Merge pull request #6345 from sudo-sturbia:mq/syscalls

PiperOrigin-RevId: 404901660

5 files changed, 589 insertions, 0 deletions

diff --git a/pkg/sentry/fsimpl/mqfs/BUILD b/pkg/sentry/fsimpl/mqfs/BUILD
new file mode 100644
index 000000000..332c9b504
--- /dev/null
+++ b/pkg/sentry/fsimpl/mqfs/BUILD
@@ -0,0 +1,41 @@
+load("//tools:defs.bzl", "go_library")
+load("//tools/go_generics:defs.bzl", "go_template_instance")
+
+package(licenses = ["notice"])
+
+go_template_instance(
+    name = "root_inode_refs",
+    out = "root_inode_refs.go",
+    package = "mqfs",
+    prefix = "rootInode",
+    template = "//pkg/refsvfs2:refs_template",
+    types = {
+        "T": "rootInode",
+    },
+)
+
+go_library(
+    name = "mqfs",
+    srcs = [
+        "mqfs.go",
+        "queue.go",
+        "registry.go",
+        "root.go",
+        "root_inode_refs.go",
+    ],
+    visibility = ["//pkg/sentry:internal"],
+    deps = [
+        "//pkg/abi/linux",
+        "//pkg/context",
+        "//pkg/errors/linuxerr",
+        "//pkg/refsvfs2",
+        "//pkg/sentry/fs",
+        "//pkg/sentry/fsimpl/kernfs",
+        "//pkg/sentry/kernel/auth",
+        "//pkg/sentry/kernel/ipc",
+        "//pkg/sentry/kernel/mq",
+        "//pkg/sentry/vfs",
+        "//pkg/usermem",
+        "//pkg/waiter",
+    ],
+)
diff --git a/pkg/sentry/fsimpl/mqfs/mqfs.go b/pkg/sentry/fsimpl/mqfs/mqfs.go
new file mode 100644
index 000000000..c2b53c9d0
--- /dev/null
+++ b/pkg/sentry/fsimpl/mqfs/mqfs.go
@@ -0,0 +1,138 @@
+// Copyright 2021 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package mqfs provides a filesystem implementation to back POSIX message
+// queues.
+package mqfs
+
+import (
+	"fmt"
+	"strconv"
+
+	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
+	"gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs"
+	"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
+	"gvisor.dev/gvisor/pkg/sentry/kernel/ipc"
+	"gvisor.dev/gvisor/pkg/sentry/kernel/mq"
+	"gvisor.dev/gvisor/pkg/sentry/vfs"
+)
+
+const (
+	// Name is the user-visible filesystem name.
+	Name                     = "mqueue"
+	defaultMaxCachedDentries = uint64(1000)
+)
+
+// FilesystemType implements vfs.FilesystemType.
+//
+// +stateify savable
+type FilesystemType struct{}
+
+// Name implements vfs.FilesystemType.Name.
+func (FilesystemType) Name() string {
+	return Name
+}
+
+// Release implements vfs.FilesystemType.Release.
+func (FilesystemType) Release(ctx context.Context) {}
+
+// GetFilesystem implements vfs.FilesystemType.GetFilesystem.
+func (ft FilesystemType) GetFilesystem(ctx context.Context, vfsObj *vfs.VirtualFilesystem, creds *auth.Credentials, source string, opts vfs.GetFilesystemOptions) (*vfs.Filesystem, *vfs.Dentry, error) {
+	// mqfs is initialized only once per ipc namespace. Each ipc namespace has
+	// a POSIX message registry with a root dentry, filesystem, and a
+	// disconnected mount. We want the fs to be consistent for all processes in
+	// the same ipc namespace, so instead of creating a new fs and root dentry,
+	// we retreive them using IPCNamespace.PosixQueues and use them.
+
+	i := ipcNamespaceFromContext(ctx)
+	if i == nil {
+		return nil, nil, fmt.Errorf("mqfs.FilesystemType.GetFilesystem: ipc namespace doesn't exist")
+	}
+	defer i.DecRef(ctx)
+
+	registry := i.PosixQueues()
+	if registry == nil {
+		return nil, nil, fmt.Errorf("mqfs.FilesystemType.GetFilesystem: ipc namespace doesn't have a POSIX registry")
+	}
+	impl := registry.Impl().(*RegistryImpl)
+
+	maxCachedDentries, err := maxCachedDentries(ctx, vfs.GenericParseMountOptions(opts.Data))
+	if err != nil {
+		return nil, nil, err
+	}
+	impl.fs.MaxCachedDentries = maxCachedDentries
+
+	impl.fs.VFSFilesystem().IncRef()
+	return impl.fs.VFSFilesystem(), impl.root.VFSDentry(), nil
+}
+
+// maxCachedDentries checks mopts for dentry_cache_limit. If a value is
+// specified, parse it into uint64 and return it. Otherwise, return the default
+// value. An error is returned if a value is found but can't be parsed.
+func maxCachedDentries(ctx context.Context, mopts map[string]string) (_ uint64, err error) {
+	max := defaultMaxCachedDentries
+	if str, ok := mopts["dentry_cache_limit"]; ok {
+		delete(mopts, "dentry_cache_limit")
+		max, err = strconv.ParseUint(str, 10, 64)
+		if err != nil {
+			ctx.Warningf("mqfs.FilesystemType.GetFilesystem: invalid dentry cache limit: dentry_cache_limit=%s", str)
+			return 0, linuxerr.EINVAL
+		}
+	}
+	return max, nil
+}
+
+// filesystem implements kernfs.Filesystem.
+//
+// +stateify savable
+type filesystem struct {
+	kernfs.Filesystem
+	devMinor uint32
+
+	// root is the filesystem's root dentry. Since we take a reference on it in
+	// GetFilesystem, we should release it when the fs is released.
+	root *kernfs.Dentry
+}
+
+// Release implements vfs.FilesystemImpl.Release.
+func (fs *filesystem) Release(ctx context.Context) {
+	fs.Filesystem.VFSFilesystem().VirtualFilesystem().PutAnonBlockDevMinor(fs.devMinor)
+	fs.Filesystem.Release(ctx)
+}
+
+// MountOptions implements vfs.FilesystemImpl.MountOptions.
+func (fs *filesystem) MountOptions() string {
+	return fmt.Sprintf("dentry_cache_limit=%d", fs.MaxCachedDentries)
+}
+
+// ipcNamespace defines functions we need from kernel.IPCNamespace. We redefine
+// ipcNamespace along with ipcNamespaceFromContext to avoid circular dependency
+// with package sentry/kernel.
+type ipcNamespace interface {
+	// PosixQueues returns a POSIX message queue registry.
+	PosixQueues() *mq.Registry
+
+	// DecRef decrements ipcNamespace's number of references.
+	DecRef(ctx context.Context)
+}
+
+// ipcNamespaceFromContext returns the IPC namespace in which ctx is executing.
+// Copied from package sentry/kernel.
+func ipcNamespaceFromContext(ctx context.Context) ipcNamespace {
+	if v := ctx.Value(ipc.CtxIPCNamespace); v != nil {
+		return v.(ipcNamespace)
+	}
+	return nil
+}
diff --git a/pkg/sentry/fsimpl/mqfs/queue.go b/pkg/sentry/fsimpl/mqfs/queue.go
new file mode 100644
index 000000000..933dbc6ed
--- /dev/null
+++ b/pkg/sentry/fsimpl/mqfs/queue.go
@@ -0,0 +1,145 @@
+// Copyright 2021 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package mqfs
+
+import (
+	"gvisor.dev/gvisor/pkg/abi/linux"
+	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
+	"gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs"
+	"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
+	"gvisor.dev/gvisor/pkg/sentry/kernel/mq"
+	"gvisor.dev/gvisor/pkg/sentry/vfs"
+	"gvisor.dev/gvisor/pkg/usermem"
+	"gvisor.dev/gvisor/pkg/waiter"
+)
+
+// queueInode represents an inode for a message queue (/dev/mqueue/[name]).
+//
+// +stateify savable
+type queueInode struct {
+	kernfs.DynamicBytesFile
+
+	// queue is the message queue backing this inode.
+	queue *mq.Queue
+}
+
+var _ kernfs.Inode = (*queueInode)(nil)
+
+// newQueueInode returns a new, initialized queueInode.
+func (fs *filesystem) newQueueInode(ctx context.Context, creds *auth.Credentials, q *mq.Queue, perm linux.FileMode) kernfs.Inode {
+	inode := &queueInode{queue: q}
+	inode.Init(ctx, creds, linux.UNNAMED_MAJOR, fs.devMinor, fs.NextIno(), q, perm)
+	return inode
+}
+
+// Keep implements kernfs.Inode.Keep.
+func (q *queueInode) Keep() bool {
+	// Return true so that the fs keeps newly created dentries. This is done
+	// because inodes returned by root.Lookup are not temporary, they exist
+	// in the fs, and refer to message queues.
+	return true
+}
+
+// queueFD implements vfs.FileDescriptionImpl for FD backed by a POSIX message
+// queue. It's mostly similar to DynamicBytesFD, but implements more operations.
+//
+// +stateify savable
+type queueFD struct {
+	vfs.FileDescriptionDefaultImpl
+	vfs.DynamicBytesFileDescriptionImpl
+	vfs.LockFD
+
+	vfsfd vfs.FileDescription
+	inode kernfs.Inode
+
+	// queue is a view into the queue backing this fd.
+	queue mq.View
+}
+
+// Init initializes a queueFD. Mostly copied from DynamicBytesFD.Init, but uses
+// the queueFD as FileDescriptionImpl.
+func (fd *queueFD) Init(m *vfs.Mount, d *kernfs.Dentry, data vfs.DynamicBytesSource, locks *vfs.FileLocks, flags uint32) error {
+	fd.LockFD.Init(locks)
+	if err := fd.vfsfd.Init(fd, flags, m, d.VFSDentry(), &vfs.FileDescriptionOptions{}); err != nil {
+		return err
+	}
+	fd.inode = d.Inode()
+	fd.SetDataSource(data)
+	return nil
+}
+
+// Seek implements vfs.FileDescriptionImpl.Seek.
+func (fd *queueFD) Seek(ctx context.Context, offset int64, whence int32) (int64, error) {
+	return fd.DynamicBytesFileDescriptionImpl.Seek(ctx, offset, whence)
+}
+
+// Read implements vfs.FileDescriptionImpl.Read.
+func (fd *queueFD) Read(ctx context.Context, dst usermem.IOSequence, opts vfs.ReadOptions) (int64, error) {
+	return fd.DynamicBytesFileDescriptionImpl.Read(ctx, dst, opts)
+}
+
+// PRead implements vfs.FileDescriptionImpl.PRead.
+func (fd *queueFD) PRead(ctx context.Context, dst usermem.IOSequence, offset int64, opts vfs.ReadOptions) (int64, error) {
+	return fd.DynamicBytesFileDescriptionImpl.PRead(ctx, dst, offset, opts)
+}
+
+// Write implements vfs.FileDescriptionImpl.Write.
+func (fd *queueFD) Write(ctx context.Context, src usermem.IOSequence, opts vfs.WriteOptions) (int64, error) {
+	return fd.DynamicBytesFileDescriptionImpl.Write(ctx, src, opts)
+}
+
+// PWrite implements vfs.FileDescriptionImpl.PWrite.
+func (fd *queueFD) PWrite(ctx context.Context, src usermem.IOSequence, offset int64, opts vfs.WriteOptions) (int64, error) {
+	return fd.DynamicBytesFileDescriptionImpl.PWrite(ctx, src, offset, opts)
+}
+
+// Release implements vfs.FileDescriptionImpl.Release.
+func (fd *queueFD) Release(context.Context) {}
+
+// Stat implements vfs.FileDescriptionImpl.Stat.
+func (fd *queueFD) Stat(ctx context.Context, opts vfs.StatOptions) (linux.Statx, error) {
+	fs := fd.vfsfd.VirtualDentry().Mount().Filesystem()
+	return fd.inode.Stat(ctx, fs, opts)
+}
+
+// SetStat implements vfs.FileDescriptionImpl.SetStat.
+func (fd *queueFD) SetStat(context.Context, vfs.SetStatOptions) error {
+	// DynamicBytesFiles are immutable.
+	return linuxerr.EPERM
+}
+
+// OnClose implements FileDescriptionImpl.OnClose similar to
+// ipc/mqueue.c::mqueue_flush_file.
+func (fd *queueFD) OnClose(ctx context.Context) error {
+	fd.queue.Flush(ctx)
+	return nil
+}
+
+// Readiness implements waiter.Waitable.Readiness similar to
+// ipc/mqueue.c::mqueue_poll_file.
+func (fd *queueFD) Readiness(mask waiter.EventMask) waiter.EventMask {
+	return fd.queue.Readiness(mask)
+}
+
+// EventRegister implements Waitable.EventRegister.
+func (fd *queueFD) EventRegister(e *waiter.Entry, mask waiter.EventMask) {
+	fd.queue.EventRegister(e, mask)
+}
+
+// EventUnregister implements Waitable.EventUnregister.
+func (fd *queueFD) EventUnregister(e *waiter.Entry) {
+	fd.queue.EventUnregister(e)
+}
diff --git a/pkg/sentry/fsimpl/mqfs/registry.go b/pkg/sentry/fsimpl/mqfs/registry.go
new file mode 100644
index 000000000..c8fbe4d33
--- /dev/null
+++ b/pkg/sentry/fsimpl/mqfs/registry.go
@@ -0,0 +1,176 @@
+// Copyright 2021 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package mqfs
+
+import (
+	"gvisor.dev/gvisor/pkg/abi/linux"
+	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
+	"gvisor.dev/gvisor/pkg/sentry/fs"
+	"gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs"
+	"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
+	"gvisor.dev/gvisor/pkg/sentry/kernel/mq"
+	"gvisor.dev/gvisor/pkg/sentry/vfs"
+)
+
+// RegistryImpl implements mq.RegistryImpl. It implements the interface using
+// the message queue filesystem, and is provided to mq.Registry at
+// initialization.
+//
+// RegistryImpl is not thread-safe, so it is the responsibility of the user
+// (the containing mq.Registry) to protect using a lock.
+//
+// +stateify savable
+type RegistryImpl struct {
+	// root is the root dentry of the mq filesystem. Its main usage is to
+	// retreive the root inode, which we use to add, remove, and lookup message
+	// queues.
+	//
+	// We hold a reference on root and release when the registry is destroyed.
+	root *kernfs.Dentry
+
+	// fs is the filesystem backing this registry, used mainly to initialize
+	// new inodes.
+	fs *filesystem
+
+	// mount is the mount point used for this filesystem.
+	mount *vfs.Mount
+}
+
+// NewRegistryImpl returns a new, initialized RegistryImpl, and takes a
+// reference on root.
+func NewRegistryImpl(ctx context.Context, vfsObj *vfs.VirtualFilesystem, creds *auth.Credentials) (*RegistryImpl, error) {
+	devMinor, err := vfsObj.GetAnonBlockDevMinor()
+	if err != nil {
+		return nil, err
+	}
+
+	var dentry kernfs.Dentry
+	fs := &filesystem{
+		devMinor: devMinor,
+		root:     &dentry,
+	}
+	fs.VFSFilesystem().Init(vfsObj, &FilesystemType{}, fs)
+	vfsfs := fs.VFSFilesystem()
+
+	dentry.InitRoot(&fs.Filesystem, fs.newRootInode(ctx, creds))
+	defer vfsfs.DecRef(ctx) // NewDisconnectedMount will obtain a ref on success.
+
+	mount, err := vfsObj.NewDisconnectedMount(vfsfs, dentry.VFSDentry(), &vfs.MountOptions{})
+	if err != nil {
+		return nil, err
+	}
+
+	return &RegistryImpl{
+		root:  &dentry,
+		fs:    fs,
+		mount: mount,
+	}, nil
+}
+
+// Get implements mq.RegistryImpl.Get.
+func (r *RegistryImpl) Get(ctx context.Context, name string, access mq.AccessType, block bool, flags uint32) (*vfs.FileDescription, bool, error) {
+	inode, err := r.lookup(ctx, name)
+	if err != nil {
+		return nil, false, nil
+	}
+
+	qInode := inode.(*queueInode)
+	if !qInode.queue.HasPermissions(auth.CredentialsFromContext(ctx), perm(access)) {
+		// "The queue exists, but the caller does not have permission to
+		//  open it in the specified mode."
+		return nil, false, linuxerr.EACCES
+	}
+
+	fd, err := r.newFD(qInode.queue, qInode, access, block, flags)
+	if err != nil {
+		return nil, false, err
+	}
+	return fd, true, nil
+}
+
+// New implements mq.RegistryImpl.New.
+func (r *RegistryImpl) New(ctx context.Context, name string, q *mq.Queue, access mq.AccessType, block bool, perm linux.FileMode, flags uint32) (*vfs.FileDescription, error) {
+	root := r.root.Inode().(*rootInode)
+	qInode := r.fs.newQueueInode(ctx, auth.CredentialsFromContext(ctx), q, perm).(*queueInode)
+	err := root.Insert(name, qInode)
+	if err != nil {
+		return nil, err
+	}
+	return r.newFD(q, qInode, access, block, flags)
+}
+
+// Unlink implements mq.RegistryImpl.Unlink.
+func (r *RegistryImpl) Unlink(ctx context.Context, name string) error {
+	creds := auth.CredentialsFromContext(ctx)
+	if err := r.root.Inode().CheckPermissions(ctx, creds, vfs.MayWrite|vfs.MayExec); err != nil {
+		return err
+	}
+
+	root := r.root.Inode().(*rootInode)
+	inode, err := r.lookup(ctx, name)
+	if err != nil {
+		return err
+	}
+	return root.Unlink(ctx, name, inode)
+}
+
+// Destroy implements mq.RegistryImpl.Destroy.
+func (r *RegistryImpl) Destroy(ctx context.Context) {
+	r.root.DecRef(ctx)
+	r.mount.DecRef(ctx)
+}
+
+// lookup retreives a kernfs.Inode using a name.
+func (r *RegistryImpl) lookup(ctx context.Context, name string) (kernfs.Inode, error) {
+	inode := r.root.Inode().(*rootInode)
+	lookup, err := inode.Lookup(ctx, name)
+	if err != nil {
+		return nil, err
+	}
+	return lookup, nil
+}
+
+// newFD returns a new file description created using the given queue and inode.
+func (r *RegistryImpl) newFD(q *mq.Queue, inode *queueInode, access mq.AccessType, block bool, flags uint32) (*vfs.FileDescription, error) {
+	view, err := mq.NewView(q, access, block)
+	if err != nil {
+		return nil, err
+	}
+
+	var dentry kernfs.Dentry
+	dentry.Init(&r.fs.Filesystem, inode)
+
+	fd := &queueFD{queue: view}
+	err = fd.Init(r.mount, &dentry, inode.queue, inode.Locks(), flags)
+	if err != nil {
+		return nil, err
+	}
+	return &fd.vfsfd, nil
+}
+
+// perm returns a permission mask created using given flags.
+func perm(access mq.AccessType) fs.PermMask {
+	switch access {
+	case mq.ReadWrite:
+		return fs.PermMask{Read: true, Write: true}
+	case mq.WriteOnly:
+		return fs.PermMask{Write: true}
+	case mq.ReadOnly:
+		return fs.PermMask{Read: true}
+	default:
+		return fs.PermMask{} // Can't happen, see NewView.
+	}
+}
diff --git a/pkg/sentry/fsimpl/mqfs/root.go b/pkg/sentry/fsimpl/mqfs/root.go
new file mode 100644
index 000000000..37b5749fb
--- /dev/null
+++ b/pkg/sentry/fsimpl/mqfs/root.go
@@ -0,0 +1,89 @@
+// Copyright 2021 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package mqfs
+
+import (
+	"gvisor.dev/gvisor/pkg/abi/linux"
+	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
+	"gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs"
+	"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
+	"gvisor.dev/gvisor/pkg/sentry/vfs"
+)
+
+// rootInode represents inode for filesystem's root directory (/dev/mqueue).
+//
+// +stateify savable
+type rootInode struct {
+	rootInodeRefs
+	kernfs.InodeAlwaysValid
+	kernfs.InodeAttrs
+	kernfs.InodeDirectoryNoNewChildren
+	kernfs.InodeNotSymlink
+	kernfs.InodeTemporary
+	kernfs.OrderedChildren
+	implStatFS
+
+	locks vfs.FileLocks
+}
+
+var _ kernfs.Inode = (*rootInode)(nil)
+
+// newRootInode returns a new, initialized rootInode.
+func (fs *filesystem) newRootInode(ctx context.Context, creds *auth.Credentials) kernfs.Inode {
+	inode := &rootInode{}
+	inode.InodeAttrs.Init(ctx, creds, linux.UNNAMED_MAJOR, fs.devMinor, fs.NextIno(), linux.ModeDirectory|linux.FileMode(0555))
+	inode.OrderedChildren.Init(kernfs.OrderedChildrenOptions{Writable: true})
+	inode.InitRefs()
+	return inode
+}
+
+// Open implements kernfs.Inode.Open.
+func (i *rootInode) Open(ctx context.Context, rp *vfs.ResolvingPath, d *kernfs.Dentry, opts vfs.OpenOptions) (*vfs.FileDescription, error) {
+	fd, err := kernfs.NewGenericDirectoryFD(rp.Mount(), d, &i.OrderedChildren, &i.locks, &opts, kernfs.GenericDirectoryFDOptions{
+		SeekEnd: kernfs.SeekEndZero,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return fd.VFSFileDescription(), nil
+}
+
+// DecRef implements kernfs.Inode.DecRef.
+func (i *rootInode) DecRef(ctx context.Context) {
+	i.rootInodeRefs.DecRef(func() { i.Destroy(ctx) })
+}
+
+// Rename implements Inode.Rename and overrides OrderedChildren.Rename. mqueue
+// filesystem allows files to be unlinked, but not renamed.
+func (i *rootInode) Rename(ctx context.Context, oldname, newname string, child, dstDir kernfs.Inode) error {
+	return linuxerr.EPERM
+}
+
+// SetStat implements kernfs.Inode.SetStat not allowing inode attributes to be changed.
+func (*rootInode) SetStat(context.Context, *vfs.Filesystem, *auth.Credentials, vfs.SetStatOptions) error {
+	return linuxerr.EPERM
+}
+
+// implStatFS provides an implementation of kernfs.Inode.StatFS for message
+// queues to be embedded in inodes.
+//
+// +stateify savable
+type implStatFS struct{}
+
+// StatFS implements kernfs.Inode.StatFS.
+func (*implStatFS) StatFS(context.Context, *vfs.Filesystem) (linux.Statfs, error) {
+	return vfs.GenericStatFS(linux.MQUEUE_MAGIC), nil
+}