github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/pkg/sentry/fsimpl/host/control.go

github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/pkg/sentry/fsimpl/host/control.go (about)

     1  // Copyright 2020 The gVisor Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package host
    16  
    17  import (
    18  	"golang.org/x/sys/unix"
    19  	"github.com/SagerNet/gvisor/pkg/abi/linux"
    20  	"github.com/SagerNet/gvisor/pkg/context"
    21  	"github.com/SagerNet/gvisor/pkg/sentry/kernel"
    22  	"github.com/SagerNet/gvisor/pkg/sentry/kernel/auth"
    23  	"github.com/SagerNet/gvisor/pkg/sentry/socket/control"
    24  	"github.com/SagerNet/gvisor/pkg/sentry/socket/unix/transport"
    25  	"github.com/SagerNet/gvisor/pkg/sentry/vfs"
    26  )
    27  
    28  type scmRights struct {
    29  	fds []int
    30  }
    31  
    32  func newSCMRights(fds []int) control.SCMRightsVFS2 {
    33  	return &scmRights{fds}
    34  }
    35  
    36  // Files implements control.SCMRights.Files.
    37  func (c *scmRights) Files(ctx context.Context, max int) (control.RightsFilesVFS2, bool) {
    38  	n := max
    39  	var trunc bool
    40  	if l := len(c.fds); n > l {
    41  		n = l
    42  	} else if n < l {
    43  		trunc = true
    44  	}
    45  
    46  	rf := control.RightsFilesVFS2(fdsToFiles(ctx, c.fds[:n]))
    47  
    48  	// Only consume converted FDs (fdsToFiles may convert fewer than n FDs).
    49  	c.fds = c.fds[len(rf):]
    50  	return rf, trunc
    51  }
    52  
    53  // Clone implements transport.RightsControlMessage.Clone.
    54  func (c *scmRights) Clone() transport.RightsControlMessage {
    55  	// Host rights never need to be cloned.
    56  	return nil
    57  }
    58  
    59  // Release implements transport.RightsControlMessage.Release.
    60  func (c *scmRights) Release(ctx context.Context) {
    61  	for _, fd := range c.fds {
    62  		unix.Close(fd)
    63  	}
    64  	c.fds = nil
    65  }
    66  
    67  // If an error is encountered, only files created before the error will be
    68  // returned. This is what Linux does.
    69  func fdsToFiles(ctx context.Context, fds []int) []*vfs.FileDescription {
    70  	files := make([]*vfs.FileDescription, 0, len(fds))
    71  	for _, fd := range fds {
    72  		// Get flags. We do it here because they may be modified
    73  		// by subsequent functions.
    74  		fileFlags, _, errno := unix.Syscall(unix.SYS_FCNTL, uintptr(fd), unix.F_GETFL, 0)
    75  		if errno != 0 {
    76  			ctx.Warningf("Error retrieving host FD flags: %v", error(errno))
    77  			break
    78  		}
    79  
    80  		// Create the file backed by hostFD.
    81  		file, err := NewFD(ctx, kernel.KernelFromContext(ctx).HostMount(), fd, &NewFDOptions{})
    82  		if err != nil {
    83  			ctx.Warningf("Error creating file from host FD: %v", err)
    84  			break
    85  		}
    86  
    87  		if err := file.SetStatusFlags(ctx, auth.CredentialsFromContext(ctx), uint32(fileFlags&linux.O_NONBLOCK)); err != nil {
    88  			ctx.Warningf("Error setting flags on host FD file: %v", err)
    89  			break
    90  		}
    91  
    92  		files = append(files, file)
    93  	}
    94  	return files
    95  }