Merge hidpipe client into the main server binary

Signed-off-by: Sasha Finkelstein <[email protected]>

Author: WhatAmISupposedToPutHere

crates/muvm/Cargo.toml

@@ -35,7 +35,3 @@ path = "src/bin/muvm.rs"
 [[bin]]
 name = "muvm-guest"
 path = "src/guest/bin/muvm-guest.rs"
-
-[[bin]]
-name = "muvm-hidpipe"
-path = "src/hidpipe/bin/muvm-hidpipe.rs"

crates/muvm/src/guest/bin/muvm-guest.rs

@@ -1,11 +1,12 @@
 use std::os::fd::AsFd;
+use std::panic::catch_unwind;
 use std::process::Command;
-use std::{cmp, env};
+use std::{cmp, env, thread};
 
 use anyhow::{Context, Result};
-use muvm::env::find_muvm_exec;
 use muvm::guest::cli_options::options;
 use muvm::guest::fex::setup_fex;
+use muvm::guest::hidpipe::start_hidpipe;
 use muvm::guest::mount::mount_filesystems;
 use muvm::guest::net::configure_network;
 use muvm::guest::server::server_main;
@@ -60,12 +61,6 @@ fn main() -> Result<()> {
 
     configure_network()?;
 
-    let muvm_hidpipe_path = find_muvm_exec("muvm-hidpipe")?;
-    Command::new(muvm_hidpipe_path)
-        .arg(format!("{}", options.uid))
-        .spawn()
-        .context("Failed to execute `muvm-hidpipe` as child process")?;
-
     let run_path = match setup_user(options.username, options.uid, options.gid) {
         Ok(p) => p,
         Err(err) => return Err(err).context("Failed to set up user, bailing out"),
@@ -79,6 +74,13 @@ fn main() -> Result<()> {
 
     setup_x11_forwarding(run_path)?;
 
+    let uid = options.uid.as_raw();
+    thread::spawn(move || {
+        if catch_unwind(|| start_hidpipe(uid)).is_err() {
+            eprintln!("hidpipe thread crashed, input device passthrough will no longer function");
+        }
+    });
+
     let rt = tokio::runtime::Runtime::new().unwrap();
     rt.block_on(async {
         server_main(options.server_port, options.command, options.command_args).await

…tes/muvm/src/hidpipe/bin/muvm-hidpipe.rs crates/muvm/src/guest/hidpipe.rscrates/muvm/src/hidpipe/bin/muvm-hidpipe.rs renamed to crates/muvm/src/guest/hidpipe.rs crates/muvm/src/hidpipe/bin/muvm-hidpipe.rs renamed to crates/muvm/src/guest/hidpipe.rs

@@ -1,3 +1,8 @@
+use crate::guest::user;
+use crate::hidpipe_common::{
+    empty_input_event, struct_to_socket, AddDevice, ClientHello, FFErase, FFUpload, InputEvent,
+    MessageType, RemoveDevice, ServerHello,
+};
 use input_linux::bitmask::BitmaskTrait;
 use input_linux::{
     AbsoluteAxis, AbsoluteInfo, Bitmask, EventKind, ForceFeedbackKind, InputProperty, Key, LedKind,
@@ -7,20 +12,16 @@ use input_linux_sys::{
     ff_effect, ff_replay, ff_trigger, input_absinfo, input_id, uinput_abs_setup, uinput_ff_erase,
     uinput_ff_upload, uinput_setup,
 };
-use muvm::hidpipe_common::{
-    empty_input_event, struct_to_socket, AddDevice, ClientHello, FFErase, FFUpload, InputEvent,
-    MessageType, RemoveDevice, ServerHello,
-};
 use nix::errno::Errno;
 use nix::libc::{c_char, O_NONBLOCK};
 use nix::sys::epoll::{Epoll, EpollCreateFlags, EpollEvent, EpollFlags, EpollTimeout};
 use nix::sys::socket::{connect, socket, AddressFamily, SockFlag, SockType, VsockAddr};
 use std::collections::HashMap;
-use std::env;
+use std::ffi::CString;
 use std::fs::File;
 use std::io::{Read, Write};
 use std::os::fd::AsRawFd;
-use std::os::unix::fs::{chown, OpenOptionsExt};
+use std::os::unix::fs::OpenOptionsExt;
 use std::os::unix::net::UnixStream;
 use std::{mem, slice};
 
@@ -29,6 +30,7 @@ const REMOVE_DEVICE: u32 = MessageType::RemoveDevice as u32;
 const INPUT_EVENT: u32 = MessageType::InputEvent as u32;
 const FF_UPLOAD: u32 = MessageType::FFUpload as u32;
 const FF_ERASE: u32 = MessageType::FFErase as u32;
+pub const UINPUT_PATH: &str = "/dev/uinput";
 
 fn bitmask_from_slice<T, A>(s: &T::Array) -> Bitmask<T>
 where
@@ -53,7 +55,7 @@ fn init_uinput(sock: &mut UnixStream, user_id: u32) -> (u64, UInputHandle<File>)
             .read(true)
             .write(true)
             .custom_flags(O_NONBLOCK)
-            .open("/dev/uinput")
+            .open(UINPUT_PATH)
             .unwrap(),
     );
     for evbit in bitmask_from_slice::<EventKind, _>(&add_dev.evbits).iter() {
@@ -119,7 +121,18 @@ fn init_uinput(sock: &mut UnixStream, user_id: u32) -> (u64, UInputHandle<File>)
         })
         .unwrap();
     uinput.dev_create().unwrap();
-    chown(uinput.evdev_path().unwrap(), Some(user_id), Some(0)).unwrap();
+    let ev_path = CString::new(
+        uinput
+            .evdev_path()
+            .unwrap()
+            .into_os_string()
+            .into_encoded_bytes(),
+    )
+    .unwrap();
+    // SAFETY: chown is async signal safe
+    unsafe {
+        user::run_as_root(|| nix::libc::chown(ev_path.as_ptr(), user_id, 0)).unwrap();
+    }
     (add_dev.id, uinput)
 }
 
@@ -140,8 +153,7 @@ fn ff_effect_empty() -> ff_effect {
     }
 }
 
-fn main() {
-    let user_id = env::args().nth(1).unwrap().parse::<u32>().unwrap();
+pub fn start_hidpipe(user_id: u32) {
     let sock_fd = socket(
         AddressFamily::Vsock,
         SockType::Stream,

crates/muvm/src/guest/mod.rs

@@ -1,5 +1,6 @@
 pub mod cli_options;
 pub mod fex;
+pub mod hidpipe;
 pub mod mount;
 pub mod net;
 pub mod server;

crates/muvm/src/guest/server_worker.rs

@@ -16,8 +16,7 @@ use log::{debug, error};
 use nix::errno::Errno;
 use nix::sys::epoll::{Epoll, EpollCreateFlags, EpollEvent, EpollFlags, EpollTimeout};
 use nix::sys::socket::{connect, socket, AddressFamily, SockFlag, SockType, VsockAddr};
-use nix::sys::wait::{waitpid, WaitStatus};
-use nix::unistd::{fork, pipe, setresgid, setresuid, setsid, ForkResult, Gid, Uid};
+use nix::unistd::{pipe, setresgid, setresuid, setsid, Gid, Uid};
 use rustix::process::ioctl_tiocsctty;
 use rustix::pty::{ptsname, unlockpt};
 use rustix::termios::{tcsetwinsize, Winsize};
@@ -30,6 +29,7 @@ use tokio_stream::wrappers::TcpListenerStream;
 use tokio_stream::StreamExt as _;
 use uuid::Uuid;
 
+use crate::guest::user;
 use crate::utils::launch::Launch;
 use crate::utils::stdio::make_stdout_stderr;
 use crate::utils::tty::*;
@@ -220,7 +220,7 @@ async fn handle_connection(
     if command == Path::new("/muvmdropcaches") {
         // SAFETY: everything below should be async signal safe
         let code = unsafe {
-            run_as_root(|| {
+            user::run_as_root(|| {
                 let fd = nix::libc::open(c"/proc/sys/vm/drop_caches".as_ptr(), nix::libc::O_WRONLY);
                 if fd < 0 {
                     return 1;
@@ -464,21 +464,3 @@ fn run_io_guest(
         }
     }
 }
-
-// SAFETY: f will be run in post-fork environment, and so must bas async signal safe
-unsafe fn run_as_root(f: impl FnOnce() -> i32) -> Result<i32> {
-    // SAFETY: child only calls _exit, setuid, and f, all are async signal safe
-    match unsafe { fork()? } {
-        ForkResult::Child => {
-            // SAFETY: _exit and setuid are safe as no pointers are involved
-            unsafe {
-                nix::libc::setuid(0);
-                nix::libc::_exit(f());
-            }
-        },
-        ForkResult::Parent { child } => match waitpid(child, None)? {
-            WaitStatus::Exited(_, code) => Ok(code),
-            e => Err(anyhow!("Unexpected status: {:?}", e)),
-        },
-    }
-}

crates/muvm/src/guest/user.rs

@@ -3,8 +3,10 @@ use std::fs::{self, Permissions};
 use std::os::unix::fs::{chown, PermissionsExt as _};
 use std::path::{Path, PathBuf};
 
+use crate::guest::hidpipe::UINPUT_PATH;
 use anyhow::{anyhow, Context, Result};
-use nix::unistd::{setresgid, setresuid, Gid, Uid, User};
+use nix::sys::wait::{waitpid, WaitStatus};
+use nix::unistd::{fork, setresgid, setresuid, ForkResult, Gid, Uid, User};
 
 pub fn setup_user(username: String, uid: Uid, gid: Gid) -> Result<PathBuf> {
     setup_directories(uid, gid)?;
@@ -59,5 +61,26 @@ fn setup_directories(uid: Uid, gid: Gid) -> Result<()> {
             .context("Failed to chown `/dev/vsock`")?;
     }
 
+    chown(UINPUT_PATH, Some(uid.into()), Some(gid.into()))?;
+
     Ok(())
 }
+
+/// # Safety
+/// f will be run in post-fork environment, and so must be async signal safe
+pub unsafe fn run_as_root(f: impl FnOnce() -> i32) -> Result<i32> {
+    // SAFETY: child only calls _exit, setuid, and f, all are async signal safe
+    match unsafe { fork()? } {
+        ForkResult::Child => {
+            // SAFETY: _exit and setuid are safe as no pointers are involved
+            unsafe {
+                nix::libc::setuid(0);
+                nix::libc::_exit(f());
+            }
+        },
+        ForkResult::Parent { child } => match waitpid(child, None)? {
+            WaitStatus::Exited(_, code) => Ok(code),
+            e => Err(anyhow!("Unexpected status: {:?}", e)),
+        },
+    }
+}