fixup! Support DriveMount API in CreateVM.

sipsma · sipsma · commit f2312e513795 · 2019-10-18T01:39:52.000Z
Signed-off-by: Erik Sipsma &lt;sipsma@amazon.com&gt;
diff --git a/agent/drive_handler.go b/agent/drive_handler.go
@@ -166,13 +166,13 @@ func isStubDrive(d drive) bool {
 }
 
 func (dh driveHandler) MountDrive(ctx context.Context, req *drivemount.MountDriveRequest) (*empty.Empty, error) {
-	logger := log.G(ctx).WithField("MountDriveRequest", req.String())
-	logger.Debug()
+	logger := log.G(ctx)
+	logger.Debugf("%+v", req.String())
+	logger = logger.WithField("drive_id", req.DriveID)
 
-	driveID := strings.TrimSpace(req.DriveID)
-	drive, ok := dh.GetDrive(driveID)
+	drive, ok := dh.GetDrive(req.DriveID)
 	if !ok {
-		return nil, fmt.Errorf("Drive %q could not be found", driveID)
+		return nil, fmt.Errorf("drive %q could not be found", req.DriveID)
 	}
 	logger = logger.WithField("drive_path", drive.Path())
 
@@ -184,7 +184,12 @@ func (dh driveHandler) MountDrive(ctx context.Context, req *drivemount.MountDriv
 	}
 
 	for _, systemDir := range bannedSystemDirs {
-		if strings.HasPrefix(filepath.Clean(resolvedDest), filepath.Clean(systemDir)) {
+		isUnder, err := isOrUnderDir(filepath.Clean(resolvedDest), filepath.Clean(systemDir))
+		if err != nil {
+			return nil, errors.Errorf("failed to check if %q is under dir %q", resolvedDest, systemDir)
+		}
+
+		if isUnder {
 			return nil, errors.Errorf(
 				"drive mount destination %q resolves to path %q under banned system directory %q",
 				req.DestinationPath, resolvedDest, systemDir,
@@ -229,6 +234,7 @@ func (dh driveHandler) MountDrive(ctx context.Context, req *drivemount.MountDriv
 // evalAnySymlinks is similar to filepath.EvalSymlinks, except it will not return an error if part of the
 // provided path does not exist. It will evaluate symlinks present in the path up to a component that doesn't
 // exist, at which point it will just append the rest of the provided path to what has been resolved so far.
+// We validate earlier that input to this function is an absolute path.
 func evalAnySymlinks(path string) (string, error) {
 	curPath := "/"
 	pathSplit := strings.Split(filepath.Clean(path), "/")
@@ -248,3 +254,13 @@ func evalAnySymlinks(path string) (string, error) {
 
 	return curPath, nil
 }
+
+// returns whether the given path is the provided baseDir or is under it
+func isOrUnderDir(path, baseDir string) (bool, error) {
+	relPath, err := filepath.Rel(baseDir, path)
+	if err != nil {
+		return false, err
+	}
+
+	return !strings.HasPrefix(relPath, "../") && relPath != "..", nil
+}
diff --git a/agent/drive_handler_test.go b/agent/drive_handler_test.go
@@ -57,3 +57,137 @@ func TestEvalAnySymlinks(t *testing.T) {
 	require.NoError(t, err, "failed to get current working dir")
 	assert.Equal(t, filepath.Join(cwd, nonExistentPath), resolvedPath)
 }
+
+func TestIsOrUnderDir(t *testing.T) {
+	type testcase struct {
+		baseDir      string
+		path         string
+		expectedTrue bool
+		expectedErr  bool
+	}
+
+	for _, tc := range []testcase{
+		{
+			baseDir:      "/foo",
+			path:         "/foo/bar",
+			expectedTrue: true,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/foo/bar",
+			path:         "/foo/bar/baz",
+			expectedTrue: true,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/foo",
+			path:         "/foo",
+			expectedTrue: true,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/foo/bar",
+			path:         "/foo/bar",
+			expectedTrue: true,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/foo",
+			path:         "/foobar",
+			expectedTrue: false,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/foo",
+			path:         "/bar",
+			expectedTrue: false,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/foo/bar",
+			path:         "/bar",
+			expectedTrue: false,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/foo/bar",
+			path:         "/foo",
+			expectedTrue: false,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/foo/bar",
+			path:         "/bar/bar",
+			expectedTrue: false,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/foo",
+			path:         "foo",
+			expectedTrue: false,
+			expectedErr:  true,
+		},
+		{
+			baseDir:      "/foo",
+			path:         "bar",
+			expectedTrue: false,
+			expectedErr:  true,
+		},
+		{
+			baseDir:      "/foo",
+			path:         "/foo/../foo",
+			expectedTrue: true,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/foo/bar",
+			path:         "/foo/../foo/bar",
+			expectedTrue: true,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/foo",
+			path:         "/foo/../bar",
+			expectedTrue: false,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/foo",
+			path:         "/foo/..bar",
+			expectedTrue: true,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/foo",
+			path:         "/foo/..bar/baz",
+			expectedTrue: true,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/",
+			path:         "/",
+			expectedTrue: true,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/foo",
+			path:         "/",
+			expectedTrue: false,
+			expectedErr:  false,
+		},
+		{
+			baseDir:      "/",
+			path:         "/foo",
+			expectedTrue: true,
+			expectedErr:  false,
+		},
+	} {
+		isUnder, err := isOrUnderDir(tc.path, tc.baseDir)
+		assert.Equalf(t, tc.expectedTrue, isUnder, "unexpected output for isOrUnderDir case %+v", tc)
+		if tc.expectedErr {
+			assert.Errorf(t, err, "unexpected error from isOrUnderDir case %+v", tc)
+		} else {
+			assert.NoErrorf(t, err, "unexpected error from isOrUnderDir case %+v", tc)
+		}
+	}
+}
diff --git a/agent/service.go b/agent/service.go
@@ -146,7 +146,7 @@ func (ts *TaskService) Create(requestCtx context.Context, req *taskAPI.CreateTas
 		if err != nil {
 			cleanupErr := ts.doCleanup(taskID, execID)
 			if cleanupErr != nil {
-				logger.WithError(err).Error("failed to cleanup task")
+				logger.WithError(cleanupErr).Error("failed to cleanup task")
 			}
 		}
 	}()
@@ -390,7 +390,7 @@ func (ts *TaskService) Exec(requestCtx context.Context, req *taskAPI.ExecProcess
 		if err != nil {
 			cleanupErr := ts.doCleanup(taskID, execID)
 			if cleanupErr != nil {
-				logger.WithError(err).Error("failed to cleanup task")
+				logger.WithError(cleanupErr).Error("failed to cleanup task")
 			}
 		}
 	}()
diff --git a/internal/fsutil.go b/internal/fsutil.go
@@ -90,12 +90,14 @@ func ParseProcMountLines(lines ...string) ([]MountInfo, error) {
 		}
 
 		// see man 5 fstab for the format of /proc/mounts
-		var source string
-		var dest string
-		var fstype string
-		var optionsStr string
-		var dumpFreq int
-		var passno int
+		var (
+			source     string
+			dest       string
+			fstype     string
+			optionsStr string
+			dumpFreq   int
+			passno     int
+		)
 		_, err := fmt.Sscanf(line, "%s %s %s %s %d %d", &source, &dest, &fstype, &optionsStr, &dumpFreq, &passno)
 		if err != nil {
 			return nil, errors.Wrapf(err, "failed to parse /proc/mount line %q", line)
diff --git a/runtime/drive_handler.go b/runtime/drive_handler.go
@@ -168,13 +168,13 @@ func (h *stubDriveHandler) InDriveSet(path string) bool {
 }
 
 // PatchStubDrive will replace the next available stub drive with the provided drive
-func (h *stubDriveHandler) PatchStubDrive(ctx context.Context, client firecracker.MachineIface, pathOnHost string) (*string, error) {
+func (h *stubDriveHandler) PatchStubDrive(ctx context.Context, client firecracker.MachineIface, pathOnHost string) (string, error) {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()
 
 	// Check to see if stubDriveIndex has increased more than the drive amount.
 	if h.stubDriveIndex >= int64(len(h.drives)) {
-		return nil, ErrDrivesExhausted
+		return "", ErrDrivesExhausted
 	}
 
 	d := h.drives[h.stubDriveIndex]
@@ -183,16 +183,16 @@ func (h *stubDriveHandler) PatchStubDrive(ctx context.Context, client firecracke
 	if d.DriveID == nil {
 		// this should never happen, but we want to ensure that we never nil
 		// dereference
-		return nil, ErrDriveIDNil
+		return "", ErrDriveIDNil
 	}
 
 	h.drives[h.stubDriveIndex] = d
 
 	err := client.UpdateGuestDrive(ctx, firecracker.StringValue(d.DriveID), pathOnHost)
 	if err != nil {
-		return nil, err
+		return "", err
 	}
 
 	h.stubDriveIndex++
-	return d.DriveID, nil
+	return firecracker.StringValue(d.DriveID), nil
 }
diff --git a/runtime/drive_handler_test.go b/runtime/drive_handler_test.go
@@ -97,7 +97,7 @@ func TestPatchStubDrive(t *testing.T) {
 	for i, path := range expectedReplacements {
 		driveID, err := handler.PatchStubDrive(ctx, client, path)
 		assert.NoError(t, err, "failed to patch stub drive")
-		assert.Equal(t, expectedDriveIDs[i], firecracker.StringValue(driveID), "drive ids are not equal")
+		assert.Equal(t, expectedDriveIDs[i], driveID, "drive ids are not equal")
 	}
 }
 
diff --git a/runtime/service.go b/runtime/service.go
@@ -521,7 +521,7 @@ func (s *service) mountDrives(requestCtx context.Context, driveMounts []*proto.F
 		}
 
 		_, err = s.driveMountClient.MountDrive(requestCtx, &drivemount.MountDriveRequest{
-			DriveID:         *driveID,
+			DriveID:         driveID,
 			DestinationPath: driveMount.VMPath,
 			FilesytemType:   driveMount.FilesystemType,
 			Options:         driveMount.Options,
@@ -753,9 +753,8 @@ func (s *service) Create(requestCtx context.Context, request *taskAPI.CreateTask
 		return nil, err
 	}
 
-	var driveID *string
 	for _, mnt := range request.Rootfs {
-		driveID, err = s.stubDriveHandler.PatchStubDrive(requestCtx, s.machine, mnt.Source)
+		driveID, err := s.stubDriveHandler.PatchStubDrive(requestCtx, s.machine, mnt.Source)
 		if err != nil {
 			if err == ErrDrivesExhausted {
 				return nil, errors.Wrapf(errdefs.ErrUnavailable, "no remaining stub drives to be used")
@@ -764,7 +763,7 @@ func (s *service) Create(requestCtx context.Context, request *taskAPI.CreateTask
 		}
 
 		_, err = s.driveMountClient.MountDrive(requestCtx, &drivemount.MountDriveRequest{
-			DriveID:         *driveID,
+			DriveID:         driveID,
 			DestinationPath: vmBundleDir.RootfsPath(),
 			FilesytemType:   "ext4",
 			Options:         nil,
diff --git a/runtime/service_integ_test.go b/runtime/service_integ_test.go
@@ -805,7 +805,8 @@ func TestDriveMount_Isolated(t *testing.T) {
 		FSImgFile      internal.FSImgFile
 	}{
 		{
-			VMPath:         "/adrivemnt",
+			// /systemmount meant to make sure logic doesn't ban this just because it begins with /sys
+			VMPath:         "/systemmount",
 			FilesystemType: "ext4",
 			VMMountOptions: []string{"rw", "noatime"},
 			ContainerPath:  "/foo",

Original file line number	Diff line number	Diff line change
`@@ -146,7 +146,7 @@ func (ts TaskService) Create(requestCtx context.Context, req taskAPI.CreateTas`
`146`	`146`	`if err != nil {`
`147`	`147`	`cleanupErr := ts.doCleanup(taskID, execID)`
`148`	`148`	`if cleanupErr != nil {`
`149`		`- logger.WithError(err).Error("failed to cleanup task")`
	`149`	`+ logger.WithError(cleanupErr).Error("failed to cleanup task")`
`150`	`150`	`}`
`151`	`151`	`}`
`152`	`152`	`}()`
`@@ -390,7 +390,7 @@ func (ts TaskService) Exec(requestCtx context.Context, req taskAPI.ExecProcess`
`390`	`390`	`if err != nil {`
`391`	`391`	`cleanupErr := ts.doCleanup(taskID, execID)`
`392`	`392`	`if cleanupErr != nil {`
`393`		`- logger.WithError(err).Error("failed to cleanup task")`
	`393`	`+ logger.WithError(cleanupErr).Error("failed to cleanup task")`
`394`	`394`	`}`
`395`	`395`	`}`
`396`	`396`	`}()`
Original file line number	Diff line number	Diff line change
`@@ -168,13 +168,13 @@ func (h *stubDriveHandler) InDriveSet(path string) bool {`
`168`	`168`	`}`
`169`	`169`
`170`	`170`	`// PatchStubDrive will replace the next available stub drive with the provided drive`
`171`		`-func (h stubDriveHandler) PatchStubDrive(ctx context.Context, client firecracker.MachineIface, pathOnHost string) (string, error) {`
	`171`	`+func (h *stubDriveHandler) PatchStubDrive(ctx context.Context, client firecracker.MachineIface, pathOnHost string) (string, error) {`
`172`	`172`	`h.mutex.Lock()`
`173`	`173`	`defer h.mutex.Unlock()`
`174`	`174`
`175`	`175`	`// Check to see if stubDriveIndex has increased more than the drive amount.`
`176`	`176`	`if h.stubDriveIndex >= int64(len(h.drives)) {`
`177`		`- return nil, ErrDrivesExhausted`
	`177`	`+ return "", ErrDrivesExhausted`
`178`	`178`	`}`
`179`	`179`
`180`	`180`	`d := h.drives[h.stubDriveIndex]`
`@@ -183,16 +183,16 @@ func (h *stubDriveHandler) PatchStubDrive(ctx context.Context, client firecracke`
`183`	`183`	`if d.DriveID == nil {`
`184`	`184`	`// this should never happen, but we want to ensure that we never nil`
`185`	`185`	`// dereference`
`186`		`- return nil, ErrDriveIDNil`
	`186`	`+ return "", ErrDriveIDNil`
`187`	`187`	`}`
`188`	`188`
`189`	`189`	`h.drives[h.stubDriveIndex] = d`
`190`	`190`
`191`	`191`	`err := client.UpdateGuestDrive(ctx, firecracker.StringValue(d.DriveID), pathOnHost)`
`192`	`192`	`if err != nil {`
`193`		`- return nil, err`
	`193`	`+ return "", err`
`194`	`194`	`}`
`195`	`195`
`196`	`196`	`h.stubDriveIndex++`
`197`		`- return d.DriveID, nil`
	`197`	`+ return firecracker.StringValue(d.DriveID), nil`
`198`	`198`	`}`
Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ func TestPatchStubDrive(t *testing.T) {`
`97`	`97`	`for i, path := range expectedReplacements {`
`98`	`98`	`driveID, err := handler.PatchStubDrive(ctx, client, path)`
`99`	`99`	`assert.NoError(t, err, "failed to patch stub drive")`
`100`		`- assert.Equal(t, expectedDriveIDs[i], firecracker.StringValue(driveID), "drive ids are not equal")`
	`100`	`+ assert.Equal(t, expectedDriveIDs[i], driveID, "drive ids are not equal")`
`101`	`101`	`}`
`102`	`102`	`}`
`103`	`103`