9s: Server binary for the 9p file system

Add the 9s crate, which provides an executable that can serve the 9p
file system protocol.  It initially only supports connections over vsock
but can easily be extended to support network and unix domain socket
based connections.

BUG=chromium:703939
TEST=Run the server, have maitred connect to it over vsock, mount the
     9p file system in the guest kernel, share it with the penguin
     container, and run `bonnie++ -r 256 -s 512`
CQ-DEPEND=CL:1121550, CL:1166446

Change-Id: Ia0c72bcf29188bba4c07b6c0a2dd5a83d02339b5
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1112870
Reviewed-by: Dylan Reid <dgreid@chromium.org>

2 files changed, 121 insertions, 0 deletions

diff --git a/seccomp/aarch64/9s.policy b/seccomp/aarch64/9s.policy
new file mode 100644
index 0000000..37325d3
--- /dev/null
+++ b/seccomp/aarch64/9s.policy
@@ -0,0 +1,61 @@
+# Copyright 2018 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+read: 1
+write: 1
+stat64: 1
+open: 1
+close: 1
+fstat64: 1
+lstat64: 1
+getdents64: 1
+ioctl: arg1 == FIOCLEX
+pread64: 1
+pwrite64: 1
+# Disallow mmap with PROT_EXEC set.  The syntax here doesn't allow bit
+# negation, thus the manually negated mask constant.
+mmap2: arg2 in 0xfffffffb
+mprotect: arg2 in 0xfffffffb
+rt_sigaction: 1
+sigaltstack: 1
+munmap: 1
+utimensat: 1
+brk: 1
+uname: 1
+accept4: 1
+mkdir: 1
+sched_getaffinity: 1
+getpid: 1
+ugetrlimit: 1
+set_robust_list: 1
+fcntl64: 1
+socket: arg0 == AF_UNIX || arg0 == AF_VSOCK
+gettimeofday: 1
+restart_syscall: 1
+exit_group: 1
+rt_sigreturn: 1
+rename: 1
+ftruncate64: 1
+connect: 1
+madvise: 1
+rt_sigprocmask: 1
+access: 1
+ARM_set_tls: 1
+_llseek: 1
+exit: 1
+fdatasync: 1
+set_tid_address: 1
+listen: 1
+# Disallow clone's other than new threads.
+clone: arg0 & 0x00010000
+statfs64: 1
+link: 1
+unlink: 1
+fsync: 1
+futex: 1
+bind: 1
+rmdir: 1
+# Calling fchown with -1 as the uid/gid will change the ctime but do nothing else.
+fchown: arg1 == 0xffffffff && arg2 == 0xffffffff
+mremap: 1
diff --git a/seccomp/x86_64/9s.policy b/seccomp/x86_64/9s.policy
new file mode 100644
index 0000000..75cf032
--- /dev/null
+++ b/seccomp/x86_64/9s.policy
@@ -0,0 +1,60 @@
+# Copyright 2018 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+read: 1
+write: 1
+lstat: 1
+stat: 1
+open: 1
+close: 1
+fstat: 1
+getdents: 1
+ioctl: arg1 == FIOCLEX
+pwrite64: 1
+pread64: 1
+# Disallow mmap with PROT_EXEC set.  The syntax here doesn't allow bit
+# negation, thus the manually negated mask constant.
+mmap: arg2 in 0xfffffffb
+mprotect: arg2 in 0xfffffffb
+utimensat: 1
+rt_sigaction: 1
+statfs: 1
+sigaltstack: 1
+munmap: 1
+brk: 1
+accept4: 1
+sched_getaffinity: 1
+getpid: 1
+getrlimit: 1
+fcntl: 1
+set_robust_list: 1
+link: 1
+socket: arg0 == AF_UNIX || arg0 == AF_VSOCK
+restart_syscall: 1
+exit_group: 1
+rt_sigreturn: 1
+lseek: 1
+uname: 1
+connect: 1
+rt_sigprocmask: 1
+arch_prctl: 1
+access: 1
+exit: 1
+set_tid_address: 1
+listen: 1
+# Disallow clone's other than new threads.
+clone: arg0 & 0x00010000
+unlink: 1
+madvise: 1
+futex: 1
+bind: 1
+rmdir: 1
+# Calling fchown with -1 as the uid/gid will change the ctime but do nothing else.
+fchown: arg1 == 0xffffffff && arg2 == 0xffffffff
+fsync: 1
+fdatasync: 1
+ftruncate: 1
+mkdir: 1
+mremap: 1
+rename: 1