diff options
author | gVisor bot <gvisor-bot@google.com> | 2021-03-03 18:43:27 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-03-03 18:43:27 +0000 |
commit | aae5455fe381c4cbc956f61c971284ee05c52dfc (patch) | |
tree | 2b1cb0233968680dcd0374f20ee826cf311bda95 | |
parent | e2599d556573b05eb3714c1e791fa29431dc3d3f (diff) | |
parent | a9441aea2780da8c93da1c73da860219f98438de (diff) |
Merge release-20210301.0-5-ga9441aea2 (automated)
158 files changed, 1573 insertions, 1610 deletions
diff --git a/pkg/eventchannel/event.go b/pkg/eventchannel/event.go index 7172ce75d..98dfeb1f5 100644 --- a/pkg/eventchannel/event.go +++ b/pkg/eventchannel/event.go @@ -22,8 +22,8 @@ package eventchannel import ( "encoding/binary" "fmt" - "syscall" + "golang.org/x/sys/unix" "google.golang.org/protobuf/encoding/prototext" "google.golang.org/protobuf/proto" pb "gvisor.dev/gvisor/pkg/eventchannel/eventchannel_go_proto" @@ -155,7 +155,7 @@ func (s *socketEmitter) Emit(msg proto.Message) (bool, error) { for done := 0; done < len(p); { n, err := s.socket.Write(p[done:]) if err != nil { - return (err == syscall.EPIPE), err + return (err == unix.EPIPE), err } done += n } diff --git a/pkg/fd/fd.go b/pkg/fd/fd.go index cc6b0cdf1..290673a7e 100644 --- a/pkg/fd/fd.go +++ b/pkg/fd/fd.go @@ -21,7 +21,8 @@ import ( "os" "runtime" "sync/atomic" - "syscall" + + "golang.org/x/sys/unix" ) // ReadWriter implements io.ReadWriter, io.ReaderAt, and io.WriterAt for fd. It @@ -49,7 +50,7 @@ func fixCount(n int, err error) (int, error) { // Read implements io.Reader. func (r *ReadWriter) Read(b []byte) (int, error) { - c, err := fixCount(syscall.Read(r.FD(), b)) + c, err := fixCount(unix.Read(r.FD(), b)) if c == 0 && len(b) > 0 && err == nil { return 0, io.EOF } @@ -62,7 +63,7 @@ func (r *ReadWriter) Read(b []byte) (int, error) { func (r *ReadWriter) ReadAt(b []byte, off int64) (c int, err error) { for len(b) > 0 { var m int - m, err = fixCount(syscall.Pread(r.FD(), b, off)) + m, err = fixCount(unix.Pread(r.FD(), b, off)) if m == 0 && err == nil { return c, io.EOF } @@ -82,21 +83,21 @@ func (r *ReadWriter) Write(b []byte) (int, error) { var n, remaining int for remaining = len(b); remaining > 0; { woff := len(b) - remaining - n, err = syscall.Write(r.FD(), b[woff:]) + n, err = unix.Write(r.FD(), b[woff:]) if n > 0 { - // syscall.Write wrote some bytes. This is the common case. + // unix.Write wrote some bytes. This is the common case. remaining -= n } else { if err == nil { - // syscall.Write did not write anything nor did it return an error. + // unix.Write did not write anything nor did it return an error. // - // There is no way to guarantee that a subsequent syscall.Write will + // There is no way to guarantee that a subsequent unix.Write will // make forward progress so just panic. - panic(fmt.Sprintf("syscall.Write returned %d with no error", n)) + panic(fmt.Sprintf("unix.Write returned %d with no error", n)) } - if err != syscall.EINTR { + if err != unix.EINTR { // If the write failed for anything other than a signal, bail out. break } @@ -110,7 +111,7 @@ func (r *ReadWriter) Write(b []byte) (int, error) { func (r *ReadWriter) WriteAt(b []byte, off int64) (c int, err error) { for len(b) > 0 { var m int - m, err = fixCount(syscall.Pwrite(r.FD(), b, off)) + m, err = fixCount(unix.Pwrite(r.FD(), b, off)) if err != nil { break } @@ -167,7 +168,7 @@ func New(fd int) *FD { // // The returned FD is always blocking (Go 1.9+). func NewFromFile(file *os.File) (*FD, error) { - fd, err := syscall.Dup(int(file.Fd())) + fd, err := unix.Dup(int(file.Fd())) // Technically, the runtime may call the finalizer on file as soon as // Fd() returns. runtime.KeepAlive(file) @@ -196,7 +197,7 @@ func NewFromFiles(files []*os.File) ([]*FD, error) { // Open is equivalent to open(2). func Open(path string, openmode int, perm uint32) (*FD, error) { - f, err := syscall.Open(path, openmode|syscall.O_LARGEFILE, perm) + f, err := unix.Open(path, openmode|unix.O_LARGEFILE, perm) if err != nil { return nil, err } @@ -205,7 +206,7 @@ func Open(path string, openmode int, perm uint32) (*FD, error) { // OpenAt is equivalent to openat(2). func OpenAt(dir *FD, path string, flags int, mode uint32) (*FD, error) { - f, err := syscall.Openat(dir.FD(), path, flags, mode) + f, err := unix.Openat(dir.FD(), path, flags, mode) if err != nil { return nil, err } @@ -220,7 +221,7 @@ func OpenAt(dir *FD, path string, flags int, mode uint32) (*FD, error) { // Concurrently calling Close and any other method is undefined. func (f *FD) Close() error { runtime.SetFinalizer(f, nil) - return syscall.Close(int(atomic.SwapInt64(&f.fd, -1))) + return unix.Close(int(atomic.SwapInt64(&f.fd, -1))) } // Release relinquishes ownership of the contained file descriptor. @@ -241,7 +242,7 @@ func (f *FD) Release() int { // This operation is somewhat expensive, so care should be taken to minimize // its use. func (f *FD) File() (*os.File, error) { - fd, err := syscall.Dup(f.FD()) + fd, err := unix.Dup(f.FD()) if err != nil { return nil, err } diff --git a/pkg/fdchannel/fdchannel_unsafe.go b/pkg/fdchannel/fdchannel_unsafe.go index 0ebdedf26..1f24a448d 100644 --- a/pkg/fdchannel/fdchannel_unsafe.go +++ b/pkg/fdchannel/fdchannel_unsafe.go @@ -20,9 +20,9 @@ package fdchannel import ( "fmt" - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/gohacks" ) @@ -33,7 +33,7 @@ const sizeofInt32 = int(unsafe.Sizeof(int32(0))) // representing connected sockets that may be passed to separate calls to // NewEndpoint to create connected Endpoints. func NewConnectedSockets() ([2]int, error) { - return syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_SEQPACKET|syscall.SOCK_CLOEXEC, 0) + return unix.Socketpair(unix.AF_UNIX, unix.SOCK_SEQPACKET|unix.SOCK_CLOEXEC, 0) } // Endpoint sends file descriptors to, and receives them from, another @@ -42,8 +42,8 @@ func NewConnectedSockets() ([2]int, error) { // Endpoint is not copyable or movable by value. type Endpoint struct { sockfd int32 - msghdr syscall.Msghdr - cmsg *syscall.Cmsghdr // followed by sizeofInt32 bytes of data + msghdr unix.Msghdr + cmsg *unix.Cmsghdr // followed by sizeofInt32 bytes of data } // Init must be called on zero-value Endpoints before first use. sockfd must be @@ -53,11 +53,11 @@ func (ep *Endpoint) Init(sockfd int) { // domains) permit zero-length datagrams." - recv(2). Experimentally, // sendmsg+recvmsg for a zero-length datagram is slightly faster than // sendmsg+recvmsg for a single byte over a stream socket. - cmsgSlice := make([]byte, syscall.CmsgSpace(sizeofInt32)) + cmsgSlice := make([]byte, unix.CmsgSpace(sizeofInt32)) cmsgSliceHdr := (*gohacks.SliceHeader)(unsafe.Pointer(&cmsgSlice)) ep.sockfd = int32(sockfd) ep.msghdr.Control = (*byte)(cmsgSliceHdr.Data) - ep.cmsg = (*syscall.Cmsghdr)(cmsgSliceHdr.Data) + ep.cmsg = (*unix.Cmsghdr)(cmsgSliceHdr.Data) // ep.msghdr.Controllen and ep.cmsg.* are mutated by recvmsg(2), so they're // set before calling sendmsg/recvmsg. } @@ -73,7 +73,7 @@ func NewEndpoint(sockfd int) *Endpoint { // Destroy releases resources owned by ep. No other Endpoint methods may be // called after Destroy. func (ep *Endpoint) Destroy() { - syscall.Close(int(ep.sockfd)) + unix.Close(int(ep.sockfd)) ep.sockfd = -1 } @@ -84,19 +84,19 @@ func (ep *Endpoint) Destroy() { // Shutdown is the only Endpoint method that may be called concurrently with // other methods. func (ep *Endpoint) Shutdown() { - syscall.Shutdown(int(ep.sockfd), syscall.SHUT_RDWR) + unix.Shutdown(int(ep.sockfd), unix.SHUT_RDWR) } // SendFD sends the open file description represented by the given file // descriptor to the connected Endpoint. func (ep *Endpoint) SendFD(fd int) error { - cmsgLen := syscall.CmsgLen(sizeofInt32) - ep.cmsg.Level = syscall.SOL_SOCKET - ep.cmsg.Type = syscall.SCM_RIGHTS + cmsgLen := unix.CmsgLen(sizeofInt32) + ep.cmsg.Level = unix.SOL_SOCKET + ep.cmsg.Type = unix.SCM_RIGHTS ep.cmsg.SetLen(cmsgLen) *ep.cmsgData() = int32(fd) ep.msghdr.SetControllen(cmsgLen) - _, _, e := syscall.Syscall(syscall.SYS_SENDMSG, uintptr(ep.sockfd), uintptr(unsafe.Pointer(&ep.msghdr)), 0) + _, _, e := unix.Syscall(unix.SYS_SENDMSG, uintptr(ep.sockfd), uintptr(unsafe.Pointer(&ep.msghdr)), 0) if e != 0 { return e } @@ -118,13 +118,13 @@ func (ep *Endpoint) RecvFDNonblock() (int, error) { } func (ep *Endpoint) recvFD(nonblock bool) (int, error) { - cmsgLen := syscall.CmsgLen(sizeofInt32) + cmsgLen := unix.CmsgLen(sizeofInt32) ep.msghdr.SetControllen(cmsgLen) - var e syscall.Errno + var e unix.Errno if nonblock { - _, _, e = syscall.RawSyscall(syscall.SYS_RECVMSG, uintptr(ep.sockfd), uintptr(unsafe.Pointer(&ep.msghdr)), syscall.MSG_TRUNC|syscall.MSG_DONTWAIT) + _, _, e = unix.RawSyscall(unix.SYS_RECVMSG, uintptr(ep.sockfd), uintptr(unsafe.Pointer(&ep.msghdr)), unix.MSG_TRUNC|unix.MSG_DONTWAIT) } else { - _, _, e = syscall.Syscall(syscall.SYS_RECVMSG, uintptr(ep.sockfd), uintptr(unsafe.Pointer(&ep.msghdr)), syscall.MSG_TRUNC) + _, _, e = unix.Syscall(unix.SYS_RECVMSG, uintptr(ep.sockfd), uintptr(unsafe.Pointer(&ep.msghdr)), unix.MSG_TRUNC) } if e != 0 { return -1, e @@ -132,13 +132,13 @@ func (ep *Endpoint) recvFD(nonblock bool) (int, error) { if int(ep.msghdr.Controllen) != cmsgLen { return -1, fmt.Errorf("received control message has incorrect length: got %d, wanted %d", ep.msghdr.Controllen, cmsgLen) } - if ep.cmsg.Level != syscall.SOL_SOCKET || ep.cmsg.Type != syscall.SCM_RIGHTS { - return -1, fmt.Errorf("received control message has incorrect (level, type): got (%v, %v), wanted (%v, %v)", ep.cmsg.Level, ep.cmsg.Type, syscall.SOL_SOCKET, syscall.SCM_RIGHTS) + if ep.cmsg.Level != unix.SOL_SOCKET || ep.cmsg.Type != unix.SCM_RIGHTS { + return -1, fmt.Errorf("received control message has incorrect (level, type): got (%v, %v), wanted (%v, %v)", ep.cmsg.Level, ep.cmsg.Type, unix.SOL_SOCKET, unix.SCM_RIGHTS) } return int(*ep.cmsgData()), nil } func (ep *Endpoint) cmsgData() *int32 { - // syscall.CmsgLen(0) == syscall.cmsgAlignOf(syscall.SizeofCmsghdr) - return (*int32)(unsafe.Pointer(uintptr(unsafe.Pointer(ep.cmsg)) + uintptr(syscall.CmsgLen(0)))) + // unix.CmsgLen(0) == unix.cmsgAlignOf(unix.SizeofCmsghdr) + return (*int32)(unsafe.Pointer(uintptr(unsafe.Pointer(ep.cmsg)) + uintptr(unix.CmsgLen(0)))) } diff --git a/pkg/fdnotifier/fdnotifier.go b/pkg/fdnotifier/fdnotifier.go index a6b63c982..1290d5d10 100644 --- a/pkg/fdnotifier/fdnotifier.go +++ b/pkg/fdnotifier/fdnotifier.go @@ -22,7 +22,6 @@ package fdnotifier import ( "fmt" - "syscall" "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/sync" @@ -51,7 +50,7 @@ type notifier struct { // newNotifier creates a new notifier object. func newNotifier() (*notifier, error) { - epfd, err := syscall.EpollCreate1(0) + epfd, err := unix.EpollCreate1(0) if err != nil { return nil, err } @@ -72,22 +71,22 @@ func (n *notifier) waitFD(fd int32, fi *fdInfo, mask waiter.EventMask) error { return nil } - e := syscall.EpollEvent{ + e := unix.EpollEvent{ Events: mask.ToLinux() | unix.EPOLLET, Fd: fd, } switch { case !fi.waiting && mask != 0: - if err := syscall.EpollCtl(n.epFD, syscall.EPOLL_CTL_ADD, int(fd), &e); err != nil { + if err := unix.EpollCtl(n.epFD, unix.EPOLL_CTL_ADD, int(fd), &e); err != nil { return err } fi.waiting = true case fi.waiting && mask == 0: - syscall.EpollCtl(n.epFD, syscall.EPOLL_CTL_DEL, int(fd), nil) + unix.EpollCtl(n.epFD, unix.EPOLL_CTL_DEL, int(fd), nil) fi.waiting = false case fi.waiting && mask != 0: - if err := syscall.EpollCtl(n.epFD, syscall.EPOLL_CTL_MOD, int(fd), &e); err != nil { + if err := unix.EpollCtl(n.epFD, unix.EPOLL_CTL_MOD, int(fd), &e); err != nil { return err } } @@ -144,10 +143,10 @@ func (n *notifier) hasFD(fd int32) bool { // notifications from the epoll object. Once notifications arrive, they are // dispatched to the registered queue. func (n *notifier) waitAndNotify() error { - e := make([]syscall.EpollEvent, 100) + e := make([]unix.EpollEvent, 100) for { v, err := epollWait(n.epFD, e, -1) - if err == syscall.EINTR { + if err == unix.EINTR { continue } diff --git a/pkg/fdnotifier/poll_unsafe.go b/pkg/fdnotifier/poll_unsafe.go index ec2f997a2..493ea8375 100644 --- a/pkg/fdnotifier/poll_unsafe.go +++ b/pkg/fdnotifier/poll_unsafe.go @@ -17,9 +17,9 @@ package fdnotifier import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/waiter" ) @@ -35,16 +35,16 @@ func NonBlockingPoll(fd int32, mask waiter.EventMask) waiter.EventMask { events: int16(mask.ToLinux()), } - ts := syscall.Timespec{ + ts := unix.Timespec{ Sec: 0, Nsec: 0, } for { - n, _, err := syscall.RawSyscall6(syscall.SYS_PPOLL, uintptr(unsafe.Pointer(&e)), 1, + n, _, err := unix.RawSyscall6(unix.SYS_PPOLL, uintptr(unsafe.Pointer(&e)), 1, uintptr(unsafe.Pointer(&ts)), 0, 0, 0) // Interrupted by signal, try again. - if err == syscall.EINTR { + if err == unix.EINTR { continue } // If an error occur we'll conservatively say the FD is ready for @@ -66,14 +66,14 @@ func NonBlockingPoll(fd int32, mask waiter.EventMask) waiter.EventMask { // epollWait performs a blocking wait on epfd. // // Preconditions: len(events) > 0 -func epollWait(epfd int, events []syscall.EpollEvent, msec int) (int, error) { +func epollWait(epfd int, events []unix.EpollEvent, msec int) (int, error) { if len(events) == 0 { panic("Empty events passed to EpollWait") } // We actually use epoll_pwait with NULL sigmask instead of epoll_wait // since that is what the Go >= 1.11 runtime prefers. - r, _, e := syscall.Syscall6(syscall.SYS_EPOLL_PWAIT, uintptr(epfd), uintptr(unsafe.Pointer(&events[0])), uintptr(len(events)), uintptr(msec), 0, 0) + r, _, e := unix.Syscall6(unix.SYS_EPOLL_PWAIT, uintptr(epfd), uintptr(unsafe.Pointer(&events[0])), uintptr(len(events)), uintptr(msec), 0, 0) if e != 0 { return 0, e } diff --git a/pkg/flipcall/flipcall.go b/pkg/flipcall/flipcall.go index c4a3366ce..8d8309a73 100644 --- a/pkg/flipcall/flipcall.go +++ b/pkg/flipcall/flipcall.go @@ -20,7 +20,8 @@ import ( "fmt" "math" "sync/atomic" - "syscall" + + "golang.org/x/sys/unix" ) // An Endpoint provides the ability to synchronously transfer data and control @@ -130,7 +131,7 @@ func (ep *Endpoint) Destroy() { } func (ep *Endpoint) unmapPacket() { - syscall.RawSyscall(syscall.SYS_MUNMAP, ep.packet, uintptr(ep.dataCap)+PacketHeaderBytes, 0) + unix.RawSyscall(unix.SYS_MUNMAP, ep.packet, uintptr(ep.dataCap)+PacketHeaderBytes, 0) ep.packet = 0 } diff --git a/pkg/flipcall/futex_linux.go b/pkg/flipcall/futex_linux.go index 0e559ee16..c212f05f1 100644 --- a/pkg/flipcall/futex_linux.go +++ b/pkg/flipcall/futex_linux.go @@ -20,8 +20,8 @@ import ( "fmt" "runtime" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" ) @@ -66,22 +66,22 @@ func (ep *Endpoint) futexWaitUntilActive() error { } func (ep *Endpoint) futexWakeConnState(numThreads int32) error { - if _, _, e := syscall.RawSyscall(syscall.SYS_FUTEX, ep.packet, linux.FUTEX_WAKE, uintptr(numThreads)); e != 0 { + if _, _, e := unix.RawSyscall(unix.SYS_FUTEX, ep.packet, linux.FUTEX_WAKE, uintptr(numThreads)); e != 0 { return e } return nil } func (ep *Endpoint) futexWaitConnState(curState uint32) error { - _, _, e := syscall.Syscall6(syscall.SYS_FUTEX, ep.packet, linux.FUTEX_WAIT, uintptr(curState), 0, 0, 0) - if e != 0 && e != syscall.EAGAIN && e != syscall.EINTR { + _, _, e := unix.Syscall6(unix.SYS_FUTEX, ep.packet, linux.FUTEX_WAIT, uintptr(curState), 0, 0, 0) + if e != 0 && e != unix.EAGAIN && e != unix.EINTR { return e } return nil } func yieldThread() { - syscall.Syscall(syscall.SYS_SCHED_YIELD, 0, 0, 0) + unix.Syscall(unix.SYS_SCHED_YIELD, 0, 0, 0) // The thread we're trying to yield to may be waiting for a Go runtime P. // runtime.Gosched() will hand off ours if necessary. runtime.Gosched() diff --git a/pkg/flipcall/packet_window_allocator.go b/pkg/flipcall/packet_window_allocator.go index af9cc3d21..9122c97b7 100644 --- a/pkg/flipcall/packet_window_allocator.go +++ b/pkg/flipcall/packet_window_allocator.go @@ -18,8 +18,8 @@ import ( "fmt" "math/bits" "os" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/memutil" ) @@ -85,8 +85,8 @@ func (pwa *PacketWindowAllocator) Init() error { // Apply F_SEAL_SHRINK to prevent either party from causing SIGBUS in the // other by truncating the file, and F_SEAL_SEAL to prevent either party // from applying F_SEAL_GROW or F_SEAL_WRITE. - if _, _, e := syscall.RawSyscall(syscall.SYS_FCNTL, uintptr(fd), linux.F_ADD_SEALS, linux.F_SEAL_SHRINK|linux.F_SEAL_SEAL); e != 0 { - syscall.Close(fd) + if _, _, e := unix.RawSyscall(unix.SYS_FCNTL, uintptr(fd), linux.F_ADD_SEALS, linux.F_SEAL_SHRINK|linux.F_SEAL_SEAL); e != 0 { + unix.Close(fd) return fmt.Errorf("failed to apply memfd seals: %v", e) } pwa.fd = fd @@ -106,7 +106,7 @@ func NewPacketWindowAllocator() (*PacketWindowAllocator, error) { // Destroy releases resources owned by pwa. This invalidates file descriptors // previously returned by pwa.FD() and pwd.Allocate(). func (pwa *PacketWindowAllocator) Destroy() { - syscall.Close(pwa.fd) + unix.Close(pwa.fd) } // FD represents the file descriptor of the shared memory file backing pwa. @@ -158,7 +158,7 @@ func (pwa *PacketWindowAllocator) ensureFileSize(min int64) error { } newSize = newNewSize } - if err := syscall.Ftruncate(pwa.FD(), newSize); err != nil { + if err := unix.Ftruncate(pwa.FD(), newSize); err != nil { return fmt.Errorf("ftruncate failed: %v", err) } pwa.fileSize = newSize diff --git a/pkg/flipcall/packet_window_mmap_amd64.go b/pkg/flipcall/packet_window_mmap_amd64.go index 869183b11..ced587a2a 100644 --- a/pkg/flipcall/packet_window_mmap_amd64.go +++ b/pkg/flipcall/packet_window_mmap_amd64.go @@ -14,12 +14,10 @@ package flipcall -import ( - "syscall" -) +import "golang.org/x/sys/unix" // Return a memory mapping of the pwd in memory that can be shared outside the sandbox. -func packetWindowMmap(pwd PacketWindowDescriptor) (uintptr, syscall.Errno) { - m, _, err := syscall.RawSyscall6(syscall.SYS_MMAP, 0, uintptr(pwd.Length), syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_SHARED, uintptr(pwd.FD), uintptr(pwd.Offset)) +func packetWindowMmap(pwd PacketWindowDescriptor) (uintptr, unix.Errno) { + m, _, err := unix.RawSyscall6(unix.SYS_MMAP, 0, uintptr(pwd.Length), unix.PROT_READ|unix.PROT_WRITE, unix.MAP_SHARED, uintptr(pwd.FD), uintptr(pwd.Offset)) return m, err } diff --git a/pkg/flipcall/packet_window_mmap_arm64.go b/pkg/flipcall/packet_window_mmap_arm64.go index b9c9c44f6..87ad1a4a1 100644 --- a/pkg/flipcall/packet_window_mmap_arm64.go +++ b/pkg/flipcall/packet_window_mmap_arm64.go @@ -16,12 +16,10 @@ package flipcall -import ( - "syscall" -) +import "golang.org/x/sys/unix" // Return a memory mapping of the pwd in memory that can be shared outside the sandbox. -func packetWindowMmap(pwd PacketWindowDescriptor) (uintptr, syscall.Errno) { - m, _, err := syscall.RawSyscall6(syscall.SYS_MMAP, 0, uintptr(pwd.Length), syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_SHARED, uintptr(pwd.FD), uintptr(pwd.Offset)) +func packetWindowMmap(pwd PacketWindowDescriptor) (uintptr, unix.Errno) { + m, _, err := unix.RawSyscall6(unix.SYS_MMAP, 0, uintptr(pwd.Length), unix.PROT_READ|unix.PROT_WRITE, unix.MAP_SHARED, uintptr(pwd.FD), uintptr(pwd.Offset)) return m, err } diff --git a/pkg/iovec/iovec.go b/pkg/iovec/iovec.go index dd70fe80f..0789c74bf 100644 --- a/pkg/iovec/iovec.go +++ b/pkg/iovec/iovec.go @@ -19,18 +19,17 @@ package iovec import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" ) // MaxIovs is the maximum number of iovecs host platform can accept. var MaxIovs = linux.UIO_MAXIOV -// Builder is a builder for slice of syscall.Iovec. +// Builder is a builder for slice of unix.Iovec. type Builder struct { - iovec []syscall.Iovec - storage [8]syscall.Iovec + iovec []unix.Iovec + storage [8]unix.Iovec // overflow tracks the last buffer when iovec length is at MaxIovs. overflow []byte @@ -48,7 +47,7 @@ func (b *Builder) Add(buf []byte) { b.addByAppend(buf) return } - b.iovec = append(b.iovec, syscall.Iovec{ + b.iovec = append(b.iovec, unix.Iovec{ Base: &buf[0], Len: uint64(len(buf)), }) @@ -62,7 +61,7 @@ func (b *Builder) Add(buf []byte) { func (b *Builder) addByAppend(buf []byte) { b.overflow = append(b.overflow, buf...) - b.iovec[len(b.iovec)-1] = syscall.Iovec{ + b.iovec[len(b.iovec)-1] = unix.Iovec{ Base: &b.overflow[0], Len: uint64(len(b.overflow)), } @@ -70,6 +69,6 @@ func (b *Builder) addByAppend(buf []byte) { // Build returns the final Iovec slice. The length of returned iovec will not // excceed MaxIovs. -func (b *Builder) Build() []syscall.Iovec { +func (b *Builder) Build() []unix.Iovec { return b.iovec } diff --git a/pkg/log/log.go b/pkg/log/log.go index 2e3408357..d39af3bf4 100644 --- a/pkg/log/log.go +++ b/pkg/log/log.go @@ -38,9 +38,9 @@ import ( "os" "runtime" "sync/atomic" - "syscall" "time" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/linewriter" "gvisor.dev/gvisor/pkg/sync" ) @@ -105,7 +105,7 @@ func (l *Writer) Write(data []byte) (int, error) { n += w // Is it a non-blocking socket? - if pathErr, ok := err.(*os.PathError); ok && pathErr.Err == syscall.EAGAIN { + if pathErr, ok := err.(*os.PathError); ok && pathErr.Err == unix.EAGAIN { runtime.Gosched() continue } diff --git a/pkg/memutil/memutil_unsafe.go b/pkg/memutil/memutil_unsafe.go index 979d942a9..6676d1ce3 100644 --- a/pkg/memutil/memutil_unsafe.go +++ b/pkg/memutil/memutil_unsafe.go @@ -19,7 +19,6 @@ package memutil import ( "fmt" - "syscall" "unsafe" "golang.org/x/sys/unix" @@ -27,13 +26,13 @@ import ( // CreateMemFD creates a memfd file and returns the fd. func CreateMemFD(name string, flags int) (int, error) { - p, err := syscall.BytePtrFromString(name) + p, err := unix.BytePtrFromString(name) if err != nil { return -1, err } - fd, _, e := syscall.Syscall(unix.SYS_MEMFD_CREATE, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) + fd, _, e := unix.Syscall(unix.SYS_MEMFD_CREATE, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) if e != 0 { - if e == syscall.ENOSYS { + if e == unix.ENOSYS { return -1, fmt.Errorf("memfd_create(2) is not implemented. Check that you have Linux 3.17 or higher") } return -1, e diff --git a/pkg/p9/client.go b/pkg/p9/client.go index 3f4324ac1..764f1f970 100644 --- a/pkg/p9/client.go +++ b/pkg/p9/client.go @@ -17,7 +17,6 @@ package p9 import ( "errors" "fmt" - "syscall" "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/flipcall" @@ -180,7 +179,7 @@ func NewClient(socket *unet.Socket, messageSize uint32, version string) (*Client }, &rversion) // The server told us to try again with a lower version. - if err == syscall.EAGAIN { + if err == unix.EAGAIN { if requested == lowestSupportedVersion { return nil, ErrVersionsExhausted } @@ -250,7 +249,7 @@ func (c *Client) watch(socket *unet.Socket) { // Wait for a shutdown event. for { n, err := unix.Ppoll(events, nil, nil) - if err == syscall.EINTR || err == syscall.EAGAIN { + if err == unix.EINTR || err == unix.EAGAIN { continue } if err != nil { @@ -437,7 +436,7 @@ func (c *Client) sendRecvLegacySyscallErr(t message, r message) error { received, err := c.sendRecvLegacy(t, r) if !received { log.Warningf("p9.Client.sendRecvChannel: %v", err) - return syscall.EIO + return unix.EIO } return err } @@ -485,7 +484,7 @@ func (c *Client) sendRecvLegacy(t message, r message) (bool, error) { // For convenience, we transform these directly // into errors. Handlers need not handle this case. if rlerr, ok := resp.r.(*Rlerror); ok { - return true, syscall.Errno(rlerr.Error) + return true, unix.Errno(rlerr.Error) } // At this point, we know it matches. @@ -524,7 +523,7 @@ func (c *Client) sendRecvChannel(t message, r message) error { // Map all transport errors to EIO, but ensure that the real error // is logged. log.Warningf("p9.Client.sendRecvChannel: flipcall.Endpoint.Connect: %v", err) - return syscall.EIO + return unix.EIO } } @@ -537,14 +536,14 @@ func (c *Client) sendRecvChannel(t message, r message) error { c.channelsMu.Unlock() c.channelsWg.Done() log.Warningf("p9.Client.sendRecvChannel: p9.channel.send: %v", err) - return syscall.EIO + return unix.EIO } // Parse the server's response. resp, retErr := ch.recv(r, rsz) if resp == nil { log.Warningf("p9.Client.sendRecvChannel: p9.channel.recv: %v", retErr) - retErr = syscall.EIO + retErr = unix.EIO } // Release the channel. diff --git a/pkg/p9/client_file.go b/pkg/p9/client_file.go index 8b46a2987..7abc82e1b 100644 --- a/pkg/p9/client_file.go +++ b/pkg/p9/client_file.go @@ -18,8 +18,8 @@ import ( "fmt" "io" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/fd" "gvisor.dev/gvisor/pkg/log" ) @@ -69,7 +69,7 @@ type clientFile struct { // Walk implements File.Walk. func (c *clientFile) Walk(names []string) ([]QID, File, error) { if atomic.LoadUint32(&c.closed) != 0 { - return nil, nil, syscall.EBADF + return nil, nil, unix.EBADF } fid, ok := c.client.fidPool.Get() @@ -90,7 +90,7 @@ func (c *clientFile) Walk(names []string) ([]QID, File, error) { // WalkGetAttr implements File.WalkGetAttr. func (c *clientFile) WalkGetAttr(components []string) ([]QID, File, AttrMask, Attr, error) { if atomic.LoadUint32(&c.closed) != 0 { - return nil, nil, AttrMask{}, Attr{}, syscall.EBADF + return nil, nil, AttrMask{}, Attr{}, unix.EBADF } if !versionSupportsTwalkgetattr(c.client.version) { @@ -124,7 +124,7 @@ func (c *clientFile) WalkGetAttr(components []string) ([]QID, File, AttrMask, At // StatFS implements File.StatFS. func (c *clientFile) StatFS() (FSStat, error) { if atomic.LoadUint32(&c.closed) != 0 { - return FSStat{}, syscall.EBADF + return FSStat{}, unix.EBADF } rstatfs := Rstatfs{} @@ -138,7 +138,7 @@ func (c *clientFile) StatFS() (FSStat, error) { // FSync implements File.FSync. func (c *clientFile) FSync() error { if atomic.LoadUint32(&c.closed) != 0 { - return syscall.EBADF + return unix.EBADF } return c.client.sendRecv(&Tfsync{FID: c.fid}, &Rfsync{}) @@ -147,7 +147,7 @@ func (c *clientFile) FSync() error { // GetAttr implements File.GetAttr. func (c *clientFile) GetAttr(req AttrMask) (QID, AttrMask, Attr, error) { if atomic.LoadUint32(&c.closed) != 0 { - return QID{}, AttrMask{}, Attr{}, syscall.EBADF + return QID{}, AttrMask{}, Attr{}, unix.EBADF } rgetattr := Rgetattr{} @@ -161,7 +161,7 @@ func (c *clientFile) GetAttr(req AttrMask) (QID, AttrMask, Attr, error) { // SetAttr implements File.SetAttr. func (c *clientFile) SetAttr(valid SetAttrMask, attr SetAttr) error { if atomic.LoadUint32(&c.closed) != 0 { - return syscall.EBADF + return unix.EBADF } return c.client.sendRecv(&Tsetattr{FID: c.fid, Valid: valid, SetAttr: attr}, &Rsetattr{}) @@ -170,10 +170,10 @@ func (c *clientFile) SetAttr(valid SetAttrMask, attr SetAttr) error { // GetXattr implements File.GetXattr. func (c *clientFile) GetXattr(name string, size uint64) (string, error) { if atomic.LoadUint32(&c.closed) != 0 { - return "", syscall.EBADF + return "", unix.EBADF } if !versionSupportsGetSetXattr(c.client.version) { - return "", syscall.EOPNOTSUPP + return "", unix.EOPNOTSUPP } rgetxattr := Rgetxattr{} @@ -187,10 +187,10 @@ func (c *clientFile) GetXattr(name string, size uint64) (string, error) { // SetXattr implements File.SetXattr. func (c *clientFile) SetXattr(name, value string, flags uint32) error { if atomic.LoadUint32(&c.closed) != 0 { - return syscall.EBADF + return unix.EBADF } if !versionSupportsGetSetXattr(c.client.version) { - return syscall.EOPNOTSUPP + return unix.EOPNOTSUPP } return c.client.sendRecv(&Tsetxattr{FID: c.fid, Name: name, Value: value, Flags: flags}, &Rsetxattr{}) @@ -199,10 +199,10 @@ func (c *clientFile) SetXattr(name, value string, flags uint32) error { // ListXattr implements File.ListXattr. func (c *clientFile) ListXattr(size uint64) (map[string]struct{}, error) { if atomic.LoadUint32(&c.closed) != 0 { - return nil, syscall.EBADF + return nil, unix.EBADF } if !versionSupportsListRemoveXattr(c.client.version) { - return nil, syscall.EOPNOTSUPP + return nil, unix.EOPNOTSUPP } rlistxattr := Rlistxattr{} @@ -220,10 +220,10 @@ func (c *clientFile) ListXattr(size uint64) (map[string]struct{}, error) { // RemoveXattr implements File.RemoveXattr. func (c *clientFile) RemoveXattr(name string) error { if atomic.LoadUint32(&c.closed) != 0 { - return syscall.EBADF + return unix.EBADF } if !versionSupportsListRemoveXattr(c.client.version) { - return syscall.EOPNOTSUPP + return unix.EOPNOTSUPP } return c.client.sendRecv(&Tremovexattr{FID: c.fid, Name: name}, &Rremovexattr{}) @@ -232,10 +232,10 @@ func (c *clientFile) RemoveXattr(name string) error { // Allocate implements File.Allocate. func (c *clientFile) Allocate(mode AllocateMode, offset, length uint64) error { if atomic.LoadUint32(&c.closed) != 0 { - return syscall.EBADF + return unix.EBADF } if !versionSupportsTallocate(c.client.version) { - return syscall.EOPNOTSUPP + return unix.EOPNOTSUPP } return c.client.sendRecv(&Tallocate{FID: c.fid, Mode: mode, Offset: offset, Length: length}, &Rallocate{}) @@ -248,7 +248,7 @@ func (c *clientFile) Allocate(mode AllocateMode, offset, length uint64) error { func (c *clientFile) Remove() error { // Avoid double close. if !atomic.CompareAndSwapUint32(&c.closed, 0, 1) { - return syscall.EBADF + return unix.EBADF } // Send the remove message. @@ -269,7 +269,7 @@ func (c *clientFile) Remove() error { func (c *clientFile) Close() error { // Avoid double close. if !atomic.CompareAndSwapUint32(&c.closed, 0, 1) { - return syscall.EBADF + return unix.EBADF } // Send the close message. @@ -302,7 +302,7 @@ func (c *clientFile) SetAttrClose(valid SetAttrMask, attr SetAttr) error { // Avoid double close. if !atomic.CompareAndSwapUint32(&c.closed, 0, 1) { - return syscall.EBADF + return unix.EBADF } // Send the message. @@ -321,7 +321,7 @@ func (c *clientFile) SetAttrClose(valid SetAttrMask, attr SetAttr) error { // Open implements File.Open. func (c *clientFile) Open(flags OpenFlags) (*fd.FD, QID, uint32, error) { if atomic.LoadUint32(&c.closed) != 0 { - return nil, QID{}, 0, syscall.EBADF + return nil, QID{}, 0, unix.EBADF } rlopen := Rlopen{} @@ -335,11 +335,11 @@ func (c *clientFile) Open(flags OpenFlags) (*fd.FD, QID, uint32, error) { // Connect implements File.Connect. func (c *clientFile) Connect(flags ConnectFlags) (*fd.FD, error) { if atomic.LoadUint32(&c.closed) != 0 { - return nil, syscall.EBADF + return nil, unix.EBADF } if !VersionSupportsConnect(c.client.version) { - return nil, syscall.ECONNREFUSED + return nil, unix.ECONNREFUSED } rlconnect := Rlconnect{} @@ -404,7 +404,7 @@ func (c *clientFile) ReadAt(p []byte, offset uint64) (int, error) { func (c *clientFile) readAt(p []byte, offset uint64) (int, error) { if atomic.LoadUint32(&c.closed) != 0 { - return 0, syscall.EBADF + return 0, unix.EBADF } rread := Rread{Data: p} @@ -435,7 +435,7 @@ func (c *clientFile) WriteAt(p []byte, offset uint64) (int, error) { func (c *clientFile) writeAt(p []byte, offset uint64) (int, error) { if atomic.LoadUint32(&c.closed) != 0 { - return 0, syscall.EBADF + return 0, unix.EBADF } rwrite := Rwrite{} @@ -500,12 +500,12 @@ func (r *ReadWriterFile) WriteAt(p []byte, offset int64) (int, error) { // Rename implements File.Rename. func (c *clientFile) Rename(dir File, name string) error { if atomic.LoadUint32(&c.closed) != 0 { - return syscall.EBADF + return unix.EBADF } clientDir, ok := dir.(*clientFile) if !ok { - return syscall.EBADF + return unix.EBADF } return c.client.sendRecv(&Trename{FID: c.fid, Directory: clientDir.fid, Name: name}, &Rrename{}) @@ -514,7 +514,7 @@ func (c *clientFile) Rename(dir File, name string) error { // Create implements File.Create. func (c *clientFile) Create(name string, openFlags OpenFlags, permissions FileMode, uid UID, gid GID) (*fd.FD, File, QID, uint32, error) { if atomic.LoadUint32(&c.closed) != 0 { - return nil, nil, QID{}, 0, syscall.EBADF + return nil, nil, QID{}, 0, unix.EBADF } msg := Tlcreate{ @@ -545,7 +545,7 @@ func (c *clientFile) Create(name string, openFlags OpenFlags, permissions FileMo // Mkdir implements File.Mkdir. func (c *clientFile) Mkdir(name string, permissions FileMode, uid UID, gid GID) (QID, error) { if atomic.LoadUint32(&c.closed) != 0 { - return QID{}, syscall.EBADF + return QID{}, unix.EBADF } msg := Tmkdir{ @@ -575,7 +575,7 @@ func (c *clientFile) Mkdir(name string, permissions FileMode, uid UID, gid GID) // Symlink implements File.Symlink. func (c *clientFile) Symlink(oldname string, newname string, uid UID, gid GID) (QID, error) { if atomic.LoadUint32(&c.closed) != 0 { - return QID{}, syscall.EBADF + return QID{}, unix.EBADF } msg := Tsymlink{ @@ -605,12 +605,12 @@ func (c *clientFile) Symlink(oldname string, newname string, uid UID, gid GID) ( // Link implements File.Link. func (c *clientFile) Link(target File, newname string) error { if atomic.LoadUint32(&c.closed) != 0 { - return syscall.EBADF + return unix.EBADF } targetFile, ok := target.(*clientFile) if !ok { - return syscall.EBADF + return unix.EBADF } return c.client.sendRecv(&Tlink{Directory: c.fid, Name: newname, Target: targetFile.fid}, &Rlink{}) @@ -619,7 +619,7 @@ func (c *clientFile) Link(target File, newname string) error { // Mknod implements File.Mknod. func (c *clientFile) Mknod(name string, mode FileMode, major uint32, minor uint32, uid UID, gid GID) (QID, error) { if atomic.LoadUint32(&c.closed) != 0 { - return QID{}, syscall.EBADF + return QID{}, unix.EBADF } msg := Tmknod{ @@ -651,12 +651,12 @@ func (c *clientFile) Mknod(name string, mode FileMode, major uint32, minor uint3 // RenameAt implements File.RenameAt. func (c *clientFile) RenameAt(oldname string, newdir File, newname string) error { if atomic.LoadUint32(&c.closed) != 0 { - return syscall.EBADF + return unix.EBADF } clientNewDir, ok := newdir.(*clientFile) if !ok { - return syscall.EBADF + return unix.EBADF } return c.client.sendRecv(&Trenameat{OldDirectory: c.fid, OldName: oldname, NewDirectory: clientNewDir.fid, NewName: newname}, &Rrenameat{}) @@ -665,7 +665,7 @@ func (c *clientFile) RenameAt(oldname string, newdir File, newname string) error // UnlinkAt implements File.UnlinkAt. func (c *clientFile) UnlinkAt(name string, flags uint32) error { if atomic.LoadUint32(&c.closed) != 0 { - return syscall.EBADF + return unix.EBADF } return c.client.sendRecv(&Tunlinkat{Directory: c.fid, Name: name, Flags: flags}, &Runlinkat{}) @@ -674,7 +674,7 @@ func (c *clientFile) UnlinkAt(name string, flags uint32) error { // Readdir implements File.Readdir. func (c *clientFile) Readdir(offset uint64, count uint32) ([]Dirent, error) { if atomic.LoadUint32(&c.closed) != 0 { - return nil, syscall.EBADF + return nil, unix.EBADF } rreaddir := Rreaddir{} @@ -688,7 +688,7 @@ func (c *clientFile) Readdir(offset uint64, count uint32) ([]Dirent, error) { // Readlink implements File.Readlink. func (c *clientFile) Readlink() (string, error) { if atomic.LoadUint32(&c.closed) != 0 { - return "", syscall.EBADF + return "", unix.EBADF } rreadlink := Rreadlink{} @@ -702,7 +702,7 @@ func (c *clientFile) Readlink() (string, error) { // Flush implements File.Flush. func (c *clientFile) Flush() error { if atomic.LoadUint32(&c.closed) != 0 { - return syscall.EBADF + return unix.EBADF } if !VersionSupportsTflushf(c.client.version) { diff --git a/pkg/p9/file.go b/pkg/p9/file.go index c2e3a3f98..c59c6a65b 100644 --- a/pkg/p9/file.go +++ b/pkg/p9/file.go @@ -15,8 +15,7 @@ package p9 import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/fd" ) @@ -67,7 +66,7 @@ type File interface { // WalkGetAttr walks to the next file and returns its maximal set of // attributes. // - // Server-side p9.Files may return syscall.ENOSYS to indicate that Walk + // Server-side p9.Files may return unix.ENOSYS to indicate that Walk // and GetAttr should be used separately to satisfy this request. // // On the server, WalkGetAttr has a read concurrency guarantee. @@ -160,7 +159,7 @@ type File interface { // Read reads from this file. Open must be called first. // - // This may return io.EOF in addition to syscall.Errno values. + // This may return io.EOF in addition to unix.Errno values. // // On the server, ReadAt has a read concurrency guarantee. See Open for // additional requirements regarding lazy path resolution. @@ -168,7 +167,7 @@ type File interface { // Write writes to this file. Open must be called first. // - // This may return io.EOF in addition to syscall.Errno values. + // This may return io.EOF in addition to unix.Errno values. // // On the server, WriteAt has a read concurrency guarantee. See Open // for additional requirements regarding lazy path resolution. @@ -239,7 +238,7 @@ type File interface { // Readdir reads directory entries. // - // This may return io.EOF in addition to syscall.Errno values. + // This may return io.EOF in addition to unix.Errno values. // // On the server, Readdir has a read concurrency guarantee. Readdir(offset uint64, count uint32) ([]Dirent, error) @@ -292,7 +291,7 @@ type DefaultWalkGetAttr struct{} // WalkGetAttr implements File.WalkGetAttr. func (DefaultWalkGetAttr) WalkGetAttr([]string) ([]QID, File, AttrMask, Attr, error) { - return nil, nil, AttrMask{}, Attr{}, syscall.ENOSYS + return nil, nil, AttrMask{}, Attr{}, unix.ENOSYS } // DisallowClientCalls panics if a client-only function is called. diff --git a/pkg/p9/handlers.go b/pkg/p9/handlers.go index 81ceb37c5..58312d0cc 100644 --- a/pkg/p9/handlers.go +++ b/pkg/p9/handlers.go @@ -21,28 +21,28 @@ import ( "path" "strings" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/fd" "gvisor.dev/gvisor/pkg/log" ) -// ExtractErrno extracts a syscall.Errno from a error, best effort. -func ExtractErrno(err error) syscall.Errno { +// ExtractErrno extracts a unix.Errno from a error, best effort. +func ExtractErrno(err error) unix.Errno { switch err { case os.ErrNotExist: - return syscall.ENOENT + return unix.ENOENT case os.ErrExist: - return syscall.EEXIST + return unix.EEXIST case os.ErrPermission: - return syscall.EACCES + return unix.EACCES case os.ErrInvalid: - return syscall.EINVAL + return unix.EINVAL } // Attempt to unwrap. switch e := err.(type) { - case syscall.Errno: + case unix.Errno: return e case *os.PathError: return ExtractErrno(e.Err) @@ -54,7 +54,7 @@ func ExtractErrno(err error) syscall.Errno { // Default case. log.Warningf("unknown error: %v", err) - return syscall.EIO + return unix.EIO } // newErr returns a new error message from an error. @@ -77,20 +77,20 @@ type handler interface { // handle implements handler.handle. func (t *Tversion) handle(cs *connState) message { if t.MSize == 0 { - return newErr(syscall.EINVAL) + return newErr(unix.EINVAL) } if t.MSize > maximumLength { - return newErr(syscall.EINVAL) + return newErr(unix.EINVAL) } atomic.StoreUint32(&cs.messageSize, t.MSize) requested, ok := parseVersion(t.Version) if !ok { - return newErr(syscall.EINVAL) + return newErr(unix.EINVAL) } // The server cannot support newer versions that it doesn't know about. In this // case we return EAGAIN to tell the client to try again with a lower version. if requested > highestSupportedVersion { - return newErr(syscall.EAGAIN) + return newErr(unix.EAGAIN) } // From Tversion(9P): "The server may respond with the client’s version // string, or a version string identifying an earlier defined protocol version". @@ -112,13 +112,13 @@ func checkSafeName(name string) error { if name != "" && !strings.Contains(name, "/") && name != "." && name != ".." { return nil } - return syscall.EINVAL + return unix.EINVAL } // handle implements handler.handle. func (t *Tclunk) handle(cs *connState) message { if !cs.DeleteFID(t.FID) { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } return &Rclunk{} } @@ -126,7 +126,7 @@ func (t *Tclunk) handle(cs *connState) message { func (t *Tsetattrclunk) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() @@ -136,7 +136,7 @@ func (t *Tsetattrclunk) handle(cs *connState) message { // there were multiple links and you can still change the // corresponding inode information. if ref.isDeleted() { - return syscall.EINVAL + return unix.EINVAL } // Set the attributes. @@ -146,7 +146,7 @@ func (t *Tsetattrclunk) handle(cs *connState) message { // Try to delete FID even in case of failure above. Since the state of the // file is unknown to the caller, it will not attempt to close the file again. if !cs.DeleteFID(t.FID) { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } if setAttrErr != nil { return newErr(setAttrErr) @@ -158,7 +158,7 @@ func (t *Tsetattrclunk) handle(cs *connState) message { func (t *Tremove) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() @@ -172,7 +172,7 @@ func (t *Tremove) handle(cs *connState) message { err := ref.safelyGlobal(func() error { // Is this a root? Can't remove that. if ref.isRoot() { - return syscall.EINVAL + return unix.EINVAL } // N.B. this remove operation is permitted, even if the file is open. @@ -180,7 +180,7 @@ func (t *Tremove) handle(cs *connState) message { // Is this file already deleted? if ref.isDeleted() { - return syscall.EINVAL + return unix.EINVAL } // Retrieve the file's proper name. @@ -204,7 +204,7 @@ func (t *Tremove) handle(cs *connState) message { // of removing the file if permissions allow." // https://swtch.com/plan9port/man/man9/remove.html if !cs.DeleteFID(t.FID) { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } if err != nil { return newErr(err) @@ -217,14 +217,14 @@ func (t *Tremove) handle(cs *connState) message { // // We don't support authentication, so this just returns ENOSYS. func (t *Tauth) handle(cs *connState) message { - return newErr(syscall.ENOSYS) + return newErr(unix.ENOSYS) } // handle implements handler.handle. func (t *Tattach) handle(cs *connState) message { // Ensure no authentication FID is provided. if t.Auth.AuthenticationFID != NoFID { - return newErr(syscall.EINVAL) + return newErr(unix.EINVAL) } // Must provide an absolute path. @@ -247,7 +247,7 @@ func (t *Tattach) handle(cs *connState) message { } if !valid.Mode { sf.Close() // Drop file. - return newErr(syscall.EINVAL) + return newErr(unix.EINVAL) } // Build a transient reference. @@ -292,7 +292,7 @@ func CanOpen(mode FileMode) bool { func (t *Tlopen) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() @@ -304,22 +304,22 @@ func (t *Tlopen) handle(cs *connState) message { if err := ref.safelyRead(func() (err error) { // Has it been deleted already? if ref.isDeleted() { - return syscall.EINVAL + return unix.EINVAL } // Has it been opened already? if ref.opened || !CanOpen(ref.mode) { - return syscall.EINVAL + return unix.EINVAL } if ref.mode.IsDir() { // Directory must be opened ReadOnly. if t.Flags&OpenFlagsModeMask != ReadOnly { - return syscall.EISDIR + return unix.EISDIR } // Directory not truncatable. if t.Flags&OpenTruncate != 0 { - return syscall.EISDIR + return unix.EISDIR } } @@ -345,7 +345,7 @@ func (t *Tlcreate) do(cs *connState, uid UID) (*Rlcreate, error) { ref, ok := cs.LookupFID(t.FID) if !ok { - return nil, syscall.EBADF + return nil, unix.EBADF } defer ref.DecRef() @@ -359,12 +359,12 @@ func (t *Tlcreate) do(cs *connState, uid UID) (*Rlcreate, error) { if err := ref.safelyWrite(func() (err error) { // Don't allow creation from non-directories or deleted directories. if ref.isDeleted() || !ref.mode.IsDir() { - return syscall.EINVAL + return unix.EINVAL } // Not allowed on open directories. if ref.opened { - return syscall.EINVAL + return unix.EINVAL } // Do the create. @@ -422,7 +422,7 @@ func (t *Tsymlink) do(cs *connState, uid UID) (*Rsymlink, error) { ref, ok := cs.LookupFID(t.Directory) if !ok { - return nil, syscall.EBADF + return nil, unix.EBADF } defer ref.DecRef() @@ -430,12 +430,12 @@ func (t *Tsymlink) do(cs *connState, uid UID) (*Rsymlink, error) { if err := ref.safelyWrite(func() (err error) { // Don't allow symlinks from non-directories or deleted directories. if ref.isDeleted() || !ref.mode.IsDir() { - return syscall.EINVAL + return unix.EINVAL } // Not allowed on open directories. if ref.opened { - return syscall.EINVAL + return unix.EINVAL } // Do the symlink. @@ -456,25 +456,25 @@ func (t *Tlink) handle(cs *connState) message { ref, ok := cs.LookupFID(t.Directory) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() refTarget, ok := cs.LookupFID(t.Target) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer refTarget.DecRef() if err := ref.safelyWrite(func() (err error) { // Don't allow create links from non-directories or deleted directories. if ref.isDeleted() || !ref.mode.IsDir() { - return syscall.EINVAL + return unix.EINVAL } // Not allowed on open directories. if ref.opened { - return syscall.EINVAL + return unix.EINVAL } // Do the link. @@ -497,13 +497,13 @@ func (t *Trenameat) handle(cs *connState) message { ref, ok := cs.LookupFID(t.OldDirectory) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() refTarget, ok := cs.LookupFID(t.NewDirectory) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer refTarget.DecRef() @@ -511,12 +511,12 @@ func (t *Trenameat) handle(cs *connState) message { if err := ref.safelyGlobal(func() (err error) { // Don't allow renaming across deleted directories. if ref.isDeleted() || !ref.mode.IsDir() || refTarget.isDeleted() || !refTarget.mode.IsDir() { - return syscall.EINVAL + return unix.EINVAL } // Not allowed on open directories. if ref.opened { - return syscall.EINVAL + return unix.EINVAL } // Is this the same file? If yes, short-circuit and return success. @@ -547,19 +547,19 @@ func (t *Tunlinkat) handle(cs *connState) message { ref, ok := cs.LookupFID(t.Directory) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() if err := ref.safelyWrite(func() (err error) { // Don't allow deletion from non-directories or deleted directories. if ref.isDeleted() || !ref.mode.IsDir() { - return syscall.EINVAL + return unix.EINVAL } // Not allowed on open directories. if ref.opened { - return syscall.EINVAL + return unix.EINVAL } // Before we do the unlink itself, we need to ensure that there @@ -599,25 +599,25 @@ func (t *Trename) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() refTarget, ok := cs.LookupFID(t.Directory) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer refTarget.DecRef() if err := ref.safelyGlobal(func() (err error) { // Don't allow a root rename. if ref.isRoot() { - return syscall.EINVAL + return unix.EINVAL } // Don't allow renaming deleting entries, or target non-directories. if ref.isDeleted() || refTarget.isDeleted() || !refTarget.mode.IsDir() { - return syscall.EINVAL + return unix.EINVAL } // If the parent is deleted, but we not, something is seriously wrong. @@ -656,7 +656,7 @@ func (t *Trename) handle(cs *connState) message { func (t *Treadlink) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() @@ -666,7 +666,7 @@ func (t *Treadlink) handle(cs *connState) message { // check if this file is opened because symlinks cannot be // opened. if ref.isDeleted() || !ref.mode.IsSymlink() { - return syscall.EINVAL + return unix.EINVAL } // Do the read. @@ -683,13 +683,13 @@ func (t *Treadlink) handle(cs *connState) message { func (t *Tread) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() // Constrain the size of the read buffer. if int(t.Count) > int(maximumLength) { - return newErr(syscall.ENOBUFS) + return newErr(unix.ENOBUFS) } var ( @@ -699,12 +699,12 @@ func (t *Tread) handle(cs *connState) message { if err := ref.safelyRead(func() (err error) { // Has it been opened already? if !ref.opened { - return syscall.EINVAL + return unix.EINVAL } // Can it be read? Check permissions. if ref.openFlags&OpenFlagsModeMask == WriteOnly { - return syscall.EPERM + return unix.EPERM } n, err = ref.file.ReadAt(data, t.Offset) @@ -720,7 +720,7 @@ func (t *Tread) handle(cs *connState) message { func (t *Twrite) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() @@ -728,12 +728,12 @@ func (t *Twrite) handle(cs *connState) message { if err := ref.safelyRead(func() (err error) { // Has it been opened already? if !ref.opened { - return syscall.EINVAL + return unix.EINVAL } // Can it be written? Check permissions. if ref.openFlags&OpenFlagsModeMask == ReadOnly { - return syscall.EPERM + return unix.EPERM } n, err = ref.file.WriteAt(t.Data, t.Offset) @@ -761,7 +761,7 @@ func (t *Tmknod) do(cs *connState, uid UID) (*Rmknod, error) { ref, ok := cs.LookupFID(t.Directory) if !ok { - return nil, syscall.EBADF + return nil, unix.EBADF } defer ref.DecRef() @@ -769,12 +769,12 @@ func (t *Tmknod) do(cs *connState, uid UID) (*Rmknod, error) { if err := ref.safelyWrite(func() (err error) { // Don't allow mknod on deleted files. if ref.isDeleted() || !ref.mode.IsDir() { - return syscall.EINVAL + return unix.EINVAL } // Not allowed on open directories. if ref.opened { - return syscall.EINVAL + return unix.EINVAL } // Do the mknod. @@ -803,7 +803,7 @@ func (t *Tmkdir) do(cs *connState, uid UID) (*Rmkdir, error) { ref, ok := cs.LookupFID(t.Directory) if !ok { - return nil, syscall.EBADF + return nil, unix.EBADF } defer ref.DecRef() @@ -811,12 +811,12 @@ func (t *Tmkdir) do(cs *connState, uid UID) (*Rmkdir, error) { if err := ref.safelyWrite(func() (err error) { // Don't allow mkdir on deleted files. if ref.isDeleted() || !ref.mode.IsDir() { - return syscall.EINVAL + return unix.EINVAL } // Not allowed on open directories. if ref.opened { - return syscall.EINVAL + return unix.EINVAL } // Do the mkdir. @@ -833,7 +833,7 @@ func (t *Tmkdir) do(cs *connState, uid UID) (*Rmkdir, error) { func (t *Tgetattr) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() @@ -861,7 +861,7 @@ func (t *Tgetattr) handle(cs *connState) message { func (t *Tsetattr) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() @@ -871,7 +871,7 @@ func (t *Tsetattr) handle(cs *connState) message { // there were multiple links and you can still change the // corresponding inode information. if ref.isDeleted() { - return syscall.EINVAL + return unix.EINVAL } // Set the attributes. @@ -887,24 +887,24 @@ func (t *Tsetattr) handle(cs *connState) message { func (t *Tallocate) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() if err := ref.safelyWrite(func() error { // Has it been opened already? if !ref.opened { - return syscall.EINVAL + return unix.EINVAL } // Can it be written? Check permissions. if ref.openFlags&OpenFlagsModeMask == ReadOnly { - return syscall.EBADF + return unix.EBADF } // We don't allow allocate on files that have been deleted. if ref.isDeleted() { - return syscall.EINVAL + return unix.EINVAL } return ref.file.Allocate(t.Mode, t.Offset, t.Length) @@ -919,31 +919,31 @@ func (t *Tallocate) handle(cs *connState) message { func (t *Txattrwalk) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() // We don't support extended attributes. - return newErr(syscall.ENODATA) + return newErr(unix.ENODATA) } // handle implements handler.handle. func (t *Txattrcreate) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() // We don't support extended attributes. - return newErr(syscall.ENOSYS) + return newErr(unix.ENOSYS) } // handle implements handler.handle. func (t *Tgetxattr) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() @@ -951,7 +951,7 @@ func (t *Tgetxattr) handle(cs *connState) message { if err := ref.safelyRead(func() (err error) { // Don't allow getxattr on files that have been deleted. if ref.isDeleted() { - return syscall.EINVAL + return unix.EINVAL } val, err = ref.file.GetXattr(t.Name, t.Size) return err @@ -965,14 +965,14 @@ func (t *Tgetxattr) handle(cs *connState) message { func (t *Tsetxattr) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() if err := ref.safelyWrite(func() error { // Don't allow setxattr on files that have been deleted. if ref.isDeleted() { - return syscall.EINVAL + return unix.EINVAL } return ref.file.SetXattr(t.Name, t.Value, t.Flags) }); err != nil { @@ -985,7 +985,7 @@ func (t *Tsetxattr) handle(cs *connState) message { func (t *Tlistxattr) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() @@ -993,7 +993,7 @@ func (t *Tlistxattr) handle(cs *connState) message { if err := ref.safelyRead(func() (err error) { // Don't allow listxattr on files that have been deleted. if ref.isDeleted() { - return syscall.EINVAL + return unix.EINVAL } xattrs, err = ref.file.ListXattr(t.Size) return err @@ -1012,14 +1012,14 @@ func (t *Tlistxattr) handle(cs *connState) message { func (t *Tremovexattr) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() if err := ref.safelyWrite(func() error { // Don't allow removexattr on files that have been deleted. if ref.isDeleted() { - return syscall.EINVAL + return unix.EINVAL } return ref.file.RemoveXattr(t.Name) }); err != nil { @@ -1032,7 +1032,7 @@ func (t *Tremovexattr) handle(cs *connState) message { func (t *Treaddir) handle(cs *connState) message { ref, ok := cs.LookupFID(t.Directory) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() @@ -1040,12 +1040,12 @@ func (t *Treaddir) handle(cs *connState) message { if err := ref.safelyRead(func() (err error) { // Don't allow reading deleted directories. if ref.isDeleted() || !ref.mode.IsDir() { - return syscall.EINVAL + return unix.EINVAL } // Has it been opened yet? if !ref.opened { - return syscall.EINVAL + return unix.EINVAL } // Read the entries. @@ -1065,14 +1065,14 @@ func (t *Treaddir) handle(cs *connState) message { func (t *Tfsync) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() if err := ref.safelyRead(func() (err error) { // Has it been opened yet? if !ref.opened { - return syscall.EINVAL + return unix.EINVAL } // Perform the sync. @@ -1088,7 +1088,7 @@ func (t *Tfsync) handle(cs *connState) message { func (t *Tstatfs) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() @@ -1104,7 +1104,7 @@ func (t *Tstatfs) handle(cs *connState) message { func (t *Tflushf) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() @@ -1121,7 +1121,7 @@ func (t *Tflushf) handle(cs *connState) message { func walkOne(qids []QID, from File, names []string, getattr bool) ([]QID, File, AttrMask, Attr, error) { if len(names) > 1 { // We require exactly zero or one elements. - return nil, nil, AttrMask{}, Attr{}, syscall.EINVAL + return nil, nil, AttrMask{}, Attr{}, unix.EINVAL } var ( localQIDs []QID @@ -1134,7 +1134,7 @@ func walkOne(qids []QID, from File, names []string, getattr bool) ([]QID, File, case getattr: localQIDs, sf, valid, attr, err = from.WalkGetAttr(names) // Can't put fallthrough in the if because Go. - if err != syscall.ENOSYS { + if err != unix.ENOSYS { break } fallthrough @@ -1159,7 +1159,7 @@ func walkOne(qids []QID, from File, names []string, getattr bool) ([]QID, File, if len(localQIDs) != 1 { // Expected a single QID. sf.Close() - return nil, nil, AttrMask{}, Attr{}, syscall.EINVAL + return nil, nil, AttrMask{}, Attr{}, unix.EINVAL } return append(qids, localQIDs...), sf, valid, attr, nil } @@ -1181,7 +1181,7 @@ func doWalk(cs *connState, ref *fidRef, names []string, getattr bool) (qids []QI // Has it been opened already? err = ref.safelyRead(func() (err error) { if ref.opened { - return syscall.EBUSY + return unix.EBUSY } return nil }) @@ -1237,7 +1237,7 @@ func doWalk(cs *connState, ref *fidRef, names []string, getattr bool) (qids []QI // a proper directory and we have additional paths to walk. if !walkRef.mode.IsDir() { walkRef.DecRef() // Drop walk reference; no lock required. - return nil, nil, AttrMask{}, Attr{}, syscall.EINVAL + return nil, nil, AttrMask{}, Attr{}, unix.EINVAL } var sf File // Temporary. @@ -1283,7 +1283,7 @@ func doWalk(cs *connState, ref *fidRef, names []string, getattr bool) (qids []QI func (t *Twalk) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() @@ -1303,7 +1303,7 @@ func (t *Twalk) handle(cs *connState) message { func (t *Twalkgetattr) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() @@ -1359,7 +1359,7 @@ func (t *Tumknod) handle(cs *connState) message { func (t *Tlconnect) handle(cs *connState) message { ref, ok := cs.LookupFID(t.FID) if !ok { - return newErr(syscall.EBADF) + return newErr(unix.EBADF) } defer ref.DecRef() @@ -1367,7 +1367,7 @@ func (t *Tlconnect) handle(cs *connState) message { if err := ref.safelyRead(func() (err error) { // Don't allow connecting to deleted files. if ref.isDeleted() || !ref.mode.IsSocket() { - return syscall.EINVAL + return unix.EINVAL } // Do the connect. @@ -1391,7 +1391,7 @@ func (t *Tchannel) handle(cs *connState) message { ch := cs.lookupChannel(t.ID) if ch == nil { - return newErr(syscall.ENOSYS) + return newErr(unix.ENOSYS) } // Return the payload. Note that we need to duplicate the file @@ -1405,19 +1405,19 @@ func (t *Tchannel) handle(cs *connState) message { switch t.Control { case 0: // Open the main data channel. - mfd, err := syscall.Dup(int(cs.channelAlloc.FD())) + mfd, err := unix.Dup(int(cs.channelAlloc.FD())) if err != nil { return newErr(err) } rchannel.SetFilePayload(fd.New(mfd)) case 1: - cfd, err := syscall.Dup(ch.client.FD()) + cfd, err := unix.Dup(ch.client.FD()) if err != nil { return newErr(err) } rchannel.SetFilePayload(fd.New(cfd)) default: - return newErr(syscall.EINVAL) + return newErr(unix.EINVAL) } return rchannel } diff --git a/pkg/p9/server.go b/pkg/p9/server.go index 290d5b9ce..ff1172ed6 100644 --- a/pkg/p9/server.go +++ b/pkg/p9/server.go @@ -18,8 +18,8 @@ import ( "io" "runtime/debug" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/fd" "gvisor.dev/gvisor/pkg/fdchannel" "gvisor.dev/gvisor/pkg/flipcall" @@ -483,7 +483,7 @@ func (cs *connState) lookupChannel(id uint32) *channel { func (cs *connState) handle(m message) (r message) { if !cs.reqGate.Enter() { // connState.stop() has been called; the connection is shutting down. - r = newErr(syscall.ECONNRESET) + r = newErr(unix.ECONNRESET) return } defer func() { @@ -498,7 +498,7 @@ func (cs *connState) handle(m message) (r message) { // Wrap in an EFAULT error; we don't really have a // better way to describe this kind of error. It will // usually manifest as a result of the test framework. - r = newErr(syscall.EFAULT) + r = newErr(unix.EFAULT) } }() if handler, ok := m.(handler); ok { @@ -506,7 +506,7 @@ func (cs *connState) handle(m message) (r message) { r = handler.handle(cs) } else { // Produce an ENOSYS error. - r = newErr(syscall.ENOSYS) + r = newErr(unix.ENOSYS) } return } diff --git a/pkg/p9/transport.go b/pkg/p9/transport.go index 02e665345..add607b9d 100644 --- a/pkg/p9/transport.go +++ b/pkg/p9/transport.go @@ -19,8 +19,8 @@ import ( "fmt" "io" "io/ioutil" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/fd" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/sync" @@ -187,7 +187,7 @@ func recv(s *unet.Socket, msize uint32, lookup lookupTagAndType) (Tag, message, // fds are caught and used is handled below, // and the fds variable will be set to nil. for _, fd := range fds { - syscall.Close(fd) + unix.Close(fd) } }() r.EnableFDs(0) @@ -323,7 +323,7 @@ func recv(s *unet.Socket, msize uint32, lookup lookupTagAndType) (Tag, message, // Close the rest. We support only one. for i := 1; i < len(fds); i++ { - syscall.Close(fds[i]) + unix.Close(fds[i]) } // Don't close in the defer. diff --git a/pkg/p9/transport_flipcall.go b/pkg/p9/transport_flipcall.go index 38038abdf..802254a90 100644 --- a/pkg/p9/transport_flipcall.go +++ b/pkg/p9/transport_flipcall.go @@ -16,8 +16,8 @@ package p9 import ( "runtime" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/fd" "gvisor.dev/gvisor/pkg/fdchannel" "gvisor.dev/gvisor/pkg/flipcall" @@ -236,7 +236,7 @@ func (ch *channel) recv(r message, rsz uint32) (message, error) { // Convert errors appropriately; see above. if rlerr, ok := r.(*Rlerror); ok { - return r, syscall.Errno(rlerr.Error) + return r, unix.Errno(rlerr.Error) } return r, nil diff --git a/pkg/safecopy/safecopy.go b/pkg/safecopy/safecopy.go index 2fb7e5809..1e0af5889 100644 --- a/pkg/safecopy/safecopy.go +++ b/pkg/safecopy/safecopy.go @@ -20,8 +20,8 @@ import ( "fmt" "reflect" "runtime" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/syserror" ) @@ -127,16 +127,16 @@ func initializeAddresses() { func init() { initializeAddresses() - if err := ReplaceSignalHandler(syscall.SIGSEGV, reflect.ValueOf(signalHandler).Pointer(), &savedSigSegVHandler); err != nil { + if err := ReplaceSignalHandler(unix.SIGSEGV, reflect.ValueOf(signalHandler).Pointer(), &savedSigSegVHandler); err != nil { panic(fmt.Sprintf("Unable to set handler for SIGSEGV: %v", err)) } - if err := ReplaceSignalHandler(syscall.SIGBUS, reflect.ValueOf(signalHandler).Pointer(), &savedSigBusHandler); err != nil { + if err := ReplaceSignalHandler(unix.SIGBUS, reflect.ValueOf(signalHandler).Pointer(), &savedSigBusHandler); err != nil { panic(fmt.Sprintf("Unable to set handler for SIGBUS: %v", err)) } - syserror.AddErrorUnwrapper(func(e error) (syscall.Errno, bool) { + syserror.AddErrorUnwrapper(func(e error) (unix.Errno, bool) { switch e.(type) { case SegvError, BusError, AlignmentError: - return syscall.EFAULT, true + return unix.EFAULT, true default: return 0, false } diff --git a/pkg/safecopy/safecopy_unsafe.go b/pkg/safecopy/safecopy_unsafe.go index 41dd567f3..a075cf88e 100644 --- a/pkg/safecopy/safecopy_unsafe.go +++ b/pkg/safecopy/safecopy_unsafe.go @@ -17,8 +17,9 @@ package safecopy import ( "fmt" "runtime" - "syscall" "unsafe" + + "golang.org/x/sys/unix" ) // maxRegisterSize is the maximum register size used in memcpy and memclr. It @@ -310,9 +311,9 @@ func errorFromFaultSignal(addr uintptr, sig int32) error { switch sig { case 0: return nil - case int32(syscall.SIGSEGV): + case int32(unix.SIGSEGV): return SegvError{addr} - case int32(syscall.SIGBUS): + case int32(unix.SIGBUS): return BusError{addr} default: panic(fmt.Sprintf("safecopy got unexpected signal %d at address %#x", sig, addr)) @@ -328,7 +329,7 @@ func errorFromFaultSignal(addr uintptr, sig int32) error { // handlers for appropriate signals. These handlers will call the previous // handler however, and if this is function is being used externally then the // same courtesy is expected. -func ReplaceSignalHandler(sig syscall.Signal, handler uintptr, previous *uintptr) error { +func ReplaceSignalHandler(sig unix.Signal, handler uintptr, previous *uintptr) error { var sa struct { handler uintptr flags uint64 @@ -340,7 +341,7 @@ func ReplaceSignalHandler(sig syscall.Signal, handler uintptr, previous *uintptr // Get the existing signal handler information, and save the current // handler. Once we replace it, we will use this pointer to fall back to // it when we receive other signals. - if _, _, e := syscall.RawSyscall6(syscall.SYS_RT_SIGACTION, uintptr(sig), 0, uintptr(unsafe.Pointer(&sa)), maskLen, 0, 0); e != 0 { + if _, _, e := unix.RawSyscall6(unix.SYS_RT_SIGACTION, uintptr(sig), 0, uintptr(unsafe.Pointer(&sa)), maskLen, 0, 0); e != 0 { return e } @@ -353,7 +354,7 @@ func ReplaceSignalHandler(sig syscall.Signal, handler uintptr, previous *uintptr // Install our own handler. sa.handler = handler - if _, _, e := syscall.RawSyscall6(syscall.SYS_RT_SIGACTION, uintptr(sig), uintptr(unsafe.Pointer(&sa)), 0, maskLen, 0, 0); e != 0 { + if _, _, e := unix.RawSyscall6(unix.SYS_RT_SIGACTION, uintptr(sig), uintptr(unsafe.Pointer(&sa)), 0, maskLen, 0, 0); e != 0 { return e } diff --git a/pkg/safemem/seq_unsafe.go b/pkg/safemem/seq_unsafe.go index b315b0e5a..bbf8740a5 100644 --- a/pkg/safemem/seq_unsafe.go +++ b/pkg/safemem/seq_unsafe.go @@ -17,9 +17,9 @@ package safemem import ( "bytes" "fmt" - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/gohacks" ) @@ -304,12 +304,12 @@ func ZeroSeq(dsts BlockSeq) (uint64, error) { return done, nil } -// IovecsFromBlockSeq returns a []syscall.Iovec representing seq. -func IovecsFromBlockSeq(bs BlockSeq) []syscall.Iovec { - iovs := make([]syscall.Iovec, 0, bs.NumBlocks()) +// IovecsFromBlockSeq returns a []unix.Iovec representing seq. +func IovecsFromBlockSeq(bs BlockSeq) []unix.Iovec { + iovs := make([]unix.Iovec, 0, bs.NumBlocks()) for ; !bs.IsEmpty(); bs = bs.Tail() { b := bs.Head() - iovs = append(iovs, syscall.Iovec{ + iovs = append(iovs, unix.Iovec{ Base: &b.ToSlice()[0], Len: uint64(b.Len()), }) diff --git a/pkg/seccomp/seccomp_unsafe.go b/pkg/seccomp/seccomp_unsafe.go index f7e986589..7202591df 100644 --- a/pkg/seccomp/seccomp_unsafe.go +++ b/pkg/seccomp/seccomp_unsafe.go @@ -15,9 +15,9 @@ package seccomp import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" ) @@ -26,9 +26,9 @@ import ( // This is safe to call from an afterFork context. // //go:nosplit -func SetFilter(instrs []linux.BPFInstruction) syscall.Errno { +func SetFilter(instrs []linux.BPFInstruction) unix.Errno { // PR_SET_NO_NEW_PRIVS is required in order to enable seccomp. See seccomp(2) for details. - if _, _, errno := syscall.RawSyscall6(syscall.SYS_PRCTL, linux.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0, 0); errno != 0 { + if _, _, errno := unix.RawSyscall6(unix.SYS_PRCTL, linux.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0, 0); errno != 0 { return errno } @@ -44,7 +44,7 @@ func isKillProcessAvailable() (bool, error) { if errno := seccomp(linux.SECCOMP_GET_ACTION_AVAIL, 0, unsafe.Pointer(&action)); errno != 0 { // EINVAL: SECCOMP_GET_ACTION_AVAIL not in this kernel yet. // EOPNOTSUPP: SECCOMP_RET_KILL_PROCESS not supported. - if errno == syscall.EINVAL || errno == syscall.EOPNOTSUPP { + if errno == unix.EINVAL || errno == unix.EOPNOTSUPP { return false, nil } return false, errno @@ -55,8 +55,8 @@ func isKillProcessAvailable() (bool, error) { // seccomp calls seccomp(2). This is safe to call from an afterFork context. // //go:nosplit -func seccomp(op, flags uint32, ptr unsafe.Pointer) syscall.Errno { - if _, _, errno := syscall.RawSyscall(SYS_SECCOMP, uintptr(op), uintptr(flags), uintptr(ptr)); errno != 0 { +func seccomp(op, flags uint32, ptr unsafe.Pointer) unix.Errno { + if _, _, errno := unix.RawSyscall(SYS_SECCOMP, uintptr(op), uintptr(flags), uintptr(ptr)); errno != 0 { return errno } return 0 diff --git a/pkg/sentry/arch/arch_amd64.go b/pkg/sentry/arch/arch_amd64.go index c7d3a206d..15d8ddb40 100644 --- a/pkg/sentry/arch/arch_amd64.go +++ b/pkg/sentry/arch/arch_amd64.go @@ -20,8 +20,8 @@ import ( "bytes" "fmt" "math/rand" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/cpuid" "gvisor.dev/gvisor/pkg/marshal" "gvisor.dev/gvisor/pkg/marshal/primitive" @@ -210,7 +210,7 @@ func mmapRand(max uint64) usermem.Addr { func (c *context64) NewMmapLayout(min, max usermem.Addr, r *limits.LimitSet) (MmapLayout, error) { min, ok := min.RoundUp() if !ok { - return MmapLayout{}, syscall.EINVAL + return MmapLayout{}, unix.EINVAL } if max > maxAddr64 { max = maxAddr64 @@ -218,7 +218,7 @@ func (c *context64) NewMmapLayout(min, max usermem.Addr, r *limits.LimitSet) (Mm max = max.RoundDown() if min > max { - return MmapLayout{}, syscall.EINVAL + return MmapLayout{}, unix.EINVAL } stackSize := r.Get(limits.Stack) @@ -297,7 +297,7 @@ const userStructSize = 928 // PtracePeekUser implements Context.PtracePeekUser. func (c *context64) PtracePeekUser(addr uintptr) (marshal.Marshallable, error) { if addr&7 != 0 || addr >= userStructSize { - return nil, syscall.EIO + return nil, unix.EIO } // PTRACE_PEEKUSER and PTRACE_POKEUSER are only effective on regs and // u_debugreg, returning 0 or silently no-oping for other fields @@ -315,7 +315,7 @@ func (c *context64) PtracePeekUser(addr uintptr) (marshal.Marshallable, error) { // PtracePokeUser implements Context.PtracePokeUser. func (c *context64) PtracePokeUser(addr, data uintptr) error { if addr&7 != 0 || addr >= userStructSize { - return syscall.EIO + return unix.EIO } if addr < uintptr(ptraceRegistersSize) { regs := c.ptraceGetRegs() diff --git a/pkg/sentry/arch/arch_arm64.go b/pkg/sentry/arch/arch_arm64.go index 680d23a9f..0c61a3ff7 100644 --- a/pkg/sentry/arch/arch_arm64.go +++ b/pkg/sentry/arch/arch_arm64.go @@ -19,8 +19,8 @@ package arch import ( "fmt" "math/rand" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/cpuid" "gvisor.dev/gvisor/pkg/marshal" "gvisor.dev/gvisor/pkg/marshal/primitive" @@ -194,7 +194,7 @@ func mmapRand(max uint64) usermem.Addr { func (c *context64) NewMmapLayout(min, max usermem.Addr, r *limits.LimitSet) (MmapLayout, error) { min, ok := min.RoundUp() if !ok { - return MmapLayout{}, syscall.EINVAL + return MmapLayout{}, unix.EINVAL } if max > maxAddr64 { max = maxAddr64 @@ -202,7 +202,7 @@ func (c *context64) NewMmapLayout(min, max usermem.Addr, r *limits.LimitSet) (Mm max = max.RoundDown() if min > max { - return MmapLayout{}, syscall.EINVAL + return MmapLayout{}, unix.EINVAL } stackSize := r.Get(limits.Stack) diff --git a/pkg/sentry/arch/arch_x86.go b/pkg/sentry/arch/arch_x86.go index b9405b320..641ada92f 100644 --- a/pkg/sentry/arch/arch_x86.go +++ b/pkg/sentry/arch/arch_x86.go @@ -19,8 +19,8 @@ package arch import ( "fmt" "io" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/cpuid" "gvisor.dev/gvisor/pkg/log" @@ -334,28 +334,28 @@ func (s *State) PtraceSetRegs(src io.Reader) (int, error) { regs.Ss = uint64(uint16(regs.Ss)) // In Linux this validation is via arch/x86/kernel/ptrace.c:putreg(). if !isUserSegmentSelector(regs.Cs) { - return 0, syscall.EIO + return 0, unix.EIO } if regs.Ds != 0 && !isUserSegmentSelector(regs.Ds) { - return 0, syscall.EIO + return 0, unix.EIO } if regs.Es != 0 && !isUserSegmentSelector(regs.Es) { - return 0, syscall.EIO + return 0, unix.EIO } if regs.Fs != 0 && !isUserSegmentSelector(regs.Fs) { - return 0, syscall.EIO + return 0, unix.EIO } if regs.Gs != 0 && !isUserSegmentSelector(regs.Gs) { - return 0, syscall.EIO + return 0, unix.EIO } if !isUserSegmentSelector(regs.Ss) { - return 0, syscall.EIO + return 0, unix.EIO } if !isValidSegmentBase(regs.Fs_base) { - return 0, syscall.EIO + return 0, unix.EIO } if !isValidSegmentBase(regs.Gs_base) { - return 0, syscall.EIO + return 0, unix.EIO } // CS and SS are validated, but changes to them are otherwise silently // ignored on amd64. @@ -512,7 +512,7 @@ func (s *State) ptraceSetXstateRegs(src io.Reader, maxlen int) (int, error) { // permits setting a register set smaller than minXstateBytes, but it has // the same silent truncation behavior in kernel/ptrace.c:ptrace_regset().) if maxlen < minXstateBytes { - return 0, syscall.EFAULT + return 0, unix.EFAULT } ess, _ := s.FeatureSet.ExtendedStateSize() if maxlen > int(ess) { diff --git a/pkg/sentry/arch/signal_amd64.go b/pkg/sentry/arch/signal_amd64.go index 72e07a988..e6557cab6 100644 --- a/pkg/sentry/arch/signal_amd64.go +++ b/pkg/sentry/arch/signal_amd64.go @@ -18,8 +18,8 @@ package arch import ( "math" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/marshal/primitive" @@ -187,7 +187,7 @@ func (c *context64) SignalSetup(st *Stack, act *SignalAct, info *SignalInfo, alt // for the signal stack. This is not allowed, and should immediately // force signal delivery (reverting to the default handler). if act.IsOnStack() && alt.IsEnabled() && !alt.Contains(frameBottom) { - return syscall.EFAULT + return unix.EFAULT } // Adjust the code. @@ -210,7 +210,7 @@ func (c *context64) SignalSetup(st *Stack, act *SignalAct, info *SignalInfo, alt } } else { // amd64 requires a restorer. - return syscall.EFAULT + return unix.EFAULT } // Set up registers. diff --git a/pkg/sentry/arch/signal_arm64.go b/pkg/sentry/arch/signal_arm64.go index 71596130d..4491008c2 100644 --- a/pkg/sentry/arch/signal_arm64.go +++ b/pkg/sentry/arch/signal_arm64.go @@ -17,8 +17,7 @@ package arch import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/usermem" @@ -115,7 +114,7 @@ func (c *context64) SignalSetup(st *Stack, act *SignalAct, info *SignalInfo, alt // for the signal stack. This is not allowed, and should immediately // force signal delivery (reverting to the default handler). if act.IsOnStack() && alt.IsEnabled() && !alt.Contains(frameBottom) { - return syscall.EFAULT + return unix.EFAULT } // Adjust the code. diff --git a/pkg/sentry/fs/attr.go b/pkg/sentry/fs/attr.go index f60bd423d..b90f7c1be 100644 --- a/pkg/sentry/fs/attr.go +++ b/pkg/sentry/fs/attr.go @@ -17,8 +17,8 @@ package fs import ( "fmt" "os" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/p9" @@ -355,17 +355,17 @@ func (p PermMask) String() string { return fmt.Sprintf("PermMask{Read: %v, Write: %v, Execute: %v}", p.Read, p.Write, p.Execute) } -// Mode returns the system mode (syscall.S_IXOTH, etc.) for these permissions +// Mode returns the system mode (unix.S_IXOTH, etc.) for these permissions // in the "other" bits. func (p PermMask) Mode() (mode os.FileMode) { if p.Read { - mode |= syscall.S_IROTH + mode |= unix.S_IROTH } if p.Write { - mode |= syscall.S_IWOTH + mode |= unix.S_IWOTH } if p.Execute { - mode |= syscall.S_IXOTH + mode |= unix.S_IXOTH } return } diff --git a/pkg/sentry/fs/dirent.go b/pkg/sentry/fs/dirent.go index 00c526b03..9d5d40954 100644 --- a/pkg/sentry/fs/dirent.go +++ b/pkg/sentry/fs/dirent.go @@ -18,8 +18,8 @@ import ( "fmt" "path" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/refs" @@ -418,7 +418,7 @@ func (d *Dirent) descendantOf(p *Dirent) bool { // * name must must not contain "/"s. func (d *Dirent) walk(ctx context.Context, root *Dirent, name string, walkMayUnlock bool) (*Dirent, error) { if !IsDir(d.Inode.StableAttr) { - return nil, syscall.ENOTDIR + return nil, unix.ENOTDIR } if name == "" || name == "." { @@ -452,7 +452,7 @@ func (d *Dirent) walk(ctx context.Context, root *Dirent, name string, walkMayUnl // hard reference on them, and they contain virtually no state). But this is // good house-keeping. child.DecRef(ctx) - return nil, syscall.ENOENT + return nil, unix.ENOENT } // Do we need to revalidate this child? @@ -518,7 +518,7 @@ func (d *Dirent) walk(ctx context.Context, root *Dirent, name string, walkMayUnl if cd.IsNegative() { // If so, don't leak a reference and short circuit. child.DecRef(ctx) - return nil, syscall.ENOENT + return nil, unix.ENOENT } // We make the judgement call that if c raced with cd they are close enough to have @@ -545,7 +545,7 @@ func (d *Dirent) walk(ctx context.Context, root *Dirent, name string, walkMayUnl if c.IsNegative() { // Don't drop a reference on the negative Dirent, it was just installed and this is the // only reference we'll ever get. d owns the reference. - return nil, syscall.ENOENT + return nil, unix.ENOENT } // Return the positive Dirent. @@ -611,7 +611,7 @@ func (d *Dirent) Create(ctx context.Context, root *Dirent, name string, flags Fi // Does something already exist? if d.exists(ctx, root, name) { - return nil, syscall.EEXIST + return nil, unix.EEXIST } // Try the create. We need to trust the file system to return EEXIST (or something @@ -674,7 +674,7 @@ func (d *Dirent) genericCreate(ctx context.Context, root *Dirent, name string, c // Does something already exist? if d.exists(ctx, root, name) { - return syscall.EEXIST + return unix.EEXIST } // Remove any negative Dirent. We've already asserted above with d.exists @@ -718,12 +718,12 @@ func (d *Dirent) CreateLink(ctx context.Context, root *Dirent, oldname, newname func (d *Dirent) CreateHardLink(ctx context.Context, root *Dirent, target *Dirent, name string) error { // Make sure that target does not span filesystems. if d.Inode.MountSource != target.Inode.MountSource { - return syscall.EXDEV + return unix.EXDEV } // Directories are never linkable. See fs/namei.c:vfs_link. if IsDir(target.Inode.StableAttr) { - return syscall.EPERM + return unix.EPERM } return d.genericCreate(ctx, root, name, func() error { @@ -759,8 +759,8 @@ func (d *Dirent) Bind(ctx context.Context, root *Dirent, name string, data trans d.finishCreate(ctx, childDir, name) return nil }) - if err == syscall.EEXIST { - return nil, syscall.EADDRINUSE + if err == unix.EEXIST { + return nil, unix.EADDRINUSE } if err != nil { return nil, err @@ -1033,14 +1033,14 @@ func (d *Dirent) Remove(ctx context.Context, root *Dirent, name string, dirPath // Remove cannot remove directories. if IsDir(child.Inode.StableAttr) { - return syscall.EISDIR + return unix.EISDIR } else if dirPath { - return syscall.ENOTDIR + return unix.ENOTDIR } // Remove cannot remove a mount point. if child.isMountPoint() { - return syscall.EBUSY + return unix.EBUSY } // Try to remove name on the file system. @@ -1087,11 +1087,11 @@ func (d *Dirent) RemoveDirectory(ctx context.Context, root *Dirent, name string) // Check for dots. if name == "." { // Rejected as the last component by rmdir(2). - return syscall.EINVAL + return unix.EINVAL } if name == ".." { // If d was found, then its parent is not empty. - return syscall.ENOTEMPTY + return unix.ENOTEMPTY } // Try to walk to the node. @@ -1104,12 +1104,12 @@ func (d *Dirent) RemoveDirectory(ctx context.Context, root *Dirent, name string) // RemoveDirectory can only remove directories. if !IsDir(child.Inode.StableAttr) { - return syscall.ENOTDIR + return unix.ENOTDIR } // Remove cannot remove a mount point. if child.isMountPoint() { - return syscall.EBUSY + return unix.EBUSY } // Try to remove name on the file system. @@ -1294,7 +1294,7 @@ func lockForRename(oldParent *Dirent, oldName string, newParent *Dirent, newName // more specifically of oldParent/oldName. That is, we're // trying to rename something into a subdirectory of // itself. - err = syscall.EINVAL + err = unix.EINVAL } return func() { newParent.mu.Unlock() @@ -1420,12 +1420,12 @@ func Rename(ctx context.Context, root *Dirent, oldParent *Dirent, oldName string // Check that the renamed dirent is not a mount point. if renamed.isMountPointLocked() { - return syscall.EBUSY + return unix.EBUSY } // Source should not be an ancestor of the target. if newParent.descendantOf(renamed) { - return syscall.EINVAL + return unix.EINVAL } // Per rename(2): "... EACCES: ... or oldpath is a directory and does not @@ -1465,13 +1465,13 @@ func Rename(ctx context.Context, root *Dirent, oldParent *Dirent, oldName string // ancestor of target, but ENOTEMPTY if the target is // an ancestor of source (unless RENAME_EXCHANGE flag // is present). See fs/namei.c:renameat2. - return syscall.ENOTEMPTY + return unix.ENOTEMPTY } // Check that replaced is not a mount point. if replaced.isMountPointLocked() { replaced.DecRef(ctx) - return syscall.EBUSY + return unix.EBUSY } // Require that a directory is replaced by a directory. @@ -1479,11 +1479,11 @@ func Rename(ctx context.Context, root *Dirent, oldParent *Dirent, oldName string newIsDir := IsDir(replaced.Inode.StableAttr) if !newIsDir && oldIsDir { replaced.DecRef(ctx) - return syscall.ENOTDIR + return unix.ENOTDIR } if !oldIsDir && newIsDir { replaced.DecRef(ctx) - return syscall.EISDIR + return unix.EISDIR } // Allow the file system to drop extra references on replaced. diff --git a/pkg/sentry/fs/fdpipe/pipe.go b/pkg/sentry/fs/fdpipe/pipe.go index b99199798..757b7d511 100644 --- a/pkg/sentry/fs/fdpipe/pipe.go +++ b/pkg/sentry/fs/fdpipe/pipe.go @@ -17,8 +17,8 @@ package fdpipe import ( "os" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fd" "gvisor.dev/gvisor/pkg/fdnotifier" @@ -82,16 +82,16 @@ func newPipeOperations(ctx context.Context, opener NonBlockingOpener, flags fs.F // init initializes p.file. func (p *pipeOperations) init() error { - var s syscall.Stat_t - if err := syscall.Fstat(p.file.FD(), &s); err != nil { + var s unix.Stat_t + if err := unix.Fstat(p.file.FD(), &s); err != nil { log.Warningf("pipe: cannot stat fd %d: %v", p.file.FD(), err) - return syscall.EINVAL + return unix.EINVAL } - if (s.Mode & syscall.S_IFMT) != syscall.S_IFIFO { + if (s.Mode & unix.S_IFMT) != unix.S_IFIFO { log.Warningf("pipe: cannot load fd %d as pipe, file type: %o", p.file.FD(), s.Mode) - return syscall.EINVAL + return unix.EINVAL } - if err := syscall.SetNonblock(p.file.FD(), true); err != nil { + if err := unix.SetNonblock(p.file.FD(), true); err != nil { return err } return fdnotifier.AddFD(int32(p.file.FD()), &p.Queue) diff --git a/pkg/sentry/fs/fdpipe/pipe_opener.go b/pkg/sentry/fs/fdpipe/pipe_opener.go index 0c3595998..adda19168 100644 --- a/pkg/sentry/fs/fdpipe/pipe_opener.go +++ b/pkg/sentry/fs/fdpipe/pipe_opener.go @@ -17,9 +17,9 @@ package fdpipe import ( "io" "os" - "syscall" "time" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fd" "gvisor.dev/gvisor/pkg/sentry/fs" @@ -96,7 +96,7 @@ func (p *pipeOpenState) TryOpen(ctx context.Context, opener NonBlockingOpener, f switch { // Reject invalid configurations so they don't accidentally succeed below. case !flags.Read && !flags.Write: - return nil, syscall.EINVAL + return nil, unix.EINVAL // Handle opening RDWR or with O_NONBLOCK: will never block, so try only once. case (flags.Read && flags.Write) || flags.NonBlocking: @@ -155,7 +155,7 @@ func (p *pipeOpenState) TryOpenReadOnly(ctx context.Context, opener NonBlockingO // Any error that is not EWOULDBLOCK also means we're not // ready yet, and probably never will be ready. In this // case we need to close the host pipe we opened. - if unwrapError(rerr) != syscall.EWOULDBLOCK { + if unwrapError(rerr) != unix.EWOULDBLOCK { p.hostFile.Close() return nil, rerr } @@ -183,7 +183,7 @@ func (p *pipeOpenState) TryOpenReadOnly(ctx context.Context, opener NonBlockingO // to an syserror.ErrWouldBlock, to tell callers to retry. func (*pipeOpenState) TryOpenWriteOnly(ctx context.Context, opener NonBlockingOpener) (*pipeOperations, error) { hostFile, err := opener.NonBlockingOpen(ctx, fs.PermMask{Write: true}) - if unwrapError(err) == syscall.ENXIO { + if unwrapError(err) == unix.ENXIO { return nil, syserror.ErrWouldBlock } if err != nil { diff --git a/pkg/sentry/fs/fsutil/host_file_mapper.go b/pkg/sentry/fs/fsutil/host_file_mapper.go index 4468f5dd2..54f7b7cdc 100644 --- a/pkg/sentry/fs/fsutil/host_file_mapper.go +++ b/pkg/sentry/fs/fsutil/host_file_mapper.go @@ -16,8 +16,8 @@ package fsutil import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/safemem" "gvisor.dev/gvisor/pkg/sentry/memmap" @@ -44,7 +44,7 @@ type HostFileMapper struct { mapsMu sync.Mutex `state:"nosave"` // mappings maps chunk start offsets to mappings of those chunks, - // obtained by calling syscall.Mmap. mappings is protected by + // obtained by calling unix.Mmap. mappings is protected by // mapsMu. mappings map[uint64]mapping `state:"nosave"` } @@ -157,19 +157,19 @@ func (f *HostFileMapper) MapInternal(fr memmap.FileRange, fd int, write bool) (s // Preconditions: f.mapsMu must be locked. func (f *HostFileMapper) forEachMappingBlockLocked(fr memmap.FileRange, fd int, write bool, fn func(safemem.Block)) error { - prot := syscall.PROT_READ + prot := unix.PROT_READ if write { - prot |= syscall.PROT_WRITE + prot |= unix.PROT_WRITE } for chunkStart := fr.Start &^ chunkMask; chunkStart < fr.End; chunkStart += chunkSize { m, ok := f.mappings[chunkStart] if !ok { - addr, _, errno := syscall.Syscall6( - syscall.SYS_MMAP, + addr, _, errno := unix.Syscall6( + unix.SYS_MMAP, 0, chunkSize, uintptr(prot), - syscall.MAP_SHARED, + unix.MAP_SHARED, uintptr(fd), uintptr(chunkStart)) if errno != 0 { @@ -178,12 +178,12 @@ func (f *HostFileMapper) forEachMappingBlockLocked(fr memmap.FileRange, fd int, m = mapping{addr, write} f.mappings[chunkStart] = m } else if write && !m.writable { - addr, _, errno := syscall.Syscall6( - syscall.SYS_MMAP, + addr, _, errno := unix.Syscall6( + unix.SYS_MMAP, m.addr, chunkSize, uintptr(prot), - syscall.MAP_SHARED|syscall.MAP_FIXED, + unix.MAP_SHARED|unix.MAP_FIXED, uintptr(fd), uintptr(chunkStart)) if errno != 0 { @@ -219,7 +219,7 @@ func (f *HostFileMapper) UnmapAll() { // * f.mapsMu must be locked. // * f.mappings[chunkStart] == m. func (f *HostFileMapper) unmapAndRemoveLocked(chunkStart uint64, m mapping) { - if _, _, errno := syscall.Syscall(syscall.SYS_MUNMAP, m.addr, chunkSize, 0); errno != 0 { + if _, _, errno := unix.Syscall(unix.SYS_MUNMAP, m.addr, chunkSize, 0); errno != 0 { // This leaks address space and is unexpected, but is otherwise // harmless, so complain but don't panic. log.Warningf("HostFileMapper: failed to unmap mapping %#x for chunk %#x: %v", m.addr, chunkStart, errno) @@ -234,16 +234,16 @@ func (f *HostFileMapper) RegenerateMappings(fd int) error { defer f.mapsMu.Unlock() for chunkStart, m := range f.mappings { - prot := syscall.PROT_READ + prot := unix.PROT_READ if m.writable { - prot |= syscall.PROT_WRITE + prot |= unix.PROT_WRITE } - _, _, errno := syscall.Syscall6( - syscall.SYS_MMAP, + _, _, errno := unix.Syscall6( + unix.SYS_MMAP, m.addr, chunkSize, uintptr(prot), - syscall.MAP_SHARED|syscall.MAP_FIXED, + unix.MAP_SHARED|unix.MAP_FIXED, uintptr(fd), uintptr(chunkStart)) if errno != 0 { diff --git a/pkg/sentry/fs/gofer/attr.go b/pkg/sentry/fs/gofer/attr.go index e5579095b..cffc756cc 100644 --- a/pkg/sentry/fs/gofer/attr.go +++ b/pkg/sentry/fs/gofer/attr.go @@ -15,8 +15,7 @@ package gofer import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/p9" "gvisor.dev/gvisor/pkg/sentry/fs" @@ -36,7 +35,7 @@ func getattr(ctx context.Context, file contextFile) (p9.QID, p9.AttrMask, p9.Att // Require mode, size, and raw device id. if !valid.Mode || !valid.Size || !valid.RDev { - return qid, valid, attr, syscall.EIO + return qid, valid, attr, unix.EIO } return qid, valid, attr, nil diff --git a/pkg/sentry/fs/gofer/file.go b/pkg/sentry/fs/gofer/file.go index bb63448cb..06d450ba6 100644 --- a/pkg/sentry/fs/gofer/file.go +++ b/pkg/sentry/fs/gofer/file.go @@ -16,9 +16,9 @@ package gofer import ( "fmt" - "syscall" "time" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/p9" @@ -307,7 +307,7 @@ func (f *fileOperations) Fsync(ctx context.Context, file *fs.File, start, end in // Sync remote caches. if f.handles.Host != nil { // Sync the host fd directly. - return syscall.Fsync(f.handles.Host.FD()) + return unix.Fsync(f.handles.Host.FD()) } // Otherwise sync on the p9.File handle. return f.handles.File.fsync(ctx) diff --git a/pkg/sentry/fs/gofer/inode.go b/pkg/sentry/fs/gofer/inode.go index e840b6f5e..b97635ec4 100644 --- a/pkg/sentry/fs/gofer/inode.go +++ b/pkg/sentry/fs/gofer/inode.go @@ -16,8 +16,8 @@ package gofer import ( "errors" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fd" @@ -273,7 +273,7 @@ func (i *inodeFileState) recreateReadHandles(ctx context.Context, writer *handle // operations on the old will see the new data. Then, make the new handle take // ownereship of the old FD and mark the old readHandle to not close the FD // when done. - if err := syscall.Dup3(h.Host.FD(), i.readHandles.Host.FD(), syscall.O_CLOEXEC); err != nil { + if err := unix.Dup3(h.Host.FD(), i.readHandles.Host.FD(), unix.O_CLOEXEC); err != nil { return err } @@ -489,7 +489,7 @@ func (i *inodeOperations) GetFile(ctx context.Context, d *fs.Dirent, flags fs.Fi func (i *inodeOperations) getFileSocket(ctx context.Context, d *fs.Dirent, flags fs.FileFlags) (*fs.File, error) { f, err := i.fileState.file.connect(ctx, p9.AnonymousSocket) if err != nil { - return nil, syscall.EIO + return nil, unix.EIO } fsf, err := host.NewSocketWithDirent(ctx, d, f, flags) if err != nil { @@ -654,7 +654,7 @@ func (i *inodeOperations) WriteOut(ctx context.Context, inode *fs.Inode) error { // Readlink implements fs.InodeOperations.Readlink. func (i *inodeOperations) Readlink(ctx context.Context, inode *fs.Inode) (string, error) { if !fs.IsSymlink(inode.StableAttr) { - return "", syscall.ENOLINK + return "", unix.ENOLINK } return i.fileState.file.readlink(ctx) } @@ -704,10 +704,10 @@ func (i *inodeOperations) configureMMap(file *fs.File, opts *memmap.MMapOpts) er } func init() { - syserror.AddErrorUnwrapper(func(err error) (syscall.Errno, bool) { + syserror.AddErrorUnwrapper(func(err error) (unix.Errno, bool) { if _, ok := err.(p9.ErrSocket); ok { // Treat as an I/O error. - return syscall.EIO, true + return unix.EIO, true } return 0, false }) diff --git a/pkg/sentry/fs/gofer/util.go b/pkg/sentry/fs/gofer/util.go index 47a6c69bf..3cc6a7f7b 100644 --- a/pkg/sentry/fs/gofer/util.go +++ b/pkg/sentry/fs/gofer/util.go @@ -15,8 +15,7 @@ package gofer import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/p9" "gvisor.dev/gvisor/pkg/sentry/fs" @@ -67,6 +66,6 @@ func openFlagsFromPerms(p fs.PermMask) (p9.OpenFlags, error) { case p.Read: return p9.ReadOnly, nil default: - return 0, syscall.EINVAL + return 0, unix.EINVAL } } diff --git a/pkg/sentry/fs/host/control.go b/pkg/sentry/fs/host/control.go index 0d8d36afa..e53998be1 100644 --- a/pkg/sentry/fs/host/control.go +++ b/pkg/sentry/fs/host/control.go @@ -15,8 +15,7 @@ package host import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/sentry/fs" "gvisor.dev/gvisor/pkg/sentry/socket/control" @@ -59,7 +58,7 @@ func (c *scmRights) Clone() transport.RightsControlMessage { // Release implements transport.RightsControlMessage.Release. func (c *scmRights) Release(ctx context.Context) { for _, fd := range c.fds { - syscall.Close(fd) + unix.Close(fd) } c.fds = nil } @@ -71,7 +70,7 @@ func fdsToFiles(ctx context.Context, fds []int) []*fs.File { for _, fd := range fds { // Get flags. We do it here because they may be modified // by subsequent functions. - fileFlags, _, errno := syscall.Syscall(syscall.SYS_FCNTL, uintptr(fd), syscall.F_GETFL, 0) + fileFlags, _, errno := unix.Syscall(unix.SYS_FCNTL, uintptr(fd), unix.F_GETFL, 0) if errno != 0 { ctx.Warningf("Error retrieving host FD flags: %v", error(errno)) break @@ -86,7 +85,7 @@ func fdsToFiles(ctx context.Context, fds []int) []*fs.File { // Set known flags. file.SetFlags(fs.SettableFileFlags{ - NonBlocking: fileFlags&syscall.O_NONBLOCK != 0, + NonBlocking: fileFlags&unix.O_NONBLOCK != 0, }) files = append(files, file) diff --git a/pkg/sentry/fs/host/descriptor.go b/pkg/sentry/fs/host/descriptor.go index cfdce6a74..5667b94a1 100644 --- a/pkg/sentry/fs/host/descriptor.go +++ b/pkg/sentry/fs/host/descriptor.go @@ -16,8 +16,8 @@ package host import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/fdnotifier" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/waiter" @@ -48,14 +48,14 @@ func newDescriptor(fd int, saveable bool, wouldBlock bool, queue *waiter.Queue) origFD := -1 if saveable { var err error - ownedFD, err = syscall.Dup(fd) + ownedFD, err = unix.Dup(fd) if err != nil { return nil, err } origFD = fd } if wouldBlock { - if err := syscall.SetNonblock(ownedFD, true); err != nil { + if err := unix.SetNonblock(ownedFD, true); err != nil { return nil, err } if err := fdnotifier.AddFD(int32(ownedFD), queue); err != nil { @@ -72,12 +72,12 @@ func newDescriptor(fd int, saveable bool, wouldBlock bool, queue *waiter.Queue) // initAfterLoad initializes the value of the descriptor after Load. func (d *descriptor) initAfterLoad(id uint64, queue *waiter.Queue) error { var err error - d.value, err = syscall.Dup(d.origFD) + d.value, err = unix.Dup(d.origFD) if err != nil { return fmt.Errorf("failed to dup restored fd %d: %v", d.origFD, err) } if d.wouldBlock { - if err := syscall.SetNonblock(d.value, true); err != nil { + if err := unix.SetNonblock(d.value, true); err != nil { return err } if err := fdnotifier.AddFD(int32(d.value), queue); err != nil { @@ -92,7 +92,7 @@ func (d *descriptor) Release() { if d.wouldBlock { fdnotifier.RemoveFD(int32(d.value)) } - if err := syscall.Close(d.value); err != nil { + if err := unix.Close(d.value); err != nil { log.Warningf("error closing fd %d: %v", d.value, err) } d.value = -1 diff --git a/pkg/sentry/fs/host/file.go b/pkg/sentry/fs/host/file.go index fd4e057d8..07bd078b7 100644 --- a/pkg/sentry/fs/host/file.go +++ b/pkg/sentry/fs/host/file.go @@ -16,8 +16,8 @@ package host import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fd" "gvisor.dev/gvisor/pkg/fdnotifier" @@ -78,16 +78,16 @@ func ImportFile(ctx context.Context, fd int, isTTY bool) (*fs.File, error) { // newFileFromDonatedFD returns an fs.File from a donated FD. If the FD is // saveable, then saveable is true. func newFileFromDonatedFD(ctx context.Context, donated int, saveable, isTTY bool) (*fs.File, error) { - var s syscall.Stat_t - if err := syscall.Fstat(donated, &s); err != nil { + var s unix.Stat_t + if err := unix.Fstat(donated, &s); err != nil { return nil, err } flags, err := fileFlagsFromDonatedFD(donated) if err != nil { return nil, err } - switch s.Mode & syscall.S_IFMT { - case syscall.S_IFSOCK: + switch s.Mode & unix.S_IFMT { + case unix.S_IFSOCK: if isTTY { return nil, fmt.Errorf("cannot import host socket as TTY") } @@ -121,19 +121,19 @@ func newFileFromDonatedFD(ctx context.Context, donated int, saveable, isTTY bool } func fileFlagsFromDonatedFD(donated int) (fs.FileFlags, error) { - flags, _, errno := syscall.Syscall(syscall.SYS_FCNTL, uintptr(donated), syscall.F_GETFL, 0) + flags, _, errno := unix.Syscall(unix.SYS_FCNTL, uintptr(donated), unix.F_GETFL, 0) if errno != 0 { log.Warningf("Failed to get file flags for donated FD %d (errno=%d)", donated, errno) - return fs.FileFlags{}, syscall.EIO + return fs.FileFlags{}, unix.EIO } - accmode := flags & syscall.O_ACCMODE + accmode := flags & unix.O_ACCMODE return fs.FileFlags{ - Direct: flags&syscall.O_DIRECT != 0, - NonBlocking: flags&syscall.O_NONBLOCK != 0, - Sync: flags&syscall.O_SYNC != 0, - Append: flags&syscall.O_APPEND != 0, - Read: accmode == syscall.O_RDONLY || accmode == syscall.O_RDWR, - Write: accmode == syscall.O_WRONLY || accmode == syscall.O_RDWR, + Direct: flags&unix.O_DIRECT != 0, + NonBlocking: flags&unix.O_NONBLOCK != 0, + Sync: flags&unix.O_SYNC != 0, + Append: flags&unix.O_APPEND != 0, + Read: accmode == unix.O_RDONLY || accmode == unix.O_RDWR, + Write: accmode == unix.O_WRONLY || accmode == unix.O_RDWR, }, nil } @@ -182,7 +182,7 @@ func (f *fileOperations) Readdir(ctx context.Context, file *fs.File, serializer func (f *fileOperations) IterateDir(ctx context.Context, d *fs.Dirent, dirCtx *fs.DirCtx, offset int) (int, error) { // We only support non-directory file descriptors that have been // imported, so just claim that this isn't a directory, even if it is. - return offset, syscall.ENOTDIR + return offset, unix.ENOTDIR } // Write implements fs.FileOperations.Write. @@ -252,7 +252,7 @@ func (f *fileOperations) Fsync(ctx context.Context, file *fs.File, start int64, } fallthrough case fs.SyncBackingStorage: - return syscall.Fsync(f.iops.fileState.FD()) + return unix.Fsync(f.iops.fileState.FD()) } panic("invalid sync type") } diff --git a/pkg/sentry/fs/host/inode.go b/pkg/sentry/fs/host/inode.go index df4b265fa..e299b532c 100644 --- a/pkg/sentry/fs/host/inode.go +++ b/pkg/sentry/fs/host/inode.go @@ -15,8 +15,7 @@ package host import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fd" "gvisor.dev/gvisor/pkg/safemem" @@ -117,12 +116,12 @@ func (i *inodeFileState) SetMaskedAttributes(ctx context.Context, mask fs.AttrMa return syserror.EPERM } if mask.Perms { - if err := syscall.Fchmod(i.FD(), uint32(attr.Perms.LinuxMode())); err != nil { + if err := unix.Fchmod(i.FD(), uint32(attr.Perms.LinuxMode())); err != nil { return err } } if mask.Size { - if err := syscall.Ftruncate(i.FD(), attr.Size); err != nil { + if err := unix.Ftruncate(i.FD(), attr.Size); err != nil { return err } } @@ -142,7 +141,7 @@ func (i *inodeFileState) SetMaskedAttributes(ctx context.Context, mask fs.AttrMa // Sync implements fsutil.CachedFileObject.Sync. func (i *inodeFileState) Sync(ctx context.Context) error { - return syscall.Fsync(i.FD()) + return unix.Fsync(i.FD()) } // FD implements fsutil.CachedFileObject.FD. @@ -151,8 +150,8 @@ func (i *inodeFileState) FD() int { } func (i *inodeFileState) unstableAttr(ctx context.Context) (fs.UnstableAttr, error) { - var s syscall.Stat_t - if err := syscall.Fstat(i.FD(), &s); err != nil { + var s unix.Stat_t + if err := unix.Fstat(i.FD(), &s); err != nil { return fs.UnstableAttr{}, err } return unstableAttr(&s), nil @@ -160,7 +159,7 @@ func (i *inodeFileState) unstableAttr(ctx context.Context) (fs.UnstableAttr, err // Allocate implements fsutil.CachedFileObject.Allocate. func (i *inodeFileState) Allocate(_ context.Context, offset, length int64) error { - return syscall.Fallocate(i.FD(), 0, offset, length) + return unix.Fallocate(i.FD(), 0, offset, length) } // inodeOperations implements fs.InodeOperations. @@ -169,8 +168,8 @@ var _ fs.InodeOperations = (*inodeOperations)(nil) // newInode returns a new fs.Inode backed by the host FD. func newInode(ctx context.Context, msrc *fs.MountSource, fd int, saveable bool) (*fs.Inode, error) { // Retrieve metadata. - var s syscall.Stat_t - err := syscall.Fstat(fd, &s) + var s unix.Stat_t + err := unix.Fstat(fd, &s) if err != nil { return nil, err } @@ -324,7 +323,7 @@ func (i *inodeOperations) SetPermissions(ctx context.Context, inode *fs.Inode, f // Then just change the timestamps on the FD, the host // will synchronize the metadata update with any host // inode and page cache. - return syscall.Fchmod(i.fileState.FD(), uint32(f.LinuxMode())) == nil + return unix.Fchmod(i.fileState.FD(), uint32(f.LinuxMode())) == nil } // Otherwise update our cached metadata. return i.cachingInodeOps.SetPermissions(ctx, inode, f) @@ -350,7 +349,7 @@ func (i *inodeOperations) Truncate(ctx context.Context, inode *fs.Inode, size in // Then just change the file size on the FD, the host // will synchronize the metadata update with any host // inode and page cache. - return syscall.Ftruncate(i.fileState.FD(), size) + return unix.Ftruncate(i.fileState.FD(), size) } // Otherwise we need to go through cachingInodeOps, even if the host page // cache is in use, to invalidate private copies of truncated pages. diff --git a/pkg/sentry/fs/host/inode_state.go b/pkg/sentry/fs/host/inode_state.go index 1adbd4562..03531b7e7 100644 --- a/pkg/sentry/fs/host/inode_state.go +++ b/pkg/sentry/fs/host/inode_state.go @@ -16,8 +16,8 @@ package host import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/sentry/device" "gvisor.dev/gvisor/pkg/sentry/fs" ) @@ -30,8 +30,8 @@ func (i *inodeFileState) afterLoad() { } // Remap the inode number. - var s syscall.Stat_t - if err := syscall.Fstat(i.FD(), &s); err != nil { + var s unix.Stat_t + if err := unix.Fstat(i.FD(), &s); err != nil { panic(fs.ErrCorruption{fmt.Errorf("failed to get metadata for fd %d: %v", i.FD(), err)}) } key := device.MultiDeviceKey{ diff --git a/pkg/sentry/fs/host/ioctl_unsafe.go b/pkg/sentry/fs/host/ioctl_unsafe.go index 150ac8e19..303ea4d9b 100644 --- a/pkg/sentry/fs/host/ioctl_unsafe.go +++ b/pkg/sentry/fs/host/ioctl_unsafe.go @@ -15,9 +15,9 @@ package host import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" ) @@ -25,7 +25,7 @@ import ( func ioctlGetTermios(fd int) (*linux.Termios, error) { var t linux.Termios - _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t))) + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t))) if errno != 0 { return nil, errno } @@ -33,7 +33,7 @@ func ioctlGetTermios(fd int) (*linux.Termios, error) { } func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error { - _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t))) + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t))) if errno != 0 { return errno } @@ -42,7 +42,7 @@ func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error { func ioctlGetWinsize(fd int) (*linux.Winsize, error) { var w linux.Winsize - _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w))) + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w))) if errno != 0 { return nil, errno } @@ -50,7 +50,7 @@ func ioctlGetWinsize(fd int) (*linux.Winsize, error) { } func ioctlSetWinsize(fd int, w *linux.Winsize) error { - _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w))) + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w))) if errno != 0 { return errno } diff --git a/pkg/sentry/fs/host/socket.go b/pkg/sentry/fs/host/socket.go index 2b58fc52c..f2d96d1ec 100644 --- a/pkg/sentry/fs/host/socket.go +++ b/pkg/sentry/fs/host/socket.go @@ -17,8 +17,8 @@ package host import ( "fmt" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fd" @@ -75,26 +75,26 @@ type ConnectedEndpoint struct { // init performs initialization required for creating new ConnectedEndpoints and // for restoring them. func (c *ConnectedEndpoint) init() *syserr.Error { - family, err := syscall.GetsockoptInt(c.file.FD(), syscall.SOL_SOCKET, syscall.SO_DOMAIN) + family, err := unix.GetsockoptInt(c.file.FD(), unix.SOL_SOCKET, unix.SO_DOMAIN) if err != nil { return syserr.FromError(err) } - if family != syscall.AF_UNIX { + if family != unix.AF_UNIX { // We only allow Unix sockets. return syserr.ErrInvalidEndpointState } - stype, err := syscall.GetsockoptInt(c.file.FD(), syscall.SOL_SOCKET, syscall.SO_TYPE) + stype, err := unix.GetsockoptInt(c.file.FD(), unix.SOL_SOCKET, unix.SO_TYPE) if err != nil { return syserr.FromError(err) } - if err := syscall.SetNonblock(c.file.FD(), true); err != nil { + if err := unix.SetNonblock(c.file.FD(), true); err != nil { return syserr.FromError(err) } - sndbuf, err := syscall.GetsockoptInt(c.file.FD(), syscall.SOL_SOCKET, syscall.SO_SNDBUF) + sndbuf, err := unix.GetsockoptInt(c.file.FD(), unix.SOL_SOCKET, unix.SO_SNDBUF) if err != nil { return syserr.FromError(err) } @@ -168,7 +168,7 @@ func newSocket(ctx context.Context, orgfd int, saveable bool) (*fs.File, error) srfd := -1 if saveable { var err error - ownedfd, err = syscall.Dup(orgfd) + ownedfd, err = unix.Dup(orgfd) if err != nil { return nil, err } @@ -233,7 +233,7 @@ func (c *ConnectedEndpoint) CloseSend() { c.mu.Lock() defer c.mu.Unlock() - if err := syscall.Shutdown(c.file.FD(), syscall.SHUT_WR); err != nil { + if err := unix.Shutdown(c.file.FD(), unix.SHUT_WR); err != nil { // A well-formed UDS shutdown can't fail. See // net/unix/af_unix.c:unix_shutdown. panic(fmt.Sprintf("failed write shutdown on host socket %+v: %v", c, err)) @@ -333,7 +333,7 @@ func (c *ConnectedEndpoint) CloseRecv() { c.mu.Lock() defer c.mu.Unlock() - if err := syscall.Shutdown(c.file.FD(), syscall.SHUT_RD); err != nil { + if err := unix.Shutdown(c.file.FD(), unix.SHUT_RD); err != nil { // A well-formed UDS shutdown can't fail. See // net/unix/af_unix.c:unix_shutdown. panic(fmt.Sprintf("failed read shutdown on host socket %+v: %v", c, err)) diff --git a/pkg/sentry/fs/host/socket_iovec.go b/pkg/sentry/fs/host/socket_iovec.go index 905afb50d..7380d75e7 100644 --- a/pkg/sentry/fs/host/socket_iovec.go +++ b/pkg/sentry/fs/host/socket_iovec.go @@ -15,8 +15,7 @@ package host import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/iovec" "gvisor.dev/gvisor/pkg/syserror" ) @@ -54,7 +53,7 @@ func copyFromMulti(dst []byte, src [][]byte) { // // If intermediate != nil, iovecs references intermediate rather than bufs and // the caller must copy to/from bufs as necessary. -func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []syscall.Iovec, intermediate []byte, err error) { +func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []unix.Iovec, intermediate []byte, err error) { var iovsRequired int for _, b := range bufs { length += int64(len(b)) @@ -78,14 +77,14 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec // Use a single intermediate buffer instead. b := make([]byte, stopLen) - return stopLen, []syscall.Iovec{{ + return stopLen, []unix.Iovec{{ Base: &b[0], Len: uint64(stopLen), }}, b, err } var total int64 - iovecs = make([]syscall.Iovec, 0, iovsRequired) + iovecs = make([]unix.Iovec, 0, iovsRequired) for i := range bufs { l := len(bufs[i]) if l == 0 { @@ -97,7 +96,7 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec stop = stopLen - total } - iovecs = append(iovecs, syscall.Iovec{ + iovecs = append(iovecs, unix.Iovec{ Base: &bufs[i][0], Len: uint64(stop), }) diff --git a/pkg/sentry/fs/host/socket_state.go b/pkg/sentry/fs/host/socket_state.go index 498018f0a..1d3e5298a 100644 --- a/pkg/sentry/fs/host/socket_state.go +++ b/pkg/sentry/fs/host/socket_state.go @@ -16,8 +16,8 @@ package host import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/fd" ) @@ -30,7 +30,7 @@ func (c *ConnectedEndpoint) beforeSave() { // afterLoad is invoked by stateify. func (c *ConnectedEndpoint) afterLoad() { - f, err := syscall.Dup(c.srfd) + f, err := unix.Dup(c.srfd) if err != nil { panic(fmt.Sprintf("failed to dup restored FD %d: %v", c.srfd, err)) } diff --git a/pkg/sentry/fs/host/socket_unsafe.go b/pkg/sentry/fs/host/socket_unsafe.go index c8231e0aa..95f5d39bd 100644 --- a/pkg/sentry/fs/host/socket_unsafe.go +++ b/pkg/sentry/fs/host/socket_unsafe.go @@ -15,8 +15,9 @@ package host import ( - "syscall" "unsafe" + + "golang.org/x/sys/unix" ) // LINT.IfChange @@ -26,9 +27,9 @@ import ( // If the total length of bufs is > maxlen, fdReadVec will do a partial read // and err will indicate why the message was truncated. func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (readLen int64, msgLen int64, controlLen uint64, controlTrunc bool, err error) { - flags := uintptr(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC) + flags := uintptr(unix.MSG_DONTWAIT | unix.MSG_TRUNC) if peek { - flags |= syscall.MSG_PEEK + flags |= unix.MSG_PEEK } // Always truncate the receive buffer. All socket types will truncate @@ -39,7 +40,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) ( return 0, 0, 0, false, err } - var msg syscall.Msghdr + var msg unix.Msghdr if len(control) != 0 { msg.Control = &control[0] msg.Controllen = uint64(len(control)) @@ -50,7 +51,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) ( msg.Iovlen = uint64(len(iovecs)) } - rawN, _, e := syscall.RawSyscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags) + rawN, _, e := unix.RawSyscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags) if e != 0 { // N.B. prioritize the syscall error over the buildIovec error. return 0, 0, 0, false, e @@ -62,7 +63,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) ( copyToMulti(bufs, intermediate) } - controlTrunc = msg.Flags&syscall.MSG_CTRUNC == syscall.MSG_CTRUNC + controlTrunc = msg.Flags&unix.MSG_CTRUNC == unix.MSG_CTRUNC if n > length { return length, n, msg.Controllen, controlTrunc, nil @@ -87,13 +88,13 @@ func fdWriteVec(fd int, bufs [][]byte, maxlen int64, truncate bool) (int64, int6 copyFromMulti(intermediate, bufs) } - var msg syscall.Msghdr + var msg unix.Msghdr if len(iovecs) > 0 { msg.Iov = &iovecs[0] msg.Iovlen = uint64(len(iovecs)) } - n, _, e := syscall.RawSyscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), syscall.MSG_DONTWAIT|syscall.MSG_NOSIGNAL) + n, _, e := unix.RawSyscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), unix.MSG_DONTWAIT|unix.MSG_NOSIGNAL) if e != 0 { // N.B. prioritize the syscall error over the buildIovec error. return 0, length, e diff --git a/pkg/sentry/fs/host/util.go b/pkg/sentry/fs/host/util.go index 1b0356930..ab74724a3 100644 --- a/pkg/sentry/fs/host/util.go +++ b/pkg/sentry/fs/host/util.go @@ -16,8 +16,8 @@ package host import ( "os" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/sentry/device" @@ -27,21 +27,21 @@ import ( "gvisor.dev/gvisor/pkg/syserror" ) -func nodeType(s *syscall.Stat_t) fs.InodeType { - switch x := (s.Mode & syscall.S_IFMT); x { - case syscall.S_IFLNK: +func nodeType(s *unix.Stat_t) fs.InodeType { + switch x := (s.Mode & unix.S_IFMT); x { + case unix.S_IFLNK: return fs.Symlink - case syscall.S_IFIFO: + case unix.S_IFIFO: return fs.Pipe - case syscall.S_IFCHR: + case unix.S_IFCHR: return fs.CharacterDevice - case syscall.S_IFBLK: + case unix.S_IFBLK: return fs.BlockDevice - case syscall.S_IFSOCK: + case unix.S_IFSOCK: return fs.Socket - case syscall.S_IFDIR: + case unix.S_IFDIR: return fs.Directory - case syscall.S_IFREG: + case unix.S_IFREG: return fs.RegularFile default: // This shouldn't happen, but just in case... @@ -50,12 +50,12 @@ func nodeType(s *syscall.Stat_t) fs.InodeType { } } -func wouldBlock(s *syscall.Stat_t) bool { +func wouldBlock(s *unix.Stat_t) bool { typ := nodeType(s) return typ == fs.Pipe || typ == fs.Socket || typ == fs.CharacterDevice } -func stableAttr(s *syscall.Stat_t) fs.StableAttr { +func stableAttr(s *unix.Stat_t) fs.StableAttr { return fs.StableAttr{ Type: nodeType(s), DeviceID: hostFileDevice.DeviceID(), @@ -67,14 +67,14 @@ func stableAttr(s *syscall.Stat_t) fs.StableAttr { } } -func owner(s *syscall.Stat_t) fs.FileOwner { +func owner(s *unix.Stat_t) fs.FileOwner { return fs.FileOwner{ UID: auth.KUID(s.Uid), GID: auth.KGID(s.Gid), } } -func unstableAttr(s *syscall.Stat_t) fs.UnstableAttr { +func unstableAttr(s *unix.Stat_t) fs.UnstableAttr { return fs.UnstableAttr{ Size: s.Size, Usage: s.Blocks * 512, diff --git a/pkg/sentry/fs/host/util_amd64_unsafe.go b/pkg/sentry/fs/host/util_amd64_unsafe.go index 66da6e9f5..21782f1da 100644 --- a/pkg/sentry/fs/host/util_amd64_unsafe.go +++ b/pkg/sentry/fs/host/util_amd64_unsafe.go @@ -17,18 +17,19 @@ package host import ( - "syscall" "unsafe" + + "golang.org/x/sys/unix" ) -func fstatat(fd int, name string, flags int) (syscall.Stat_t, error) { - var stat syscall.Stat_t - namePtr, err := syscall.BytePtrFromString(name) +func fstatat(fd int, name string, flags int) (unix.Stat_t, error) { + var stat unix.Stat_t + namePtr, err := unix.BytePtrFromString(name) if err != nil { return stat, err } - _, _, errno := syscall.Syscall6( - syscall.SYS_NEWFSTATAT, + _, _, errno := unix.Syscall6( + unix.SYS_NEWFSTATAT, uintptr(fd), uintptr(unsafe.Pointer(namePtr)), uintptr(unsafe.Pointer(&stat)), diff --git a/pkg/sentry/fs/host/util_arm64_unsafe.go b/pkg/sentry/fs/host/util_arm64_unsafe.go index e8cb94aeb..ed8f5242a 100644 --- a/pkg/sentry/fs/host/util_arm64_unsafe.go +++ b/pkg/sentry/fs/host/util_arm64_unsafe.go @@ -17,18 +17,19 @@ package host import ( - "syscall" "unsafe" + + "golang.org/x/sys/unix" ) -func fstatat(fd int, name string, flags int) (syscall.Stat_t, error) { - var stat syscall.Stat_t - namePtr, err := syscall.BytePtrFromString(name) +func fstatat(fd int, name string, flags int) (unix.Stat_t, error) { + var stat unix.Stat_t + namePtr, err := unix.BytePtrFromString(name) if err != nil { return stat, err } - _, _, errno := syscall.Syscall6( - syscall.SYS_FSTATAT, + _, _, errno := unix.Syscall6( + unix.SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(namePtr)), uintptr(unsafe.Pointer(&stat)), diff --git a/pkg/sentry/fs/host/util_unsafe.go b/pkg/sentry/fs/host/util_unsafe.go index 23bd35d64..3c5e3ed6d 100644 --- a/pkg/sentry/fs/host/util_unsafe.go +++ b/pkg/sentry/fs/host/util_unsafe.go @@ -15,9 +15,9 @@ package host import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/sentry/fs" ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time" @@ -30,8 +30,8 @@ func readLink(fd int) (string, error) { // Buffer sizing copied from os.Readlink. for l := 128; ; l *= 2 { b := make([]byte, l) - n, _, errno := syscall.Syscall6( - syscall.SYS_READLINKAT, + n, _, errno := unix.Syscall6( + unix.SYS_READLINKAT, uintptr(fd), uintptr(unsafe.Pointer(&NulByte)), // "" uintptr(unsafe.Pointer(&b[0])), @@ -46,25 +46,25 @@ func readLink(fd int) (string, error) { } } -func timespecFromTimestamp(t ktime.Time, omit, setSysTime bool) syscall.Timespec { +func timespecFromTimestamp(t ktime.Time, omit, setSysTime bool) unix.Timespec { if omit { - return syscall.Timespec{0, linux.UTIME_OMIT} + return unix.Timespec{0, linux.UTIME_OMIT} } if setSysTime { - return syscall.Timespec{0, linux.UTIME_NOW} + return unix.Timespec{0, linux.UTIME_NOW} } - return syscall.NsecToTimespec(t.Nanoseconds()) + return unix.NsecToTimespec(t.Nanoseconds()) } func setTimestamps(fd int, ts fs.TimeSpec) error { if ts.ATimeOmit && ts.MTimeOmit { return nil } - var sts [2]syscall.Timespec + var sts [2]unix.Timespec sts[0] = timespecFromTimestamp(ts.ATime, ts.ATimeOmit, ts.ATimeSetSystemTime) sts[1] = timespecFromTimestamp(ts.MTime, ts.MTimeOmit, ts.MTimeSetSystemTime) - _, _, errno := syscall.Syscall6( - syscall.SYS_UTIMENSAT, + _, _, errno := unix.Syscall6( + unix.SYS_UTIMENSAT, uintptr(fd), 0, /* path */ uintptr(unsafe.Pointer(&sts)), diff --git a/pkg/sentry/fs/lock/lock.go b/pkg/sentry/fs/lock/lock.go index 57686ce07..7d7a207cc 100644 --- a/pkg/sentry/fs/lock/lock.go +++ b/pkg/sentry/fs/lock/lock.go @@ -52,8 +52,8 @@ package lock import ( "fmt" "math" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/sync" @@ -456,7 +456,7 @@ func ComputeRange(start, length, offset int64) (LockRange, error) { // fcntl(2): "l_start can be a negative number provided the offset // does not lie before the start of the file" if offset < 0 { - return LockRange{}, syscall.EINVAL + return LockRange{}, unix.EINVAL } // fcntl(2): Specifying 0 for l_len has the special meaning: lock all @@ -478,10 +478,10 @@ func ComputeRange(start, length, offset int64) (LockRange, error) { // Add to offset using a negative length (subtract). offset += length if offset < 0 { - return LockRange{}, syscall.EINVAL + return LockRange{}, unix.EINVAL } if signedEnd < offset { - return LockRange{}, syscall.EOVERFLOW + return LockRange{}, unix.EOVERFLOW } // At this point signedEnd cannot be negative, // since we asserted that offset is not negative diff --git a/pkg/sentry/fs/mounts.go b/pkg/sentry/fs/mounts.go index d741c4339..243098a09 100644 --- a/pkg/sentry/fs/mounts.go +++ b/pkg/sentry/fs/mounts.go @@ -17,8 +17,8 @@ package fs import ( "fmt" "math" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/refs" "gvisor.dev/gvisor/pkg/sentry/kernel/auth" @@ -571,13 +571,13 @@ func (mns *MountNamespace) resolve(ctx context.Context, root, node *Dirent, rema // Make sure we didn't exhaust the traversal budget. if *remainingTraversals == 0 { target.DecRef(ctx) - return nil, syscall.ELOOP + return nil, unix.ELOOP } node.DecRef(ctx) // Drop the original reference. return target, nil - case syscall.ENOLINK: + case unix.ENOLINK: // Not a symlink. return node, nil @@ -586,7 +586,7 @@ func (mns *MountNamespace) resolve(ctx context.Context, root, node *Dirent, rema // First, check if we should traverse. if *remainingTraversals == 0 { - return nil, syscall.ELOOP + return nil, unix.ELOOP } // Read the target path. diff --git a/pkg/sentry/fs/ramfs/dir.go b/pkg/sentry/fs/ramfs/dir.go index f4fcddecb..19990f9db 100644 --- a/pkg/sentry/fs/ramfs/dir.go +++ b/pkg/sentry/fs/ramfs/dir.go @@ -17,8 +17,8 @@ package ramfs import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/sentry/fs" @@ -378,8 +378,8 @@ func (d *Dir) Bind(ctx context.Context, dir *fs.Inode, name string, ep transport inode, err := d.createInodeOperationsCommon(ctx, name, func() (*fs.Inode, error) { return d.NewBoundEndpoint(ctx, dir, ep, perms) }) - if err == syscall.EEXIST { - return nil, syscall.EADDRINUSE + if err == unix.EEXIST { + return nil, unix.EADDRINUSE } if err != nil { return nil, err diff --git a/pkg/sentry/fs/save.go b/pkg/sentry/fs/save.go index fe5c76b44..1de9735dc 100644 --- a/pkg/sentry/fs/save.go +++ b/pkg/sentry/fs/save.go @@ -16,8 +16,8 @@ package fs import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/log" ) @@ -65,7 +65,7 @@ func SaveFileFsyncError(err error) error { case nil: // We succeeded, everything is great. return nil - case syscall.EBADF, syscall.EINVAL, syscall.EROFS, syscall.ENOSYS, syscall.EPERM: + case unix.EBADF, unix.EINVAL, unix.EROFS, unix.ENOSYS, unix.EPERM: // These errors mean that the underlying node might not be syncable, // which we expect to be reported as such even from the gofer. log.Infof("failed to sync during save: %v", err) diff --git a/pkg/sentry/fsimpl/eventfd/eventfd.go b/pkg/sentry/fsimpl/eventfd/eventfd.go index 5b29f2358..7f810f720 100644 --- a/pkg/sentry/fsimpl/eventfd/eventfd.go +++ b/pkg/sentry/fsimpl/eventfd/eventfd.go @@ -18,8 +18,8 @@ package eventfd import ( "math" "sync" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fdnotifier" @@ -92,13 +92,13 @@ func (efd *EventFileDescription) HostFD() (int, error) { flags |= linux.EFD_SEMAPHORE } - fd, _, errno := syscall.Syscall(syscall.SYS_EVENTFD2, uintptr(efd.val), uintptr(flags), 0) + fd, _, errno := unix.Syscall(unix.SYS_EVENTFD2, uintptr(efd.val), uintptr(flags), 0) if errno != 0 { return -1, errno } if err := fdnotifier.AddFD(int32(fd), &efd.queue); err != nil { - if closeErr := syscall.Close(int(fd)); closeErr != nil { + if closeErr := unix.Close(int(fd)); closeErr != nil { log.Warningf("close(%d) eventfd failed: %v", fd, closeErr) } return -1, err @@ -114,7 +114,7 @@ func (efd *EventFileDescription) Release(context.Context) { defer efd.mu.Unlock() if efd.hostfd >= 0 { fdnotifier.RemoveFD(int32(efd.hostfd)) - if closeErr := syscall.Close(int(efd.hostfd)); closeErr != nil { + if closeErr := unix.Close(int(efd.hostfd)); closeErr != nil { log.Warningf("close(%d) eventfd failed: %v", efd.hostfd, closeErr) } efd.hostfd = -1 @@ -124,7 +124,7 @@ func (efd *EventFileDescription) Release(context.Context) { // Read implements vfs.FileDescriptionImpl.Read. func (efd *EventFileDescription) Read(ctx context.Context, dst usermem.IOSequence, _ vfs.ReadOptions) (int64, error) { if dst.NumBytes() < 8 { - return 0, syscall.EINVAL + return 0, unix.EINVAL } if err := efd.read(ctx, dst); err != nil { return 0, err @@ -135,7 +135,7 @@ func (efd *EventFileDescription) Read(ctx context.Context, dst usermem.IOSequenc // Write implements vfs.FileDescriptionImpl.Write. func (efd *EventFileDescription) Write(ctx context.Context, src usermem.IOSequence, _ vfs.WriteOptions) (int64, error) { if src.NumBytes() < 8 { - return 0, syscall.EINVAL + return 0, unix.EINVAL } if err := efd.write(ctx, src); err != nil { return 0, err @@ -146,8 +146,8 @@ func (efd *EventFileDescription) Write(ctx context.Context, src usermem.IOSequen // Preconditions: Must be called with efd.mu locked. func (efd *EventFileDescription) hostReadLocked(ctx context.Context, dst usermem.IOSequence) error { var buf [8]byte - if _, err := syscall.Read(efd.hostfd, buf[:]); err != nil { - if err == syscall.EWOULDBLOCK { + if _, err := unix.Read(efd.hostfd, buf[:]); err != nil { + if err == unix.EWOULDBLOCK { return syserror.ErrWouldBlock } return err @@ -197,8 +197,8 @@ func (efd *EventFileDescription) read(ctx context.Context, dst usermem.IOSequenc func (efd *EventFileDescription) hostWriteLocked(val uint64) error { var buf [8]byte usermem.ByteOrder.PutUint64(buf[:], val) - _, err := syscall.Write(efd.hostfd, buf[:]) - if err == syscall.EWOULDBLOCK { + _, err := unix.Write(efd.hostfd, buf[:]) + if err == unix.EWOULDBLOCK { return syserror.ErrWouldBlock } return err @@ -217,7 +217,7 @@ func (efd *EventFileDescription) write(ctx context.Context, src usermem.IOSequen // Signal is an internal function to signal the event fd. func (efd *EventFileDescription) Signal(val uint64) error { if val == math.MaxUint64 { - return syscall.EINVAL + return unix.EINVAL } efd.mu.Lock() diff --git a/pkg/sentry/fsimpl/fuse/connection_control.go b/pkg/sentry/fsimpl/fuse/connection_control.go index 4ab894965..948502db6 100644 --- a/pkg/sentry/fsimpl/fuse/connection_control.go +++ b/pkg/sentry/fsimpl/fuse/connection_control.go @@ -16,8 +16,8 @@ package fuse import ( "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/sentry/kernel/auth" @@ -230,7 +230,7 @@ func (conn *connection) Abort(ctx context.Context) { // sendError() will remove them from `fd.completion` map. // Will enter the path of a normally received error. for _, toTerminate := range terminate { - conn.fd.sendError(ctx, -int32(syscall.ECONNABORTED), toTerminate) + conn.fd.sendError(ctx, -int32(unix.ECONNABORTED), toTerminate) } // 3. The requests not yet written to FUSE device. diff --git a/pkg/sentry/fsimpl/fuse/dev.go b/pkg/sentry/fsimpl/fuse/dev.go index 1bbe6fdb7..1eeb95216 100644 --- a/pkg/sentry/fsimpl/fuse/dev.go +++ b/pkg/sentry/fsimpl/fuse/dev.go @@ -15,8 +15,7 @@ package fuse import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/sentry/kernel" @@ -176,9 +175,9 @@ func (fd *DeviceFD) readLocked(ctx context.Context, dst usermem.IOSequence, opts // The request is too large. Cannot process it. All requests must be smaller than the // negotiated size as specified by Connection.MaxWrite set as part of the FUSE_INIT // handshake. - errno := -int32(syscall.EIO) + errno := -int32(unix.EIO) if req.hdr.Opcode == linux.FUSE_SETXATTR { - errno = -int32(syscall.E2BIG) + errno = -int32(unix.E2BIG) } // Return the error to the calling task. diff --git a/pkg/sentry/fsimpl/fuse/request_response.go b/pkg/sentry/fsimpl/fuse/request_response.go index 41d679358..10fb9d7d2 100644 --- a/pkg/sentry/fsimpl/fuse/request_response.go +++ b/pkg/sentry/fsimpl/fuse/request_response.go @@ -16,8 +16,8 @@ package fuse import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/marshal" "gvisor.dev/gvisor/pkg/sentry/kernel" @@ -199,7 +199,7 @@ func (r *Response) Error() error { return nil } - sysErrNo := syscall.Errno(-errno) + sysErrNo := unix.Errno(-errno) return error(sysErrNo) } diff --git a/pkg/sentry/fsimpl/gofer/gofer.go b/pkg/sentry/fsimpl/gofer/gofer.go index 094d993a8..1508cbdf1 100644 --- a/pkg/sentry/fsimpl/gofer/gofer.go +++ b/pkg/sentry/fsimpl/gofer/gofer.go @@ -40,8 +40,8 @@ import ( "strconv" "strings" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/log" @@ -550,10 +550,10 @@ func (fs *filesystem) Release(ctx context.Context) { d.dataMu.Unlock() // Close host FDs if they exist. if d.readFD >= 0 { - syscall.Close(int(d.readFD)) + unix.Close(int(d.readFD)) } if d.writeFD >= 0 && d.readFD != d.writeFD { - syscall.Close(int(d.writeFD)) + unix.Close(int(d.writeFD)) } d.readFD = -1 d.writeFD = -1 @@ -1505,10 +1505,10 @@ func (d *dentry) destroyLocked(ctx context.Context) { d.readFile = p9file{} d.writeFile = p9file{} if d.readFD >= 0 { - syscall.Close(int(d.readFD)) + unix.Close(int(d.readFD)) } if d.writeFD >= 0 && d.readFD != d.writeFD { - syscall.Close(int(d.writeFD)) + unix.Close(int(d.writeFD)) } d.readFD = -1 d.writeFD = -1 @@ -1686,7 +1686,7 @@ func (d *dentry) ensureSharedHandle(ctx context.Context, read, write, trunc bool // may use the old or new file description, but this // doesn't matter since they refer to the same file, and // any racing mappings must be read-only. - if err := syscall.Dup3(int(h.fd), int(d.readFD), syscall.O_CLOEXEC); err != nil { + if err := unix.Dup3(int(h.fd), int(d.readFD), unix.O_CLOEXEC); err != nil { oldFD := d.readFD d.handleMu.Unlock() ctx.Warningf("gofer.dentry.ensureSharedHandle: failed to dup fd %d to fd %d: %v", h.fd, oldFD, err) @@ -1772,7 +1772,7 @@ func (d *dentry) ensureSharedHandle(ctx context.Context, read, write, trunc bool d.mapsMu.Unlock() } for _, fd := range fdsToClose { - syscall.Close(int(fd)) + unix.Close(int(fd)) } return nil @@ -1808,7 +1808,7 @@ func (d *dentry) syncRemoteFileLocked(ctx context.Context) error { // handles otherwise. if d.writeFD >= 0 { ctx.UninterruptibleSleepStart(false) - err := syscall.Fsync(int(d.writeFD)) + err := unix.Fsync(int(d.writeFD)) ctx.UninterruptibleSleepFinish(false) return err } @@ -1817,7 +1817,7 @@ func (d *dentry) syncRemoteFileLocked(ctx context.Context) error { } if d.readFD >= 0 { ctx.UninterruptibleSleepStart(false) - err := syscall.Fsync(int(d.readFD)) + err := unix.Fsync(int(d.readFD)) ctx.UninterruptibleSleepFinish(false) return err } diff --git a/pkg/sentry/fsimpl/gofer/handle.go b/pkg/sentry/fsimpl/gofer/handle.go index a9ebe1206..0bc201d1c 100644 --- a/pkg/sentry/fsimpl/gofer/handle.go +++ b/pkg/sentry/fsimpl/gofer/handle.go @@ -15,8 +15,7 @@ package gofer import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/p9" "gvisor.dev/gvisor/pkg/safemem" @@ -73,7 +72,7 @@ func (h *handle) close(ctx context.Context) { h.file.close(ctx) h.file = p9file{} if h.fd >= 0 { - syscall.Close(int(h.fd)) + unix.Close(int(h.fd)) h.fd = -1 } } diff --git a/pkg/sentry/fsimpl/gofer/socket.go b/pkg/sentry/fsimpl/gofer/socket.go index a21199eac..fe15f8583 100644 --- a/pkg/sentry/fsimpl/gofer/socket.go +++ b/pkg/sentry/fsimpl/gofer/socket.go @@ -15,8 +15,7 @@ package gofer import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/log" @@ -118,7 +117,7 @@ func (e *endpoint) newConnectedEndpoint(ctx context.Context, flags p9.ConnectFla return nil, syserr.ErrConnectionRefused } // Dup the fd so that the new endpoint can manage its lifetime. - hostFD, err := syscall.Dup(hostFile.FD()) + hostFD, err := unix.Dup(hostFile.FD()) if err != nil { log.Warningf("Could not dup host socket fd %d: %v", hostFile.FD(), err) return nil, syserr.FromError(err) diff --git a/pkg/sentry/fsimpl/gofer/special_file.go b/pkg/sentry/fsimpl/gofer/special_file.go index ae972fcb5..ac3b5b621 100644 --- a/pkg/sentry/fsimpl/gofer/special_file.go +++ b/pkg/sentry/fsimpl/gofer/special_file.go @@ -16,8 +16,8 @@ package gofer import ( "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fdnotifier" @@ -376,7 +376,7 @@ func (fd *specialFileFD) sync(ctx context.Context, forFilesystemSync bool) error // RPC. if fd.handle.fd >= 0 { ctx.UninterruptibleSleepStart(false) - err := syscall.Fsync(int(fd.handle.fd)) + err := unix.Fsync(int(fd.handle.fd)) ctx.UninterruptibleSleepFinish(false) return err } diff --git a/pkg/sentry/fsimpl/host/control.go b/pkg/sentry/fsimpl/host/control.go index 13ef48cb5..1680d456e 100644 --- a/pkg/sentry/fsimpl/host/control.go +++ b/pkg/sentry/fsimpl/host/control.go @@ -15,8 +15,7 @@ package host import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/sentry/kernel" @@ -60,7 +59,7 @@ func (c *scmRights) Clone() transport.RightsControlMessage { // Release implements transport.RightsControlMessage.Release. func (c *scmRights) Release(ctx context.Context) { for _, fd := range c.fds { - syscall.Close(fd) + unix.Close(fd) } c.fds = nil } @@ -72,7 +71,7 @@ func fdsToFiles(ctx context.Context, fds []int) []*vfs.FileDescription { for _, fd := range fds { // Get flags. We do it here because they may be modified // by subsequent functions. - fileFlags, _, errno := syscall.Syscall(syscall.SYS_FCNTL, uintptr(fd), syscall.F_GETFL, 0) + fileFlags, _, errno := unix.Syscall(unix.SYS_FCNTL, uintptr(fd), unix.F_GETFL, 0) if errno != 0 { ctx.Warningf("Error retrieving host FD flags: %v", error(errno)) break diff --git a/pkg/sentry/fsimpl/host/host.go b/pkg/sentry/fsimpl/host/host.go index 05f11fbd5..ad5de80dc 100644 --- a/pkg/sentry/fsimpl/host/host.go +++ b/pkg/sentry/fsimpl/host/host.go @@ -20,7 +20,6 @@ import ( "fmt" "math" "sync/atomic" - "syscall" "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" @@ -112,7 +111,7 @@ func newInode(ctx context.Context, fs *filesystem, hostFD int, savable bool, fil seekable := err != syserror.ESPIPE // We expect regular files to be seekable, as this is required for them to // be memory-mappable. - if !seekable && fileType == syscall.S_IFREG { + if !seekable && fileType == unix.S_IFREG { ctx.Infof("host.newInode: host FD %d is a non-seekable regular file", hostFD) return nil, syserror.ESPIPE } @@ -121,7 +120,7 @@ func newInode(ctx context.Context, fs *filesystem, hostFD int, savable bool, fil hostFD: hostFD, ino: fs.NextIno(), ftype: uint16(fileType), - mayBlock: fileType != syscall.S_IFREG && fileType != syscall.S_IFDIR, + mayBlock: fileType != unix.S_IFREG && fileType != unix.S_IFDIR, seekable: seekable, isTTY: isTTY, savable: savable, @@ -132,7 +131,7 @@ func newInode(ctx context.Context, fs *filesystem, hostFD int, savable bool, fil // If the hostFD can return EWOULDBLOCK when set to non-blocking, do so and // handle blocking behavior in the sentry. if i.mayBlock { - if err := syscall.SetNonblock(i.hostFD, true); err != nil { + if err := unix.SetNonblock(i.hostFD, true); err != nil { return nil, err } if err := fdnotifier.AddFD(int32(i.hostFD), &i.queue); err != nil { @@ -175,7 +174,7 @@ func NewFD(ctx context.Context, mnt *vfs.Mount, hostFD int, opts *NewFDOptions) flags := opts.Flags if !opts.HaveFlags { // Get flags for the imported FD. - flagsInt, err := unix.FcntlInt(uintptr(hostFD), syscall.F_GETFL, 0) + flagsInt, err := unix.FcntlInt(uintptr(hostFD), unix.F_GETFL, 0) if err != nil { return nil, err } @@ -263,8 +262,8 @@ func (fs *filesystem) PrependPath(ctx context.Context, vfsroot, vd vfs.VirtualDe // CheckPermissions implements kernfs.Inode.CheckPermissions. func (i *inode) CheckPermissions(ctx context.Context, creds *auth.Credentials, ats vfs.AccessTypes) error { - var s syscall.Stat_t - if err := syscall.Fstat(i.hostFD, &s); err != nil { + var s unix.Stat_t + if err := unix.Fstat(i.hostFD, &s); err != nil { return err } return vfs.GenericCheckPermissions(creds, ats, linux.FileMode(s.Mode), auth.KUID(s.Uid), auth.KGID(s.Gid)) @@ -272,8 +271,8 @@ func (i *inode) CheckPermissions(ctx context.Context, creds *auth.Credentials, a // Mode implements kernfs.Inode.Mode. func (i *inode) Mode() linux.FileMode { - var s syscall.Stat_t - if err := syscall.Fstat(i.hostFD, &s); err != nil { + var s unix.Stat_t + if err := unix.Fstat(i.hostFD, &s); err != nil { // Retrieving the mode from the host fd using fstat(2) should not fail. // If the syscall does not succeed, something is fundamentally wrong. panic(fmt.Sprintf("failed to retrieve mode from host fd %d: %v", i.hostFD, err)) @@ -405,8 +404,8 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre if m&^(linux.STATX_MODE|linux.STATX_SIZE|linux.STATX_ATIME|linux.STATX_MTIME) != 0 { return syserror.EPERM } - var hostStat syscall.Stat_t - if err := syscall.Fstat(i.hostFD, &hostStat); err != nil { + var hostStat unix.Stat_t + if err := unix.Fstat(i.hostFD, &hostStat); err != nil { return err } if err := vfs.CheckSetStat(ctx, creds, &opts, linux.FileMode(hostStat.Mode), auth.KUID(hostStat.Uid), auth.KGID(hostStat.Gid)); err != nil { @@ -414,7 +413,7 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre } if m&linux.STATX_MODE != 0 { - if err := syscall.Fchmod(i.hostFD, uint32(s.Mode)); err != nil { + if err := unix.Fchmod(i.hostFD, uint32(s.Mode)); err != nil { return err } } @@ -422,7 +421,7 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre if hostStat.Mode&linux.S_IFMT != linux.S_IFREG { return syserror.EINVAL } - if err := syscall.Ftruncate(i.hostFD, int64(s.Size)); err != nil { + if err := unix.Ftruncate(i.hostFD, int64(s.Size)); err != nil { return err } oldSize := uint64(hostStat.Size) @@ -435,7 +434,7 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre } } if m&(linux.STATX_ATIME|linux.STATX_MTIME) != 0 { - ts := [2]syscall.Timespec{ + ts := [2]unix.Timespec{ toTimespec(s.Atime, m&linux.STATX_ATIME == 0), toTimespec(s.Mtime, m&linux.STATX_MTIME == 0), } @@ -468,8 +467,8 @@ func (i *inode) Open(ctx context.Context, rp *vfs.ResolvingPath, d *kernfs.Dentr } func (i *inode) open(ctx context.Context, d *kernfs.Dentry, mnt *vfs.Mount, flags uint32) (*vfs.FileDescription, error) { - var s syscall.Stat_t - if err := syscall.Fstat(i.hostFD, &s); err != nil { + var s unix.Stat_t + if err := unix.Fstat(i.hostFD, &s); err != nil { return nil, err } fileType := s.Mode & linux.FileTypeMask @@ -477,10 +476,10 @@ func (i *inode) open(ctx context.Context, d *kernfs.Dentry, mnt *vfs.Mount, flag // Constrain flags to a subset we can handle. // // TODO(gvisor.dev/issue/2601): Support O_NONBLOCK by adding RWF_NOWAIT to pread/pwrite calls. - flags &= syscall.O_ACCMODE | syscall.O_NONBLOCK | syscall.O_DSYNC | syscall.O_SYNC | syscall.O_APPEND + flags &= unix.O_ACCMODE | unix.O_NONBLOCK | unix.O_DSYNC | unix.O_SYNC | unix.O_APPEND switch fileType { - case syscall.S_IFSOCK: + case unix.S_IFSOCK: if i.isTTY { log.Warningf("cannot use host socket fd %d as TTY", i.hostFD) return nil, syserror.ENOTTY @@ -493,7 +492,7 @@ func (i *inode) open(ctx context.Context, d *kernfs.Dentry, mnt *vfs.Mount, flag // Currently, we only allow Unix sockets to be imported. return unixsocket.NewFileDescription(ep, ep.Type(), flags, mnt, d.VFSDentry(), &i.locks) - case syscall.S_IFREG, syscall.S_IFIFO, syscall.S_IFCHR: + case unix.S_IFREG, unix.S_IFIFO, unix.S_IFCHR: if i.isTTY { fd := &TTYFileDescription{ fileDescription: fileDescription{inode: i}, @@ -675,8 +674,8 @@ func (f *fileDescription) Write(ctx context.Context, src usermem.IOSequence, opt // and writing to the host fd. This is an unavoidable race condition because // we cannot enforce synchronization on the host. if f.vfsfd.StatusFlags()&linux.O_APPEND != 0 { - var s syscall.Stat_t - if err := syscall.Fstat(i.hostFD, &s); err != nil { + var s unix.Stat_t + if err := unix.Fstat(i.hostFD, &s); err != nil { f.offsetMu.Unlock() return 0, err } @@ -737,8 +736,8 @@ func (f *fileDescription) Seek(_ context.Context, offset int64, whence int32) (i f.offset += offset case linux.SEEK_END: - var s syscall.Stat_t - if err := syscall.Fstat(i.hostFD, &s); err != nil { + var s unix.Stat_t + if err := unix.Fstat(i.hostFD, &s); err != nil { return f.offset, err } size := s.Size @@ -781,7 +780,7 @@ func (f *fileDescription) Sync(ctx context.Context) error { func (f *fileDescription) ConfigureMMap(_ context.Context, opts *memmap.MMapOpts) error { // NOTE(b/38213152): Technically, some obscure char devices can be memory // mapped, but we only allow regular files. - if f.inode.ftype != syscall.S_IFREG { + if f.inode.ftype != unix.S_IFREG { return syserror.ENODEV } i := f.inode diff --git a/pkg/sentry/fsimpl/host/ioctl_unsafe.go b/pkg/sentry/fsimpl/host/ioctl_unsafe.go index 0983bf7d8..f666a5875 100644 --- a/pkg/sentry/fsimpl/host/ioctl_unsafe.go +++ b/pkg/sentry/fsimpl/host/ioctl_unsafe.go @@ -15,15 +15,15 @@ package host import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" ) func ioctlGetTermios(fd int) (*linux.Termios, error) { var t linux.Termios - _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t))) + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t))) if errno != 0 { return nil, errno } @@ -31,7 +31,7 @@ func ioctlGetTermios(fd int) (*linux.Termios, error) { } func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error { - _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t))) + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t))) if errno != 0 { return errno } @@ -40,7 +40,7 @@ func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error { func ioctlGetWinsize(fd int) (*linux.Winsize, error) { var w linux.Winsize - _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w))) + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w))) if errno != 0 { return nil, errno } @@ -48,7 +48,7 @@ func ioctlGetWinsize(fd int) (*linux.Winsize, error) { } func ioctlSetWinsize(fd int, w *linux.Winsize) error { - _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w))) + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w))) if errno != 0 { return errno } diff --git a/pkg/sentry/fsimpl/host/save_restore.go b/pkg/sentry/fsimpl/host/save_restore.go index 8800652a9..5688bddc8 100644 --- a/pkg/sentry/fsimpl/host/save_restore.go +++ b/pkg/sentry/fsimpl/host/save_restore.go @@ -18,8 +18,8 @@ import ( "fmt" "io" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/fdnotifier" "gvisor.dev/gvisor/pkg/safemem" "gvisor.dev/gvisor/pkg/sentry/hostfd" @@ -31,7 +31,7 @@ func (i *inode) beforeSave() { if !i.savable { panic("host.inode is not savable") } - if i.ftype == syscall.S_IFIFO { + if i.ftype == unix.S_IFIFO { // If this pipe FD is readable, drain it so that bytes in the pipe can // be read after restore. (This is a legacy VFS1 feature.) We don't // know if the pipe FD is readable, so just try reading and tolerate @@ -45,7 +45,7 @@ func (i *inode) beforeSave() { i.buf = append(i.buf, buf[:n]...) } if err != nil { - if err == io.EOF || err == syscall.EAGAIN || err == syscall.EBADF { + if err == io.EOF || err == unix.EAGAIN || err == unix.EBADF { break } panic(fmt.Errorf("host.inode.beforeSave: buffering from pipe failed: %v", err)) @@ -60,7 +60,7 @@ func (i *inode) beforeSave() { // afterLoad is invoked by stateify. func (i *inode) afterLoad() { if i.mayBlock { - if err := syscall.SetNonblock(i.hostFD, true); err != nil { + if err := unix.SetNonblock(i.hostFD, true); err != nil { panic(fmt.Sprintf("host.inode.afterLoad: failed to set host FD %d non-blocking: %v", i.hostFD, err)) } if err := fdnotifier.AddFD(int32(i.hostFD), &i.queue); err != nil { diff --git a/pkg/sentry/fsimpl/host/socket.go b/pkg/sentry/fsimpl/host/socket.go index 6763f5b0c..056f910aa 100644 --- a/pkg/sentry/fsimpl/host/socket.go +++ b/pkg/sentry/fsimpl/host/socket.go @@ -17,8 +17,8 @@ package host import ( "fmt" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fdnotifier" @@ -87,26 +87,26 @@ type ConnectedEndpoint struct { func (c *ConnectedEndpoint) init() *syserr.Error { c.InitRefs() - family, err := syscall.GetsockoptInt(c.fd, syscall.SOL_SOCKET, syscall.SO_DOMAIN) + family, err := unix.GetsockoptInt(c.fd, unix.SOL_SOCKET, unix.SO_DOMAIN) if err != nil { return syserr.FromError(err) } - if family != syscall.AF_UNIX { + if family != unix.AF_UNIX { // We only allow Unix sockets. return syserr.ErrInvalidEndpointState } - stype, err := syscall.GetsockoptInt(c.fd, syscall.SOL_SOCKET, syscall.SO_TYPE) + stype, err := unix.GetsockoptInt(c.fd, unix.SOL_SOCKET, unix.SO_TYPE) if err != nil { return syserr.FromError(err) } - if err := syscall.SetNonblock(c.fd, true); err != nil { + if err := unix.SetNonblock(c.fd, true); err != nil { return syserr.FromError(err) } - sndbuf, err := syscall.GetsockoptInt(c.fd, syscall.SOL_SOCKET, syscall.SO_SNDBUF) + sndbuf, err := unix.GetsockoptInt(c.fd, unix.SOL_SOCKET, unix.SO_SNDBUF) if err != nil { return syserr.FromError(err) } @@ -177,7 +177,7 @@ func (c *ConnectedEndpoint) CloseSend() { c.mu.Lock() defer c.mu.Unlock() - if err := syscall.Shutdown(c.fd, syscall.SHUT_WR); err != nil { + if err := unix.Shutdown(c.fd, unix.SHUT_WR); err != nil { // A well-formed UDS shutdown can't fail. See // net/unix/af_unix.c:unix_shutdown. panic(fmt.Sprintf("failed write shutdown on host socket %+v: %v", c, err)) @@ -270,7 +270,7 @@ func (c *ConnectedEndpoint) CloseRecv() { c.mu.Lock() defer c.mu.Unlock() - if err := syscall.Shutdown(c.fd, syscall.SHUT_RD); err != nil { + if err := unix.Shutdown(c.fd, unix.SHUT_RD); err != nil { // A well-formed UDS shutdown can't fail. See // net/unix/af_unix.c:unix_shutdown. panic(fmt.Sprintf("failed read shutdown on host socket %+v: %v", c, err)) @@ -358,7 +358,7 @@ func (e *SCMConnectedEndpoint) Release(ctx context.Context) { e.DecRef(func() { e.mu.Lock() fdnotifier.RemoveFD(int32(e.fd)) - if err := syscall.Close(e.fd); err != nil { + if err := unix.Close(e.fd); err != nil { log.Warningf("Failed to close host fd %d: %v", err) } e.destroyLocked() diff --git a/pkg/sentry/fsimpl/host/socket_iovec.go b/pkg/sentry/fsimpl/host/socket_iovec.go index fc0d5fd38..b123a63ee 100644 --- a/pkg/sentry/fsimpl/host/socket_iovec.go +++ b/pkg/sentry/fsimpl/host/socket_iovec.go @@ -15,8 +15,7 @@ package host import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/iovec" "gvisor.dev/gvisor/pkg/syserror" ) @@ -52,7 +51,7 @@ func copyFromMulti(dst []byte, src [][]byte) { // // If intermediate != nil, iovecs references intermediate rather than bufs and // the caller must copy to/from bufs as necessary. -func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []syscall.Iovec, intermediate []byte, err error) { +func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []unix.Iovec, intermediate []byte, err error) { var iovsRequired int for _, b := range bufs { length += int64(len(b)) @@ -76,14 +75,14 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec // Use a single intermediate buffer instead. b := make([]byte, stopLen) - return stopLen, []syscall.Iovec{{ + return stopLen, []unix.Iovec{{ Base: &b[0], Len: uint64(stopLen), }}, b, err } var total int64 - iovecs = make([]syscall.Iovec, 0, iovsRequired) + iovecs = make([]unix.Iovec, 0, iovsRequired) for i := range bufs { l := len(bufs[i]) if l == 0 { @@ -95,7 +94,7 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec stop = stopLen - total } - iovecs = append(iovecs, syscall.Iovec{ + iovecs = append(iovecs, unix.Iovec{ Base: &bufs[i][0], Len: uint64(stop), }) diff --git a/pkg/sentry/fsimpl/host/socket_unsafe.go b/pkg/sentry/fsimpl/host/socket_unsafe.go index c0bf45f08..34f24e95c 100644 --- a/pkg/sentry/fsimpl/host/socket_unsafe.go +++ b/pkg/sentry/fsimpl/host/socket_unsafe.go @@ -15,8 +15,9 @@ package host import ( - "syscall" "unsafe" + + "golang.org/x/sys/unix" ) // fdReadVec receives from fd to bufs. @@ -24,9 +25,9 @@ import ( // If the total length of bufs is > maxlen, fdReadVec will do a partial read // and err will indicate why the message was truncated. func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (readLen int64, msgLen int64, controlLen uint64, controlTrunc bool, err error) { - flags := uintptr(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC) + flags := uintptr(unix.MSG_DONTWAIT | unix.MSG_TRUNC) if peek { - flags |= syscall.MSG_PEEK + flags |= unix.MSG_PEEK } // Always truncate the receive buffer. All socket types will truncate @@ -37,7 +38,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) ( return 0, 0, 0, false, err } - var msg syscall.Msghdr + var msg unix.Msghdr if len(control) != 0 { msg.Control = &control[0] msg.Controllen = uint64(len(control)) @@ -48,7 +49,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) ( msg.Iovlen = uint64(len(iovecs)) } - rawN, _, e := syscall.RawSyscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags) + rawN, _, e := unix.RawSyscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags) if e != 0 { // N.B. prioritize the syscall error over the buildIovec error. return 0, 0, 0, false, e @@ -60,7 +61,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) ( copyToMulti(bufs, intermediate) } - controlTrunc = msg.Flags&syscall.MSG_CTRUNC == syscall.MSG_CTRUNC + controlTrunc = msg.Flags&unix.MSG_CTRUNC == unix.MSG_CTRUNC if n > length { return length, n, msg.Controllen, controlTrunc, nil @@ -85,13 +86,13 @@ func fdWriteVec(fd int, bufs [][]byte, maxlen int64, truncate bool) (int64, int6 copyFromMulti(intermediate, bufs) } - var msg syscall.Msghdr + var msg unix.Msghdr if len(iovecs) > 0 { msg.Iov = &iovecs[0] msg.Iovlen = uint64(len(iovecs)) } - n, _, e := syscall.RawSyscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), syscall.MSG_DONTWAIT|syscall.MSG_NOSIGNAL) + n, _, e := unix.RawSyscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), unix.MSG_DONTWAIT|unix.MSG_NOSIGNAL) if e != 0 { // N.B. prioritize the syscall error over the buildIovec error. return 0, length, e diff --git a/pkg/sentry/fsimpl/host/util.go b/pkg/sentry/fsimpl/host/util.go index b2f43a119..63b465859 100644 --- a/pkg/sentry/fsimpl/host/util.go +++ b/pkg/sentry/fsimpl/host/util.go @@ -15,21 +15,19 @@ package host import ( - "syscall" - "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/syserror" ) -func toTimespec(ts linux.StatxTimestamp, omit bool) syscall.Timespec { +func toTimespec(ts linux.StatxTimestamp, omit bool) unix.Timespec { if omit { - return syscall.Timespec{ + return unix.Timespec{ Sec: 0, Nsec: unix.UTIME_OMIT, } } - return syscall.Timespec{ + return unix.Timespec{ Sec: ts.Sec, Nsec: int64(ts.Nsec), } diff --git a/pkg/sentry/fsimpl/host/util_unsafe.go b/pkg/sentry/fsimpl/host/util_unsafe.go index 5136ac844..b36eed2e2 100644 --- a/pkg/sentry/fsimpl/host/util_unsafe.go +++ b/pkg/sentry/fsimpl/host/util_unsafe.go @@ -15,13 +15,14 @@ package host import ( - "syscall" "unsafe" + + "golang.org/x/sys/unix" ) -func setTimestamps(fd int, ts *[2]syscall.Timespec) error { - _, _, errno := syscall.Syscall6( - syscall.SYS_UTIMENSAT, +func setTimestamps(fd int, ts *[2]unix.Timespec) error { + _, _, errno := unix.Syscall6( + unix.SYS_UTIMENSAT, uintptr(fd), 0, /* path */ uintptr(unsafe.Pointer(ts)), diff --git a/pkg/sentry/hostfd/hostfd_unsafe.go b/pkg/sentry/hostfd/hostfd_unsafe.go index 694371b1c..03c6d2a16 100644 --- a/pkg/sentry/hostfd/hostfd_unsafe.go +++ b/pkg/sentry/hostfd/hostfd_unsafe.go @@ -16,7 +16,6 @@ package hostfd import ( "io" - "syscall" "unsafe" "golang.org/x/sys/unix" @@ -33,15 +32,15 @@ func Preadv2(fd int32, dsts safemem.BlockSeq, offset int64, flags uint32) (uint6 // return EFAULT if appropriate, instead of raising SIGBUS. var ( n uintptr - e syscall.Errno + e unix.Errno ) if flags == 0 && dsts.NumBlocks() == 1 { // Use read() or pread() to avoid iovec allocation and copying. dst := dsts.Head() if offset == -1 { - n, _, e = syscall.Syscall(unix.SYS_READ, uintptr(fd), dst.Addr(), uintptr(dst.Len())) + n, _, e = unix.Syscall(unix.SYS_READ, uintptr(fd), dst.Addr(), uintptr(dst.Len())) } else { - n, _, e = syscall.Syscall6(unix.SYS_PREAD64, uintptr(fd), dst.Addr(), uintptr(dst.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */) + n, _, e = unix.Syscall6(unix.SYS_PREAD64, uintptr(fd), dst.Addr(), uintptr(dst.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */) } } else { iovs := safemem.IovecsFromBlockSeq(dsts) @@ -49,7 +48,7 @@ func Preadv2(fd int32, dsts safemem.BlockSeq, offset int64, flags uint32) (uint6 log.Debugf("hostfd.Preadv2: truncating from %d iovecs to %d", len(iovs), maxIov) iovs = iovs[:maxIov] } - n, _, e = syscall.Syscall6(unix.SYS_PREADV2, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, uintptr(flags)) + n, _, e = unix.Syscall6(unix.SYS_PREADV2, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, uintptr(flags)) } if e != 0 { return 0, e @@ -69,15 +68,15 @@ func Pwritev2(fd int32, srcs safemem.BlockSeq, offset int64, flags uint32) (uint // return EFAULT if appropriate, instead of raising SIGBUS. var ( n uintptr - e syscall.Errno + e unix.Errno ) if flags == 0 && srcs.NumBlocks() == 1 { // Use write() or pwrite() to avoid iovec allocation and copying. src := srcs.Head() if offset == -1 { - n, _, e = syscall.Syscall(unix.SYS_WRITE, uintptr(fd), src.Addr(), uintptr(src.Len())) + n, _, e = unix.Syscall(unix.SYS_WRITE, uintptr(fd), src.Addr(), uintptr(src.Len())) } else { - n, _, e = syscall.Syscall6(unix.SYS_PWRITE64, uintptr(fd), src.Addr(), uintptr(src.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */) + n, _, e = unix.Syscall6(unix.SYS_PWRITE64, uintptr(fd), src.Addr(), uintptr(src.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */) } } else { iovs := safemem.IovecsFromBlockSeq(srcs) @@ -85,7 +84,7 @@ func Pwritev2(fd int32, srcs safemem.BlockSeq, offset int64, flags uint32) (uint log.Debugf("hostfd.Preadv2: truncating from %d iovecs to %d", len(iovs), maxIov) iovs = iovs[:maxIov] } - n, _, e = syscall.Syscall6(unix.SYS_PWRITEV2, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, uintptr(flags)) + n, _, e = unix.Syscall6(unix.SYS_PWRITEV2, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, uintptr(flags)) } if e != 0 { return 0, e diff --git a/pkg/sentry/hostmm/hostmm.go b/pkg/sentry/hostmm/hostmm.go index 506c7864a..c47b96b54 100644 --- a/pkg/sentry/hostmm/hostmm.go +++ b/pkg/sentry/hostmm/hostmm.go @@ -20,8 +20,8 @@ import ( "fmt" "os" "path" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/fd" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/usermem" @@ -60,7 +60,7 @@ func NotifyCurrentMemcgPressureCallback(f func(), level string) (func(), error) } // Don't use fmt.Fprintf since the whole string needs to be written in a - // single syscall. + // single unix. eventControlStr := fmt.Sprintf("%d %d %s", eventFD.FD(), pressureFile.Fd(), level) if n, err := eventControlFile.Write([]byte(eventControlStr)); n != len(eventControlStr) || err != nil { eventFD.Close() @@ -80,7 +80,7 @@ func NotifyCurrentMemcgPressureCallback(f func(), level string) (func(), error) for { n, err := rw.Read(buf[:]) if err != nil { - if err == syscall.EINTR { + if err == unix.EINTR { continue } panic(fmt.Sprintf("failed to read from memory pressure level eventfd: %v", err)) @@ -107,7 +107,7 @@ func NotifyCurrentMemcgPressureCallback(f func(), level string) (func(), error) for { n, err := rw.Write(buf[:]) if err != nil { - if err == syscall.EINTR { + if err == unix.EINTR { continue } panic(fmt.Sprintf("failed to write to memory pressure level eventfd: %v", err)) @@ -122,7 +122,7 @@ func NotifyCurrentMemcgPressureCallback(f func(), level string) (func(), error) } func newEventFD() (*fd.FD, error) { - f, _, e := syscall.Syscall(syscall.SYS_EVENTFD2, 0, 0, 0) + f, _, e := unix.Syscall(unix.SYS_EVENTFD2, 0, 0, 0) if e != 0 { return nil, fmt.Errorf("failed to create eventfd: %v", e) } diff --git a/pkg/sentry/hostmm/membarrier.go b/pkg/sentry/hostmm/membarrier.go index 4468d75f1..e4e61a398 100644 --- a/pkg/sentry/hostmm/membarrier.go +++ b/pkg/sentry/hostmm/membarrier.go @@ -15,8 +15,6 @@ package hostmm import ( - "syscall" - "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/log" @@ -28,9 +26,9 @@ var ( ) func init() { - supported, _, e := syscall.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_QUERY, 0 /* flags */, 0 /* unused */) + supported, _, e := unix.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_QUERY, 0 /* flags */, 0 /* unused */) if e != 0 { - if e != syscall.ENOSYS { + if e != unix.ENOSYS { log.Warningf("membarrier(MEMBARRIER_CMD_QUERY) failed: %s", e.Error()) } return @@ -46,7 +44,7 @@ func init() { haveMembarrierGlobal = true } if req := uintptr(linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED | linux.MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED); supported&req == req { - if _, _, e := syscall.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED, 0 /* flags */, 0 /* unused */); e != 0 { + if _, _, e := unix.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED, 0 /* flags */, 0 /* unused */); e != 0 { log.Warningf("membarrier(MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED) failed: %s", e.Error()) } else { haveMembarrierPrivateExpedited = true @@ -66,7 +64,7 @@ func HaveGlobalMemoryBarrier() bool { // // Preconditions: HaveGlobalMemoryBarrier() == true. func GlobalMemoryBarrier() error { - if _, _, e := syscall.Syscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_GLOBAL, 0 /* flags */, 0 /* unused */); e != 0 { + if _, _, e := unix.Syscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_GLOBAL, 0 /* flags */, 0 /* unused */); e != 0 { return e } return nil @@ -83,7 +81,7 @@ func HaveProcessMemoryBarrier() bool { // // Preconditions: HaveProcessMemoryBarrier() == true. func ProcessMemoryBarrier() error { - if _, _, e := syscall.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED, 0 /* flags */, 0 /* unused */); e != 0 { + if _, _, e := unix.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED, 0 /* flags */, 0 /* unused */); e != 0 { return e } return nil diff --git a/pkg/sentry/kernel/abstract_socket_namespace.go b/pkg/sentry/kernel/abstract_socket_namespace.go index 0ddbe5ff6..d100e58d7 100644 --- a/pkg/sentry/kernel/abstract_socket_namespace.go +++ b/pkg/sentry/kernel/abstract_socket_namespace.go @@ -16,8 +16,8 @@ package kernel import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/refsvfs2" "gvisor.dev/gvisor/pkg/sentry/socket/unix/transport" @@ -97,7 +97,7 @@ func (a *AbstractSocketNamespace) Bind(ctx context.Context, name string, ep tran if ep, ok := a.endpoints[name]; ok { if ep.socket.TryIncRef() { ep.socket.DecRef(ctx) - return syscall.EADDRINUSE + return unix.EADDRINUSE } } diff --git a/pkg/sentry/kernel/epoll/epoll.go b/pkg/sentry/kernel/epoll/epoll.go index 407b6e917..ba73a7812 100644 --- a/pkg/sentry/kernel/epoll/epoll.go +++ b/pkg/sentry/kernel/epoll/epoll.go @@ -24,8 +24,8 @@ package epoll import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/refs" @@ -173,12 +173,12 @@ func (e *EventPoll) Release(ctx context.Context) { // Read implements fs.FileOperations.Read. func (*EventPoll) Read(context.Context, *fs.File, usermem.IOSequence, int64) (int64, error) { - return 0, syscall.ENOSYS + return 0, unix.ENOSYS } // Write implements fs.FileOperations.Write. func (*EventPoll) Write(context.Context, *fs.File, usermem.IOSequence, int64) (int64, error) { - return 0, syscall.ENOSYS + return 0, unix.ENOSYS } // eventsAvailable determines if 'e' has events available for delivery. @@ -358,18 +358,18 @@ func (e *EventPoll) AddEntry(id FileIdentifier, flags EntryFlags, mask waiter.Ev // Fail if the file already has an entry. if _, ok := e.files[id]; ok { - return syscall.EEXIST + return unix.EEXIST } // Check if a cycle would be created. We use 4 as the limit because // that's the value used by linux and we want to emulate it. if ep != nil { if e == ep { - return syscall.EINVAL + return unix.EINVAL } if ep.observes(e, 4) { - return syscall.ELOOP + return unix.ELOOP } } @@ -404,7 +404,7 @@ func (e *EventPoll) UpdateEntry(id FileIdentifier, flags EntryFlags, mask waiter // Fail if the file doesn't have an entry. entry, ok := e.files[id] if !ok { - return syscall.ENOENT + return unix.ENOENT } // Unregister the old mask and remove entry from the list it's in, so @@ -435,7 +435,7 @@ func (e *EventPoll) RemoveEntry(ctx context.Context, id FileIdentifier) error { // Fail if the file doesn't have an entry. entry, ok := e.files[id] if !ok { - return syscall.ENOENT + return unix.ENOENT } // Unregister from file first so that no concurrent attempts will be diff --git a/pkg/sentry/kernel/eventfd/eventfd.go b/pkg/sentry/kernel/eventfd/eventfd.go index bbf568dfc..64f1cc631 100644 --- a/pkg/sentry/kernel/eventfd/eventfd.go +++ b/pkg/sentry/kernel/eventfd/eventfd.go @@ -18,8 +18,8 @@ package eventfd import ( "math" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fdnotifier" @@ -91,13 +91,13 @@ func (e *EventOperations) HostFD() (int, error) { flags |= linux.EFD_SEMAPHORE } - fd, _, err := syscall.Syscall(syscall.SYS_EVENTFD2, uintptr(e.val), uintptr(flags), 0) + fd, _, err := unix.Syscall(unix.SYS_EVENTFD2, uintptr(e.val), uintptr(flags), 0) if err != 0 { return -1, err } if err := fdnotifier.AddFD(int32(fd), &e.wq); err != nil { - syscall.Close(int(fd)) + unix.Close(int(fd)) return -1, err } @@ -111,7 +111,7 @@ func (e *EventOperations) Release(context.Context) { defer e.mu.Unlock() if e.hostfd >= 0 { fdnotifier.RemoveFD(int32(e.hostfd)) - syscall.Close(e.hostfd) + unix.Close(e.hostfd) e.hostfd = -1 } } @@ -119,7 +119,7 @@ func (e *EventOperations) Release(context.Context) { // Read implements fs.FileOperations.Read. func (e *EventOperations) Read(ctx context.Context, _ *fs.File, dst usermem.IOSequence, _ int64) (int64, error) { if dst.NumBytes() < 8 { - return 0, syscall.EINVAL + return 0, unix.EINVAL } if err := e.read(ctx, dst); err != nil { return 0, err @@ -130,7 +130,7 @@ func (e *EventOperations) Read(ctx context.Context, _ *fs.File, dst usermem.IOSe // Write implements fs.FileOperations.Write. func (e *EventOperations) Write(ctx context.Context, _ *fs.File, src usermem.IOSequence, _ int64) (int64, error) { if src.NumBytes() < 8 { - return 0, syscall.EINVAL + return 0, unix.EINVAL } if err := e.write(ctx, src); err != nil { return 0, err @@ -142,8 +142,8 @@ func (e *EventOperations) Write(ctx context.Context, _ *fs.File, src usermem.IOS func (e *EventOperations) hostRead(ctx context.Context, dst usermem.IOSequence) error { var buf [8]byte - if _, err := syscall.Read(e.hostfd, buf[:]); err != nil { - if err == syscall.EWOULDBLOCK { + if _, err := unix.Read(e.hostfd, buf[:]); err != nil { + if err == unix.EWOULDBLOCK { return syserror.ErrWouldBlock } return err @@ -195,8 +195,8 @@ func (e *EventOperations) read(ctx context.Context, dst usermem.IOSequence) erro func (e *EventOperations) hostWrite(val uint64) error { var buf [8]byte usermem.ByteOrder.PutUint64(buf[:], val) - _, err := syscall.Write(e.hostfd, buf[:]) - if err == syscall.EWOULDBLOCK { + _, err := unix.Write(e.hostfd, buf[:]) + if err == unix.EWOULDBLOCK { return syserror.ErrWouldBlock } return err @@ -215,7 +215,7 @@ func (e *EventOperations) write(ctx context.Context, src usermem.IOSequence) err // Signal is an internal function to signal the event fd. func (e *EventOperations) Signal(val uint64) error { if val == math.MaxUint64 { - return syscall.EINVAL + return unix.EINVAL } e.mu.Lock() diff --git a/pkg/sentry/kernel/fd_table.go b/pkg/sentry/kernel/fd_table.go index a6afabb1c..10885688c 100644 --- a/pkg/sentry/kernel/fd_table.go +++ b/pkg/sentry/kernel/fd_table.go @@ -19,8 +19,8 @@ import ( "math" "strings" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/sentry/fs" @@ -253,7 +253,7 @@ func (f *FDTable) String() string { func (f *FDTable) NewFDs(ctx context.Context, fd int32, files []*fs.File, flags FDFlags) (fds []int32, err error) { if fd < 0 { // Don't accept negative FDs. - return nil, syscall.EINVAL + return nil, unix.EINVAL } // Default limit. @@ -266,7 +266,7 @@ func (f *FDTable) NewFDs(ctx context.Context, fd int32, files []*fs.File, flags end = int32(lim.Cur) } if fd >= end { - return nil, syscall.EMFILE + return nil, unix.EMFILE } } @@ -300,7 +300,7 @@ func (f *FDTable) NewFDs(ctx context.Context, fd int32, files []*fs.File, flags for _, file := range files[:len(fds)] { file.DecRef(ctx) } - return nil, syscall.EMFILE + return nil, unix.EMFILE } if fd == f.next { @@ -318,7 +318,7 @@ func (f *FDTable) NewFDs(ctx context.Context, fd int32, files []*fs.File, flags func (f *FDTable) NewFDsVFS2(ctx context.Context, fd int32, files []*vfs.FileDescription, flags FDFlags) (fds []int32, err error) { if fd < 0 { // Don't accept negative FDs. - return nil, syscall.EINVAL + return nil, unix.EINVAL } // Default limit. @@ -331,7 +331,7 @@ func (f *FDTable) NewFDsVFS2(ctx context.Context, fd int32, files []*vfs.FileDes end = int32(lim.Cur) } if fd >= end { - return nil, syscall.EMFILE + return nil, unix.EMFILE } } @@ -365,7 +365,7 @@ func (f *FDTable) NewFDsVFS2(ctx context.Context, fd int32, files []*vfs.FileDes for _, file := range files[:len(fds)] { file.DecRef(ctx) } - return nil, syscall.EMFILE + return nil, unix.EMFILE } if fd == f.next { @@ -382,7 +382,7 @@ func (f *FDTable) NewFDsVFS2(ctx context.Context, fd int32, files []*vfs.FileDes func (f *FDTable) NewFDVFS2(ctx context.Context, minfd int32, file *vfs.FileDescription, flags FDFlags) (int32, error) { if minfd < 0 { // Don't accept negative FDs. - return -1, syscall.EINVAL + return -1, unix.EINVAL } // Default limit. @@ -395,7 +395,7 @@ func (f *FDTable) NewFDVFS2(ctx context.Context, minfd int32, file *vfs.FileDesc end = int32(lim.Cur) } if minfd >= end { - return -1, syscall.EMFILE + return -1, unix.EMFILE } } @@ -418,7 +418,7 @@ func (f *FDTable) NewFDVFS2(ctx context.Context, minfd int32, file *vfs.FileDesc } fd++ } - return -1, syscall.EMFILE + return -1, unix.EMFILE } // NewFDAt sets the file reference for the given FD. If there is an active @@ -452,13 +452,13 @@ func (f *FDTable) NewFDAtVFS2(ctx context.Context, fd int32, file *vfs.FileDescr func (f *FDTable) newFDAt(ctx context.Context, fd int32, file *fs.File, fileVFS2 *vfs.FileDescription, flags FDFlags) (*fs.File, *vfs.FileDescription, error) { if fd < 0 { // Don't accept negative FDs. - return nil, nil, syscall.EBADF + return nil, nil, unix.EBADF } // Check the limit for the provided file. if limitSet := limits.FromContext(ctx); limitSet != nil { if lim := limitSet.Get(limits.NumberOfFiles); lim.Cur != limits.Infinity && uint64(fd) >= lim.Cur { - return nil, nil, syscall.EMFILE + return nil, nil, unix.EMFILE } } @@ -476,7 +476,7 @@ func (f *FDTable) newFDAt(ctx context.Context, fd int32, file *fs.File, fileVFS2 func (f *FDTable) SetFlags(ctx context.Context, fd int32, flags FDFlags) error { if fd < 0 { // Don't accept negative FDs. - return syscall.EBADF + return unix.EBADF } f.mu.Lock() @@ -485,7 +485,7 @@ func (f *FDTable) SetFlags(ctx context.Context, fd int32, flags FDFlags) error { file, _, _ := f.get(fd) if file == nil { // No file found. - return syscall.EBADF + return unix.EBADF } // Update the flags. @@ -499,7 +499,7 @@ func (f *FDTable) SetFlags(ctx context.Context, fd int32, flags FDFlags) error { func (f *FDTable) SetFlagsVFS2(ctx context.Context, fd int32, flags FDFlags) error { if fd < 0 { // Don't accept negative FDs. - return syscall.EBADF + return unix.EBADF } f.mu.Lock() @@ -508,7 +508,7 @@ func (f *FDTable) SetFlagsVFS2(ctx context.Context, fd int32, flags FDFlags) err file, _, _ := f.getVFS2(fd) if file == nil { // No file found. - return syscall.EBADF + return unix.EBADF } // Update the flags. diff --git a/pkg/sentry/kernel/pipe/pipe.go b/pkg/sentry/kernel/pipe/pipe.go index 2c8668fc4..68a55a186 100644 --- a/pkg/sentry/kernel/pipe/pipe.go +++ b/pkg/sentry/kernel/pipe/pipe.go @@ -19,8 +19,8 @@ import ( "fmt" "io" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/safemem" "gvisor.dev/gvisor/pkg/sentry/fs" @@ -244,7 +244,7 @@ func (p *Pipe) consumeLocked(n int64) { func (p *Pipe) writeLocked(count int64, f func(safemem.BlockSeq) (uint64, error)) (int64, error) { // Can't write to a pipe with no readers. if !p.HasReaders() { - return 0, syscall.EPIPE + return 0, unix.EPIPE } avail := p.max - p.size diff --git a/pkg/sentry/kernel/pipe/pipe_util.go b/pkg/sentry/kernel/pipe/pipe_util.go index 77246edbe..76ea389ca 100644 --- a/pkg/sentry/kernel/pipe/pipe_util.go +++ b/pkg/sentry/kernel/pipe/pipe_util.go @@ -17,8 +17,8 @@ package pipe import ( "io" "math" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/amutex" "gvisor.dev/gvisor/pkg/context" @@ -139,7 +139,7 @@ func (p *Pipe) Ioctl(ctx context.Context, io usermem.IO, args arch.SyscallArgume _, err := primitive.CopyInt32Out(&iocc, args[2].Pointer(), int32(v)) return 0, err default: - return 0, syscall.ENOTTY + return 0, unix.ENOTTY } } diff --git a/pkg/sentry/kernel/seccomp.go b/pkg/sentry/kernel/seccomp.go index 60917e7d3..8163a6132 100644 --- a/pkg/sentry/kernel/seccomp.go +++ b/pkg/sentry/kernel/seccomp.go @@ -15,8 +15,7 @@ package kernel import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/bpf" "gvisor.dev/gvisor/pkg/sentry/arch" @@ -83,7 +82,7 @@ func (t *Task) checkSeccompSyscall(sysno int32, args arch.SyscallArguments, ip u // the system call is not executed." if !t.ptraceSeccomp(result.Data()) { // This useless-looking temporary is needed because Go. - tmp := uintptr(syscall.ENOSYS) + tmp := uintptr(unix.ENOSYS) t.Arch().SetReturn(-tmp) return linux.SECCOMP_RET_ERRNO } diff --git a/pkg/sentry/kernel/task_syscall.go b/pkg/sentry/kernel/task_syscall.go index 0141459e7..2e84bd88a 100644 --- a/pkg/sentry/kernel/task_syscall.go +++ b/pkg/sentry/kernel/task_syscall.go @@ -18,8 +18,8 @@ import ( "fmt" "os" "runtime/trace" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/bits" "gvisor.dev/gvisor/pkg/marshal" @@ -113,7 +113,7 @@ func (t *Task) executeSyscall(sysno uintptr, args arch.SyscallArguments) (rval u if bits.IsOn32(fe, ExternalAfterEnable) && (s.ExternalFilterAfter == nil || s.ExternalFilterAfter(t, sysno, args)) { t.invokeExternal() - // Don't reinvoke the syscall. + // Don't reinvoke the unix. } if bits.IsAnyOn32(fe, StraceEnableBits) { @@ -147,7 +147,7 @@ func (t *Task) doSyscall() taskRunState { // Tracers expect to see this between when the task traps into the kernel // to perform a syscall and when the syscall is actually invoked. // This useless-looking temporary is needed because Go. - tmp := uintptr(syscall.ENOSYS) + tmp := uintptr(unix.ENOSYS) t.Arch().SetReturn(-tmp) // Check seccomp filters. The nil check is for performance (as seccomp use @@ -379,7 +379,7 @@ func ExtractErrno(err error, sysno int) int { switch err := err.(type) { case nil: return 0 - case syscall.Errno: + case unix.Errno: return int(err) case syserror.SyscallRestartErrno: return int(err) @@ -387,7 +387,7 @@ func ExtractErrno(err error, sysno int) int { // Bus errors may generate SIGBUS, but for syscalls they still // return EFAULT. See case in task_run.go where the fault is // handled (and the SIGBUS is delivered). - return int(syscall.EFAULT) + return int(unix.EFAULT) case *os.PathError: return ExtractErrno(err.Err, sysno) case *os.LinkError: diff --git a/pkg/sentry/limits/limits.go b/pkg/sentry/limits/limits.go index 31b9e9ff6..7c6c4df01 100644 --- a/pkg/sentry/limits/limits.go +++ b/pkg/sentry/limits/limits.go @@ -16,8 +16,7 @@ package limits import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/sync" ) @@ -125,10 +124,10 @@ func (l *LimitSet) Set(t LimitType, v Limit, privileged bool) (Limit, error) { if _, ok := l.data[t]; ok { // Unprivileged users can only lower their hard limits. if l.data[t].Max < v.Max && !privileged { - return Limit{}, syscall.EPERM + return Limit{}, unix.EPERM } if v.Cur > v.Max { - return Limit{}, syscall.EINVAL + return Limit{}, unix.EINVAL } } old := l.data[t] diff --git a/pkg/sentry/pgalloc/pgalloc.go b/pkg/sentry/pgalloc/pgalloc.go index d99be7f46..58cc11a13 100644 --- a/pkg/sentry/pgalloc/pgalloc.go +++ b/pkg/sentry/pgalloc/pgalloc.go @@ -26,9 +26,9 @@ import ( "math" "os" "sync/atomic" - "syscall" "time" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/log" @@ -341,12 +341,12 @@ func NewMemoryFile(file *os.File, opts MemoryFileOpts) (*MemoryFile, error) { // Work around IMA by immediately creating a temporary PROT_EXEC mapping, // while the backing file is still small. IMA will ignore any future // mappings. - m, _, errno := syscall.Syscall6( - syscall.SYS_MMAP, + m, _, errno := unix.Syscall6( + unix.SYS_MMAP, 0, usermem.PageSize, - syscall.PROT_EXEC, - syscall.MAP_SHARED, + unix.PROT_EXEC, + unix.MAP_SHARED, file.Fd(), 0) if errno != 0 { @@ -354,8 +354,8 @@ func NewMemoryFile(file *os.File, opts MemoryFileOpts) (*MemoryFile, error) { // don't return it. log.Warningf("Failed to pre-map MemoryFile PROT_EXEC: %v", errno) } else { - if _, _, errno := syscall.Syscall( - syscall.SYS_MUNMAP, + if _, _, errno := unix.Syscall( + unix.SYS_MUNMAP, m, usermem.PageSize, 0); errno != 0 { @@ -584,7 +584,7 @@ func (f *MemoryFile) decommitFile(fr memmap.FileRange) error { // "After a successful call, subsequent reads from this range will // return zeroes. The FALLOC_FL_PUNCH_HOLE flag must be ORed with // FALLOC_FL_KEEP_SIZE in mode ..." - fallocate(2) - return syscall.Fallocate( + return unix.Fallocate( int(f.file.Fd()), _FALLOC_FL_PUNCH_HOLE|_FALLOC_FL_KEEP_SIZE, int64(fr.Start), @@ -730,12 +730,12 @@ func (f *MemoryFile) getChunkMapping(chunk int) ([]uintptr, uintptr, error) { if m := mappings[chunk]; m != 0 { return mappings, m, nil } - m, _, errno := syscall.Syscall6( - syscall.SYS_MMAP, + m, _, errno := unix.Syscall6( + unix.SYS_MMAP, 0, chunkSize, - syscall.PROT_READ|syscall.PROT_WRITE, - syscall.MAP_SHARED, + unix.PROT_READ|unix.PROT_WRITE, + unix.MAP_SHARED, f.file.Fd(), uintptr(chunk<<chunkShift)) if errno != 0 { @@ -1012,8 +1012,8 @@ func (f *MemoryFile) TotalUsage() (uint64, error) { // Stat the underlying file to discover the underlying usage. stat(2) // always reports the allocated block count in units of 512 bytes. This // includes pages in the page cache and swapped pages. - var stat syscall.Stat_t - if err := syscall.Fstat(int(f.file.Fd()), &stat); err != nil { + var stat unix.Stat_t + if err := unix.Fstat(int(f.file.Fd()), &stat); err != nil { return 0, err } return uint64(stat.Blocks * 512), nil @@ -1093,7 +1093,7 @@ func (f *MemoryFile) runReclaim() { mappings := f.mappings.Load().([]uintptr) for i, m := range mappings { if m != 0 { - _, _, errno := syscall.Syscall(syscall.SYS_MUNMAP, m, chunkSize, 0) + _, _, errno := unix.Syscall(unix.SYS_MUNMAP, m, chunkSize, 0) if errno != 0 { log.Warningf("Failed to unmap mapping %#x for MemoryFile chunk %d: %v", m, i, errno) } diff --git a/pkg/sentry/pgalloc/pgalloc_unsafe.go b/pkg/sentry/pgalloc/pgalloc_unsafe.go index a4b5d581c..71f8f66c1 100644 --- a/pkg/sentry/pgalloc/pgalloc_unsafe.go +++ b/pkg/sentry/pgalloc/pgalloc_unsafe.go @@ -16,8 +16,9 @@ package pgalloc import ( "reflect" - "syscall" "unsafe" + + "golang.org/x/sys/unix" ) func unsafeSlice(addr uintptr, length int) (slice []byte) { @@ -29,8 +30,8 @@ func unsafeSlice(addr uintptr, length int) (slice []byte) { } func mincore(s []byte, buf []byte) error { - if _, _, errno := syscall.RawSyscall( - syscall.SYS_MINCORE, + if _, _, errno := unix.RawSyscall( + unix.SYS_MINCORE, uintptr(unsafe.Pointer(&s[0])), uintptr(len(s)), uintptr(unsafe.Pointer(&buf[0]))); errno != 0 { diff --git a/pkg/sentry/pgalloc/save_restore.go b/pkg/sentry/pgalloc/save_restore.go index 78317fa35..e05c8d074 100644 --- a/pkg/sentry/pgalloc/save_restore.go +++ b/pkg/sentry/pgalloc/save_restore.go @@ -21,8 +21,8 @@ import ( "io" "runtime" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/sentry/usage" "gvisor.dev/gvisor/pkg/state" @@ -66,7 +66,7 @@ func (f *MemoryFile) SaveTo(ctx context.Context, w wire.Writer) error { // associated backing store. This is equivalent to punching a hole // in the corresponding byte range of the backing store (see // fallocate(2))." - madvise(2) - if err := syscall.Madvise(pg, syscall.MADV_REMOVE); err != nil { + if err := unix.Madvise(pg, unix.MADV_REMOVE); err != nil { // This doesn't impact the correctness of saved memory, it // just means that we're incrementally more likely to OOM. // Complain, but don't abort saving. diff --git a/pkg/sentry/platform/kvm/bluepill.go b/pkg/sentry/platform/kvm/bluepill.go index 2c970162e..fd1131638 100644 --- a/pkg/sentry/platform/kvm/bluepill.go +++ b/pkg/sentry/platform/kvm/bluepill.go @@ -17,8 +17,8 @@ package kvm import ( "fmt" "reflect" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/ring0" "gvisor.dev/gvisor/pkg/safecopy" "gvisor.dev/gvisor/pkg/sentry/arch" @@ -41,7 +41,7 @@ var ( // // We use SIGCHLD because it is not masked by the runtime, and // it will be ignored properly by other parts of the kernel. - bounceSignal = syscall.SIGCHLD + bounceSignal = unix.SIGCHLD // bounceSignalMask has only bounceSignal set. bounceSignalMask = uint64(1 << (uint64(bounceSignal) - 1)) @@ -62,7 +62,7 @@ var ( // //go:nosplit func redpill() { - syscall.RawSyscall(^uintptr(0), 0, 0, 0) + unix.RawSyscall(^uintptr(0), 0, 0, 0) } // dieHandler is called by dieTrampoline. diff --git a/pkg/sentry/platform/kvm/bluepill_amd64.go b/pkg/sentry/platform/kvm/bluepill_amd64.go index 83a4766fb..f4b9a5321 100644 --- a/pkg/sentry/platform/kvm/bluepill_amd64.go +++ b/pkg/sentry/platform/kvm/bluepill_amd64.go @@ -17,15 +17,14 @@ package kvm import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/ring0" "gvisor.dev/gvisor/pkg/sentry/arch" ) var ( // The action for bluepillSignal is changed by sigaction(). - bluepillSignal = syscall.SIGSEGV + bluepillSignal = unix.SIGSEGV ) // bluepillArchEnter is called during bluepillEnter. diff --git a/pkg/sentry/platform/kvm/bluepill_amd64_unsafe.go b/pkg/sentry/platform/kvm/bluepill_amd64_unsafe.go index 0063e947b..198bafdea 100644 --- a/pkg/sentry/platform/kvm/bluepill_amd64_unsafe.go +++ b/pkg/sentry/platform/kvm/bluepill_amd64_unsafe.go @@ -17,9 +17,9 @@ package kvm import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/ring0" "gvisor.dev/gvisor/pkg/sentry/arch" ) @@ -68,8 +68,8 @@ func getHypercallID(addr uintptr) int { func bluepillStopGuest(c *vCPU) { // Interrupt: we must have requested an interrupt // window; set the interrupt line. - if _, _, errno := syscall.RawSyscall( - syscall.SYS_IOCTL, + if _, _, errno := unix.RawSyscall( + unix.SYS_IOCTL, uintptr(c.fd), _KVM_INTERRUPT, uintptr(unsafe.Pointer(&bounce))); errno != 0 { @@ -83,8 +83,8 @@ func bluepillStopGuest(c *vCPU) { // //go:nosplit func bluepillSigBus(c *vCPU) { - if _, _, errno := syscall.RawSyscall( // escapes: no. - syscall.SYS_IOCTL, + if _, _, errno := unix.RawSyscall( // escapes: no. + unix.SYS_IOCTL, uintptr(c.fd), _KVM_NMI, 0); errno != 0 { throw("NMI injection failed") diff --git a/pkg/sentry/platform/kvm/bluepill_arm64.go b/pkg/sentry/platform/kvm/bluepill_arm64.go index 6846abee9..e26b7da8d 100644 --- a/pkg/sentry/platform/kvm/bluepill_arm64.go +++ b/pkg/sentry/platform/kvm/bluepill_arm64.go @@ -17,15 +17,14 @@ package kvm import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/ring0" "gvisor.dev/gvisor/pkg/sentry/arch" ) var ( // The action for bluepillSignal is changed by sigaction(). - bluepillSignal = syscall.SIGILL + bluepillSignal = unix.SIGILL // vcpuSErrBounce is the event of system error for bouncing KVM. vcpuSErrBounce = kvmVcpuEvents{ diff --git a/pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go b/pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go index dbbf2a897..07fc4f216 100644 --- a/pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go +++ b/pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go @@ -17,9 +17,9 @@ package kvm import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/ring0" "gvisor.dev/gvisor/pkg/sentry/arch" ) @@ -80,8 +80,8 @@ func getHypercallID(addr uintptr) int { // //go:nosplit func bluepillStopGuest(c *vCPU) { - if _, _, errno := syscall.RawSyscall( // escapes: no. - syscall.SYS_IOCTL, + if _, _, errno := unix.RawSyscall( // escapes: no. + unix.SYS_IOCTL, uintptr(c.fd), _KVM_SET_VCPU_EVENTS, uintptr(unsafe.Pointer(&vcpuSErrBounce))); errno != 0 { @@ -94,12 +94,12 @@ func bluepillStopGuest(c *vCPU) { //go:nosplit func bluepillSigBus(c *vCPU) { // Host must support ARM64_HAS_RAS_EXTN. - if _, _, errno := syscall.RawSyscall( // escapes: no. - syscall.SYS_IOCTL, + if _, _, errno := unix.RawSyscall( // escapes: no. + unix.SYS_IOCTL, uintptr(c.fd), _KVM_SET_VCPU_EVENTS, uintptr(unsafe.Pointer(&vcpuSErrNMI))); errno != 0 { - if errno == syscall.EINVAL { + if errno == unix.EINVAL { throw("No ARM64_HAS_RAS_EXTN feature in host.") } throw("nmi sErr injection failed") @@ -110,8 +110,8 @@ func bluepillSigBus(c *vCPU) { // //go:nosplit func bluepillExtDabt(c *vCPU) { - if _, _, errno := syscall.RawSyscall( // escapes: no. - syscall.SYS_IOCTL, + if _, _, errno := unix.RawSyscall( // escapes: no. + unix.SYS_IOCTL, uintptr(c.fd), _KVM_SET_VCPU_EVENTS, uintptr(unsafe.Pointer(&vcpuExtDabt))); errno != 0 { diff --git a/pkg/sentry/platform/kvm/bluepill_fault.go b/pkg/sentry/platform/kvm/bluepill_fault.go index a182e4f22..37c53fa02 100644 --- a/pkg/sentry/platform/kvm/bluepill_fault.go +++ b/pkg/sentry/platform/kvm/bluepill_fault.go @@ -16,8 +16,8 @@ package kvm import ( "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/usermem" ) @@ -40,7 +40,7 @@ const ( // //go:nosplit func yield() { - syscall.RawSyscall(syscall.SYS_SCHED_YIELD, 0, 0, 0) + unix.RawSyscall(unix.SYS_SCHED_YIELD, 0, 0, 0) } // calculateBluepillFault calculates the fault address range. @@ -112,16 +112,16 @@ func handleBluepillFault(m *machine, physical uintptr, phyRegions []physicalRegi atomic.StoreUint32(&m.nextSlot, slot) switch errno { - case syscall.EEXIST: + case unix.EEXIST: // The region already exists. It's possible that we raced with // another vCPU here. We just revert nextSlot and return true, // because this must have been satisfied by some other vCPU. return virtualStart + (physical - physicalStart), true - case syscall.EINVAL: + case unix.EINVAL: throw("set memory region failed; out of slots") - case syscall.ENOMEM: + case unix.ENOMEM: throw("set memory region failed: out of memory") - case syscall.EFAULT: + case unix.EFAULT: throw("set memory region failed: invalid physical range") default: throw("set memory region failed: unknown reason") diff --git a/pkg/sentry/platform/kvm/bluepill_unsafe.go b/pkg/sentry/platform/kvm/bluepill_unsafe.go index 55da6dd95..6f87236ad 100644 --- a/pkg/sentry/platform/kvm/bluepill_unsafe.go +++ b/pkg/sentry/platform/kvm/bluepill_unsafe.go @@ -21,9 +21,9 @@ package kvm import ( "sync/atomic" - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/sentry/arch" ) @@ -102,23 +102,23 @@ func bluepillHandler(context unsafe.Pointer) { } for { - _, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(c.fd), _KVM_RUN, 0) // escapes: no. + _, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(c.fd), _KVM_RUN, 0) // escapes: no. switch errno { case 0: // Expected case. - case syscall.EINTR: + case unix.EINTR: // First, we process whatever pending signal // interrupted KVM. Since we're in a signal handler // currently, all signals are masked and the signal // must have been delivered directly to this thread. - timeout := syscall.Timespec{} - sig, _, errno := syscall.RawSyscall6( // escapes: no. - syscall.SYS_RT_SIGTIMEDWAIT, + timeout := unix.Timespec{} + sig, _, errno := unix.RawSyscall6( // escapes: no. + unix.SYS_RT_SIGTIMEDWAIT, uintptr(unsafe.Pointer(&bounceSignalMask)), 0, // siginfo. uintptr(unsafe.Pointer(&timeout)), // timeout. 8, // sigset size. 0, 0) - if errno == syscall.EAGAIN { + if errno == unix.EAGAIN { continue } if errno != 0 { @@ -140,7 +140,7 @@ func bluepillHandler(context unsafe.Pointer) { c.runData.requestInterruptWindow = 1 continue // Rerun vCPU. } - case syscall.EFAULT: + case unix.EFAULT: // If a fault is not serviceable due to the host // backing pages having page permissions, instead of an // MMIO exit we receive EFAULT from the run ioctl. We @@ -148,7 +148,7 @@ func bluepillHandler(context unsafe.Pointer) { // mode and have interrupts disabled. bluepillSigBus(c) continue // Rerun vCPU. - case syscall.ENOSYS: + case unix.ENOSYS: bluepillHandleEnosys(c) continue default: diff --git a/pkg/sentry/platform/kvm/filters_amd64.go b/pkg/sentry/platform/kvm/filters_amd64.go index d3d216aa5..a78be3403 100644 --- a/pkg/sentry/platform/kvm/filters_amd64.go +++ b/pkg/sentry/platform/kvm/filters_amd64.go @@ -15,8 +15,6 @@ package kvm import ( - "syscall" - "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" @@ -26,17 +24,17 @@ import ( // SyscallFilters returns syscalls made exclusively by the KVM platform. func (*KVM) SyscallFilters() seccomp.SyscallRules { return seccomp.SyscallRules{ - syscall.SYS_ARCH_PRCTL: {}, - syscall.SYS_IOCTL: {}, + unix.SYS_ARCH_PRCTL: {}, + unix.SYS_IOCTL: {}, unix.SYS_MEMBARRIER: []seccomp.Rule{ { seccomp.EqualTo(linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED), seccomp.EqualTo(0), }, }, - syscall.SYS_MMAP: {}, - syscall.SYS_RT_SIGSUSPEND: {}, - syscall.SYS_RT_SIGTIMEDWAIT: {}, - 0xffffffffffffffff: {}, // KVM uses syscall -1 to transition to host. + unix.SYS_MMAP: {}, + unix.SYS_RT_SIGSUSPEND: {}, + unix.SYS_RT_SIGTIMEDWAIT: {}, + 0xffffffffffffffff: {}, // KVM uses syscall -1 to transition to host. } } diff --git a/pkg/sentry/platform/kvm/filters_arm64.go b/pkg/sentry/platform/kvm/filters_arm64.go index 21abc2a3d..4e5b91048 100644 --- a/pkg/sentry/platform/kvm/filters_arm64.go +++ b/pkg/sentry/platform/kvm/filters_arm64.go @@ -15,8 +15,6 @@ package kvm import ( - "syscall" - "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" @@ -26,16 +24,16 @@ import ( // SyscallFilters returns syscalls made exclusively by the KVM platform. func (*KVM) SyscallFilters() seccomp.SyscallRules { return seccomp.SyscallRules{ - syscall.SYS_IOCTL: {}, + unix.SYS_IOCTL: {}, unix.SYS_MEMBARRIER: []seccomp.Rule{ { seccomp.EqualTo(linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED), seccomp.EqualTo(0), }, }, - syscall.SYS_MMAP: {}, - syscall.SYS_RT_SIGSUSPEND: {}, - syscall.SYS_RT_SIGTIMEDWAIT: {}, - 0xffffffffffffffff: {}, // KVM uses syscall -1 to transition to host. + unix.SYS_MMAP: {}, + unix.SYS_RT_SIGSUSPEND: {}, + unix.SYS_RT_SIGTIMEDWAIT: {}, + 0xffffffffffffffff: {}, // KVM uses syscall -1 to transition to host. } } diff --git a/pkg/sentry/platform/kvm/kvm.go b/pkg/sentry/platform/kvm/kvm.go index 7bdf57436..92c05a9ad 100644 --- a/pkg/sentry/platform/kvm/kvm.go +++ b/pkg/sentry/platform/kvm/kvm.go @@ -18,8 +18,8 @@ package kvm import ( "fmt" "os" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/ring0" "gvisor.dev/gvisor/pkg/ring0/pagetables" "gvisor.dev/gvisor/pkg/sentry/platform" @@ -77,7 +77,7 @@ var ( // OpenDevice opens the KVM device at /dev/kvm and returns the File. func OpenDevice() (*os.File, error) { - f, err := os.OpenFile("/dev/kvm", syscall.O_RDWR, 0) + f, err := os.OpenFile("/dev/kvm", unix.O_RDWR, 0) if err != nil { return nil, fmt.Errorf("error opening /dev/kvm: %v", err) } @@ -99,11 +99,11 @@ func New(deviceFile *os.File) (*KVM, error) { // Create a new VM fd. var ( vm uintptr - errno syscall.Errno + errno unix.Errno ) for { - vm, _, errno = syscall.Syscall(syscall.SYS_IOCTL, fd, _KVM_CREATE_VM, 0) - if errno == syscall.EINTR { + vm, _, errno = unix.Syscall(unix.SYS_IOCTL, fd, _KVM_CREATE_VM, 0) + if errno == unix.EINTR { continue } if errno != 0 { diff --git a/pkg/sentry/platform/kvm/kvm_amd64_unsafe.go b/pkg/sentry/platform/kvm/kvm_amd64_unsafe.go index 46c4b9113..0c43d72f4 100644 --- a/pkg/sentry/platform/kvm/kvm_amd64_unsafe.go +++ b/pkg/sentry/platform/kvm/kvm_amd64_unsafe.go @@ -18,8 +18,9 @@ package kvm import ( "fmt" - "syscall" "unsafe" + + "golang.org/x/sys/unix" ) var ( @@ -30,7 +31,7 @@ var ( func updateSystemValues(fd int) error { // Extract the mmap size. - sz, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(fd), _KVM_GET_VCPU_MMAP_SIZE, 0) + sz, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(fd), _KVM_GET_VCPU_MMAP_SIZE, 0) if errno != 0 { return fmt.Errorf("getting VCPU mmap size: %v", errno) } @@ -39,19 +40,19 @@ func updateSystemValues(fd int) error { runDataSize = int(sz) // Must do the dance to figure out the number of entries. - _, _, errno = syscall.RawSyscall( - syscall.SYS_IOCTL, + _, _, errno = unix.RawSyscall( + unix.SYS_IOCTL, uintptr(fd), _KVM_GET_SUPPORTED_CPUID, uintptr(unsafe.Pointer(&cpuidSupported))) - if errno != 0 && errno != syscall.ENOMEM { + if errno != 0 && errno != unix.ENOMEM { // Some other error occurred. return fmt.Errorf("getting supported CPUID: %v", errno) } // The number should now be correct. - _, _, errno = syscall.RawSyscall( - syscall.SYS_IOCTL, + _, _, errno = unix.RawSyscall( + unix.SYS_IOCTL, uintptr(fd), _KVM_GET_SUPPORTED_CPUID, uintptr(unsafe.Pointer(&cpuidSupported))) diff --git a/pkg/sentry/platform/kvm/kvm_arm64_unsafe.go b/pkg/sentry/platform/kvm/kvm_arm64_unsafe.go index 48ccf8474..f07a9f34d 100644 --- a/pkg/sentry/platform/kvm/kvm_arm64_unsafe.go +++ b/pkg/sentry/platform/kvm/kvm_arm64_unsafe.go @@ -18,7 +18,8 @@ package kvm import ( "fmt" - "syscall" + + "golang.org/x/sys/unix" ) var ( @@ -28,7 +29,7 @@ var ( func updateSystemValues(fd int) error { // Extract the mmap size. - sz, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(fd), _KVM_GET_VCPU_MMAP_SIZE, 0) + sz, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(fd), _KVM_GET_VCPU_MMAP_SIZE, 0) if errno != 0 { return fmt.Errorf("getting VCPU mmap size: %v", errno) } diff --git a/pkg/sentry/platform/kvm/machine.go b/pkg/sentry/platform/kvm/machine.go index 1ece1b8d8..0e4cf01e1 100644 --- a/pkg/sentry/platform/kvm/machine.go +++ b/pkg/sentry/platform/kvm/machine.go @@ -18,8 +18,8 @@ import ( "fmt" "runtime" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/atomicbitops" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/procid" @@ -153,7 +153,7 @@ type dieState struct { func (m *machine) newVCPU() *vCPU { // Create the vCPU. id := int(atomic.AddUint32(&m.nextID, 1) - 1) - fd, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(m.fd), _KVM_CREATE_VCPU, uintptr(id)) + fd, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(m.fd), _KVM_CREATE_VCPU, uintptr(id)) if errno != 0 { panic(fmt.Sprintf("error creating new vCPU: %v", errno)) } @@ -193,7 +193,7 @@ func newMachine(vm int) (*machine, error) { m.available.L = &m.mu // Pull the maximum vCPUs. - maxVCPUs, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(m.fd), _KVM_CHECK_EXTENSION, _KVM_CAP_MAX_VCPUS) + maxVCPUs, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(m.fd), _KVM_CHECK_EXTENSION, _KVM_CAP_MAX_VCPUS) if errno != 0 { m.maxVCPUs = _KVM_NR_VCPUS } else { @@ -205,7 +205,7 @@ func newMachine(vm int) (*machine, error) { m.kernel.Init(m.maxVCPUs) // Pull the maximum slots. - maxSlots, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(m.fd), _KVM_CHECK_EXTENSION, _KVM_CAP_MAX_MEMSLOTS) + maxSlots, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(m.fd), _KVM_CHECK_EXTENSION, _KVM_CAP_MAX_MEMSLOTS) if errno != 0 { m.maxSlots = _KVM_NR_MEMSLOTS } else { @@ -357,13 +357,13 @@ func (m *machine) Destroy() { panic(fmt.Sprintf("error unmapping rundata: %v", err)) } } - if err := syscall.Close(int(c.fd)); err != nil { + if err := unix.Close(int(c.fd)); err != nil { panic(fmt.Sprintf("error closing vCPU fd: %v", err)) } } // vCPUs are gone: teardown machine state. - if err := syscall.Close(m.fd); err != nil { + if err := unix.Close(m.fd); err != nil { panic(fmt.Sprintf("error closing VM fd: %v", err)) } } @@ -546,7 +546,7 @@ func (c *vCPU) NotifyInterrupt() { } // pid is used below in bounce. -var pid = syscall.Getpid() +var pid = unix.Getpid() // bounce forces a return to the kernel or to host mode. // @@ -588,9 +588,9 @@ func (c *vCPU) bounce(forceGuestExit bool) { // under memory pressure. Since we already // marked ourselves as a waiter, we need to // ensure that a signal is actually delivered. - if err := syscall.Tgkill(pid, int(atomic.LoadUint64(&c.tid)), bounceSignal); err == nil { + if err := unix.Tgkill(pid, int(atomic.LoadUint64(&c.tid)), bounceSignal); err == nil { break - } else if err.(syscall.Errno) == syscall.EAGAIN { + } else if err.(unix.Errno) == unix.EAGAIN { continue } else { // Nothing else should be returned by tgkill. diff --git a/pkg/sentry/platform/kvm/machine_amd64.go b/pkg/sentry/platform/kvm/machine_amd64.go index 59c752d73..6e583baa3 100644 --- a/pkg/sentry/platform/kvm/machine_amd64.go +++ b/pkg/sentry/platform/kvm/machine_amd64.go @@ -21,8 +21,8 @@ import ( "math/big" "reflect" "runtime/debug" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/cpuid" "gvisor.dev/gvisor/pkg/ring0" "gvisor.dev/gvisor/pkg/ring0/pagetables" @@ -36,8 +36,8 @@ import ( func (m *machine) initArchState() error { // Set the legacy TSS address. This address is covered by the reserved // range (up to 4GB). In fact, this is a main reason it exists. - if _, _, errno := syscall.RawSyscall( - syscall.SYS_IOCTL, + if _, _, errno := unix.RawSyscall( + unix.SYS_IOCTL, uintptr(m.fd), _KVM_SET_TSS_ADDR, uintptr(reservedMemory-(3*usermem.PageSize))); errno != 0 { @@ -297,13 +297,13 @@ func (c *vCPU) fault(signal int32, info *arch.SignalInfo) (usermem.AccessType, e func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo) (usermem.AccessType, error) { // Check for canonical addresses. if regs := switchOpts.Registers; !ring0.IsCanonical(regs.Rip) { - return nonCanonical(regs.Rip, int32(syscall.SIGSEGV), info) + return nonCanonical(regs.Rip, int32(unix.SIGSEGV), info) } else if !ring0.IsCanonical(regs.Rsp) { - return nonCanonical(regs.Rsp, int32(syscall.SIGBUS), info) + return nonCanonical(regs.Rsp, int32(unix.SIGBUS), info) } else if !ring0.IsCanonical(regs.Fs_base) { - return nonCanonical(regs.Fs_base, int32(syscall.SIGBUS), info) + return nonCanonical(regs.Fs_base, int32(unix.SIGBUS), info) } else if !ring0.IsCanonical(regs.Gs_base) { - return nonCanonical(regs.Gs_base, int32(syscall.SIGBUS), info) + return nonCanonical(regs.Gs_base, int32(unix.SIGBUS), info) } // Assign PCIDs. @@ -332,11 +332,11 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo) return usermem.NoAccess, nil case ring0.PageFault: - return c.fault(int32(syscall.SIGSEGV), info) + return c.fault(int32(unix.SIGSEGV), info) case ring0.Debug, ring0.Breakpoint: *info = arch.SignalInfo{ - Signo: int32(syscall.SIGTRAP), + Signo: int32(unix.SIGTRAP), Code: 1, // TRAP_BRKPT (breakpoint). } info.SetAddr(switchOpts.Registers.Rip) // Include address. @@ -348,7 +348,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo) ring0.InvalidTSS, ring0.StackSegmentFault: *info = arch.SignalInfo{ - Signo: int32(syscall.SIGSEGV), + Signo: int32(unix.SIGSEGV), Code: arch.SignalInfoKernel, } info.SetAddr(switchOpts.Registers.Rip) // Include address. @@ -362,7 +362,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo) case ring0.InvalidOpcode: *info = arch.SignalInfo{ - Signo: int32(syscall.SIGILL), + Signo: int32(unix.SIGILL), Code: 1, // ILL_ILLOPC (illegal opcode). } info.SetAddr(switchOpts.Registers.Rip) // Include address. @@ -370,7 +370,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo) case ring0.DivideByZero: *info = arch.SignalInfo{ - Signo: int32(syscall.SIGFPE), + Signo: int32(unix.SIGFPE), Code: 1, // FPE_INTDIV (divide by zero). } info.SetAddr(switchOpts.Registers.Rip) // Include address. @@ -378,7 +378,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo) case ring0.Overflow: *info = arch.SignalInfo{ - Signo: int32(syscall.SIGFPE), + Signo: int32(unix.SIGFPE), Code: 2, // FPE_INTOVF (integer overflow). } info.SetAddr(switchOpts.Registers.Rip) // Include address. @@ -387,7 +387,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo) case ring0.X87FloatingPointException, ring0.SIMDFloatingPointException: *info = arch.SignalInfo{ - Signo: int32(syscall.SIGFPE), + Signo: int32(unix.SIGFPE), Code: 7, // FPE_FLTINV (invalid operation). } info.SetAddr(switchOpts.Registers.Rip) // Include address. @@ -398,7 +398,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo) case ring0.AlignmentCheck: *info = arch.SignalInfo{ - Signo: int32(syscall.SIGBUS), + Signo: int32(unix.SIGBUS), Code: 2, // BUS_ADRERR (physical address does not exist). } return usermem.NoAccess, platform.ErrContextSignal @@ -409,7 +409,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo) // really not. This could happen, e.g. if some file is // truncated (and would generate a SIGBUS) and we map it // directly into the instance. - return c.fault(int32(syscall.SIGBUS), info) + return c.fault(int32(unix.SIGBUS), info) case ring0.DeviceNotAvailable, ring0.DoubleFault, diff --git a/pkg/sentry/platform/kvm/machine_amd64_unsafe.go b/pkg/sentry/platform/kvm/machine_amd64_unsafe.go index b430f92c6..83bcc7406 100644 --- a/pkg/sentry/platform/kvm/machine_amd64_unsafe.go +++ b/pkg/sentry/platform/kvm/machine_amd64_unsafe.go @@ -19,9 +19,9 @@ package kvm import ( "fmt" "sync/atomic" - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" ) @@ -31,15 +31,15 @@ import ( // //go:nosplit func (c *vCPU) loadSegments(tid uint64) { - if _, _, errno := syscall.RawSyscall( - syscall.SYS_ARCH_PRCTL, + if _, _, errno := unix.RawSyscall( + unix.SYS_ARCH_PRCTL, linux.ARCH_GET_FS, uintptr(unsafe.Pointer(&c.CPU.Registers().Fs_base)), 0); errno != 0 { throw("getting FS segment") } - if _, _, errno := syscall.RawSyscall( - syscall.SYS_ARCH_PRCTL, + if _, _, errno := unix.RawSyscall( + unix.SYS_ARCH_PRCTL, linux.ARCH_GET_GS, uintptr(unsafe.Pointer(&c.CPU.Registers().Gs_base)), 0); errno != 0 { @@ -50,8 +50,8 @@ func (c *vCPU) loadSegments(tid uint64) { // setCPUID sets the CPUID to be used by the guest. func (c *vCPU) setCPUID() error { - if _, _, errno := syscall.RawSyscall( - syscall.SYS_IOCTL, + if _, _, errno := unix.RawSyscall( + unix.SYS_IOCTL, uintptr(c.fd), _KVM_SET_CPUID2, uintptr(unsafe.Pointer(&cpuidSupported))); errno != 0 { @@ -64,8 +64,8 @@ func (c *vCPU) setCPUID() error { // // If mustSucceed is true, then this function panics on error. func (c *vCPU) getTSCFreq() (uintptr, error) { - rawFreq, _, errno := syscall.RawSyscall( - syscall.SYS_IOCTL, + rawFreq, _, errno := unix.RawSyscall( + unix.SYS_IOCTL, uintptr(c.fd), _KVM_GET_TSC_KHZ, 0 /* ignored */) @@ -77,8 +77,8 @@ func (c *vCPU) getTSCFreq() (uintptr, error) { // setTSCFreq sets the TSC frequency. func (c *vCPU) setTSCFreq(freq uintptr) error { - if _, _, errno := syscall.RawSyscall( - syscall.SYS_IOCTL, + if _, _, errno := unix.RawSyscall( + unix.SYS_IOCTL, uintptr(c.fd), _KVM_SET_TSC_KHZ, freq /* khz */); errno != 0 { @@ -95,8 +95,8 @@ func (c *vCPU) setTSC(value uint64) error { } registers.entries[0].index = _MSR_IA32_TSC registers.entries[0].data = value - if _, _, errno := syscall.RawSyscall( - syscall.SYS_IOCTL, + if _, _, errno := unix.RawSyscall( + unix.SYS_IOCTL, uintptr(c.fd), _KVM_SET_MSRS, uintptr(unsafe.Pointer(®isters))); errno != 0 { @@ -108,9 +108,9 @@ func (c *vCPU) setTSC(value uint64) error { // setUserRegisters sets user registers in the vCPU. // //go:nosplit -func (c *vCPU) setUserRegisters(uregs *userRegs) syscall.Errno { - if _, _, errno := syscall.RawSyscall( - syscall.SYS_IOCTL, +func (c *vCPU) setUserRegisters(uregs *userRegs) unix.Errno { + if _, _, errno := unix.RawSyscall( + unix.SYS_IOCTL, uintptr(c.fd), _KVM_SET_REGS, uintptr(unsafe.Pointer(uregs))); errno != 0 { @@ -124,9 +124,9 @@ func (c *vCPU) setUserRegisters(uregs *userRegs) syscall.Errno { // This is safe to call from a nosplit context. // //go:nosplit -func (c *vCPU) getUserRegisters(uregs *userRegs) syscall.Errno { - if _, _, errno := syscall.RawSyscall( // escapes: no. - syscall.SYS_IOCTL, +func (c *vCPU) getUserRegisters(uregs *userRegs) unix.Errno { + if _, _, errno := unix.RawSyscall( // escapes: no. + unix.SYS_IOCTL, uintptr(c.fd), _KVM_GET_REGS, uintptr(unsafe.Pointer(uregs))); errno != 0 { @@ -137,8 +137,8 @@ func (c *vCPU) getUserRegisters(uregs *userRegs) syscall.Errno { // setSystemRegisters sets system registers. func (c *vCPU) setSystemRegisters(sregs *systemRegs) error { - if _, _, errno := syscall.RawSyscall( - syscall.SYS_IOCTL, + if _, _, errno := unix.RawSyscall( + unix.SYS_IOCTL, uintptr(c.fd), _KVM_SET_SREGS, uintptr(unsafe.Pointer(sregs))); errno != 0 { @@ -150,9 +150,9 @@ func (c *vCPU) setSystemRegisters(sregs *systemRegs) error { // getSystemRegisters sets system registers. // //go:nosplit -func (c *vCPU) getSystemRegisters(sregs *systemRegs) syscall.Errno { - if _, _, errno := syscall.RawSyscall( - syscall.SYS_IOCTL, +func (c *vCPU) getSystemRegisters(sregs *systemRegs) unix.Errno { + if _, _, errno := unix.RawSyscall( + unix.SYS_IOCTL, uintptr(c.fd), _KVM_GET_SREGS, uintptr(unsafe.Pointer(sregs))); errno != 0 { diff --git a/pkg/sentry/platform/kvm/machine_arm64_unsafe.go b/pkg/sentry/platform/kvm/machine_arm64_unsafe.go index 78cbd9701..059aa43d0 100644 --- a/pkg/sentry/platform/kvm/machine_arm64_unsafe.go +++ b/pkg/sentry/platform/kvm/machine_arm64_unsafe.go @@ -20,9 +20,9 @@ import ( "fmt" "reflect" "sync/atomic" - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/ring0" "gvisor.dev/gvisor/pkg/ring0/pagetables" "gvisor.dev/gvisor/pkg/sentry/arch" @@ -39,8 +39,8 @@ var vcpuInit kvmVcpuInit // initArchState initializes architecture-specific state. func (m *machine) initArchState() error { - if _, _, errno := syscall.RawSyscall( - syscall.SYS_IOCTL, + if _, _, errno := unix.RawSyscall( + unix.SYS_IOCTL, uintptr(m.fd), _KVM_ARM_PREFERRED_TARGET, uintptr(unsafe.Pointer(&vcpuInit))); errno != 0 { @@ -62,8 +62,8 @@ func (c *vCPU) initArchState() error { regGet.addr = uint64(reflect.ValueOf(&dataGet).Pointer()) vcpuInit.features[0] |= (1 << _KVM_ARM_VCPU_PSCI_0_2) - if _, _, errno := syscall.RawSyscall( - syscall.SYS_IOCTL, + if _, _, errno := unix.RawSyscall( + unix.SYS_IOCTL, uintptr(c.fd), _KVM_ARM_VCPU_INIT, uintptr(unsafe.Pointer(&vcpuInit))); errno != 0 { @@ -186,8 +186,8 @@ func (c *vCPU) loadSegments(tid uint64) { } func (c *vCPU) setOneRegister(reg *kvmOneReg) error { - if _, _, errno := syscall.RawSyscall( - syscall.SYS_IOCTL, + if _, _, errno := unix.RawSyscall( + unix.SYS_IOCTL, uintptr(c.fd), _KVM_SET_ONE_REG, uintptr(unsafe.Pointer(reg))); errno != 0 { @@ -197,8 +197,8 @@ func (c *vCPU) setOneRegister(reg *kvmOneReg) error { } func (c *vCPU) getOneRegister(reg *kvmOneReg) error { - if _, _, errno := syscall.RawSyscall( - syscall.SYS_IOCTL, + if _, _, errno := unix.RawSyscall( + unix.SYS_IOCTL, uintptr(c.fd), _KVM_GET_ONE_REG, uintptr(unsafe.Pointer(reg))); errno != 0 { @@ -211,9 +211,9 @@ func (c *vCPU) getOneRegister(reg *kvmOneReg) error { func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo) (usermem.AccessType, error) { // Check for canonical addresses. if regs := switchOpts.Registers; !ring0.IsCanonical(regs.Pc) { - return nonCanonical(regs.Pc, int32(syscall.SIGSEGV), info) + return nonCanonical(regs.Pc, int32(unix.SIGSEGV), info) } else if !ring0.IsCanonical(regs.Sp) { - return nonCanonical(regs.Sp, int32(syscall.SIGSEGV), info) + return nonCanonical(regs.Sp, int32(unix.SIGSEGV), info) } // Assign PCIDs. @@ -247,23 +247,23 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo) // Fast path: system call executed. return usermem.NoAccess, nil case ring0.PageFault: - return c.fault(int32(syscall.SIGSEGV), info) + return c.fault(int32(unix.SIGSEGV), info) case ring0.El0ErrNMI: - return c.fault(int32(syscall.SIGBUS), info) + return c.fault(int32(unix.SIGBUS), info) case ring0.Vector(bounce): // ring0.VirtualizationException. return usermem.NoAccess, platform.ErrContextInterrupt case ring0.El0SyncUndef: - return c.fault(int32(syscall.SIGILL), info) + return c.fault(int32(unix.SIGILL), info) case ring0.El0SyncDbg: *info = arch.SignalInfo{ - Signo: int32(syscall.SIGTRAP), + Signo: int32(unix.SIGTRAP), Code: 1, // TRAP_BRKPT (breakpoint). } info.SetAddr(switchOpts.Registers.Pc) // Include address. return usermem.AccessType{}, platform.ErrContextSignal case ring0.El0SyncSpPc: *info = arch.SignalInfo{ - Signo: int32(syscall.SIGBUS), + Signo: int32(unix.SIGBUS), Code: 2, // BUS_ADRERR (physical address does not exist). } return usermem.NoAccess, platform.ErrContextSignal diff --git a/pkg/sentry/platform/kvm/machine_unsafe.go b/pkg/sentry/platform/kvm/machine_unsafe.go index c322551d2..49e1c7136 100644 --- a/pkg/sentry/platform/kvm/machine_unsafe.go +++ b/pkg/sentry/platform/kvm/machine_unsafe.go @@ -23,9 +23,9 @@ import ( "fmt" "math" "sync/atomic" - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" ) @@ -41,7 +41,7 @@ func exitsyscall() // directly (instead of wrapping in an error) to avoid allocations. // //go:nosplit -func (m *machine) setMemoryRegion(slot int, physical, length, virtual uintptr, flags uint32) syscall.Errno { +func (m *machine) setMemoryRegion(slot int, physical, length, virtual uintptr, flags uint32) unix.Errno { userRegion := userMemoryRegion{ slot: uint32(slot), flags: uint32(flags), @@ -51,8 +51,8 @@ func (m *machine) setMemoryRegion(slot int, physical, length, virtual uintptr, f } // Set the region. - _, _, errno := syscall.RawSyscall( - syscall.SYS_IOCTL, + _, _, errno := unix.RawSyscall( + unix.SYS_IOCTL, uintptr(m.fd), _KVM_SET_USER_MEMORY_REGION, uintptr(unsafe.Pointer(&userRegion))) @@ -61,12 +61,12 @@ func (m *machine) setMemoryRegion(slot int, physical, length, virtual uintptr, f // mapRunData maps the vCPU run data. func mapRunData(fd int) (*runData, error) { - r, _, errno := syscall.RawSyscall6( - syscall.SYS_MMAP, + r, _, errno := unix.RawSyscall6( + unix.SYS_MMAP, 0, uintptr(runDataSize), - syscall.PROT_READ|syscall.PROT_WRITE, - syscall.MAP_SHARED, + unix.PROT_READ|unix.PROT_WRITE, + unix.MAP_SHARED, uintptr(fd), 0) if errno != 0 { @@ -77,8 +77,8 @@ func mapRunData(fd int) (*runData, error) { // unmapRunData unmaps the vCPU run data. func unmapRunData(r *runData) error { - if _, _, errno := syscall.RawSyscall( - syscall.SYS_MUNMAP, + if _, _, errno := unix.RawSyscall( + unix.SYS_MUNMAP, uintptr(unsafe.Pointer(r)), uintptr(runDataSize), 0); errno != 0 { @@ -115,8 +115,8 @@ func (a *atomicAddressSpace) get() *addressSpace { // //go:nosplit func (c *vCPU) notify() { - _, _, errno := syscall.RawSyscall6( // escapes: no. - syscall.SYS_FUTEX, + _, _, errno := unix.RawSyscall6( // escapes: no. + unix.SYS_FUTEX, uintptr(unsafe.Pointer(&c.state)), linux.FUTEX_WAKE|linux.FUTEX_PRIVATE_FLAG, math.MaxInt32, // Number of waiters. @@ -133,13 +133,13 @@ func (c *vCPU) notify() { // // This panics on error. func (c *vCPU) waitUntilNot(state uint32) { - _, _, errno := syscall.Syscall6( - syscall.SYS_FUTEX, + _, _, errno := unix.Syscall6( + unix.SYS_FUTEX, uintptr(unsafe.Pointer(&c.state)), linux.FUTEX_WAIT|linux.FUTEX_PRIVATE_FLAG, uintptr(state), 0, 0, 0) - if errno != 0 && errno != syscall.EINTR && errno != syscall.EAGAIN { + if errno != 0 && errno != unix.EINTR && errno != unix.EAGAIN { panic("futex wait error") } } @@ -159,8 +159,8 @@ func (c *vCPU) setSignalMask() error { data.length = 8 // Fixed sigset size. data.mask1 = ^uint32(bounceSignalMask & 0xffffffff) data.mask2 = ^uint32(bounceSignalMask >> 32) - if _, _, errno := syscall.RawSyscall( - syscall.SYS_IOCTL, + if _, _, errno := unix.RawSyscall( + unix.SYS_IOCTL, uintptr(c.fd), _KVM_SET_SIGNAL_MASK, uintptr(unsafe.Pointer(&data))); errno != 0 { diff --git a/pkg/sentry/platform/kvm/physical_map.go b/pkg/sentry/platform/kvm/physical_map.go index 8bdec93ae..7376d8b8d 100644 --- a/pkg/sentry/platform/kvm/physical_map.go +++ b/pkg/sentry/platform/kvm/physical_map.go @@ -17,8 +17,8 @@ package kvm import ( "fmt" "sort" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/ring0" "gvisor.dev/gvisor/pkg/usermem" @@ -90,12 +90,12 @@ func fillAddressSpace() (excludedRegions []region) { required := uintptr(requiredAddr) current := required // Attempted mmap size. for filled := uintptr(0); filled < required && current > 0; { - addr, _, errno := syscall.RawSyscall6( - syscall.SYS_MMAP, + addr, _, errno := unix.RawSyscall6( + unix.SYS_MMAP, 0, // Suggested address. current, - syscall.PROT_NONE, - syscall.MAP_ANONYMOUS|syscall.MAP_PRIVATE|syscall.MAP_NORESERVE, + unix.PROT_NONE, + unix.MAP_ANONYMOUS|unix.MAP_PRIVATE|unix.MAP_NORESERVE, 0, 0) if errno != 0 { // Attempt half the size; overflow not possible. diff --git a/pkg/sentry/platform/ptrace/filters.go b/pkg/sentry/platform/ptrace/filters.go index 20fc62acb..ba4503b0d 100644 --- a/pkg/sentry/platform/ptrace/filters.go +++ b/pkg/sentry/platform/ptrace/filters.go @@ -15,16 +15,15 @@ package ptrace import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/seccomp" ) // SyscallFilters returns syscalls made exclusively by the ptrace platform. func (*PTrace) SyscallFilters() seccomp.SyscallRules { return seccomp.SyscallRules{ - syscall.SYS_PTRACE: {}, - syscall.SYS_TGKILL: {}, - syscall.SYS_WAIT4: {}, + unix.SYS_PTRACE: {}, + unix.SYS_TGKILL: {}, + unix.SYS_WAIT4: {}, } } diff --git a/pkg/sentry/platform/ptrace/ptrace_arm64_unsafe.go b/pkg/sentry/platform/ptrace/ptrace_arm64_unsafe.go index 32b8a6be9..4f7fe993a 100644 --- a/pkg/sentry/platform/ptrace/ptrace_arm64_unsafe.go +++ b/pkg/sentry/platform/ptrace/ptrace_arm64_unsafe.go @@ -17,21 +17,21 @@ package ptrace import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" ) // getTLS gets the thread local storage register. func (t *thread) getTLS(tls *uint64) error { - iovec := syscall.Iovec{ + iovec := unix.Iovec{ Base: (*byte)(unsafe.Pointer(tls)), Len: uint64(unsafe.Sizeof(*tls)), } - _, _, errno := syscall.RawSyscall6( - syscall.SYS_PTRACE, - syscall.PTRACE_GETREGSET, + _, _, errno := unix.RawSyscall6( + unix.SYS_PTRACE, + unix.PTRACE_GETREGSET, uintptr(t.tid), linux.NT_ARM_TLS, uintptr(unsafe.Pointer(&iovec)), @@ -44,13 +44,13 @@ func (t *thread) getTLS(tls *uint64) error { // setTLS sets the thread local storage register. func (t *thread) setTLS(tls *uint64) error { - iovec := syscall.Iovec{ + iovec := unix.Iovec{ Base: (*byte)(unsafe.Pointer(tls)), Len: uint64(unsafe.Sizeof(*tls)), } - _, _, errno := syscall.RawSyscall6( - syscall.SYS_PTRACE, - syscall.PTRACE_SETREGSET, + _, _, errno := unix.RawSyscall6( + unix.SYS_PTRACE, + unix.PTRACE_SETREGSET, uintptr(t.tid), linux.NT_ARM_TLS, uintptr(unsafe.Pointer(&iovec)), diff --git a/pkg/sentry/platform/ptrace/ptrace_unsafe.go b/pkg/sentry/platform/ptrace/ptrace_unsafe.go index 8b72d24e8..2c21f946e 100644 --- a/pkg/sentry/platform/ptrace/ptrace_unsafe.go +++ b/pkg/sentry/platform/ptrace/ptrace_unsafe.go @@ -15,9 +15,9 @@ package ptrace import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/sentry/arch" "gvisor.dev/gvisor/pkg/usermem" @@ -25,13 +25,13 @@ import ( // getRegs gets the general purpose register set. func (t *thread) getRegs(regs *arch.Registers) error { - iovec := syscall.Iovec{ + iovec := unix.Iovec{ Base: (*byte)(unsafe.Pointer(regs)), Len: uint64(unsafe.Sizeof(*regs)), } - _, _, errno := syscall.RawSyscall6( - syscall.SYS_PTRACE, - syscall.PTRACE_GETREGSET, + _, _, errno := unix.RawSyscall6( + unix.SYS_PTRACE, + unix.PTRACE_GETREGSET, uintptr(t.tid), linux.NT_PRSTATUS, uintptr(unsafe.Pointer(&iovec)), @@ -44,13 +44,13 @@ func (t *thread) getRegs(regs *arch.Registers) error { // setRegs sets the general purpose register set. func (t *thread) setRegs(regs *arch.Registers) error { - iovec := syscall.Iovec{ + iovec := unix.Iovec{ Base: (*byte)(unsafe.Pointer(regs)), Len: uint64(unsafe.Sizeof(*regs)), } - _, _, errno := syscall.RawSyscall6( - syscall.SYS_PTRACE, - syscall.PTRACE_SETREGSET, + _, _, errno := unix.RawSyscall6( + unix.SYS_PTRACE, + unix.PTRACE_SETREGSET, uintptr(t.tid), linux.NT_PRSTATUS, uintptr(unsafe.Pointer(&iovec)), @@ -61,15 +61,15 @@ func (t *thread) setRegs(regs *arch.Registers) error { return nil } -// getFPRegs gets the floating-point data via the GETREGSET ptrace syscall. +// getFPRegs gets the floating-point data via the GETREGSET ptrace unix. func (t *thread) getFPRegs(fpState *arch.FloatingPointData, fpLen uint64, useXsave bool) error { - iovec := syscall.Iovec{ + iovec := unix.Iovec{ Base: (*byte)(fpState), Len: fpLen, } - _, _, errno := syscall.RawSyscall6( - syscall.SYS_PTRACE, - syscall.PTRACE_GETREGSET, + _, _, errno := unix.RawSyscall6( + unix.SYS_PTRACE, + unix.PTRACE_GETREGSET, uintptr(t.tid), fpRegSet(useXsave), uintptr(unsafe.Pointer(&iovec)), @@ -80,15 +80,15 @@ func (t *thread) getFPRegs(fpState *arch.FloatingPointData, fpLen uint64, useXsa return nil } -// setFPRegs sets the floating-point data via the SETREGSET ptrace syscall. +// setFPRegs sets the floating-point data via the SETREGSET ptrace unix. func (t *thread) setFPRegs(fpState *arch.FloatingPointData, fpLen uint64, useXsave bool) error { - iovec := syscall.Iovec{ + iovec := unix.Iovec{ Base: (*byte)(fpState), Len: fpLen, } - _, _, errno := syscall.RawSyscall6( - syscall.SYS_PTRACE, - syscall.PTRACE_SETREGSET, + _, _, errno := unix.RawSyscall6( + unix.SYS_PTRACE, + unix.PTRACE_SETREGSET, uintptr(t.tid), fpRegSet(useXsave), uintptr(unsafe.Pointer(&iovec)), @@ -101,9 +101,9 @@ func (t *thread) setFPRegs(fpState *arch.FloatingPointData, fpLen uint64, useXsa // getSignalInfo retrieves information about the signal that caused the stop. func (t *thread) getSignalInfo(si *arch.SignalInfo) error { - _, _, errno := syscall.RawSyscall6( - syscall.SYS_PTRACE, - syscall.PTRACE_GETSIGINFO, + _, _, errno := unix.RawSyscall6( + unix.SYS_PTRACE, + unix.PTRACE_GETSIGINFO, uintptr(t.tid), 0, uintptr(unsafe.Pointer(si)), @@ -123,18 +123,18 @@ func (t *thread) getSignalInfo(si *arch.SignalInfo) error { func (t *thread) clone() (*thread, error) { r, ok := usermem.Addr(stackPointer(&t.initRegs)).RoundUp() if !ok { - return nil, syscall.EINVAL + return nil, unix.EINVAL } rval, err := t.syscallIgnoreInterrupt( &t.initRegs, - syscall.SYS_CLONE, + unix.SYS_CLONE, arch.SyscallArgument{Value: uintptr( - syscall.CLONE_FILES | - syscall.CLONE_FS | - syscall.CLONE_SIGHAND | - syscall.CLONE_THREAD | - syscall.CLONE_PTRACE | - syscall.CLONE_VM)}, + unix.CLONE_FILES | + unix.CLONE_FS | + unix.CLONE_SIGHAND | + unix.CLONE_THREAD | + unix.CLONE_PTRACE | + unix.CLONE_VM)}, // The stack pointer is just made up, but we have it be // something sensible so the kernel doesn't think we're // up to no good. Which we are. @@ -158,9 +158,9 @@ func (t *thread) clone() (*thread, error) { // getEventMessage retrieves a message about the ptrace event that just happened. func (t *thread) getEventMessage() (uintptr, error) { var msg uintptr - _, _, errno := syscall.RawSyscall6( - syscall.SYS_PTRACE, - syscall.PTRACE_GETEVENTMSG, + _, _, errno := unix.RawSyscall6( + unix.SYS_PTRACE, + unix.PTRACE_GETEVENTMSG, uintptr(t.tid), 0, uintptr(unsafe.Pointer(&msg)), diff --git a/pkg/sentry/platform/ptrace/stub_unsafe.go b/pkg/sentry/platform/ptrace/stub_unsafe.go index 341dde143..780227248 100644 --- a/pkg/sentry/platform/ptrace/stub_unsafe.go +++ b/pkg/sentry/platform/ptrace/stub_unsafe.go @@ -16,9 +16,9 @@ package ptrace import ( "reflect" - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/safecopy" "gvisor.dev/gvisor/pkg/usermem" ) @@ -56,17 +56,17 @@ func stubInit() { // something that may have been there already. We just walk // down the address space until we find a place where the stub // can be placed. - addr, _, errno := syscall.RawSyscall6( - syscall.SYS_MMAP, + addr, _, errno := unix.RawSyscall6( + unix.SYS_MMAP, stubStart, mapLen, - syscall.PROT_WRITE|syscall.PROT_READ, - syscall.MAP_PRIVATE|syscall.MAP_ANONYMOUS, + unix.PROT_WRITE|unix.PROT_READ, + unix.MAP_PRIVATE|unix.MAP_ANONYMOUS, 0 /* fd */, 0 /* offset */) if addr != stubStart || errno != 0 { if addr != 0 { // Unmap the region we've mapped accidentally. - syscall.RawSyscall(syscall.SYS_MUNMAP, addr, mapLen, 0) + unix.RawSyscall(unix.SYS_MUNMAP, addr, mapLen, 0) } // Attempt to begin at a lower address. @@ -79,11 +79,11 @@ func stubInit() { copy(targetSlice, stubSlice) // Make the stub executable. - if _, _, errno := syscall.RawSyscall( - syscall.SYS_MPROTECT, + if _, _, errno := unix.RawSyscall( + unix.SYS_MPROTECT, stubStart, mapLen, - syscall.PROT_EXEC|syscall.PROT_READ); errno != 0 { + unix.PROT_EXEC|unix.PROT_READ); errno != 0 { panic("mprotect failed: " + errno.Error()) } diff --git a/pkg/sentry/platform/ptrace/subprocess.go b/pkg/sentry/platform/ptrace/subprocess.go index 17fb0a0d8..acccbfe2e 100644 --- a/pkg/sentry/platform/ptrace/subprocess.go +++ b/pkg/sentry/platform/ptrace/subprocess.go @@ -18,7 +18,6 @@ import ( "fmt" "os" "runtime" - "syscall" "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/log" @@ -35,9 +34,9 @@ import ( // // These constants are only used in subprocess.go. const ( - ERESTARTSYS = syscall.Errno(512) - ERESTARTNOINTR = syscall.Errno(513) - ERESTARTNOHAND = syscall.Errno(514) + ERESTARTSYS = unix.Errno(512) + ERESTARTNOINTR = unix.Errno(513) + ERESTARTNOHAND = unix.Errno(514) ) // globalPool exists to solve two distinct problems: @@ -96,7 +95,7 @@ func (tp *threadPool) lookupOrCreate(currentTID int32, newThread func() *thread) // threads never exiting. for origTID, t := range tp.threads { // Signal zero is an easy existence check. - if err := syscall.Tgkill(syscall.Getpid(), int(origTID), 0); err != nil { + if err := unix.Tgkill(unix.Getpid(), int(origTID), 0); err != nil { // This thread has been abandoned; reuse it. delete(tp.threads, origTID) tp.threads[currentTID] = t @@ -186,7 +185,7 @@ func newSubprocess(create func() (*thread, error)) (*subprocess, error) { // (Hopefully nobody tgkilled it with a signal < // SIGSTOP before the SIGSTOP was delivered, in which // case that signal would be delivered before SIGSTOP.) - if sig := t.wait(stopped); sig != syscall.SIGSTOP { + if sig := t.wait(stopped); sig != unix.SIGSTOP { panic(fmt.Sprintf("error waiting for new clone: expected SIGSTOP, got %v", sig)) } @@ -269,7 +268,7 @@ func (s *subprocess) newThread() *thread { // attach attaches to the thread. func (t *thread) attach() { - if _, _, errno := syscall.RawSyscall6(syscall.SYS_PTRACE, syscall.PTRACE_ATTACH, uintptr(t.tid), 0, 0, 0, 0); errno != 0 { + if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_ATTACH, uintptr(t.tid), 0, 0, 0, 0); errno != 0 { panic(fmt.Sprintf("unable to attach: %v", errno)) } @@ -277,7 +276,7 @@ func (t *thread) attach() { // stopped from the SIGSTOP queued by CLONE_PTRACE (see inner loop of // newSubprocess), so we always expect to see signal-delivery-stop with // SIGSTOP. - if sig := t.wait(stopped); sig != syscall.SIGSTOP { + if sig := t.wait(stopped); sig != unix.SIGSTOP { panic(fmt.Sprintf("wait failed: expected SIGSTOP, got %v", sig)) } @@ -301,7 +300,7 @@ func (t *thread) grabInitRegs() { // // Because the SIGSTOP is not suppressed, the thread will enter group-stop. func (t *thread) detach() { - if _, _, errno := syscall.RawSyscall6(syscall.SYS_PTRACE, syscall.PTRACE_DETACH, uintptr(t.tid), 0, uintptr(syscall.SIGSTOP), 0, 0); errno != 0 { + if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_DETACH, uintptr(t.tid), 0, uintptr(unix.SIGSTOP), 0, 0); errno != 0 { panic(fmt.Sprintf("can't detach new clone: %v", errno)) } } @@ -331,14 +330,14 @@ func (t *thread) dumpAndPanic(message string) { func (t *thread) unexpectedStubExit() { msg, err := t.getEventMessage() - status := syscall.WaitStatus(msg) - if status.Signaled() && status.Signal() == syscall.SIGKILL { + status := unix.WaitStatus(msg) + if status.Signaled() && status.Signal() == unix.SIGKILL { // SIGKILL can be only sent by a user or OOM-killer. In both // these cases, we don't need to panic. There is no reasons to // think that something wrong in gVisor. log.Warningf("The ptrace stub process %v has been killed by SIGKILL.", t.tgid) pid := os.Getpid() - syscall.Tgkill(pid, pid, syscall.Signal(syscall.SIGKILL)) + unix.Tgkill(pid, pid, unix.Signal(unix.SIGKILL)) } t.dumpAndPanic(fmt.Sprintf("wait failed: the process %d:%d exited: %x (err %v)", t.tgid, t.tid, msg, err)) } @@ -346,12 +345,12 @@ func (t *thread) unexpectedStubExit() { // wait waits for a stop event. // // Precondition: outcome is a valid waitOutcome. -func (t *thread) wait(outcome waitOutcome) syscall.Signal { - var status syscall.WaitStatus +func (t *thread) wait(outcome waitOutcome) unix.Signal { + var status unix.WaitStatus for { - r, err := syscall.Wait4(int(t.tid), &status, syscall.WALL|syscall.WUNTRACED, nil) - if err == syscall.EINTR || err == syscall.EAGAIN { + r, err := unix.Wait4(int(t.tid), &status, unix.WALL|unix.WUNTRACED, nil) + if err == unix.EINTR || err == unix.EAGAIN { // Wait was interrupted; wait again. continue } else if err != nil { @@ -369,12 +368,12 @@ func (t *thread) wait(outcome waitOutcome) syscall.Signal { if stopSig == 0 { continue // Spurious stop. } - if stopSig == syscall.SIGTRAP { - if status.TrapCause() == syscall.PTRACE_EVENT_EXIT { + if stopSig == unix.SIGTRAP { + if status.TrapCause() == unix.PTRACE_EVENT_EXIT { t.unexpectedStubExit() } // Re-encode the trap cause the way it's expected. - return stopSig | syscall.Signal(status.TrapCause()<<8) + return stopSig | unix.Signal(status.TrapCause()<<8) } // Not a trap signal. return stopSig @@ -382,7 +381,7 @@ func (t *thread) wait(outcome waitOutcome) syscall.Signal { if !status.Exited() && !status.Signaled() { t.dumpAndPanic(fmt.Sprintf("ptrace status unexpected: got %v, wanted exited", status)) } - return syscall.Signal(status.ExitStatus()) + return unix.Signal(status.ExitStatus()) default: // Should not happen. t.dumpAndPanic(fmt.Sprintf("unknown outcome: %v", outcome)) @@ -397,7 +396,7 @@ func (t *thread) wait(outcome waitOutcome) syscall.Signal { // manually created threads. func (t *thread) destroy() { t.detach() - syscall.Tgkill(int(t.tgid), int(t.tid), syscall.Signal(syscall.SIGKILL)) + unix.Tgkill(int(t.tgid), int(t.tid), unix.Signal(unix.SIGKILL)) t.wait(killed) } @@ -407,12 +406,12 @@ func (t *thread) init() { // set PTRACE_O_EXITKILL to ensure that the unexpected exit of the // sentry will immediately kill the associated stubs. const PTRACE_O_EXITKILL = 0x100000 - _, _, errno := syscall.RawSyscall6( - syscall.SYS_PTRACE, - syscall.PTRACE_SETOPTIONS, + _, _, errno := unix.RawSyscall6( + unix.SYS_PTRACE, + unix.PTRACE_SETOPTIONS, uintptr(t.tid), 0, - syscall.PTRACE_O_TRACESYSGOOD|syscall.PTRACE_O_TRACEEXIT|PTRACE_O_EXITKILL, + unix.PTRACE_O_TRACESYSGOOD|unix.PTRACE_O_TRACEEXIT|PTRACE_O_EXITKILL, 0, 0) if errno != 0 { panic(fmt.Sprintf("ptrace set options failed: %v", errno)) @@ -434,17 +433,17 @@ func (t *thread) syscall(regs *arch.Registers) (uintptr, error) { // Execute the syscall instruction. The task has to stop on the // trap instruction which is right after the syscall // instruction. - if _, _, errno := syscall.RawSyscall6(syscall.SYS_PTRACE, syscall.PTRACE_CONT, uintptr(t.tid), 0, 0, 0, 0); errno != 0 { + if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_CONT, uintptr(t.tid), 0, 0, 0, 0); errno != 0 { panic(fmt.Sprintf("ptrace syscall-enter failed: %v", errno)) } sig := t.wait(stopped) - if sig == syscall.SIGTRAP { + if sig == unix.SIGTRAP { // Reached syscall-enter-stop. break } else { // Some other signal caused a thread stop; ignore. - if sig != syscall.SIGSTOP && sig != syscall.SIGCHLD { + if sig != unix.SIGSTOP && sig != unix.SIGCHLD { log.Warningf("The thread %d:%d has been interrupted by %d", t.tgid, t.tid, sig) } continue @@ -483,7 +482,7 @@ func (t *thread) syscallIgnoreInterrupt( // NotifyInterrupt implements interrupt.Receiver.NotifyInterrupt. func (t *thread) NotifyInterrupt() { - syscall.Tgkill(int(t.tgid), int(t.tid), syscall.Signal(platform.SignalInterrupt)) + unix.Tgkill(int(t.tgid), int(t.tid), unix.Signal(platform.SignalInterrupt)) } // switchToApp is called from the main SwitchToApp entrypoint. @@ -532,15 +531,15 @@ func (s *subprocess) switchToApp(c *context, ac arch.Context) bool { for { // Start running until the next system call. if isSingleStepping(regs) { - if _, _, errno := syscall.RawSyscall6( - syscall.SYS_PTRACE, + if _, _, errno := unix.RawSyscall6( + unix.SYS_PTRACE, unix.PTRACE_SYSEMU_SINGLESTEP, uintptr(t.tid), 0, 0, 0, 0); errno != 0 { panic(fmt.Sprintf("ptrace sysemu failed: %v", errno)) } } else { - if _, _, errno := syscall.RawSyscall6( - syscall.SYS_PTRACE, + if _, _, errno := unix.RawSyscall6( + unix.SYS_PTRACE, unix.PTRACE_SYSEMU, uintptr(t.tid), 0, 0, 0, 0); errno != 0 { panic(fmt.Sprintf("ptrace sysemu failed: %v", errno)) @@ -550,7 +549,7 @@ func (s *subprocess) switchToApp(c *context, ac arch.Context) bool { // Wait for the syscall-enter stop. sig := t.wait(stopped) - if sig == syscall.SIGSTOP { + if sig == unix.SIGSTOP { // SIGSTOP was delivered to another thread in the same thread // group, which initiated another group stop. Just ignore it. continue @@ -571,7 +570,7 @@ func (s *subprocess) switchToApp(c *context, ac arch.Context) bool { } // Is it a system call? - if sig == (syscallEvent | syscall.SIGTRAP) { + if sig == (syscallEvent | unix.SIGTRAP) { s.arm64SyscallWorkaround(t, regs) // Ensure registers are sane. @@ -619,14 +618,14 @@ func (s *subprocess) syscall(sysno uintptr, args ...arch.SyscallArgument) (uintp func (s *subprocess) MapFile(addr usermem.Addr, f memmap.File, fr memmap.FileRange, at usermem.AccessType, precommit bool) error { var flags int if precommit { - flags |= syscall.MAP_POPULATE + flags |= unix.MAP_POPULATE } _, err := s.syscall( - syscall.SYS_MMAP, + unix.SYS_MMAP, arch.SyscallArgument{Value: uintptr(addr)}, arch.SyscallArgument{Value: uintptr(fr.Length())}, arch.SyscallArgument{Value: uintptr(at.Prot())}, - arch.SyscallArgument{Value: uintptr(flags | syscall.MAP_SHARED | syscall.MAP_FIXED)}, + arch.SyscallArgument{Value: uintptr(flags | unix.MAP_SHARED | unix.MAP_FIXED)}, arch.SyscallArgument{Value: uintptr(f.FD())}, arch.SyscallArgument{Value: uintptr(fr.Start)}) return err @@ -653,7 +652,7 @@ func (s *subprocess) Unmap(addr usermem.Addr, length uint64) { } s.mu.Unlock() _, err := s.syscall( - syscall.SYS_MUNMAP, + unix.SYS_MUNMAP, arch.SyscallArgument{Value: uintptr(addr)}, arch.SyscallArgument{Value: uintptr(length)}) if err != nil { diff --git a/pkg/sentry/platform/ptrace/subprocess_amd64.go b/pkg/sentry/platform/ptrace/subprocess_amd64.go index 04815282b..9252c0bd7 100644 --- a/pkg/sentry/platform/ptrace/subprocess_amd64.go +++ b/pkg/sentry/platform/ptrace/subprocess_amd64.go @@ -19,7 +19,6 @@ package ptrace import ( "fmt" "strings" - "syscall" "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" @@ -96,7 +95,7 @@ func updateSyscallRegs(regs *arch.Registers) { func syscallReturnValue(regs *arch.Registers) (uintptr, error) { rval := int64(regs.Rax) if rval < 0 { - return 0, syscall.Errno(-rval) + return 0, unix.Errno(-rval) } return uintptr(rval), nil } @@ -179,7 +178,7 @@ func patchSignalInfo(regs *arch.Registers, signalInfo *arch.SignalInfo) { // //go:nosplit func enableCpuidFault() { - syscall.RawSyscall6(syscall.SYS_ARCH_PRCTL, linux.ARCH_SET_CPUID, 0, 0, 0, 0, 0) + unix.RawSyscall6(unix.SYS_ARCH_PRCTL, linux.ARCH_SET_CPUID, 0, 0, 0, 0, 0) } // appendArchSeccompRules append architecture specific seccomp rules when creating BPF program. @@ -189,9 +188,9 @@ func appendArchSeccompRules(rules []seccomp.RuleSet, defaultAction linux.BPFActi // Rules for trapping vsyscall access. seccomp.RuleSet{ Rules: seccomp.SyscallRules{ - syscall.SYS_GETTIMEOFDAY: {}, - syscall.SYS_TIME: {}, - unix.SYS_GETCPU: {}, // SYS_GETCPU was not defined in package syscall on amd64. + unix.SYS_GETTIMEOFDAY: {}, + unix.SYS_TIME: {}, + unix.SYS_GETCPU: {}, // SYS_GETCPU was not defined in package syscall on amd64. }, Action: linux.SECCOMP_RET_TRAP, Vsyscall: true, @@ -200,7 +199,7 @@ func appendArchSeccompRules(rules []seccomp.RuleSet, defaultAction linux.BPFActi rules = append(rules, seccomp.RuleSet{ Rules: seccomp.SyscallRules{ - syscall.SYS_ARCH_PRCTL: []seccomp.Rule{ + unix.SYS_ARCH_PRCTL: []seccomp.Rule{ {seccomp.EqualTo(linux.ARCH_SET_CPUID), seccomp.EqualTo(0)}, }, }, @@ -227,19 +226,19 @@ func probeSeccomp() bool { // Set registers to the yield system call. This call is not allowed // by the filters specified in the attachThread function. - regs := createSyscallRegs(&t.initRegs, syscall.SYS_SCHED_YIELD) + regs := createSyscallRegs(&t.initRegs, unix.SYS_SCHED_YIELD) if err := t.setRegs(®s); err != nil { panic(fmt.Sprintf("ptrace set regs failed: %v", err)) } for { // Attempt an emulation. - if _, _, errno := syscall.RawSyscall6(syscall.SYS_PTRACE, unix.PTRACE_SYSEMU, uintptr(t.tid), 0, 0, 0, 0); errno != 0 { + if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_SYSEMU, uintptr(t.tid), 0, 0, 0, 0); errno != 0 { panic(fmt.Sprintf("ptrace syscall-enter failed: %v", errno)) } sig := t.wait(stopped) - if sig == (syscallEvent | syscall.SIGTRAP) { + if sig == (syscallEvent | unix.SIGTRAP) { // Did the seccomp errno hook already run? This would // indicate that seccomp is first in line and we're // less than 4.8. diff --git a/pkg/sentry/platform/ptrace/subprocess_arm64.go b/pkg/sentry/platform/ptrace/subprocess_arm64.go index 416132967..c0cbc0686 100644 --- a/pkg/sentry/platform/ptrace/subprocess_arm64.go +++ b/pkg/sentry/platform/ptrace/subprocess_arm64.go @@ -19,7 +19,6 @@ package ptrace import ( "fmt" "strings" - "syscall" "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" @@ -99,7 +98,7 @@ func updateSyscallRegs(regs *arch.Registers) { func syscallReturnValue(regs *arch.Registers) (uintptr, error) { rval := int64(regs.Regs[0]) if rval < 0 { - return 0, syscall.Errno(-rval) + return 0, unix.Errno(-rval) } return uintptr(rval), nil } @@ -185,8 +184,8 @@ func (s *subprocess) arm64SyscallWorkaround(t *thread, regs *arch.Registers) { // signal, resume a stub thread and catch it on a signal handling. t.NotifyInterrupt() for { - if _, _, errno := syscall.RawSyscall6( - syscall.SYS_PTRACE, + if _, _, errno := unix.RawSyscall6( + unix.SYS_PTRACE, unix.PTRACE_SYSEMU, uintptr(t.tid), 0, 0, 0, 0); errno != 0 { panic(fmt.Sprintf("ptrace sysemu failed: %v", errno)) @@ -194,12 +193,12 @@ func (s *subprocess) arm64SyscallWorkaround(t *thread, regs *arch.Registers) { // Wait for the syscall-enter stop. sig := t.wait(stopped) - if sig == syscall.SIGSTOP { + if sig == unix.SIGSTOP { // SIGSTOP was delivered to another thread in the same thread // group, which initiated another group stop. Just ignore it. continue } - if sig == (syscallEvent | syscall.SIGTRAP) { + if sig == (syscallEvent | unix.SIGTRAP) { t.dumpAndPanic(fmt.Sprintf("unexpected syscall event")) } break diff --git a/pkg/sentry/platform/ptrace/subprocess_linux.go b/pkg/sentry/platform/ptrace/subprocess_linux.go index 8548853da..4f0260432 100644 --- a/pkg/sentry/platform/ptrace/subprocess_linux.go +++ b/pkg/sentry/platform/ptrace/subprocess_linux.go @@ -18,8 +18,8 @@ package ptrace import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/procid" @@ -27,7 +27,7 @@ import ( "gvisor.dev/gvisor/pkg/sentry/arch" ) -const syscallEvent syscall.Signal = 0x80 +const syscallEvent unix.Signal = 0x80 // createStub creates a fresh stub processes. // @@ -63,7 +63,7 @@ func createStub() (*thread, error) { // // In addition, we set the PTRACE_O_TRACEEXIT option to log more // information about a stub process when it receives a fatal signal. - return attachedThread(uintptr(syscall.SIGKILL)|syscall.CLONE_FILES, defaultAction) + return attachedThread(uintptr(unix.SIGKILL)|unix.CLONE_FILES, defaultAction) } // attachedThread returns a new attached thread. @@ -78,38 +78,38 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro if defaultAction != linux.SECCOMP_RET_ALLOW { rules = append(rules, seccomp.RuleSet{ Rules: seccomp.SyscallRules{ - syscall.SYS_CLONE: []seccomp.Rule{ + unix.SYS_CLONE: []seccomp.Rule{ // Allow creation of new subprocesses (used by the master). - {seccomp.EqualTo(syscall.CLONE_FILES | syscall.SIGKILL)}, + {seccomp.EqualTo(unix.CLONE_FILES | unix.SIGKILL)}, // Allow creation of new threads within a single address space (used by addresss spaces). {seccomp.EqualTo( - syscall.CLONE_FILES | - syscall.CLONE_FS | - syscall.CLONE_SIGHAND | - syscall.CLONE_THREAD | - syscall.CLONE_PTRACE | - syscall.CLONE_VM)}, + unix.CLONE_FILES | + unix.CLONE_FS | + unix.CLONE_SIGHAND | + unix.CLONE_THREAD | + unix.CLONE_PTRACE | + unix.CLONE_VM)}, }, // For the initial process creation. - syscall.SYS_WAIT4: {}, - syscall.SYS_EXIT: {}, + unix.SYS_WAIT4: {}, + unix.SYS_EXIT: {}, // For the stub prctl dance (all). - syscall.SYS_PRCTL: []seccomp.Rule{ - {seccomp.EqualTo(syscall.PR_SET_PDEATHSIG), seccomp.EqualTo(syscall.SIGKILL)}, + unix.SYS_PRCTL: []seccomp.Rule{ + {seccomp.EqualTo(unix.PR_SET_PDEATHSIG), seccomp.EqualTo(unix.SIGKILL)}, }, - syscall.SYS_GETPPID: {}, + unix.SYS_GETPPID: {}, // For the stub to stop itself (all). - syscall.SYS_GETPID: {}, - syscall.SYS_KILL: []seccomp.Rule{ - {seccomp.MatchAny{}, seccomp.EqualTo(syscall.SIGSTOP)}, + unix.SYS_GETPID: {}, + unix.SYS_KILL: []seccomp.Rule{ + {seccomp.MatchAny{}, seccomp.EqualTo(unix.SIGSTOP)}, }, // Injected to support the address space operations. - syscall.SYS_MMAP: {}, - syscall.SYS_MUNMAP: {}, + unix.SYS_MMAP: {}, + unix.SYS_MUNMAP: {}, }, Action: linux.SECCOMP_RET_ALLOW, }) @@ -125,17 +125,17 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro var ( pid uintptr ppid uintptr - errno syscall.Errno + errno unix.Errno ) // Remember the current ppid for the pdeathsig race. - ppid, _, _ = syscall.RawSyscall(syscall.SYS_GETPID, 0, 0, 0) + ppid, _, _ = unix.RawSyscall(unix.SYS_GETPID, 0, 0, 0) // Among other things, beforeFork masks all signals. beforeFork() // Do the clone. - pid, _, errno = syscall.RawSyscall6(syscall.SYS_CLONE, flags, 0, 0, 0, 0, 0) + pid, _, errno = unix.RawSyscall6(unix.SYS_CLONE, flags, 0, 0, 0, 0, 0) if errno != 0 { afterFork() return nil, errno @@ -152,7 +152,7 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro tid: int32(pid), cpu: ^uint32(0), } - if sig := t.wait(stopped); sig != syscall.SIGSTOP { + if sig := t.wait(stopped); sig != unix.SIGSTOP { return nil, fmt.Errorf("wait failed: expected SIGSTOP, got %v", sig) } t.attach() @@ -165,8 +165,8 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro // prevents the stub from getting PTY job control signals intended only // for the sentry process. We must call this before restoring signal // mask. - if _, _, errno := syscall.RawSyscall(syscall.SYS_SETSID, 0, 0, 0); errno != 0 { - syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0) + if _, _, errno := unix.RawSyscall(unix.SYS_SETSID, 0, 0, 0); errno != 0 { + unix.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0) } // afterForkInChild resets all signals to their default dispositions @@ -176,13 +176,13 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro // Explicitly unmask all signals to ensure that the tracer can see // them. if errno := unmaskAllSignals(); errno != 0 { - syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0) + unix.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0) } // Set an aggressive BPF filter for the stub and all it's children. See // the description of the BPF program built above. if errno := seccomp.SetFilter(instrs); errno != 0 { - syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0) + unix.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0) } // Enable cpuid-faulting. @@ -218,8 +218,8 @@ func (s *subprocess) createStub() (*thread, error) { // See above re: SIGKILL. pid, err := t.syscallIgnoreInterrupt( ®s, - syscall.SYS_CLONE, - arch.SyscallArgument{Value: uintptr(syscall.SIGKILL | syscall.CLONE_FILES)}, + unix.SYS_CLONE, + arch.SyscallArgument{Value: uintptr(unix.SIGKILL | unix.CLONE_FILES)}, arch.SyscallArgument{Value: 0}, arch.SyscallArgument{Value: 0}, arch.SyscallArgument{Value: 0}, @@ -237,10 +237,10 @@ func (s *subprocess) createStub() (*thread, error) { // If the child actually exited, the attach below will fail. _, err = t.syscallIgnoreInterrupt( &t.initRegs, - syscall.SYS_WAIT4, + unix.SYS_WAIT4, arch.SyscallArgument{Value: uintptr(pid)}, arch.SyscallArgument{Value: 0}, - arch.SyscallArgument{Value: syscall.WALL | syscall.WUNTRACED}, + arch.SyscallArgument{Value: unix.WALL | unix.WUNTRACED}, arch.SyscallArgument{Value: 0}, arch.SyscallArgument{Value: 0}, arch.SyscallArgument{Value: 0}) diff --git a/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go b/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go index 533e45497..9c342c59b 100644 --- a/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go +++ b/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go @@ -18,17 +18,17 @@ package ptrace import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" ) // unmaskAllSignals unmasks all signals on the current thread. // //go:nosplit -func unmaskAllSignals() syscall.Errno { +func unmaskAllSignals() unix.Errno { var set linux.SignalSet - _, _, errno := syscall.RawSyscall6(syscall.SYS_RT_SIGPROCMASK, linux.SIG_SETMASK, uintptr(unsafe.Pointer(&set)), 0, linux.SignalSetSize, 0, 0) + _, _, errno := unix.RawSyscall6(unix.SYS_RT_SIGPROCMASK, linux.SIG_SETMASK, uintptr(unsafe.Pointer(&set)), 0, linux.SignalSetSize, 0, 0) return errno } diff --git a/pkg/sentry/sighandling/sighandling.go b/pkg/sentry/sighandling/sighandling.go index 83195d5a1..bdaf8af29 100644 --- a/pkg/sentry/sighandling/sighandling.go +++ b/pkg/sentry/sighandling/sighandling.go @@ -19,8 +19,8 @@ import ( "os" "os/signal" "reflect" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" ) @@ -90,7 +90,7 @@ func StartSignalForwarding(handler func(linux.Signal)) func() { if sig == int(linux.SIGURG) { continue } - signal.Notify(sigchan, syscall.Signal(sig)) + signal.Notify(sigchan, unix.Signal(sig)) } // Start up our listener. go handleSignals(sigchans, handler, stop, done) // S/R-SAFE: synchronized by Kernel.extMu. diff --git a/pkg/sentry/sighandling/sighandling_unsafe.go b/pkg/sentry/sighandling/sighandling_unsafe.go index 1ebe22d34..d6a2fbe34 100644 --- a/pkg/sentry/sighandling/sighandling_unsafe.go +++ b/pkg/sentry/sighandling/sighandling_unsafe.go @@ -15,9 +15,9 @@ package sighandling import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" ) @@ -36,11 +36,11 @@ func IgnoreChildStop() error { var sa sigaction // Get the existing signal handler information, and set the flag. - if _, _, e := syscall.RawSyscall6(syscall.SYS_RT_SIGACTION, uintptr(syscall.SIGCHLD), 0, uintptr(unsafe.Pointer(&sa)), linux.SignalSetSize, 0, 0); e != 0 { + if _, _, e := unix.RawSyscall6(unix.SYS_RT_SIGACTION, uintptr(unix.SIGCHLD), 0, uintptr(unsafe.Pointer(&sa)), linux.SignalSetSize, 0, 0); e != 0 { return e } sa.flags |= linux.SA_NOCLDSTOP - if _, _, e := syscall.RawSyscall6(syscall.SYS_RT_SIGACTION, uintptr(syscall.SIGCHLD), uintptr(unsafe.Pointer(&sa)), 0, linux.SignalSetSize, 0, 0); e != 0 { + if _, _, e := unix.RawSyscall6(unix.SYS_RT_SIGACTION, uintptr(unix.SIGCHLD), uintptr(unsafe.Pointer(&sa)), 0, linux.SignalSetSize, 0, 0); e != 0 { return e } diff --git a/pkg/sentry/socket/hostinet/socket.go b/pkg/sentry/socket/hostinet/socket.go index 17f59ba1f..c711d0684 100644 --- a/pkg/sentry/socket/hostinet/socket.go +++ b/pkg/sentry/socket/hostinet/socket.go @@ -16,7 +16,6 @@ package hostinet import ( "fmt" - "syscall" "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" @@ -45,10 +44,10 @@ const ( // sizeofSockaddr is the size in bytes of the largest sockaddr type // supported by this package. - sizeofSockaddr = syscall.SizeofSockaddrInet6 // sizeof(sockaddr_in6) > sizeof(sockaddr_in) + sizeofSockaddr = unix.SizeofSockaddrInet6 // sizeof(sockaddr_in6) > sizeof(sockaddr_in) // maxControlLen is the maximum size of a control message buffer used in a - // recvmsg or sendmsg syscall. + // recvmsg or sendmsg unix. maxControlLen = 1024 ) @@ -107,7 +106,7 @@ func newSocketFile(ctx context.Context, family int, stype linux.SockType, protoc // Release implements fs.FileOperations.Release. func (s *socketOpsCommon) Release(context.Context) { fdnotifier.RemoveFD(int32(s.fd)) - syscall.Close(s.fd) + unix.Close(s.fd) } // Readiness implements waiter.Waitable.Readiness. @@ -143,8 +142,8 @@ func (s *socketOperations) Read(ctx context.Context, _ *fs.File, dst usermem.IOS return 0, nil } if dsts.NumBlocks() == 1 { - // Skip allocating []syscall.Iovec. - n, err := syscall.Read(s.fd, dsts.Head().ToSlice()) + // Skip allocating []unix.Iovec. + n, err := unix.Read(s.fd, dsts.Head().ToSlice()) if err != nil { return 0, translateIOSyscallError(err) } @@ -166,8 +165,8 @@ func (s *socketOperations) Write(ctx context.Context, _ *fs.File, src usermem.IO return 0, nil } if srcs.NumBlocks() == 1 { - // Skip allocating []syscall.Iovec. - n, err := syscall.Write(s.fd, srcs.Head().ToSlice()) + // Skip allocating []unix.Iovec. + n, err := unix.Write(s.fd, srcs.Head().ToSlice()) if err != nil { return 0, translateIOSyscallError(err) } @@ -184,12 +183,12 @@ func (s *socketOpsCommon) Connect(t *kernel.Task, sockaddr []byte, blocking bool sockaddr = sockaddr[:sizeofSockaddr] } - _, _, errno := syscall.Syscall(syscall.SYS_CONNECT, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr))) + _, _, errno := unix.Syscall(unix.SYS_CONNECT, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr))) if errno == 0 { return nil } - if errno != syscall.EINPROGRESS || !blocking { + if errno != unix.EINPROGRESS || !blocking { return syserr.FromError(translateIOSyscallError(errno)) } @@ -208,12 +207,12 @@ func (s *socketOpsCommon) Connect(t *kernel.Task, sockaddr []byte, blocking bool return syserr.FromError(err) } } - val, err := syscall.GetsockoptInt(s.fd, syscall.SOL_SOCKET, syscall.SO_ERROR) + val, err := unix.GetsockoptInt(s.fd, unix.SOL_SOCKET, unix.SO_ERROR) if err != nil { return syserr.FromError(err) } if val != 0 { - return syserr.FromError(syscall.Errno(uintptr(val))) + return syserr.FromError(unix.Errno(uintptr(val))) } return nil } @@ -234,7 +233,7 @@ func (s *socketOpsCommon) Accept(t *kernel.Task, peerRequested bool, flags int, // Conservatively ignore all flags specified by the application and add // SOCK_NONBLOCK since socketOpsCommon requires it. - fd, syscallErr := accept4(s.fd, peerAddrPtr, peerAddrlenPtr, syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC) + fd, syscallErr := accept4(s.fd, peerAddrPtr, peerAddrlenPtr, unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC) if blocking { var ch chan struct{} for syscallErr == syserror.ErrWouldBlock { @@ -248,7 +247,7 @@ func (s *socketOpsCommon) Accept(t *kernel.Task, peerRequested bool, flags int, s.EventRegister(&e, waiter.EventIn) defer s.EventUnregister(&e) } - fd, syscallErr = accept4(s.fd, peerAddrPtr, peerAddrlenPtr, syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC) + fd, syscallErr = accept4(s.fd, peerAddrPtr, peerAddrlenPtr, unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC) } } @@ -264,27 +263,27 @@ func (s *socketOpsCommon) Accept(t *kernel.Task, peerRequested bool, flags int, kerr error ) if kernel.VFS2Enabled { - f, err := newVFS2Socket(t, s.family, s.stype, s.protocol, fd, uint32(flags&syscall.SOCK_NONBLOCK)) + f, err := newVFS2Socket(t, s.family, s.stype, s.protocol, fd, uint32(flags&unix.SOCK_NONBLOCK)) if err != nil { - syscall.Close(fd) + unix.Close(fd) return 0, nil, 0, err } defer f.DecRef(t) kfd, kerr = t.NewFDFromVFS2(0, f, kernel.FDFlags{ - CloseOnExec: flags&syscall.SOCK_CLOEXEC != 0, + CloseOnExec: flags&unix.SOCK_CLOEXEC != 0, }) t.Kernel().RecordSocketVFS2(f) } else { - f, err := newSocketFile(t, s.family, s.stype, s.protocol, fd, flags&syscall.SOCK_NONBLOCK != 0) + f, err := newSocketFile(t, s.family, s.stype, s.protocol, fd, flags&unix.SOCK_NONBLOCK != 0) if err != nil { - syscall.Close(fd) + unix.Close(fd) return 0, nil, 0, err } defer f.DecRef(t) kfd, kerr = t.NewFDFrom(0, f, kernel.FDFlags{ - CloseOnExec: flags&syscall.SOCK_CLOEXEC != 0, + CloseOnExec: flags&unix.SOCK_CLOEXEC != 0, }) t.Kernel().RecordSocket(f) } @@ -298,7 +297,7 @@ func (s *socketOpsCommon) Bind(t *kernel.Task, sockaddr []byte) *syserr.Error { sockaddr = sockaddr[:sizeofSockaddr] } - _, _, errno := syscall.Syscall(syscall.SYS_BIND, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr))) + _, _, errno := unix.Syscall(unix.SYS_BIND, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr))) if errno != 0 { return syserr.FromError(errno) } @@ -307,14 +306,14 @@ func (s *socketOpsCommon) Bind(t *kernel.Task, sockaddr []byte) *syserr.Error { // Listen implements socket.Socket.Listen. func (s *socketOpsCommon) Listen(t *kernel.Task, backlog int) *syserr.Error { - return syserr.FromError(syscall.Listen(s.fd, backlog)) + return syserr.FromError(unix.Listen(s.fd, backlog)) } // Shutdown implements socket.Socket.Shutdown. func (s *socketOpsCommon) Shutdown(t *kernel.Task, how int) *syserr.Error { switch how { - case syscall.SHUT_RD, syscall.SHUT_WR, syscall.SHUT_RDWR: - return syserr.FromError(syscall.Shutdown(s.fd, how)) + case unix.SHUT_RD, unix.SHUT_WR, unix.SHUT_RDWR: + return syserr.FromError(unix.Shutdown(s.fd, how)) default: return syserr.ErrInvalidArgument } @@ -344,7 +343,7 @@ func (s *socketOpsCommon) GetSockOpt(t *kernel.Task, level int, name int, outPtr case linux.SO_ERROR, linux.SO_KEEPALIVE, linux.SO_SNDBUF, linux.SO_RCVBUF, linux.SO_REUSEADDR, linux.SO_TIMESTAMP: optlen = sizeofInt32 case linux.SO_LINGER: - optlen = syscall.SizeofLinger + optlen = unix.SizeofLinger } case linux.SOL_TCP: switch name { @@ -407,18 +406,18 @@ func (s *socketOpsCommon) SetSockOpt(t *kernel.Task, level int, name int, opt [] } opt = opt[:optlen] - _, _, errno := syscall.Syscall6(syscall.SYS_SETSOCKOPT, uintptr(s.fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(len(opt)), 0) + _, _, errno := unix.Syscall6(unix.SYS_SETSOCKOPT, uintptr(s.fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(len(opt)), 0) if errno != 0 { return syserr.FromError(errno) } return nil } -func (s *socketOpsCommon) recvMsgFromHost(iovs []syscall.Iovec, flags int, senderRequested bool, controlLen uint64) (uint64, int, []byte, []byte, error) { +func (s *socketOpsCommon) recvMsgFromHost(iovs []unix.Iovec, flags int, senderRequested bool, controlLen uint64) (uint64, int, []byte, []byte, error) { // We always do a non-blocking recv*(). - sysflags := flags | syscall.MSG_DONTWAIT + sysflags := flags | unix.MSG_DONTWAIT - msg := syscall.Msghdr{} + msg := unix.Msghdr{} if len(iovs) > 0 { msg.Iov = &iovs[0] msg.Iovlen = uint64(len(iovs)) @@ -448,7 +447,7 @@ func (s *socketOpsCommon) recvMsgFromHost(iovs []syscall.Iovec, flags int, sende // RecvMsg implements socket.Socket.RecvMsg. func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags int, haveDeadline bool, deadline ktime.Time, senderRequested bool, controlLen uint64) (int, int, linux.SockAddr, uint32, socket.ControlMessages, *syserr.Error) { // Only allow known and safe flags. - if flags&^(syscall.MSG_DONTWAIT|syscall.MSG_PEEK|syscall.MSG_TRUNC|syscall.MSG_ERRQUEUE) != 0 { + if flags&^(unix.MSG_DONTWAIT|unix.MSG_PEEK|unix.MSG_TRUNC|unix.MSG_ERRQUEUE) != 0 { return 0, 0, nil, 0, socket.ControlMessages{}, syserr.ErrInvalidArgument } @@ -483,7 +482,7 @@ func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags var ch chan struct{} n, err := copyToDst() // recv*(MSG_ERRQUEUE) never blocks, even without MSG_DONTWAIT. - if flags&(syscall.MSG_DONTWAIT|syscall.MSG_ERRQUEUE) == 0 { + if flags&(unix.MSG_DONTWAIT|unix.MSG_ERRQUEUE) == 0 { for err == syserror.ErrWouldBlock { // We only expect blocking to come from the actual syscall, in which // case it can't have returned any data. @@ -547,7 +546,7 @@ func parseUnixControlMessages(unixControlMessages []unix.SocketControlMessage) s binary.Unmarshal(unixCmsg.Data[:addr.SizeBytes()], usermem.ByteOrder, &addr) controlMessages.IP.OriginalDstAddress = &addr - case syscall.IP_RECVERR: + case unix.IP_RECVERR: var errCmsg linux.SockErrCMsgIPv4 errCmsg.UnmarshalBytes(unixCmsg.Data) controlMessages.IP.SockErr = &errCmsg @@ -564,7 +563,7 @@ func parseUnixControlMessages(unixControlMessages []unix.SocketControlMessage) s binary.Unmarshal(unixCmsg.Data[:addr.SizeBytes()], usermem.ByteOrder, &addr) controlMessages.IP.OriginalDstAddress = &addr - case syscall.IPV6_RECVERR: + case unix.IPV6_RECVERR: var errCmsg linux.SockErrCMsgIPv6 errCmsg.UnmarshalBytes(unixCmsg.Data) controlMessages.IP.SockErr = &errCmsg @@ -584,7 +583,7 @@ func parseUnixControlMessages(unixControlMessages []unix.SocketControlMessage) s // SendMsg implements socket.Socket.SendMsg. func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []byte, flags int, haveDeadline bool, deadline ktime.Time, controlMessages socket.ControlMessages) (int, *syserr.Error) { // Only allow known and safe flags. - if flags&^(syscall.MSG_DONTWAIT|syscall.MSG_EOR|syscall.MSG_FASTOPEN|syscall.MSG_MORE|syscall.MSG_NOSIGNAL) != 0 { + if flags&^(unix.MSG_DONTWAIT|unix.MSG_EOR|unix.MSG_FASTOPEN|unix.MSG_MORE|unix.MSG_NOSIGNAL) != 0 { return 0, syserr.ErrInvalidArgument } @@ -606,12 +605,12 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b } // We always do a non-blocking send*(). - sysflags := flags | syscall.MSG_DONTWAIT + sysflags := flags | unix.MSG_DONTWAIT if srcs.NumBlocks() == 1 && len(controlBuf) == 0 { - // Skip allocating []syscall.Iovec. + // Skip allocating []unix.Iovec. src := srcs.Head() - n, _, errno := syscall.Syscall6(syscall.SYS_SENDTO, uintptr(s.fd), src.Addr(), uintptr(src.Len()), uintptr(sysflags), uintptr(firstBytePtr(to)), uintptr(len(to))) + n, _, errno := unix.Syscall6(unix.SYS_SENDTO, uintptr(s.fd), src.Addr(), uintptr(src.Len()), uintptr(sysflags), uintptr(firstBytePtr(to)), uintptr(len(to))) if errno != 0 { return 0, translateIOSyscallError(errno) } @@ -619,7 +618,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b } iovs := safemem.IovecsFromBlockSeq(srcs) - msg := syscall.Msghdr{ + msg := unix.Msghdr{ Iov: &iovs[0], Iovlen: uint64(len(iovs)), } @@ -636,7 +635,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b var ch chan struct{} n, err := src.CopyInTo(t, sendmsgFromBlocks) - if flags&syscall.MSG_DONTWAIT == 0 { + if flags&unix.MSG_DONTWAIT == 0 { for err == syserror.ErrWouldBlock { // We only expect blocking to come from the actual syscall, in which // case it can't have returned any data. @@ -664,7 +663,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b } func translateIOSyscallError(err error) error { - if err == syscall.EAGAIN || err == syscall.EWOULDBLOCK { + if err == unix.EAGAIN || err == unix.EWOULDBLOCK { return syserror.ErrWouldBlock } return err @@ -673,9 +672,9 @@ func translateIOSyscallError(err error) error { // State implements socket.Socket.State. func (s *socketOpsCommon) State() uint32 { info := linux.TCPInfo{} - buf, err := getsockopt(s.fd, syscall.SOL_TCP, syscall.TCP_INFO, linux.SizeOfTCPInfo) + buf, err := getsockopt(s.fd, unix.SOL_TCP, unix.TCP_INFO, linux.SizeOfTCPInfo) if err != nil { - if err != syscall.ENOPROTOOPT { + if err != unix.ENOPROTOOPT { log.Warningf("Failed to get TCP socket info from %+v: %v", s, err) } // For non-TCP sockets, silently ignore the failure. @@ -715,16 +714,16 @@ func (p *socketProvider) Socket(t *kernel.Task, stypeflags linux.SockType, proto // Only accept TCP and UDP. stype := stypeflags & linux.SOCK_TYPE_MASK switch stype { - case syscall.SOCK_STREAM: + case unix.SOCK_STREAM: switch protocol { - case 0, syscall.IPPROTO_TCP: + case 0, unix.IPPROTO_TCP: // ok default: return nil, nil } - case syscall.SOCK_DGRAM: + case unix.SOCK_DGRAM: switch protocol { - case 0, syscall.IPPROTO_UDP: + case 0, unix.IPPROTO_UDP: // ok default: return nil, nil @@ -736,11 +735,11 @@ func (p *socketProvider) Socket(t *kernel.Task, stypeflags linux.SockType, proto // Conservatively ignore all flags specified by the application and add // SOCK_NONBLOCK since socketOperations requires it. Pass a protocol of 0 // to simplify the syscall filters, since 0 and IPPROTO_* are equivalent. - fd, err := syscall.Socket(p.family, int(stype)|syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC, 0) + fd, err := unix.Socket(p.family, int(stype)|unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC, 0) if err != nil { return nil, syserr.FromError(err) } - return newSocketFile(t, p.family, stype, protocol, fd, stypeflags&syscall.SOCK_NONBLOCK != 0) + return newSocketFile(t, p.family, stype, protocol, fd, stypeflags&unix.SOCK_NONBLOCK != 0) } // Pair implements socket.Provider.Pair. @@ -752,7 +751,7 @@ func (p *socketProvider) Pair(t *kernel.Task, stype linux.SockType, protocol int // LINT.ThenChange(./socket_vfs2.go) func init() { - for _, family := range []int{syscall.AF_INET, syscall.AF_INET6} { + for _, family := range []int{unix.AF_INET, unix.AF_INET6} { socket.RegisterProvider(family, &socketProvider{family}) socket.RegisterProviderVFS2(family, &socketProviderVFS2{family}) } diff --git a/pkg/sentry/socket/hostinet/socket_unsafe.go b/pkg/sentry/socket/hostinet/socket_unsafe.go index 3f420c2ec..2890e640d 100644 --- a/pkg/sentry/socket/hostinet/socket_unsafe.go +++ b/pkg/sentry/socket/hostinet/socket_unsafe.go @@ -15,9 +15,9 @@ package hostinet import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/sentry/arch" @@ -36,8 +36,8 @@ func firstBytePtr(bs []byte) unsafe.Pointer { } // Preconditions: len(dsts) != 0. -func readv(fd int, dsts []syscall.Iovec) (uint64, error) { - n, _, errno := syscall.Syscall(syscall.SYS_READV, uintptr(fd), uintptr(unsafe.Pointer(&dsts[0])), uintptr(len(dsts))) +func readv(fd int, dsts []unix.Iovec) (uint64, error) { + n, _, errno := unix.Syscall(unix.SYS_READV, uintptr(fd), uintptr(unsafe.Pointer(&dsts[0])), uintptr(len(dsts))) if errno != 0 { return 0, translateIOSyscallError(errno) } @@ -45,8 +45,8 @@ func readv(fd int, dsts []syscall.Iovec) (uint64, error) { } // Preconditions: len(srcs) != 0. -func writev(fd int, srcs []syscall.Iovec) (uint64, error) { - n, _, errno := syscall.Syscall(syscall.SYS_WRITEV, uintptr(fd), uintptr(unsafe.Pointer(&srcs[0])), uintptr(len(srcs))) +func writev(fd int, srcs []unix.Iovec) (uint64, error) { + n, _, errno := unix.Syscall(unix.SYS_WRITEV, uintptr(fd), uintptr(unsafe.Pointer(&srcs[0])), uintptr(len(srcs))) if errno != 0 { return 0, translateIOSyscallError(errno) } @@ -55,9 +55,9 @@ func writev(fd int, srcs []syscall.Iovec) (uint64, error) { func ioctl(ctx context.Context, fd int, io usermem.IO, args arch.SyscallArguments) (uintptr, error) { switch cmd := uintptr(args[1].Int()); cmd { - case syscall.TIOCINQ, syscall.TIOCOUTQ: + case unix.TIOCINQ, unix.TIOCOUTQ: var val int32 - if _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), cmd, uintptr(unsafe.Pointer(&val))); errno != 0 { + if _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), cmd, uintptr(unsafe.Pointer(&val))); errno != 0 { return 0, translateIOSyscallError(errno) } var buf [4]byte @@ -73,7 +73,7 @@ func ioctl(ctx context.Context, fd int, io usermem.IO, args arch.SyscallArgument } func accept4(fd int, addr *byte, addrlen *uint32, flags int) (int, error) { - afd, _, errno := syscall.Syscall6(syscall.SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(addr)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) + afd, _, errno := unix.Syscall6(unix.SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(addr)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) if errno != 0 { return 0, translateIOSyscallError(errno) } @@ -83,7 +83,7 @@ func accept4(fd int, addr *byte, addrlen *uint32, flags int) (int, error) { func getsockopt(fd int, level, name int, optlen int) ([]byte, error) { opt := make([]byte, optlen) optlen32 := int32(len(opt)) - _, _, errno := syscall.Syscall6(syscall.SYS_GETSOCKOPT, uintptr(fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(unsafe.Pointer(&optlen32)), 0) + _, _, errno := unix.Syscall6(unix.SYS_GETSOCKOPT, uintptr(fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(unsafe.Pointer(&optlen32)), 0) if errno != 0 { return nil, errno } @@ -94,7 +94,7 @@ func getsockopt(fd int, level, name int, optlen int) ([]byte, error) { func (s *socketOpsCommon) GetSockName(t *kernel.Task) (linux.SockAddr, uint32, *syserr.Error) { addr := make([]byte, sizeofSockaddr) addrlen := uint32(len(addr)) - _, _, errno := syscall.Syscall(syscall.SYS_GETSOCKNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen))) + _, _, errno := unix.Syscall(unix.SYS_GETSOCKNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen))) if errno != 0 { return nil, 0, syserr.FromError(errno) } @@ -105,7 +105,7 @@ func (s *socketOpsCommon) GetSockName(t *kernel.Task) (linux.SockAddr, uint32, * func (s *socketOpsCommon) GetPeerName(t *kernel.Task) (linux.SockAddr, uint32, *syserr.Error) { addr := make([]byte, sizeofSockaddr) addrlen := uint32(len(addr)) - _, _, errno := syscall.Syscall(syscall.SYS_GETPEERNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen))) + _, _, errno := unix.Syscall(unix.SYS_GETPEERNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen))) if errno != 0 { return nil, 0, syserr.FromError(errno) } @@ -114,7 +114,7 @@ func (s *socketOpsCommon) GetPeerName(t *kernel.Task) (linux.SockAddr, uint32, * func recvfrom(fd int, dst []byte, flags int, from *[]byte) (uint64, error) { fromLen := uint32(len(*from)) - n, _, errno := syscall.Syscall6(syscall.SYS_RECVFROM, uintptr(fd), uintptr(firstBytePtr(dst)), uintptr(len(dst)), uintptr(flags), uintptr(firstBytePtr(*from)), uintptr(unsafe.Pointer(&fromLen))) + n, _, errno := unix.Syscall6(unix.SYS_RECVFROM, uintptr(fd), uintptr(firstBytePtr(dst)), uintptr(len(dst)), uintptr(flags), uintptr(firstBytePtr(*from)), uintptr(unsafe.Pointer(&fromLen))) if errno != 0 { return 0, translateIOSyscallError(errno) } @@ -122,16 +122,16 @@ func recvfrom(fd int, dst []byte, flags int, from *[]byte) (uint64, error) { return uint64(n), nil } -func recvmsg(fd int, msg *syscall.Msghdr, flags int) (uint64, error) { - n, _, errno := syscall.Syscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags)) +func recvmsg(fd int, msg *unix.Msghdr, flags int) (uint64, error) { + n, _, errno := unix.Syscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags)) if errno != 0 { return 0, translateIOSyscallError(errno) } return uint64(n), nil } -func sendmsg(fd int, msg *syscall.Msghdr, flags int) (uint64, error) { - n, _, errno := syscall.Syscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags)) +func sendmsg(fd int, msg *unix.Msghdr, flags int) (uint64, error) { + n, _, errno := unix.Syscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags)) if errno != 0 { return 0, translateIOSyscallError(errno) } diff --git a/pkg/sentry/socket/hostinet/socket_vfs2.go b/pkg/sentry/socket/hostinet/socket_vfs2.go index dc03ccb47..5d55cc64d 100644 --- a/pkg/sentry/socket/hostinet/socket_vfs2.go +++ b/pkg/sentry/socket/hostinet/socket_vfs2.go @@ -15,8 +15,7 @@ package hostinet import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fdnotifier" @@ -160,16 +159,16 @@ func (p *socketProviderVFS2) Socket(t *kernel.Task, stypeflags linux.SockType, p // Only accept TCP and UDP. stype := stypeflags & linux.SOCK_TYPE_MASK switch stype { - case syscall.SOCK_STREAM: + case unix.SOCK_STREAM: switch protocol { - case 0, syscall.IPPROTO_TCP: + case 0, unix.IPPROTO_TCP: // ok default: return nil, nil } - case syscall.SOCK_DGRAM: + case unix.SOCK_DGRAM: switch protocol { - case 0, syscall.IPPROTO_UDP: + case 0, unix.IPPROTO_UDP: // ok default: return nil, nil @@ -181,11 +180,11 @@ func (p *socketProviderVFS2) Socket(t *kernel.Task, stypeflags linux.SockType, p // Conservatively ignore all flags specified by the application and add // SOCK_NONBLOCK since socketOperations requires it. Pass a protocol of 0 // to simplify the syscall filters, since 0 and IPPROTO_* are equivalent. - fd, err := syscall.Socket(p.family, int(stype)|syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC, 0) + fd, err := unix.Socket(p.family, int(stype)|unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC, 0) if err != nil { return nil, syserr.FromError(err) } - return newVFS2Socket(t, p.family, stype, protocol, fd, uint32(stypeflags&syscall.SOCK_NONBLOCK)) + return newVFS2Socket(t, p.family, stype, protocol, fd, uint32(stypeflags&unix.SOCK_NONBLOCK)) } // Pair implements socket.Provider.Pair. diff --git a/pkg/sentry/socket/hostinet/stack.go b/pkg/sentry/socket/hostinet/stack.go index 7e7857ac3..e6323244c 100644 --- a/pkg/sentry/socket/hostinet/stack.go +++ b/pkg/sentry/socket/hostinet/stack.go @@ -24,6 +24,7 @@ import ( "strings" "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/binary" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/log" @@ -138,14 +139,14 @@ func (s *Stack) Configure() error { // netlink messages. func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.NetlinkMessage, interfaces map[int32]inet.Interface, interfaceAddrs map[int32][]inet.InterfaceAddr) error { for _, link := range links { - if link.Header.Type != syscall.RTM_NEWLINK { + if link.Header.Type != unix.RTM_NEWLINK { continue } - if len(link.Data) < syscall.SizeofIfInfomsg { - return fmt.Errorf("RTM_GETLINK returned RTM_NEWLINK message with invalid data length (%d bytes, expected at least %d bytes)", len(link.Data), syscall.SizeofIfInfomsg) + if len(link.Data) < unix.SizeofIfInfomsg { + return fmt.Errorf("RTM_GETLINK returned RTM_NEWLINK message with invalid data length (%d bytes, expected at least %d bytes)", len(link.Data), unix.SizeofIfInfomsg) } - var ifinfo syscall.IfInfomsg - binary.Unmarshal(link.Data[:syscall.SizeofIfInfomsg], usermem.ByteOrder, &ifinfo) + var ifinfo unix.IfInfomsg + binary.Unmarshal(link.Data[:unix.SizeofIfInfomsg], usermem.ByteOrder, &ifinfo) inetIF := inet.Interface{ DeviceType: ifinfo.Type, Flags: ifinfo.Flags, @@ -159,9 +160,9 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli } for _, attr := range attrs { switch attr.Attr.Type { - case syscall.IFLA_ADDRESS: + case unix.IFLA_ADDRESS: inetIF.Addr = attr.Value - case syscall.IFLA_IFNAME: + case unix.IFLA_IFNAME: inetIF.Name = string(attr.Value[:len(attr.Value)-1]) } } @@ -169,14 +170,14 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli } for _, addr := range addrs { - if addr.Header.Type != syscall.RTM_NEWADDR { + if addr.Header.Type != unix.RTM_NEWADDR { continue } - if len(addr.Data) < syscall.SizeofIfAddrmsg { - return fmt.Errorf("RTM_GETADDR returned RTM_NEWADDR message with invalid data length (%d bytes, expected at least %d bytes)", len(addr.Data), syscall.SizeofIfAddrmsg) + if len(addr.Data) < unix.SizeofIfAddrmsg { + return fmt.Errorf("RTM_GETADDR returned RTM_NEWADDR message with invalid data length (%d bytes, expected at least %d bytes)", len(addr.Data), unix.SizeofIfAddrmsg) } - var ifaddr syscall.IfAddrmsg - binary.Unmarshal(addr.Data[:syscall.SizeofIfAddrmsg], usermem.ByteOrder, &ifaddr) + var ifaddr unix.IfAddrmsg + binary.Unmarshal(addr.Data[:unix.SizeofIfAddrmsg], usermem.ByteOrder, &ifaddr) inetAddr := inet.InterfaceAddr{ Family: ifaddr.Family, PrefixLen: ifaddr.Prefixlen, @@ -188,7 +189,7 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli } for _, attr := range attrs { switch attr.Attr.Type { - case syscall.IFA_ADDRESS: + case unix.IFA_ADDRESS: inetAddr.Addr = attr.Value } } @@ -203,12 +204,12 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli func ExtractHostRoutes(routeMsgs []syscall.NetlinkMessage) ([]inet.Route, error) { var routes []inet.Route for _, routeMsg := range routeMsgs { - if routeMsg.Header.Type != syscall.RTM_NEWROUTE { + if routeMsg.Header.Type != unix.RTM_NEWROUTE { continue } - var ifRoute syscall.RtMsg - binary.Unmarshal(routeMsg.Data[:syscall.SizeofRtMsg], usermem.ByteOrder, &ifRoute) + var ifRoute unix.RtMsg + binary.Unmarshal(routeMsg.Data[:unix.SizeofRtMsg], usermem.ByteOrder, &ifRoute) inetRoute := inet.Route{ Family: ifRoute.Family, DstLen: ifRoute.Dst_len, @@ -231,13 +232,13 @@ func ExtractHostRoutes(routeMsgs []syscall.NetlinkMessage) ([]inet.Route, error) for _, attr := range attrs { switch attr.Attr.Type { - case syscall.RTA_DST: + case unix.RTA_DST: inetRoute.DstAddr = attr.Value - case syscall.RTA_SRC: + case unix.RTA_SRC: inetRoute.SrcAddr = attr.Value - case syscall.RTA_GATEWAY: + case unix.RTA_GATEWAY: inetRoute.GatewayAddr = attr.Value - case syscall.RTA_OIF: + case unix.RTA_OIF: expected := int(binary.Size(inetRoute.OutputInterface)) if len(attr.Value) != expected { return nil, fmt.Errorf("RTM_GETROUTE returned RTM_NEWROUTE message with invalid attribute data length (%d bytes, expected %d bytes)", len(attr.Value), expected) @@ -253,12 +254,12 @@ func ExtractHostRoutes(routeMsgs []syscall.NetlinkMessage) ([]inet.Route, error) } func addHostInterfaces(s *Stack) error { - links, err := doNetlinkRouteRequest(syscall.RTM_GETLINK) + links, err := doNetlinkRouteRequest(unix.RTM_GETLINK) if err != nil { return fmt.Errorf("RTM_GETLINK failed: %v", err) } - addrs, err := doNetlinkRouteRequest(syscall.RTM_GETADDR) + addrs, err := doNetlinkRouteRequest(unix.RTM_GETADDR) if err != nil { return fmt.Errorf("RTM_GETADDR failed: %v", err) } @@ -267,7 +268,7 @@ func addHostInterfaces(s *Stack) error { } func addHostRoutes(s *Stack) error { - routes, err := doNetlinkRouteRequest(syscall.RTM_GETROUTE) + routes, err := doNetlinkRouteRequest(unix.RTM_GETROUTE) if err != nil { return fmt.Errorf("RTM_GETROUTE failed: %v", err) } diff --git a/pkg/sentry/socket/netlink/route/protocol.go b/pkg/sentry/socket/netlink/route/protocol.go index f4d034c13..5a2255db3 100644 --- a/pkg/sentry/socket/netlink/route/protocol.go +++ b/pkg/sentry/socket/netlink/route/protocol.go @@ -17,8 +17,8 @@ package route import ( "bytes" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/sentry/inet" @@ -436,7 +436,7 @@ func (p *Protocol) newAddr(ctx context.Context, msg *netlink.Message, ms *netlin Flags: ifa.Flags, Addr: value, }) - if err == syscall.EEXIST { + if err == unix.EEXIST { flags := msg.Header().Flags if flags&linux.NLM_F_EXCL != 0 { return syserr.ErrExists diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go index f77a867f1..f2dc7c90b 100644 --- a/pkg/sentry/socket/netstack/netstack.go +++ b/pkg/sentry/socket/netstack/netstack.go @@ -31,7 +31,6 @@ import ( "io/ioutil" "math" "reflect" - "syscall" "time" "golang.org/x/sys/unix" @@ -835,7 +834,7 @@ func getSockOptSocket(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, fam return &optP, nil case linux.SO_PEERCRED: - if family != linux.AF_UNIX || outLen < syscall.SizeofUcred { + if family != linux.AF_UNIX || outLen < unix.SizeofUcred { return nil, syserr.ErrInvalidArgument } @@ -3199,15 +3198,15 @@ func nicStateFlagsToLinux(f stack.NICStateFlags) uint32 { } func isTCPSocket(skType linux.SockType, skProto int) bool { - return skType == linux.SOCK_STREAM && (skProto == 0 || skProto == syscall.IPPROTO_TCP) + return skType == linux.SOCK_STREAM && (skProto == 0 || skProto == unix.IPPROTO_TCP) } func isUDPSocket(skType linux.SockType, skProto int) bool { - return skType == linux.SOCK_DGRAM && (skProto == 0 || skProto == syscall.IPPROTO_UDP) + return skType == linux.SOCK_DGRAM && (skProto == 0 || skProto == unix.IPPROTO_UDP) } func isICMPSocket(skType linux.SockType, skProto int) bool { - return skType == linux.SOCK_DGRAM && (skProto == syscall.IPPROTO_ICMP || skProto == syscall.IPPROTO_ICMPV6) + return skType == linux.SOCK_DGRAM && (skProto == unix.IPPROTO_ICMP || skProto == unix.IPPROTO_ICMPV6) } // State implements socket.Socket.State. State translates the internal state diff --git a/pkg/sentry/socket/netstack/provider.go b/pkg/sentry/socket/netstack/provider.go index 2515dda80..8605ad507 100644 --- a/pkg/sentry/socket/netstack/provider.go +++ b/pkg/sentry/socket/netstack/provider.go @@ -15,8 +15,7 @@ package netstack import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/sentry/fs" @@ -48,18 +47,18 @@ type provider struct { func getTransportProtocol(ctx context.Context, stype linux.SockType, protocol int) (tcpip.TransportProtocolNumber, bool, *syserr.Error) { switch stype { case linux.SOCK_STREAM: - if protocol != 0 && protocol != syscall.IPPROTO_TCP { + if protocol != 0 && protocol != unix.IPPROTO_TCP { return 0, true, syserr.ErrInvalidArgument } return tcp.ProtocolNumber, true, nil case linux.SOCK_DGRAM: switch protocol { - case 0, syscall.IPPROTO_UDP: + case 0, unix.IPPROTO_UDP: return udp.ProtocolNumber, true, nil - case syscall.IPPROTO_ICMP: + case unix.IPPROTO_ICMP: return header.ICMPv4ProtocolNumber, true, nil - case syscall.IPPROTO_ICMPV6: + case unix.IPPROTO_ICMPV6: return header.ICMPv6ProtocolNumber, true, nil } @@ -71,18 +70,18 @@ func getTransportProtocol(ctx context.Context, stype linux.SockType, protocol in } switch protocol { - case syscall.IPPROTO_ICMP: + case unix.IPPROTO_ICMP: return header.ICMPv4ProtocolNumber, true, nil - case syscall.IPPROTO_ICMPV6: + case unix.IPPROTO_ICMPV6: return header.ICMPv6ProtocolNumber, true, nil - case syscall.IPPROTO_UDP: + case unix.IPPROTO_UDP: return header.UDPProtocolNumber, true, nil - case syscall.IPPROTO_TCP: + case unix.IPPROTO_TCP: return header.TCPProtocolNumber, true, nil // IPPROTO_RAW signifies that the raw socket isn't assigned to // a transport protocol. Users will be able to write packets' // IP headers and won't receive anything. - case syscall.IPPROTO_RAW: + case unix.IPPROTO_RAW: return tcpip.TransportProtocolNumber(0), false, nil } } diff --git a/pkg/sentry/socket/socket.go b/pkg/sentry/socket/socket.go index cc535d794..909341dcf 100644 --- a/pkg/sentry/socket/socket.go +++ b/pkg/sentry/socket/socket.go @@ -21,8 +21,8 @@ import ( "bytes" "fmt" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/binary" "gvisor.dev/gvisor/pkg/context" @@ -198,42 +198,42 @@ type SocketVFS2 interface { // // It is implemented by both Socket and SocketVFS2. type SocketOps interface { - // Connect implements the connect(2) linux syscall. + // Connect implements the connect(2) linux unix. Connect(t *kernel.Task, sockaddr []byte, blocking bool) *syserr.Error - // Accept implements the accept4(2) linux syscall. + // Accept implements the accept4(2) linux unix. // Returns fd, real peer address length and error. Real peer address // length is only set if len(peer) > 0. Accept(t *kernel.Task, peerRequested bool, flags int, blocking bool) (int32, linux.SockAddr, uint32, *syserr.Error) - // Bind implements the bind(2) linux syscall. + // Bind implements the bind(2) linux unix. Bind(t *kernel.Task, sockaddr []byte) *syserr.Error - // Listen implements the listen(2) linux syscall. + // Listen implements the listen(2) linux unix. Listen(t *kernel.Task, backlog int) *syserr.Error - // Shutdown implements the shutdown(2) linux syscall. + // Shutdown implements the shutdown(2) linux unix. Shutdown(t *kernel.Task, how int) *syserr.Error - // GetSockOpt implements the getsockopt(2) linux syscall. + // GetSockOpt implements the getsockopt(2) linux unix. GetSockOpt(t *kernel.Task, level int, name int, outPtr usermem.Addr, outLen int) (marshal.Marshallable, *syserr.Error) - // SetSockOpt implements the setsockopt(2) linux syscall. + // SetSockOpt implements the setsockopt(2) linux unix. SetSockOpt(t *kernel.Task, level int, name int, opt []byte) *syserr.Error - // GetSockName implements the getsockname(2) linux syscall. + // GetSockName implements the getsockname(2) linux unix. // // addrLen is the address length to be returned to the application, not // necessarily the actual length of the address. GetSockName(t *kernel.Task) (addr linux.SockAddr, addrLen uint32, err *syserr.Error) - // GetPeerName implements the getpeername(2) linux syscall. + // GetPeerName implements the getpeername(2) linux unix. // // addrLen is the address length to be returned to the application, not // necessarily the actual length of the address. GetPeerName(t *kernel.Task) (addr linux.SockAddr, addrLen uint32, err *syserr.Error) - // RecvMsg implements the recvmsg(2) linux syscall. + // RecvMsg implements the recvmsg(2) linux unix. // // senderAddrLen is the address length to be returned to the application, // not necessarily the actual length of the address. @@ -246,7 +246,7 @@ type SocketOps interface { // If err != nil, the recv was not successful. RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags int, haveDeadline bool, deadline ktime.Time, senderRequested bool, controlDataLen uint64) (n int, msgFlags int, senderAddr linux.SockAddr, senderAddrLen uint32, controlMessages ControlMessages, err *syserr.Error) - // SendMsg implements the sendmsg(2) linux syscall. SendMsg does not take + // SendMsg implements the sendmsg(2) linux unix. SendMsg does not take // ownership of the ControlMessage on error. // // If n > 0, err will either be nil or an error from t.Block. @@ -569,21 +569,21 @@ func emitUnimplementedEvent(t *kernel.Task, name int) { // given family. func UnmarshalSockAddr(family int, data []byte) linux.SockAddr { switch family { - case syscall.AF_INET: + case unix.AF_INET: var addr linux.SockAddrInet - binary.Unmarshal(data[:syscall.SizeofSockaddrInet4], usermem.ByteOrder, &addr) + binary.Unmarshal(data[:unix.SizeofSockaddrInet4], usermem.ByteOrder, &addr) return &addr - case syscall.AF_INET6: + case unix.AF_INET6: var addr linux.SockAddrInet6 - binary.Unmarshal(data[:syscall.SizeofSockaddrInet6], usermem.ByteOrder, &addr) + binary.Unmarshal(data[:unix.SizeofSockaddrInet6], usermem.ByteOrder, &addr) return &addr - case syscall.AF_UNIX: + case unix.AF_UNIX: var addr linux.SockAddrUnix - binary.Unmarshal(data[:syscall.SizeofSockaddrUnix], usermem.ByteOrder, &addr) + binary.Unmarshal(data[:unix.SizeofSockaddrUnix], usermem.ByteOrder, &addr) return &addr - case syscall.AF_NETLINK: + case unix.AF_NETLINK: var addr linux.SockAddrNetlink - binary.Unmarshal(data[:syscall.SizeofSockaddrNetlink], usermem.ByteOrder, &addr) + binary.Unmarshal(data[:unix.SizeofSockaddrNetlink], usermem.ByteOrder, &addr) return &addr default: panic(fmt.Sprintf("Unsupported socket family %v", family)) diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go index 32e5d2304..63165e1d4 100644 --- a/pkg/sentry/socket/unix/unix.go +++ b/pkg/sentry/socket/unix/unix.go @@ -19,8 +19,8 @@ package unix import ( "fmt" "strings" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fspath" @@ -600,14 +600,14 @@ func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags // Calculate the number of FDs for which we have space and if we are // requesting credentials. var wantCreds bool - rightsLen := int(controlDataLen) - syscall.SizeofCmsghdr + rightsLen := int(controlDataLen) - unix.SizeofCmsghdr if s.Passcred() { // Credentials take priority if they are enabled and there is space. wantCreds = rightsLen > 0 if !wantCreds { msgFlags |= linux.MSG_CTRUNC } - credLen := syscall.CmsgSpace(syscall.SizeofUcred) + credLen := unix.CmsgSpace(unix.SizeofUcred) rightsLen -= credLen } // FDs are 32 bit (4 byte) ints. diff --git a/pkg/sentry/state/state_unsafe.go b/pkg/sentry/state/state_unsafe.go index d271c6fc9..a3da028c4 100644 --- a/pkg/sentry/state/state_unsafe.go +++ b/pkg/sentry/state/state_unsafe.go @@ -16,17 +16,17 @@ package state import ( "fmt" - "syscall" "time" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" ) // CPUTime returns the CPU time usage by Sentry and app. func CPUTime() (time.Duration, error) { - var ts syscall.Timespec - _, _, errno := syscall.RawSyscall(syscall.SYS_CLOCK_GETTIME, uintptr(linux.CLOCK_PROCESS_CPUTIME_ID), uintptr(unsafe.Pointer(&ts)), 0) + var ts unix.Timespec + _, _, errno := unix.RawSyscall(unix.SYS_CLOCK_GETTIME, uintptr(linux.CLOCK_PROCESS_CPUTIME_ID), uintptr(unsafe.Pointer(&ts)), 0) if errno != 0 { return 0, fmt.Errorf("failed calling clock_gettime(CLOCK_PROCESS_CPUTIME_ID): errno=%d", errno) } diff --git a/pkg/sentry/strace/clone.go b/pkg/sentry/strace/clone.go index e99158712..ab1060426 100644 --- a/pkg/sentry/strace/clone.go +++ b/pkg/sentry/strace/clone.go @@ -15,99 +15,98 @@ package strace import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi" ) // CloneFlagSet is the set of clone(2) flags. var CloneFlagSet = abi.FlagSet{ { - Flag: syscall.CLONE_VM, + Flag: unix.CLONE_VM, Name: "CLONE_VM", }, { - Flag: syscall.CLONE_FS, + Flag: unix.CLONE_FS, Name: "CLONE_FS", }, { - Flag: syscall.CLONE_FILES, + Flag: unix.CLONE_FILES, Name: "CLONE_FILES", }, { - Flag: syscall.CLONE_SIGHAND, + Flag: unix.CLONE_SIGHAND, Name: "CLONE_SIGHAND", }, { - Flag: syscall.CLONE_PTRACE, + Flag: unix.CLONE_PTRACE, Name: "CLONE_PTRACE", }, { - Flag: syscall.CLONE_VFORK, + Flag: unix.CLONE_VFORK, Name: "CLONE_VFORK", }, { - Flag: syscall.CLONE_PARENT, + Flag: unix.CLONE_PARENT, Name: "CLONE_PARENT", }, { - Flag: syscall.CLONE_THREAD, + Flag: unix.CLONE_THREAD, Name: "CLONE_THREAD", }, { - Flag: syscall.CLONE_NEWNS, + Flag: unix.CLONE_NEWNS, Name: "CLONE_NEWNS", }, { - Flag: syscall.CLONE_SYSVSEM, + Flag: unix.CLONE_SYSVSEM, Name: "CLONE_SYSVSEM", }, { - Flag: syscall.CLONE_SETTLS, + Flag: unix.CLONE_SETTLS, Name: "CLONE_SETTLS", }, { - Flag: syscall.CLONE_PARENT_SETTID, + Flag: unix.CLONE_PARENT_SETTID, Name: "CLONE_PARENT_SETTID", }, { - Flag: syscall.CLONE_CHILD_CLEARTID, + Flag: unix.CLONE_CHILD_CLEARTID, Name: "CLONE_CHILD_CLEARTID", }, { - Flag: syscall.CLONE_DETACHED, + Flag: unix.CLONE_DETACHED, Name: "CLONE_DETACHED", }, { - Flag: syscall.CLONE_UNTRACED, + Flag: unix.CLONE_UNTRACED, Name: "CLONE_UNTRACED", }, { - Flag: syscall.CLONE_CHILD_SETTID, + Flag: unix.CLONE_CHILD_SETTID, Name: "CLONE_CHILD_SETTID", }, { - Flag: syscall.CLONE_NEWUTS, + Flag: unix.CLONE_NEWUTS, Name: "CLONE_NEWUTS", }, { - Flag: syscall.CLONE_NEWIPC, + Flag: unix.CLONE_NEWIPC, Name: "CLONE_NEWIPC", }, { - Flag: syscall.CLONE_NEWUSER, + Flag: unix.CLONE_NEWUSER, Name: "CLONE_NEWUSER", }, { - Flag: syscall.CLONE_NEWPID, + Flag: unix.CLONE_NEWPID, Name: "CLONE_NEWPID", }, { - Flag: syscall.CLONE_NEWNET, + Flag: unix.CLONE_NEWNET, Name: "CLONE_NEWNET", }, { - Flag: syscall.CLONE_IO, + Flag: unix.CLONE_IO, Name: "CLONE_IO", }, } diff --git a/pkg/sentry/strace/open.go b/pkg/sentry/strace/open.go index e40bcb53b..5769360da 100644 --- a/pkg/sentry/strace/open.go +++ b/pkg/sentry/strace/open.go @@ -15,62 +15,61 @@ package strace import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi" ) // OpenMode represents the mode to open(2) a file. var OpenMode = abi.ValueSet{ - syscall.O_RDWR: "O_RDWR", - syscall.O_WRONLY: "O_WRONLY", - syscall.O_RDONLY: "O_RDONLY", + unix.O_RDWR: "O_RDWR", + unix.O_WRONLY: "O_WRONLY", + unix.O_RDONLY: "O_RDONLY", } // OpenFlagSet is the set of open(2) flags. var OpenFlagSet = abi.FlagSet{ { - Flag: syscall.O_APPEND, + Flag: unix.O_APPEND, Name: "O_APPEND", }, { - Flag: syscall.O_ASYNC, + Flag: unix.O_ASYNC, Name: "O_ASYNC", }, { - Flag: syscall.O_CLOEXEC, + Flag: unix.O_CLOEXEC, Name: "O_CLOEXEC", }, { - Flag: syscall.O_CREAT, + Flag: unix.O_CREAT, Name: "O_CREAT", }, { - Flag: syscall.O_DIRECT, + Flag: unix.O_DIRECT, Name: "O_DIRECT", }, { - Flag: syscall.O_DIRECTORY, + Flag: unix.O_DIRECTORY, Name: "O_DIRECTORY", }, { - Flag: syscall.O_EXCL, + Flag: unix.O_EXCL, Name: "O_EXCL", }, { - Flag: syscall.O_NOATIME, + Flag: unix.O_NOATIME, Name: "O_NOATIME", }, { - Flag: syscall.O_NOCTTY, + Flag: unix.O_NOCTTY, Name: "O_NOCTTY", }, { - Flag: syscall.O_NOFOLLOW, + Flag: unix.O_NOFOLLOW, Name: "O_NOFOLLOW", }, { - Flag: syscall.O_NONBLOCK, + Flag: unix.O_NONBLOCK, Name: "O_NONBLOCK", }, { @@ -78,18 +77,18 @@ var OpenFlagSet = abi.FlagSet{ Name: "O_PATH", }, { - Flag: syscall.O_SYNC, + Flag: unix.O_SYNC, Name: "O_SYNC", }, { - Flag: syscall.O_TRUNC, + Flag: unix.O_TRUNC, Name: "O_TRUNC", }, } func open(val uint64) string { - s := OpenMode.Parse(val & syscall.O_ACCMODE) - if flags := OpenFlagSet.Parse(val &^ syscall.O_ACCMODE); flags != "" { + s := OpenMode.Parse(val & unix.O_ACCMODE) + if flags := OpenFlagSet.Parse(val &^ unix.O_ACCMODE); flags != "" { s += "|" + flags } return s diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go index a6253626e..fd9649340 100644 --- a/pkg/sentry/syscalls/linux/sys_file.go +++ b/pkg/sentry/syscalls/linux/sys_file.go @@ -15,8 +15,7 @@ package linux import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/marshal/primitive" @@ -368,7 +367,7 @@ func createAt(t *kernel.Task, dirFD int32, addr usermem.Addr, flags uint, mode l // Are we able to resolve further? if remainingTraversals == 0 { - return syscall.ELOOP + return unix.ELOOP } // Resolve the symlink to a path via Readlink. @@ -2217,7 +2216,7 @@ func MemfdCreate(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.S allowSeals := flags&linux.MFD_ALLOW_SEALING != 0 cloExec := flags&linux.MFD_CLOEXEC != 0 - name, err := t.CopyInString(addr, syscall.PathMax-len(memfdPrefix)) + name, err := t.CopyInString(addr, unix.PathMax-len(memfdPrefix)) if err != nil { return 0, nil, err } diff --git a/pkg/sentry/syscalls/linux/sys_thread.go b/pkg/sentry/syscalls/linux/sys_thread.go index 8e7ac0ffe..44738c40c 100644 --- a/pkg/sentry/syscalls/linux/sys_thread.go +++ b/pkg/sentry/syscalls/linux/sys_thread.go @@ -16,8 +16,8 @@ package linux import ( "path" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/marshal/primitive" "gvisor.dev/gvisor/pkg/sentry/arch" @@ -417,7 +417,7 @@ func Waitid(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal si.SetUID(int32(wr.UID)) // TODO(b/73541790): convert kernel.ExitStatus to functions and make // WaitResult.Status a linux.WaitStatus. - s := syscall.WaitStatus(wr.Status) + s := unix.WaitStatus(wr.Status) switch { case s.Exited(): si.Code = arch.CLD_EXITED diff --git a/pkg/sentry/time/sampler_unsafe.go b/pkg/sentry/time/sampler_unsafe.go index e76180217..2ab57c5f8 100644 --- a/pkg/sentry/time/sampler_unsafe.go +++ b/pkg/sentry/time/sampler_unsafe.go @@ -15,8 +15,9 @@ package time import ( - "syscall" "unsafe" + + "golang.org/x/sys/unix" ) // syscallTSCReferenceClocks is the standard referenceClocks, collecting @@ -32,8 +33,8 @@ func (syscallTSCReferenceClocks) Sample(c ClockID) (sample, error) { s.before = Rdtsc() // Don't call clockGettime to avoid a call which may call morestack. - var ts syscall.Timespec - _, _, e := syscall.RawSyscall(syscall.SYS_CLOCK_GETTIME, uintptr(c), uintptr(unsafe.Pointer(&ts)), 0) + var ts unix.Timespec + _, _, e := unix.RawSyscall(unix.SYS_CLOCK_GETTIME, uintptr(c), uintptr(unsafe.Pointer(&ts)), 0) if e != 0 { return sample{}, e } @@ -46,8 +47,8 @@ func (syscallTSCReferenceClocks) Sample(c ClockID) (sample, error) { // clockGettime calls SYS_CLOCK_GETTIME, returning time in nanoseconds. func clockGettime(c ClockID) (ReferenceNS, error) { - var ts syscall.Timespec - _, _, e := syscall.RawSyscall(syscall.SYS_CLOCK_GETTIME, uintptr(c), uintptr(unsafe.Pointer(&ts)), 0) + var ts unix.Timespec + _, _, e := unix.RawSyscall(unix.SYS_CLOCK_GETTIME, uintptr(c), uintptr(unsafe.Pointer(&ts)), 0) if e != 0 { return 0, e } diff --git a/pkg/sentry/usage/memory.go b/pkg/sentry/usage/memory.go index 5ed6726ab..581862ee2 100644 --- a/pkg/sentry/usage/memory.go +++ b/pkg/sentry/usage/memory.go @@ -18,8 +18,8 @@ import ( "fmt" "os" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/bits" "gvisor.dev/gvisor/pkg/memutil" "gvisor.dev/gvisor/pkg/sync" @@ -132,7 +132,7 @@ func Init() error { // always be the case for a newly mapped page from /dev/shm. If we obtain // the shared memory through some other means in the future, we may have to // explicitly zero the page. - mmap, err := syscall.Mmap(int(file.Fd()), 0, int(RTMemoryStatsSize), syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_SHARED) + mmap, err := unix.Mmap(int(file.Fd()), 0, int(RTMemoryStatsSize), unix.PROT_READ|unix.PROT_WRITE, unix.MAP_SHARED) if err != nil { return fmt.Errorf("error mapping usage file: %v", err) } diff --git a/pkg/shim/proc/exec.go b/pkg/shim/proc/exec.go index 1d1d90488..e7968d9d5 100644 --- a/pkg/shim/proc/exec.go +++ b/pkg/shim/proc/exec.go @@ -22,7 +22,6 @@ import ( "os" "path/filepath" "sync" - "syscall" "time" "github.com/containerd/console" @@ -216,7 +215,7 @@ func (e *execProcess) start(ctx context.Context) (err error) { return e.parent.runtimeError(err, "OCI runtime exec failed") } if e.stdio.Stdin != "" { - sc, err := fifo.OpenFifo(context.Background(), e.stdio.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0) + sc, err := fifo.OpenFifo(context.Background(), e.stdio.Stdin, unix.O_WRONLY|unix.O_NONBLOCK, 0) if err != nil { return fmt.Errorf("failed to open stdin fifo %s: %w", e.stdio.Stdin, err) } diff --git a/pkg/shim/proc/init.go b/pkg/shim/proc/init.go index cacaade88..664465e0d 100644 --- a/pkg/shim/proc/init.go +++ b/pkg/shim/proc/init.go @@ -23,7 +23,6 @@ import ( "path/filepath" "strings" "sync" - "syscall" "time" "github.com/containerd/console" @@ -35,6 +34,7 @@ import ( "github.com/containerd/fifo" runc "github.com/containerd/go-runc" specs "github.com/opencontainers/runtime-spec/specs-go" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/shim/runsc" ) @@ -81,7 +81,7 @@ func NewRunsc(root, path, namespace, runtime string, config map[string]string) * } return &runsc.Runsc{ Command: runtime, - PdeathSignal: syscall.SIGKILL, + PdeathSignal: unix.SIGKILL, Log: filepath.Join(path, "log.json"), LogFormat: runc.JSON, Root: filepath.Join(root, namespace), @@ -136,7 +136,7 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) (err error) { return p.runtimeError(err, "OCI runtime create failed") } if r.Stdin != "" { - sc, err := fifo.OpenFifo(context.Background(), r.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0) + sc, err := fifo.OpenFifo(context.Background(), r.Stdin, unix.O_WRONLY|unix.O_NONBLOCK, 0) if err != nil { return fmt.Errorf("failed to open stdin fifo %s: %w", r.Stdin, err) } @@ -366,7 +366,7 @@ func (p *Init) KillAll(context context.Context) error { } func (p *Init) killAll(context context.Context) error { - p.runtime.Kill(context, p.id, int(syscall.SIGKILL), &runsc.KillOpts{ + p.runtime.Kill(context, p.id, int(unix.SIGKILL), &runsc.KillOpts{ All: true, }) // Ignore error handling for `runsc kill --all` for now. diff --git a/pkg/shim/proc/io.go b/pkg/shim/proc/io.go index 34d825fb7..0e8a1a8cb 100644 --- a/pkg/shim/proc/io.go +++ b/pkg/shim/proc/io.go @@ -22,11 +22,11 @@ import ( "os" "sync" "sync/atomic" - "syscall" "github.com/containerd/containerd/log" "github.com/containerd/fifo" runc "github.com/containerd/go-runc" + "golang.org/x/sys/unix" ) // TODO(random-liu): This file can be a util. @@ -89,10 +89,10 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w fr io.Closer ) if ok { - if fw, err = fifo.OpenFifo(ctx, i.name, syscall.O_WRONLY, 0); err != nil { + if fw, err = fifo.OpenFifo(ctx, i.name, unix.O_WRONLY, 0); err != nil { return fmt.Errorf("gvisor-containerd-shim: opening %s failed: %s", i.name, err) } - if fr, err = fifo.OpenFifo(ctx, i.name, syscall.O_RDONLY, 0); err != nil { + if fr, err = fifo.OpenFifo(ctx, i.name, unix.O_RDONLY, 0); err != nil { return fmt.Errorf("gvisor-containerd-shim: opening %s failed: %s", i.name, err) } } else { @@ -101,7 +101,7 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w i.dest(sameFile, nil) continue } - if fw, err = os.OpenFile(i.name, syscall.O_WRONLY|syscall.O_APPEND, 0); err != nil { + if fw, err = os.OpenFile(i.name, unix.O_WRONLY|unix.O_APPEND, 0); err != nil { return fmt.Errorf("gvisor-containerd-shim: opening %s failed: %s", i.name, err) } if stdout == stderr { @@ -116,7 +116,7 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w if stdin == "" { return nil } - f, err := fifo.OpenFifo(context.Background(), stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0) + f, err := fifo.OpenFifo(context.Background(), stdin, unix.O_RDONLY|unix.O_NONBLOCK, 0) if err != nil { return fmt.Errorf("gvisor-containerd-shim: opening %s failed: %s", stdin, err) } diff --git a/pkg/shim/runsc/runsc.go b/pkg/shim/runsc/runsc.go index 3c4cbf223..ff0521d73 100644 --- a/pkg/shim/runsc/runsc.go +++ b/pkg/shim/runsc/runsc.go @@ -26,12 +26,12 @@ import ( "os/exec" "path/filepath" "strconv" - "syscall" "time" "github.com/containerd/containerd/log" runc "github.com/containerd/go-runc" specs "github.com/opencontainers/runtime-spec/specs-go" + "golang.org/x/sys/unix" ) // DefaultCommand is the default command for Runsc. @@ -63,7 +63,7 @@ func (l *LogMonitor) Wait(cmd *exec.Cmd, ch chan runc.Exit) (int, error) { // Runsc is the client to the runsc cli. type Runsc struct { Command string - PdeathSignal syscall.Signal + PdeathSignal unix.Signal Setpgid bool Root string Log string @@ -530,7 +530,7 @@ func (r *Runsc) command(context context.Context, args ...string) *exec.Cmd { command = DefaultCommand } cmd := exec.CommandContext(context, command, append(r.args(), args...)...) - cmd.SysProcAttr = &syscall.SysProcAttr{ + cmd.SysProcAttr = &unix.SysProcAttr{ Setpgid: r.Setpgid, } if r.PdeathSignal != 0 { diff --git a/pkg/shim/service.go b/pkg/shim/service.go index eff55df53..9d9fa8ef6 100644 --- a/pkg/shim/service.go +++ b/pkg/shim/service.go @@ -23,7 +23,6 @@ import ( "os/exec" "path/filepath" "sync" - "syscall" "time" "github.com/BurntSushi/toml" @@ -193,7 +192,7 @@ func (s *service) newCommand(ctx context.Context, containerdBinary, containerdAd cmd := exec.Command(self, args...) cmd.Dir = cwd cmd.Env = append(os.Environ(), "GOMAXPROCS=2") - cmd.SysProcAttr = &syscall.SysProcAttr{ + cmd.SysProcAttr = &unix.SysProcAttr{ Setpgid: true, } return cmd, nil diff --git a/pkg/shim/service_linux.go b/pkg/shim/service_linux.go index 11622ed60..829f69282 100644 --- a/pkg/shim/service_linux.go +++ b/pkg/shim/service_linux.go @@ -22,10 +22,10 @@ import ( "fmt" "io" "sync" - "syscall" "github.com/containerd/console" "github.com/containerd/fifo" + "golang.org/x/sys/unix" ) type linuxPlatform struct { @@ -43,7 +43,7 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console } if stdin != "" { - in, err := fifo.OpenFifo(context.Background(), stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0) + in, err := fifo.OpenFifo(context.Background(), stdin, unix.O_RDONLY|unix.O_NONBLOCK, 0) if err != nil { return nil, err } @@ -54,11 +54,11 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console }() } - outw, err := fifo.OpenFifo(ctx, stdout, syscall.O_WRONLY, 0) + outw, err := fifo.OpenFifo(ctx, stdout, unix.O_WRONLY, 0) if err != nil { return nil, err } - outr, err := fifo.OpenFifo(ctx, stdout, syscall.O_RDONLY, 0) + outr, err := fifo.OpenFifo(ctx, stdout, unix.O_RDONLY, 0) if err != nil { return nil, err } diff --git a/pkg/syserr/host_linux.go b/pkg/syserr/host_linux.go index 77faa3670..c8c10f48b 100644 --- a/pkg/syserr/host_linux.go +++ b/pkg/syserr/host_linux.go @@ -18,7 +18,8 @@ package syserr import ( "fmt" - "syscall" + + "golang.org/x/sys/unix" ) const maxErrno = 134 @@ -30,15 +31,15 @@ type linuxHostTranslation struct { var linuxHostTranslations [maxErrno]linuxHostTranslation -// FromHost translates a syscall.Errno to a corresponding Error value. -func FromHost(err syscall.Errno) *Error { +// FromHost translates a unix.Errno to a corresponding Error value. +func FromHost(err unix.Errno) *Error { if int(err) >= len(linuxHostTranslations) || !linuxHostTranslations[err].ok { panic(fmt.Sprintf("unknown host errno %q (%d)", err.Error(), err)) } return linuxHostTranslations[err].err } -func addLinuxHostTranslation(host syscall.Errno, trans *Error) { +func addLinuxHostTranslation(host unix.Errno, trans *Error) { if linuxHostTranslations[host].ok { panic(fmt.Sprintf("duplicate translation for host errno %q (%d)", host.Error(), host)) } diff --git a/pkg/syserr/syserr.go b/pkg/syserr/syserr.go index ac4b799c3..b5881ea3c 100644 --- a/pkg/syserr/syserr.go +++ b/pkg/syserr/syserr.go @@ -19,8 +19,8 @@ package syserr import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/syserror" ) @@ -55,7 +55,7 @@ func New(message string, linuxTranslation *linux.Errno) *Error { panic(fmt.Sprint("invalid errno: ", errno)) } - e := error(syscall.Errno(errno)) + e := error(unix.Errno(errno)) // syserror.ErrWouldBlock gets translated to syserror.EWOULDBLOCK and // enables proper blocking semantics. This should temporary address the // class of blocking bugs that keep popping up with the current state of @@ -87,7 +87,7 @@ func NewWithoutTranslation(message string) *Error { return &Error{message: message, noTranslation: true} } -func newWithHost(message string, linuxTranslation *linux.Errno, hostErrno syscall.Errno) *Error { +func newWithHost(message string, linuxTranslation *linux.Errno, hostErrno unix.Errno) *Error { e := New(message, linuxTranslation) addLinuxHostTranslation(hostErrno, e) return e @@ -143,133 +143,133 @@ func (e *Error) ToLinux() *linux.Errno { // Some of the errors should be replaced with package specific errors and // others should be removed entirely. var ( - ErrNotPermitted = newWithHost("operation not permitted", linux.EPERM, syscall.EPERM) - ErrNoFileOrDir = newWithHost("no such file or directory", linux.ENOENT, syscall.ENOENT) - ErrNoProcess = newWithHost("no such process", linux.ESRCH, syscall.ESRCH) - ErrInterrupted = newWithHost("interrupted system call", linux.EINTR, syscall.EINTR) - ErrIO = newWithHost("I/O error", linux.EIO, syscall.EIO) - ErrDeviceOrAddress = newWithHost("no such device or address", linux.ENXIO, syscall.ENXIO) - ErrTooManyArgs = newWithHost("argument list too long", linux.E2BIG, syscall.E2BIG) - ErrEcec = newWithHost("exec format error", linux.ENOEXEC, syscall.ENOEXEC) - ErrBadFD = newWithHost("bad file number", linux.EBADF, syscall.EBADF) - ErrNoChild = newWithHost("no child processes", linux.ECHILD, syscall.ECHILD) - ErrTryAgain = newWithHost("try again", linux.EAGAIN, syscall.EAGAIN) - ErrNoMemory = newWithHost("out of memory", linux.ENOMEM, syscall.ENOMEM) - ErrPermissionDenied = newWithHost("permission denied", linux.EACCES, syscall.EACCES) - ErrBadAddress = newWithHost("bad address", linux.EFAULT, syscall.EFAULT) - ErrNotBlockDevice = newWithHost("block device required", linux.ENOTBLK, syscall.ENOTBLK) - ErrBusy = newWithHost("device or resource busy", linux.EBUSY, syscall.EBUSY) - ErrExists = newWithHost("file exists", linux.EEXIST, syscall.EEXIST) - ErrCrossDeviceLink = newWithHost("cross-device link", linux.EXDEV, syscall.EXDEV) - ErrNoDevice = newWithHost("no such device", linux.ENODEV, syscall.ENODEV) - ErrNotDir = newWithHost("not a directory", linux.ENOTDIR, syscall.ENOTDIR) - ErrIsDir = newWithHost("is a directory", linux.EISDIR, syscall.EISDIR) - ErrInvalidArgument = newWithHost("invalid argument", linux.EINVAL, syscall.EINVAL) - ErrFileTableOverflow = newWithHost("file table overflow", linux.ENFILE, syscall.ENFILE) - ErrTooManyOpenFiles = newWithHost("too many open files", linux.EMFILE, syscall.EMFILE) - ErrNotTTY = newWithHost("not a typewriter", linux.ENOTTY, syscall.ENOTTY) - ErrTestFileBusy = newWithHost("text file busy", linux.ETXTBSY, syscall.ETXTBSY) - ErrFileTooBig = newWithHost("file too large", linux.EFBIG, syscall.EFBIG) - ErrNoSpace = newWithHost("no space left on device", linux.ENOSPC, syscall.ENOSPC) - ErrIllegalSeek = newWithHost("illegal seek", linux.ESPIPE, syscall.ESPIPE) - ErrReadOnlyFS = newWithHost("read-only file system", linux.EROFS, syscall.EROFS) - ErrTooManyLinks = newWithHost("too many links", linux.EMLINK, syscall.EMLINK) - ErrBrokenPipe = newWithHost("broken pipe", linux.EPIPE, syscall.EPIPE) - ErrDomain = newWithHost("math argument out of domain of func", linux.EDOM, syscall.EDOM) - ErrRange = newWithHost("math result not representable", linux.ERANGE, syscall.ERANGE) - ErrDeadlock = newWithHost("resource deadlock would occur", linux.EDEADLOCK, syscall.EDEADLOCK) - ErrNameTooLong = newWithHost("file name too long", linux.ENAMETOOLONG, syscall.ENAMETOOLONG) - ErrNoLocksAvailable = newWithHost("no record locks available", linux.ENOLCK, syscall.ENOLCK) - ErrInvalidSyscall = newWithHost("invalid system call number", linux.ENOSYS, syscall.ENOSYS) - ErrDirNotEmpty = newWithHost("directory not empty", linux.ENOTEMPTY, syscall.ENOTEMPTY) - ErrLinkLoop = newWithHost("too many symbolic links encountered", linux.ELOOP, syscall.ELOOP) - ErrNoMessage = newWithHost("no message of desired type", linux.ENOMSG, syscall.ENOMSG) - ErrIdentifierRemoved = newWithHost("identifier removed", linux.EIDRM, syscall.EIDRM) - ErrChannelOutOfRange = newWithHost("channel number out of range", linux.ECHRNG, syscall.ECHRNG) - ErrLevelTwoNotSynced = newWithHost("level 2 not synchronized", linux.EL2NSYNC, syscall.EL2NSYNC) - ErrLevelThreeHalted = newWithHost("level 3 halted", linux.EL3HLT, syscall.EL3HLT) - ErrLevelThreeReset = newWithHost("level 3 reset", linux.EL3RST, syscall.EL3RST) - ErrLinkNumberOutOfRange = newWithHost("link number out of range", linux.ELNRNG, syscall.ELNRNG) - ErrProtocolDriverNotAttached = newWithHost("protocol driver not attached", linux.EUNATCH, syscall.EUNATCH) - ErrNoCSIAvailable = newWithHost("no CSI structure available", linux.ENOCSI, syscall.ENOCSI) - ErrLevelTwoHalted = newWithHost("level 2 halted", linux.EL2HLT, syscall.EL2HLT) - ErrInvalidExchange = newWithHost("invalid exchange", linux.EBADE, syscall.EBADE) - ErrInvalidRequestDescriptor = newWithHost("invalid request descriptor", linux.EBADR, syscall.EBADR) - ErrExchangeFull = newWithHost("exchange full", linux.EXFULL, syscall.EXFULL) - ErrNoAnode = newWithHost("no anode", linux.ENOANO, syscall.ENOANO) - ErrInvalidRequestCode = newWithHost("invalid request code", linux.EBADRQC, syscall.EBADRQC) - ErrInvalidSlot = newWithHost("invalid slot", linux.EBADSLT, syscall.EBADSLT) - ErrBadFontFile = newWithHost("bad font file format", linux.EBFONT, syscall.EBFONT) - ErrNotStream = newWithHost("device not a stream", linux.ENOSTR, syscall.ENOSTR) - ErrNoDataAvailable = newWithHost("no data available", linux.ENODATA, syscall.ENODATA) - ErrTimerExpired = newWithHost("timer expired", linux.ETIME, syscall.ETIME) - ErrStreamsResourceDepleted = newWithHost("out of streams resources", linux.ENOSR, syscall.ENOSR) - ErrMachineNotOnNetwork = newWithHost("machine is not on the network", linux.ENONET, syscall.ENONET) - ErrPackageNotInstalled = newWithHost("package not installed", linux.ENOPKG, syscall.ENOPKG) - ErrIsRemote = newWithHost("object is remote", linux.EREMOTE, syscall.EREMOTE) - ErrNoLink = newWithHost("link has been severed", linux.ENOLINK, syscall.ENOLINK) - ErrAdvertise = newWithHost("advertise error", linux.EADV, syscall.EADV) - ErrSRMount = newWithHost("srmount error", linux.ESRMNT, syscall.ESRMNT) - ErrSendCommunication = newWithHost("communication error on send", linux.ECOMM, syscall.ECOMM) - ErrProtocol = newWithHost("protocol error", linux.EPROTO, syscall.EPROTO) - ErrMultihopAttempted = newWithHost("multihop attempted", linux.EMULTIHOP, syscall.EMULTIHOP) - ErrRFS = newWithHost("RFS specific error", linux.EDOTDOT, syscall.EDOTDOT) - ErrInvalidDataMessage = newWithHost("not a data message", linux.EBADMSG, syscall.EBADMSG) - ErrOverflow = newWithHost("value too large for defined data type", linux.EOVERFLOW, syscall.EOVERFLOW) - ErrNetworkNameNotUnique = newWithHost("name not unique on network", linux.ENOTUNIQ, syscall.ENOTUNIQ) - ErrFDInBadState = newWithHost("file descriptor in bad state", linux.EBADFD, syscall.EBADFD) - ErrRemoteAddressChanged = newWithHost("remote address changed", linux.EREMCHG, syscall.EREMCHG) - ErrSharedLibraryInaccessible = newWithHost("can not access a needed shared library", linux.ELIBACC, syscall.ELIBACC) - ErrCorruptedSharedLibrary = newWithHost("accessing a corrupted shared library", linux.ELIBBAD, syscall.ELIBBAD) - ErrLibSectionCorrupted = newWithHost(".lib section in a.out corrupted", linux.ELIBSCN, syscall.ELIBSCN) - ErrTooManySharedLibraries = newWithHost("attempting to link in too many shared libraries", linux.ELIBMAX, syscall.ELIBMAX) - ErrSharedLibraryExeced = newWithHost("cannot exec a shared library directly", linux.ELIBEXEC, syscall.ELIBEXEC) - ErrIllegalByteSequence = newWithHost("illegal byte sequence", linux.EILSEQ, syscall.EILSEQ) - ErrShouldRestart = newWithHost("interrupted system call should be restarted", linux.ERESTART, syscall.ERESTART) - ErrStreamPipe = newWithHost("streams pipe error", linux.ESTRPIPE, syscall.ESTRPIPE) - ErrTooManyUsers = newWithHost("too many users", linux.EUSERS, syscall.EUSERS) - ErrNotASocket = newWithHost("socket operation on non-socket", linux.ENOTSOCK, syscall.ENOTSOCK) - ErrDestinationAddressRequired = newWithHost("destination address required", linux.EDESTADDRREQ, syscall.EDESTADDRREQ) - ErrMessageTooLong = newWithHost("message too long", linux.EMSGSIZE, syscall.EMSGSIZE) - ErrWrongProtocolForSocket = newWithHost("protocol wrong type for socket", linux.EPROTOTYPE, syscall.EPROTOTYPE) - ErrProtocolNotAvailable = newWithHost("protocol not available", linux.ENOPROTOOPT, syscall.ENOPROTOOPT) - ErrProtocolNotSupported = newWithHost("protocol not supported", linux.EPROTONOSUPPORT, syscall.EPROTONOSUPPORT) - ErrSocketNotSupported = newWithHost("socket type not supported", linux.ESOCKTNOSUPPORT, syscall.ESOCKTNOSUPPORT) - ErrEndpointOperation = newWithHost("operation not supported on transport endpoint", linux.EOPNOTSUPP, syscall.EOPNOTSUPP) - ErrProtocolFamilyNotSupported = newWithHost("protocol family not supported", linux.EPFNOSUPPORT, syscall.EPFNOSUPPORT) - ErrAddressFamilyNotSupported = newWithHost("address family not supported by protocol", linux.EAFNOSUPPORT, syscall.EAFNOSUPPORT) - ErrAddressInUse = newWithHost("address already in use", linux.EADDRINUSE, syscall.EADDRINUSE) - ErrAddressNotAvailable = newWithHost("cannot assign requested address", linux.EADDRNOTAVAIL, syscall.EADDRNOTAVAIL) - ErrNetworkDown = newWithHost("network is down", linux.ENETDOWN, syscall.ENETDOWN) - ErrNetworkUnreachable = newWithHost("network is unreachable", linux.ENETUNREACH, syscall.ENETUNREACH) - ErrNetworkReset = newWithHost("network dropped connection because of reset", linux.ENETRESET, syscall.ENETRESET) - ErrConnectionAborted = newWithHost("software caused connection abort", linux.ECONNABORTED, syscall.ECONNABORTED) - ErrConnectionReset = newWithHost("connection reset by peer", linux.ECONNRESET, syscall.ECONNRESET) - ErrNoBufferSpace = newWithHost("no buffer space available", linux.ENOBUFS, syscall.ENOBUFS) - ErrAlreadyConnected = newWithHost("transport endpoint is already connected", linux.EISCONN, syscall.EISCONN) - ErrNotConnected = newWithHost("transport endpoint is not connected", linux.ENOTCONN, syscall.ENOTCONN) - ErrShutdown = newWithHost("cannot send after transport endpoint shutdown", linux.ESHUTDOWN, syscall.ESHUTDOWN) - ErrTooManyRefs = newWithHost("too many references: cannot splice", linux.ETOOMANYREFS, syscall.ETOOMANYREFS) - ErrTimedOut = newWithHost("connection timed out", linux.ETIMEDOUT, syscall.ETIMEDOUT) - ErrConnectionRefused = newWithHost("connection refused", linux.ECONNREFUSED, syscall.ECONNREFUSED) - ErrHostDown = newWithHost("host is down", linux.EHOSTDOWN, syscall.EHOSTDOWN) - ErrNoRoute = newWithHost("no route to host", linux.EHOSTUNREACH, syscall.EHOSTUNREACH) - ErrAlreadyInProgress = newWithHost("operation already in progress", linux.EALREADY, syscall.EALREADY) - ErrInProgress = newWithHost("operation now in progress", linux.EINPROGRESS, syscall.EINPROGRESS) - ErrStaleFileHandle = newWithHost("stale file handle", linux.ESTALE, syscall.ESTALE) - ErrStructureNeedsCleaning = newWithHost("structure needs cleaning", linux.EUCLEAN, syscall.EUCLEAN) - ErrIsNamedFile = newWithHost("is a named type file", linux.ENOTNAM, syscall.ENOTNAM) - ErrRemoteIO = newWithHost("remote I/O error", linux.EREMOTEIO, syscall.EREMOTEIO) - ErrQuotaExceeded = newWithHost("quota exceeded", linux.EDQUOT, syscall.EDQUOT) - ErrNoMedium = newWithHost("no medium found", linux.ENOMEDIUM, syscall.ENOMEDIUM) - ErrWrongMediumType = newWithHost("wrong medium type", linux.EMEDIUMTYPE, syscall.EMEDIUMTYPE) - ErrCanceled = newWithHost("operation canceled", linux.ECANCELED, syscall.ECANCELED) - ErrNoKey = newWithHost("required key not available", linux.ENOKEY, syscall.ENOKEY) - ErrKeyExpired = newWithHost("key has expired", linux.EKEYEXPIRED, syscall.EKEYEXPIRED) - ErrKeyRevoked = newWithHost("key has been revoked", linux.EKEYREVOKED, syscall.EKEYREVOKED) - ErrKeyRejected = newWithHost("key was rejected by service", linux.EKEYREJECTED, syscall.EKEYREJECTED) - ErrOwnerDied = newWithHost("owner died", linux.EOWNERDEAD, syscall.EOWNERDEAD) - ErrNotRecoverable = newWithHost("state not recoverable", linux.ENOTRECOVERABLE, syscall.ENOTRECOVERABLE) + ErrNotPermitted = newWithHost("operation not permitted", linux.EPERM, unix.EPERM) + ErrNoFileOrDir = newWithHost("no such file or directory", linux.ENOENT, unix.ENOENT) + ErrNoProcess = newWithHost("no such process", linux.ESRCH, unix.ESRCH) + ErrInterrupted = newWithHost("interrupted system call", linux.EINTR, unix.EINTR) + ErrIO = newWithHost("I/O error", linux.EIO, unix.EIO) + ErrDeviceOrAddress = newWithHost("no such device or address", linux.ENXIO, unix.ENXIO) + ErrTooManyArgs = newWithHost("argument list too long", linux.E2BIG, unix.E2BIG) + ErrEcec = newWithHost("exec format error", linux.ENOEXEC, unix.ENOEXEC) + ErrBadFD = newWithHost("bad file number", linux.EBADF, unix.EBADF) + ErrNoChild = newWithHost("no child processes", linux.ECHILD, unix.ECHILD) + ErrTryAgain = newWithHost("try again", linux.EAGAIN, unix.EAGAIN) + ErrNoMemory = newWithHost("out of memory", linux.ENOMEM, unix.ENOMEM) + ErrPermissionDenied = newWithHost("permission denied", linux.EACCES, unix.EACCES) + ErrBadAddress = newWithHost("bad address", linux.EFAULT, unix.EFAULT) + ErrNotBlockDevice = newWithHost("block device required", linux.ENOTBLK, unix.ENOTBLK) + ErrBusy = newWithHost("device or resource busy", linux.EBUSY, unix.EBUSY) + ErrExists = newWithHost("file exists", linux.EEXIST, unix.EEXIST) + ErrCrossDeviceLink = newWithHost("cross-device link", linux.EXDEV, unix.EXDEV) + ErrNoDevice = newWithHost("no such device", linux.ENODEV, unix.ENODEV) + ErrNotDir = newWithHost("not a directory", linux.ENOTDIR, unix.ENOTDIR) + ErrIsDir = newWithHost("is a directory", linux.EISDIR, unix.EISDIR) + ErrInvalidArgument = newWithHost("invalid argument", linux.EINVAL, unix.EINVAL) + ErrFileTableOverflow = newWithHost("file table overflow", linux.ENFILE, unix.ENFILE) + ErrTooManyOpenFiles = newWithHost("too many open files", linux.EMFILE, unix.EMFILE) + ErrNotTTY = newWithHost("not a typewriter", linux.ENOTTY, unix.ENOTTY) + ErrTestFileBusy = newWithHost("text file busy", linux.ETXTBSY, unix.ETXTBSY) + ErrFileTooBig = newWithHost("file too large", linux.EFBIG, unix.EFBIG) + ErrNoSpace = newWithHost("no space left on device", linux.ENOSPC, unix.ENOSPC) + ErrIllegalSeek = newWithHost("illegal seek", linux.ESPIPE, unix.ESPIPE) + ErrReadOnlyFS = newWithHost("read-only file system", linux.EROFS, unix.EROFS) + ErrTooManyLinks = newWithHost("too many links", linux.EMLINK, unix.EMLINK) + ErrBrokenPipe = newWithHost("broken pipe", linux.EPIPE, unix.EPIPE) + ErrDomain = newWithHost("math argument out of domain of func", linux.EDOM, unix.EDOM) + ErrRange = newWithHost("math result not representable", linux.ERANGE, unix.ERANGE) + ErrDeadlock = newWithHost("resource deadlock would occur", linux.EDEADLOCK, unix.EDEADLOCK) + ErrNameTooLong = newWithHost("file name too long", linux.ENAMETOOLONG, unix.ENAMETOOLONG) + ErrNoLocksAvailable = newWithHost("no record locks available", linux.ENOLCK, unix.ENOLCK) + ErrInvalidSyscall = newWithHost("invalid system call number", linux.ENOSYS, unix.ENOSYS) + ErrDirNotEmpty = newWithHost("directory not empty", linux.ENOTEMPTY, unix.ENOTEMPTY) + ErrLinkLoop = newWithHost("too many symbolic links encountered", linux.ELOOP, unix.ELOOP) + ErrNoMessage = newWithHost("no message of desired type", linux.ENOMSG, unix.ENOMSG) + ErrIdentifierRemoved = newWithHost("identifier removed", linux.EIDRM, unix.EIDRM) + ErrChannelOutOfRange = newWithHost("channel number out of range", linux.ECHRNG, unix.ECHRNG) + ErrLevelTwoNotSynced = newWithHost("level 2 not synchronized", linux.EL2NSYNC, unix.EL2NSYNC) + ErrLevelThreeHalted = newWithHost("level 3 halted", linux.EL3HLT, unix.EL3HLT) + ErrLevelThreeReset = newWithHost("level 3 reset", linux.EL3RST, unix.EL3RST) + ErrLinkNumberOutOfRange = newWithHost("link number out of range", linux.ELNRNG, unix.ELNRNG) + ErrProtocolDriverNotAttached = newWithHost("protocol driver not attached", linux.EUNATCH, unix.EUNATCH) + ErrNoCSIAvailable = newWithHost("no CSI structure available", linux.ENOCSI, unix.ENOCSI) + ErrLevelTwoHalted = newWithHost("level 2 halted", linux.EL2HLT, unix.EL2HLT) + ErrInvalidExchange = newWithHost("invalid exchange", linux.EBADE, unix.EBADE) + ErrInvalidRequestDescriptor = newWithHost("invalid request descriptor", linux.EBADR, unix.EBADR) + ErrExchangeFull = newWithHost("exchange full", linux.EXFULL, unix.EXFULL) + ErrNoAnode = newWithHost("no anode", linux.ENOANO, unix.ENOANO) + ErrInvalidRequestCode = newWithHost("invalid request code", linux.EBADRQC, unix.EBADRQC) + ErrInvalidSlot = newWithHost("invalid slot", linux.EBADSLT, unix.EBADSLT) + ErrBadFontFile = newWithHost("bad font file format", linux.EBFONT, unix.EBFONT) + ErrNotStream = newWithHost("device not a stream", linux.ENOSTR, unix.ENOSTR) + ErrNoDataAvailable = newWithHost("no data available", linux.ENODATA, unix.ENODATA) + ErrTimerExpired = newWithHost("timer expired", linux.ETIME, unix.ETIME) + ErrStreamsResourceDepleted = newWithHost("out of streams resources", linux.ENOSR, unix.ENOSR) + ErrMachineNotOnNetwork = newWithHost("machine is not on the network", linux.ENONET, unix.ENONET) + ErrPackageNotInstalled = newWithHost("package not installed", linux.ENOPKG, unix.ENOPKG) + ErrIsRemote = newWithHost("object is remote", linux.EREMOTE, unix.EREMOTE) + ErrNoLink = newWithHost("link has been severed", linux.ENOLINK, unix.ENOLINK) + ErrAdvertise = newWithHost("advertise error", linux.EADV, unix.EADV) + ErrSRMount = newWithHost("srmount error", linux.ESRMNT, unix.ESRMNT) + ErrSendCommunication = newWithHost("communication error on send", linux.ECOMM, unix.ECOMM) + ErrProtocol = newWithHost("protocol error", linux.EPROTO, unix.EPROTO) + ErrMultihopAttempted = newWithHost("multihop attempted", linux.EMULTIHOP, unix.EMULTIHOP) + ErrRFS = newWithHost("RFS specific error", linux.EDOTDOT, unix.EDOTDOT) + ErrInvalidDataMessage = newWithHost("not a data message", linux.EBADMSG, unix.EBADMSG) + ErrOverflow = newWithHost("value too large for defined data type", linux.EOVERFLOW, unix.EOVERFLOW) + ErrNetworkNameNotUnique = newWithHost("name not unique on network", linux.ENOTUNIQ, unix.ENOTUNIQ) + ErrFDInBadState = newWithHost("file descriptor in bad state", linux.EBADFD, unix.EBADFD) + ErrRemoteAddressChanged = newWithHost("remote address changed", linux.EREMCHG, unix.EREMCHG) + ErrSharedLibraryInaccessible = newWithHost("can not access a needed shared library", linux.ELIBACC, unix.ELIBACC) + ErrCorruptedSharedLibrary = newWithHost("accessing a corrupted shared library", linux.ELIBBAD, unix.ELIBBAD) + ErrLibSectionCorrupted = newWithHost(".lib section in a.out corrupted", linux.ELIBSCN, unix.ELIBSCN) + ErrTooManySharedLibraries = newWithHost("attempting to link in too many shared libraries", linux.ELIBMAX, unix.ELIBMAX) + ErrSharedLibraryExeced = newWithHost("cannot exec a shared library directly", linux.ELIBEXEC, unix.ELIBEXEC) + ErrIllegalByteSequence = newWithHost("illegal byte sequence", linux.EILSEQ, unix.EILSEQ) + ErrShouldRestart = newWithHost("interrupted system call should be restarted", linux.ERESTART, unix.ERESTART) + ErrStreamPipe = newWithHost("streams pipe error", linux.ESTRPIPE, unix.ESTRPIPE) + ErrTooManyUsers = newWithHost("too many users", linux.EUSERS, unix.EUSERS) + ErrNotASocket = newWithHost("socket operation on non-socket", linux.ENOTSOCK, unix.ENOTSOCK) + ErrDestinationAddressRequired = newWithHost("destination address required", linux.EDESTADDRREQ, unix.EDESTADDRREQ) + ErrMessageTooLong = newWithHost("message too long", linux.EMSGSIZE, unix.EMSGSIZE) + ErrWrongProtocolForSocket = newWithHost("protocol wrong type for socket", linux.EPROTOTYPE, unix.EPROTOTYPE) + ErrProtocolNotAvailable = newWithHost("protocol not available", linux.ENOPROTOOPT, unix.ENOPROTOOPT) + ErrProtocolNotSupported = newWithHost("protocol not supported", linux.EPROTONOSUPPORT, unix.EPROTONOSUPPORT) + ErrSocketNotSupported = newWithHost("socket type not supported", linux.ESOCKTNOSUPPORT, unix.ESOCKTNOSUPPORT) + ErrEndpointOperation = newWithHost("operation not supported on transport endpoint", linux.EOPNOTSUPP, unix.EOPNOTSUPP) + ErrProtocolFamilyNotSupported = newWithHost("protocol family not supported", linux.EPFNOSUPPORT, unix.EPFNOSUPPORT) + ErrAddressFamilyNotSupported = newWithHost("address family not supported by protocol", linux.EAFNOSUPPORT, unix.EAFNOSUPPORT) + ErrAddressInUse = newWithHost("address already in use", linux.EADDRINUSE, unix.EADDRINUSE) + ErrAddressNotAvailable = newWithHost("cannot assign requested address", linux.EADDRNOTAVAIL, unix.EADDRNOTAVAIL) + ErrNetworkDown = newWithHost("network is down", linux.ENETDOWN, unix.ENETDOWN) + ErrNetworkUnreachable = newWithHost("network is unreachable", linux.ENETUNREACH, unix.ENETUNREACH) + ErrNetworkReset = newWithHost("network dropped connection because of reset", linux.ENETRESET, unix.ENETRESET) + ErrConnectionAborted = newWithHost("software caused connection abort", linux.ECONNABORTED, unix.ECONNABORTED) + ErrConnectionReset = newWithHost("connection reset by peer", linux.ECONNRESET, unix.ECONNRESET) + ErrNoBufferSpace = newWithHost("no buffer space available", linux.ENOBUFS, unix.ENOBUFS) + ErrAlreadyConnected = newWithHost("transport endpoint is already connected", linux.EISCONN, unix.EISCONN) + ErrNotConnected = newWithHost("transport endpoint is not connected", linux.ENOTCONN, unix.ENOTCONN) + ErrShutdown = newWithHost("cannot send after transport endpoint shutdown", linux.ESHUTDOWN, unix.ESHUTDOWN) + ErrTooManyRefs = newWithHost("too many references: cannot splice", linux.ETOOMANYREFS, unix.ETOOMANYREFS) + ErrTimedOut = newWithHost("connection timed out", linux.ETIMEDOUT, unix.ETIMEDOUT) + ErrConnectionRefused = newWithHost("connection refused", linux.ECONNREFUSED, unix.ECONNREFUSED) + ErrHostDown = newWithHost("host is down", linux.EHOSTDOWN, unix.EHOSTDOWN) + ErrNoRoute = newWithHost("no route to host", linux.EHOSTUNREACH, unix.EHOSTUNREACH) + ErrAlreadyInProgress = newWithHost("operation already in progress", linux.EALREADY, unix.EALREADY) + ErrInProgress = newWithHost("operation now in progress", linux.EINPROGRESS, unix.EINPROGRESS) + ErrStaleFileHandle = newWithHost("stale file handle", linux.ESTALE, unix.ESTALE) + ErrStructureNeedsCleaning = newWithHost("structure needs cleaning", linux.EUCLEAN, unix.EUCLEAN) + ErrIsNamedFile = newWithHost("is a named type file", linux.ENOTNAM, unix.ENOTNAM) + ErrRemoteIO = newWithHost("remote I/O error", linux.EREMOTEIO, unix.EREMOTEIO) + ErrQuotaExceeded = newWithHost("quota exceeded", linux.EDQUOT, unix.EDQUOT) + ErrNoMedium = newWithHost("no medium found", linux.ENOMEDIUM, unix.ENOMEDIUM) + ErrWrongMediumType = newWithHost("wrong medium type", linux.EMEDIUMTYPE, unix.EMEDIUMTYPE) + ErrCanceled = newWithHost("operation canceled", linux.ECANCELED, unix.ECANCELED) + ErrNoKey = newWithHost("required key not available", linux.ENOKEY, unix.ENOKEY) + ErrKeyExpired = newWithHost("key has expired", linux.EKEYEXPIRED, unix.EKEYEXPIRED) + ErrKeyRevoked = newWithHost("key has been revoked", linux.EKEYREVOKED, unix.EKEYREVOKED) + ErrKeyRejected = newWithHost("key was rejected by service", linux.EKEYREJECTED, unix.EKEYREJECTED) + ErrOwnerDied = newWithHost("owner died", linux.EOWNERDEAD, unix.EOWNERDEAD) + ErrNotRecoverable = newWithHost("state not recoverable", linux.ENOTRECOVERABLE, unix.ENOTRECOVERABLE) // ErrWouldBlock translates to EWOULDBLOCK which is the same as EAGAIN // on Linux. @@ -283,7 +283,7 @@ func FromError(err error) *Error { if err == nil { return nil } - if errno, ok := err.(syscall.Errno); ok { + if errno, ok := err.(unix.Errno); ok { return FromHost(errno) } if errno, ok := syserror.TranslateError(err); ok { diff --git a/pkg/syserror/syserror.go b/pkg/syserror/syserror.go index f516c8e46..97de17afe 100644 --- a/pkg/syserror/syserror.go +++ b/pkg/syserror/syserror.go @@ -20,68 +20,69 @@ package syserror import ( "errors" - "syscall" + + "golang.org/x/sys/unix" ) // The following variables have the same meaning as their syscall equivalent. var ( - E2BIG = error(syscall.E2BIG) - EACCES = error(syscall.EACCES) - EADDRINUSE = error(syscall.EADDRINUSE) - EAGAIN = error(syscall.EAGAIN) - EBADF = error(syscall.EBADF) - EBADFD = error(syscall.EBADFD) - EBUSY = error(syscall.EBUSY) - ECHILD = error(syscall.ECHILD) - ECONNABORTED = error(syscall.ECONNABORTED) - ECONNREFUSED = error(syscall.ECONNREFUSED) - ECONNRESET = error(syscall.ECONNRESET) - EDEADLK = error(syscall.EDEADLK) - EEXIST = error(syscall.EEXIST) - EFAULT = error(syscall.EFAULT) - EFBIG = error(syscall.EFBIG) - EIDRM = error(syscall.EIDRM) - EINTR = error(syscall.EINTR) - EINVAL = error(syscall.EINVAL) - EIO = error(syscall.EIO) - EISDIR = error(syscall.EISDIR) - ELIBBAD = error(syscall.ELIBBAD) - ELOOP = error(syscall.ELOOP) - EMFILE = error(syscall.EMFILE) - EMLINK = error(syscall.EMLINK) - EMSGSIZE = error(syscall.EMSGSIZE) - ENAMETOOLONG = error(syscall.ENAMETOOLONG) + E2BIG = error(unix.E2BIG) + EACCES = error(unix.EACCES) + EADDRINUSE = error(unix.EADDRINUSE) + EAGAIN = error(unix.EAGAIN) + EBADF = error(unix.EBADF) + EBADFD = error(unix.EBADFD) + EBUSY = error(unix.EBUSY) + ECHILD = error(unix.ECHILD) + ECONNABORTED = error(unix.ECONNABORTED) + ECONNREFUSED = error(unix.ECONNREFUSED) + ECONNRESET = error(unix.ECONNRESET) + EDEADLK = error(unix.EDEADLK) + EEXIST = error(unix.EEXIST) + EFAULT = error(unix.EFAULT) + EFBIG = error(unix.EFBIG) + EIDRM = error(unix.EIDRM) + EINTR = error(unix.EINTR) + EINVAL = error(unix.EINVAL) + EIO = error(unix.EIO) + EISDIR = error(unix.EISDIR) + ELIBBAD = error(unix.ELIBBAD) + ELOOP = error(unix.ELOOP) + EMFILE = error(unix.EMFILE) + EMLINK = error(unix.EMLINK) + EMSGSIZE = error(unix.EMSGSIZE) + ENAMETOOLONG = error(unix.ENAMETOOLONG) ENOATTR = ENODATA - ENOBUFS = error(syscall.ENOBUFS) - ENODATA = error(syscall.ENODATA) - ENODEV = error(syscall.ENODEV) - ENOENT = error(syscall.ENOENT) - ENOEXEC = error(syscall.ENOEXEC) - ENOLCK = error(syscall.ENOLCK) - ENOLINK = error(syscall.ENOLINK) - ENOMEM = error(syscall.ENOMEM) - ENOSPC = error(syscall.ENOSPC) - ENOSYS = error(syscall.ENOSYS) - ENOTCONN = error(syscall.ENOTCONN) - ENOTDIR = error(syscall.ENOTDIR) - ENOTEMPTY = error(syscall.ENOTEMPTY) - ENOTSOCK = error(syscall.ENOTSOCK) - ENOTSUP = error(syscall.ENOTSUP) - ENOTTY = error(syscall.ENOTTY) - ENXIO = error(syscall.ENXIO) - EOPNOTSUPP = error(syscall.EOPNOTSUPP) - EOVERFLOW = error(syscall.EOVERFLOW) - EPERM = error(syscall.EPERM) - EPIPE = error(syscall.EPIPE) - ERANGE = error(syscall.ERANGE) - EREMOTE = error(syscall.EREMOTE) - EROFS = error(syscall.EROFS) - ESPIPE = error(syscall.ESPIPE) - ESRCH = error(syscall.ESRCH) - ETIMEDOUT = error(syscall.ETIMEDOUT) - EUSERS = error(syscall.EUSERS) - EWOULDBLOCK = error(syscall.EWOULDBLOCK) - EXDEV = error(syscall.EXDEV) + ENOBUFS = error(unix.ENOBUFS) + ENODATA = error(unix.ENODATA) + ENODEV = error(unix.ENODEV) + ENOENT = error(unix.ENOENT) + ENOEXEC = error(unix.ENOEXEC) + ENOLCK = error(unix.ENOLCK) + ENOLINK = error(unix.ENOLINK) + ENOMEM = error(unix.ENOMEM) + ENOSPC = error(unix.ENOSPC) + ENOSYS = error(unix.ENOSYS) + ENOTCONN = error(unix.ENOTCONN) + ENOTDIR = error(unix.ENOTDIR) + ENOTEMPTY = error(unix.ENOTEMPTY) + ENOTSOCK = error(unix.ENOTSOCK) + ENOTSUP = error(unix.ENOTSUP) + ENOTTY = error(unix.ENOTTY) + ENXIO = error(unix.ENXIO) + EOPNOTSUPP = error(unix.EOPNOTSUPP) + EOVERFLOW = error(unix.EOVERFLOW) + EPERM = error(unix.EPERM) + EPIPE = error(unix.EPIPE) + ERANGE = error(unix.ERANGE) + EREMOTE = error(unix.EREMOTE) + EROFS = error(unix.EROFS) + ESPIPE = error(unix.ESPIPE) + ESRCH = error(unix.ESRCH) + ETIMEDOUT = error(unix.ETIMEDOUT) + EUSERS = error(unix.EUSERS) + EWOULDBLOCK = error(unix.EWOULDBLOCK) + EXDEV = error(unix.EXDEV) ) var ( @@ -102,16 +103,16 @@ var ( ) // errorMap is the map used to convert generic errors into errnos. -var errorMap = map[error]syscall.Errno{} +var errorMap = map[error]unix.Errno{} // errorUnwrappers is an array of unwrap functions to extract typed errors. -var errorUnwrappers = []func(error) (syscall.Errno, bool){} +var errorUnwrappers = []func(error) (unix.Errno, bool){} // AddErrorTranslation allows modules to populate the error map by adding their // own translations during initialization. Returns if the error translation is // accepted or not. A pre-existing translation will not be overwritten by the // new translation. -func AddErrorTranslation(from error, to syscall.Errno) bool { +func AddErrorTranslation(from error, to unix.Errno) bool { if _, ok := errorMap[from]; ok { return false } @@ -122,13 +123,13 @@ func AddErrorTranslation(from error, to syscall.Errno) bool { // AddErrorUnwrapper registers an unwrap method that can extract a concrete error // from a typed, but not initialized, error. -func AddErrorUnwrapper(unwrap func(e error) (syscall.Errno, bool)) { +func AddErrorUnwrapper(unwrap func(e error) (unix.Errno, bool)) { errorUnwrappers = append(errorUnwrappers, unwrap) } // TranslateError translates errors to errnos, it will return false if // the error was not registered. -func TranslateError(from error) (syscall.Errno, bool) { +func TranslateError(from error) (unix.Errno, bool) { err, ok := errorMap[from] if ok { return err, ok @@ -222,7 +223,7 @@ func SyscallRestartErrnoFromReturn(rv uintptr) (SyscallRestartErrno, bool) { } func init() { - AddErrorTranslation(ErrWouldBlock, syscall.EWOULDBLOCK) - AddErrorTranslation(ErrInterrupted, syscall.EINTR) - AddErrorTranslation(ErrExceedsFileSizeLimit, syscall.EFBIG) + AddErrorTranslation(ErrWouldBlock, unix.EWOULDBLOCK) + AddErrorTranslation(ErrInterrupted, unix.EINTR) + AddErrorTranslation(ErrExceedsFileSizeLimit, unix.EFBIG) } diff --git a/pkg/tcpip/link/fdbased/endpoint.go b/pkg/tcpip/link/fdbased/endpoint.go index 0164d851b..72d3f70ac 100644 --- a/pkg/tcpip/link/fdbased/endpoint.go +++ b/pkg/tcpip/link/fdbased/endpoint.go @@ -41,7 +41,6 @@ package fdbased import ( "fmt" - "syscall" "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/binary" @@ -237,8 +236,8 @@ func New(opts *Options) (stack.LinkEndpoint, error) { // Create per channel dispatchers. for i := 0; i < len(e.fds); i++ { fd := e.fds[i] - if err := syscall.SetNonblock(fd, true); err != nil { - return nil, fmt.Errorf("syscall.SetNonblock(%v) failed: %v", fd, err) + if err := unix.SetNonblock(fd, true); err != nil { + return nil, fmt.Errorf("unix.SetNonblock(%v) failed: %v", fd, err) } isSocket, err := isSocketFD(fd) @@ -291,7 +290,7 @@ func createInboundDispatcher(e *endpoint, fd int, isSocket bool) (linkDispatcher // hard to test fragmentation reassembly code in Netstack. const fanoutType = unix.PACKET_FANOUT_HASH fanoutArg := fanoutID | fanoutType<<16 - if err := syscall.SetsockoptInt(fd, syscall.SOL_PACKET, unix.PACKET_FANOUT, fanoutArg); err != nil { + if err := unix.SetsockoptInt(fd, unix.SOL_PACKET, unix.PACKET_FANOUT, fanoutArg); err != nil { return nil, fmt.Errorf("failed to enable PACKET_FANOUT option: %v", err) } } @@ -316,11 +315,11 @@ func createInboundDispatcher(e *endpoint, fd int, isSocket bool) (linkDispatcher } func isSocketFD(fd int) (bool, error) { - var stat syscall.Stat_t - if err := syscall.Fstat(fd, &stat); err != nil { - return false, fmt.Errorf("syscall.Fstat(%v,...) failed: %v", fd, err) + var stat unix.Stat_t + if err := unix.Fstat(fd, &stat); err != nil { + return false, fmt.Errorf("unix.Fstat(%v,...) failed: %v", fd, err) } - return (stat.Mode & syscall.S_IFSOCK) == syscall.S_IFSOCK, nil + return (stat.Mode & unix.S_IFSOCK) == unix.S_IFSOCK, nil } // Attach launches the goroutine that reads packets from the file descriptor and @@ -614,7 +613,7 @@ func (e *InjectableEndpoint) InjectInbound(protocol tcpip.NetworkProtocolNumber, // NewInjectable creates a new fd-based InjectableEndpoint. func NewInjectable(fd int, mtu uint32, capabilities stack.LinkEndpointCapabilities) *InjectableEndpoint { - syscall.SetNonblock(fd, true) + unix.SetNonblock(fd, true) return &InjectableEndpoint{endpoint: endpoint{ fds: []int{fd}, diff --git a/pkg/tcpip/link/fdbased/mmap.go b/pkg/tcpip/link/fdbased/mmap.go index a2b63fe6b..5d698a5e9 100644 --- a/pkg/tcpip/link/fdbased/mmap.go +++ b/pkg/tcpip/link/fdbased/mmap.go @@ -19,7 +19,6 @@ package fdbased import ( "encoding/binary" "fmt" - "syscall" "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/tcpip" @@ -137,7 +136,7 @@ func (d *packetMMapDispatcher) readMMappedPacket() ([]byte, tcpip.Error) { Events: unix.POLLIN | unix.POLLERR, } if _, errno := rawfile.BlockingPoll(&event, 1, nil); errno != 0 { - if errno == syscall.EINTR { + if errno == unix.EINTR { continue } return nil, rawfile.TranslateErrno(errno) diff --git a/pkg/tcpip/link/fdbased/mmap_unsafe.go b/pkg/tcpip/link/fdbased/mmap_unsafe.go index 3894185ae..1293f68a2 100644 --- a/pkg/tcpip/link/fdbased/mmap_unsafe.go +++ b/pkg/tcpip/link/fdbased/mmap_unsafe.go @@ -19,14 +19,13 @@ package fdbased import ( "fmt" "sync/atomic" - "syscall" "unsafe" "golang.org/x/sys/unix" ) // tPacketHdrlen is the TPACKET_HDRLEN variable defined in <linux/if_packet.h>. -var tPacketHdrlen = tPacketAlign(unsafe.Sizeof(tPacketHdr{}) + unsafe.Sizeof(syscall.RawSockaddrLinklayer{})) +var tPacketHdrlen = tPacketAlign(unsafe.Sizeof(tPacketHdr{}) + unsafe.Sizeof(unix.RawSockaddrLinklayer{})) // tpStatus returns the frame status field. // The status is concurrently updated by the kernel as a result we must @@ -62,21 +61,21 @@ func newPacketMMapDispatcher(fd int, e *endpoint) (linkDispatcher, error) { tpFrameNR: uint32(tpFrameNR), } // Setup PACKET_RX_RING. - if err := setsockopt(d.fd, syscall.SOL_PACKET, syscall.PACKET_RX_RING, unsafe.Pointer(&tReq), unsafe.Sizeof(tReq)); err != nil { + if err := setsockopt(d.fd, unix.SOL_PACKET, unix.PACKET_RX_RING, unsafe.Pointer(&tReq), unsafe.Sizeof(tReq)); err != nil { return nil, fmt.Errorf("failed to enable PACKET_RX_RING: %v", err) } // Let's mmap the blocks. sz := tpBlockSize * tpBlockNR - buf, err := syscall.Mmap(d.fd, 0, sz, syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_SHARED) + buf, err := unix.Mmap(d.fd, 0, sz, unix.PROT_READ|unix.PROT_WRITE, unix.MAP_SHARED) if err != nil { - return nil, fmt.Errorf("syscall.Mmap(...,0, %v, ...) failed = %v", sz, err) + return nil, fmt.Errorf("unix.Mmap(...,0, %v, ...) failed = %v", sz, err) } d.ringBuffer = buf return d, nil } func setsockopt(fd, level, name int, val unsafe.Pointer, vallen uintptr) error { - if _, _, errno := syscall.Syscall6(syscall.SYS_SETSOCKOPT, uintptr(fd), uintptr(level), uintptr(name), uintptr(val), vallen, 0); errno != 0 { + if _, _, errno := unix.Syscall6(unix.SYS_SETSOCKOPT, uintptr(fd), uintptr(level), uintptr(name), uintptr(val), vallen, 0); errno != 0 { return error(errno) } diff --git a/pkg/tcpip/link/fdbased/packet_dispatchers.go b/pkg/tcpip/link/fdbased/packet_dispatchers.go index ecae1ad2d..736871d1c 100644 --- a/pkg/tcpip/link/fdbased/packet_dispatchers.go +++ b/pkg/tcpip/link/fdbased/packet_dispatchers.go @@ -17,8 +17,7 @@ package fdbased import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/tcpip" "gvisor.dev/gvisor/pkg/tcpip/buffer" "gvisor.dev/gvisor/pkg/tcpip/header" @@ -38,7 +37,7 @@ type iovecBuffer struct { // (skipsVnetHdr) then the first iovec points to a buffer for the vnet header // which is stripped before the views are passed up the stack for further // processing. - iovecs []syscall.Iovec + iovecs []unix.Iovec // sizes is an array of buffer sizes for the underlying views. sizes is // immutable. @@ -58,18 +57,18 @@ func newIovecBuffer(sizes []int, skipsVnetHdr bool) *iovecBuffer { if b.skipsVnetHdr { niov++ } - b.iovecs = make([]syscall.Iovec, niov) + b.iovecs = make([]unix.Iovec, niov) return b } -func (b *iovecBuffer) nextIovecs() []syscall.Iovec { +func (b *iovecBuffer) nextIovecs() []unix.Iovec { vnetHdrOff := 0 if b.skipsVnetHdr { var vnetHdr [virtioNetHdrSize]byte // The kernel adds virtioNetHdr before each packet, but // we don't use it, so so we allocate a buffer for it, // add it in iovecs but don't add it in a view. - b.iovecs[0] = syscall.Iovec{ + b.iovecs[0] = unix.Iovec{ Base: &vnetHdr[0], Len: uint64(virtioNetHdrSize), } @@ -81,7 +80,7 @@ func (b *iovecBuffer) nextIovecs() []syscall.Iovec { } v := buffer.NewView(b.sizes[i]) b.views[i] = v - b.iovecs[i+vnetHdrOff] = syscall.Iovec{ + b.iovecs[i+vnetHdrOff] = unix.Iovec{ Base: &v[0], Len: uint64(len(v)), } @@ -200,7 +199,7 @@ type recvMMsgDispatcher struct { // msgHdrs is an array of MMsgHdr objects where each MMsghdr is used to // reference an array of iovecs in the iovecs field defined above. This // array is passed as the parameter to recvmmsg call to retrieve - // potentially more than 1 packet per syscall. + // potentially more than 1 packet per unix. msgHdrs []rawfile.MMsgHdr } diff --git a/pkg/tcpip/link/rawfile/blockingpoll_noyield_unsafe.go b/pkg/tcpip/link/rawfile/blockingpoll_noyield_unsafe.go index 621ab8d29..2206fe0e6 100644 --- a/pkg/tcpip/link/rawfile/blockingpoll_noyield_unsafe.go +++ b/pkg/tcpip/link/rawfile/blockingpoll_noyield_unsafe.go @@ -17,14 +17,15 @@ package rawfile import ( - "syscall" "unsafe" + + "golang.org/x/sys/unix" ) // BlockingPoll is just a stub function that forwards to the ppoll() system call // on non-amd64 and non-arm64 platforms. -func BlockingPoll(fds *PollEvent, nfds int, timeout *syscall.Timespec) (int, syscall.Errno) { - n, _, e := syscall.Syscall6(syscall.SYS_PPOLL, uintptr(unsafe.Pointer(fds)), +func BlockingPoll(fds *PollEvent, nfds int, timeout *unix.Timespec) (int, unix.Errno) { + n, _, e := unix.Syscall6(unix.SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), 0, 0, 0) return int(n), e diff --git a/pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go b/pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go index 7f238102e..5002245a1 100644 --- a/pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go +++ b/pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go @@ -21,8 +21,9 @@ package rawfile import ( - "syscall" _ "unsafe" // for go:linkname + + "golang.org/x/sys/unix" ) // BlockingPoll on amd64/arm64 makes the ppoll() syscall while calling the @@ -32,7 +33,7 @@ import ( // call. // //go:noescape -func BlockingPoll(fds *PollEvent, nfds int, timeout *syscall.Timespec) (int, syscall.Errno) +func BlockingPoll(fds *PollEvent, nfds int, timeout *unix.Timespec) (int, unix.Errno) // Use go:linkname to call into the runtime. As of Go 1.12 this has to // be done from Go code so that we make an ABIInternal call to an diff --git a/pkg/tcpip/link/rawfile/errors.go b/pkg/tcpip/link/rawfile/errors.go index 406b97709..9743e70ea 100644 --- a/pkg/tcpip/link/rawfile/errors.go +++ b/pkg/tcpip/link/rawfile/errors.go @@ -17,8 +17,7 @@ package rawfile import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/tcpip" ) @@ -29,47 +28,47 @@ const maxErrno = 134 // // Valid, but unrecognized errnos will be translated to // *tcpip.ErrInvalidEndpointState (EINVAL). -func TranslateErrno(e syscall.Errno) tcpip.Error { +func TranslateErrno(e unix.Errno) tcpip.Error { switch e { - case syscall.EEXIST: + case unix.EEXIST: return &tcpip.ErrDuplicateAddress{} - case syscall.ENETUNREACH: + case unix.ENETUNREACH: return &tcpip.ErrNoRoute{} - case syscall.EINVAL: + case unix.EINVAL: return &tcpip.ErrInvalidEndpointState{} - case syscall.EALREADY: + case unix.EALREADY: return &tcpip.ErrAlreadyConnecting{} - case syscall.EISCONN: + case unix.EISCONN: return &tcpip.ErrAlreadyConnected{} - case syscall.EADDRINUSE: + case unix.EADDRINUSE: return &tcpip.ErrPortInUse{} - case syscall.EADDRNOTAVAIL: + case unix.EADDRNOTAVAIL: return &tcpip.ErrBadLocalAddress{} - case syscall.EPIPE: + case unix.EPIPE: return &tcpip.ErrClosedForSend{} - case syscall.EWOULDBLOCK: + case unix.EWOULDBLOCK: return &tcpip.ErrWouldBlock{} - case syscall.ECONNREFUSED: + case unix.ECONNREFUSED: return &tcpip.ErrConnectionRefused{} - case syscall.ETIMEDOUT: + case unix.ETIMEDOUT: return &tcpip.ErrTimeout{} - case syscall.EINPROGRESS: + case unix.EINPROGRESS: return &tcpip.ErrConnectStarted{} - case syscall.EDESTADDRREQ: + case unix.EDESTADDRREQ: return &tcpip.ErrDestinationRequired{} - case syscall.ENOTSUP: + case unix.ENOTSUP: return &tcpip.ErrNotSupported{} - case syscall.ENOTTY: + case unix.ENOTTY: return &tcpip.ErrQueueSizeNotSupported{} - case syscall.ENOTCONN: + case unix.ENOTCONN: return &tcpip.ErrNotConnected{} - case syscall.ECONNRESET: + case unix.ECONNRESET: return &tcpip.ErrConnectionReset{} - case syscall.ECONNABORTED: + case unix.ECONNABORTED: return &tcpip.ErrConnectionAborted{} - case syscall.EMSGSIZE: + case unix.EMSGSIZE: return &tcpip.ErrMessageTooLong{} - case syscall.ENOBUFS: + case unix.ENOBUFS: return &tcpip.ErrNoBufferSpace{} default: return &tcpip.ErrInvalidEndpointState{} diff --git a/pkg/tcpip/link/rawfile/rawfile_unsafe.go b/pkg/tcpip/link/rawfile/rawfile_unsafe.go index 06f3ee21e..ba92aedbc 100644 --- a/pkg/tcpip/link/rawfile/rawfile_unsafe.go +++ b/pkg/tcpip/link/rawfile/rawfile_unsafe.go @@ -19,7 +19,6 @@ package rawfile import ( - "syscall" "unsafe" "golang.org/x/sys/unix" @@ -28,12 +27,12 @@ import ( // GetMTU determines the MTU of a network interface device. func GetMTU(name string) (uint32, error) { - fd, err := syscall.Socket(syscall.AF_UNIX, syscall.SOCK_DGRAM, 0) + fd, err := unix.Socket(unix.AF_UNIX, unix.SOCK_DGRAM, 0) if err != nil { return 0, err } - defer syscall.Close(fd) + defer unix.Close(fd) var ifreq struct { name [16]byte @@ -42,7 +41,7 @@ func GetMTU(name string) (uint32, error) { } copy(ifreq.name[:], name) - _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), syscall.SIOCGIFMTU, uintptr(unsafe.Pointer(&ifreq))) + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), unix.SIOCGIFMTU, uintptr(unsafe.Pointer(&ifreq))) if errno != 0 { return 0, errno } @@ -58,7 +57,7 @@ func NonBlockingWrite(fd int, buf []byte) tcpip.Error { ptr = unsafe.Pointer(&buf[0]) } - _, _, e := syscall.RawSyscall(syscall.SYS_WRITE, uintptr(fd), uintptr(ptr), uintptr(len(buf))) + _, _, e := unix.RawSyscall(unix.SYS_WRITE, uintptr(fd), uintptr(ptr), uintptr(len(buf))) if e != 0 { return TranslateErrno(e) } @@ -66,11 +65,11 @@ func NonBlockingWrite(fd int, buf []byte) tcpip.Error { return nil } -// NonBlockingWriteIovec writes iovec to a file descriptor in a single syscall. +// NonBlockingWriteIovec writes iovec to a file descriptor in a single unix. // It fails if partial data is written. -func NonBlockingWriteIovec(fd int, iovec []syscall.Iovec) tcpip.Error { +func NonBlockingWriteIovec(fd int, iovec []unix.Iovec) tcpip.Error { iovecLen := uintptr(len(iovec)) - _, _, e := syscall.RawSyscall(syscall.SYS_WRITEV, uintptr(fd), uintptr(unsafe.Pointer(&iovec[0])), iovecLen) + _, _, e := unix.RawSyscall(unix.SYS_WRITEV, uintptr(fd), uintptr(unsafe.Pointer(&iovec[0])), iovecLen) if e != 0 { return TranslateErrno(e) } @@ -79,7 +78,7 @@ func NonBlockingWriteIovec(fd int, iovec []syscall.Iovec) tcpip.Error { // NonBlockingSendMMsg sends multiple messages on a socket. func NonBlockingSendMMsg(fd int, msgHdrs []MMsgHdr) (int, tcpip.Error) { - n, _, e := syscall.RawSyscall6(unix.SYS_SENDMMSG, uintptr(fd), uintptr(unsafe.Pointer(&msgHdrs[0])), uintptr(len(msgHdrs)), syscall.MSG_DONTWAIT, 0, 0) + n, _, e := unix.RawSyscall6(unix.SYS_SENDMMSG, uintptr(fd), uintptr(unsafe.Pointer(&msgHdrs[0])), uintptr(len(msgHdrs)), unix.MSG_DONTWAIT, 0, 0) if e != 0 { return 0, TranslateErrno(e) } @@ -99,7 +98,7 @@ type PollEvent struct { // descriptor becomes readable. func BlockingRead(fd int, b []byte) (int, tcpip.Error) { for { - n, _, e := syscall.RawSyscall(syscall.SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(&b[0])), uintptr(len(b))) + n, _, e := unix.RawSyscall(unix.SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(&b[0])), uintptr(len(b))) if e == 0 { return int(n), nil } @@ -110,7 +109,7 @@ func BlockingRead(fd int, b []byte) (int, tcpip.Error) { } _, e = BlockingPoll(&event, 1, nil) - if e != 0 && e != syscall.EINTR { + if e != 0 && e != unix.EINTR { return 0, TranslateErrno(e) } } @@ -119,9 +118,9 @@ func BlockingRead(fd int, b []byte) (int, tcpip.Error) { // BlockingReadv reads from a file descriptor that is set up as non-blocking and // stores the data in a list of iovecs buffers. If no data is available, it will // block in a poll() syscall until the file descriptor becomes readable. -func BlockingReadv(fd int, iovecs []syscall.Iovec) (int, tcpip.Error) { +func BlockingReadv(fd int, iovecs []unix.Iovec) (int, tcpip.Error) { for { - n, _, e := syscall.RawSyscall(syscall.SYS_READV, uintptr(fd), uintptr(unsafe.Pointer(&iovecs[0])), uintptr(len(iovecs))) + n, _, e := unix.RawSyscall(unix.SYS_READV, uintptr(fd), uintptr(unsafe.Pointer(&iovecs[0])), uintptr(len(iovecs))) if e == 0 { return int(n), nil } @@ -132,7 +131,7 @@ func BlockingReadv(fd int, iovecs []syscall.Iovec) (int, tcpip.Error) { } _, e = BlockingPoll(&event, 1, nil) - if e != 0 && e != syscall.EINTR { + if e != 0 && e != unix.EINTR { return 0, TranslateErrno(e) } } @@ -140,7 +139,7 @@ func BlockingReadv(fd int, iovecs []syscall.Iovec) (int, tcpip.Error) { // MMsgHdr represents the mmsg_hdr structure required by recvmmsg() on linux. type MMsgHdr struct { - Msg syscall.Msghdr + Msg unix.Msghdr Len uint32 _ [4]byte } @@ -151,7 +150,7 @@ type MMsgHdr struct { // becomes readable. func BlockingRecvMMsg(fd int, msgHdrs []MMsgHdr) (int, tcpip.Error) { for { - n, _, e := syscall.RawSyscall6(syscall.SYS_RECVMMSG, uintptr(fd), uintptr(unsafe.Pointer(&msgHdrs[0])), uintptr(len(msgHdrs)), syscall.MSG_DONTWAIT, 0, 0) + n, _, e := unix.RawSyscall6(unix.SYS_RECVMMSG, uintptr(fd), uintptr(unsafe.Pointer(&msgHdrs[0])), uintptr(len(msgHdrs)), unix.MSG_DONTWAIT, 0, 0) if e == 0 { return int(n), nil } @@ -161,7 +160,7 @@ func BlockingRecvMMsg(fd int, msgHdrs []MMsgHdr) (int, tcpip.Error) { Events: 1, // POLLIN } - if _, e := BlockingPoll(&event, 1, nil); e != 0 && e != syscall.EINTR { + if _, e := BlockingPoll(&event, 1, nil); e != 0 && e != unix.EINTR { return 0, TranslateErrno(e) } } diff --git a/pkg/tcpip/link/sharedmem/rx.go b/pkg/tcpip/link/sharedmem/rx.go index eec11e4cb..8e6f3e5e3 100644 --- a/pkg/tcpip/link/sharedmem/rx.go +++ b/pkg/tcpip/link/sharedmem/rx.go @@ -18,8 +18,8 @@ package sharedmem import ( "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/tcpip/link/rawfile" "gvisor.dev/gvisor/pkg/tcpip/link/sharedmem/queue" ) @@ -46,43 +46,43 @@ func (r *rx) init(mtu uint32, c *QueueConfig) error { rxPipe, err := getBuffer(c.RxPipeFD) if err != nil { - syscall.Munmap(txPipe) + unix.Munmap(txPipe) return err } data, err := getBuffer(c.DataFD) if err != nil { - syscall.Munmap(txPipe) - syscall.Munmap(rxPipe) + unix.Munmap(txPipe) + unix.Munmap(rxPipe) return err } sharedData, err := getBuffer(c.SharedDataFD) if err != nil { - syscall.Munmap(txPipe) - syscall.Munmap(rxPipe) - syscall.Munmap(data) + unix.Munmap(txPipe) + unix.Munmap(rxPipe) + unix.Munmap(data) return err } // Duplicate the eventFD so that caller can close it but we can still // use it. - efd, err := syscall.Dup(c.EventFD) + efd, err := unix.Dup(c.EventFD) if err != nil { - syscall.Munmap(txPipe) - syscall.Munmap(rxPipe) - syscall.Munmap(data) - syscall.Munmap(sharedData) + unix.Munmap(txPipe) + unix.Munmap(rxPipe) + unix.Munmap(data) + unix.Munmap(sharedData) return err } // Set the eventfd as non-blocking. - if err := syscall.SetNonblock(efd, true); err != nil { - syscall.Munmap(txPipe) - syscall.Munmap(rxPipe) - syscall.Munmap(data) - syscall.Munmap(sharedData) - syscall.Close(efd) + if err := unix.SetNonblock(efd, true); err != nil { + unix.Munmap(txPipe) + unix.Munmap(rxPipe) + unix.Munmap(data) + unix.Munmap(sharedData) + unix.Close(efd) return err } @@ -99,12 +99,12 @@ func (r *rx) init(mtu uint32, c *QueueConfig) error { // called if init() has previously succeeded. func (r *rx) cleanup() { a, b := r.q.Bytes() - syscall.Munmap(a) - syscall.Munmap(b) + unix.Munmap(a) + unix.Munmap(b) - syscall.Munmap(r.data) - syscall.Munmap(r.sharedData) - syscall.Close(r.eventFD) + unix.Munmap(r.data) + unix.Munmap(r.sharedData) + unix.Close(r.eventFD) } // postAndReceive posts the provided buffers (if any), and then tries to read diff --git a/pkg/tcpip/link/sharedmem/sharedmem.go b/pkg/tcpip/link/sharedmem/sharedmem.go index 2599bc406..d8d0b16b2 100644 --- a/pkg/tcpip/link/sharedmem/sharedmem.go +++ b/pkg/tcpip/link/sharedmem/sharedmem.go @@ -24,8 +24,8 @@ package sharedmem import ( "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/sync" "gvisor.dev/gvisor/pkg/tcpip" @@ -118,7 +118,7 @@ func (e *endpoint) Close() { // Tell dispatch goroutine to stop, then write to the eventfd so that // it wakes up in case it's sleeping. atomic.StoreUint32(&e.stopRequested, 1) - syscall.Write(e.rx.eventFD, []byte{1, 0, 0, 0, 0, 0, 0, 0}) + unix.Write(e.rx.eventFD, []byte{1, 0, 0, 0, 0, 0, 0, 0}) // Cleanup the queues inline if the worker hasn't started yet; we also // know it won't start from now on because stopRequested is set to 1. diff --git a/pkg/tcpip/link/sharedmem/tx.go b/pkg/tcpip/link/sharedmem/tx.go index 44f421c2d..e3210051f 100644 --- a/pkg/tcpip/link/sharedmem/tx.go +++ b/pkg/tcpip/link/sharedmem/tx.go @@ -16,8 +16,8 @@ package sharedmem import ( "math" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/tcpip/buffer" "gvisor.dev/gvisor/pkg/tcpip/link/sharedmem/queue" ) @@ -48,14 +48,14 @@ func (t *tx) init(mtu uint32, c *QueueConfig) error { rxPipe, err := getBuffer(c.RxPipeFD) if err != nil { - syscall.Munmap(txPipe) + unix.Munmap(txPipe) return err } data, err := getBuffer(c.DataFD) if err != nil { - syscall.Munmap(txPipe) - syscall.Munmap(rxPipe) + unix.Munmap(txPipe) + unix.Munmap(rxPipe) return err } @@ -72,9 +72,9 @@ func (t *tx) init(mtu uint32, c *QueueConfig) error { // called if init() has previously succeeded. func (t *tx) cleanup() { a, b := t.q.Bytes() - syscall.Munmap(a) - syscall.Munmap(b) - syscall.Munmap(t.data) + unix.Munmap(a) + unix.Munmap(b) + unix.Munmap(t.data) } // transmit sends a packet made of bufs. Returns a boolean that specifies @@ -145,17 +145,17 @@ func (t *tx) transmit(bufs ...buffer.View) bool { // getBuffer returns a memory region mapped to the full contents of the given // file descriptor. func getBuffer(fd int) ([]byte, error) { - var s syscall.Stat_t - if err := syscall.Fstat(fd, &s); err != nil { + var s unix.Stat_t + if err := unix.Fstat(fd, &s); err != nil { return nil, err } // Check that size doesn't overflow an int. if s.Size > int64(^uint(0)>>1) { - return nil, syscall.EDOM + return nil, unix.EDOM } - return syscall.Mmap(fd, 0, int(s.Size), syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_SHARED|syscall.MAP_FILE) + return unix.Mmap(fd, 0, int(s.Size), unix.PROT_READ|unix.PROT_WRITE, unix.MAP_SHARED|unix.MAP_FILE) } // idDescriptor is used by idManager to either point to a tx buffer (in case diff --git a/pkg/tcpip/link/tun/tun_unsafe.go b/pkg/tcpip/link/tun/tun_unsafe.go index 09ca9b527..0591fbd63 100644 --- a/pkg/tcpip/link/tun/tun_unsafe.go +++ b/pkg/tcpip/link/tun/tun_unsafe.go @@ -18,24 +18,25 @@ package tun import ( - "syscall" "unsafe" + + "golang.org/x/sys/unix" ) // Open opens the specified TUN device, sets it to non-blocking mode, and // returns its file descriptor. func Open(name string) (int, error) { - return open(name, syscall.IFF_TUN|syscall.IFF_NO_PI) + return open(name, unix.IFF_TUN|unix.IFF_NO_PI) } // OpenTAP opens the specified TAP device, sets it to non-blocking mode, and // returns its file descriptor. func OpenTAP(name string) (int, error) { - return open(name, syscall.IFF_TAP|syscall.IFF_NO_PI) + return open(name, unix.IFF_TAP|unix.IFF_NO_PI) } func open(name string, flags uint16) (int, error) { - fd, err := syscall.Open("/dev/net/tun", syscall.O_RDWR, 0) + fd, err := unix.Open("/dev/net/tun", unix.O_RDWR, 0) if err != nil { return -1, err } @@ -48,14 +49,14 @@ func open(name string, flags uint16) (int, error) { copy(ifr.name[:], name) ifr.flags = flags - _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), syscall.TUNSETIFF, uintptr(unsafe.Pointer(&ifr))) + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), unix.TUNSETIFF, uintptr(unsafe.Pointer(&ifr))) if errno != 0 { - syscall.Close(fd) + unix.Close(fd) return -1, errno } - if err = syscall.SetNonblock(fd, true); err != nil { - syscall.Close(fd) + if err = unix.SetNonblock(fd, true); err != nil { + unix.Close(fd) return -1, err } diff --git a/pkg/unet/unet.go b/pkg/unet/unet.go index 22dd40f21..40fa72925 100644 --- a/pkg/unet/unet.go +++ b/pkg/unet/unet.go @@ -21,8 +21,8 @@ package unet import ( "errors" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/sync" ) @@ -39,15 +39,15 @@ var errMessageTruncated = errors.New("message truncated") // socketType returns the appropriate type. func socketType(packet bool) int { if packet { - return syscall.SOCK_SEQPACKET + return unix.SOCK_SEQPACKET } - return syscall.SOCK_STREAM + return unix.SOCK_STREAM } // socket creates a new host socket. func socket(packet bool) (int, error) { // Make a new socket. - fd, err := syscall.Socket(syscall.AF_UNIX, socketType(packet), 0) + fd, err := unix.Socket(unix.AF_UNIX, socketType(packet), 0) if err != nil { return 0, err } @@ -57,7 +57,7 @@ func socket(packet bool) (int, error) { // eventFD returns a new event FD with initial value 0. func eventFD() (int, error) { - f, _, e := syscall.Syscall(syscall.SYS_EVENTFD2, 0, 0, 0) + f, _, e := unix.Syscall(unix.SYS_EVENTFD2, 0, 0, 0) if e != 0 { return -1, e } @@ -89,9 +89,9 @@ type Socket struct { // // NewSocket takes ownership of fd. func NewSocket(fd int) (*Socket, error) { - // fd must be non-blocking for non-blocking syscall.Accept in + // fd must be non-blocking for non-blocking unix.Accept in // ServerSocket.Accept. - if err := syscall.SetNonblock(fd, true); err != nil { + if err := unix.SetNonblock(fd, true); err != nil { return nil, err } @@ -112,14 +112,14 @@ func (s *Socket) finish() error { // Signal any blocked or future polls. // // N.B. eventfd writes must be 8 bytes. - if _, err := syscall.Write(s.efd, []byte{1, 0, 0, 0, 0, 0, 0, 0}); err != nil { + if _, err := unix.Write(s.efd, []byte{1, 0, 0, 0, 0, 0, 0, 0}); err != nil { return err } // Close the gate, blocking until all FD users leave. s.gate.Close() - return syscall.Close(s.efd) + return unix.Close(s.efd) } // Close closes the socket. @@ -129,7 +129,7 @@ func (s *Socket) Close() error { fd := int(atomic.SwapInt32(&s.fd, -1)) if fd < 0 { // Already closed or closing. - return syscall.EBADF + return unix.EBADF } // Shutdown the socket to cancel any pending accepts. @@ -139,7 +139,7 @@ func (s *Socket) Close() error { return err } - return syscall.Close(fd) + return unix.Close(fd) } // Release releases ownership of the socket FD. @@ -153,7 +153,7 @@ func (s *Socket) Release() (int, error) { fd := int(atomic.SwapInt32(&s.fd, -1)) if fd < 0 { // Already closed or closing. - return -1, syscall.EBADF + return -1, unix.EBADF } if err := s.finish(); err != nil { @@ -201,7 +201,7 @@ func (s *Socket) enterFD() (int, bool) { // SocketPair creates a pair of connected sockets. func SocketPair(packet bool) (*Socket, *Socket, error) { // Make a new pair. - fds, err := syscall.Socketpair(syscall.AF_UNIX, socketType(packet)|syscall.SOCK_CLOEXEC, 0) + fds, err := unix.Socketpair(unix.AF_UNIX, socketType(packet)|unix.SOCK_CLOEXEC, 0) if err != nil { return nil, nil, err } @@ -216,15 +216,15 @@ func SocketPair(packet bool) (*Socket, *Socket, error) { var race int32 a, err := NewSocket(fds[0]) if err != nil { - syscall.Close(fds[0]) - syscall.Close(fds[1]) + unix.Close(fds[0]) + unix.Close(fds[1]) return nil, nil, err } a.race = &race b, err := NewSocket(fds[1]) if err != nil { a.Close() - syscall.Close(fds[1]) + unix.Close(fds[1]) return nil, nil, err } b.race = &race @@ -239,9 +239,9 @@ func Connect(addr string, packet bool) (*Socket, error) { } // Connect the socket. - usa := &syscall.SockaddrUnix{Name: addr} - if err := syscall.Connect(fd, usa); err != nil { - syscall.Close(fd) + usa := &unix.SockaddrUnix{Name: addr} + if err := unix.Connect(fd, usa); err != nil { + unix.Close(fd) return nil, err } @@ -260,20 +260,20 @@ type ControlMessage []byte // // This must be called prior to ReadVec if you want to receive FDs. func (c *ControlMessage) EnableFDs(count int) { - *c = make([]byte, syscall.CmsgSpace(count*4)) + *c = make([]byte, unix.CmsgSpace(count*4)) } // ExtractFDs returns the list of FDs in the control message. // // Either this or CloseFDs should be used after EnableFDs. func (c *ControlMessage) ExtractFDs() ([]int, error) { - msgs, err := syscall.ParseSocketControlMessage(*c) + msgs, err := unix.ParseSocketControlMessage(*c) if err != nil { return nil, err } var fds []int for _, msg := range msgs { - thisFds, err := syscall.ParseUnixRights(&msg) + thisFds, err := unix.ParseUnixRights(&msg) if err != nil { // Different control message. return nil, err @@ -294,7 +294,7 @@ func (c *ControlMessage) CloseFDs() { fds, _ := c.ExtractFDs() for _, fd := range fds { if fd >= 0 { - syscall.Close(fd) + unix.Close(fd) } } } @@ -303,7 +303,7 @@ func (c *ControlMessage) CloseFDs() { // // This must be used prior to WriteVec. func (c *ControlMessage) PackFDs(fds ...int) { - *c = ControlMessage(syscall.UnixRights(fds...)) + *c = ControlMessage(unix.UnixRights(fds...)) } // UnpackFDs clears the control message. @@ -338,7 +338,7 @@ func (s *Socket) Write(p []byte) (int, error) { func (s *Socket) GetSockOpt(level int, name int, b []byte) (uint32, error) { fd, ok := s.enterFD() if !ok { - return 0, syscall.EBADF + return 0, unix.EBADF } defer s.gate.Leave() @@ -349,7 +349,7 @@ func (s *Socket) GetSockOpt(level int, name int, b []byte) (uint32, error) { func (s *Socket) SetSockOpt(level, name int, b []byte) error { fd, ok := s.enterFD() if !ok { - return syscall.EBADF + return unix.EBADF } defer s.gate.Leave() @@ -360,12 +360,12 @@ func (s *Socket) SetSockOpt(level, name int, b []byte) error { func (s *Socket) GetSockName() ([]byte, error) { fd, ok := s.enterFD() if !ok { - return nil, syscall.EBADF + return nil, unix.EBADF } defer s.gate.Leave() var buf []byte - l := syscall.SizeofSockaddrAny + l := unix.SizeofSockaddrAny for { // If the buffer is not large enough, allocate a new one with the hint. @@ -385,12 +385,12 @@ func (s *Socket) GetSockName() ([]byte, error) { func (s *Socket) GetPeerName() ([]byte, error) { fd, ok := s.enterFD() if !ok { - return nil, syscall.EBADF + return nil, unix.EBADF } defer s.gate.Leave() var buf []byte - l := syscall.SizeofSockaddrAny + l := unix.SizeofSockaddrAny for { // See above. @@ -407,14 +407,14 @@ func (s *Socket) GetPeerName() ([]byte, error) { } // GetPeerCred returns the peer's unix credentials. -func (s *Socket) GetPeerCred() (*syscall.Ucred, error) { +func (s *Socket) GetPeerCred() (*unix.Ucred, error) { fd, ok := s.enterFD() if !ok { - return nil, syscall.EBADF + return nil, unix.EBADF } defer s.gate.Leave() - return syscall.GetsockoptUcred(fd, syscall.SOL_SOCKET, syscall.SO_PEERCRED) + return unix.GetsockoptUcred(fd, unix.SOL_SOCKET, unix.SO_PEERCRED) } // SocketReader wraps an individual receive operation. @@ -445,14 +445,14 @@ func (s *Socket) Read(p []byte) (int, error) { func (s *Socket) shutdown(fd int) error { // Shutdown the socket to cancel any pending accepts. - return syscall.Shutdown(fd, syscall.SHUT_RDWR) + return unix.Shutdown(fd, unix.SHUT_RDWR) } // Shutdown closes the socket for read and write. func (s *Socket) Shutdown() error { fd, ok := s.enterFD() if !ok { - return syscall.EBADF + return unix.EBADF } defer s.gate.Leave() @@ -481,9 +481,9 @@ func Bind(addr string, packet bool) (*ServerSocket, error) { } // Do the bind. - usa := &syscall.SockaddrUnix{Name: addr} - if err := syscall.Bind(fd, usa); err != nil { - syscall.Close(fd) + usa := &unix.SockaddrUnix{Name: addr} + if err := unix.Bind(fd, usa); err != nil { + unix.Close(fd) return nil, err } @@ -510,11 +510,11 @@ func BindAndListen(addr string, packet bool) (*ServerSocket, error) { func (s *ServerSocket) Listen() error { fd, ok := s.socket.enterFD() if !ok { - return syscall.EBADF + return unix.EBADF } defer s.socket.gate.Leave() - return syscall.Listen(fd, backlog) + return unix.Listen(fd, backlog) } // Accept accepts a new connection. @@ -526,19 +526,19 @@ func (s *ServerSocket) Listen() error { func (s *ServerSocket) Accept() (*Socket, error) { fd, ok := s.socket.enterFD() if !ok { - return nil, syscall.EBADF + return nil, unix.EBADF } defer s.socket.gate.Leave() for { - nfd, _, err := syscall.Accept(fd) + nfd, _, err := unix.Accept(fd) switch err { case nil: return NewSocket(nfd) - case syscall.EAGAIN: + case unix.EAGAIN: err = s.socket.wait(false) if err == errClosing { - err = syscall.EBADF + err = unix.EBADF } } if err != nil { diff --git a/pkg/unet/unet_unsafe.go b/pkg/unet/unet_unsafe.go index 85ef46edf..f0bf93ddd 100644 --- a/pkg/unet/unet_unsafe.go +++ b/pkg/unet/unet_unsafe.go @@ -17,7 +17,6 @@ package unet import ( "io" "sync/atomic" - "syscall" "unsafe" "golang.org/x/sys/unix" @@ -52,8 +51,8 @@ func (s *Socket) wait(write bool) error { events[0].Events = unix.POLLOUT } - _, _, e := syscall.Syscall6(syscall.SYS_PPOLL, uintptr(unsafe.Pointer(&events[0])), 2, 0, 0, 0, 0) - if e == syscall.EINTR { + _, _, e := unix.Syscall6(unix.SYS_PPOLL, uintptr(unsafe.Pointer(&events[0])), 2, 0, 0, 0, 0) + if e == unix.EINTR { continue } if e != 0 { @@ -72,11 +71,11 @@ func (s *Socket) wait(write bool) error { // buildIovec builds an iovec slice from the given []byte slice. // // iovecs is used as an initial slice, to avoid excessive allocations. -func buildIovec(bufs [][]byte, iovecs []syscall.Iovec) ([]syscall.Iovec, int) { +func buildIovec(bufs [][]byte, iovecs []unix.Iovec) ([]unix.Iovec, int) { var length int for i := range bufs { if l := len(bufs[i]); l > 0 { - iovecs = append(iovecs, syscall.Iovec{ + iovecs = append(iovecs, unix.Iovec{ Base: &bufs[i][0], Len: uint64(l), }) @@ -93,9 +92,9 @@ func buildIovec(bufs [][]byte, iovecs []syscall.Iovec) ([]syscall.Iovec, int) { // This function is not guaranteed to read all available data, it // returns as soon as a single recvmsg call succeeds. func (r *SocketReader) ReadVec(bufs [][]byte) (int, error) { - iovecs, length := buildIovec(bufs, make([]syscall.Iovec, 0, 2)) + iovecs, length := buildIovec(bufs, make([]unix.Iovec, 0, 2)) - var msg syscall.Msghdr + var msg unix.Msghdr if len(r.source) != 0 { msg.Name = &r.source[0] msg.Namelen = uint32(len(r.source)) @@ -116,25 +115,25 @@ func (r *SocketReader) ReadVec(bufs [][]byte) (int, error) { fd, ok := r.socket.enterFD() if !ok { - return 0, syscall.EBADF + return 0, unix.EBADF } // Leave on returns below. for { - var e syscall.Errno + var e unix.Errno // Try a non-blocking recv first, so we don't give up the go runtime M. - n, _, e = syscall.RawSyscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), syscall.MSG_DONTWAIT|syscall.MSG_TRUNC) + n, _, e = unix.RawSyscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), unix.MSG_DONTWAIT|unix.MSG_TRUNC) if e == 0 { break } - if e == syscall.EINTR { + if e == unix.EINTR { continue } if !r.blocking { r.socket.gate.Leave() return 0, e } - if e != syscall.EAGAIN && e != syscall.EWOULDBLOCK { + if e != unix.EAGAIN && e != unix.EWOULDBLOCK { r.socket.gate.Leave() return 0, e } @@ -142,7 +141,7 @@ func (r *SocketReader) ReadVec(bufs [][]byte) (int, error) { // Wait for the socket to become readable. err := r.socket.wait(false) if err == errClosing { - err = syscall.EBADF + err = unix.EBADF } if err != nil { r.socket.gate.Leave() @@ -184,14 +183,14 @@ func (r *SocketReader) ReadVec(bufs [][]byte) (int, error) { // This function is not guaranteed to send all data, it returns // as soon as a single sendmsg call succeeds. func (w *SocketWriter) WriteVec(bufs [][]byte) (int, error) { - iovecs, _ := buildIovec(bufs, make([]syscall.Iovec, 0, 2)) + iovecs, _ := buildIovec(bufs, make([]unix.Iovec, 0, 2)) if w.race != nil { // See comments on Socket.race. atomic.AddInt32(w.race, 1) } - var msg syscall.Msghdr + var msg unix.Msghdr if len(w.to) != 0 { msg.Name = &w.to[0] msg.Namelen = uint32(len(w.to)) @@ -209,24 +208,24 @@ func (w *SocketWriter) WriteVec(bufs [][]byte) (int, error) { fd, ok := w.socket.enterFD() if !ok { - return 0, syscall.EBADF + return 0, unix.EBADF } // Leave on returns below. for { // Try a non-blocking send first, so we don't give up the go runtime M. - n, _, e := syscall.RawSyscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), syscall.MSG_DONTWAIT|syscall.MSG_NOSIGNAL) + n, _, e := unix.RawSyscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), unix.MSG_DONTWAIT|unix.MSG_NOSIGNAL) if e == 0 { w.socket.gate.Leave() return int(n), nil } - if e == syscall.EINTR { + if e == unix.EINTR { continue } if !w.blocking { w.socket.gate.Leave() return 0, e } - if e != syscall.EAGAIN && e != syscall.EWOULDBLOCK { + if e != unix.EAGAIN && e != unix.EWOULDBLOCK { w.socket.gate.Leave() return 0, e } @@ -234,7 +233,7 @@ func (w *SocketWriter) WriteVec(bufs [][]byte) (int, error) { // Wait for the socket to become writeable. err := w.socket.wait(true) if err == errClosing { - err = syscall.EBADF + err = unix.EBADF } if err != nil { w.socket.gate.Leave() @@ -244,10 +243,10 @@ func (w *SocketWriter) WriteVec(bufs [][]byte) (int, error) { // Unreachable, no s.gate.Leave needed. } -// getsockopt issues a getsockopt syscall. +// getsockopt issues a getsockopt unix. func getsockopt(fd int, level int, optname int, buf []byte) (uint32, error) { l := uint32(len(buf)) - _, _, e := syscall.RawSyscall6(syscall.SYS_GETSOCKOPT, uintptr(fd), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&l)), 0) + _, _, e := unix.RawSyscall6(unix.SYS_GETSOCKOPT, uintptr(fd), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&l)), 0) if e != 0 { return 0, e } @@ -255,9 +254,9 @@ func getsockopt(fd int, level int, optname int, buf []byte) (uint32, error) { return l, nil } -// setsockopt issues a setsockopt syscall. +// setsockopt issues a setsockopt unix. func setsockopt(fd int, level int, optname int, buf []byte) error { - _, _, e := syscall.RawSyscall6(syscall.SYS_SETSOCKOPT, uintptr(fd), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(&buf[0])), uintptr(len(buf)), 0) + _, _, e := unix.RawSyscall6(unix.SYS_SETSOCKOPT, uintptr(fd), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(&buf[0])), uintptr(len(buf)), 0) if e != 0 { return e } @@ -265,10 +264,10 @@ func setsockopt(fd int, level int, optname int, buf []byte) error { return nil } -// getsockname issues a getsockname syscall. +// getsockname issues a getsockname unix. func getsockname(fd int, buf []byte) (uint32, error) { l := uint32(len(buf)) - _, _, e := syscall.RawSyscall(syscall.SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&l))) + _, _, e := unix.RawSyscall(unix.SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&l))) if e != 0 { return 0, e } @@ -276,10 +275,10 @@ func getsockname(fd int, buf []byte) (uint32, error) { return l, nil } -// getpeername issues a getpeername syscall. +// getpeername issues a getpeername unix. func getpeername(fd int, buf []byte) (uint32, error) { l := uint32(len(buf)) - _, _, e := syscall.RawSyscall(syscall.SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&l))) + _, _, e := unix.RawSyscall(unix.SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&l))) if e != 0 { return 0, e } diff --git a/pkg/usermem/access_type.go b/pkg/usermem/access_type.go index 9c1742a59..2cfca29af 100644 --- a/pkg/usermem/access_type.go +++ b/pkg/usermem/access_type.go @@ -14,9 +14,7 @@ package usermem -import ( - "syscall" -) +import "golang.org/x/sys/unix" // AccessType specifies memory access types. This is used for // setting mapping permissions, as well as communicating faults. @@ -54,17 +52,17 @@ func (a AccessType) Any() bool { return a.Read || a.Write || a.Execute } -// Prot returns the system prot (syscall.PROT_READ, etc.) for this access. +// Prot returns the system prot (unix.PROT_READ, etc.) for this access. func (a AccessType) Prot() int { var prot int if a.Read { - prot |= syscall.PROT_READ + prot |= unix.PROT_READ } if a.Write { - prot |= syscall.PROT_WRITE + prot |= unix.PROT_WRITE } if a.Execute { - prot |= syscall.PROT_EXEC + prot |= unix.PROT_EXEC } return prot } diff --git a/pkg/usermem/usermem_arm64.go b/pkg/usermem/usermem_arm64.go index fdfc30a66..7e7529585 100644 --- a/pkg/usermem/usermem_arm64.go +++ b/pkg/usermem/usermem_arm64.go @@ -18,13 +18,14 @@ package usermem import ( "encoding/binary" - "syscall" + + "golang.org/x/sys/unix" ) const ( // PageSize is the system page size. // arm64 support 4K/16K/64K page size, - // which can be get by syscall.Getpagesize(). + // which can be get by unix.Getpagesize(). // Currently, only 4K page size is supported. PageSize = 1 << PageShift @@ -47,7 +48,7 @@ var ( func init() { // Make sure the page size is 4K on arm64 platform. - if size := syscall.Getpagesize(); size != PageSize { + if size := unix.Getpagesize(); size != PageSize { panic("Only 4K page size is supported on arm64!") } } |