From ec618a53e631e346e618a3a96d9eceac7eb2035f Mon Sep 17 00:00:00 2001 From: Mike Gerow Date: Fri, 26 Feb 2021 20:57:14 +0000 Subject: [PATCH] crosvm: accept pmem disks via FD This essentially duplicates the same implicit fd-passing support in create_block_device. By accepting the FD directly instead of opening the file under `/proc/self/fd/...` we can inherit the same permissions that a caller to concierge, for example, gets. This simultaneously allows crosvm to access files it might not otherwise be able to, and prevents it from misusing its privileges to potentially elevate a read-only FD to wa read/write FD. BUG=b:181347894 TEST=Start pmem VM passed from concierge via FD. Ensured the FD itself was used instead of crosvm re-opening the file under `/proc/self/fd...`. Change-Id: Ic4d4e6155a1978b45e82141609fdadff45ca987b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2724473 Tested-by: kokoro Reviewed-by: Chirantan Ekbote Commit-Queue: Mike Gerow --- src/linux.rs | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/linux.rs b/src/linux.rs index 2b373f21b5..e581353b18 100644 --- a/src/linux.rs +++ b/src/linux.rs @@ -1173,11 +1173,17 @@ fn create_pmem_device( index: usize, pmem_device_socket: VmMsyncRequestSocket, ) -> DeviceResult { - let fd = OpenOptions::new() - .read(true) - .write(!disk.read_only) - .open(&disk.path) - .map_err(|e| Error::Disk(disk.path.to_path_buf(), e))?; + // Special case '/proc/self/fd/*' paths. The FD is already open, just use it. + let fd: File = if disk.path.parent() == Some(Path::new("/proc/self/fd")) { + // Safe because we will validate |raw_fd|. + unsafe { File::from_raw_descriptor(raw_descriptor_from_path(&disk.path)?) } + } else { + OpenOptions::new() + .read(true) + .write(!disk.read_only) + .open(&disk.path) + .map_err(|e| Error::Disk(disk.path.to_path_buf(), e))? + }; let arena_size = { let metadata =