diff options
author | gVisor bot <gvisor-bot@google.com> | 2021-03-03 18:43:27 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-03-03 18:43:27 +0000 |
commit | aae5455fe381c4cbc956f61c971284ee05c52dfc (patch) | |
tree | 2b1cb0233968680dcd0374f20ee826cf311bda95 /pkg/sentry/socket/hostinet | |
parent | e2599d556573b05eb3714c1e791fa29431dc3d3f (diff) | |
parent | a9441aea2780da8c93da1c73da860219f98438de (diff) |
Merge release-20210301.0-5-ga9441aea2 (automated)
Diffstat (limited to 'pkg/sentry/socket/hostinet')
-rw-r--r-- | pkg/sentry/socket/hostinet/socket.go | 97 | ||||
-rw-r--r-- | pkg/sentry/socket/hostinet/socket_unsafe.go | 32 | ||||
-rw-r--r-- | pkg/sentry/socket/hostinet/socket_vfs2.go | 15 | ||||
-rw-r--r-- | pkg/sentry/socket/hostinet/stack.go | 47 |
4 files changed, 95 insertions, 96 deletions
diff --git a/pkg/sentry/socket/hostinet/socket.go b/pkg/sentry/socket/hostinet/socket.go index 17f59ba1f..c711d0684 100644 --- a/pkg/sentry/socket/hostinet/socket.go +++ b/pkg/sentry/socket/hostinet/socket.go @@ -16,7 +16,6 @@ package hostinet import ( "fmt" - "syscall" "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" @@ -45,10 +44,10 @@ const ( // sizeofSockaddr is the size in bytes of the largest sockaddr type // supported by this package. - sizeofSockaddr = syscall.SizeofSockaddrInet6 // sizeof(sockaddr_in6) > sizeof(sockaddr_in) + sizeofSockaddr = unix.SizeofSockaddrInet6 // sizeof(sockaddr_in6) > sizeof(sockaddr_in) // maxControlLen is the maximum size of a control message buffer used in a - // recvmsg or sendmsg syscall. + // recvmsg or sendmsg unix. maxControlLen = 1024 ) @@ -107,7 +106,7 @@ func newSocketFile(ctx context.Context, family int, stype linux.SockType, protoc // Release implements fs.FileOperations.Release. func (s *socketOpsCommon) Release(context.Context) { fdnotifier.RemoveFD(int32(s.fd)) - syscall.Close(s.fd) + unix.Close(s.fd) } // Readiness implements waiter.Waitable.Readiness. @@ -143,8 +142,8 @@ func (s *socketOperations) Read(ctx context.Context, _ *fs.File, dst usermem.IOS return 0, nil } if dsts.NumBlocks() == 1 { - // Skip allocating []syscall.Iovec. - n, err := syscall.Read(s.fd, dsts.Head().ToSlice()) + // Skip allocating []unix.Iovec. + n, err := unix.Read(s.fd, dsts.Head().ToSlice()) if err != nil { return 0, translateIOSyscallError(err) } @@ -166,8 +165,8 @@ func (s *socketOperations) Write(ctx context.Context, _ *fs.File, src usermem.IO return 0, nil } if srcs.NumBlocks() == 1 { - // Skip allocating []syscall.Iovec. - n, err := syscall.Write(s.fd, srcs.Head().ToSlice()) + // Skip allocating []unix.Iovec. + n, err := unix.Write(s.fd, srcs.Head().ToSlice()) if err != nil { return 0, translateIOSyscallError(err) } @@ -184,12 +183,12 @@ func (s *socketOpsCommon) Connect(t *kernel.Task, sockaddr []byte, blocking bool sockaddr = sockaddr[:sizeofSockaddr] } - _, _, errno := syscall.Syscall(syscall.SYS_CONNECT, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr))) + _, _, errno := unix.Syscall(unix.SYS_CONNECT, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr))) if errno == 0 { return nil } - if errno != syscall.EINPROGRESS || !blocking { + if errno != unix.EINPROGRESS || !blocking { return syserr.FromError(translateIOSyscallError(errno)) } @@ -208,12 +207,12 @@ func (s *socketOpsCommon) Connect(t *kernel.Task, sockaddr []byte, blocking bool return syserr.FromError(err) } } - val, err := syscall.GetsockoptInt(s.fd, syscall.SOL_SOCKET, syscall.SO_ERROR) + val, err := unix.GetsockoptInt(s.fd, unix.SOL_SOCKET, unix.SO_ERROR) if err != nil { return syserr.FromError(err) } if val != 0 { - return syserr.FromError(syscall.Errno(uintptr(val))) + return syserr.FromError(unix.Errno(uintptr(val))) } return nil } @@ -234,7 +233,7 @@ func (s *socketOpsCommon) Accept(t *kernel.Task, peerRequested bool, flags int, // Conservatively ignore all flags specified by the application and add // SOCK_NONBLOCK since socketOpsCommon requires it. - fd, syscallErr := accept4(s.fd, peerAddrPtr, peerAddrlenPtr, syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC) + fd, syscallErr := accept4(s.fd, peerAddrPtr, peerAddrlenPtr, unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC) if blocking { var ch chan struct{} for syscallErr == syserror.ErrWouldBlock { @@ -248,7 +247,7 @@ func (s *socketOpsCommon) Accept(t *kernel.Task, peerRequested bool, flags int, s.EventRegister(&e, waiter.EventIn) defer s.EventUnregister(&e) } - fd, syscallErr = accept4(s.fd, peerAddrPtr, peerAddrlenPtr, syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC) + fd, syscallErr = accept4(s.fd, peerAddrPtr, peerAddrlenPtr, unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC) } } @@ -264,27 +263,27 @@ func (s *socketOpsCommon) Accept(t *kernel.Task, peerRequested bool, flags int, kerr error ) if kernel.VFS2Enabled { - f, err := newVFS2Socket(t, s.family, s.stype, s.protocol, fd, uint32(flags&syscall.SOCK_NONBLOCK)) + f, err := newVFS2Socket(t, s.family, s.stype, s.protocol, fd, uint32(flags&unix.SOCK_NONBLOCK)) if err != nil { - syscall.Close(fd) + unix.Close(fd) return 0, nil, 0, err } defer f.DecRef(t) kfd, kerr = t.NewFDFromVFS2(0, f, kernel.FDFlags{ - CloseOnExec: flags&syscall.SOCK_CLOEXEC != 0, + CloseOnExec: flags&unix.SOCK_CLOEXEC != 0, }) t.Kernel().RecordSocketVFS2(f) } else { - f, err := newSocketFile(t, s.family, s.stype, s.protocol, fd, flags&syscall.SOCK_NONBLOCK != 0) + f, err := newSocketFile(t, s.family, s.stype, s.protocol, fd, flags&unix.SOCK_NONBLOCK != 0) if err != nil { - syscall.Close(fd) + unix.Close(fd) return 0, nil, 0, err } defer f.DecRef(t) kfd, kerr = t.NewFDFrom(0, f, kernel.FDFlags{ - CloseOnExec: flags&syscall.SOCK_CLOEXEC != 0, + CloseOnExec: flags&unix.SOCK_CLOEXEC != 0, }) t.Kernel().RecordSocket(f) } @@ -298,7 +297,7 @@ func (s *socketOpsCommon) Bind(t *kernel.Task, sockaddr []byte) *syserr.Error { sockaddr = sockaddr[:sizeofSockaddr] } - _, _, errno := syscall.Syscall(syscall.SYS_BIND, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr))) + _, _, errno := unix.Syscall(unix.SYS_BIND, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr))) if errno != 0 { return syserr.FromError(errno) } @@ -307,14 +306,14 @@ func (s *socketOpsCommon) Bind(t *kernel.Task, sockaddr []byte) *syserr.Error { // Listen implements socket.Socket.Listen. func (s *socketOpsCommon) Listen(t *kernel.Task, backlog int) *syserr.Error { - return syserr.FromError(syscall.Listen(s.fd, backlog)) + return syserr.FromError(unix.Listen(s.fd, backlog)) } // Shutdown implements socket.Socket.Shutdown. func (s *socketOpsCommon) Shutdown(t *kernel.Task, how int) *syserr.Error { switch how { - case syscall.SHUT_RD, syscall.SHUT_WR, syscall.SHUT_RDWR: - return syserr.FromError(syscall.Shutdown(s.fd, how)) + case unix.SHUT_RD, unix.SHUT_WR, unix.SHUT_RDWR: + return syserr.FromError(unix.Shutdown(s.fd, how)) default: return syserr.ErrInvalidArgument } @@ -344,7 +343,7 @@ func (s *socketOpsCommon) GetSockOpt(t *kernel.Task, level int, name int, outPtr case linux.SO_ERROR, linux.SO_KEEPALIVE, linux.SO_SNDBUF, linux.SO_RCVBUF, linux.SO_REUSEADDR, linux.SO_TIMESTAMP: optlen = sizeofInt32 case linux.SO_LINGER: - optlen = syscall.SizeofLinger + optlen = unix.SizeofLinger } case linux.SOL_TCP: switch name { @@ -407,18 +406,18 @@ func (s *socketOpsCommon) SetSockOpt(t *kernel.Task, level int, name int, opt [] } opt = opt[:optlen] - _, _, errno := syscall.Syscall6(syscall.SYS_SETSOCKOPT, uintptr(s.fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(len(opt)), 0) + _, _, errno := unix.Syscall6(unix.SYS_SETSOCKOPT, uintptr(s.fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(len(opt)), 0) if errno != 0 { return syserr.FromError(errno) } return nil } -func (s *socketOpsCommon) recvMsgFromHost(iovs []syscall.Iovec, flags int, senderRequested bool, controlLen uint64) (uint64, int, []byte, []byte, error) { +func (s *socketOpsCommon) recvMsgFromHost(iovs []unix.Iovec, flags int, senderRequested bool, controlLen uint64) (uint64, int, []byte, []byte, error) { // We always do a non-blocking recv*(). - sysflags := flags | syscall.MSG_DONTWAIT + sysflags := flags | unix.MSG_DONTWAIT - msg := syscall.Msghdr{} + msg := unix.Msghdr{} if len(iovs) > 0 { msg.Iov = &iovs[0] msg.Iovlen = uint64(len(iovs)) @@ -448,7 +447,7 @@ func (s *socketOpsCommon) recvMsgFromHost(iovs []syscall.Iovec, flags int, sende // RecvMsg implements socket.Socket.RecvMsg. func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags int, haveDeadline bool, deadline ktime.Time, senderRequested bool, controlLen uint64) (int, int, linux.SockAddr, uint32, socket.ControlMessages, *syserr.Error) { // Only allow known and safe flags. - if flags&^(syscall.MSG_DONTWAIT|syscall.MSG_PEEK|syscall.MSG_TRUNC|syscall.MSG_ERRQUEUE) != 0 { + if flags&^(unix.MSG_DONTWAIT|unix.MSG_PEEK|unix.MSG_TRUNC|unix.MSG_ERRQUEUE) != 0 { return 0, 0, nil, 0, socket.ControlMessages{}, syserr.ErrInvalidArgument } @@ -483,7 +482,7 @@ func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags var ch chan struct{} n, err := copyToDst() // recv*(MSG_ERRQUEUE) never blocks, even without MSG_DONTWAIT. - if flags&(syscall.MSG_DONTWAIT|syscall.MSG_ERRQUEUE) == 0 { + if flags&(unix.MSG_DONTWAIT|unix.MSG_ERRQUEUE) == 0 { for err == syserror.ErrWouldBlock { // We only expect blocking to come from the actual syscall, in which // case it can't have returned any data. @@ -547,7 +546,7 @@ func parseUnixControlMessages(unixControlMessages []unix.SocketControlMessage) s binary.Unmarshal(unixCmsg.Data[:addr.SizeBytes()], usermem.ByteOrder, &addr) controlMessages.IP.OriginalDstAddress = &addr - case syscall.IP_RECVERR: + case unix.IP_RECVERR: var errCmsg linux.SockErrCMsgIPv4 errCmsg.UnmarshalBytes(unixCmsg.Data) controlMessages.IP.SockErr = &errCmsg @@ -564,7 +563,7 @@ func parseUnixControlMessages(unixControlMessages []unix.SocketControlMessage) s binary.Unmarshal(unixCmsg.Data[:addr.SizeBytes()], usermem.ByteOrder, &addr) controlMessages.IP.OriginalDstAddress = &addr - case syscall.IPV6_RECVERR: + case unix.IPV6_RECVERR: var errCmsg linux.SockErrCMsgIPv6 errCmsg.UnmarshalBytes(unixCmsg.Data) controlMessages.IP.SockErr = &errCmsg @@ -584,7 +583,7 @@ func parseUnixControlMessages(unixControlMessages []unix.SocketControlMessage) s // SendMsg implements socket.Socket.SendMsg. func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []byte, flags int, haveDeadline bool, deadline ktime.Time, controlMessages socket.ControlMessages) (int, *syserr.Error) { // Only allow known and safe flags. - if flags&^(syscall.MSG_DONTWAIT|syscall.MSG_EOR|syscall.MSG_FASTOPEN|syscall.MSG_MORE|syscall.MSG_NOSIGNAL) != 0 { + if flags&^(unix.MSG_DONTWAIT|unix.MSG_EOR|unix.MSG_FASTOPEN|unix.MSG_MORE|unix.MSG_NOSIGNAL) != 0 { return 0, syserr.ErrInvalidArgument } @@ -606,12 +605,12 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b } // We always do a non-blocking send*(). - sysflags := flags | syscall.MSG_DONTWAIT + sysflags := flags | unix.MSG_DONTWAIT if srcs.NumBlocks() == 1 && len(controlBuf) == 0 { - // Skip allocating []syscall.Iovec. + // Skip allocating []unix.Iovec. src := srcs.Head() - n, _, errno := syscall.Syscall6(syscall.SYS_SENDTO, uintptr(s.fd), src.Addr(), uintptr(src.Len()), uintptr(sysflags), uintptr(firstBytePtr(to)), uintptr(len(to))) + n, _, errno := unix.Syscall6(unix.SYS_SENDTO, uintptr(s.fd), src.Addr(), uintptr(src.Len()), uintptr(sysflags), uintptr(firstBytePtr(to)), uintptr(len(to))) if errno != 0 { return 0, translateIOSyscallError(errno) } @@ -619,7 +618,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b } iovs := safemem.IovecsFromBlockSeq(srcs) - msg := syscall.Msghdr{ + msg := unix.Msghdr{ Iov: &iovs[0], Iovlen: uint64(len(iovs)), } @@ -636,7 +635,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b var ch chan struct{} n, err := src.CopyInTo(t, sendmsgFromBlocks) - if flags&syscall.MSG_DONTWAIT == 0 { + if flags&unix.MSG_DONTWAIT == 0 { for err == syserror.ErrWouldBlock { // We only expect blocking to come from the actual syscall, in which // case it can't have returned any data. @@ -664,7 +663,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b } func translateIOSyscallError(err error) error { - if err == syscall.EAGAIN || err == syscall.EWOULDBLOCK { + if err == unix.EAGAIN || err == unix.EWOULDBLOCK { return syserror.ErrWouldBlock } return err @@ -673,9 +672,9 @@ func translateIOSyscallError(err error) error { // State implements socket.Socket.State. func (s *socketOpsCommon) State() uint32 { info := linux.TCPInfo{} - buf, err := getsockopt(s.fd, syscall.SOL_TCP, syscall.TCP_INFO, linux.SizeOfTCPInfo) + buf, err := getsockopt(s.fd, unix.SOL_TCP, unix.TCP_INFO, linux.SizeOfTCPInfo) if err != nil { - if err != syscall.ENOPROTOOPT { + if err != unix.ENOPROTOOPT { log.Warningf("Failed to get TCP socket info from %+v: %v", s, err) } // For non-TCP sockets, silently ignore the failure. @@ -715,16 +714,16 @@ func (p *socketProvider) Socket(t *kernel.Task, stypeflags linux.SockType, proto // Only accept TCP and UDP. stype := stypeflags & linux.SOCK_TYPE_MASK switch stype { - case syscall.SOCK_STREAM: + case unix.SOCK_STREAM: switch protocol { - case 0, syscall.IPPROTO_TCP: + case 0, unix.IPPROTO_TCP: // ok default: return nil, nil } - case syscall.SOCK_DGRAM: + case unix.SOCK_DGRAM: switch protocol { - case 0, syscall.IPPROTO_UDP: + case 0, unix.IPPROTO_UDP: // ok default: return nil, nil @@ -736,11 +735,11 @@ func (p *socketProvider) Socket(t *kernel.Task, stypeflags linux.SockType, proto // Conservatively ignore all flags specified by the application and add // SOCK_NONBLOCK since socketOperations requires it. Pass a protocol of 0 // to simplify the syscall filters, since 0 and IPPROTO_* are equivalent. - fd, err := syscall.Socket(p.family, int(stype)|syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC, 0) + fd, err := unix.Socket(p.family, int(stype)|unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC, 0) if err != nil { return nil, syserr.FromError(err) } - return newSocketFile(t, p.family, stype, protocol, fd, stypeflags&syscall.SOCK_NONBLOCK != 0) + return newSocketFile(t, p.family, stype, protocol, fd, stypeflags&unix.SOCK_NONBLOCK != 0) } // Pair implements socket.Provider.Pair. @@ -752,7 +751,7 @@ func (p *socketProvider) Pair(t *kernel.Task, stype linux.SockType, protocol int // LINT.ThenChange(./socket_vfs2.go) func init() { - for _, family := range []int{syscall.AF_INET, syscall.AF_INET6} { + for _, family := range []int{unix.AF_INET, unix.AF_INET6} { socket.RegisterProvider(family, &socketProvider{family}) socket.RegisterProviderVFS2(family, &socketProviderVFS2{family}) } diff --git a/pkg/sentry/socket/hostinet/socket_unsafe.go b/pkg/sentry/socket/hostinet/socket_unsafe.go index 3f420c2ec..2890e640d 100644 --- a/pkg/sentry/socket/hostinet/socket_unsafe.go +++ b/pkg/sentry/socket/hostinet/socket_unsafe.go @@ -15,9 +15,9 @@ package hostinet import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/sentry/arch" @@ -36,8 +36,8 @@ func firstBytePtr(bs []byte) unsafe.Pointer { } // Preconditions: len(dsts) != 0. -func readv(fd int, dsts []syscall.Iovec) (uint64, error) { - n, _, errno := syscall.Syscall(syscall.SYS_READV, uintptr(fd), uintptr(unsafe.Pointer(&dsts[0])), uintptr(len(dsts))) +func readv(fd int, dsts []unix.Iovec) (uint64, error) { + n, _, errno := unix.Syscall(unix.SYS_READV, uintptr(fd), uintptr(unsafe.Pointer(&dsts[0])), uintptr(len(dsts))) if errno != 0 { return 0, translateIOSyscallError(errno) } @@ -45,8 +45,8 @@ func readv(fd int, dsts []syscall.Iovec) (uint64, error) { } // Preconditions: len(srcs) != 0. -func writev(fd int, srcs []syscall.Iovec) (uint64, error) { - n, _, errno := syscall.Syscall(syscall.SYS_WRITEV, uintptr(fd), uintptr(unsafe.Pointer(&srcs[0])), uintptr(len(srcs))) +func writev(fd int, srcs []unix.Iovec) (uint64, error) { + n, _, errno := unix.Syscall(unix.SYS_WRITEV, uintptr(fd), uintptr(unsafe.Pointer(&srcs[0])), uintptr(len(srcs))) if errno != 0 { return 0, translateIOSyscallError(errno) } @@ -55,9 +55,9 @@ func writev(fd int, srcs []syscall.Iovec) (uint64, error) { func ioctl(ctx context.Context, fd int, io usermem.IO, args arch.SyscallArguments) (uintptr, error) { switch cmd := uintptr(args[1].Int()); cmd { - case syscall.TIOCINQ, syscall.TIOCOUTQ: + case unix.TIOCINQ, unix.TIOCOUTQ: var val int32 - if _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), cmd, uintptr(unsafe.Pointer(&val))); errno != 0 { + if _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), cmd, uintptr(unsafe.Pointer(&val))); errno != 0 { return 0, translateIOSyscallError(errno) } var buf [4]byte @@ -73,7 +73,7 @@ func ioctl(ctx context.Context, fd int, io usermem.IO, args arch.SyscallArgument } func accept4(fd int, addr *byte, addrlen *uint32, flags int) (int, error) { - afd, _, errno := syscall.Syscall6(syscall.SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(addr)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) + afd, _, errno := unix.Syscall6(unix.SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(addr)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) if errno != 0 { return 0, translateIOSyscallError(errno) } @@ -83,7 +83,7 @@ func accept4(fd int, addr *byte, addrlen *uint32, flags int) (int, error) { func getsockopt(fd int, level, name int, optlen int) ([]byte, error) { opt := make([]byte, optlen) optlen32 := int32(len(opt)) - _, _, errno := syscall.Syscall6(syscall.SYS_GETSOCKOPT, uintptr(fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(unsafe.Pointer(&optlen32)), 0) + _, _, errno := unix.Syscall6(unix.SYS_GETSOCKOPT, uintptr(fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(unsafe.Pointer(&optlen32)), 0) if errno != 0 { return nil, errno } @@ -94,7 +94,7 @@ func getsockopt(fd int, level, name int, optlen int) ([]byte, error) { func (s *socketOpsCommon) GetSockName(t *kernel.Task) (linux.SockAddr, uint32, *syserr.Error) { addr := make([]byte, sizeofSockaddr) addrlen := uint32(len(addr)) - _, _, errno := syscall.Syscall(syscall.SYS_GETSOCKNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen))) + _, _, errno := unix.Syscall(unix.SYS_GETSOCKNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen))) if errno != 0 { return nil, 0, syserr.FromError(errno) } @@ -105,7 +105,7 @@ func (s *socketOpsCommon) GetSockName(t *kernel.Task) (linux.SockAddr, uint32, * func (s *socketOpsCommon) GetPeerName(t *kernel.Task) (linux.SockAddr, uint32, *syserr.Error) { addr := make([]byte, sizeofSockaddr) addrlen := uint32(len(addr)) - _, _, errno := syscall.Syscall(syscall.SYS_GETPEERNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen))) + _, _, errno := unix.Syscall(unix.SYS_GETPEERNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen))) if errno != 0 { return nil, 0, syserr.FromError(errno) } @@ -114,7 +114,7 @@ func (s *socketOpsCommon) GetPeerName(t *kernel.Task) (linux.SockAddr, uint32, * func recvfrom(fd int, dst []byte, flags int, from *[]byte) (uint64, error) { fromLen := uint32(len(*from)) - n, _, errno := syscall.Syscall6(syscall.SYS_RECVFROM, uintptr(fd), uintptr(firstBytePtr(dst)), uintptr(len(dst)), uintptr(flags), uintptr(firstBytePtr(*from)), uintptr(unsafe.Pointer(&fromLen))) + n, _, errno := unix.Syscall6(unix.SYS_RECVFROM, uintptr(fd), uintptr(firstBytePtr(dst)), uintptr(len(dst)), uintptr(flags), uintptr(firstBytePtr(*from)), uintptr(unsafe.Pointer(&fromLen))) if errno != 0 { return 0, translateIOSyscallError(errno) } @@ -122,16 +122,16 @@ func recvfrom(fd int, dst []byte, flags int, from *[]byte) (uint64, error) { return uint64(n), nil } -func recvmsg(fd int, msg *syscall.Msghdr, flags int) (uint64, error) { - n, _, errno := syscall.Syscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags)) +func recvmsg(fd int, msg *unix.Msghdr, flags int) (uint64, error) { + n, _, errno := unix.Syscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags)) if errno != 0 { return 0, translateIOSyscallError(errno) } return uint64(n), nil } -func sendmsg(fd int, msg *syscall.Msghdr, flags int) (uint64, error) { - n, _, errno := syscall.Syscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags)) +func sendmsg(fd int, msg *unix.Msghdr, flags int) (uint64, error) { + n, _, errno := unix.Syscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags)) if errno != 0 { return 0, translateIOSyscallError(errno) } diff --git a/pkg/sentry/socket/hostinet/socket_vfs2.go b/pkg/sentry/socket/hostinet/socket_vfs2.go index dc03ccb47..5d55cc64d 100644 --- a/pkg/sentry/socket/hostinet/socket_vfs2.go +++ b/pkg/sentry/socket/hostinet/socket_vfs2.go @@ -15,8 +15,7 @@ package hostinet import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fdnotifier" @@ -160,16 +159,16 @@ func (p *socketProviderVFS2) Socket(t *kernel.Task, stypeflags linux.SockType, p // Only accept TCP and UDP. stype := stypeflags & linux.SOCK_TYPE_MASK switch stype { - case syscall.SOCK_STREAM: + case unix.SOCK_STREAM: switch protocol { - case 0, syscall.IPPROTO_TCP: + case 0, unix.IPPROTO_TCP: // ok default: return nil, nil } - case syscall.SOCK_DGRAM: + case unix.SOCK_DGRAM: switch protocol { - case 0, syscall.IPPROTO_UDP: + case 0, unix.IPPROTO_UDP: // ok default: return nil, nil @@ -181,11 +180,11 @@ func (p *socketProviderVFS2) Socket(t *kernel.Task, stypeflags linux.SockType, p // Conservatively ignore all flags specified by the application and add // SOCK_NONBLOCK since socketOperations requires it. Pass a protocol of 0 // to simplify the syscall filters, since 0 and IPPROTO_* are equivalent. - fd, err := syscall.Socket(p.family, int(stype)|syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC, 0) + fd, err := unix.Socket(p.family, int(stype)|unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC, 0) if err != nil { return nil, syserr.FromError(err) } - return newVFS2Socket(t, p.family, stype, protocol, fd, uint32(stypeflags&syscall.SOCK_NONBLOCK)) + return newVFS2Socket(t, p.family, stype, protocol, fd, uint32(stypeflags&unix.SOCK_NONBLOCK)) } // Pair implements socket.Provider.Pair. diff --git a/pkg/sentry/socket/hostinet/stack.go b/pkg/sentry/socket/hostinet/stack.go index 7e7857ac3..e6323244c 100644 --- a/pkg/sentry/socket/hostinet/stack.go +++ b/pkg/sentry/socket/hostinet/stack.go @@ -24,6 +24,7 @@ import ( "strings" "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/binary" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/log" @@ -138,14 +139,14 @@ func (s *Stack) Configure() error { // netlink messages. func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.NetlinkMessage, interfaces map[int32]inet.Interface, interfaceAddrs map[int32][]inet.InterfaceAddr) error { for _, link := range links { - if link.Header.Type != syscall.RTM_NEWLINK { + if link.Header.Type != unix.RTM_NEWLINK { continue } - if len(link.Data) < syscall.SizeofIfInfomsg { - return fmt.Errorf("RTM_GETLINK returned RTM_NEWLINK message with invalid data length (%d bytes, expected at least %d bytes)", len(link.Data), syscall.SizeofIfInfomsg) + if len(link.Data) < unix.SizeofIfInfomsg { + return fmt.Errorf("RTM_GETLINK returned RTM_NEWLINK message with invalid data length (%d bytes, expected at least %d bytes)", len(link.Data), unix.SizeofIfInfomsg) } - var ifinfo syscall.IfInfomsg - binary.Unmarshal(link.Data[:syscall.SizeofIfInfomsg], usermem.ByteOrder, &ifinfo) + var ifinfo unix.IfInfomsg + binary.Unmarshal(link.Data[:unix.SizeofIfInfomsg], usermem.ByteOrder, &ifinfo) inetIF := inet.Interface{ DeviceType: ifinfo.Type, Flags: ifinfo.Flags, @@ -159,9 +160,9 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli } for _, attr := range attrs { switch attr.Attr.Type { - case syscall.IFLA_ADDRESS: + case unix.IFLA_ADDRESS: inetIF.Addr = attr.Value - case syscall.IFLA_IFNAME: + case unix.IFLA_IFNAME: inetIF.Name = string(attr.Value[:len(attr.Value)-1]) } } @@ -169,14 +170,14 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli } for _, addr := range addrs { - if addr.Header.Type != syscall.RTM_NEWADDR { + if addr.Header.Type != unix.RTM_NEWADDR { continue } - if len(addr.Data) < syscall.SizeofIfAddrmsg { - return fmt.Errorf("RTM_GETADDR returned RTM_NEWADDR message with invalid data length (%d bytes, expected at least %d bytes)", len(addr.Data), syscall.SizeofIfAddrmsg) + if len(addr.Data) < unix.SizeofIfAddrmsg { + return fmt.Errorf("RTM_GETADDR returned RTM_NEWADDR message with invalid data length (%d bytes, expected at least %d bytes)", len(addr.Data), unix.SizeofIfAddrmsg) } - var ifaddr syscall.IfAddrmsg - binary.Unmarshal(addr.Data[:syscall.SizeofIfAddrmsg], usermem.ByteOrder, &ifaddr) + var ifaddr unix.IfAddrmsg + binary.Unmarshal(addr.Data[:unix.SizeofIfAddrmsg], usermem.ByteOrder, &ifaddr) inetAddr := inet.InterfaceAddr{ Family: ifaddr.Family, PrefixLen: ifaddr.Prefixlen, @@ -188,7 +189,7 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli } for _, attr := range attrs { switch attr.Attr.Type { - case syscall.IFA_ADDRESS: + case unix.IFA_ADDRESS: inetAddr.Addr = attr.Value } } @@ -203,12 +204,12 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli func ExtractHostRoutes(routeMsgs []syscall.NetlinkMessage) ([]inet.Route, error) { var routes []inet.Route for _, routeMsg := range routeMsgs { - if routeMsg.Header.Type != syscall.RTM_NEWROUTE { + if routeMsg.Header.Type != unix.RTM_NEWROUTE { continue } - var ifRoute syscall.RtMsg - binary.Unmarshal(routeMsg.Data[:syscall.SizeofRtMsg], usermem.ByteOrder, &ifRoute) + var ifRoute unix.RtMsg + binary.Unmarshal(routeMsg.Data[:unix.SizeofRtMsg], usermem.ByteOrder, &ifRoute) inetRoute := inet.Route{ Family: ifRoute.Family, DstLen: ifRoute.Dst_len, @@ -231,13 +232,13 @@ func ExtractHostRoutes(routeMsgs []syscall.NetlinkMessage) ([]inet.Route, error) for _, attr := range attrs { switch attr.Attr.Type { - case syscall.RTA_DST: + case unix.RTA_DST: inetRoute.DstAddr = attr.Value - case syscall.RTA_SRC: + case unix.RTA_SRC: inetRoute.SrcAddr = attr.Value - case syscall.RTA_GATEWAY: + case unix.RTA_GATEWAY: inetRoute.GatewayAddr = attr.Value - case syscall.RTA_OIF: + case unix.RTA_OIF: expected := int(binary.Size(inetRoute.OutputInterface)) if len(attr.Value) != expected { return nil, fmt.Errorf("RTM_GETROUTE returned RTM_NEWROUTE message with invalid attribute data length (%d bytes, expected %d bytes)", len(attr.Value), expected) @@ -253,12 +254,12 @@ func ExtractHostRoutes(routeMsgs []syscall.NetlinkMessage) ([]inet.Route, error) } func addHostInterfaces(s *Stack) error { - links, err := doNetlinkRouteRequest(syscall.RTM_GETLINK) + links, err := doNetlinkRouteRequest(unix.RTM_GETLINK) if err != nil { return fmt.Errorf("RTM_GETLINK failed: %v", err) } - addrs, err := doNetlinkRouteRequest(syscall.RTM_GETADDR) + addrs, err := doNetlinkRouteRequest(unix.RTM_GETADDR) if err != nil { return fmt.Errorf("RTM_GETADDR failed: %v", err) } @@ -267,7 +268,7 @@ func addHostInterfaces(s *Stack) error { } func addHostRoutes(s *Stack) error { - routes, err := doNetlinkRouteRequest(syscall.RTM_GETROUTE) + routes, err := doNetlinkRouteRequest(unix.RTM_GETROUTE) if err != nil { return fmt.Errorf("RTM_GETROUTE failed: %v", err) } |