Implement duplicate-fds-as-needed for forks

Author: fwsGonzo

lib/tinykvm/linux/fds.cpp

@@ -77,15 +77,15 @@ namespace tinykvm
 			throw std::runtime_error("Invalid file descriptor in FileDescriptors::add()");
 		}
 		if (is_socket) {
-			m_fds[m_next_socket_fd] = {fd, is_writable};
+			m_fds[m_next_socket_fd] = {fd, is_writable, false};
 			return m_next_socket_fd++;
 		} else {
-			m_fds[m_next_file_fd] = {fd, is_writable};
+			m_fds[m_next_file_fd] = {fd, is_writable, false};
 			return m_next_file_fd++;
 		}
 	}
 
-	std::optional<FileDescriptors::Entry*> FileDescriptors::entry_for_vfd(int vfd)
+	std::optional<const FileDescriptors::Entry*> FileDescriptors::entry_for_vfd(int vfd) const
 	{
 		auto it = m_fds.find(vfd);
 		if (it != m_fds.end()) {
@@ -94,7 +94,7 @@ namespace tinykvm
 		return std::nullopt;
 	}
 
-	int FileDescriptors::translate(int vfd) const
+	int FileDescriptors::translate(int vfd)
 	{
 		if (vfd >= 0 && vfd < 3) {
 			return this->m_stdout_redirects.at(vfd);
@@ -103,6 +103,39 @@ namespace tinykvm
 		if (it != m_fds.end()) {
 			return it->second.real_fd;
 		}
+
+		if (this->m_find_ro_master_vm_fd) {
+			auto opt_entry = this->m_find_ro_master_vm_fd(vfd);
+			if (opt_entry) {
+				auto& entry = *opt_entry;
+				const int new_fd = dup(entry->real_fd);
+				if (new_fd < 0) {
+					throw std::runtime_error("Failed to duplicate file descriptor");
+				}
+				if (this->m_verbose) {
+					fprintf(stderr, "TinyKVM: %d -> %d\n", entry->real_fd, new_fd);
+				}
+				// We need to manage the *same* virtual file descriptor as the main
+				// VM, so we need to set the real_fd of the new entry to the new fd.
+				m_fds[vfd] = {new_fd, entry->is_writable, true};
+				return new_fd;
+			}
+		}
+		throw std::runtime_error("Invalid virtual file descriptor: " + std::to_string(vfd));
+	}
+
+	int FileDescriptors::translate_unless_forked(int vfd)
+	{
+		if (vfd >= 0 && vfd < 3) {
+			return this->m_stdout_redirects.at(vfd);
+		}
+		auto it = m_fds.find(vfd);
+		if (it != m_fds.end()) {
+			if (it->second.is_forked) {
+				return -1;
+			}
+			return it->second.real_fd;
+		}
 		throw std::runtime_error("Invalid virtual file descriptor: " + std::to_string(vfd));
 	}
 

lib/tinykvm/linux/fds.hpp

@@ -19,9 +19,11 @@ namespace tinykvm
 		{
 			int real_fd = -1;
 			bool is_writable = false;
+			bool is_forked = false;
 		};
 		using open_readable_t = std::function<bool(std::string&)>;
 		using open_writable_t = std::function<bool(std::string&)>;
+		using find_readonly_master_vm_fd_t = std::function<std::optional<const Entry*>(int)>;
 
 		FileDescriptors(Machine& machine);
 		~FileDescriptors();
@@ -37,13 +39,22 @@ namespace tinykvm
 		/// @param vfd The virtual file descriptor to remove.
 		void free(int vfd);
 
-		std::optional<Entry*> entry_for_vfd(int vfd);
+		std::optional<const Entry*> entry_for_vfd(int vfd) const;
 
 		/// @brief Translate a virtual file descriptor to a real file descriptor,
 		/// or throw an exception, failing execution.
 		/// @param vfd The virtual file descriptor to translate.
 		/// @return The real file descriptor.
-		int translate(int vfd) const;
+		int translate(int vfd);
+
+		/// @brief Check if a file descriptor is a socket or a file. If this fd was
+		/// created by duplicating an fd from the main VM, this function instead
+		/// returns -1, preventing a disallowed operation on the fd. Eg. it's allowed
+		/// to close a duplicated fd, but not use epoll_ctl() on it.
+		/// @param vfd The virtual file descriptor to check.
+		/// @return The real file descriptor, or -1 if the fd was created by
+		/// duplicating an fd from the main VM.
+		int translate_unless_forked(int vfd);
 
 		bool is_socket_vfd(int vfd) const noexcept {
 			return (vfd & SOCKET_BIT) != 0;
@@ -97,6 +108,14 @@ namespace tinykvm
 			m_verbose = verbose;
 		}
 
+		/// @brief Set the callback for finding the read-only master VM file descriptor.
+		/// This is used to find the real file descriptor for a virtual file
+		/// descriptor that is a read-only master VM file descriptor.
+		/// @param callback The callback to set.
+		void set_find_readonly_master_vm_fd_callback(find_readonly_master_vm_fd_t callback) noexcept {
+			m_find_ro_master_vm_fd = callback;
+		}
+
 	private:
 		Machine& m_machine;
 		std::map<int, Entry> m_fds;
@@ -108,5 +127,6 @@ namespace tinykvm
 		bool m_verbose = false;
 		open_readable_t m_open_readable;
 		open_writable_t m_open_writable;
+		find_readonly_master_vm_fd_t m_find_ro_master_vm_fd;
 	};
 }

lib/tinykvm/linux/system_calls.cpp

@@ -1174,17 +1174,22 @@ void Machine::setup_linux_system_calls()
 		SYS_epoll_ctl, [](vCPU& cpu)
 		{
 			auto& regs = cpu.registers();
-			const int epollfd = cpu.machine().fds().translate(regs.rdi);
+			const int epollfd = cpu.machine().fds().translate_unless_forked(regs.rdi);
 			const int op = regs.rsi;
 			const int fd = cpu.machine().fds().translate(regs.rdx);
 			const uint64_t g_event = regs.r10;
-			struct epoll_event event;
-			cpu.machine().copy_from_guest(&event, g_event, sizeof(event));
-			if (epoll_ctl(epollfd, op, fd, &event) < 0) {
-				regs.rax = -errno;
-			}
-			else {
-				regs.rax = 0;
+			if (epollfd > 0 && fd > 0)
+			{
+				struct epoll_event event;
+				cpu.machine().copy_from_guest(&event, g_event, sizeof(event));
+				if (epoll_ctl(epollfd, op, fd, &event) < 0) {
+					regs.rax = -errno;
+				}
+				else {
+					regs.rax = 0;
+				}
+			} else {
+				regs.rax = -EBADF;
 			}
 			SYSPRINT("epoll_ctl(epollfd=%d (%lld), op=%d, fd=%d (%lld), g_event=0x%lX) = %lld\n",
 				epollfd, regs.rdi, op, fd, regs.rdx, g_event, regs.rax);