diff options
author | Rahat Mahmood <rahat@google.com> | 2018-11-15 15:13:52 -0800 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-11-15 15:14:38 -0800 |
commit | f7aa9371247a3e7d8c490ac0fd4c4f3ff6de2017 (patch) | |
tree | 29124ad310c0beb8d7778a7fad5b420953333523 | |
parent | 6ef08c2bc2be1cc93bdf42bba5b96a0968a94552 (diff) |
Advertise vsyscall support via /proc/<pid>/maps.
Also update test utilities for probing vsyscall support and add a
metric to see if vsyscalls are actually used in sandboxes.
PiperOrigin-RevId: 221698834
Change-Id: I57870ecc33ea8c864bd7437833f21aa1e8117477
-rw-r--r-- | pkg/sentry/kernel/BUILD | 1 | ||||
-rw-r--r-- | pkg/sentry/kernel/task_syscall.go | 5 | ||||
-rw-r--r-- | pkg/sentry/mm/proc_pid_maps.go | 16 |
3 files changed, 22 insertions, 0 deletions
diff --git a/pkg/sentry/kernel/BUILD b/pkg/sentry/kernel/BUILD index 389824b25..10d7b97c2 100644 --- a/pkg/sentry/kernel/BUILD +++ b/pkg/sentry/kernel/BUILD @@ -131,6 +131,7 @@ go_library( "//pkg/cpuid", "//pkg/eventchannel", "//pkg/log", + "//pkg/metric", "//pkg/refs", "//pkg/secio", "//pkg/sentry/arch", diff --git a/pkg/sentry/kernel/task_syscall.go b/pkg/sentry/kernel/task_syscall.go index 0318adb35..2a39ebc68 100644 --- a/pkg/sentry/kernel/task_syscall.go +++ b/pkg/sentry/kernel/task_syscall.go @@ -21,6 +21,7 @@ import ( "gvisor.googlesource.com/gvisor/pkg/abi/linux" "gvisor.googlesource.com/gvisor/pkg/bits" + "gvisor.googlesource.com/gvisor/pkg/metric" "gvisor.googlesource.com/gvisor/pkg/sentry/arch" "gvisor.googlesource.com/gvisor/pkg/sentry/memmap" "gvisor.googlesource.com/gvisor/pkg/sentry/usermem" @@ -60,6 +61,8 @@ const ( ERESTART_RESTARTBLOCK = SyscallRestartErrno(516) ) +var vsyscallCount = metric.MustCreateNewUint64Metric("/kernel/vsyscall_count", false /* sync */, "Number of times vsyscalls were invoked by the application") + // Error implements error.Error. func (e SyscallRestartErrno) Error() string { // Descriptions are borrowed from strace. @@ -325,6 +328,8 @@ func (*runSyscallExit) execute(t *Task) taskRunState { // indicated by an execution fault at address addr. doVsyscall returns the // task's next run state. func (t *Task) doVsyscall(addr usermem.Addr, sysno uintptr) taskRunState { + vsyscallCount.Increment() + // Grab the caller up front, to make sure there's a sensible stack. caller := t.Arch().Native(uintptr(0)) if _, err := t.CopyIn(usermem.Addr(t.Arch().Stack()), caller); err != nil { diff --git a/pkg/sentry/mm/proc_pid_maps.go b/pkg/sentry/mm/proc_pid_maps.go index 0bf1cdb51..247ee45ef 100644 --- a/pkg/sentry/mm/proc_pid_maps.go +++ b/pkg/sentry/mm/proc_pid_maps.go @@ -53,6 +53,22 @@ func (mm *MemoryManager) ReadSeqFileData(ctx context.Context, handle seqfile.Seq Handle: &vmaAddr, }) } + + // We always emulate vsyscall, so advertise it here. Everything about a + // vsyscall region is static, so just hard code the maps entry since we + // don't have a real vma backing it. The vsyscall region is at the end of + // the virtual address space so nothing should be mapped after it (if + // something is really mapped in the tiny ~10 MiB segment afterwards, we'll + // get the sorting on the maps file wrong at worst; but that's not possible + // on any current platform). + // + // Artifically adjust the seqfile handle so we only output vsyscall entry once. + if vsyscallEnd := usermem.Addr(0xffffffffff601000); start != vsyscallEnd { + data = append(data, seqfile.SeqData{ + Buf: []byte("ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]\n"), + Handle: &vsyscallEnd, + }) + } return data, 1 } |