diff options
author | gVisor bot <gvisor-bot@google.com> | 2020-05-11 00:56:48 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-05-11 00:56:48 +0000 |
commit | 5afb719bc7d36090bb6fbe699ec91c6f78c52e80 (patch) | |
tree | ed38ab5a79ef3bb6eb52a21f6d1e46a2fa1d75f2 | |
parent | 95e04bca0a09b2d5a179980530c668b6ce829df0 (diff) | |
parent | c52195d25825abc749c5187f4c18834eabe4bfee (diff) |
Merge release-20200422.0-62-gc52195d (automated)
-rwxr-xr-x | pkg/sentry/hostfd/hostfd_unsafe.go | 46 | ||||
-rwxr-xr-x | pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go | 2 | ||||
-rwxr-xr-x | pkg/sentry/time/seqatomic_parameters_unsafe.go | 2 | ||||
-rw-r--r-- | runsc/boot/filter/config.go | 2 |
4 files changed, 16 insertions, 36 deletions
diff --git a/pkg/sentry/hostfd/hostfd_unsafe.go b/pkg/sentry/hostfd/hostfd_unsafe.go index 5e9e60fc4..cd4dc67fb 100755 --- a/pkg/sentry/hostfd/hostfd_unsafe.go +++ b/pkg/sentry/hostfd/hostfd_unsafe.go @@ -34,24 +34,13 @@ func Preadv2(fd int32, dsts safemem.BlockSeq, offset int64, flags uint32) (uint6 n uintptr e syscall.Errno ) - // Avoid preadv2(2) if possible, since it's relatively new and thus least - // likely to be supported by the host kernel. - if flags == 0 { - if dsts.NumBlocks() == 1 { - // Use read() or pread() to avoid iovec allocation and copying. - dst := dsts.Head() - if offset == -1 { - n, _, e = syscall.Syscall(unix.SYS_READ, uintptr(fd), dst.Addr(), uintptr(dst.Len())) - } else { - n, _, e = syscall.Syscall6(unix.SYS_PREAD64, uintptr(fd), dst.Addr(), uintptr(dst.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */) - } + if flags == 0 && dsts.NumBlocks() == 1 { + // Use read() or pread() to avoid iovec allocation and copying. + dst := dsts.Head() + if offset == -1 { + n, _, e = syscall.Syscall(unix.SYS_READ, uintptr(fd), dst.Addr(), uintptr(dst.Len())) } else { - iovs := safemem.IovecsFromBlockSeq(dsts) - if offset == -1 { - n, _, e = syscall.Syscall(unix.SYS_READV, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs))) - } else { - n, _, e = syscall.Syscall6(unix.SYS_PREADV, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, 0 /* unused */) - } + n, _, e = syscall.Syscall6(unix.SYS_PREAD64, uintptr(fd), dst.Addr(), uintptr(dst.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */) } } else { iovs := safemem.IovecsFromBlockSeq(dsts) @@ -77,24 +66,13 @@ func Pwritev2(fd int32, srcs safemem.BlockSeq, offset int64, flags uint32) (uint n uintptr e syscall.Errno ) - // Avoid pwritev2(2) if possible, since it's relatively new and thus least - // likely to be supported by the host kernel. - if flags == 0 { - if srcs.NumBlocks() == 1 { - // Use write() or pwrite() to avoid iovec allocation and copying. - src := srcs.Head() - if offset == -1 { - n, _, e = syscall.Syscall(unix.SYS_WRITE, uintptr(fd), src.Addr(), uintptr(src.Len())) - } else { - n, _, e = syscall.Syscall6(unix.SYS_PWRITE64, uintptr(fd), src.Addr(), uintptr(src.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */) - } + if flags == 0 && srcs.NumBlocks() == 1 { + // Use write() or pwrite() to avoid iovec allocation and copying. + src := srcs.Head() + if offset == -1 { + n, _, e = syscall.Syscall(unix.SYS_WRITE, uintptr(fd), src.Addr(), uintptr(src.Len())) } else { - iovs := safemem.IovecsFromBlockSeq(srcs) - if offset == -1 { - n, _, e = syscall.Syscall(unix.SYS_WRITEV, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs))) - } else { - n, _, e = syscall.Syscall6(unix.SYS_PWRITEV, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, 0 /* unused */) - } + n, _, e = syscall.Syscall6(unix.SYS_PWRITE64, uintptr(fd), src.Addr(), uintptr(src.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */) } } else { iovs := safemem.IovecsFromBlockSeq(srcs) diff --git a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go index 950645965..b133423cc 100755 --- a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go +++ b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go @@ -1,11 +1,11 @@ package kernel import ( - "fmt" "reflect" "strings" "unsafe" + "fmt" "gvisor.dev/gvisor/pkg/sync" ) diff --git a/pkg/sentry/time/seqatomic_parameters_unsafe.go b/pkg/sentry/time/seqatomic_parameters_unsafe.go index efd3ccae2..e2c85d862 100755 --- a/pkg/sentry/time/seqatomic_parameters_unsafe.go +++ b/pkg/sentry/time/seqatomic_parameters_unsafe.go @@ -1,11 +1,11 @@ package time import ( - "fmt" "reflect" "strings" "unsafe" + "fmt" "gvisor.dev/gvisor/pkg/sync" ) diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go index 1828d116a..98cdd90dd 100644 --- a/runsc/boot/filter/config.go +++ b/runsc/boot/filter/config.go @@ -230,8 +230,10 @@ var allowedSyscalls = seccomp.SyscallRules{ syscall.SYS_PPOLL: {}, syscall.SYS_PREAD64: {}, syscall.SYS_PREADV: {}, + unix.SYS_PREADV2: {}, syscall.SYS_PWRITE64: {}, syscall.SYS_PWRITEV: {}, + unix.SYS_PWRITEV2: {}, syscall.SYS_READ: {}, syscall.SYS_RECVMSG: []seccomp.Rule{ { |