gvisor/pkg/sentry/kernel/pipe/node.go

// Copyright 2018 The gVisor Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package pipe

import (
	"gvisor.dev/gvisor/pkg/abi/linux"
	"gvisor.dev/gvisor/pkg/sentry/context"
	"gvisor.dev/gvisor/pkg/sentry/fs"
	"gvisor.dev/gvisor/pkg/sentry/fs/fsutil"
	"gvisor.dev/gvisor/pkg/sync"
	"gvisor.dev/gvisor/pkg/syserror"
)

// inodeOperations implements fs.InodeOperations for pipes.
//
// +stateify savable
type inodeOperations struct {
	fsutil.InodeGenericChecker       `state:"nosave"`
	fsutil.InodeNoExtendedAttributes `state:"nosave"`
	fsutil.InodeNoopRelease          `state:"nosave"`
	fsutil.InodeNoopTruncate         `state:"nosave"`
	fsutil.InodeNoopWriteOut         `state:"nosave"`
	fsutil.InodeNotDirectory         `state:"nosave"`
	fsutil.InodeNotMappable          `state:"nosave"`
	fsutil.InodeNotSocket            `state:"nosave"`
	fsutil.InodeNotSymlink           `state:"nosave"`

	// Marking pipe inodes as virtual allows them to be saved and restored
	// even if they have been unlinked. We can get away with this because
	// their state exists entirely within the sentry.
	fsutil.InodeVirtual `state:"nosave"`

	fsutil.InodeSimpleAttributes

	// mu protects the fields below.
	mu sync.Mutex `state:"nosave"`

	// p is the underlying Pipe object representing this fifo.
	p *Pipe

	// Channels for synchronizing the creation of new readers and writers of
	// this fifo. See waitFor and newHandleLocked.
	//
	// These are not saved/restored because all waiters are unblocked on save,
	// and either automatically restart (via ERESTARTSYS) or return EINTR on
	// resume. On restarts via ERESTARTSYS, the appropriate channel will be
	// recreated.
	rWakeup chan struct{} `state:"nosave"`
	wWakeup chan struct{} `state:"nosave"`
}

var _ fs.InodeOperations = (*inodeOperations)(nil)

// NewInodeOperations returns a new fs.InodeOperations for a given pipe.
func NewInodeOperations(ctx context.Context, perms fs.FilePermissions, p *Pipe) *inodeOperations {
	return &inodeOperations{
		InodeSimpleAttributes: fsutil.NewInodeSimpleAttributes(ctx, fs.FileOwnerFromContext(ctx), perms, linux.PIPEFS_MAGIC),
		p:                     p,
	}
}

// GetFile implements fs.InodeOperations.GetFile. Named pipes have special blocking
// semantics during open:
//
// "Normally, opening the FIFO blocks until the other end is opened also. A
// process can open a FIFO in nonblocking mode. In this case, opening for
// read-only will succeed even if no-one has opened on the write side yet,
// opening for write-only will fail with ENXIO (no such device or address)
// unless the other end has already been opened. Under Linux, opening a FIFO
// for read and write will succeed both in blocking and nonblocking mode. POSIX
// leaves this behavior undefined. This can be used to open a FIFO for writing
// while there are no readers available." - fifo(7)
func (i *inodeOperations) GetFile(ctx context.Context, d *fs.Dirent, flags fs.FileFlags) (*fs.File, error) {
	i.mu.Lock()
	defer i.mu.Unlock()

	switch {
	case flags.Read && !flags.Write: // O_RDONLY.
		r := i.p.Open(ctx, d, flags)
		newHandleLocked(&i.rWakeup)

		if i.p.isNamed && !flags.NonBlocking && !i.p.HasWriters() {
			if !waitFor(&i.mu, &i.wWakeup, ctx) {
				r.DecRef()
				return nil, syserror.ErrInterrupted
			}
		}

		// By now, either we're doing a nonblocking open or we have a writer. On
		// a nonblocking read-only open, the open succeeds even if no-one has
		// opened the write side yet.
		return r, nil

	case flags.Write && !flags.Read: // O_WRONLY.
		w := i.p.Open(ctx, d, flags)
		newHandleLocked(&i.wWakeup)

		if i.p.isNamed && !i.p.HasReaders() {
			// On a nonblocking, write-only open, the open fails with ENXIO if the
			// read side isn't open yet.
			if flags.NonBlocking {
				w.DecRef()
				return nil, syserror.ENXIO
			}

			if !waitFor(&i.mu, &i.rWakeup, ctx) {
				w.DecRef()
				return nil, syserror.ErrInterrupted
			}
		}
		return w, nil

	case flags.Read && flags.Write: // O_RDWR.
		// Pipes opened for read-write always succeeds without blocking.
		rw := i.p.Open(ctx, d, flags)
		newHandleLocked(&i.rWakeup)
		newHandleLocked(&i.wWakeup)
		return rw, nil

	default:
		return nil, syserror.EINVAL
	}
}

func (*inodeOperations) Allocate(_ context.Context, _ *fs.Inode, _, _ int64) error {
	return syserror.EPIPE
}
Change copyright notice to "The gVisor Authors" Based on the guidelines at https://opensource.google.com/docs/releasing/authors/. 1. $ rg -l "Google LLC" \| xargs sed -i 's/Google LLC.*/The gVisor Authors./' 2. Manual fixup of "Google Inc" references. 3. Add AUTHORS file. Authors may request to be added to this file. 4. Point netstack AUTHORS to gVisor AUTHORS. Drop CONTRIBUTORS. Fixes #209 PiperOrigin-RevId: 245823212 Change-Id: I64530b24ad021a7d683137459cafc510f5ee1de9 2019-04-29 21:25:05 +00:00			`// Copyright 2018 The gVisor Authors.`
Check in gVisor. PiperOrigin-RevId: 194583126 Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463 2018-04-27 17:37:02 +00:00			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package pipe`

			`import (`
Update canonical repository. This can be merged after: https://github.com/google/gvisor-website/pull/77 or https://github.com/google/gvisor-website/pull/78 PiperOrigin-RevId: 253132620 2019-06-13 23:49:09 +00:00			`"gvisor.dev/gvisor/pkg/abi/linux"`
			`"gvisor.dev/gvisor/pkg/sentry/context"`
			`"gvisor.dev/gvisor/pkg/sentry/fs"`
			`"gvisor.dev/gvisor/pkg/sentry/fs/fsutil"`
New sync package. * Rename syncutil to sync. * Add aliases to sync types. * Replace existing usage of standard library sync package. This will make it easier to swap out synchronization primitives. For example, this will allow us to use primitives from github.com/sasha-s/go-deadlock to check for lock ordering violations. Updates #1472 PiperOrigin-RevId: 289033387 2020-01-10 06:00:42 +00:00			`"gvisor.dev/gvisor/pkg/sync"`
Update canonical repository. This can be merged after: https://github.com/google/gvisor-website/pull/77 or https://github.com/google/gvisor-website/pull/78 PiperOrigin-RevId: 253132620 2019-06-13 23:49:09 +00:00			`"gvisor.dev/gvisor/pkg/syserror"`
Check in gVisor. PiperOrigin-RevId: 194583126 Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463 2018-04-27 17:37:02 +00:00			`)`

Remove fs.Handle, ramfs.Entry, and all the DeprecatedFileOperations. More helper structs have been added to the fsutil package to make it easier to implement fs.InodeOperations and fs.FileOperations. PiperOrigin-RevId: 229305982 Change-Id: Ib6f8d3862f4216745116857913dbfa351530223b 2019-01-15 04:33:29 +00:00			`// inodeOperations implements fs.InodeOperations for pipes.`
Automated rollback of changelist 207037226 PiperOrigin-RevId: 207125440 Change-Id: I6c572afb4d693ee72a0c458a988b0e96d191cd49 2018-08-02 17:41:44 +00:00			`//`
			`// +stateify savable`
Check in gVisor. PiperOrigin-RevId: 194583126 Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463 2018-04-27 17:37:02 +00:00			`type inodeOperations struct {`
Remove fs.Handle, ramfs.Entry, and all the DeprecatedFileOperations. More helper structs have been added to the fsutil package to make it easier to implement fs.InodeOperations and fs.FileOperations. PiperOrigin-RevId: 229305982 Change-Id: Ib6f8d3862f4216745116857913dbfa351530223b 2019-01-15 04:33:29 +00:00			fsutil.InodeGenericChecker `state:"nosave"`
			fsutil.InodeNoExtendedAttributes `state:"nosave"`
			fsutil.InodeNoopRelease `state:"nosave"`
			fsutil.InodeNoopTruncate `state:"nosave"`
			fsutil.InodeNoopWriteOut `state:"nosave"`
			fsutil.InodeNotDirectory `state:"nosave"`
			fsutil.InodeNotMappable `state:"nosave"`
			fsutil.InodeNotSocket `state:"nosave"`
			fsutil.InodeNotSymlink `state:"nosave"`
Remove the Dirent field from Pipe. Dirents are ref-counted, but Pipes are not. Holding a Dirent inside of a Pipe raises difficult questions about the lifecycle of the Pipe and Dirent. Fortunately, we can side-step those questions by removing the Dirent field from Pipe entirely. We only need the Dirent when constructing fs.Files (which are ref-counted), and in GetFile (when a Dirent is passed to us anyways). PiperOrigin-RevId: 251497628 2019-06-04 19:57:41 +00:00
			`// Marking pipe inodes as virtual allows them to be saved and restored`
			`// even if they have been unlinked. We can get away with this because`
			`// their state exists entirely within the sentry.`
			fsutil.InodeVirtual `state:"nosave"`
Remove fs.Handle, ramfs.Entry, and all the DeprecatedFileOperations. More helper structs have been added to the fsutil package to make it easier to implement fs.InodeOperations and fs.FileOperations. PiperOrigin-RevId: 229305982 Change-Id: Ib6f8d3862f4216745116857913dbfa351530223b 2019-01-15 04:33:29 +00:00
			`fsutil.InodeSimpleAttributes`
Check in gVisor. PiperOrigin-RevId: 194583126 Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463 2018-04-27 17:37:02 +00:00
			`// mu protects the fields below.`
			mu sync.Mutex `state:"nosave"`

			`// p is the underlying Pipe object representing this fifo.`
			`p *Pipe`

			`// Channels for synchronizing the creation of new readers and writers of`
			`// this fifo. See waitFor and newHandleLocked.`
			`//`
			`// These are not saved/restored because all waiters are unblocked on save,`
			`// and either automatically restart (via ERESTARTSYS) or return EINTR on`
			`// resume. On restarts via ERESTARTSYS, the appropriate channel will be`
			`// recreated.`
			rWakeup chan struct{} `state:"nosave"`
			wWakeup chan struct{} `state:"nosave"`
			`}`

Remove fs.Handle, ramfs.Entry, and all the DeprecatedFileOperations. More helper structs have been added to the fsutil package to make it easier to implement fs.InodeOperations and fs.FileOperations. PiperOrigin-RevId: 229305982 Change-Id: Ib6f8d3862f4216745116857913dbfa351530223b 2019-01-15 04:33:29 +00:00			`var _ fs.InodeOperations = (*inodeOperations)(nil)`

			`// NewInodeOperations returns a new fs.InodeOperations for a given pipe.`
			`func NewInodeOperations(ctx context.Context, perms fs.FilePermissions, p Pipe) inodeOperations {`
Check in gVisor. PiperOrigin-RevId: 194583126 Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463 2018-04-27 17:37:02 +00:00			`return &inodeOperations{`
Remove fs.Handle, ramfs.Entry, and all the DeprecatedFileOperations. More helper structs have been added to the fsutil package to make it easier to implement fs.InodeOperations and fs.FileOperations. PiperOrigin-RevId: 229305982 Change-Id: Ib6f8d3862f4216745116857913dbfa351530223b 2019-01-15 04:33:29 +00:00			`InodeSimpleAttributes: fsutil.NewInodeSimpleAttributes(ctx, fs.FileOwnerFromContext(ctx), perms, linux.PIPEFS_MAGIC),`
			`p: p,`
Check in gVisor. PiperOrigin-RevId: 194583126 Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463 2018-04-27 17:37:02 +00:00			`}`
			`}`

			`// GetFile implements fs.InodeOperations.GetFile. Named pipes have special blocking`
			`// semantics during open:`
			`//`
			`// "Normally, opening the FIFO blocks until the other end is opened also. A`
			`// process can open a FIFO in nonblocking mode. In this case, opening for`
			`// read-only will succeed even if no-one has opened on the write side yet,`
			`// opening for write-only will fail with ENXIO (no such device or address)`
			`// unless the other end has already been opened. Under Linux, opening a FIFO`
			`// for read and write will succeed both in blocking and nonblocking mode. POSIX`
			`// leaves this behavior undefined. This can be used to open a FIFO for writing`
			`// while there are no readers available." - fifo(7)`
			`func (i inodeOperations) GetFile(ctx context.Context, d fs.Dirent, flags fs.FileFlags) (*fs.File, error) {`
			`i.mu.Lock()`
			`defer i.mu.Unlock()`

			`switch {`
			`case flags.Read && !flags.Write: // O_RDONLY.`
Remove the Dirent field from Pipe. Dirents are ref-counted, but Pipes are not. Holding a Dirent inside of a Pipe raises difficult questions about the lifecycle of the Pipe and Dirent. Fortunately, we can side-step those questions by removing the Dirent field from Pipe entirely. We only need the Dirent when constructing fs.Files (which are ref-counted), and in GetFile (when a Dirent is passed to us anyways). PiperOrigin-RevId: 251497628 2019-06-04 19:57:41 +00:00			`r := i.p.Open(ctx, d, flags)`
Refactor pipe to support VFS2. * Pulls common functionality (IO and locking on open) into pipe_util.go. * Adds pipe/vfs.go, which implements a subset of vfs.FileDescriptionImpl. A subsequent change will add support for pipes in memfs. PiperOrigin-RevId: 275322385 2019-10-17 20:08:27 +00:00			`newHandleLocked(&i.rWakeup)`
Check in gVisor. PiperOrigin-RevId: 194583126 Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463 2018-04-27 17:37:02 +00:00
			`if i.p.isNamed && !flags.NonBlocking && !i.p.HasWriters() {`
Refactor pipe to support VFS2. * Pulls common functionality (IO and locking on open) into pipe_util.go. * Adds pipe/vfs.go, which implements a subset of vfs.FileDescriptionImpl. A subsequent change will add support for pipes in memfs. PiperOrigin-RevId: 275322385 2019-10-17 20:08:27 +00:00			`if !waitFor(&i.mu, &i.wWakeup, ctx) {`
Check in gVisor. PiperOrigin-RevId: 194583126 Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463 2018-04-27 17:37:02 +00:00			`r.DecRef()`
			`return nil, syserror.ErrInterrupted`
			`}`
			`}`

			`// By now, either we're doing a nonblocking open or we have a writer. On`
			`// a nonblocking read-only open, the open succeeds even if no-one has`
			`// opened the write side yet.`
			`return r, nil`

			`case flags.Write && !flags.Read: // O_WRONLY.`
Remove the Dirent field from Pipe. Dirents are ref-counted, but Pipes are not. Holding a Dirent inside of a Pipe raises difficult questions about the lifecycle of the Pipe and Dirent. Fortunately, we can side-step those questions by removing the Dirent field from Pipe entirely. We only need the Dirent when constructing fs.Files (which are ref-counted), and in GetFile (when a Dirent is passed to us anyways). PiperOrigin-RevId: 251497628 2019-06-04 19:57:41 +00:00			`w := i.p.Open(ctx, d, flags)`
Refactor pipe to support VFS2. * Pulls common functionality (IO and locking on open) into pipe_util.go. * Adds pipe/vfs.go, which implements a subset of vfs.FileDescriptionImpl. A subsequent change will add support for pipes in memfs. PiperOrigin-RevId: 275322385 2019-10-17 20:08:27 +00:00			`newHandleLocked(&i.wWakeup)`
Check in gVisor. PiperOrigin-RevId: 194583126 Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463 2018-04-27 17:37:02 +00:00
			`if i.p.isNamed && !i.p.HasReaders() {`
			`// On a nonblocking, write-only open, the open fails with ENXIO if the`
			`// read side isn't open yet.`
			`if flags.NonBlocking {`
			`w.DecRef()`
			`return nil, syserror.ENXIO`
			`}`

Refactor pipe to support VFS2. * Pulls common functionality (IO and locking on open) into pipe_util.go. * Adds pipe/vfs.go, which implements a subset of vfs.FileDescriptionImpl. A subsequent change will add support for pipes in memfs. PiperOrigin-RevId: 275322385 2019-10-17 20:08:27 +00:00			`if !waitFor(&i.mu, &i.rWakeup, ctx) {`
Check in gVisor. PiperOrigin-RevId: 194583126 Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463 2018-04-27 17:37:02 +00:00			`w.DecRef()`
			`return nil, syserror.ErrInterrupted`
			`}`
			`}`
			`return w, nil`

			`case flags.Read && flags.Write: // O_RDWR.`
			`// Pipes opened for read-write always succeeds without blocking.`
Remove the Dirent field from Pipe. Dirents are ref-counted, but Pipes are not. Holding a Dirent inside of a Pipe raises difficult questions about the lifecycle of the Pipe and Dirent. Fortunately, we can side-step those questions by removing the Dirent field from Pipe entirely. We only need the Dirent when constructing fs.Files (which are ref-counted), and in GetFile (when a Dirent is passed to us anyways). PiperOrigin-RevId: 251497628 2019-06-04 19:57:41 +00:00			`rw := i.p.Open(ctx, d, flags)`
Refactor pipe to support VFS2. * Pulls common functionality (IO and locking on open) into pipe_util.go. * Adds pipe/vfs.go, which implements a subset of vfs.FileDescriptionImpl. A subsequent change will add support for pipes in memfs. PiperOrigin-RevId: 275322385 2019-10-17 20:08:27 +00:00			`newHandleLocked(&i.rWakeup)`
			`newHandleLocked(&i.wWakeup)`
Check in gVisor. PiperOrigin-RevId: 194583126 Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463 2018-04-27 17:37:02 +00:00			`return rw, nil`

			`default:`
			`return nil, syserror.EINVAL`
			`}`
			`}`

Implement fallocate(2) Closes #225 PiperOrigin-RevId: 247508791 Change-Id: I04f47cf2770b30043e5a272aba4ba6e11d0476cc 2019-05-09 22:34:44 +00:00			`func (inodeOperations) Allocate(_ context.Context, _ fs.Inode, _, _ int64) error {`
			`return syserror.EPIPE`
			`}`