From e2fce321c1eb75fbef5a54ac734b0aa2f7f43d68 Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Sat, 22 Mar 2025 18:22:29 +0900
Subject: [PATCH] sandbox/vfs: expose mountinfo line scanning

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 sandbox/vfs/mountinfo.go      | 247 +++++++++++++++++++++-------------
 sandbox/vfs/mountinfo_test.go | 178 +++++++++++++++---------
 2 files changed, 271 insertions(+), 154 deletions(-)

diff --git a/sandbox/vfs/mountinfo.go b/sandbox/vfs/mountinfo.go
index df2940a..b263412 100644
--- a/sandbox/vfs/mountinfo.go
+++ b/sandbox/vfs/mountinfo.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"iter"
 	"strconv"
 	"strings"
 	"syscall"
@@ -18,13 +19,23 @@ var (
 )
 
 type (
-	// MountInfo represents a /proc/pid/mountinfo document.
+	// A MountInfoDecoder reads and decodes proc_pid_mountinfo(5) entries from an input stream.
+	MountInfoDecoder struct {
+		s *bufio.Scanner
+		m *MountInfo
+
+		current  *MountInfo
+		parseErr error
+		complete bool
+	}
+
+	// MountInfo represents the contents of a proc_pid_mountinfo(5) document.
 	MountInfo struct {
 		Next *MountInfo
 		MountInfoEntry
 	}
 
-	// MountInfoEntry represents a line in /proc/pid/mountinfo.
+	// MountInfoEntry represents a proc_pid_mountinfo(5) entry.
 	MountInfoEntry struct {
 		// mount ID: a unique ID for the mount (may be reused after umount(2)).
 		ID int `json:"id"`
@@ -77,95 +88,145 @@ func (e *MountInfoEntry) Flags() (flags uintptr, unmatched []string) {
 	return
 }
 
-// ParseMountInfo parses a mountinfo file according to proc_pid_mountinfo(5).
-func ParseMountInfo(r io.Reader) (*MountInfo, int, error) {
-	var m, cur *MountInfo
-	s := bufio.NewScanner(r)
-
-	var n int
-	for s.Scan() {
-		n++
-
-		if cur == nil {
-			m = new(MountInfo)
-			cur = m
-		} else {
-			cur.Next = new(MountInfo)
-			cur = cur.Next
-		}
-
-		// prevent proceeding with misaligned fields due to optional fields
-		f := strings.Split(s.Text(), " ")
-		if len(f) < 10 {
-			return nil, -1, ErrMountInfoFields
-		}
-
-		// 36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
-		// (1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
-
-		// (1) id
-		if id, err := strconv.Atoi(f[0]); err != nil { // 0
-			return nil, -1, err
-		} else {
-			cur.ID = id
-		}
-
-		// (2) parent
-		if parent, err := strconv.Atoi(f[1]); err != nil { // 1
-			return nil, -1, err
-		} else {
-			cur.Parent = parent
-		}
-
-		// (3) maj:min
-		if n, err := fmt.Sscanf(f[2], "%d:%d", &cur.Devno[0], &cur.Devno[1]); err != nil {
-			return nil, -1, err
-		} else if n != 2 {
-			// unreachable
-			return nil, -1, ErrMountInfoDevno
-		}
-
-		// (4) mountroot
-		cur.Root = Unmangle(f[3])
-		if cur.Root == "" {
-			return nil, -1, ErrMountInfoEmpty
-		}
-
-		// (5) target
-		cur.Target = Unmangle(f[4])
-		if cur.Target == "" {
-			return nil, -1, ErrMountInfoEmpty
-		}
-
-		// (6) vfs options (fs-independent)
-		cur.VfsOptstr = Unmangle(f[5])
-		if cur.VfsOptstr == "" {
-			return nil, -1, ErrMountInfoEmpty
-		}
-
-		// (7) optional fields, terminated by " - "
-		i := len(f) - 4
-		cur.OptFields = f[6:i]
-
-		// (8) optional fields end marker
-		if f[i] != "-" {
-			return nil, -1, ErrMountInfoSep
-		}
-		i++
-
-		// (9) FS type
-		cur.FsType = Unmangle(f[i])
-		if cur.FsType == "" {
-			return nil, -1, ErrMountInfoEmpty
-		}
-		i++
-
-		// (10) source -- maybe empty string
-		cur.Source = Unmangle(f[i])
-		i++
-
-		// (11) fs options (fs specific)
-		cur.FsOptstr = Unmangle(f[i])
-	}
-	return m, n, s.Err()
+// NewMountInfoDecoder returns a new decoder that reads from r.
+//
+// The decoder introduces its own buffering and may read data from r beyond the mountinfo entries requested.
+func NewMountInfoDecoder(r io.Reader) *MountInfoDecoder {
+	return &MountInfoDecoder{s: bufio.NewScanner(r)}
+}
+
+func (d *MountInfoDecoder) Decode(v **MountInfo) (err error) {
+	for d.scan() {
+	}
+	err = d.Err()
+	if err == nil {
+		*v = d.m
+	}
+	return
+}
+
+// Entries returns an iterator over mountinfo entries.
+func (d *MountInfoDecoder) Entries() iter.Seq[*MountInfoEntry] {
+	return func(yield func(*MountInfoEntry) bool) {
+		for cur := d.m; cur != nil; cur = cur.Next {
+			if !yield(&cur.MountInfoEntry) {
+				return
+			}
+		}
+		for d.scan() {
+			if !yield(&d.current.MountInfoEntry) {
+				return
+			}
+		}
+	}
+}
+
+func (d *MountInfoDecoder) Err() error {
+	if err := d.s.Err(); err != nil {
+		return err
+	}
+	return d.parseErr
+}
+
+func (d *MountInfoDecoder) scan() bool {
+	if d.complete {
+		return false
+	}
+	if !d.s.Scan() {
+		d.complete = true
+		return false
+	}
+
+	m := new(MountInfo)
+	if err := parseMountInfoLine(d.s.Text(), &m.MountInfoEntry); err != nil {
+		d.parseErr = err
+		d.complete = true
+		return false
+	}
+
+	if d.current == nil {
+		d.m = m
+		d.current = d.m
+	} else {
+		d.current.Next = m
+		d.current = d.current.Next
+	}
+	return true
+}
+
+func parseMountInfoLine(s string, ent *MountInfoEntry) error {
+	// prevent proceeding with misaligned fields due to optional fields
+	f := strings.Split(s, " ")
+	if len(f) < 10 {
+		return ErrMountInfoFields
+	}
+
+	// 36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
+	// (1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
+
+	// (1) id
+	if id, err := strconv.Atoi(f[0]); err != nil { // 0
+		return err
+	} else {
+		ent.ID = id
+	}
+
+	// (2) parent
+	if parent, err := strconv.Atoi(f[1]); err != nil { // 1
+		return err
+	} else {
+		ent.Parent = parent
+	}
+
+	// (3) maj:min
+	if n, err := fmt.Sscanf(f[2], "%d:%d", &ent.Devno[0], &ent.Devno[1]); err != nil {
+		return err
+	} else if n != 2 {
+		// unreachable
+		return ErrMountInfoDevno
+	}
+
+	// (4) mountroot
+	ent.Root = Unmangle(f[3])
+	if ent.Root == "" {
+		return ErrMountInfoEmpty
+	}
+
+	// (5) target
+	ent.Target = Unmangle(f[4])
+	if ent.Target == "" {
+		return ErrMountInfoEmpty
+	}
+
+	// (6) vfs options (fs-independent)
+	ent.VfsOptstr = Unmangle(f[5])
+	if ent.VfsOptstr == "" {
+		return ErrMountInfoEmpty
+	}
+
+	// (7) optional fields, terminated by " - "
+	i := len(f) - 4
+	ent.OptFields = f[6:i]
+
+	// (8) optional fields end marker
+	if f[i] != "-" {
+		return ErrMountInfoSep
+	}
+	i++
+
+	// (9) FS type
+	ent.FsType = Unmangle(f[i])
+	if ent.FsType == "" {
+		return ErrMountInfoEmpty
+	}
+	i++
+
+	// (10) source -- maybe empty string
+	ent.Source = Unmangle(f[i])
+	i++
+
+	// (11) fs options (fs specific)
+	ent.FsOptstr = Unmangle(f[i])
+
+	return nil
 }
diff --git a/sandbox/vfs/mountinfo_test.go b/sandbox/vfs/mountinfo_test.go
index f97a05e..e3382d2 100644
--- a/sandbox/vfs/mountinfo_test.go
+++ b/sandbox/vfs/mountinfo_test.go
@@ -2,6 +2,7 @@ package vfs_test
 
 import (
 	"errors"
+	"iter"
 	"reflect"
 	"slices"
 	"strconv"
@@ -12,57 +13,62 @@ import (
 	"git.gensokyo.uk/security/fortify/sandbox/vfs"
 )
 
-func TestParseMountInfo(t *testing.T) {
-	testCases := []struct {
-		name      string
-		sample    string
-		wantErr   error
-		wantError string
-		want      []*wantMountInfo
-	}{
+func TestMountInfo(t *testing.T) {
+	testCases := []mountInfoTest{
 		{"count", sampleMountinfoShort + `
 21 20 0:53/ /mnt/test rw,relatime - tmpfs  rw
-21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`, vfs.ErrMountInfoFields, "", nil},
+21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`,
+			vfs.ErrMountInfoFields, "", nil},
 
 		{"sep", sampleMountinfoShort + `
 21 20 0:53 / /mnt/test rw,relatime shared:212 _ tmpfs  rw
-21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`, vfs.ErrMountInfoSep, "", nil},
+21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`,
+			vfs.ErrMountInfoSep, "", nil},
 
 		{"id", sampleMountinfoShort + `
 id 20 0:53 / /mnt/test rw,relatime shared:212 - tmpfs  rw
-21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`, strconv.ErrSyntax, "", nil},
+21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`,
+			strconv.ErrSyntax, "", nil},
 
 		{"parent", sampleMountinfoShort + `
 21 parent 0:53 / /mnt/test rw,relatime shared:212 - tmpfs  rw
-21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`, strconv.ErrSyntax, "", nil},
+21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`,
+			strconv.ErrSyntax, "", nil},
 
 		{"devno", sampleMountinfoShort + `
 21 20 053 / /mnt/test rw,relatime shared:212 - tmpfs  rw
-21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`, nil, "unexpected EOF", nil},
+21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`,
+			nil, "unexpected EOF", nil},
 
 		{"maj", sampleMountinfoShort + `
 21 20 maj:53 / /mnt/test rw,relatime shared:212 - tmpfs  rw
-21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`, nil, "expected integer", nil},
+21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`,
+			nil, "expected integer", nil},
 
 		{"min", sampleMountinfoShort + `
 21 20 0:min / /mnt/test rw,relatime shared:212 - tmpfs  rw
-21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`, nil, "expected integer", nil},
+21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`,
+			nil, "expected integer", nil},
 
 		{"mountroot", sampleMountinfoShort + `
 21 20 0:53  /mnt/test rw,relatime - tmpfs  rw
-21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`, vfs.ErrMountInfoEmpty, "", nil},
+21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`,
+			vfs.ErrMountInfoEmpty, "", nil},
 
 		{"target", sampleMountinfoShort + `
 21 20 0:53 /  rw,relatime - tmpfs  rw
-21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`, vfs.ErrMountInfoEmpty, "", nil},
+21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`,
+			vfs.ErrMountInfoEmpty, "", nil},
 
 		{"vfs options", sampleMountinfoShort + `
 21 20 0:53 / /mnt/test  - tmpfs  rw
-21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`, vfs.ErrMountInfoEmpty, "", nil},
+21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`,
+			vfs.ErrMountInfoEmpty, "", nil},
 
 		{"FS type", sampleMountinfoShort + `
 21 20 0:53 / /mnt/test rw,relatime -   rw
-21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`, vfs.ErrMountInfoEmpty, "", nil},
+21 16 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755`,
+			vfs.ErrMountInfoEmpty, "", nil},
 
 		{"base", sampleMountinfoShort, nil, "", []*wantMountInfo{
 			m(15, 20, 0, 3, "/", "/proc", "rw,relatime", o(), "proc", "/proc", "rw", syscall.MS_RELATIME, nil),
@@ -122,57 +128,107 @@ id 20 0:53 / /mnt/test rw,relatime shared:212 - tmpfs  rw
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			got, n, err := vfs.ParseMountInfo(strings.NewReader(tc.sample))
-			if !errors.Is(err, tc.wantErr) {
-				if tc.wantError == "" {
-					t.Errorf("ParseMountInfo: error = %v, wantErr %v",
-						err, tc.wantErr)
-				} else if err != nil && err.Error() != tc.wantError {
-					t.Errorf("ParseMountInfo: error = %q, wantError %q",
-						err, tc.wantError)
-				}
-			}
+			t.Run("decode", func(t *testing.T) {
+				var got *vfs.MountInfo
+				d := vfs.NewMountInfoDecoder(strings.NewReader(tc.sample))
+				err := d.Decode(&got)
+				tc.check(t, true,
+					func(yield func(*vfs.MountInfoEntry) bool) {
+						for cur := got; cur != nil; cur = cur.Next {
+							if !yield(&cur.MountInfoEntry) {
+								return
+							}
+						}
+					}, func() error { return err })
+				t.Run("reuse", func(t *testing.T) {
+					tc.check(t, false,
+						d.Entries(), d.Err)
+				})
+			})
 
-			wantCount := len(tc.want)
-			if tc.wantErr != nil || tc.wantError != "" {
-				wantCount = -1
-			}
-			if n != wantCount {
-				t.Errorf("ParseMountInfo: got %d entries, want %d", n, wantCount)
-			}
+			t.Run("iter", func(t *testing.T) {
+				d := vfs.NewMountInfoDecoder(strings.NewReader(tc.sample))
+				tc.check(t, false,
+					d.Entries(), d.Err)
 
-			i := 0
-			for cur := got; cur != nil; cur = cur.Next {
-				if i == len(tc.want) {
-					t.Errorf("ParseMountInfo: got more than %d entries", len(tc.want))
-					break
-				}
+				t.Run("reuse", func(t *testing.T) {
+					tc.check(t, false,
+						d.Entries(), d.Err)
+				})
+			})
 
-				if !reflect.DeepEqual(&cur.MountInfoEntry, &tc.want[i].MountInfoEntry) {
-					t.Errorf("ParseMountInfo: entry %d\ngot:  %#v\nwant: %#v",
-						i, cur.MountInfoEntry, tc.want[i])
-				}
+			t.Run("yield", func(t *testing.T) {
+				d := vfs.NewMountInfoDecoder(strings.NewReader(tc.sample))
+				v := false
+				d.Entries()(func(entry *vfs.MountInfoEntry) bool { v = !v; return v })
+				d.Entries()(func(entry *vfs.MountInfoEntry) bool { return false })
 
-				flags, unmatched := cur.Flags()
-				if flags != tc.want[i].flags {
-					t.Errorf("Flags(%q): %#x, want %#x",
-						cur.VfsOptstr, flags, tc.want[i].flags)
-				}
-				if !slices.Equal(unmatched, tc.want[i].unmatched) {
-					t.Errorf("Flags(%q): unmatched = %#q, want %#q",
-						cur.VfsOptstr, unmatched, tc.want[i].unmatched)
-				}
+				tc.check(t, false,
+					d.Entries(), d.Err)
 
-				i++
-			}
-
-			if i != len(tc.want) {
-				t.Errorf("ParseMountInfo: got %d entries, want %d", i, len(tc.want))
-			}
+				t.Run("reuse", func(t *testing.T) {
+					tc.check(t, false,
+						d.Entries(), d.Err)
+				})
+			})
 		})
 	}
 }
 
+type mountInfoTest struct {
+	name      string
+	sample    string
+	wantErr   error
+	wantError string
+	want      []*wantMountInfo
+}
+
+func (tc *mountInfoTest) check(t *testing.T, checkDecode bool,
+	got iter.Seq[*vfs.MountInfoEntry], gotErr func() error) {
+	i := 0
+	for cur := range got {
+		if i == len(tc.want) {
+			if !checkDecode && (tc.wantErr != nil || tc.wantError != "") {
+				continue
+			}
+
+			t.Errorf("ParseMountInfo: got more than %d entries", len(tc.want))
+			break
+		}
+
+		if !reflect.DeepEqual(cur, &tc.want[i].MountInfoEntry) {
+			t.Errorf("ParseMountInfo: entry %d\ngot:  %#v\nwant: %#v",
+				i, cur, tc.want[i])
+		}
+
+		flags, unmatched := cur.Flags()
+		if flags != tc.want[i].flags {
+			t.Errorf("Flags(%q): %#x, want %#x",
+				cur.VfsOptstr, flags, tc.want[i].flags)
+		}
+		if !slices.Equal(unmatched, tc.want[i].unmatched) {
+			t.Errorf("Flags(%q): unmatched = %#q, want %#q",
+				cur.VfsOptstr, unmatched, tc.want[i].unmatched)
+		}
+
+		i++
+	}
+
+	if i != len(tc.want) {
+		t.Errorf("ParseMountInfo: got %d entries, want %d", i, len(tc.want))
+	}
+
+	if err := gotErr(); !errors.Is(err, tc.wantErr) {
+		if tc.wantError == "" {
+			t.Errorf("ParseMountInfo: error = %v, wantErr %v",
+				err, tc.wantErr)
+		} else if err != nil && err.Error() != tc.wantError {
+			t.Errorf("ParseMountInfo: error = %q, wantError %q",
+				err, tc.wantError)
+		}
+	}
+}
+
 type wantMountInfo struct {
 	vfs.MountInfoEntry
 	flags     uintptr