| // Copyright 2021 The Fuchsia Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| use crate::{ |
| bpf::fs::BpfFs, |
| device::BinderFs, |
| fs::{ |
| devpts::dev_pts_fs, devtmpfs::dev_tmp_fs, ext4::ExtFilesystem, functionfs::FunctionFs, |
| overlayfs::OverlayFs, proc::proc_fs, sysfs::sys_fs, tmpfs::TmpFs, tracefs::trace_fs, |
| }, |
| mutable_state::{state_accessor, state_implementation}, |
| security::fs::selinux_fs, |
| task::{CurrentTask, EventHandler, Kernel, Task, WaitCanceler, Waiter}, |
| time::utc, |
| vfs::{ |
| buffers::InputBuffer, |
| fileops_impl_dataless, fileops_impl_delegate_read_and_seek, fileops_impl_nonseekable, |
| fs_node_impl_not_dir, |
| fuse::{new_fuse_fs, new_fusectl_fs}, |
| socket::{SocketAddress, SocketHandle, UnixSocket}, |
| DirEntry, DirEntryHandle, DynamicFile, DynamicFileBuf, DynamicFileSource, FileHandle, |
| FileObject, FileOps, FileSystemHandle, FileSystemOptions, FsNode, FsNodeHandle, FsNodeOps, |
| FsStr, FsString, PathBuilder, RenameFlags, SimpleFileNode, SymlinkTarget, UnlinkKind, |
| }, |
| }; |
| use fidl_fuchsia_io as fio; |
| use macro_rules_attribute::apply; |
| use ref_cast::RefCast; |
| use starnix_logging::log_warn; |
| use starnix_sync::{DeviceOpen, FileOpsCore, LockBefore, Locked, Mutex, RwLock, WriteOps}; |
| use starnix_uapi::{ |
| arc_key::{ArcKey, PtrKey, WeakKey}, |
| device_type::DeviceType, |
| errno, error, |
| errors::Errno, |
| file_mode::{Access, FileMode}, |
| inotify_mask::InotifyMask, |
| mount_flags::MountFlags, |
| open_flags::OpenFlags, |
| ownership::WeakRef, |
| vfs::{FdEvents, ResolveFlags}, |
| NAME_MAX, |
| }; |
| use std::{ |
| collections::{HashMap, HashSet}, |
| fmt, |
| hash::{Hash, Hasher}, |
| ops::{Deref, DerefMut}, |
| sync::{Arc, Weak}, |
| }; |
| |
| /// A mount namespace. |
| /// |
| /// The namespace records at which entries filesystems are mounted. |
| #[derive(Debug)] |
| pub struct Namespace { |
| root_mount: MountHandle, |
| |
| // Unique ID of this namespace. |
| pub id: u64, |
| } |
| |
| impl Namespace { |
| pub fn new(fs: FileSystemHandle) -> Arc<Namespace> { |
| let kernel = fs.kernel.upgrade().expect("can't create namespace without a kernel"); |
| Arc::new(Self { |
| root_mount: Mount::new(WhatToMount::Fs(fs), MountFlags::empty()), |
| id: kernel.get_next_namespace_id(), |
| }) |
| } |
| |
| pub fn root(&self) -> NamespaceNode { |
| self.root_mount.root() |
| } |
| |
| pub fn clone_namespace(&self) -> Arc<Namespace> { |
| let kernel = |
| self.root_mount.fs.kernel.upgrade().expect("can't clone namespace without a kernel"); |
| Arc::new(Self { |
| root_mount: self.root_mount.clone_mount_recursive(), |
| id: kernel.get_next_namespace_id(), |
| }) |
| } |
| |
| /// Assuming new_ns is a clone of the namespace that node is from, return the equivalent of |
| /// node in new_ns. If this assumption is violated, returns None. |
| pub fn translate_node(mut node: NamespaceNode, new_ns: &Namespace) -> Option<NamespaceNode> { |
| // Collect the list of mountpoints that leads to this node's mount |
| let mut mountpoints = vec![]; |
| let mut mount = node.mount; |
| while let Some(mountpoint) = mount.as_ref().and_then(|m| m.mountpoint()) { |
| mountpoints.push(mountpoint.entry); |
| mount = mountpoint.mount; |
| } |
| |
| // Follow the same path in the new namespace |
| let mut mount = Arc::clone(&new_ns.root_mount); |
| for mountpoint in mountpoints.iter().rev() { |
| let next_mount = Arc::clone(mount.read().submounts.get(ArcKey::ref_cast(mountpoint))?); |
| mount = next_mount; |
| } |
| node.mount = Some(mount).into(); |
| Some(node) |
| } |
| } |
| |
| impl FsNodeOps for Arc<Namespace> { |
| fs_node_impl_not_dir!(); |
| |
| fn create_file_ops( |
| &self, |
| _locked: &mut Locked<'_, FileOpsCore>, |
| _node: &FsNode, |
| _current_task: &CurrentTask, |
| _flags: OpenFlags, |
| ) -> Result<Box<dyn FileOps>, Errno> { |
| Ok(Box::new(MountNamespaceFile(self.clone()))) |
| } |
| } |
| |
| pub struct MountNamespaceFile(pub Arc<Namespace>); |
| |
| impl FileOps for MountNamespaceFile { |
| fileops_impl_nonseekable!(); |
| fileops_impl_dataless!(); |
| } |
| |
| /// An instance of a filesystem mounted in a namespace. |
| /// |
| /// At a mount, path traversal switches from one filesystem to another. |
| /// The client sees a composed directory structure that glues together the |
| /// directories from the underlying FsNodes from those filesystems. |
| /// |
| /// The mounts in a namespace form a mount tree, with `mountpoint` pointing to the parent and |
| /// `submounts` pointing to the children. |
| pub struct Mount { |
| root: DirEntryHandle, |
| flags: Mutex<MountFlags>, |
| fs: FileSystemHandle, |
| |
| /// A unique identifier for this mount reported in /proc/pid/mountinfo. |
| id: u64, |
| |
| // Lock ordering: mount -> submount |
| state: RwLock<MountState>, |
| // Mount used to contain a Weak<Namespace>. It no longer does because since the mount point |
| // hash was moved from Namespace to Mount, nothing actually uses it. Now that |
| // Namespace::clone_namespace() is implemented in terms of Mount::clone_mount_recursive, it |
| // won't be trivial to add it back. I recommend turning the mountpoint field into an enum of |
| // Mountpoint or Namespace, maybe called "parent", and then traverse up to the top of the tree |
| // if you need to find a Mount's Namespace. |
| } |
| type MountHandle = Arc<Mount>; |
| |
| /// Public representation of the mount options. |
| #[derive(Clone, Debug)] |
| pub struct MountInfo(Option<MountHandle>); |
| |
| impl MountInfo { |
| /// `MountInfo` for a element that is not tied to a given mount. Mount flags will be considered |
| /// empty. |
| pub fn detached() -> Self { |
| None.into() |
| } |
| |
| /// The mount flags of the represented mount. |
| pub fn flags(&self) -> MountFlags { |
| if let Some(mount) = &self.0 { |
| mount.flags() |
| } else { |
| // Consider not mounted node have the NOATIME flags. |
| MountFlags::NOATIME |
| } |
| } |
| |
| /// Checks whether this `MountInfo` represents a writable file system mounted. |
| pub fn check_readonly_filesystem(&self) -> Result<(), Errno> { |
| if self.flags().contains(MountFlags::RDONLY) { |
| return error!(EROFS); |
| } |
| Ok(()) |
| } |
| } |
| |
| impl Deref for MountInfo { |
| type Target = Option<MountHandle>; |
| |
| fn deref(&self) -> &Self::Target { |
| &self.0 |
| } |
| } |
| |
| impl DerefMut for MountInfo { |
| fn deref_mut(&mut self) -> &mut Self::Target { |
| &mut self.0 |
| } |
| } |
| |
| impl std::cmp::PartialEq for MountInfo { |
| fn eq(&self, other: &Self) -> bool { |
| self.0.as_ref().map(Arc::as_ptr) == other.0.as_ref().map(Arc::as_ptr) |
| } |
| } |
| |
| impl std::cmp::Eq for MountInfo {} |
| |
| impl Into<MountInfo> for Option<MountHandle> { |
| fn into(self) -> MountInfo { |
| MountInfo(self) |
| } |
| } |
| |
| #[derive(Default)] |
| pub struct MountState { |
| /// The namespace node that this mount is mounted on. This is a tuple instead of a |
| /// NamespaceNode because the Mount pointer has to be weak because this is the pointer to the |
| /// parent mount, the parent has a pointer to the children too, and making both strong would be |
| /// a cycle. |
| mountpoint: Option<(Weak<Mount>, DirEntryHandle)>, |
| |
| // The keys of this map are always descendants of this mount's root. |
| // |
| // Each directory entry can only have one mount attached. Mount shadowing works by using the |
| // root of the inner mount as a mountpoint. For example, if filesystem A is mounted at /foo, |
| // mounting filesystem B on /foo will create the mount as a child of the A mount, attached to |
| // A's root, instead of the root mount. |
| submounts: HashMap<ArcKey<DirEntry>, MountHandle>, |
| |
| /// The membership of this mount in its peer group. Do not access directly. Instead use |
| /// peer_group(), take_from_peer_group(), and set_peer_group(). |
| // TODO(tbodt): Refactor the links into, some kind of extra struct or something? This is hard |
| // because setting this field requires the Arc<Mount>. |
| peer_group_: Option<(Arc<PeerGroup>, PtrKey<Mount>)>, |
| /// The membership of this mount in a PeerGroup's downstream. Do not access directly. Instead |
| /// use upstream(), take_from_upstream(), and set_upstream(). |
| upstream_: Option<(Weak<PeerGroup>, PtrKey<Mount>)>, |
| } |
| |
| /// A group of mounts. Setting MS_SHARED on a mount puts it in its own peer group. Any bind mounts |
| /// of a mount in the group are also added to the group. A mount created in any mount in a peer |
| /// group will be automatically propagated (recreated) in every other mount in the group. |
| #[derive(Default)] |
| struct PeerGroup { |
| id: u64, |
| state: RwLock<PeerGroupState>, |
| } |
| #[derive(Default)] |
| struct PeerGroupState { |
| mounts: HashSet<WeakKey<Mount>>, |
| downstream: HashSet<WeakKey<Mount>>, |
| } |
| |
| pub enum WhatToMount { |
| Fs(FileSystemHandle), |
| Bind(NamespaceNode), |
| } |
| |
| impl Mount { |
| fn new(what: WhatToMount, flags: MountFlags) -> MountHandle { |
| match what { |
| WhatToMount::Fs(fs) => Self::new_with_root(fs.root().clone(), flags), |
| WhatToMount::Bind(node) => { |
| let mount = node.mount.as_ref().expect("can't bind mount from an anonymous node"); |
| mount.clone_mount(&node.entry, flags) |
| } |
| } |
| } |
| |
| fn new_with_root(root: DirEntryHandle, flags: MountFlags) -> MountHandle { |
| let known_flags = MountFlags::STORED_ON_MOUNT; |
| assert!( |
| !flags.intersects(!known_flags), |
| "mount created with extra flags {:?}", |
| flags - known_flags |
| ); |
| let fs = root.node.fs(); |
| let kernel = fs.kernel.upgrade().expect("can't create mount without kernel"); |
| Arc::new(Self { |
| id: kernel.get_next_mount_id(), |
| flags: Mutex::new(flags), |
| root, |
| fs, |
| state: Default::default(), |
| }) |
| } |
| |
| /// A namespace node referring to the root of the mount. |
| pub fn root(self: &MountHandle) -> NamespaceNode { |
| NamespaceNode { mount: Some(Arc::clone(self)).into(), entry: Arc::clone(&self.root) } |
| } |
| |
| /// The NamespaceNode on which this Mount is mounted. |
| fn mountpoint(&self) -> Option<NamespaceNode> { |
| let state = self.state.read(); |
| let (ref mount, ref entry) = state.mountpoint.as_ref()?; |
| Some(NamespaceNode { mount: Some(mount.upgrade()?).into(), entry: entry.clone() }) |
| } |
| |
| /// Create the specified mount as a child. Also propagate it to the mount's peer group. |
| fn create_submount( |
| self: &MountHandle, |
| dir: &DirEntryHandle, |
| what: WhatToMount, |
| flags: MountFlags, |
| ) { |
| // TODO(tbodt): Making a copy here is necessary for lock ordering, because the peer group |
| // lock nests inside all mount locks (it would be impractical to reverse this because you |
| // need to lock a mount to get its peer group.) But it opens the door to race conditions |
| // where if a peer are concurrently being added, the mount might not get propagated to the |
| // new peer. The only true solution to this is bigger locks, somehow using the same lock |
| // for the peer group and all of the mounts in the group. Since peer groups are fluid and |
| // can have mounts constantly joining and leaving and then joining other groups, the only |
| // sensible locking option is to use a single global lock for all mounts and peer groups. |
| // This is almost impossible to express in rust. Help. |
| // |
| // Update: Also necessary to make a copy to prevent excess replication, see the comment on |
| // the following Mount::new call. |
| let peers = { |
| let state = self.state.read(); |
| state.peer_group().map(|g| g.copy_propagation_targets()).unwrap_or_default() |
| }; |
| |
| // Create the mount after copying the peer groups, because in the case of creating a bind |
| // mount inside itself, the new mount would get added to our peer group during the |
| // Mount::new call, but we don't want to replicate into it already. For an example see |
| // MountTest.QuizBRecursion. |
| let mount = Mount::new(what, flags); |
| |
| if self.read().is_shared() { |
| mount.write().make_shared(); |
| } |
| |
| for peer in peers { |
| if Arc::ptr_eq(self, &peer) { |
| continue; |
| } |
| let clone = mount.clone_mount_recursive(); |
| peer.write().add_submount_internal(dir, clone); |
| } |
| |
| self.write().add_submount_internal(dir, mount) |
| } |
| |
| fn remove_submount( |
| self: &MountHandle, |
| mount_hash_key: &ArcKey<DirEntry>, |
| mountpoint: &DirEntryHandle, |
| propagate: bool, |
| ) -> Result<Arc<Mount>, Errno> { |
| if propagate { |
| // create_submount explains why we need to make a copy of peers. |
| let peers = { |
| let state = self.state.read(); |
| state.peer_group().map(|g| g.copy_propagation_targets()).unwrap_or_default() |
| }; |
| |
| for peer in peers { |
| if Arc::ptr_eq(self, &peer) { |
| continue; |
| } |
| peer.write().remove_submount_internal(mount_hash_key, mountpoint); |
| } |
| } |
| |
| self.write().remove_submount_internal(mount_hash_key, mountpoint).ok_or(errno!(EINVAL)) |
| } |
| |
| /// Create a new mount with the same filesystem, flags, and peer group. Used to implement bind |
| /// mounts. |
| fn clone_mount( |
| self: &MountHandle, |
| new_root: &DirEntryHandle, |
| flags: MountFlags, |
| ) -> MountHandle { |
| assert!(new_root.is_descendant_of(&self.root)); |
| // According to mount(2) on bind mounts, all flags other than MS_REC are ignored when doing |
| // a bind mount. |
| let clone = Self::new_with_root(Arc::clone(new_root), self.flags()); |
| |
| if flags.contains(MountFlags::REC) { |
| // This is two steps because the alternative (locking clone.state while iterating over |
| // self.state.submounts) trips tracing_mutex. The lock ordering is parent -> child, and |
| // if the clone is eventually made a child of self, this looks like an ordering |
| // violation. I'm not convinced it's a real issue, but I can't convince myself it's not |
| // either. |
| let mut submounts = vec![]; |
| for (dir, mount) in &self.state.read().submounts { |
| submounts.push((dir.clone(), mount.clone_mount_recursive())); |
| } |
| let mut clone_state = clone.write(); |
| for (dir, submount) in submounts { |
| clone_state.add_submount_internal(&dir, submount); |
| } |
| } |
| |
| // Put the clone in the same peer group |
| let peer_group = self.state.read().peer_group().map(Arc::clone); |
| if let Some(peer_group) = peer_group { |
| clone.write().set_peer_group(peer_group); |
| } |
| |
| clone |
| } |
| |
| /// Do a clone of the full mount hierarchy below this mount. Used for creating mount |
| /// namespaces and creating copies to use for propagation. |
| fn clone_mount_recursive(self: &MountHandle) -> MountHandle { |
| self.clone_mount(&self.root, MountFlags::REC) |
| } |
| |
| pub fn change_propagation(self: &MountHandle, flag: MountFlags, recursive: bool) { |
| let mut state = self.write(); |
| match flag { |
| MountFlags::SHARED => state.make_shared(), |
| MountFlags::PRIVATE => state.make_private(), |
| MountFlags::DOWNSTREAM => state.make_downstream(), |
| _ => { |
| log_warn!("mount propagation {:?}", flag); |
| return; |
| } |
| } |
| |
| if recursive { |
| for mount in state.submounts.values() { |
| mount.change_propagation(flag, recursive); |
| } |
| } |
| } |
| |
| fn flags(self: &MountHandle) -> MountFlags { |
| *self.flags.lock() |
| } |
| |
| pub fn update_flags(self: &MountHandle, mut flags: MountFlags) { |
| flags &= MountFlags::STORED_ON_MOUNT; |
| let atime_flags = MountFlags::NOATIME |
| | MountFlags::NODIRATIME |
| | MountFlags::RELATIME |
| | MountFlags::STRICTATIME; |
| let mut stored_flags = self.flags.lock(); |
| if !flags.intersects(atime_flags) { |
| // Since Linux 3.17, if none of MS_NOATIME, MS_NODIRATIME, |
| // MS_RELATIME, or MS_STRICTATIME is specified in mountflags, then |
| // the remount operation preserves the existing values of these |
| // flags (rather than defaulting to MS_RELATIME). |
| flags |= *stored_flags & atime_flags; |
| } |
| // The "effect [of MS_STRICTATIME] is to clear the MS_NOATIME and MS_RELATIME flags." |
| flags &= !MountFlags::STRICTATIME; |
| *stored_flags = flags; |
| } |
| |
| state_accessor!(Mount, state, Arc<Mount>); |
| } |
| |
| impl MountState { |
| /// Return this mount's current peer group. |
| fn peer_group(&self) -> Option<&Arc<PeerGroup>> { |
| let (ref group, _) = self.peer_group_.as_ref()?; |
| Some(group) |
| } |
| |
| /// Remove this mount from its peer group and return the peer group. |
| fn take_from_peer_group(&mut self) -> Option<Arc<PeerGroup>> { |
| let (old_group, old_mount) = self.peer_group_.take()?; |
| old_group.remove(old_mount); |
| if let Some(upstream) = self.take_from_upstream() { |
| let next_mount = |
| old_group.state.read().mounts.iter().next().map(|w| w.0.upgrade().unwrap()); |
| if let Some(next_mount) = next_mount { |
| // TODO(https://fxbug.dev/42065259): Fix the lock ordering here. We've locked next_mount |
| // while self is locked, and since the propagation tree and mount tree are |
| // separate, this could violate the mount -> submount order previously established. |
| next_mount.write().set_upstream(upstream); |
| } |
| } |
| Some(old_group) |
| } |
| |
| fn upstream(&self) -> Option<Arc<PeerGroup>> { |
| self.upstream_.as_ref().and_then(|g| g.0.upgrade()) |
| } |
| |
| fn take_from_upstream(&mut self) -> Option<Arc<PeerGroup>> { |
| let (old_upstream, old_mount) = self.upstream_.take()?; |
| // TODO(tbodt): Reason about whether the upgrade() could possibly return None, and what we |
| // should actually do in that case. |
| let old_upstream = old_upstream.upgrade()?; |
| old_upstream.remove_downstream(old_mount); |
| Some(old_upstream) |
| } |
| } |
| |
| #[apply(state_implementation!)] |
| impl MountState<Base = Mount, BaseType = Arc<Mount>> { |
| /// Add a child mount *without propagating it to the peer group*. For internal use only. |
| fn add_submount_internal(&mut self, dir: &DirEntryHandle, mount: MountHandle) { |
| if !dir.is_descendant_of(&self.base.root) { |
| return; |
| } |
| |
| dir.register_mount(); |
| let old_mountpoint = |
| mount.state.write().mountpoint.replace((Arc::downgrade(self.base), Arc::clone(dir))); |
| assert!(old_mountpoint.is_none(), "add_submount can only take a newly created mount"); |
| // Mount shadowing is implemented by mounting onto the root of the first mount, not by |
| // creating two mounts on the same mountpoint. |
| let old_mount = self.submounts.insert(ArcKey(dir.clone()), Arc::clone(&mount)); |
| |
| // In rare cases, mount propagation might result in a request to mount on a directory where |
| // something is already mounted. MountTest.LotsOfShadowing will trigger this. Linux handles |
| // this by inserting the new mount between the old mount and the current mount. |
| if let Some(old_mount) = old_mount { |
| // Previous state: self[dir] = old_mount |
| // New state: self[dir] = new_mount, new_mount[new_mount.root] = old_mount |
| // The new mount has already been inserted into self, now just update the old mount to |
| // be a child of the new mount. |
| old_mount.write().mountpoint = Some((Arc::downgrade(&mount), Arc::clone(dir))); |
| mount.write().submounts.insert(ArcKey(Arc::clone(&mount.root)), old_mount); |
| } |
| } |
| |
| fn remove_submount_internal( |
| &mut self, |
| mount_hash_key: &ArcKey<DirEntry>, |
| mountpoint: &DirEntryHandle, |
| ) -> Option<Arc<Mount>> { |
| let removed = self.submounts.remove(mount_hash_key); |
| if removed.is_some() { |
| mountpoint.unregister_mount(); |
| } |
| removed |
| } |
| |
| /// Set this mount's peer group. |
| fn set_peer_group(&mut self, group: Arc<PeerGroup>) { |
| self.take_from_peer_group(); |
| group.add(self.base); |
| self.peer_group_ = Some((group, Arc::as_ptr(self.base).into())); |
| } |
| |
| fn set_upstream(&mut self, group: Arc<PeerGroup>) { |
| self.take_from_upstream(); |
| group.add_downstream(self.base); |
| self.upstream_ = Some((Arc::downgrade(&group), Arc::as_ptr(self.base).into())); |
| } |
| |
| /// Is the mount in a peer group? Corresponds to MS_SHARED. |
| pub fn is_shared(&self) -> bool { |
| self.peer_group().is_some() |
| } |
| |
| /// Put the mount in a peer group. Implements MS_SHARED. |
| pub fn make_shared(&mut self) { |
| if self.is_shared() { |
| return; |
| } |
| let kernel = |
| self.base.fs.kernel.upgrade().expect("can't create new peer group without kernel"); |
| self.set_peer_group(PeerGroup::new(kernel.get_next_peer_group_id())); |
| } |
| |
| /// Take the mount out of its peer group, also remove upstream if any. Implements MS_PRIVATE. |
| pub fn make_private(&mut self) { |
| self.take_from_peer_group(); |
| self.take_from_upstream(); |
| } |
| |
| /// Take the mount out of its peer group and make it downstream instead. Implements |
| /// MountFlags::DOWNSTREAM (MS_SLAVE). |
| pub fn make_downstream(&mut self) { |
| if let Some(peer_group) = self.take_from_peer_group() { |
| self.set_upstream(peer_group); |
| } |
| } |
| } |
| |
| impl PeerGroup { |
| fn new(id: u64) -> Arc<Self> { |
| Arc::new(Self { id, state: Default::default() }) |
| } |
| |
| fn add(&self, mount: &Arc<Mount>) { |
| self.state.write().mounts.insert(WeakKey::from(mount)); |
| } |
| |
| fn remove(&self, mount: PtrKey<Mount>) { |
| self.state.write().mounts.remove(&mount); |
| } |
| |
| fn add_downstream(&self, mount: &Arc<Mount>) { |
| self.state.write().downstream.insert(WeakKey::from(mount)); |
| } |
| |
| fn remove_downstream(&self, mount: PtrKey<Mount>) { |
| self.state.write().downstream.remove(&mount); |
| } |
| |
| fn copy_propagation_targets(&self) -> Vec<MountHandle> { |
| let mut buf = vec![]; |
| self.collect_propagation_targets(&mut buf); |
| buf |
| } |
| |
| fn collect_propagation_targets(&self, buf: &mut Vec<MountHandle>) { |
| let downstream_mounts: Vec<_> = { |
| let state = self.state.read(); |
| buf.extend(state.mounts.iter().filter_map(|m| m.0.upgrade())); |
| state.downstream.iter().filter_map(|m| m.0.upgrade()).collect() |
| }; |
| for mount in downstream_mounts { |
| let peer_group = mount.read().peer_group().map(Arc::clone); |
| match peer_group { |
| Some(group) => group.collect_propagation_targets(buf), |
| None => buf.push(mount), |
| } |
| } |
| } |
| } |
| |
| impl Drop for Mount { |
| fn drop(&mut self) { |
| let state = self.state.get_mut(); |
| state.take_from_peer_group(); |
| state.take_from_upstream(); |
| } |
| } |
| |
| impl fmt::Debug for Mount { |
| fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { |
| let state = self.state.read(); |
| f.debug_struct("Mount") |
| .field("id", &(self as *const Mount)) |
| .field("root", &self.root) |
| .field("mountpoint", &state.mountpoint) |
| .field("submounts", &state.submounts) |
| .finish() |
| } |
| } |
| |
| pub trait FileSystemCreator { |
| fn kernel(&self) -> &Arc<Kernel>; |
| |
| fn create_filesystem<L>( |
| &self, |
| locked: &mut Locked<'_, L>, |
| fs_type: &FsStr, |
| options: FileSystemOptions, |
| ) -> Result<FileSystemHandle, Errno> |
| where |
| L: LockBefore<DeviceOpen>, |
| L: LockBefore<FileOpsCore>; |
| } |
| |
| impl Kernel { |
| pub fn get_next_mount_id(&self) -> u64 { |
| self.next_mount_id.next() |
| } |
| |
| pub fn get_next_peer_group_id(&self) -> u64 { |
| self.next_peer_group_id.next() |
| } |
| |
| pub fn get_next_namespace_id(&self) -> u64 { |
| self.next_namespace_id.next() |
| } |
| } |
| |
| impl FileSystemCreator for Arc<Kernel> { |
| fn kernel(&self) -> &Arc<Kernel> { |
| self |
| } |
| |
| fn create_filesystem<L>( |
| &self, |
| _locked: &mut Locked<'_, L>, |
| fs_type: &FsStr, |
| options: FileSystemOptions, |
| ) -> Result<FileSystemHandle, Errno> |
| where |
| L: LockBefore<FileOpsCore>, |
| L: LockBefore<DeviceOpen>, |
| { |
| Ok(match &**fs_type { |
| b"binder" => BinderFs::new_fs(self, options)?, |
| b"bpf" => BpfFs::new_fs(self, options)?, |
| b"remotefs" => crate::execution::create_remotefs_filesystem( |
| self, |
| self.container_data_dir |
| .as_ref() |
| .ok_or_else(|| errno!(EPERM, "Missing container data directory"))?, |
| fio::OpenFlags::RIGHT_READABLE | fio::OpenFlags::RIGHT_WRITABLE, |
| options, |
| )?, |
| b"tmpfs" => { |
| let fs = TmpFs::new_fs_with_options(self, options)?; |
| // TODO(http://b/320436714): use hard-coded security context only for SELinux Fake |
| // mode once SELinux is implemented for the file subsystem. |
| if self.security_server.is_some() { |
| let label = b"u:object_r:tmpfs:s0"; |
| fs.selinux_context.set(label.into()).unwrap(); |
| } |
| fs |
| } |
| _ => { |
| return error!(ENODEV, fs_type); |
| } |
| }) |
| } |
| } |
| |
| impl FileSystemCreator for CurrentTask { |
| fn kernel(&self) -> &Arc<Kernel> { |
| (self as &Task).kernel() |
| } |
| |
| fn create_filesystem<L>( |
| &self, |
| locked: &mut Locked<'_, L>, |
| fs_type: &FsStr, |
| options: FileSystemOptions, |
| ) -> Result<FileSystemHandle, Errno> |
| where |
| L: LockBefore<FileOpsCore>, |
| L: LockBefore<DeviceOpen>, |
| { |
| let kernel = self.kernel(); |
| |
| match &**fs_type { |
| b"fuse" => new_fuse_fs(self, options), |
| b"fusectl" => new_fusectl_fs(self, options), |
| b"devpts" => Ok(dev_pts_fs(self, options).clone()), |
| b"devtmpfs" => Ok(dev_tmp_fs(locked, self).clone()), |
| b"ext4" => ExtFilesystem::new_fs(locked, kernel, self, options), |
| b"functionfs" => FunctionFs::new_fs(self, options), |
| b"overlay" => OverlayFs::new_fs(locked, self, options), |
| b"proc" => Ok(proc_fs(self, options).clone()), |
| b"tracefs" => Ok(trace_fs(self, options).clone()), |
| b"selinuxfs" => { |
| if self.kernel().security_server.is_some() { |
| Ok(selinux_fs(self, options).clone()) |
| } else { |
| error!(ENODEV, fs_type) |
| } |
| } |
| b"sysfs" => Ok(sys_fs(self, options).clone()), |
| _ => kernel.create_filesystem(locked, fs_type, options), |
| } |
| } |
| } |
| |
| struct ProcMountsFileSource(WeakRef<Task>); |
| |
| impl DynamicFileSource for ProcMountsFileSource { |
| fn generate(&self, sink: &mut DynamicFileBuf) -> Result<(), Errno> { |
| // TODO(tbodt): We should figure out a way to have a real iterator instead of grabbing the |
| // entire list in one go. Should we have a BTreeMap<u64, Weak<Mount>> in the Namespace? |
| // Also has the benefit of correct (i.e. chronological) ordering. But then we have to do |
| // extra work to maintain it. |
| let task = Task::from_weak(&self.0)?; |
| let root = task.fs().root(); |
| let ns = task.fs().namespace(); |
| for_each_mount(&ns.root_mount, &mut |mount| { |
| let mountpoint = mount.mountpoint().unwrap_or_else(|| mount.root()); |
| if !mountpoint.is_descendant_of(&root) { |
| return Ok(()); |
| } |
| writeln!( |
| sink, |
| "{} {} {} {} 0 0", |
| mount.fs.options.source_for_display(), |
| mountpoint.path(&task), |
| mount.fs.name(), |
| mount.flags(), |
| )?; |
| Ok(()) |
| })?; |
| Ok(()) |
| } |
| } |
| |
| pub struct ProcMountsFile { |
| dynamic_file: DynamicFile<ProcMountsFileSource>, |
| } |
| |
| impl ProcMountsFile { |
| pub fn new_node(task: WeakRef<Task>) -> impl FsNodeOps { |
| SimpleFileNode::new(move || { |
| Ok(Self { dynamic_file: DynamicFile::new(ProcMountsFileSource(task.clone())) }) |
| }) |
| } |
| } |
| |
| impl FileOps for ProcMountsFile { |
| fileops_impl_delegate_read_and_seek!(self, self.dynamic_file); |
| |
| fn write( |
| &self, |
| _locked: &mut Locked<'_, WriteOps>, |
| _file: &FileObject, |
| _current_task: &CurrentTask, |
| _offset: usize, |
| _data: &mut dyn InputBuffer, |
| ) -> Result<usize, Errno> { |
| error!(ENOSYS) |
| } |
| |
| fn wait_async( |
| &self, |
| _file: &FileObject, |
| _current_task: &CurrentTask, |
| waiter: &Waiter, |
| _events: FdEvents, |
| _handler: EventHandler, |
| ) -> Option<WaitCanceler> { |
| // Polling this file gives notifications when any change to mounts occurs. This is not |
| // implemented yet, but stubbed for Android init. |
| Some(waiter.fake_wait()) |
| } |
| |
| fn query_events( |
| &self, |
| _file: &FileObject, |
| _current_task: &CurrentTask, |
| ) -> Result<FdEvents, Errno> { |
| Ok(FdEvents::empty()) |
| } |
| } |
| |
| #[derive(Clone)] |
| pub struct ProcMountinfoFile(WeakRef<Task>); |
| impl ProcMountinfoFile { |
| pub fn new_node(task: WeakRef<Task>) -> impl FsNodeOps { |
| DynamicFile::new_node(Self(task)) |
| } |
| } |
| impl DynamicFileSource for ProcMountinfoFile { |
| fn generate(&self, sink: &mut DynamicFileBuf) -> Result<(), Errno> { |
| // Returns path to the `dir` from the root of the file system. |
| fn path_from_fs_root(dir: &DirEntryHandle) -> FsString { |
| let mut path = PathBuilder::new(); |
| if dir.is_dead() { |
| // Return `/foo/dir//deleted` if the dir was deleted. |
| path.prepend_element("/deleted".into()); |
| } |
| let mut current = dir.clone(); |
| while let Some(next) = current.parent() { |
| path.prepend_element(current.local_name().as_ref()); |
| current = next |
| } |
| path.build_absolute() |
| } |
| |
| // TODO(tbodt): We should figure out a way to have a real iterator instead of grabbing the |
| // entire list in one go. Should we have a BTreeMap<u64, Weak<Mount>> in the Namespace? |
| // Also has the benefit of correct (i.e. chronological) ordering. But then we have to do |
| // extra work to maintain it. |
| let task = Task::from_weak(&self.0)?; |
| let root = task.fs().root(); |
| let ns = task.fs().namespace(); |
| for_each_mount(&ns.root_mount, &mut |mount| { |
| let mountpoint = mount.mountpoint().unwrap_or_else(|| mount.root()); |
| if !mountpoint.is_descendant_of(&root) { |
| return Ok(()); |
| } |
| // Can't fail, mountpoint() and root() can't return a NamespaceNode with no mount |
| let parent = mountpoint.mount.as_ref().unwrap(); |
| write!( |
| sink, |
| "{} {} {} {} {} {}", |
| mount.id, |
| parent.id, |
| mount.root.node.fs().dev_id, |
| path_from_fs_root(&mount.root), |
| mountpoint.path(&task), |
| mount.flags(), |
| )?; |
| if let Some(peer_group) = mount.read().peer_group() { |
| write!(sink, " shared:{}", peer_group.id)?; |
| } |
| if let Some(upstream) = mount.read().upstream() { |
| write!(sink, " master:{}", upstream.id)?; |
| } |
| writeln!( |
| sink, |
| " - {} {} {}", |
| mount.fs.name(), |
| mount.fs.options.source_for_display(), |
| mount.fs.options.flags, |
| )?; |
| Ok(()) |
| })?; |
| Ok(()) |
| } |
| } |
| |
| fn for_each_mount<E>( |
| mount: &MountHandle, |
| callback: &mut impl FnMut(&MountHandle) -> Result<(), E>, |
| ) -> Result<(), E> { |
| callback(mount)?; |
| // Collect list first to avoid self deadlock when ProcMountinfoFile::read_at tries to call |
| // NamespaceNode::path() |
| let submounts: Vec<_> = mount.read().submounts.values().map(Arc::clone).collect(); |
| for submount in submounts { |
| for_each_mount(&submount, callback)?; |
| } |
| Ok(()) |
| } |
| |
| /// The `SymlinkMode` enum encodes how symlinks are followed during path traversal. |
| #[derive(Default, PartialEq, Eq, Copy, Clone, Debug)] |
| pub enum SymlinkMode { |
| /// Follow a symlink at the end of a path resolution. |
| #[default] |
| Follow, |
| |
| /// Do not follow a symlink at the end of a path resolution. |
| NoFollow, |
| } |
| |
| /// The maximum number of symlink traversals that can be made during path resolution. |
| pub const MAX_SYMLINK_FOLLOWS: u8 = 40; |
| |
| /// The context passed during namespace lookups. |
| /// |
| /// Namespace lookups need to mutate a shared context in order to correctly |
| /// count the number of remaining symlink traversals. |
| pub struct LookupContext { |
| /// The SymlinkMode for the lookup. |
| /// |
| /// As the lookup proceeds, the follow count is decremented each time the |
| /// lookup traverses a symlink. |
| pub symlink_mode: SymlinkMode, |
| |
| /// The number of symlinks remaining the follow. |
| /// |
| /// Each time path resolution calls readlink, this value is decremented. |
| pub remaining_follows: u8, |
| |
| /// Whether the result of the lookup must be a directory. |
| /// |
| /// For example, if the path ends with a `/` or if userspace passes |
| /// O_DIRECTORY. This flag can be set to true if the lookup encounters a |
| /// symlink that ends with a `/`. |
| pub must_be_directory: bool, |
| |
| /// Resolve flags passed to `openat2`. Empty if the lookup originated in any other syscall. |
| pub resolve_flags: ResolveFlags, |
| |
| /// Base directory for the lookup. Set only when either `RESOLVE_BENEATH` or `RESOLVE_IN_ROOT` |
| /// is passed to `openat2`. |
| pub resolve_base: ResolveBase, |
| } |
| |
| /// Used to specify base directory in `LookupContext` for lookups originating in the `openat2` |
| /// syscall with either `RESOLVE_BENEATH` or `RESOLVE_IN_ROOT` flag. |
| #[derive(Clone, Eq, PartialEq)] |
| pub enum ResolveBase { |
| None, |
| |
| /// The lookup is not allowed to traverse any node that's not beneath the specified node. |
| Beneath(NamespaceNode), |
| |
| /// The lookup should be handled as if the root specified node is the file-system root. |
| InRoot(NamespaceNode), |
| } |
| |
| impl LookupContext { |
| pub fn new(symlink_mode: SymlinkMode) -> LookupContext { |
| LookupContext { |
| symlink_mode, |
| remaining_follows: MAX_SYMLINK_FOLLOWS, |
| must_be_directory: false, |
| resolve_flags: ResolveFlags::empty(), |
| resolve_base: ResolveBase::None, |
| } |
| } |
| |
| pub fn with(&self, symlink_mode: SymlinkMode) -> LookupContext { |
| LookupContext { symlink_mode, resolve_base: self.resolve_base.clone(), ..*self } |
| } |
| |
| pub fn update_for_path(&mut self, path: &FsStr) { |
| if path.last() == Some(&b'/') { |
| // The last path element must resolve to a directory. This is because a trailing slash |
| // was found in the path. |
| self.must_be_directory = true; |
| // If the last path element is a symlink, we should follow it. |
| // See https://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xbd_chap03.html#tag_21_03_00_75 |
| self.symlink_mode = SymlinkMode::Follow; |
| } |
| } |
| } |
| |
| impl Default for LookupContext { |
| fn default() -> Self { |
| LookupContext::new(SymlinkMode::Follow) |
| } |
| } |
| |
| /// Whether the path is reachable from the given root. |
| pub enum PathWithReachability { |
| /// The path is reachable from the given root. |
| Reachable(FsString), |
| |
| /// The path is not reachable from the given root. |
| Unreachable(FsString), |
| } |
| |
| impl PathWithReachability { |
| pub fn into_path(self) -> FsString { |
| match self { |
| PathWithReachability::Reachable(path) => path, |
| PathWithReachability::Unreachable(path) => path, |
| } |
| } |
| } |
| |
| /// A node in a mount namespace. |
| /// |
| /// This tree is a composite of the mount tree and the FsNode tree. |
| /// |
| /// These nodes are used when traversing paths in a namespace in order to |
| /// present the client the directory structure that includes the mounted |
| /// filesystems. |
| #[derive(Clone)] |
| pub struct NamespaceNode { |
| /// The mount where this namespace node is mounted. |
| /// |
| /// A given FsNode can be mounted in multiple places in a namespace. This |
| /// field distinguishes between them. |
| pub mount: MountInfo, |
| |
| /// The FsNode that corresponds to this namespace entry. |
| pub entry: DirEntryHandle, |
| } |
| |
| impl NamespaceNode { |
| /// Create a namespace node that is not mounted in a namespace. |
| pub fn new_anonymous(dir_entry: DirEntryHandle) -> Self { |
| Self { mount: None.into(), entry: dir_entry } |
| } |
| |
| /// Create a namespace node that is not mounted in a namespace and that refers to a node that |
| /// is not rooted in a hierarchy and has no name. |
| pub fn new_anonymous_unrooted(node: FsNodeHandle) -> Self { |
| Self::new_anonymous(DirEntry::new_unrooted(node)) |
| } |
| |
| /// Create a FileObject corresponding to this namespace node. |
| /// |
| /// This function is the primary way of instantiating FileObjects. Each |
| /// FileObject records the NamespaceNode that created it in order to |
| /// remember its path in the Namespace. |
| pub fn open<L>( |
| &self, |
| locked: &mut Locked<'_, L>, |
| current_task: &CurrentTask, |
| flags: OpenFlags, |
| check_access: bool, |
| ) -> Result<FileHandle, Errno> |
| where |
| L: LockBefore<FileOpsCore>, |
| L: LockBefore<DeviceOpen>, |
| { |
| FileObject::new( |
| self.entry.node.open(locked, current_task, &self.mount, flags, check_access)?, |
| self.clone(), |
| flags, |
| ) |
| } |
| |
| /// Create or open a node in the file system. |
| /// |
| /// Works for any type of node other than a symlink. |
| /// |
| /// Will return an existing node unless `flags` contains `OpenFlags::EXCL`. |
| pub fn open_create_node<L>( |
| &self, |
| locked: &mut Locked<'_, L>, |
| current_task: &CurrentTask, |
| name: &FsStr, |
| mode: FileMode, |
| dev: DeviceType, |
| flags: OpenFlags, |
| ) -> Result<NamespaceNode, Errno> |
| where |
| L: LockBefore<FileOpsCore>, |
| { |
| let owner = current_task.as_fscred(); |
| let mode = current_task.fs().apply_umask(mode); |
| let create_fn = |dir: &FsNodeHandle, mount: &MountInfo, name: &_| { |
| dir.mknod(locked, current_task, mount, name, mode, dev, owner) |
| }; |
| let entry = if flags.contains(OpenFlags::EXCL) { |
| self.entry.create_entry(current_task, &self.mount, name, create_fn) |
| } else { |
| self.entry.get_or_create_entry(current_task, &self.mount, name, create_fn) |
| }?; |
| Ok(self.with_new_entry(entry)) |
| } |
| |
| /// Create a node in the file system. |
| /// |
| /// Works for any type of node other than a symlink. |
| /// |
| /// Does not return an existing node. |
| pub fn create_node<L>( |
| &self, |
| locked: &mut Locked<'_, L>, |
| current_task: &CurrentTask, |
| name: &FsStr, |
| mode: FileMode, |
| dev: DeviceType, |
| ) -> Result<NamespaceNode, Errno> |
| where |
| L: LockBefore<FileOpsCore>, |
| { |
| let owner = current_task.as_fscred(); |
| let mode = current_task.fs().apply_umask(mode); |
| let entry = |
| self.entry.create_entry(current_task, &self.mount, name, |dir, mount, name| { |
| dir.mknod(locked, current_task, mount, name, mode, dev, owner) |
| })?; |
| Ok(self.with_new_entry(entry)) |
| } |
| |
| /// Create a symlink in the file system. |
| /// |
| /// To create another type of node, use `create_node`. |
| pub fn create_symlink<L>( |
| &self, |
| locked: &mut Locked<'_, L>, |
| current_task: &CurrentTask, |
| name: &FsStr, |
| target: &FsStr, |
| ) -> Result<NamespaceNode, Errno> |
| where |
| L: LockBefore<FileOpsCore>, |
| { |
| let owner = current_task.as_fscred(); |
| let entry = |
| self.entry.create_entry(current_task, &self.mount, name, |dir, mount, name| { |
| dir.create_symlink(locked, current_task, mount, name, target, owner) |
| })?; |
| Ok(self.with_new_entry(entry)) |
| } |
| |
| /// Creates an anonymous file. |
| /// |
| /// The FileMode::IFMT of the FileMode is always FileMode::IFREG. |
| /// |
| /// Used by O_TMPFILE. |
| pub fn create_tmpfile( |
| &self, |
| current_task: &CurrentTask, |
| mode: FileMode, |
| flags: OpenFlags, |
| ) -> Result<NamespaceNode, Errno> { |
| let owner = current_task.as_fscred(); |
| let mode = current_task.fs().apply_umask(mode); |
| Ok(self.with_new_entry(self.entry.create_tmpfile( |
| current_task, |
| &self.mount, |
| mode, |
| owner, |
| flags, |
| )?)) |
| } |
| |
| pub fn link<L>( |
| &self, |
| locked: &mut Locked<'_, L>, |
| current_task: &CurrentTask, |
| name: &FsStr, |
| child: &FsNodeHandle, |
| ) -> Result<NamespaceNode, Errno> |
| where |
| L: LockBefore<FileOpsCore>, |
| { |
| let dir_entry = |
| self.entry.create_entry(current_task, &self.mount, name, |dir, mount, name| { |
| dir.link(locked, current_task, mount, name, child) |
| })?; |
| Ok(self.with_new_entry(dir_entry)) |
| } |
| |
| pub fn bind_socket<L>( |
| &self, |
| locked: &mut Locked<'_, L>, |
| current_task: &CurrentTask, |
| name: &FsStr, |
| socket: SocketHandle, |
| socket_address: SocketAddress, |
| mode: FileMode, |
| ) -> Result<NamespaceNode, Errno> |
| where |
| L: LockBefore<FileOpsCore>, |
| { |
| let dir_entry = |
| self.entry.create_entry(current_task, &self.mount, name, |dir, mount, name| { |
| let node = dir.mknod( |
| locked, |
| current_task, |
| mount, |
| name, |
| mode, |
| DeviceType::NONE, |
| current_task.as_fscred(), |
| )?; |
| if let Some(unix_socket) = socket.downcast_socket::<UnixSocket>() { |
| unix_socket.bind_socket_to_node(&socket, socket_address, &node)?; |
| } else { |
| return error!(ENOTSUP); |
| } |
| Ok(node) |
| })?; |
| Ok(self.with_new_entry(dir_entry)) |
| } |
| |
| pub fn unlink<L>( |
| &self, |
| locked: &mut Locked<'_, L>, |
| current_task: &CurrentTask, |
| name: &FsStr, |
| kind: UnlinkKind, |
| must_be_directory: bool, |
| ) -> Result<(), Errno> |
| where |
| L: LockBefore<FileOpsCore>, |
| { |
| if DirEntry::is_reserved_name(name) { |
| match kind { |
| UnlinkKind::Directory => { |
| if name == ".." { |
| error!(ENOTEMPTY) |
| } else if self.parent().is_none() { |
| // The client is attempting to remove the root. |
| error!(EBUSY) |
| } else { |
| error!(EINVAL) |
| } |
| } |
| UnlinkKind::NonDirectory => error!(ENOTDIR), |
| } |
| } else { |
| self.entry.unlink(locked, current_task, &self.mount, name, kind, must_be_directory) |
| } |
| } |
| |
| /// Traverse down a parent-to-child link in the namespace. |
| pub fn lookup_child( |
| &self, |
| current_task: &CurrentTask, |
| context: &mut LookupContext, |
| basename: &FsStr, |
| ) -> Result<NamespaceNode, Errno> { |
| if !self.entry.node.is_dir() { |
| return error!(ENOTDIR); |
| } |
| |
| if basename.len() > NAME_MAX as usize { |
| return error!(ENAMETOOLONG); |
| } |
| |
| let child = if basename.is_empty() || basename == "." { |
| self.clone() |
| } else if basename == ".." { |
| let root = match &context.resolve_base { |
| ResolveBase::None => current_task.fs().root(), |
| ResolveBase::Beneath(node) => { |
| // Do not allow traversal out of the 'node'. |
| if *self == *node { |
| return error!(EXDEV); |
| } |
| current_task.fs().root() |
| } |
| ResolveBase::InRoot(root) => root.clone(), |
| }; |
| |
| // Make sure this can't escape a chroot. |
| if *self == root { |
| root |
| } else { |
| self.parent().unwrap_or_else(|| self.clone()) |
| } |
| } else { |
| let mut child = self.with_new_entry(self.entry.component_lookup( |
| current_task, |
| &self.mount, |
| basename, |
| )?); |
| while child.entry.node.is_lnk() { |
| match context.symlink_mode { |
| SymlinkMode::NoFollow => { |
| break; |
| } |
| SymlinkMode::Follow => { |
| if context.remaining_follows == 0 |
| || context.resolve_flags.contains(ResolveFlags::NO_SYMLINKS) |
| { |
| return error!(ELOOP); |
| } |
| context.remaining_follows -= 1; |
| child = match child.readlink(current_task)? { |
| SymlinkTarget::Path(link_target) => { |
| let link_directory = if link_target[0] == b'/' { |
| match &context.resolve_base { |
| ResolveBase::None => current_task.fs().root(), |
| ResolveBase::Beneath(_) => return error!(EXDEV), |
| ResolveBase::InRoot(root) => root.clone(), |
| } |
| } else { |
| self.clone() |
| }; |
| current_task.lookup_path( |
| context, |
| link_directory, |
| link_target.as_ref(), |
| )? |
| } |
| SymlinkTarget::Node(node) => { |
| if context.resolve_flags.contains(ResolveFlags::NO_MAGICLINKS) { |
| return error!(ELOOP); |
| } |
| node |
| } |
| } |
| } |
| }; |
| } |
| |
| child.enter_mount() |
| }; |
| |
| if context.resolve_flags.contains(ResolveFlags::NO_XDEV) && child.mount != self.mount { |
| return error!(EXDEV); |
| } |
| |
| if context.must_be_directory && !child.entry.node.is_dir() { |
| return error!(ENOTDIR); |
| } |
| |
| Ok(child) |
| } |
| |
| /// Traverse up a child-to-parent link in the namespace. |
| /// |
| /// This traversal matches the child-to-parent link in the underlying |
| /// FsNode except at mountpoints, where the link switches from one |
| /// filesystem to another. |
| pub fn parent(&self) -> Option<NamespaceNode> { |
| let mountpoint_or_self = self.escape_mount(); |
| Some(mountpoint_or_self.with_new_entry(mountpoint_or_self.entry.parent()?)) |
| } |
| |
| /// Returns the parent, but does not escape mounts i.e. returns None if this node |
| /// is the root of a mount. |
| pub fn parent_within_mount(&self) -> Option<DirEntryHandle> { |
| if let Ok(_) = self.mount_if_root() { |
| return None; |
| } |
| self.entry.parent() |
| } |
| |
| /// Whether this namespace node is a descendant of the given node. |
| /// |
| /// Walks up the namespace node tree looking for ancestor. If ancestor is |
| /// found, returns true. Otherwise, returns false. |
| pub fn is_descendant_of(&self, ancestor: &NamespaceNode) -> bool { |
| let ancestor = ancestor.escape_mount(); |
| let mut current = self.escape_mount(); |
| while current != ancestor { |
| if let Some(parent) = current.parent() { |
| current = parent.escape_mount(); |
| } else { |
| return false; |
| } |
| } |
| true |
| } |
| |
| /// If this is a mount point, return the root of the mount. Otherwise return self. |
| fn enter_mount(&self) -> NamespaceNode { |
| // While the child is a mountpoint, replace child with the mount's root. |
| fn enter_one_mount(node: &NamespaceNode) -> Option<NamespaceNode> { |
| if let Some(mount) = node.mount.deref() { |
| if let Some(mount) = mount.state.read().submounts.get(ArcKey::ref_cast(&node.entry)) |
| { |
| return Some(mount.root()); |
| } |
| } |
| None |
| } |
| let mut inner = self.clone(); |
| while let Some(inner_root) = enter_one_mount(&inner) { |
| inner = inner_root; |
| } |
| inner |
| } |
| |
| /// If this is the root of a mount, return the mount point. Otherwise return self. |
| /// |
| /// This is not exactly the same as parent(). If parent() is called on a root, it will escape |
| /// the mount, but then return the parent of the mount point instead of the mount point. |
| fn escape_mount(&self) -> NamespaceNode { |
| let mut mountpoint_or_self = self.clone(); |
| while let Some(mountpoint) = mountpoint_or_self.mountpoint() { |
| mountpoint_or_self = mountpoint; |
| } |
| mountpoint_or_self |
| } |
| |
| /// If this node is the root of a mount, return it. Otherwise EINVAL. |
| pub fn mount_if_root(&self) -> Result<&MountHandle, Errno> { |
| if let Some(mount) = self.mount.deref() { |
| if Arc::ptr_eq(&self.entry, &mount.root) { |
| return Ok(mount); |
| } |
| } |
| error!(EINVAL) |
| } |
| |
| /// Returns the mountpoint at this location in the namespace. |
| /// |
| /// If this node is mounted in another node, this function returns the node |
| /// at which this node is mounted. Otherwise, returns None. |
| fn mountpoint(&self) -> Option<NamespaceNode> { |
| self.mount_if_root().ok()?.mountpoint() |
| } |
| |
| /// The path from the task's root to this node. |
| pub fn path(&self, task: &Task) -> FsString { |
| self.path_from_root(Some(&task.fs().root())).into_path() |
| } |
| |
| /// The path from the root of the namespace to this node. |
| pub fn path_escaping_chroot(&self) -> FsString { |
| self.path_from_root(None).into_path() |
| } |
| |
| /// Returns the path to this node, accounting for a custom root. |
| /// A task may have a custom root set by `chroot`. |
| pub fn path_from_root(&self, root: Option<&NamespaceNode>) -> PathWithReachability { |
| if self.mount.is_none() { |
| return PathWithReachability::Reachable(self.entry.local_name()); |
| } |
| |
| let mut path = PathBuilder::new(); |
| let mut current = self.escape_mount(); |
| if let Some(root) = root { |
| // The current node is expected to intersect with the custom root as we travel up the tree. |
| let root = root.escape_mount(); |
| while current != root { |
| if let Some(parent) = current.parent() { |
| path.prepend_element(current.entry.local_name().as_ref()); |
| current = parent.escape_mount(); |
| } else { |
| // This node hasn't intersected with the custom root and has reached the namespace root. |
| return PathWithReachability::Unreachable(path.build_absolute()); |
| } |
| } |
| } else { |
| // No custom root, so travel up the tree to the namespace root. |
| while let Some(parent) = current.parent() { |
| path.prepend_element(current.entry.local_name().as_ref()); |
| current = parent.escape_mount(); |
| } |
| } |
| |
| PathWithReachability::Reachable(path.build_absolute()) |
| } |
| |
| pub fn mount(&self, what: WhatToMount, flags: MountFlags) -> Result<(), Errno> { |
| let flags = flags & (MountFlags::STORED_ON_MOUNT | MountFlags::REC); |
| let mountpoint = self.enter_mount(); |
| let mount = mountpoint.mount.as_ref().expect("a mountpoint must be part of a mount"); |
| mount.create_submount(&mountpoint.entry, what, flags); |
| Ok(()) |
| } |
| |
| /// If this is the root of a filesystem, unmount. Otherwise return EINVAL. |
| pub fn unmount(&self) -> Result<(), Errno> { |
| // Drop submount outside of this state lock to ensure it is not done while holding a lock. |
| let _submount = { |
| let propagate = { |
| if let Ok(mount) = self.mount_if_root() { |
| mount.read().is_shared() |
| } else { |
| false |
| } |
| }; |
| let mountpoint = self.enter_mount().mountpoint().ok_or_else(|| errno!(EINVAL))?; |
| let mount = mountpoint.mount.as_ref().expect("a mountpoint must be part of a mount"); |
| mount.remove_submount(mountpoint.mount_hash_key(), &mountpoint.entry, propagate)?; |
| }; |
| Ok(()) |
| } |
| |
| pub fn rename( |
| current_task: &CurrentTask, |
| old_parent: &NamespaceNode, |
| old_name: &FsStr, |
| new_parent: &NamespaceNode, |
| new_name: &FsStr, |
| flags: RenameFlags, |
| ) -> Result<(), Errno> { |
| DirEntry::rename( |
| current_task, |
| &old_parent.entry, |
| &old_parent.mount, |
| old_name, |
| &new_parent.entry, |
| &new_parent.mount, |
| new_name, |
| flags, |
| ) |
| } |
| |
| fn with_new_entry(&self, entry: DirEntryHandle) -> NamespaceNode { |
| NamespaceNode { mount: self.mount.clone(), entry } |
| } |
| |
| fn mount_hash_key(&self) -> &ArcKey<DirEntry> { |
| ArcKey::ref_cast(&self.entry) |
| } |
| |
| pub fn update_atime(&self) { |
| // Do not update the atime of this node if it is mounted with the NOATIME flag. |
| if !self.mount.flags().contains(MountFlags::NOATIME) { |
| self.entry.node.update_info(|info| { |
| let now = utc::utc_now(); |
| info.time_access = now; |
| }); |
| } |
| } |
| |
| pub fn readlink(&self, current_task: &CurrentTask) -> Result<SymlinkTarget, Errno> { |
| self.update_atime(); |
| self.entry.node.readlink(current_task) |
| } |
| |
| pub fn notify(&self, event_mask: InotifyMask) { |
| if self.mount.is_some() { |
| self.entry.notify(event_mask); |
| } |
| } |
| |
| /// Check whether the node can be accessed in the current context with the specified access |
| /// flags (read, write, or exec). Accounts for capabilities and whether the current user is the |
| /// owner or is in the file's group. |
| pub fn check_access(&self, current_task: &CurrentTask, access: Access) -> Result<(), Errno> { |
| self.entry.node.check_access(current_task, &self.mount, access) |
| } |
| |
| /// Checks if O_NOATIME is allowed, |
| pub fn check_o_noatime_allowed(&self, current_task: &CurrentTask) -> Result<(), Errno> { |
| self.entry.node.check_o_noatime_allowed(current_task) |
| } |
| |
| pub fn truncate<L>( |
| &self, |
| locked: &mut Locked<'_, L>, |
| current_task: &CurrentTask, |
| length: u64, |
| ) -> Result<(), Errno> |
| where |
| L: LockBefore<FileOpsCore>, |
| { |
| self.entry.node.truncate(locked, current_task, &self.mount, length) |
| } |
| } |
| |
| impl fmt::Debug for NamespaceNode { |
| fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { |
| f.debug_struct("NamespaceNode") |
| .field("path", &self.path_escaping_chroot()) |
| .field("mount", &self.mount) |
| .field("entry", &self.entry) |
| .finish() |
| } |
| } |
| |
| // Eq/Hash impls intended for the MOUNT_POINTS hash |
| impl PartialEq for NamespaceNode { |
| fn eq(&self, other: &Self) -> bool { |
| self.mount.as_ref().map(Arc::as_ptr).eq(&other.mount.as_ref().map(Arc::as_ptr)) |
| && Arc::ptr_eq(&self.entry, &other.entry) |
| } |
| } |
| impl Eq for NamespaceNode {} |
| impl Hash for NamespaceNode { |
| fn hash<H: Hasher>(&self, state: &mut H) { |
| self.mount.as_ref().map(Arc::as_ptr).hash(state); |
| Arc::as_ptr(&self.entry).hash(state); |
| } |
| } |
| |
| #[cfg(test)] |
| mod test { |
| use crate::{ |
| fs::tmpfs::TmpFs, |
| testing::create_kernel_task_and_unlocked, |
| vfs::{LookupContext, Namespace, UnlinkKind, WhatToMount}, |
| }; |
| use starnix_uapi::{errno, mount_flags::MountFlags}; |
| use std::sync::Arc; |
| |
| #[::fuchsia::test] |
| async fn test_namespace() -> anyhow::Result<()> { |
| let (kernel, current_task, mut locked) = create_kernel_task_and_unlocked(); |
| let root_fs = TmpFs::new_fs(&kernel); |
| let root_node = Arc::clone(root_fs.root()); |
| let _dev_node = root_node |
| .create_dir(&mut locked, ¤t_task, "dev".into()) |
| .expect("failed to mkdir dev"); |
| let dev_fs = TmpFs::new_fs(&kernel); |
| let dev_root_node = Arc::clone(dev_fs.root()); |
| let _dev_pts_node = dev_root_node |
| .create_dir(&mut locked, ¤t_task, "pts".into()) |
| .expect("failed to mkdir pts"); |
| |
| let ns = Namespace::new(root_fs); |
| let mut context = LookupContext::default(); |
| let dev = ns |
| .root() |
| .lookup_child(¤t_task, &mut context, "dev".into()) |
| .expect("failed to lookup dev"); |
| dev.mount(WhatToMount::Fs(dev_fs), MountFlags::empty()) |
| .expect("failed to mount dev root node"); |
| |
| let mut context = LookupContext::default(); |
| let dev = ns |
| .root() |
| .lookup_child(¤t_task, &mut context, "dev".into()) |
| .expect("failed to lookup dev"); |
| let mut context = LookupContext::default(); |
| let pts = dev |
| .lookup_child(¤t_task, &mut context, "pts".into()) |
| .expect("failed to lookup pts"); |
| let pts_parent = |
| pts.parent().ok_or_else(|| errno!(ENOENT)).expect("failed to get parent of pts"); |
| assert!(Arc::ptr_eq(&pts_parent.entry, &dev.entry)); |
| |
| let dev_parent = |
| dev.parent().ok_or_else(|| errno!(ENOENT)).expect("failed to get parent of dev"); |
| assert!(Arc::ptr_eq(&dev_parent.entry, &ns.root().entry)); |
| Ok(()) |
| } |
| |
| #[::fuchsia::test] |
| async fn test_mount_does_not_upgrade() -> anyhow::Result<()> { |
| let (kernel, current_task, mut locked) = create_kernel_task_and_unlocked(); |
| let root_fs = TmpFs::new_fs(&kernel); |
| let root_node = Arc::clone(root_fs.root()); |
| let _dev_node = root_node |
| .create_dir(&mut locked, ¤t_task, "dev".into()) |
| .expect("failed to mkdir dev"); |
| let dev_fs = TmpFs::new_fs(&kernel); |
| let dev_root_node = Arc::clone(dev_fs.root()); |
| let _dev_pts_node = dev_root_node |
| .create_dir(&mut locked, ¤t_task, "pts".into()) |
| .expect("failed to mkdir pts"); |
| |
| let ns = Namespace::new(root_fs); |
| let mut context = LookupContext::default(); |
| let dev = ns |
| .root() |
| .lookup_child(¤t_task, &mut context, "dev".into()) |
| .expect("failed to lookup dev"); |
| dev.mount(WhatToMount::Fs(dev_fs), MountFlags::empty()) |
| .expect("failed to mount dev root node"); |
| let mut context = LookupContext::default(); |
| let new_dev = ns |
| .root() |
| .lookup_child(¤t_task, &mut context, "dev".into()) |
| .expect("failed to lookup dev again"); |
| assert!(!Arc::ptr_eq(&dev.entry, &new_dev.entry)); |
| assert_ne!(&dev, &new_dev); |
| |
| let mut context = LookupContext::default(); |
| let _new_pts = new_dev |
| .lookup_child(¤t_task, &mut context, "pts".into()) |
| .expect("failed to lookup pts"); |
| let mut context = LookupContext::default(); |
| assert!(dev.lookup_child(¤t_task, &mut context, "pts".into()).is_err()); |
| |
| Ok(()) |
| } |
| |
| #[::fuchsia::test] |
| async fn test_path() -> anyhow::Result<()> { |
| let (kernel, current_task, mut locked) = create_kernel_task_and_unlocked(); |
| let root_fs = TmpFs::new_fs(&kernel); |
| let root_node = Arc::clone(root_fs.root()); |
| let _dev_node = root_node |
| .create_dir(&mut locked, ¤t_task, "dev".into()) |
| .expect("failed to mkdir dev"); |
| let dev_fs = TmpFs::new_fs(&kernel); |
| let dev_root_node = Arc::clone(dev_fs.root()); |
| let _dev_pts_node = dev_root_node |
| .create_dir(&mut locked, ¤t_task, "pts".into()) |
| .expect("failed to mkdir pts"); |
| |
| let ns = Namespace::new(root_fs); |
| let mut context = LookupContext::default(); |
| let dev = ns |
| .root() |
| .lookup_child(¤t_task, &mut context, "dev".into()) |
| .expect("failed to lookup dev"); |
| dev.mount(WhatToMount::Fs(dev_fs), MountFlags::empty()) |
| .expect("failed to mount dev root node"); |
| |
| let mut context = LookupContext::default(); |
| let dev = ns |
| .root() |
| .lookup_child(¤t_task, &mut context, "dev".into()) |
| .expect("failed to lookup dev"); |
| let mut context = LookupContext::default(); |
| let pts = dev |
| .lookup_child(¤t_task, &mut context, "pts".into()) |
| .expect("failed to lookup pts"); |
| |
| assert_eq!("/", ns.root().path_escaping_chroot()); |
| assert_eq!("/dev", dev.path_escaping_chroot()); |
| assert_eq!("/dev/pts", pts.path_escaping_chroot()); |
| Ok(()) |
| } |
| |
| #[::fuchsia::test] |
| async fn test_shadowing() -> anyhow::Result<()> { |
| let (kernel, current_task, mut locked) = create_kernel_task_and_unlocked(); |
| let root_fs = TmpFs::new_fs(&kernel); |
| let ns = Namespace::new(root_fs.clone()); |
| let _foo_node = root_fs.root().create_dir(&mut locked, ¤t_task, "foo".into())?; |
| let mut context = LookupContext::default(); |
| let foo_dir = ns.root().lookup_child(¤t_task, &mut context, "foo".into())?; |
| |
| let foofs1 = TmpFs::new_fs(&kernel); |
| foo_dir.mount(WhatToMount::Fs(foofs1.clone()), MountFlags::empty())?; |
| let mut context = LookupContext::default(); |
| assert!(Arc::ptr_eq( |
| &ns.root().lookup_child(¤t_task, &mut context, "foo".into())?.entry, |
| foofs1.root() |
| )); |
| let foo_dir = ns.root().lookup_child(¤t_task, &mut context, "foo".into())?; |
| |
| let ns_clone = ns.clone_namespace(); |
| |
| let foofs2 = TmpFs::new_fs(&kernel); |
| foo_dir.mount(WhatToMount::Fs(foofs2.clone()), MountFlags::empty())?; |
| let mut context = LookupContext::default(); |
| assert!(Arc::ptr_eq( |
| &ns.root().lookup_child(¤t_task, &mut context, "foo".into())?.entry, |
| foofs2.root() |
| )); |
| |
| assert!(Arc::ptr_eq( |
| &ns_clone |
| .root() |
| .lookup_child(¤t_task, &mut LookupContext::default(), "foo".into())? |
| .entry, |
| foofs1.root() |
| )); |
| |
| Ok(()) |
| } |
| |
| #[::fuchsia::test] |
| async fn test_unlink_mounted_directory() -> anyhow::Result<()> { |
| let (kernel, current_task, mut locked) = create_kernel_task_and_unlocked(); |
| let root_fs = TmpFs::new_fs(&kernel); |
| let ns1 = Namespace::new(root_fs.clone()); |
| let ns2 = Namespace::new(root_fs.clone()); |
| let _foo_node = root_fs.root().create_dir(&mut locked, ¤t_task, "foo".into())?; |
| let mut context = LookupContext::default(); |
| let foo_dir = ns1.root().lookup_child(¤t_task, &mut context, "foo".into())?; |
| |
| let foofs = TmpFs::new_fs(&kernel); |
| foo_dir.mount(WhatToMount::Fs(foofs), MountFlags::empty())?; |
| |
| assert_eq!( |
| errno!(EBUSY), |
| ns2.root() |
| .unlink(&mut locked, ¤t_task, "foo".into(), UnlinkKind::Directory, false) |
| .unwrap_err() |
| ); |
| |
| Ok(()) |
| } |
| } |