Automated rollback of changelist 798788535

PiperOrigin-RevId: 803481970

Author: AnilAltinay

pkg/sentry/socket/hostinet/socket.go

@@ -24,7 +24,6 @@ import (
 	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/fdnotifier"
 	"gvisor.dev/gvisor/pkg/log"
-	"gvisor.dev/gvisor/pkg/marshal"
 	"gvisor.dev/gvisor/pkg/marshal/primitive"
 	"gvisor.dev/gvisor/pkg/safemem"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
@@ -829,8 +828,3 @@ func init() {
 		registered[fam] = struct{}{}
 	}
 }
-
-// GetPeerCreds implements socket.Socket.GetPeerCreds
-func (s *Socket) GetPeerCreds(t *kernel.Task) (marshal.Marshallable, *syserr.Error) {
-	return nil, syserr.ErrNotSupported
-}

pkg/sentry/socket/netlink/socket.go

@@ -568,11 +568,6 @@ func (s *Socket) GetPeerName(t *kernel.Task) (linux.SockAddr, uint32, *syserr.Er
 	return sa, uint32(sa.SizeBytes()), nil
 }
 
-// GetPeerCreds implements socket.Socket.GetPeerCreds.
-func (s *Socket) GetPeerCreds(t *kernel.Task) (marshal.Marshallable, *syserr.Error) {
-	return nil, syserr.ErrNotSupported
-}
-
 // RecvMsg implements socket.Socket.RecvMsg.
 func (s *Socket) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags int, haveDeadline bool, deadline ktime.Time, senderRequested bool, controlDataLen uint64) (int, int, linux.SockAddr, uint32, socket.ControlMessages, *syserr.Error) {
 	from := &linux.SockAddrNetlink{

pkg/sentry/socket/netstack/netstack.go

@@ -980,7 +980,14 @@ func getSockOptSocket(t *kernel.Task, s socket.Socket, ep commonEndpoint, family
 		if family != linux.AF_UNIX || outLen < unix.SizeofUcred {
 			return nil, syserr.ErrInvalidArgument
 		}
-		return s.GetPeerCreds(t)
+
+		tcred := t.Credentials()
+		creds := linux.ControlMessageCredentials{
+			PID: int32(t.ThreadGroup().ID()),
+			UID: uint32(tcred.EffectiveKUID.In(tcred.UserNamespace).OrOverflow()),
+			GID: uint32(tcred.EffectiveKGID.In(tcred.UserNamespace).OrOverflow()),
+		}
+		return &creds, nil
 
 	case linux.SO_PASSCRED:
 		if outLen < sizeOfInt32 {
@@ -3019,10 +3026,6 @@ func (s *sock) GetPeerName(*kernel.Task) (linux.SockAddr, uint32, *syserr.Error)
 	return a, l, nil
 }
 
-func (s *sock) GetPeerCreds(*kernel.Task) (marshal.Marshallable, *syserr.Error) {
-	return nil, syserr.ErrNotSupported
-}
-
 func (s *sock) fillCmsgInq(cmsg *socket.ControlMessages) {
 	if !s.sockOptInq {
 		return

pkg/sentry/socket/plugin/stack/socket.go

@@ -569,11 +569,6 @@ func (s *socketOperations) GetPeerName(t *kernel.Task) (linux.SockAddr, uint32,
 	return socket.UnmarshalSockAddr(s.family, addr), addrlen, nil
 }
 
-// GetPeerCreds implements socket.Socket.GetPeerCreds.
-func (s *socketOperations) GetPeerCreds(t *kernel.Task) (marshal.Marshallable, *syserr.Error) {
-	return nil, syserr.ErrInvalidEndpointState
-}
-
 // recv is a helper function for doing non-blocking read once.
 // It returns:
 // 1. number of bytes received;

pkg/sentry/socket/socket.go

@@ -257,9 +257,6 @@ type Socket interface {
 	// necessarily the actual length of the address.
 	GetPeerName(t *kernel.Task) (addr linux.SockAddr, addrLen uint32, err *syserr.Error)
 
-	// GetPeerCreds returns the peer credentials of the socket.
-	GetPeerCreds(t *kernel.Task) (marshal.Marshallable, *syserr.Error)
-
 	// RecvMsg implements the recvmsg(2) linux unix.
 	//
 	// senderAddrLen is the address length to be returned to the application,

pkg/sentry/socket/unix/BUILD

@@ -42,7 +42,6 @@ go_library(
         "//pkg/sentry/fsutil",
         "//pkg/sentry/inet",
         "//pkg/sentry/kernel",
-        "//pkg/sentry/kernel/auth",
         "//pkg/sentry/ktime",
         "//pkg/sentry/socket",
         "//pkg/sentry/socket/control",

pkg/sentry/socket/unix/transport/BUILD

@@ -97,7 +97,6 @@ go_library(
         "//pkg/log",
         "//pkg/refs",
         "//pkg/sentry/hostfd",
-        "//pkg/sentry/kernel/auth",
         "//pkg/sentry/uniqueid",
         "//pkg/sync",
         "//pkg/sync/locking",

pkg/sentry/socket/unix/transport/connectioned.go

@@ -106,14 +106,6 @@ type connectionedEndpoint struct {
 	// tcpip.SockStream.
 	stype linux.SockType
 
-	// peerCreds is used to store the peer credentials.
-	// This will store the socket's own credentials until the connection is
-	// established with connect(2). Once the connection is established, this
-	// will store the peer's credentials. The use of this option is possible
-	// only for connected `AF_UNIX` stream sockets and for `AF_UNIX` stream and
-	// datagram socket pairs created using socketpair(2)
-	peerCreds CredentialsControlMessage
-
 	// acceptedChan is per the TCP endpoint implementation. Note that the
 	// sockets in this channel are _already in the connected state_, and
 	// have another associated connectionedEndpoint.
@@ -282,16 +274,6 @@ func (e *connectionedEndpoint) Close(ctx context.Context) {
 	}
 }
 
-func (e *connectionedEndpoint) swapPeerCreds(ctx context.Context, cend ConnectingEndpoint, ne *connectionedEndpoint) *syserr.Error {
-	ce, ok := cend.(*connectionedEndpoint)
-	if !ok {
-		return syserr.ErrInvalidEndpointState
-	}
-	// Swap peer credentials between the two endpoints.
-	ne.peerCreds, ce.peerCreds = ce.peerCreds, ne.peerCreds
-	return nil
-}
-
 // BidirectionalConnect implements BoundEndpoint.BidirectionalConnect.
 func (e *connectionedEndpoint) BidirectionalConnect(ctx context.Context, ce ConnectingEndpoint, returnConnect func(Receiver, ConnectedEndpoint), opts UnixSocketOpts) *syserr.Error {
 	if ce.Type() != e.stype {
@@ -345,7 +327,6 @@ func (e *connectionedEndpoint) BidirectionalConnect(ctx context.Context, ce Conn
 	ne.ops.SetSendBufferSize(defaultBufferSize, false /* notify */)
 	ne.ops.SetReceiveBufferSize(defaultBufferSize, false /* notify */)
 	ne.SocketOptions().SetPassCred(e.SocketOptions().GetPassCred())
-	ne.peerCreds = e.peerCreds
 
 	readQueue := &queue{ReaderQueue: ce.WaiterQueue(), WriterQueue: ne.Queue, limit: defaultBufferSize}
 	readQueue.InitRefs()
@@ -373,9 +354,6 @@ func (e *connectionedEndpoint) BidirectionalConnect(ctx context.Context, ce Conn
 		}
 		readQueue.IncRef()
 		if e.stype == linux.SOCK_STREAM {
-			if err := e.swapPeerCreds(ctx, ce, ne); err != nil {
-				return err
-			}
 			returnConnect(&streamQueueReceiver{queueReceiver: queueReceiver{readQueue: readQueue}}, connected)
 		} else {
 			returnConnect(&queueReceiver{readQueue: readQueue}, connected)
@@ -677,11 +655,3 @@ func (e *connectionedEndpoint) EventUnregister(we *waiter.Entry) {
 func (e *connectionedEndpoint) GetAcceptConn() bool {
 	return e.Listening()
 }
-
-func (e *connectionedEndpoint) PeerCreds() CredentialsControlMessage {
-	return e.peerCreds
-}
-
-func (e *connectionedEndpoint) SetPeerCreds(creds CredentialsControlMessage) {
-	e.peerCreds = creds
-}

pkg/sentry/socket/unix/transport/connectionless.go

@@ -158,14 +158,6 @@ func (*connectionlessEndpoint) Accept(context.Context, *Address, UnixSocketOpts)
 	return nil, syserr.ErrNotSupported
 }
 
-func (e *connectionlessEndpoint) PeerCreds() CredentialsControlMessage {
-	return nil
-}
-
-func (e *connectionlessEndpoint) SetPeerCreds(creds CredentialsControlMessage) {
-	// no-op
-}
-
 // Bind binds the connection.
 //
 // For Unix endpoints, this _only sets the address associated with the socket_.

pkg/sentry/socket/unix/transport/unix.go

@@ -52,16 +52,6 @@ type CredentialsControlMessage interface {
 	Equals(CredentialsControlMessage) bool
 }
 
-// A PeerCredentialer is a socket or endpoint that supports the SO_PEERCREDS socket
-// option.
-type PeerCredentialer interface {
-	// PeerCreds returns the peer credentials.
-	PeerCreds() CredentialsControlMessage
-
-	// SetPeerCreds sets the peer credentials.
-	SetPeerCreds(creds CredentialsControlMessage)
-}
-
 // A ControlMessages represents a collection of socket control messages.
 //
 // +stateify savable
@@ -161,7 +151,6 @@ type UnixSocketOpts struct {
 // etc. to Unix socket implementations.
 type Endpoint interface {
 	Credentialer
-	PeerCredentialer
 	waiter.Waitable
 
 	// Close puts the endpoint in a closed state and frees all resources