monitor_unotify: Use eventfd instead of pipe for notifications

PiperOrigin-RevId: 557479262
Change-Id: Ie03e4e8915950999ff0b47e8b08c50241e53a600

sandboxed_api/sandbox2/monitor_unotify.cc

@@ -5,6 +5,7 @@
 #include <linux/ioctl.h>
 #include <linux/seccomp.h>
 #include <poll.h>
+#include <sys/eventfd.h>
 #include <sys/ioctl.h>
 #include <sys/ptrace.h>
 #include <sys/wait.h>
@@ -131,7 +132,7 @@ void UnotifyMonitor::Run() {
     SetExitStatusCode(Result::SETUP_ERROR, Result::FAILED_NOTIFY);
     return;
   }
-  if (!InitSetupNotifyPipe()) {
+  if (!InitSetupNotifyEventFd()) {
     SetExitStatusCode(Result::SETUP_ERROR, Result::FAILED_NOTIFY);
     return;
   }
@@ -141,7 +142,7 @@ void UnotifyMonitor::Run() {
   pollfd pfds[] = {
       {.fd = process_.status_fd.get(), .events = POLLIN},
       {.fd = seccomp_notify_fd_.get(), .events = POLLIN},
-      {.fd = monitor_notify_pipe_[0].get(), .events = POLLIN},
+      {.fd = monitor_notify_fd_.get(), .events = POLLIN},
   };
   bool wait_for_sandboxee = true;
   while (result_.final_status() == Result::UNSET) {
@@ -183,8 +184,8 @@ void UnotifyMonitor::Run() {
     }
     PCHECK(ret != -1);
     if (pfds[2].revents & POLLIN) {
-      char c = ' ';
+      uint64_t value = 0;
-      read(monitor_notify_pipe_[0].get(), &c, 1);
+      read(monitor_notify_fd_.get(), &value, sizeof(value));
       continue;
     }
     if (pfds[0].revents & POLLIN) {
@@ -280,24 +281,23 @@ bool UnotifyMonitor::InitSetupUnotify() {
   return true;
 }
 
-bool UnotifyMonitor::InitSetupNotifyPipe() {
+bool UnotifyMonitor::InitSetupNotifyEventFd() {
-  int pfds[2];
+  int fd = eventfd(0, EFD_NONBLOCK | EFD_CLOEXEC);
-  if (pipe(pfds) != 0) {
+  if (fd == -1) {
     PLOG(ERROR) << "failed creating monitor pipe";
     return false;
   }
-  monitor_notify_pipe_[0] = FDCloser(pfds[0]);
+  monitor_notify_fd_ = FDCloser(fd);
-  monitor_notify_pipe_[1] = FDCloser(pfds[1]);
   return true;
 }
 
 void UnotifyMonitor::NotifyMonitor() {
   absl::ReaderMutexLock lock(&notify_mutex_);
-  if (!monitor_notify_pipe_[1].get()) {
+  if (monitor_notify_fd_.get() < 0) {
     return;
   }
-  char c = ' ';
+  uint64_t value = 1;
-  write(monitor_notify_pipe_[1].get(), &c, 1);
+  write(monitor_notify_fd_.get(), &value, sizeof(value));
 }
 
 bool UnotifyMonitor::KillSandboxee() {
@@ -324,8 +324,7 @@ void UnotifyMonitor::Join() {
     VLOG(1) << "Final execution status: " << result_.ToString();
     CHECK(result_.final_status() != Result::UNSET);
     thread_.reset();
-    monitor_notify_pipe_[0].Close();
+    monitor_notify_fd_.Close();
-    monitor_notify_pipe_[1].Close();
   }
 }
 

sandboxed_api/sandbox2/monitor_unotify.h

@@ -63,7 +63,7 @@ class UnotifyMonitor : public MonitorBase {
   void Run();
 
   bool InitSetupUnotify();
-  bool InitSetupNotifyPipe();
+  bool InitSetupNotifyEventFd();
   // Kills the main traced PID with SIGKILL.
   // Returns false if an error occured and process could not be killed.
   bool KillSandboxee();
@@ -80,7 +80,7 @@ class UnotifyMonitor : public MonitorBase {
 
   absl::Notification setup_notification_;
   sapi::file_util::fileops::FDCloser seccomp_notify_fd_;
-  sapi::file_util::fileops::FDCloser monitor_notify_pipe_[2];
+  sapi::file_util::fileops::FDCloser monitor_notify_fd_;
   // Deadline in Unix millis
   std::atomic<int64_t> deadline_millis_{0};
   // False iff external kill is requested