 +123,7 @@ struct kbox_dispatch forward_readlinkat(const struct kbox_syscall_request *req,
 
     if (remote_buf == 0)
         return kbox_dispatch_errno(EFAULT);
-
-    char translated[KBOX_MAX_PATH];
-    rc = kbox_translate_path_for_lkl(pid, pathbuf, ctx->host_root, translated,
-                                     sizeof(translated));
-    if (rc < 0)
-        return kbox_dispatch_errno(-rc);
-
-    long lkl_dirfd = resolve_open_dirfd(translated, dirfd_raw, ctx->fd_table);
-    if (lkl_dirfd < 0 && lkl_dirfd != AT_FDCWD_LINUX)
+    if (should_continue_for_dirfd(lkl_dirfd))
         return kbox_dispatch_continue();
 
     if (bufsiz > KBOX_MAX_PATH)
@@ -724,29 +716,20 @@ struct kbox_dispatch forward_symlinkat(const struct kbox_syscall_request *req,
 {
     pid_t pid = kbox_syscall_request_pid(req);
     char targetbuf[KBOX_MAX_PATH];
-    char linkpathbuf[KBOX_MAX_PATH];
     int rc;
 
     rc = guest_mem_read_string(ctx, pid, kbox_syscall_request_arg(req, 0),
                                targetbuf, sizeof(targetbuf));
     if (rc < 0)
         return kbox_dispatch_errno(-rc);
 
-    long newdirfd_raw = to_dirfd_arg(kbox_syscall_request_arg(req, 1));
-
-    rc = guest_mem_read_string(ctx, pid, kbox_syscall_request_arg(req, 2),
-                               linkpathbuf, sizeof(linkpathbuf));
-    if (rc < 0)
-        return kbox_dispatch_errno(-rc);
-
     char linktrans[KBOX_MAX_PATH];
-    rc = kbox_translate_path_for_lkl(pid, linkpathbuf, ctx->host_root,
-                                     linktrans, sizeof(linktrans));
+    long newdirfd;
+    rc = translate_request_at_path(req, ctx, 1, 2, linktrans, sizeof(linktrans),
+                                   &newdirfd);
     if (rc < 0)
         return kbox_dispatch_errno(-rc);
-
-    long newdirfd = resolve_open_dirfd(linktrans, newdirfd_raw, ctx->fd_table);
-    if (newdirfd < 0 && newdirfd != AT_FDCWD_LINUX)
+    if (should_continue_for_dirfd(newdirfd))
         return kbox_dispatch_continue();
 
     /* Target is stored as-is (not translated). */
@@ -759,44 +742,25 @@ struct kbox_dispatch forward_symlinkat(const struct kbox_syscall_request *req,
 struct kbox_dispatch forward_linkat(const struct kbox_syscall_request *req,
                                     struct kbox_supervisor_ctx *ctx)
 {
-    pid_t pid = kbox_syscall_request_pid(req);
-    long olddirfd_raw = to_dirfd_arg(kbox_syscall_request_arg(req, 0));
-    char oldpathbuf[KBOX_MAX_PATH];
     int rc;
-
-    rc = guest_mem_read_string(ctx, pid, kbox_syscall_request_arg(req, 1),
-                               oldpathbuf, sizeof(oldpathbuf));
-    if (rc < 0)
-        return kbox_dispatch_errno(-rc);
-
-    long newdirfd_raw = to_dirfd_arg(kbox_syscall_request_arg(req, 2));
-    char newpathbuf[KBOX_MAX_PATH];
-
-    rc = guest_mem_read_string(ctx, pid, kbox_syscall_request_arg(req, 3),
-                               newpathbuf, sizeof(newpathbuf));
-    if (rc < 0)
-        return kbox_dispatch_errno(-rc);
-
     long flags = to_c_long_arg(kbox_syscall_request_arg(req, 4));
 
     char oldtrans[KBOX_MAX_PATH];
-    rc = kbox_translate_path_for_lkl(pid, oldpathbuf, ctx->host_root, oldtrans,
-                                     sizeof(oldtrans));
+    long olddirfd;
+    rc = translate_request_at_path(req, ctx, 0, 1, oldtrans, sizeof(oldtrans),
+                                   &olddirfd);
     if (rc < 0)
         return kbox_dispatch_errno(-rc);
+    if (should_continue_for_dirfd(olddirfd))
+        return kbox_dispatch_continue();
 
     char newtrans[KBOX_MAX_PATH];
-    rc = kbox_translate_path_for_lkl(pid, newpathbuf, ctx->host_root, newtrans,
-                                     sizeof(newtrans));
+    long newdirfd;
+    rc = translate_request_at_path(req, ctx, 2, 3, newtrans, sizeof(newtrans),
+                                   &newdirfd);
     if (rc < 0)
         return kbox_dispatch_errno(-rc);
-
-    long olddirfd = resolve_open_dirfd(oldtrans, olddirfd_raw, ctx->fd_table);
-    if (olddirfd < 0 && olddirfd != AT_FDCWD_LINUX)
-        return kbox_dispatch_continue();
-
-    long newdirfd = resolve_open_dirfd(newtrans, newdirfd_raw, ctx->fd_table);
-    if (newdirfd < 0 && newdirfd != AT_FDCWD_LINUX)
+    if (should_continue_for_dirfd(newdirfd))
         return kbox_dispatch_continue();
 
     long ret = kbox_lkl_linkat(ctx->sysnrs, olddirfd, oldtrans, newdirfd,
@@ -824,20 +788,12 @@ struct kbox_dispatch forward_utimensat(const struct kbox_syscall_request *req,
     int rc;
 
     if (kbox_syscall_request_arg(req, 1) != 0) {
-        char pathbuf[KBOX_MAX_PATH];
-        rc = guest_mem_read_string(ctx, pid, kbox_syscall_request_arg(req, 1),
-                                   pathbuf, sizeof(pathbuf));
+        rc = translate_request_at_path(req, ctx, 0, 1, translated,
+                                       sizeof(translated), &lkl_dirfd);
         if (rc < 0)
             return kbox_dispatch_errno(-rc);
-
-        rc = kbox_translate_path_for_lkl(pid, pathbuf, ctx->host_root,
-                                         translated, sizeof(translated));
-        if (rc < 0)
-            return kbox_dispatch_errno(-rc);
-
         translated_path = translated;
-        lkl_dirfd = resolve_open_dirfd(translated, dirfd_raw, ctx->fd_table);
-        if (lkl_dirfd < 0 && lkl_dirfd != AT_FDCWD_LINUX)
+        if (should_continue_for_dirfd(lkl_dirfd))
             return kbox_dispatch_continue();
     } else {
         translated_path = NULL;

src/path.c

@@ -32,6 +32,30 @@ static bool is_prefix_dir(const char *path, const char *prefix)
     return path[plen] == '\0' || path[plen] == '/';
 }
 
+static const char *component_end(const char *s)
+{
+    while (*s && *s != '/')
+        s++;
+    return s;
+}
+
+static bool proc_escape_tail(const char *tail)
+{
+    if (is_prefix_dir(tail, "root"))
+        return true;
+    if (is_prefix_dir(tail, "cwd"))
+        return true;
+    if (is_prefix_dir(tail, "exe"))
+        return true;
+    if (is_prefix_dir(tail, "fd"))
+        return true;
+    if (is_prefix_dir(tail, "fdinfo"))
+        return true;
+    if (is_prefix_dir(tail, "map_files"))
+        return true;
+    return false;
+}
+
 /* Check if the string at @s is composed entirely of decimal digits.
  * Returns true for non-empty all-digit strings (i.e., a numeric PID).
  */
@@ -81,8 +105,8 @@ bool kbox_is_proc_escape_path(const char *path)
         return false;
 
     /* Must be "self", "thread-self", or a numeric PID. */
-    bool is_self = (comp_len == 4 && memcmp(p, "self", 4) == 0);
-    bool is_thread_self = (comp_len == 11 && memcmp(p, "thread-self", 11) == 0);
+    bool is_self = (comp_len == 4 && !memcmp(p, "self", 4));
+    bool is_thread_self = (comp_len == 11 && !memcmp(p, "thread-self", 11));
     if (!is_self && !is_thread_self && !is_numeric(p, comp_len))
         return false;
 
@@ -107,15 +131,13 @@ bool kbox_is_proc_escape_path(const char *path)
         tail = tid_end + 1;
     }
 
-    /* Check for the dangerous symlink names. */
-    if (is_prefix_dir(tail, "root"))
-        return true;
-    if (is_prefix_dir(tail, "cwd"))
-        return true;
-    if (is_prefix_dir(tail, "exe"))
-        return true;
-
-    return false;
+    /* Check for dangerous symlink/directory names.
+     *
+     * root, cwd, exe: magic symlinks that resolve to host filesystem locations.
+     * fd, fdinfo: per-FD symlinks that resolve to host file objects.
+     * map_files: memory-mapping symlinks that resolve to host file paths.
+     */
+    return proc_escape_tail(tail);
 }
 
 bool kbox_is_lkl_virtual_path(const char *path)
@@ -159,6 +181,55 @@ bool kbox_is_loader_runtime_path(const char *path)
     return false;
 }
 
+bool kbox_relative_path_has_dotdot(const char *path)
+{
+    if (!path)
+        return false;
+
+    while (*path) {
+        if (path[0] == '.' && path[1] == '.' &&
+            (path[2] == '/' || path[2] == '\0'))
+            return true;
+        while (*path && *path != '/')
+            path++;
+        while (*path == '/')
+            path++;
+    }
+    return false;
+}
+
+bool kbox_relative_proc_escape_path(const char *path)
+{
+    char probe[KBOX_MAX_PATH];
+    const char *tail;
+    const char *tid_end;
+    size_t task_len;
+    int n;
+
+    if (!path || path[0] == '\0')
+        return false;
+
+    /* From a /proc dirfd, "self/root/..." and similar are already enough. */
+    n = snprintf(probe, sizeof(probe), "/proc/%s", path);
+    if (n > 0 && (size_t) n < sizeof(probe) && kbox_is_proc_escape_path(probe))
+        return true;
+
+    /* From /proc/self, /proc/thread-self, or /proc/<pid>, look for direct
+     * magic entries like "root" plus task/<tid>/root escapes.
+     */
+    if (proc_escape_tail(path))
+        return true;
+
+    if (!starts_with(path, "task/"))
+        return false;
+    tail = path + 5;
+    tid_end = component_end(tail);
+    task_len = (size_t) (tid_end - tail);
+    if (task_len == 0 || !is_numeric(tail, task_len) || *tid_end != '/')
+        return false;
+    return proc_escape_tail(tid_end + 1);
+}
+
 /* Lexical path normalization.
  *
  * Processes each component of input: