Add better panic message for when file type changes without ino number changing

This panic message also logs the file path and the inoKey of the impacted
dentry in case during revalidation we find out that the inode number is the
same but the file type has changed.

Also moved directfsInode.updateMetadataFromStatLocked() and
lisafsInode.updateMetadataFromStatxLocked() to be in the right files.

PiperOrigin-RevId: 803212251

Author: ayushr2

pkg/sentry/fsimpl/gofer/directfs_inode.go

@@ -248,13 +248,11 @@ func (i *directfsInode) ensureLisafsControlFD(ctx context.Context, d *dentry) er
 	panic("unreachable")
 }
 
-// Precondition: i.metadataMu must be locked.
-//
 // +checklocks:i.metadataMu
 func (i *directfsInode) updateMetadataLocked(h handle) error {
 	handleMuRLocked := false
 	if h.fd < 0 {
-		// Use open FDs in preferenece to the control FD. Control FDs may be opened
+		// Use open FDs in preference to the control FD. Control FDs may be opened
 		// with O_PATH. This may be significantly more efficient in some
 		// implementations. Prefer a writable FD over a readable one since some
 		// filesystem implementations may update a writable FD's metadata after
@@ -286,6 +284,31 @@ func (i *directfsInode) updateMetadataLocked(h handle) error {
 	return i.updateMetadataFromStatLocked(&stat)
 }
 
+// updateMetadataFromStatLocked is similar to updateMetadataFromStatxLocked,
+// except that it takes a unix.Stat_t argument.
+// +checklocks:i.inode.metadataMu
+func (i *directfsInode) updateMetadataFromStatLocked(stat *unix.Stat_t) error {
+	if got, want := stat.Mode&unix.S_IFMT, i.inode.fileType(); got != want {
+		panic(fmt.Sprintf("directfsInode file type changed from %#o to %#o", want, got))
+	}
+	i.inode.mode.Store(stat.Mode)
+	i.inode.uid.Store(stat.Uid)
+	i.inode.gid.Store(stat.Gid)
+	i.inode.blockSize.Store(uint32(stat.Blksize))
+	// Don't override newer client-defined timestamps with old host-defined
+	// ones.
+	if i.inode.atimeDirty.Load() == 0 {
+		i.inode.atime.Store(dentryTimestampFromUnix(stat.Atim))
+	}
+	if i.inode.mtimeDirty.Load() == 0 {
+		i.inode.mtime.Store(dentryTimestampFromUnix(stat.Mtim))
+	}
+	i.inode.ctime.Store(dentryTimestampFromUnix(stat.Ctim))
+	i.inode.nlink.Store(uint32(stat.Nlink))
+	i.inode.updateSizeLocked(uint64(stat.Size))
+	return nil
+}
+
 // Precondition: fs.renameMu is locked if d is a socket.
 func (i *directfsInode) chmod(ctx context.Context, mode uint16, d *dentry) error {
 	if i.isSymlink() {
@@ -780,6 +803,11 @@ func doRevalidationDirectfs(ctx context.Context, vfsObj *vfs.VirtualFilesystem,
 			return nil
 		}
 
+		// Check that the file type has not changed.
+		if got, want := stat.Mode&unix.S_IFMT, d.inode.fileType(); got != want {
+			panic(fmt.Sprintf("file type of %q changed from %#o to %#o while inode key (%+v) did not change", genericDebugPathname(d.inode.fs, d), want, got, d.inode.inoKey))
+		}
+
 		// The file at this path hasn't changed. Just update cached metadata.
 		d.inode.impl.(*directfsInode).updateMetadataFromStatLocked(&stat) // +checklocksforce: i.metadataMu is locked above.
 		d.inode.metadataMu.Unlock()

pkg/sentry/fsimpl/gofer/gofer.go

@@ -1168,76 +1168,6 @@ func (d *dentry) init() {
 	refs.Register(d)
 }
 
-// updateMetadataFromStatxLocked is called to update d's metadata after an update
-// from the remote filesystem.
-// Precondition: i.inode.metadataMu must be locked.
-// +checklocks:i.inode.metadataMu
-func (i *lisafsInode) updateMetadataFromStatxLocked(stat *linux.Statx) {
-	if stat.Mask&linux.STATX_TYPE != 0 {
-		if got, want := stat.Mode&linux.FileTypeMask, i.inode.fileType(); uint32(got) != want {
-			panic(fmt.Sprintf("gofer.dentry file type changed from %#o to %#o", want, got))
-		}
-	}
-	if stat.Mask&linux.STATX_MODE != 0 {
-		i.inode.mode.Store(uint32(stat.Mode))
-	}
-	if stat.Mask&linux.STATX_UID != 0 {
-		i.inode.uid.Store(dentryUID(lisafs.UID(stat.UID)))
-	}
-	if stat.Mask&linux.STATX_GID != 0 {
-		i.inode.gid.Store(dentryGID(lisafs.GID(stat.GID)))
-	}
-	if stat.Blksize != 0 {
-		i.inode.blockSize.Store(stat.Blksize)
-	}
-	// Don't override newer client-defined timestamps with old server-defined
-	// ones.
-	if stat.Mask&linux.STATX_ATIME != 0 && i.inode.atimeDirty.Load() == 0 {
-		i.inode.atime.Store(dentryTimestamp(stat.Atime))
-	}
-	if stat.Mask&linux.STATX_MTIME != 0 && i.inode.mtimeDirty.Load() == 0 {
-		i.inode.mtime.Store(dentryTimestamp(stat.Mtime))
-	}
-	if stat.Mask&linux.STATX_CTIME != 0 {
-		i.inode.ctime.Store(dentryTimestamp(stat.Ctime))
-	}
-	if stat.Mask&linux.STATX_BTIME != 0 {
-		i.inode.btime.Store(dentryTimestamp(stat.Btime))
-	}
-	if stat.Mask&linux.STATX_NLINK != 0 {
-		i.inode.nlink.Store(stat.Nlink)
-	}
-	if stat.Mask&linux.STATX_SIZE != 0 {
-		i.updateSizeLocked(stat.Size)
-	}
-}
-
-// updateMetadataFromStatLocked is similar to updateMetadataFromStatxLocked,
-// except that it takes a unix.Stat_t argument.
-// Precondition: i.inode.metadataMu must be locked.
-// +checklocks:i.inode.metadataMu
-func (i *directfsInode) updateMetadataFromStatLocked(stat *unix.Stat_t) error {
-	if got, want := stat.Mode&unix.S_IFMT, i.inode.fileType(); got != want {
-		panic(fmt.Sprintf("direct.dentry file type changed from %#o to %#o", want, got))
-	}
-	i.inode.mode.Store(stat.Mode)
-	i.inode.uid.Store(stat.Uid)
-	i.inode.gid.Store(stat.Gid)
-	i.inode.blockSize.Store(uint32(stat.Blksize))
-	// Don't override newer client-defined timestamps with old host-defined
-	// ones.
-	if i.inode.atimeDirty.Load() == 0 {
-		i.inode.atime.Store(dentryTimestampFromUnix(stat.Atim))
-	}
-	if i.inode.mtimeDirty.Load() == 0 {
-		i.inode.mtime.Store(dentryTimestampFromUnix(stat.Mtim))
-	}
-	i.inode.ctime.Store(dentryTimestampFromUnix(stat.Ctim))
-	i.inode.nlink.Store(uint32(stat.Nlink))
-	i.inode.updateSizeLocked(uint64(stat.Size))
-	return nil
-}
-
 // Preconditions: !d.inode.isSynthetic().
 // Preconditions: d.inode.metadataMu is locked.
 // +checklocks:d.inode.metadataMu

pkg/sentry/fsimpl/gofer/lisafs_inode.go

@@ -228,8 +228,6 @@ func (i *lisafsInode) updateHandles(ctx context.Context, h handle, readable, wri
 	}
 }
 
-// Precondition: i.metadataMu must be lockei.
-//
 // +checklocks:i.metadataMu
 func (i *lisafsInode) updateMetadataLocked(ctx context.Context, h handle) error {
 	handleMuRLocked := false
@@ -266,6 +264,49 @@ func (i *lisafsInode) updateMetadataLocked(ctx context.Context, h handle) error
 	return nil
 }
 
+// updateMetadataFromStatxLocked is called to update d's metadata after an update
+// from the remote filesystem.
+// +checklocks:i.inode.metadataMu
+func (i *lisafsInode) updateMetadataFromStatxLocked(stat *linux.Statx) {
+	if stat.Mask&linux.STATX_TYPE != 0 {
+		if got, want := stat.Mode&linux.FileTypeMask, i.inode.fileType(); uint32(got) != want {
+			panic(fmt.Sprintf("lisafsInode file type changed from %#o to %#o", want, got))
+		}
+	}
+	if stat.Mask&linux.STATX_MODE != 0 {
+		i.inode.mode.Store(uint32(stat.Mode))
+	}
+	if stat.Mask&linux.STATX_UID != 0 {
+		i.inode.uid.Store(dentryUID(lisafs.UID(stat.UID)))
+	}
+	if stat.Mask&linux.STATX_GID != 0 {
+		i.inode.gid.Store(dentryGID(lisafs.GID(stat.GID)))
+	}
+	if stat.Blksize != 0 {
+		i.inode.blockSize.Store(stat.Blksize)
+	}
+	// Don't override newer client-defined timestamps with old server-defined
+	// ones.
+	if stat.Mask&linux.STATX_ATIME != 0 && i.inode.atimeDirty.Load() == 0 {
+		i.inode.atime.Store(dentryTimestamp(stat.Atime))
+	}
+	if stat.Mask&linux.STATX_MTIME != 0 && i.inode.mtimeDirty.Load() == 0 {
+		i.inode.mtime.Store(dentryTimestamp(stat.Mtime))
+	}
+	if stat.Mask&linux.STATX_CTIME != 0 {
+		i.inode.ctime.Store(dentryTimestamp(stat.Ctime))
+	}
+	if stat.Mask&linux.STATX_BTIME != 0 {
+		i.inode.btime.Store(dentryTimestamp(stat.Btime))
+	}
+	if stat.Mask&linux.STATX_NLINK != 0 {
+		i.inode.nlink.Store(stat.Nlink)
+	}
+	if stat.Mask&linux.STATX_SIZE != 0 {
+		i.updateSizeLocked(stat.Size)
+	}
+}
+
 func chmod(ctx context.Context, controlFD lisafs.ClientFD, mode uint16) error {
 	setStat := linux.Statx{
 		Mask: linux.STATX_MODE,
@@ -652,7 +693,7 @@ func doRevalidationLisafs(ctx context.Context, vfsObj *vfs.VirtualFilesystem, st
 	if state.refreshStart {
 		if len(stats) > 0 {
 			// First dentry is where the search is starting, just update attributes
-			// since it cannot be replacei.
+			// since it cannot be replaced.
 			start.updateMetadataFromStatxLocked(&stats[0]) // +checklocksforce: see above.
 			stats = stats[1:]
 		}
@@ -679,6 +720,13 @@ func doRevalidationLisafs(ctx context.Context, vfsObj *vfs.VirtualFilesystem, st
 			return nil
 		}
 
+		// Check that the file type has not changed.
+		if stats[i].Mask&linux.STATX_TYPE != 0 {
+			if got, want := stats[i].Mode&linux.FileTypeMask, d.inode.fileType(); uint32(got) != want {
+				panic(fmt.Sprintf("file type of %q changed from %#o to %#o while inode key (%+v) did not change", genericDebugPathname(d.inode.fs, d), want, got, d.inode.inoKey))
+			}
+		}
+
 		// The file at this path hasn't changed. Just update cached metadata.
 		d.inode.impl.(*lisafsInode).updateMetadataFromStatxLocked(&stats[i]) // +checklocksforce: see above.
 		d.inode.metadataMu.Unlock()