gvisor/pkg/sentry/fsimpl/kernfs/kernfs_test.go

// Copyright 2019 The gVisor Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package kernfs_test

import (
	"bytes"
	"fmt"
	"io"
	"runtime"
	"testing"

	"github.com/google/go-cmp/cmp"
	"gvisor.dev/gvisor/pkg/abi/linux"
	"gvisor.dev/gvisor/pkg/fspath"
	"gvisor.dev/gvisor/pkg/sentry/context"
	"gvisor.dev/gvisor/pkg/sentry/context/contexttest"
	"gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs"
	"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
	"gvisor.dev/gvisor/pkg/sentry/usermem"
	"gvisor.dev/gvisor/pkg/sentry/vfs"
	"gvisor.dev/gvisor/pkg/sync"
	"gvisor.dev/gvisor/pkg/syserror"
)

const defaultMode linux.FileMode = 01777
const staticFileContent = "This is sample content for a static test file."

// RootDentryFn is a generator function for creating the root dentry of a test
// filesystem. See newTestSystem.
type RootDentryFn func(*auth.Credentials, *filesystem) *kernfs.Dentry

// TestSystem represents the context for a single test.
type TestSystem struct {
	t     *testing.T
	ctx   context.Context
	creds *auth.Credentials
	vfs   *vfs.VirtualFilesystem
	mns   *vfs.MountNamespace
	root  vfs.VirtualDentry
}

// newTestSystem sets up a minimal environment for running a test, including an
// instance of a test filesystem. Tests can control the contents of the
// filesystem by providing an appropriate rootFn, which should return a
// pre-populated root dentry.
func newTestSystem(t *testing.T, rootFn RootDentryFn) *TestSystem {
	ctx := contexttest.Context(t)
	creds := auth.CredentialsFromContext(ctx)
	v := vfs.New()
	v.MustRegisterFilesystemType("testfs", &fsType{rootFn: rootFn}, &vfs.RegisterFilesystemTypeOptions{
		AllowUserMount: true,
	})
	mns, err := v.NewMountNamespace(ctx, creds, "", "testfs", &vfs.GetFilesystemOptions{})
	if err != nil {
		t.Fatalf("Failed to create testfs root mount: %v", err)
	}

	s := &TestSystem{
		t:     t,
		ctx:   ctx,
		creds: creds,
		vfs:   v,
		mns:   mns,
		root:  mns.Root(),
	}
	runtime.SetFinalizer(s, func(s *TestSystem) { s.root.DecRef() })
	return s
}

// PathOpAtRoot constructs a vfs.PathOperation for a path from the
// root of the test filesystem.
//
// Precondition: path should be relative path.
func (s *TestSystem) PathOpAtRoot(path string) vfs.PathOperation {
	return vfs.PathOperation{
		Root:  s.root,
		Start: s.root,
		Path:  fspath.Parse(path),
	}
}

// GetDentryOrDie attempts to resolve a dentry referred to by the
// provided path operation. If unsuccessful, the test fails.
func (s *TestSystem) GetDentryOrDie(pop vfs.PathOperation) vfs.VirtualDentry {
	vd, err := s.vfs.GetDentryAt(s.ctx, s.creds, &pop, &vfs.GetDentryOptions{})
	if err != nil {
		s.t.Fatalf("GetDentryAt(pop:%+v) failed: %v", pop, err)
	}
	return vd
}

func (s *TestSystem) ReadToEnd(fd *vfs.FileDescription) (string, error) {
	buf := make([]byte, usermem.PageSize)
	bufIOSeq := usermem.BytesIOSequence(buf)
	opts := vfs.ReadOptions{}

	var content bytes.Buffer
	for {
		n, err := fd.Impl().Read(s.ctx, bufIOSeq, opts)
		if n == 0 || err != nil {
			if err == io.EOF {
				err = nil
			}
			return content.String(), err
		}
		content.Write(buf[:n])
	}
}

type fsType struct {
	rootFn RootDentryFn
}

type filesystem struct {
	kernfs.Filesystem
}

type file struct {
	kernfs.DynamicBytesFile
	content string
}

func (fs *filesystem) newFile(creds *auth.Credentials, content string) *kernfs.Dentry {
	f := &file{}
	f.content = content
	f.DynamicBytesFile.Init(creds, fs.NextIno(), f, 0777)

	d := &kernfs.Dentry{}
	d.Init(f)
	return d
}

func (f *file) Generate(ctx context.Context, buf *bytes.Buffer) error {
	fmt.Fprintf(buf, "%s", f.content)
	return nil
}

type attrs struct {
	kernfs.InodeAttrs
}

func (a *attrs) SetStat(fs *vfs.Filesystem, opt vfs.SetStatOptions) error {
	return syserror.EPERM
}

type readonlyDir struct {
	attrs
	kernfs.InodeNotSymlink
	kernfs.InodeNoDynamicLookup
	kernfs.InodeDirectoryNoNewChildren

	kernfs.OrderedChildren
	dentry kernfs.Dentry
}

func (fs *filesystem) newReadonlyDir(creds *auth.Credentials, mode linux.FileMode, contents map[string]*kernfs.Dentry) *kernfs.Dentry {
	dir := &readonlyDir{}
	dir.attrs.Init(creds, fs.NextIno(), linux.ModeDirectory|mode)
	dir.OrderedChildren.Init(kernfs.OrderedChildrenOptions{})
	dir.dentry.Init(dir)

	dir.IncLinks(dir.OrderedChildren.Populate(&dir.dentry, contents))

	return &dir.dentry
}

func (d *readonlyDir) Open(rp *vfs.ResolvingPath, vfsd *vfs.Dentry, flags uint32) (*vfs.FileDescription, error) {
	fd := &kernfs.GenericDirectoryFD{}
	fd.Init(rp.Mount(), vfsd, &d.OrderedChildren, flags)
	return fd.VFSFileDescription(), nil
}

type dir struct {
	attrs
	kernfs.InodeNotSymlink
	kernfs.InodeNoDynamicLookup

	fs     *filesystem
	dentry kernfs.Dentry
	kernfs.OrderedChildren
}

func (fs *filesystem) newDir(creds *auth.Credentials, mode linux.FileMode, contents map[string]*kernfs.Dentry) *kernfs.Dentry {
	dir := &dir{}
	dir.fs = fs
	dir.attrs.Init(creds, fs.NextIno(), linux.ModeDirectory|mode)
	dir.OrderedChildren.Init(kernfs.OrderedChildrenOptions{Writable: true})
	dir.dentry.Init(dir)

	dir.IncLinks(dir.OrderedChildren.Populate(&dir.dentry, contents))

	return &dir.dentry
}

func (d *dir) Open(rp *vfs.ResolvingPath, vfsd *vfs.Dentry, flags uint32) (*vfs.FileDescription, error) {
	fd := &kernfs.GenericDirectoryFD{}
	fd.Init(rp.Mount(), vfsd, &d.OrderedChildren, flags)
	return fd.VFSFileDescription(), nil
}

func (d *dir) NewDir(ctx context.Context, name string, opts vfs.MkdirOptions) (*vfs.Dentry, error) {
	creds := auth.CredentialsFromContext(ctx)
	dir := d.fs.newDir(creds, opts.Mode, nil)
	dirVFSD := dir.VFSDentry()
	if err := d.OrderedChildren.Insert(name, dirVFSD); err != nil {
		dir.DecRef()
		return nil, err
	}
	d.IncLinks(1)
	return dirVFSD, nil
}

func (d *dir) NewFile(ctx context.Context, name string, opts vfs.OpenOptions) (*vfs.Dentry, error) {
	creds := auth.CredentialsFromContext(ctx)
	f := d.fs.newFile(creds, "")
	fVFSD := f.VFSDentry()
	if err := d.OrderedChildren.Insert(name, fVFSD); err != nil {
		f.DecRef()
		return nil, err
	}
	return fVFSD, nil
}

func (*dir) NewLink(context.Context, string, kernfs.Inode) (*vfs.Dentry, error) {
	return nil, syserror.EPERM
}

func (*dir) NewSymlink(context.Context, string, string) (*vfs.Dentry, error) {
	return nil, syserror.EPERM
}

func (*dir) NewNode(context.Context, string, vfs.MknodOptions) (*vfs.Dentry, error) {
	return nil, syserror.EPERM
}

func (fst *fsType) GetFilesystem(ctx context.Context, vfsObj *vfs.VirtualFilesystem, creds *auth.Credentials, source string, opt vfs.GetFilesystemOptions) (*vfs.Filesystem, *vfs.Dentry, error) {
	fs := &filesystem{}
	fs.Init(vfsObj)
	root := fst.rootFn(creds, fs)
	return fs.VFSFilesystem(), root.VFSDentry(), nil
}

// -------------------- Remainder of the file are test cases --------------------

func TestBasic(t *testing.T) {
	sys := newTestSystem(t, func(creds *auth.Credentials, fs *filesystem) *kernfs.Dentry {
		return fs.newReadonlyDir(creds, 0755, map[string]*kernfs.Dentry{
			"file1": fs.newFile(creds, staticFileContent),
		})
	})
	sys.GetDentryOrDie(sys.PathOpAtRoot("file1")).DecRef()
}

func TestMkdirGetDentry(t *testing.T) {
	sys := newTestSystem(t, func(creds *auth.Credentials, fs *filesystem) *kernfs.Dentry {
		return fs.newReadonlyDir(creds, 0755, map[string]*kernfs.Dentry{
			"dir1": fs.newDir(creds, 0755, nil),
		})
	})

	pop := sys.PathOpAtRoot("dir1/a new directory")
	if err := sys.vfs.MkdirAt(sys.ctx, sys.creds, &pop, &vfs.MkdirOptions{Mode: 0755}); err != nil {
		t.Fatalf("MkdirAt for PathOperation %+v failed: %v", pop, err)
	}
	sys.GetDentryOrDie(pop).DecRef()
}

func TestReadStaticFile(t *testing.T) {
	sys := newTestSystem(t, func(creds *auth.Credentials, fs *filesystem) *kernfs.Dentry {
		return fs.newReadonlyDir(creds, 0755, map[string]*kernfs.Dentry{
			"file1": fs.newFile(creds, staticFileContent),
		})
	})

	pop := sys.PathOpAtRoot("file1")
	fd, err := sys.vfs.OpenAt(sys.ctx, sys.creds, &pop, &vfs.OpenOptions{})
	if err != nil {
		sys.t.Fatalf("OpenAt for PathOperation %+v failed: %v", pop, err)
	}
	defer fd.DecRef()

	content, err := sys.ReadToEnd(fd)
	if err != nil {
		sys.t.Fatalf("Read failed: %v", err)
	}
	if diff := cmp.Diff(staticFileContent, content); diff != "" {
		sys.t.Fatalf("Read returned unexpected data:\n--- want\n+++ got\n%v", diff)
	}
}

func TestCreateNewFileInStaticDir(t *testing.T) {
	sys := newTestSystem(t, func(creds *auth.Credentials, fs *filesystem) *kernfs.Dentry {
		return fs.newReadonlyDir(creds, 0755, map[string]*kernfs.Dentry{
			"dir1": fs.newDir(creds, 0755, nil),
		})
	})

	pop := sys.PathOpAtRoot("dir1/newfile")
	opts := &vfs.OpenOptions{Flags: linux.O_CREAT | linux.O_EXCL, Mode: defaultMode}
	fd, err := sys.vfs.OpenAt(sys.ctx, sys.creds, &pop, opts)
	if err != nil {
		sys.t.Fatalf("OpenAt(pop:%+v, opts:%+v) failed: %v", pop, opts, err)
	}

	// Close the file. The file should persist.
	fd.DecRef()

	fd, err = sys.vfs.OpenAt(sys.ctx, sys.creds, &pop, &vfs.OpenOptions{})
	if err != nil {
		sys.t.Fatalf("OpenAt(pop:%+v) = %+v failed: %v", pop, fd, err)
	}
	fd.DecRef()
}

// direntCollector provides an implementation for vfs.IterDirentsCallback for
// testing. It simply iterates to the end of a given directory FD and collects
// all dirents emitted by the callback.
type direntCollector struct {
	mu      sync.Mutex
	dirents map[string]vfs.Dirent
}

// Handle implements vfs.IterDirentsCallback.Handle.
func (d *direntCollector) Handle(dirent vfs.Dirent) bool {
	d.mu.Lock()
	if d.dirents == nil {
		d.dirents = make(map[string]vfs.Dirent)
	}
	d.dirents[dirent.Name] = dirent
	d.mu.Unlock()
	return true
}

// count returns the number of dirents currently in the collector.
func (d *direntCollector) count() int {
	d.mu.Lock()
	defer d.mu.Unlock()
	return len(d.dirents)
}

// contains checks whether the collector has a dirent with the given name and
// type.
func (d *direntCollector) contains(name string, typ uint8) error {
	d.mu.Lock()
	defer d.mu.Unlock()
	dirent, ok := d.dirents[name]
	if !ok {
		return fmt.Errorf("No dirent named %q found", name)
	}
	if dirent.Type != typ {
		return fmt.Errorf("Dirent named %q found, but was expecting type %d, got: %+v", name, typ, dirent)
	}
	return nil
}

func TestDirFDReadWrite(t *testing.T) {
	sys := newTestSystem(t, func(creds *auth.Credentials, fs *filesystem) *kernfs.Dentry {
		return fs.newReadonlyDir(creds, 0755, nil)
	})

	pop := sys.PathOpAtRoot("/")
	fd, err := sys.vfs.OpenAt(sys.ctx, sys.creds, &pop, &vfs.OpenOptions{})
	if err != nil {
		sys.t.Fatalf("OpenAt for PathOperation %+v failed: %v", pop, err)
	}
	defer fd.DecRef()

	// Read/Write should fail for directory FDs.
	if _, err := fd.Read(sys.ctx, usermem.BytesIOSequence([]byte{}), vfs.ReadOptions{}); err != syserror.EISDIR {
		sys.t.Fatalf("Read for directory FD failed with unexpected error: %v", err)
	}
	if _, err := fd.Write(sys.ctx, usermem.BytesIOSequence([]byte{}), vfs.WriteOptions{}); err != syserror.EISDIR {
		sys.t.Fatalf("Wrire for directory FD failed with unexpected error: %v", err)
	}
}

func TestDirFDIterDirents(t *testing.T) {
	sys := newTestSystem(t, func(creds *auth.Credentials, fs *filesystem) *kernfs.Dentry {
		return fs.newReadonlyDir(creds, 0755, map[string]*kernfs.Dentry{
			// Fill root with nodes backed by various inode implementations.
			"dir1": fs.newReadonlyDir(creds, 0755, nil),
			"dir2": fs.newDir(creds, 0755, map[string]*kernfs.Dentry{
				"dir3": fs.newDir(creds, 0755, nil),
			}),
			"file1": fs.newFile(creds, staticFileContent),
		})
	})

	pop := sys.PathOpAtRoot("/")
	fd, err := sys.vfs.OpenAt(sys.ctx, sys.creds, &pop, &vfs.OpenOptions{})
	if err != nil {
		sys.t.Fatalf("OpenAt for PathOperation %+v failed: %v", pop, err)
	}
	defer fd.DecRef()

	collector := &direntCollector{}
	if err := fd.IterDirents(sys.ctx, collector); err != nil {
		sys.t.Fatalf("IterDirent failed: %v", err)
	}

	// Root directory should contain ".", ".." and 3 children:
	if collector.count() != 5 {
		sys.t.Fatalf("IterDirent returned too many dirents")
	}
	for _, dirName := range []string{".", "..", "dir1", "dir2"} {
		if err := collector.contains(dirName, linux.DT_DIR); err != nil {
			sys.t.Fatalf("IterDirent had unexpected results: %v", err)
		}
	}
	if err := collector.contains("file1", linux.DT_REG); err != nil {
		sys.t.Fatalf("IterDirent had unexpected results: %v", err)
	}

}