Allow constructing MmapRegions for non-seekable fds

roypat · roypat · commit cbced4a2c833 · 2025-03-21T10:40:43.000Z
vm-memory validates that the file,offset,len combination passed to a MmapRegionBuilder is actually in bounds for the actual size of the file. It uses `lseek(2)` for this, due to #195, however not all file descriptors that can be mmap'd can also be lseek'd. Thus, if lseek is not supported on a fd, fall back to using `fstat(2)` instead of lseek. This allows mmap-ing things like guest_memfd, which does not support seeking. Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,8 @@
 ### Added
 
 - \[[#311](https://github.com/rust-vmm/vm-memory/pull/311)\] Allow compiling without the ReadVolatile and WriteVolatile implementations
+- \[[#319](https://github.com/rust-vmm/vm-memory/pull/319)\] Allow constructing `MmapRegion`s 
+  mapping file descriptors that cannot be seeked, such as `guest_memfd`.
 
 ### Changed
 
diff --git a/src/mmap.rs b/src/mmap.rs
@@ -84,10 +84,28 @@ pub fn check_file_offset(
     let start = file_offset.start();
 
     if let Some(end) = start.checked_add(size as u64) {
-        let filesize = file
-            .seek(SeekFrom::End(0))
-            .map_err(MmapRegionError::SeekEnd)?;
-        file.rewind().map_err(MmapRegionError::SeekStart)?;
+        // If f_ops->llseek is not implemented in the kernel for some file, we get -ESPIPE
+        // In this scenario, fall back to using fstat. We need to prefer lseek in all other
+        // cases because of https://github.com/rust-vmm/vm-memory/issues/195
+        // clippy wants us to use file.stream_position() here, but that obscures what we're trying
+        // to do here.
+        #[allow(clippy::seek_from_current)]
+        let seek_unsupported = file
+            .seek(SeekFrom::Current(0))
+            .err()
+            .map(|err| err.raw_os_error() == Some(libc::ESPIPE))
+            .unwrap_or(true);
+
+        let filesize = if seek_unsupported {
+            file.metadata().map_err(MmapRegionError::Stat)?.len()
+        } else {
+            let filesize = file
+                .seek(SeekFrom::End(0))
+                .map_err(MmapRegionError::SeekEnd)?;
+            file.rewind().map_err(MmapRegionError::SeekStart)?;
+            filesize
+        };
+
         if filesize < end {
             return Err(MmapRegionError::MappingPastEof);
         }
@@ -522,6 +540,7 @@ mod tests {
 
     use std::io::Write;
     use std::mem;
+    use std::os::fd::FromRawFd;
     #[cfg(feature = "rawfd")]
     use std::{fs::File, path::Path};
     use vmm_sys_util::tempfile::TempFile;
@@ -1396,4 +1415,46 @@ mod tests {
                 .unwrap()
         });
     }
+
+    #[test]
+    #[cfg(unix)]
+    #[cfg(not(miri))] /* memfd_secret isn't support by miri */
+    #[allow(clippy::seek_from_current)]
+    fn test_non_seekable_file() {
+        let fd = unsafe { libc::syscall(libc::SYS_memfd_secret, 0) } as libc::c_int;
+        if fd < 0 {
+            if std::io::Error::last_os_error().raw_os_error() == Some(libc::ENOSYS) {
+                // memfd_secret is not enabled by default, so skip this test if that's the case
+                return;
+            }
+
+            panic!("Creation of memfd_secret failed!");
+        }
+
+        let r = unsafe { libc::ftruncate(fd, 0x1000) };
+        assert_eq!(r, 0);
+
+        let mut file = unsafe { File::from_raw_fd(fd as _) };
+
+        // validate the memfd_secret indeed cannot be seeked, but can be mapped
+        assert_eq!(
+            file.seek(SeekFrom::Current(0))
+                .unwrap_err()
+                .raw_os_error()
+                .unwrap(),
+            libc::ESPIPE
+        );
+
+        let file = Arc::new(file);
+        let fo = FileOffset::from_arc(Arc::clone(&file), 0);
+
+        check_file_offset(&fo, 0x1000).unwrap();
+
+        let fo = FileOffset::from_arc(Arc::clone(&file), 0x1000);
+
+        assert!(matches!(
+            check_file_offset(&fo, 0x1000),
+            Err(MmapRegionError::MappingPastEof)
+        ));
+    }
 }
diff --git a/src/mmap_unix.rs b/src/mmap_unix.rs
@@ -47,6 +47,9 @@ pub enum Error {
     /// Seeking the start of the file returned an error.
     #[error("Error seeking the start of the file: {0}")]
     SeekStart(io::Error),
+    /// Calling [`File::metadata`] returned an error.
+    #[error("Error determining size of file using fstat: {0}")]
+    Stat(io::Error),
 }
 
 pub type Result<T> = result::Result<T, Error>;
diff --git a/src/mmap_xen.rs b/src/mmap_xen.rs
@@ -50,6 +50,9 @@ pub enum Error {
     /// Seeking the start of the file returned an error.
     #[error("Error seeking the start of the file: {0}")]
     SeekStart(io::Error),
+    /// Calling [`File::metadata`] returned an error.
+    #[error("Error determining size of file using fstat: {0}")]
+    Stat(io::Error),
     /// Invalid file offset.
     #[error("Invalid file offset")]
     InvalidFileOffset,

Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,9 @@ pub enum Error {`
`47`	`47`	`/// Seeking the start of the file returned an error.`
`48`	`48`	`#[error("Error seeking the start of the file: {0}")]`
`49`	`49`	`SeekStart(io::Error),`
	`50`	+ /// Calling [`File::metadata`] returned an error.
	`51`	`+ #[error("Error determining size of file using fstat: {0}")]`
	`52`	`+ Stat(io::Error),`
`50`	`53`	`}`
`51`	`54`
`52`	`55`	`pub type Result<T> = result::Result<T, Error>;`