Support opening FD for current directory, for at-related syscalls

Author: fwsGonzo

lib/tinykvm/linux/fds.cpp

@@ -24,7 +24,8 @@ namespace tinykvm
 	}
 
 	FileDescriptors::FileDescriptors(Machine& machine)
-		: m_machine(machine)
+		: m_machine(machine),
+		  m_current_working_directory_fd(AT_FDCWD)
 	{
 		m_allowed_readable_paths =
 			std::make_shared<std::unordered_set<std::string>>();
@@ -81,20 +82,25 @@ namespace tinykvm
 			throw std::runtime_error("TinyKVM: Invalid file descriptor in FileDescriptors::add()");
 		}
 		if (this->m_total_fds_opened >= this->m_max_total_fds_opened) {
+			// We have a limit on the total number of file descriptors,
+			// so since we aren't going to manage this fd, we need to close it.
+			close(fd);
 			throw std::runtime_error("TinyKVM: Too many opened fds in total, max_total_fds_opened = " +
 				std::to_string(this->m_max_total_fds_opened));
 		}
 		this->m_total_fds_opened ++;
 
 		if (is_socket) {
 			if (this->m_fds.size() >= this->m_max_sockets) {
+				close(fd);
 				throw std::runtime_error("TinyKVM: Too many open sockets, max_sockets = " +
 					std::to_string(this->m_max_sockets));
 			}
 			m_fds[m_next_socket_fd] = {fd, is_writable, false};
 			return m_next_socket_fd++;
 		} else {
 			if (this->m_fds.size() >= this->m_max_files) {
+				close(fd);
 				throw std::runtime_error("TinyKVM: Too many open files, max_files = " +
 					std::to_string(this->m_max_files));
 			}
@@ -294,4 +300,28 @@ namespace tinykvm
 		return false;
 	}
 
+	void FileDescriptors::set_current_working_directory(const std::string& path) noexcept
+	{
+		m_current_working_directory = path;
+		// Set the current working directory fd by opening the path
+		int fd = open(path.c_str(), O_RDONLY | O_DIRECTORY);
+		m_current_working_directory_fd = fd;
+		if (fd < 0) {
+			if (this->m_verbose) {
+				fprintf(stderr, "TinyKVM: Failed to set current working directory to %s\n", path.c_str());
+			}
+		} else if (this->m_verbose) {
+			fprintf(stderr, "TinyKVM: Set current working directory to %s with fd %d\n",
+				path.c_str(), fd);
+		}
+	}
+
+	int FileDescriptors::transform_relative_fd(int fd) const noexcept
+	{
+		if (fd == AT_FDCWD) {
+			return m_current_working_directory_fd;
+		}
+		return fd;
+	}
+
 } // tinykvm

lib/tinykvm/linux/fds.hpp

@@ -217,9 +217,7 @@ namespace tinykvm
 		/// @brief Set the current working directory. This is used in a few system
 		/// calls, such as getcwd() and chdir().
 		/// @param path The path to set as the current working directory.
-		void set_current_working_directory(const std::string& path) noexcept {
-			m_current_working_directory = path;
-		}
+		void set_current_working_directory(const std::string& path) noexcept;
 
 		/// @brief Get the current working directory. This is used in a few system
 		/// calls, such as getcwd() and chdir().
@@ -228,6 +226,24 @@ namespace tinykvm
 			return m_current_working_directory;
 		}
 
+		/// @brief Transform a file descriptor to a file descriptor that is
+		/// relative to the current working directory. This is used in a few
+		/// at-related system calls, such as openat() and fstatat(). Only
+		/// AT_FDCWD is transformed, all other file descriptors are returned as-is.
+		/// @param fd The file descriptor to transform.
+		/// @return The file descriptor that is relative to the current working
+		/// directory.
+		int transform_relative_fd(int fd) const noexcept;
+
+		/// @brief Get the fd for the current working directory. This is used in a few
+		/// at-related system calls, such as openat() and fstatat(). Only
+		/// AT_FDCWD is transformed, all other file descriptors are returned as-is.
+		/// @return The file descriptor that is relative to the current working
+		/// directory.
+		int current_working_directory_fd() const noexcept {
+			return m_current_working_directory_fd;
+		}
+
 		/// @brief Set verbose mode. This will print out information about
 		/// file descriptor management.
 		/// @param verbose True to enable verbose mode, false to disable it.
@@ -253,6 +269,7 @@ namespace tinykvm
 		int m_next_socket_fd = 0x1000 | SOCKET_BIT;
 		std::array<int, 3> m_stdout_redirects { 0, 1, 2 };
 		std::string m_current_working_directory;
+		int m_current_working_directory_fd = -1;
 		bool m_verbose = false;
 		open_readable_t m_open_readable;
 		open_writable_t m_open_writable;

lib/tinykvm/linux/system_calls.cpp

@@ -1493,7 +1493,7 @@ void Machine::setup_linux_system_calls()
 			// Check if the path is writable (path can be modified)
 			if (cpu.machine().fds().is_writable_path(path))
 			{
-				int dirfd = AT_FDCWD;
+				int dirfd = cpu.machine().fds().current_working_directory_fd();
 				if (vdirfd != AT_FDCWD)
 				{
 					dirfd = cpu.machine().fds().translate_writable_vfd(vdirfd);
@@ -1715,7 +1715,7 @@ void Machine::setup_linux_system_calls()
 			if (!write_flags)
 			{
 				try {
-					int pfd = AT_FDCWD;
+					int pfd = cpu.machine().fds().current_working_directory_fd();
 					if (vfd != AT_FDCWD) {
 						pfd = cpu.machine().fds().translate(vfd);
 					}
@@ -1744,7 +1744,7 @@ void Machine::setup_linux_system_calls()
 			if (write_flags || regs.rax == (__u64)-1)
 			{
 				try {
-					int pfd = AT_FDCWD;
+					int pfd = cpu.machine().fds().current_working_directory_fd();
 					if (vfd != AT_FDCWD) {
 						pfd = cpu.machine().fds().translate(vfd);
 					}
@@ -1776,25 +1776,23 @@ void Machine::setup_linux_system_calls()
 			const auto vpath  = regs.rsi;
 			const auto buffer = regs.rdx;
 			int flags  = AT_SYMLINK_NOFOLLOW; // regs.r10;
-			int fd = AT_FDCWD;
+			const int vfd = regs.rdi;
+			int fd = cpu.machine().fds().current_working_directory_fd();
 			std::string path;
 
 			try {
 				path = cpu.machine().memcstring(vpath, PATH_MAX);
 
-				if (int(regs.rdi) >= 0) {
+				if (vfd != AT_FDCWD) {
 					// Use existing vfd
 					fd = cpu.machine().fds().translate(int(regs.rdi));
-				} else {
-					// Use AT_FDCWD
-					fd = AT_FDCWD;
 				}
 
 				if (!cpu.machine().fds().is_readable_path(path) && !path.empty()) {
 					regs.rax = -EPERM;
 				} else {
 					// If path is empty, use AT_EMPTY_PATH to operate on the fd
-					flags = (path.empty() && fd != AT_FDCWD) ? AT_EMPTY_PATH : 0;
+					flags = (path.empty() && vfd != AT_FDCWD) ? AT_EMPTY_PATH : 0;
 
 					struct stat64 vstat;
 					// Path is in allow-list
@@ -2103,7 +2101,7 @@ void Machine::setup_linux_system_calls()
 			const auto mask   = regs.r10;
 			const auto buffer = regs.r8;
 			std::string path;
-			int fd = AT_FDCWD;
+			int fd = cpu.machine().fds().current_working_directory_fd();
 
 			try {
 				path = cpu.machine().memcstring(vpath, PATH_MAX);
@@ -2139,14 +2137,13 @@ void Machine::setup_linux_system_calls()
 			const int  vfd      = regs.rdi;
 			const auto vpath    = regs.rsi;
 			const auto g_buffer = regs.rdx;
-			//const int  flags    = regs.r8;
 			std::string path;
 			try {
 				path = cpu.machine().memcstring(vpath, PATH_MAX);
 				if (!cpu.machine().fds().is_readable_path(path)) {
 					regs.rax = -EPERM;
 				} else {
-					int fd = vfd;
+					int fd = cpu.machine().fds().current_working_directory_fd();
 					// Translate from vfd when fd != AT_FDCWD
 					if (vfd != AT_FDCWD)
 						fd = cpu.machine().fds().translate(vfd);
@@ -2187,7 +2184,7 @@ void Machine::setup_linux_system_calls()
 				times[1].tv_nsec = UTIME_NOW;
 			}
 			// Translate from vfd when fd != AT_FDCWD
-			int fd = vfd;
+			int fd = cpu.machine().fds().current_working_directory_fd();
 			if (vfd != AT_FDCWD)
 				fd = cpu.machine().fds().translate_writable_vfd(vfd);
 			// Path is in allow-list