Merge 69e0affa (automated)

9 files changed, 142 insertions, 6 deletions

diff --git a/pkg/sentry/platform/kvm/filters.go b/pkg/sentry/platform/kvm/filters.go
new file mode 100644
index 000000000..7d949f1dd
--- /dev/null
+++ b/pkg/sentry/platform/kvm/filters.go
@@ -0,0 +1,33 @@
+// Copyright 2019 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package kvm
+
+import (
+	"syscall"
+
+	"gvisor.dev/gvisor/pkg/seccomp"
+)
+
+// SyscallFilters returns syscalls made exclusively by the KVM platform.
+func (*KVM) SyscallFilters() seccomp.SyscallRules {
+	return seccomp.SyscallRules{
+		syscall.SYS_ARCH_PRCTL:      {},
+		syscall.SYS_IOCTL:           {},
+		syscall.SYS_MMAP:            {},
+		syscall.SYS_RT_SIGSUSPEND:   {},
+		syscall.SYS_RT_SIGTIMEDWAIT: {},
+		0xffffffffffffffff:          {}, // KVM uses syscall -1 to transition to host.
+	}
+}
diff --git a/pkg/sentry/platform/kvm/kvm.go b/pkg/sentry/platform/kvm/kvm.go
index b49d7f3c4..ee4cd2f4d 100644
--- a/pkg/sentry/platform/kvm/kvm.go
+++ b/pkg/sentry/platform/kvm/kvm.go
@@ -141,3 +141,17 @@ func (k *KVM) NewContext() platform.Context {
 		machine: k.machine,
 	}
 }
+
+type constructor struct{}
+
+func (*constructor) New(f *os.File) (platform.Platform, error) {
+	return New(f)
+}
+
+func (*constructor) OpenDevice() (*os.File, error) {
+	return OpenDevice()
+}
+
+func init() {
+	platform.Register("kvm", &constructor{})
+}
diff --git a/pkg/sentry/platform/kvm/machine.go b/pkg/sentry/platform/kvm/machine.go
index 7d92e16cc..679087e25 100644
--- a/pkg/sentry/platform/kvm/machine.go
+++ b/pkg/sentry/platform/kvm/machine.go
@@ -426,7 +426,12 @@ func (c *vCPU) unlock() {
 		// Normal state.
 	case vCPUUser | vCPUGuest | vCPUWaiter:
 		// Force a transition: this must trigger a notification when we
-		// return from guest mode.
+		// return from guest mode. We must clear vCPUWaiter here
+		// anyways, because BounceToKernel will force a transition only
+		// from ring3 to ring0, which will not clear this bit. Halt may
+		// workaround the issue, but if there is no exception or
+		// syscall in this period, BounceToKernel will hang.
+		atomicbitops.AndUint32(&c.state, ^vCPUWaiter)
 		c.notify()
 	case vCPUUser | vCPUWaiter:
 		// Waiting for the lock to be released; the responsibility is
diff --git a/pkg/sentry/platform/platform.go b/pkg/sentry/platform/platform.go
index eccbe2336..ec22dbf87 100644
--- a/pkg/sentry/platform/platform.go
+++ b/pkg/sentry/platform/platform.go
@@ -19,8 +19,10 @@ package platform
 
 import (
 	"fmt"
+	"os"
 
 	"gvisor.dev/gvisor/pkg/abi/linux"
+	"gvisor.dev/gvisor/pkg/seccomp"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 	"gvisor.dev/gvisor/pkg/sentry/safemem"
 	"gvisor.dev/gvisor/pkg/sentry/usermem"
@@ -93,6 +95,9 @@ type Platform interface {
 	// Platforms for which this does not hold may panic if PreemptAllCPUs is
 	// called.
 	PreemptAllCPUs() error
+
+	// SyscallFilters returns syscalls made exclusively by this platform.
+	SyscallFilters() seccomp.SyscallRules
 }
 
 // NoCPUPreemptionDetection implements Platform.DetectsCPUPreemption and
@@ -347,3 +352,26 @@ type File interface {
 func (fr FileRange) String() string {
 	return fmt.Sprintf("[%#x, %#x)", fr.Start, fr.End)
 }
+
+// Constructor represents a platform type.
+type Constructor interface {
+	New(deviceFile *os.File) (Platform, error)
+	OpenDevice() (*os.File, error)
+}
+
+// platforms contains all available platform types.
+var platforms = map[string]Constructor{}
+
+// Register registers a new platform type.
+func Register(name string, platform Constructor) {
+	platforms[name] = platform
+}
+
+// Lookup looks up the platform constructor by name.
+func Lookup(name string) (Constructor, error) {
+	p, ok := platforms[name]
+	if !ok {
+		return nil, fmt.Errorf("unknown platform: %v", name)
+	}
+	return p, nil
+}
diff --git a/pkg/sentry/platform/ptrace/filters.go b/pkg/sentry/platform/ptrace/filters.go
new file mode 100644
index 000000000..1e07cfd0d
--- /dev/null
+++ b/pkg/sentry/platform/ptrace/filters.go
@@ -0,0 +1,33 @@
+// Copyright 2019 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ptrace
+
+import (
+	"syscall"
+
+	"golang.org/x/sys/unix"
+	"gvisor.dev/gvisor/pkg/seccomp"
+)
+
+// SyscallFilters returns syscalls made exclusively by the ptrace platform.
+func (*PTrace) SyscallFilters() seccomp.SyscallRules {
+	return seccomp.SyscallRules{
+		unix.SYS_GETCPU:            {},
+		unix.SYS_SCHED_SETAFFINITY: {},
+		syscall.SYS_PTRACE:         {},
+		syscall.SYS_TGKILL:         {},
+		syscall.SYS_WAIT4:          {},
+	}
+}
diff --git a/pkg/sentry/platform/ptrace/ptrace.go b/pkg/sentry/platform/ptrace/ptrace.go
index ee7e0640c..6fd30ed25 100644
--- a/pkg/sentry/platform/ptrace/ptrace.go
+++ b/pkg/sentry/platform/ptrace/ptrace.go
@@ -45,6 +45,7 @@
 package ptrace
 
 import (
+	"os"
 	"sync"
 
 	"gvisor.dev/gvisor/pkg/abi/linux"
@@ -236,3 +237,17 @@ func (p *PTrace) NewAddressSpace(_ interface{}) (platform.AddressSpace, <-chan s
 func (*PTrace) NewContext() platform.Context {
 	return &context{}
 }
+
+type constructor struct{}
+
+func (*constructor) New(*os.File) (platform.Platform, error) {
+	return New()
+}
+
+func (*constructor) OpenDevice() (*os.File, error) {
+	return nil, nil
+}
+
+func init() {
+	platform.Register("ptrace", &constructor{})
+}
diff --git a/pkg/sentry/platform/ptrace/subprocess_linux.go b/pkg/sentry/platform/ptrace/subprocess_linux.go
index dc3475494..87ded0bbd 100644
--- a/pkg/sentry/platform/ptrace/subprocess_linux.go
+++ b/pkg/sentry/platform/ptrace/subprocess_linux.go
@@ -306,7 +306,7 @@ func (s *subprocess) createStub() (*thread, error) {
 		arch.SyscallArgument{Value: 0},
 		arch.SyscallArgument{Value: 0})
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("creating stub process: %v", err)
 	}
 
 	// Wait for child to enter group-stop, so we don't stop its
@@ -325,7 +325,7 @@ func (s *subprocess) createStub() (*thread, error) {
 		arch.SyscallArgument{Value: 0},
 		arch.SyscallArgument{Value: 0})
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("waiting on stub process: %v", err)
 	}
 
 	childT := &thread{
diff --git a/pkg/sentry/platform/ring0/defs_impl.go b/pkg/sentry/platform/ring0/defs_impl.go
index 8efc3825f..d4bfc5a4a 100755
--- a/pkg/sentry/platform/ring0/defs_impl.go
+++ b/pkg/sentry/platform/ring0/defs_impl.go
@@ -1,14 +1,14 @@
 package ring0
 
 import (
+	"syscall"
+
 	"fmt"
 	"gvisor.dev/gvisor/pkg/cpuid"
 	"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
+	"gvisor.dev/gvisor/pkg/sentry/usermem"
 	"io"
 	"reflect"
-	"syscall"
-
-	"gvisor.dev/gvisor/pkg/sentry/usermem"
 )
 
 var (
diff --git a/pkg/sentry/platform/ring0/kernel_amd64.go b/pkg/sentry/platform/ring0/kernel_amd64.go
index 3577b5127..0feff8778 100644
--- a/pkg/sentry/platform/ring0/kernel_amd64.go
+++ b/pkg/sentry/platform/ring0/kernel_amd64.go
@@ -70,6 +70,14 @@ func (c *CPU) init() {
 	c.tss.ist1Lo = uint32(stackAddr)
 	c.tss.ist1Hi = uint32(stackAddr >> 32)
 
+	// Set the I/O bitmap base address beyond the last byte in the TSS
+	// to block access to the entire I/O address range.
+	//
+	// From section 18.5.2 "I/O Permission Bit Map" from Intel SDM vol1:
+	// I/O addresses not spanned by the map are treated as if they had set
+	// bits in the map.
+	c.tss.ioPerm = tssLimit + 1
+
 	// Permanently set the kernel segments.
 	c.registers.Cs = uint64(Kcode)
 	c.registers.Ds = uint64(Kdata)