Vminitd: Rework ManagedProcess.IO protocols (#194)

I think the way these types were structured made reasoning about them a
bit difficult. I don't think this fully solves the problem, but this
change aims to make things a bit simpler by hoisting a lot of the logic
for the IO relays to a new IOPair type thats goal is to simply take in a
reader and writer and handle their resource cleanup after a relay
finishes. Bundled in with this is also the buffer we'll use to copy
between them.

This change:

- Alters ManagedProcess.IO `start` to take in the process to alter
instead of this just being a side effect of the constructors.
- Gets rid of `close()` in favor of `CloseStdin`. The IO will get closed
when the relays finish, which will naturally happen if the process exits
or just closes its side of the pipes/pty. This makes it so that the one
special case (a client wants to signal no more input is coming) is still
sane.
- Move all relay logic and resource cleanup to a new IOPair type that
takes in protocols that are easily conformable by all of our various io
types ( Socket, Terminal, FileHandle).

Author: dcantah

vminitd/Sources/vminitd/IOCloser+Extensions.swift

@@ -0,0 +1,28 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2025 Apple Inc. and the Containerization project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+import ContainerizationOS
+import Foundation
+
+extension Socket: IOCloser {}
+
+extension Terminal: IOCloser {
+    var fileDescriptor: Int32 {
+        self.handle.fileDescriptor
+    }
+}
+
+extension FileHandle: IOCloser {}

vminitd/Sources/vminitd/IOCloser.swift

@@ -0,0 +1,21 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2025 Apple Inc. and the Containerization project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+protocol IOCloser: Sendable {
+    var fileDescriptor: Int32 { get }
+
+    func close() throws
+}

vminitd/Sources/vminitd/IOPair.swift

@@ -0,0 +1,124 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2025 Apple Inc. and the Containerization project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+import ContainerizationError
+import ContainerizationOS
+import Foundation
+import Logging
+import Synchronization
+
+final class IOPair: Sendable {
+    let readFrom: IOCloser
+    let writeTo: IOCloser
+    nonisolated(unsafe) let buffer: UnsafeMutableBufferPointer<UInt8>
+    private let logger: Logger?
+
+    private let done: Atomic<Bool>
+
+    init(readFrom: IOCloser, writeTo: IOCloser, logger: Logger? = nil) {
+        self.readFrom = readFrom
+        self.writeTo = writeTo
+        self.done = Atomic(false)
+        self.buffer = UnsafeMutableBufferPointer<UInt8>.allocate(capacity: Int(getpagesize()))
+        self.logger = logger
+    }
+
+    func relay() throws {
+        let readFromFd = self.readFrom.fileDescriptor
+        let writeToFd = self.writeTo.fileDescriptor
+
+        let readFrom = OSFile(fd: readFromFd)
+        let writeTo = OSFile(fd: writeToFd)
+
+        try ProcessSupervisor.default.poller.add(readFromFd, mask: EPOLLIN) { mask in
+            if mask.isHangup && !mask.readyToRead {
+                self.close()
+                return
+            }
+            // Loop so that in the case that someone wrote > buf.count down the pipe
+            // we properly will drain it fully.
+            while true {
+                let r = readFrom.read(self.buffer)
+                if r.read > 0 {
+                    let view = UnsafeMutableBufferPointer(
+                        start: self.buffer.baseAddress,
+                        count: r.read
+                    )
+
+                    let w = writeTo.write(view)
+                    if w.wrote != r.read {
+                        self.logger?.error("stopping relay: short write for stdio")
+                        self.close()
+                        return
+                    }
+                }
+
+                switch r.action {
+                case .error(let errno):
+                    self.logger?.error("failed with errno \(errno) while reading for fd \(readFromFd)")
+                    fallthrough
+                case .eof:
+                    self.close()
+                    self.logger?.debug("closing relay for \(readFromFd)")
+                    return
+                case .again:
+                    // We read all we could, exit.
+                    if mask.isHangup {
+                        self.close()
+                    }
+                    return
+                default:
+                    break
+                }
+            }
+        }
+    }
+
+    func close() {
+        guard
+            self.done.compareExchange(
+                expected: false,
+                desired: true,
+                successOrdering: .acquiringAndReleasing,
+                failureOrdering: .acquiring
+            ).exchanged
+        else {
+            return
+        }
+
+        self.buffer.deallocate()
+
+        let readFromFd = self.readFrom.fileDescriptor
+        // Remove the fd from our global epoll instance first.
+        do {
+            try ProcessSupervisor.default.poller.delete(readFromFd)
+        } catch {
+            self.logger?.error("failed to delete fd from epoll \(readFromFd): \(error)")
+        }
+
+        do {
+            try self.readFrom.close()
+        } catch {
+            self.logger?.error("failed to close reader fd for IOPair: \(error)")
+        }
+
+        do {
+            try self.writeTo.close()
+        } catch {
+            self.logger?.error("failed to close writer fd for IOPair: \(error)")
+        }
+    }
+}

vminitd/Sources/vminitd/ManagedContainer.swift

@@ -111,11 +111,6 @@ extension ManagedContainer {
         try proc.resize(size: size)
     }
 
-    func close(execID: String) throws {
-        let proc = try self.getExecOrInit(execID: execID)
-        try proc.close()
-    }
-
     func deleteExec(id: String) throws {
         try ensureExecExists(id)
         do {

vminitd/Sources/vminitd/ManagedProcess.swift

@@ -40,7 +40,6 @@ final class ManagedProcess: Sendable {
         let io: IO
         var waiters: [CheckedContinuation<Int32, Never>] = []
         var exitStatus: Int32? = nil
-        var closed: Bool = false
         var pid: Int32 = 0
     }
 
@@ -52,10 +51,10 @@ final class ManagedProcess: Sendable {
 
     // swiftlint: disable type_name
     protocol IO {
-        func start() throws
+        func start(process: inout Command) throws
         func closeAfterExec() throws
         func resize(size: Terminal.Size) throws
-        func close() throws
+        func closeStdin() throws
     }
     // swiftlint: enable type_name
 
@@ -105,14 +104,12 @@ final class ManagedProcess: Sendable {
             let attrs = Command.Attrs(setsid: false, setctty: false)
             process.attrs = attrs
             io = try TerminalIO(
-                process: &process,
                 stdio: stdio,
                 log: log
             )
         } else {
             process.attrs = .init(setsid: false)
             io = StandardIO(
-                process: &process,
                 stdio: stdio,
                 log: log
             )
@@ -121,7 +118,7 @@ final class ManagedProcess: Sendable {
         log.info("starting io")
 
         // Setup IO early. We expect the host to be listening already.
-        try io.start()
+        try io.start(process: &process)
 
         self.process = process
         self.lock = Mutex(State(io: io))
@@ -213,20 +210,10 @@ extension ManagedProcess {
 
     func resize(size: Terminal.Size) throws {
         try self.lock.withLock {
-            if $0.closed {
+            guard $0.exitStatus == nil else {
                 return
             }
             try $0.io.resize(size: size)
         }
     }
-
-    func close() throws {
-        try self.lock.withLock {
-            if $0.closed {
-                return
-            }
-            try $0.io.close()
-            $0.closed = true
-        }
-    }
 }