diff options
author | gVisor bot <gvisor-bot@google.com> | 2020-07-23 23:28:29 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-07-23 23:28:29 +0000 |
commit | 1d05051701a6f92a093b8948b58f4bf2128eebdd (patch) | |
tree | 92a7d5042a2fdadc6d8a024767d949b0768fe896 | |
parent | d82960ab03b27d5c0bd0decb137efc82e34c4fa8 (diff) | |
parent | 8fed97794edcbaa7069dbd39604030e4fbb6891c (diff) |
Merge release-20200622.1-203-g8fed97794 (automated)
-rw-r--r-- | pkg/abi/linux/linux_abi_autogen_unsafe.go | 10 | ||||
-rw-r--r-- | pkg/sentry/kernel/kernel_state_autogen.go | 230 | ||||
-rw-r--r-- | pkg/sentry/kernel/task.go | 15 | ||||
-rw-r--r-- | pkg/sentry/kernel/task_run.go | 17 | ||||
-rw-r--r-- | pkg/sentry/kernel/task_work.go | 38 |
5 files changed, 192 insertions, 118 deletions
diff --git a/pkg/abi/linux/linux_abi_autogen_unsafe.go b/pkg/abi/linux/linux_abi_autogen_unsafe.go index 79920059e..fb022bc9f 100644 --- a/pkg/abi/linux/linux_abi_autogen_unsafe.go +++ b/pkg/abi/linux/linux_abi_autogen_unsafe.go @@ -139,7 +139,7 @@ func (s *Statx) Packed() bool { // MarshalUnsafe implements marshal.Marshallable.MarshalUnsafe. func (s *Statx) MarshalUnsafe(dst []byte) { - if s.Ctime.Packed() && s.Mtime.Packed() && s.Atime.Packed() && s.Btime.Packed() { + if s.Mtime.Packed() && s.Atime.Packed() && s.Btime.Packed() && s.Ctime.Packed() { safecopy.CopyIn(dst, unsafe.Pointer(s)) } else { s.MarshalBytes(dst) @@ -214,7 +214,7 @@ func (s *Statx) CopyIn(task marshal.Task, addr usermem.Addr) (int, error) { // WriteTo implements io.WriterTo.WriteTo. func (s *Statx) WriteTo(w io.Writer) (int64, error) { - if !s.Btime.Packed() && s.Ctime.Packed() && s.Mtime.Packed() && s.Atime.Packed() { + if !s.Atime.Packed() && s.Btime.Packed() && s.Ctime.Packed() && s.Mtime.Packed() { // Type Statx doesn't have a packed layout in memory, fall back to MarshalBytes. buf := make([]byte, s.SizeBytes()) s.MarshalBytes(buf) @@ -524,7 +524,7 @@ func (i *IPTEntry) MarshalUnsafe(dst []byte) { // UnmarshalUnsafe implements marshal.Marshallable.UnmarshalUnsafe. func (i *IPTEntry) UnmarshalUnsafe(src []byte) { - if i.IP.Packed() && i.Counters.Packed() { + if i.Counters.Packed() && i.IP.Packed() { safecopy.CopyOut(unsafe.Pointer(i), src) } else { i.UnmarshalBytes(src) @@ -590,7 +590,7 @@ func (i *IPTEntry) CopyIn(task marshal.Task, addr usermem.Addr) (int, error) { // WriteTo implements io.WriterTo.WriteTo. func (i *IPTEntry) WriteTo(w io.Writer) (int64, error) { - if !i.IP.Packed() && i.Counters.Packed() { + if !i.Counters.Packed() && i.IP.Packed() { // Type IPTEntry doesn't have a packed layout in memory, fall back to MarshalBytes. buf := make([]byte, i.SizeBytes()) i.MarshalBytes(buf) @@ -776,7 +776,7 @@ func (i *IPTIP) CopyIn(task marshal.Task, addr usermem.Addr) (int, error) { // WriteTo implements io.WriterTo.WriteTo. func (i *IPTIP) WriteTo(w io.Writer) (int64, error) { - if !i.Src.Packed() && i.Dst.Packed() && i.SrcMask.Packed() && i.DstMask.Packed() { + if !i.SrcMask.Packed() && i.DstMask.Packed() && i.Src.Packed() && i.Dst.Packed() { // Type IPTIP doesn't have a packed layout in memory, fall back to MarshalBytes. buf := make([]byte, i.SizeBytes()) i.MarshalBytes(buf) diff --git a/pkg/sentry/kernel/kernel_state_autogen.go b/pkg/sentry/kernel/kernel_state_autogen.go index 8f184e712..b267f0556 100644 --- a/pkg/sentry/kernel/kernel_state_autogen.go +++ b/pkg/sentry/kernel/kernel_state_autogen.go @@ -1002,6 +1002,8 @@ func (x *Task) StateFields() []string { return []string{ "taskNode", "runState", + "taskWorkCount", + "taskWork", "haveSyscallReturn", "gosched", "yieldCount", @@ -1069,126 +1071,130 @@ func (x *Task) StateSave(m state.Sink) { state.Failf("signalQueue is %#v, expected zero", &x.signalQueue) } var ptraceTracer *Task = x.savePtraceTracer() - m.SaveValue(29, ptraceTracer) + m.SaveValue(31, ptraceTracer) var syscallFilters []bpf.Program = x.saveSyscallFilters() - m.SaveValue(45, syscallFilters) + m.SaveValue(47, syscallFilters) m.Save(0, &x.taskNode) m.Save(1, &x.runState) - m.Save(2, &x.haveSyscallReturn) - m.Save(3, &x.gosched) - m.Save(4, &x.yieldCount) - m.Save(5, &x.pendingSignals) - m.Save(6, &x.signalMask) - m.Save(7, &x.realSignalMask) - m.Save(8, &x.haveSavedSignalMask) - m.Save(9, &x.savedSignalMask) - m.Save(10, &x.signalStack) - m.Save(11, &x.groupStopPending) - m.Save(12, &x.groupStopAcknowledged) - m.Save(13, &x.trapStopPending) - m.Save(14, &x.trapNotifyPending) - m.Save(15, &x.stop) - m.Save(16, &x.exitStatus) - m.Save(17, &x.syscallRestartBlock) - m.Save(18, &x.k) - m.Save(19, &x.containerID) - m.Save(20, &x.tc) - m.Save(21, &x.fsContext) - m.Save(22, &x.fdTable) - m.Save(23, &x.vforkParent) - m.Save(24, &x.exitState) - m.Save(25, &x.exitTracerNotified) - m.Save(26, &x.exitTracerAcked) - m.Save(27, &x.exitParentNotified) - m.Save(28, &x.exitParentAcked) - m.Save(30, &x.ptraceTracees) - m.Save(31, &x.ptraceSeized) - m.Save(32, &x.ptraceOpts) - m.Save(33, &x.ptraceSyscallMode) - m.Save(34, &x.ptraceSinglestep) - m.Save(35, &x.ptraceCode) - m.Save(36, &x.ptraceSiginfo) - m.Save(37, &x.ptraceEventMsg) - m.Save(38, &x.ioUsage) - m.Save(39, &x.creds) - m.Save(40, &x.utsns) - m.Save(41, &x.ipcns) - m.Save(42, &x.abstractSockets) - m.Save(43, &x.mountNamespaceVFS2) - m.Save(44, &x.parentDeathSignal) - m.Save(46, &x.cleartid) - m.Save(47, &x.allowedCPUMask) - m.Save(48, &x.cpu) - m.Save(49, &x.niceness) - m.Save(50, &x.numaPolicy) - m.Save(51, &x.numaNodeMask) - m.Save(52, &x.netns) - m.Save(53, &x.rseqCPU) - m.Save(54, &x.oldRSeqCPUAddr) - m.Save(55, &x.rseqAddr) - m.Save(56, &x.rseqSignature) - m.Save(57, &x.startTime) + m.Save(2, &x.taskWorkCount) + m.Save(3, &x.taskWork) + m.Save(4, &x.haveSyscallReturn) + m.Save(5, &x.gosched) + m.Save(6, &x.yieldCount) + m.Save(7, &x.pendingSignals) + m.Save(8, &x.signalMask) + m.Save(9, &x.realSignalMask) + m.Save(10, &x.haveSavedSignalMask) + m.Save(11, &x.savedSignalMask) + m.Save(12, &x.signalStack) + m.Save(13, &x.groupStopPending) + m.Save(14, &x.groupStopAcknowledged) + m.Save(15, &x.trapStopPending) + m.Save(16, &x.trapNotifyPending) + m.Save(17, &x.stop) + m.Save(18, &x.exitStatus) + m.Save(19, &x.syscallRestartBlock) + m.Save(20, &x.k) + m.Save(21, &x.containerID) + m.Save(22, &x.tc) + m.Save(23, &x.fsContext) + m.Save(24, &x.fdTable) + m.Save(25, &x.vforkParent) + m.Save(26, &x.exitState) + m.Save(27, &x.exitTracerNotified) + m.Save(28, &x.exitTracerAcked) + m.Save(29, &x.exitParentNotified) + m.Save(30, &x.exitParentAcked) + m.Save(32, &x.ptraceTracees) + m.Save(33, &x.ptraceSeized) + m.Save(34, &x.ptraceOpts) + m.Save(35, &x.ptraceSyscallMode) + m.Save(36, &x.ptraceSinglestep) + m.Save(37, &x.ptraceCode) + m.Save(38, &x.ptraceSiginfo) + m.Save(39, &x.ptraceEventMsg) + m.Save(40, &x.ioUsage) + m.Save(41, &x.creds) + m.Save(42, &x.utsns) + m.Save(43, &x.ipcns) + m.Save(44, &x.abstractSockets) + m.Save(45, &x.mountNamespaceVFS2) + m.Save(46, &x.parentDeathSignal) + m.Save(48, &x.cleartid) + m.Save(49, &x.allowedCPUMask) + m.Save(50, &x.cpu) + m.Save(51, &x.niceness) + m.Save(52, &x.numaPolicy) + m.Save(53, &x.numaNodeMask) + m.Save(54, &x.netns) + m.Save(55, &x.rseqCPU) + m.Save(56, &x.oldRSeqCPUAddr) + m.Save(57, &x.rseqAddr) + m.Save(58, &x.rseqSignature) + m.Save(59, &x.startTime) } func (x *Task) StateLoad(m state.Source) { m.Load(0, &x.taskNode) m.Load(1, &x.runState) - m.Load(2, &x.haveSyscallReturn) - m.Load(3, &x.gosched) - m.Load(4, &x.yieldCount) - m.Load(5, &x.pendingSignals) - m.Load(6, &x.signalMask) - m.Load(7, &x.realSignalMask) - m.Load(8, &x.haveSavedSignalMask) - m.Load(9, &x.savedSignalMask) - m.Load(10, &x.signalStack) - m.Load(11, &x.groupStopPending) - m.Load(12, &x.groupStopAcknowledged) - m.Load(13, &x.trapStopPending) - m.Load(14, &x.trapNotifyPending) - m.Load(15, &x.stop) - m.Load(16, &x.exitStatus) - m.Load(17, &x.syscallRestartBlock) - m.Load(18, &x.k) - m.Load(19, &x.containerID) - m.Load(20, &x.tc) - m.Load(21, &x.fsContext) - m.Load(22, &x.fdTable) - m.Load(23, &x.vforkParent) - m.Load(24, &x.exitState) - m.Load(25, &x.exitTracerNotified) - m.Load(26, &x.exitTracerAcked) - m.Load(27, &x.exitParentNotified) - m.Load(28, &x.exitParentAcked) - m.Load(30, &x.ptraceTracees) - m.Load(31, &x.ptraceSeized) - m.Load(32, &x.ptraceOpts) - m.Load(33, &x.ptraceSyscallMode) - m.Load(34, &x.ptraceSinglestep) - m.Load(35, &x.ptraceCode) - m.Load(36, &x.ptraceSiginfo) - m.Load(37, &x.ptraceEventMsg) - m.Load(38, &x.ioUsage) - m.Load(39, &x.creds) - m.Load(40, &x.utsns) - m.Load(41, &x.ipcns) - m.Load(42, &x.abstractSockets) - m.Load(43, &x.mountNamespaceVFS2) - m.Load(44, &x.parentDeathSignal) - m.Load(46, &x.cleartid) - m.Load(47, &x.allowedCPUMask) - m.Load(48, &x.cpu) - m.Load(49, &x.niceness) - m.Load(50, &x.numaPolicy) - m.Load(51, &x.numaNodeMask) - m.Load(52, &x.netns) - m.Load(53, &x.rseqCPU) - m.Load(54, &x.oldRSeqCPUAddr) - m.Load(55, &x.rseqAddr) - m.Load(56, &x.rseqSignature) - m.Load(57, &x.startTime) - m.LoadValue(29, new(*Task), func(y interface{}) { x.loadPtraceTracer(y.(*Task)) }) - m.LoadValue(45, new([]bpf.Program), func(y interface{}) { x.loadSyscallFilters(y.([]bpf.Program)) }) + m.Load(2, &x.taskWorkCount) + m.Load(3, &x.taskWork) + m.Load(4, &x.haveSyscallReturn) + m.Load(5, &x.gosched) + m.Load(6, &x.yieldCount) + m.Load(7, &x.pendingSignals) + m.Load(8, &x.signalMask) + m.Load(9, &x.realSignalMask) + m.Load(10, &x.haveSavedSignalMask) + m.Load(11, &x.savedSignalMask) + m.Load(12, &x.signalStack) + m.Load(13, &x.groupStopPending) + m.Load(14, &x.groupStopAcknowledged) + m.Load(15, &x.trapStopPending) + m.Load(16, &x.trapNotifyPending) + m.Load(17, &x.stop) + m.Load(18, &x.exitStatus) + m.Load(19, &x.syscallRestartBlock) + m.Load(20, &x.k) + m.Load(21, &x.containerID) + m.Load(22, &x.tc) + m.Load(23, &x.fsContext) + m.Load(24, &x.fdTable) + m.Load(25, &x.vforkParent) + m.Load(26, &x.exitState) + m.Load(27, &x.exitTracerNotified) + m.Load(28, &x.exitTracerAcked) + m.Load(29, &x.exitParentNotified) + m.Load(30, &x.exitParentAcked) + m.Load(32, &x.ptraceTracees) + m.Load(33, &x.ptraceSeized) + m.Load(34, &x.ptraceOpts) + m.Load(35, &x.ptraceSyscallMode) + m.Load(36, &x.ptraceSinglestep) + m.Load(37, &x.ptraceCode) + m.Load(38, &x.ptraceSiginfo) + m.Load(39, &x.ptraceEventMsg) + m.Load(40, &x.ioUsage) + m.Load(41, &x.creds) + m.Load(42, &x.utsns) + m.Load(43, &x.ipcns) + m.Load(44, &x.abstractSockets) + m.Load(45, &x.mountNamespaceVFS2) + m.Load(46, &x.parentDeathSignal) + m.Load(48, &x.cleartid) + m.Load(49, &x.allowedCPUMask) + m.Load(50, &x.cpu) + m.Load(51, &x.niceness) + m.Load(52, &x.numaPolicy) + m.Load(53, &x.numaNodeMask) + m.Load(54, &x.netns) + m.Load(55, &x.rseqCPU) + m.Load(56, &x.oldRSeqCPUAddr) + m.Load(57, &x.rseqAddr) + m.Load(58, &x.rseqSignature) + m.Load(59, &x.startTime) + m.LoadValue(31, new(*Task), func(y interface{}) { x.loadPtraceTracer(y.(*Task)) }) + m.LoadValue(47, new([]bpf.Program), func(y interface{}) { x.loadSyscallFilters(y.([]bpf.Program)) }) m.AfterLoad(x.afterLoad) } diff --git a/pkg/sentry/kernel/task.go b/pkg/sentry/kernel/task.go index f48247c94..b3d655b6e 100644 --- a/pkg/sentry/kernel/task.go +++ b/pkg/sentry/kernel/task.go @@ -68,6 +68,21 @@ type Task struct { // runState is exclusive to the task goroutine. runState taskRunState + // taskWorkCount represents the current size of the task work queue. It is + // used to avoid acquiring taskWorkMu when the queue is empty. + // + // Must accessed with atomic memory operations. + taskWorkCount int32 + + // taskWorkMu protects taskWork. + taskWorkMu sync.Mutex `state:"nosave"` + + // taskWork is a queue of work to be executed before resuming user execution. + // It is similar to the task_work mechanism in Linux. + // + // taskWork is exclusive to the task goroutine. + taskWork []TaskWorker + // haveSyscallReturn is true if tc.Arch().Return() represents a value // returned by a syscall (or set by ptrace after a syscall). // diff --git a/pkg/sentry/kernel/task_run.go b/pkg/sentry/kernel/task_run.go index d654dd997..7d4f44caf 100644 --- a/pkg/sentry/kernel/task_run.go +++ b/pkg/sentry/kernel/task_run.go @@ -167,7 +167,22 @@ func (app *runApp) execute(t *Task) taskRunState { return (*runInterrupt)(nil) } - // We're about to switch to the application again. If there's still a + // Execute any task work callbacks before returning to user space. + if atomic.LoadInt32(&t.taskWorkCount) > 0 { + t.taskWorkMu.Lock() + queue := t.taskWork + t.taskWork = nil + atomic.StoreInt32(&t.taskWorkCount, 0) + t.taskWorkMu.Unlock() + + // Do not hold taskWorkMu while executing task work, which may register + // more work. + for _, work := range queue { + work.TaskWork(t) + } + } + + // We're about to switch to the application again. If there's still an // unhandled SyscallRestartErrno that wasn't translated to an EINTR, // restart the syscall that was interrupted. If there's a saved signal // mask, restore it. (Note that restoring the saved signal mask may unblock diff --git a/pkg/sentry/kernel/task_work.go b/pkg/sentry/kernel/task_work.go new file mode 100644 index 000000000..dda5a433a --- /dev/null +++ b/pkg/sentry/kernel/task_work.go @@ -0,0 +1,38 @@ +// Copyright 2020 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package kernel + +import "sync/atomic" + +// TaskWorker is a deferred task. +// +// This must be savable. +type TaskWorker interface { + // TaskWork will be executed prior to returning to user space. Note that + // TaskWork may call RegisterWork again, but this will not be executed until + // the next return to user space, unlike in Linux. This effectively allows + // registration of indefinite user return hooks, but not by default. + TaskWork(t *Task) +} + +// RegisterWork can be used to register additional task work that will be +// performed prior to returning to user space. See TaskWorker.TaskWork for +// semantics regarding registration. +func (t *Task) RegisterWork(work TaskWorker) { + t.taskWorkMu.Lock() + defer t.taskWorkMu.Unlock() + atomic.AddInt32(&t.taskWorkCount, 1) + t.taskWork = append(t.taskWork, work) +} |