[LibOS] Fix NULL pointer dereference in pseudo fs

`inode::data` field keeps specific file system data. In case of pseudo fs it is a `pseudo_node`. However, when a lookup is done the `dentry` might not be fully initialized. Signed-off-by: Mariusz Zaborski <oshogbo@invisiblethingslab.com>
gramineproject · Apr 3, 2023 · 5154a59 · 5154a59
1 parent 25ddc0e
commit 5154a59
Show file tree

Hide file tree

Showing 7 changed files with 58 additions and 0 deletions.
diff --git a/libos/src/fs/libos_fs_pseudo.c b/libos/src/fs/libos_fs_pseudo.c
@@ -44,8 +44,12 @@ static struct pseudo_node* pseudo_find(struct libos_dentry* dent) {
         return pseudo_find_root(dent->mount->uri);
     }
 
+    assert(dent->parent != NULL);
     assert(dent->parent->inode);
+
     struct pseudo_node* parent_node = dent->parent->inode->data;
+    if (parent_node == NULL)
+        return NULL;
 
     /* Look for a child node with matching name */
     assert(parent_node->type == PSEUDO_DIR);

diff --git a/libos/test/regression/meson.build b/libos/test/regression/meson.build
@@ -66,6 +66,7 @@ tests = {
     'mprotect_prot_growsdown': {},
     'multi_pthread': {},
     'munmap': {},
+    'open_file': {},
     'open_opath': {},
     'openmp': {
         # NOTE: This will use `libgomp` in GCC and `libomp` in Clang.

diff --git a/libos/test/regression/open_file.c b/libos/test/regression/open_file.c
@@ -0,0 +1,23 @@
+/* SPDX-License-Identifier: LGPL-3.0-or-later */
+/* Copyright (C) 2023 Intel Corporation
+ *                    Mariusz Zaborski <oshogbo@invisiblethingslab.com>
+ */
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#include "common.h"
+
+int main(int argc, const char** argv) {
+    if (argc != 2) {
+        fprintf(stderr, "This test requires a file to test");
+        return 1;
+    }
+
+    int fd = CHECK(open(argv[1], O_RDONLY));
+    CHECK(close(fd));
+
+    puts("TEST OK");
+    return 0;
+}
diff --git a/libos/test/regression/shadow_pseudo_fs.manifest.template b/libos/test/regression/shadow_pseudo_fs.manifest.template
@@ -0,0 +1,24 @@
+{% set entrypoint = "open_file" -%}
+
+loader.entrypoint = "file:{{ gramine.libos }}"
+libos.entrypoint = "{{ entrypoint }}"
+
+loader.env.LD_LIBRARY_PATH = "/lib"
+loader.argv = [ "{{ entrypoint }}", "/proc/test/nested/dirs/exec" ]
+
+fs.mounts = [
+  { path = "/lib", uri = "file:{{ gramine.runtimedir(libc) }}" },
+  { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
+
+  # Let's shadow some file in /proc as it is a pseudo fs.
+  { path = "/proc/test/nested/dirs/exec", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
+]
+
+sgx.debug = true
+sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
+
+sgx.trusted_files = [
+  "file:{{ gramine.libos }}",
+  "file:{{ binary_dir }}/{{ entrypoint }}",
+  "file:{{ gramine.runtimedir(libc) }}/",
+]
diff --git a/libos/test/regression/test_libos.py b/libos/test/regression/test_libos.py
@@ -1070,6 +1070,10 @@ def test_021_procstat(self):
         # proc/stat Linux-based formatting
         self.assertIn('/proc/stat test passed', stdout)
 
+    def test_022_shadow_pseudo_fs(self):
+        stdout, _ = self.run_binary(['shadow_pseudo_fs'])
+        self.assertIn('TEST OK', stdout)
+
     def test_030_fdleak(self):
         # The fd limit is rather arbitrary, but must be in sync with numbers from the test.
         # Currently test opens 10 fds simultaneously, so 50 is a safe margin for any fds that

diff --git a/libos/test/regression/tests.toml b/libos/test/regression/tests.toml
@@ -96,6 +96,7 @@ manifests = [
   "select",
   "send_handle",
   "shared_object",
+  "shadow_pseudo_fs",
   "shebang_test_script",
   "sigaction_per_process",
   "sigaltstack",

diff --git a/libos/test/regression/tests_musl.toml b/libos/test/regression/tests_musl.toml
@@ -97,6 +97,7 @@ manifests = [
   "sealed_file_mod",
   "select",
   "send_handle",
+  "shadow_pseudo_fs",
   "shared_object",
   "sigaction_per_process",
   "sigaltstack",