summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2020-05-11 00:56:48 +0000
committergVisor bot <gvisor-bot@google.com>2020-05-11 00:56:48 +0000
commit5afb719bc7d36090bb6fbe699ec91c6f78c52e80 (patch)
treeed38ab5a79ef3bb6eb52a21f6d1e46a2fa1d75f2
parent95e04bca0a09b2d5a179980530c668b6ce829df0 (diff)
parentc52195d25825abc749c5187f4c18834eabe4bfee (diff)
Merge release-20200422.0-62-gc52195d (automated)
-rwxr-xr-xpkg/sentry/hostfd/hostfd_unsafe.go46
-rwxr-xr-xpkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go2
-rwxr-xr-xpkg/sentry/time/seqatomic_parameters_unsafe.go2
-rw-r--r--runsc/boot/filter/config.go2
4 files changed, 16 insertions, 36 deletions
diff --git a/pkg/sentry/hostfd/hostfd_unsafe.go b/pkg/sentry/hostfd/hostfd_unsafe.go
index 5e9e60fc4..cd4dc67fb 100755
--- a/pkg/sentry/hostfd/hostfd_unsafe.go
+++ b/pkg/sentry/hostfd/hostfd_unsafe.go
@@ -34,24 +34,13 @@ func Preadv2(fd int32, dsts safemem.BlockSeq, offset int64, flags uint32) (uint6
n uintptr
e syscall.Errno
)
- // Avoid preadv2(2) if possible, since it's relatively new and thus least
- // likely to be supported by the host kernel.
- if flags == 0 {
- if dsts.NumBlocks() == 1 {
- // Use read() or pread() to avoid iovec allocation and copying.
- dst := dsts.Head()
- if offset == -1 {
- n, _, e = syscall.Syscall(unix.SYS_READ, uintptr(fd), dst.Addr(), uintptr(dst.Len()))
- } else {
- n, _, e = syscall.Syscall6(unix.SYS_PREAD64, uintptr(fd), dst.Addr(), uintptr(dst.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */)
- }
+ if flags == 0 && dsts.NumBlocks() == 1 {
+ // Use read() or pread() to avoid iovec allocation and copying.
+ dst := dsts.Head()
+ if offset == -1 {
+ n, _, e = syscall.Syscall(unix.SYS_READ, uintptr(fd), dst.Addr(), uintptr(dst.Len()))
} else {
- iovs := safemem.IovecsFromBlockSeq(dsts)
- if offset == -1 {
- n, _, e = syscall.Syscall(unix.SYS_READV, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)))
- } else {
- n, _, e = syscall.Syscall6(unix.SYS_PREADV, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, 0 /* unused */)
- }
+ n, _, e = syscall.Syscall6(unix.SYS_PREAD64, uintptr(fd), dst.Addr(), uintptr(dst.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */)
}
} else {
iovs := safemem.IovecsFromBlockSeq(dsts)
@@ -77,24 +66,13 @@ func Pwritev2(fd int32, srcs safemem.BlockSeq, offset int64, flags uint32) (uint
n uintptr
e syscall.Errno
)
- // Avoid pwritev2(2) if possible, since it's relatively new and thus least
- // likely to be supported by the host kernel.
- if flags == 0 {
- if srcs.NumBlocks() == 1 {
- // Use write() or pwrite() to avoid iovec allocation and copying.
- src := srcs.Head()
- if offset == -1 {
- n, _, e = syscall.Syscall(unix.SYS_WRITE, uintptr(fd), src.Addr(), uintptr(src.Len()))
- } else {
- n, _, e = syscall.Syscall6(unix.SYS_PWRITE64, uintptr(fd), src.Addr(), uintptr(src.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */)
- }
+ if flags == 0 && srcs.NumBlocks() == 1 {
+ // Use write() or pwrite() to avoid iovec allocation and copying.
+ src := srcs.Head()
+ if offset == -1 {
+ n, _, e = syscall.Syscall(unix.SYS_WRITE, uintptr(fd), src.Addr(), uintptr(src.Len()))
} else {
- iovs := safemem.IovecsFromBlockSeq(srcs)
- if offset == -1 {
- n, _, e = syscall.Syscall(unix.SYS_WRITEV, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)))
- } else {
- n, _, e = syscall.Syscall6(unix.SYS_PWRITEV, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, 0 /* unused */)
- }
+ n, _, e = syscall.Syscall6(unix.SYS_PWRITE64, uintptr(fd), src.Addr(), uintptr(src.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */)
}
} else {
iovs := safemem.IovecsFromBlockSeq(srcs)
diff --git a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go
index 950645965..b133423cc 100755
--- a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go
+++ b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go
@@ -1,11 +1,11 @@
package kernel
import (
- "fmt"
"reflect"
"strings"
"unsafe"
+ "fmt"
"gvisor.dev/gvisor/pkg/sync"
)
diff --git a/pkg/sentry/time/seqatomic_parameters_unsafe.go b/pkg/sentry/time/seqatomic_parameters_unsafe.go
index efd3ccae2..e2c85d862 100755
--- a/pkg/sentry/time/seqatomic_parameters_unsafe.go
+++ b/pkg/sentry/time/seqatomic_parameters_unsafe.go
@@ -1,11 +1,11 @@
package time
import (
- "fmt"
"reflect"
"strings"
"unsafe"
+ "fmt"
"gvisor.dev/gvisor/pkg/sync"
)
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 1828d116a..98cdd90dd 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -230,8 +230,10 @@ var allowedSyscalls = seccomp.SyscallRules{
syscall.SYS_PPOLL: {},
syscall.SYS_PREAD64: {},
syscall.SYS_PREADV: {},
+ unix.SYS_PREADV2: {},
syscall.SYS_PWRITE64: {},
syscall.SYS_PWRITEV: {},
+ unix.SYS_PWRITEV2: {},
syscall.SYS_READ: {},
syscall.SYS_RECVMSG: []seccomp.Rule{
{