Add support for FUSE_DEV_IOC_CLONE.

PiperOrigin-RevId: 811542458

Author: manninglucas

pkg/abi/linux/ioctl.go

@@ -184,3 +184,8 @@ const (
 	KCOV_MODE_TRACE_PC  = 2
 	KCOV_MODE_TRACE_CMP = 3
 )
+
+// FUSE_DEV_IOC_CLONE from include/uapi/linux/fuse.h.
+var (
+	FUSE_DEV_IOC_CLONE = IOR(229, 0, 4)
+)

pkg/sentry/fsimpl/fuse/BUILD

@@ -86,6 +86,7 @@ go_library(
         "//pkg/marshal/primitive",
         "//pkg/refs",
         "//pkg/safemem",
+        "//pkg/sentry/arch",
         "//pkg/sentry/fsimpl/kernfs",
         "//pkg/sentry/fsutil",
         "//pkg/sentry/kernel",

pkg/sentry/fsimpl/fuse/dev.go

@@ -15,8 +15,12 @@
 package fuse
 
 import (
+	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/context"
 	"gvisor.dev/gvisor/pkg/errors/linuxerr"
+	"gvisor.dev/gvisor/pkg/marshal/primitive"
+	"gvisor.dev/gvisor/pkg/sentry/arch"
+	"gvisor.dev/gvisor/pkg/sentry/kernel"
 	"gvisor.dev/gvisor/pkg/sentry/vfs"
 	"gvisor.dev/gvisor/pkg/sync"
 	"gvisor.dev/gvisor/pkg/usermem"
@@ -184,3 +188,49 @@ func (fd *DeviceFD) Seek(ctx context.Context, offset int64, whence int32) (int64
 
 	return 0, linuxerr.ENOSYS
 }
+
+// Ioctl implements vfs.FileDescriptionImpl.Ioctl.
+func (fd *DeviceFD) Ioctl(ctx context.Context, uio usermem.IO, sysno uintptr, args arch.SyscallArguments) (uintptr, error) {
+	cmd := args[1].Uint()
+	switch cmd {
+	case linux.FUSE_DEV_IOC_CLONE:
+		t := kernel.TaskFromContext(ctx)
+		if t == nil {
+			return 0, linuxerr.ESRCH
+		}
+		var userFuseFD int32
+		if _, err := primitive.CopyInt32In(t, args[2].Pointer(), &userFuseFD); err != nil {
+			return 0, err
+		}
+		userFuseFile, _ := t.FDTable().Get(userFuseFD)
+		if userFuseFile == nil {
+			return 0, linuxerr.EBADF
+		}
+		defer userFuseFile.DecRef(ctx)
+		fuseFD, ok := userFuseFile.Impl().(*DeviceFD)
+		if !ok {
+			return 0, linuxerr.EINVAL
+		}
+
+		fuseFD.mu.Lock()
+		if fuseFD.conn == nil {
+			fuseFD.mu.Unlock()
+			return 0, linuxerr.EINVAL
+		}
+		conn := fuseFD.conn
+		conn.IncRef()
+		fuseFD.mu.Unlock()
+
+		fd.mu.Lock()
+		defer fd.mu.Unlock()
+		if fd.conn != nil {
+			conn.DecRef(ctx)
+			return 0, linuxerr.EINVAL
+		}
+		fd.conn = conn
+
+		return 0, nil
+	}
+
+	return 0, linuxerr.ENOSYS
+}

test/syscalls/linux/BUILD

@@ -4780,6 +4780,7 @@ cc_binary(
         "//test/util:fs_util",
         "//test/util:mount_util",
         "//test/util:posix_error",
+        "//test/util:save_util",
         "//test/util:temp_path",
         "//test/util:test_main",
         "//test/util:test_util",

test/syscalls/linux/fuse.cc

@@ -16,8 +16,10 @@
 #include <linux/capability.h>
 #include <linux/fuse.h>
 #include <stdio.h>
+#include <sys/ioctl.h>
 #include <sys/mount.h>
 #include <sys/stat.h>
+#include <sys/uio.h>
 #include <unistd.h>
 
 #include <cerrno>
@@ -35,8 +37,10 @@
 #include "test/util/linux_capability_util.h"
 #include "test/util/mount_util.h"
 #include "test/util/posix_error.h"
+#include "test/util/save_util.h"
 #include "test/util/temp_path.h"
 #include "test/util/test_util.h"
+#include "test/util/thread_util.h"
 
 using ::testing::Ge;
 
@@ -45,6 +49,34 @@ namespace testing {
 
 namespace {
 
+void FuseInit(int fd) {
+  alignas(fuse_in_header) char req_buf[FUSE_MIN_READ_BUFFER];
+  ASSERT_THAT(read(fd, req_buf, sizeof(req_buf)),
+              SyscallSucceedsWithValue(Ge(sizeof(fuse_in_header))));
+
+  fuse_in_header* in_hdr = reinterpret_cast<fuse_in_header*>(req_buf);
+  ASSERT_EQ(in_hdr->opcode, FUSE_INIT);
+
+  fuse_out_header out_hdr;
+  out_hdr.error = 0;
+  out_hdr.unique = in_hdr->unique;
+  fuse_init_out out_payload = {};
+  out_payload.major = FUSE_KERNEL_VERSION;
+  out_payload.minor = FUSE_KERNEL_MINOR_VERSION;
+  out_payload.max_readahead = 0;
+  out_payload.flags = 0;
+  out_payload.congestion_threshold = 0;
+
+  struct iovec iov[] = {
+      {.iov_base = &out_hdr, .iov_len = sizeof(out_hdr)},
+      {.iov_base = &out_payload, .iov_len = sizeof(out_payload)},
+  };
+  out_hdr.len = sizeof(out_hdr) + sizeof(out_payload);
+
+  ASSERT_THAT(writev(fd, iov, 2),
+              SyscallSucceedsWithValue(sizeof(out_hdr) + sizeof(out_payload)));
+}
+
 TEST(FuseTest, RejectBadInit) {
   SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_SYS_ADMIN)));
   const FileDescriptor fd =
@@ -71,6 +103,106 @@ TEST(FuseTest, RejectBadInit) {
               SyscallFailsWithErrno(EINVAL));
 }
 
+TEST(FuseTest, CloneDevice) {
+  SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_SYS_ADMIN)));
+  SKIP_IF(IsRunningWithSaveRestore());
+
+  const FileDescriptor fd1 =
+      ASSERT_NO_ERRNO_AND_VALUE(Open("/dev/fuse", O_RDWR));
+
+  auto mount_point = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir());
+  auto mount_opts =
+      absl::StrFormat("fd=%d,user_id=0,group_id=0,rootmode=40000", fd1.get());
+  auto mount = ASSERT_NO_ERRNO_AND_VALUE(
+      Mount("fuse", mount_point.path(), "fuse", MS_NODEV | MS_NOSUID,
+            mount_opts, 0 /* umountflags */));
+  FuseInit(fd1.get());
+
+  const FileDescriptor fd2 =
+      ASSERT_NO_ERRNO_AND_VALUE(Open("/dev/fuse", O_RDWR));
+  int fd1_num = fd1.get();
+  ASSERT_THAT(ioctl(fd2.get(), FUSE_DEV_IOC_CLONE, &fd1_num),
+              SyscallSucceeds());
+
+  ScopedThread fuse_server = ScopedThread([&] {
+    // Send stat reply from both FUSE servers.
+    for (int fd : {fd1.get(), fd2.get()}) {
+      // Read the stat request.
+      alignas(fuse_in_header) char req_buf[4096 * 4];
+      ASSERT_THAT(read(fd, req_buf, sizeof(req_buf)),
+                  SyscallSucceedsWithValue(Ge(sizeof(fuse_in_header))));
+
+      fuse_in_header* in_hdr = reinterpret_cast<fuse_in_header*>(req_buf);
+      ASSERT_EQ(in_hdr->opcode, FUSE_GETATTR);
+
+      // Send stat reply.
+      fuse_out_header out_hdr;
+      out_hdr.error = 0;
+      out_hdr.unique = in_hdr->unique;
+      fuse_attr_out out_payload = {};
+      out_payload.attr.mode = S_IFDIR | 0755;
+      out_payload.attr.nlink = 1;
+      out_payload.attr.uid = 0;
+      out_payload.attr.gid = 0;
+      out_payload.attr.size = fd;
+      out_payload.attr.atime = 0;
+      out_payload.attr.mtime = 0;
+      out_payload.attr.ctime = 0;
+
+      struct iovec iov[] = {
+          {.iov_base = &out_hdr, .iov_len = sizeof(out_hdr)},
+          {.iov_base = &out_payload, .iov_len = sizeof(out_payload)},
+      };
+      out_hdr.len = sizeof(out_hdr) + sizeof(out_payload);
+
+      ASSERT_THAT(
+          writev(fd, iov, 2),
+          SyscallSucceedsWithValue(sizeof(out_hdr) + sizeof(out_payload)));
+    }
+  });
+
+  // Check if filesystem is responsive by stat'ing root. Both FUSE servers
+  // should be able to respond.
+  struct stat st;
+  EXPECT_THAT(stat(mount_point.path().c_str(), &st), SyscallSucceeds());
+  EXPECT_EQ(st.st_size, fd1.get());
+  EXPECT_THAT(stat(mount_point.path().c_str(), &st), SyscallSucceeds());
+  EXPECT_EQ(st.st_size, fd2.get());
+
+  fuse_server.Join();
+}
+
+TEST(FuseTest, CloneToConnectedDeviceFails) {
+  SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_SYS_ADMIN)));
+  const FileDescriptor fd1 =
+      ASSERT_NO_ERRNO_AND_VALUE(Open("/dev/fuse", O_RDWR));
+
+  auto mount_point = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir());
+  auto mount_opts =
+      absl::StrFormat("fd=%d,user_id=0,group_id=0,rootmode=40000", fd1.get());
+  auto mount = ASSERT_NO_ERRNO_AND_VALUE(
+      Mount("fuse", mount_point.path(), "fuse", MS_NODEV | MS_NOSUID,
+            mount_opts, 0 /* umountflags */));
+  FuseInit(fd1.get());
+
+  int fd1_num = fd1.get();
+  EXPECT_THAT(ioctl(fd1.get(), FUSE_DEV_IOC_CLONE, &fd1_num),
+              SyscallFailsWithErrno(EINVAL));
+}
+
+TEST(FuseTest, CloneFromUnconnectedDeviceFails) {
+  SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_SYS_ADMIN)));
+  const FileDescriptor fd1 =
+      ASSERT_NO_ERRNO_AND_VALUE(Open("/dev/fuse", O_RDWR));
+
+  const FileDescriptor fd2 =
+      ASSERT_NO_ERRNO_AND_VALUE(Open("/dev/fuse", O_RDWR));
+
+  int fd1_num = fd1.get();
+  EXPECT_THAT(ioctl(fd2.get(), FUSE_DEV_IOC_CLONE, &fd1_num),
+              SyscallFailsWithErrno(EINVAL));
+}
+
 TEST(FuseTest, LookupUpdatesInode) {
   SKIP_IF(absl::NullSafeStringView(getenv("GVISOR_FUSE_TEST")) != "TRUE");
   const std::string kFileData = "May thy knife chip and shatter.\n";