diff --git a/pkg/sentry/fs/dev/null.go b/pkg/sentry/fs/dev/null.go index 18dd08515..4404b97ef 100644 --- a/pkg/sentry/fs/dev/null.go +++ b/pkg/sentry/fs/dev/null.go @@ -97,6 +97,7 @@ func newZeroDevice(ctx context.Context, owner fs.FileOwner, mode linux.FileMode) func (zd *zeroDevice) GetFile(ctx context.Context, dirent *fs.Dirent, flags fs.FileFlags) (*fs.File, error) { flags.Pread = true flags.Pwrite = true + flags.NonSeekable = true return fs.NewFile(ctx, dirent, flags, &zeroFileOperations{}), nil } diff --git a/pkg/sentry/fs/file.go b/pkg/sentry/fs/file.go index 6df7d7b4f..55ffe6c0c 100644 --- a/pkg/sentry/fs/file.go +++ b/pkg/sentry/fs/file.go @@ -267,7 +267,7 @@ func (f *File) Readv(ctx context.Context, dst usermem.IOSequence) (int64, error) reads.Increment() n, err := f.FileOperations.Read(ctx, f, dst, f.offset) - if n > 0 { + if n > 0 && !f.flags.NonSeekable { atomic.AddInt64(&f.offset, n) } f.mu.Unlock() @@ -330,7 +330,7 @@ func (f *File) Writev(ctx context.Context, src usermem.IOSequence) (int64, error // We must hold the lock during the write. n, err := f.FileOperations.Write(ctx, f, src, f.offset) - if n >= 0 { + if n >= 0 && !f.flags.NonSeekable { atomic.StoreInt64(&f.offset, f.offset+n) } f.mu.Unlock() diff --git a/pkg/sentry/fs/flags.go b/pkg/sentry/fs/flags.go index f31bfa0db..1278f9c78 100644 --- a/pkg/sentry/fs/flags.go +++ b/pkg/sentry/fs/flags.go @@ -57,6 +57,9 @@ type FileFlags struct { // Linux sets this flag for all files. Since gVisor is only compatible // with 64-bit Linux, it also sets this flag for all files. LargeFile bool + + // NonSeekable indicates that file.offset isn't used. + NonSeekable bool } // SettableFileFlags is a subset of FileFlags above that can be changed diff --git a/pkg/sentry/kernel/pipe/pipe.go b/pkg/sentry/kernel/pipe/pipe.go index 755326d59..8e49070a9 100644 --- a/pkg/sentry/kernel/pipe/pipe.go +++ b/pkg/sentry/kernel/pipe/pipe.go @@ -162,6 +162,7 @@ func NewConnectedPipe(ctx context.Context, sizeBytes, atomicIOBytes int64) (*fs. // // Precondition: at least one of flags.Read or flags.Write must be set. func (p *Pipe) Open(ctx context.Context, d *fs.Dirent, flags fs.FileFlags) *fs.File { + flags.NonSeekable = true switch { case flags.Read && flags.Write: p.rOpen() diff --git a/pkg/sentry/socket/epsocket/epsocket.go b/pkg/sentry/socket/epsocket/epsocket.go index a42cf4caf..8e65e1b3f 100644 --- a/pkg/sentry/socket/epsocket/epsocket.go +++ b/pkg/sentry/socket/epsocket/epsocket.go @@ -262,7 +262,7 @@ func New(t *kernel.Task, family int, skType linux.SockType, protocol int, queue dirent := socket.NewDirent(t, epsocketDevice) defer dirent.DecRef() - return fs.NewFile(t, dirent, fs.FileFlags{Read: true, Write: true}, &SocketOperations{ + return fs.NewFile(t, dirent, fs.FileFlags{Read: true, Write: true, NonSeekable: true}, &SocketOperations{ Queue: queue, family: family, Endpoint: endpoint, diff --git a/pkg/sentry/socket/hostinet/socket.go b/pkg/sentry/socket/hostinet/socket.go index cef007aca..c63f3aacf 100644 --- a/pkg/sentry/socket/hostinet/socket.go +++ b/pkg/sentry/socket/hostinet/socket.go @@ -77,7 +77,7 @@ func newSocketFile(ctx context.Context, family int, stype linux.SockType, protoc } dirent := socket.NewDirent(ctx, socketDevice) defer dirent.DecRef() - return fs.NewFile(ctx, dirent, fs.FileFlags{NonBlocking: nonblock, Read: true, Write: true}, s), nil + return fs.NewFile(ctx, dirent, fs.FileFlags{NonBlocking: nonblock, Read: true, Write: true, NonSeekable: true}, s), nil } // Release implements fs.FileOperations.Release. diff --git a/pkg/sentry/socket/netlink/provider.go b/pkg/sentry/socket/netlink/provider.go index 31d2ca494..689cad997 100644 --- a/pkg/sentry/socket/netlink/provider.go +++ b/pkg/sentry/socket/netlink/provider.go @@ -89,7 +89,7 @@ func (*socketProvider) Socket(t *kernel.Task, stype linux.SockType, protocol int d := socket.NewDirent(t, netlinkSocketDevice) defer d.DecRef() - return fs.NewFile(t, d, fs.FileFlags{Read: true, Write: true}, s), nil + return fs.NewFile(t, d, fs.FileFlags{Read: true, Write: true, NonSeekable: true}, s), nil } // Pair implements socket.Provider.Pair by returning an error. diff --git a/pkg/sentry/socket/rpcinet/socket.go b/pkg/sentry/socket/rpcinet/socket.go index ba33eb671..c76b48ead 100644 --- a/pkg/sentry/socket/rpcinet/socket.go +++ b/pkg/sentry/socket/rpcinet/socket.go @@ -322,7 +322,13 @@ func (s *socketOperations) Accept(t *kernel.Task, peerRequested bool, flags int, dirent := socket.NewDirent(t, socketDevice) defer dirent.DecRef() - file := fs.NewFile(t, dirent, fs.FileFlags{Read: true, Write: true, NonBlocking: flags&linux.SOCK_NONBLOCK != 0}, &socketOperations{ + fileFlags := fs.FileFlags{ + Read: true, + Write: true, + NonSeekable: true, + NonBlocking: flags&linux.SOCK_NONBLOCK != 0, + } + file := fs.NewFile(t, dirent, fileFlags, &socketOperations{ wq: &wq, fd: payload.Fd, rpcConn: s.rpcConn, diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go index 97db87f3e..5fc43db8c 100644 --- a/pkg/sentry/socket/unix/unix.go +++ b/pkg/sentry/socket/unix/unix.go @@ -64,7 +64,7 @@ type SocketOperations struct { func New(ctx context.Context, endpoint transport.Endpoint, stype linux.SockType) *fs.File { dirent := socket.NewDirent(ctx, unixSocketDevice) defer dirent.DecRef() - return NewWithDirent(ctx, dirent, endpoint, stype, fs.FileFlags{Read: true, Write: true}) + return NewWithDirent(ctx, dirent, endpoint, stype, fs.FileFlags{Read: true, Write: true, NonSeekable: true}) } // NewWithDirent creates a new unix socket using an existing dirent.