Make all restored host FDs explicit

This ensures that host FDs are not using some random FD
upon restore. All host FDs must be part of the restore
FD map that is explicity set, otherwise restore fails.

Updates google#1956

PiperOrigin-RevId: 615581166

Author: fvoznika

pkg/sentry/fsimpl/host/host.go

@@ -108,11 +108,11 @@ type inode struct {
 	inodeRefs
 
 	// hostFD contains the host fd that this file was originally created from.
-	// It must be available at time of restore by being set to the same value or
-	// remapped using restoreKey and vfs.CtxRestoreFilesystemFDMap in the context.
+	// Upon restore, it must be remapped using restoreKey and vfs.CtxRestoreFilesystemFDMap
+	// from the restore context.
 	//
 	// This field is initialized at creation time and is immutable.
-	hostFD int
+	hostFD int `state:"nosave"`
 
 	// restoreKey is used to identify the `hostFD` after a restore is performed.
 	restoreKey vfs.RestoreID

pkg/sentry/fsimpl/host/save_restore.go

@@ -73,11 +73,10 @@ func (i *inode) beforeSave() {
 func (i *inode) afterLoad(ctx context.Context) {
 	fdmap := vfs.RestoreFilesystemFDMapFromContext(ctx)
 	fd, ok := fdmap[i.restoreKey]
-	if ok {
-		// Remap FD if a new mapping is provided. Otherwise, keep the old FD and
-		// expect that caller will use the same FDs numbers.
-		i.hostFD = fd
+	if !ok {
+		panic(fmt.Sprintf("no host FD available for %+v, map: %v", i.restoreKey, fdmap))
 	}
+	i.hostFD = fd
 
 	if i.epollable {
 		if err := unix.SetNonblock(i.hostFD, true); err != nil {