Fix host-backed event FD restore.

Before this change, host-backed event FDs would always crash the sandbox
during exit when the sentry tried to wait on the fdnotifier for an FD that
wasn't there.

PiperOrigin-RevId: 736585573

Author: manninglucas

pkg/sentry/fsimpl/eventfd/BUILD

@@ -6,7 +6,10 @@ licenses(["notice"])
 
 go_library(
     name = "eventfd",
-    srcs = ["eventfd.go"],
+    srcs = [
+        "eventfd.go",
+        "save_restore.go",
+    ],
     visibility = ["//pkg/sentry:internal"],
     deps = [
         "//pkg/abi/linux",

pkg/sentry/fsimpl/eventfd/eventfd.go

@@ -58,6 +58,12 @@ type EventFileDescription struct {
 
 	// hostfd indicates whether this eventfd is passed through to the host.
 	hostfd int
+
+	// sentryOwnedHostfd indicates whether the sentry owns the hostfd.
+	sentryOwnedHostfd bool
+
+	// hostfdState is the state of the hostfd during save/restore.
+	hostfdState [8]byte
 }
 
 var _ vfs.FileDescriptionImpl = (*EventFileDescription)(nil)
@@ -127,6 +133,7 @@ func (efd *EventFileDescription) HostFD() (int, error) {
 	}
 
 	efd.hostfd = int(fd)
+	efd.sentryOwnedHostfd = true
 	return efd.hostfd, nil
 }
 
@@ -140,6 +147,7 @@ func (efd *EventFileDescription) Release(context.Context) {
 			log.Warningf("close(%d) eventfd failed: %v", efd.hostfd, closeErr)
 		}
 		efd.hostfd = -1
+		efd.sentryOwnedHostfd = false
 	}
 }
 

pkg/sentry/fsimpl/eventfd/save_restore.go

@@ -0,0 +1,51 @@
+// Copyright 2025 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package eventfd
+
+import (
+	"context"
+
+	"golang.org/x/sys/unix"
+	"gvisor.dev/gvisor/pkg/log"
+)
+
+func (efd *EventFileDescription) beforeSave() {
+	if efd.hostfd < 0 {
+		return
+	}
+	if !efd.sentryOwnedHostfd {
+		panic("EventFileDescription.beforeSave: hostfd is not owned by the sentry")
+	}
+	var buf [8]byte
+	if _, err := unix.Read(efd.hostfd, buf[:]); err != nil {
+		log.Warningf("Failed to read host fd for eventfd: %v", err)
+		return
+	}
+	copy(efd.hostfdState[:], buf[:])
+}
+
+func (efd *EventFileDescription) afterLoad(ctx context.Context) {
+	if efd.hostfd < 0 {
+		return
+	}
+	efd.hostfd = -1
+	if _, err := efd.HostFD(); err != nil {
+		log.Warningf("Failed to create host fd for eventfd: %v", err)
+		return
+	}
+	if _, err := unix.Write(efd.hostfd, efd.hostfdState[:]); err != nil {
+		log.Warningf("Failed to write host fd for eventfd: %v", err)
+	}
+}