diff options
author | Ayush Ranjan <ayushranjan@google.com> | 2021-03-03 10:23:55 -0800 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-03-03 10:25:58 -0800 |
commit | a9441aea2780da8c93da1c73da860219f98438de (patch) | |
tree | 8b12915756f5bfb926218214cd7bc0b3281605fd /pkg/sentry/socket | |
parent | b8a5420f49a2afd622ec08b5019e1bf537f7da82 (diff) |
[op] Replace syscall package usage with golang.org/x/sys/unix in pkg/.
The syscall package has been deprecated in favor of golang.org/x/sys.
Note that syscall is still used in the following places:
- pkg/sentry/socket/hostinet/stack.go: some netlink related functionalities
are not yet available in golang.org/x/sys.
- syscall.Stat_t is still used in some places because os.FileInfo.Sys() still
returns it and not unix.Stat_t.
Updates #214
PiperOrigin-RevId: 360701387
Diffstat (limited to 'pkg/sentry/socket')
-rw-r--r-- | pkg/sentry/socket/BUILD | 1 | ||||
-rw-r--r-- | pkg/sentry/socket/hostinet/socket.go | 97 | ||||
-rw-r--r-- | pkg/sentry/socket/hostinet/socket_unsafe.go | 32 | ||||
-rw-r--r-- | pkg/sentry/socket/hostinet/socket_vfs2.go | 15 | ||||
-rw-r--r-- | pkg/sentry/socket/hostinet/stack.go | 47 | ||||
-rw-r--r-- | pkg/sentry/socket/netlink/route/BUILD | 1 | ||||
-rw-r--r-- | pkg/sentry/socket/netlink/route/protocol.go | 4 | ||||
-rw-r--r-- | pkg/sentry/socket/netstack/netstack.go | 9 | ||||
-rw-r--r-- | pkg/sentry/socket/netstack/provider.go | 21 | ||||
-rw-r--r-- | pkg/sentry/socket/socket.go | 40 | ||||
-rw-r--r-- | pkg/sentry/socket/unix/BUILD | 1 | ||||
-rw-r--r-- | pkg/sentry/socket/unix/unix.go | 6 |
12 files changed, 137 insertions, 137 deletions
diff --git a/pkg/sentry/socket/BUILD b/pkg/sentry/socket/BUILD index cc1f6bfcc..0ce42b6cc 100644 --- a/pkg/sentry/socket/BUILD +++ b/pkg/sentry/socket/BUILD @@ -22,5 +22,6 @@ go_library( "//pkg/tcpip", "//pkg/tcpip/header", "//pkg/usermem", + "@org_golang_x_sys//unix:go_default_library", ], ) diff --git a/pkg/sentry/socket/hostinet/socket.go b/pkg/sentry/socket/hostinet/socket.go index 17f59ba1f..c711d0684 100644 --- a/pkg/sentry/socket/hostinet/socket.go +++ b/pkg/sentry/socket/hostinet/socket.go @@ -16,7 +16,6 @@ package hostinet import ( "fmt" - "syscall" "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" @@ -45,10 +44,10 @@ const ( // sizeofSockaddr is the size in bytes of the largest sockaddr type // supported by this package. - sizeofSockaddr = syscall.SizeofSockaddrInet6 // sizeof(sockaddr_in6) > sizeof(sockaddr_in) + sizeofSockaddr = unix.SizeofSockaddrInet6 // sizeof(sockaddr_in6) > sizeof(sockaddr_in) // maxControlLen is the maximum size of a control message buffer used in a - // recvmsg or sendmsg syscall. + // recvmsg or sendmsg unix. maxControlLen = 1024 ) @@ -107,7 +106,7 @@ func newSocketFile(ctx context.Context, family int, stype linux.SockType, protoc // Release implements fs.FileOperations.Release. func (s *socketOpsCommon) Release(context.Context) { fdnotifier.RemoveFD(int32(s.fd)) - syscall.Close(s.fd) + unix.Close(s.fd) } // Readiness implements waiter.Waitable.Readiness. @@ -143,8 +142,8 @@ func (s *socketOperations) Read(ctx context.Context, _ *fs.File, dst usermem.IOS return 0, nil } if dsts.NumBlocks() == 1 { - // Skip allocating []syscall.Iovec. - n, err := syscall.Read(s.fd, dsts.Head().ToSlice()) + // Skip allocating []unix.Iovec. + n, err := unix.Read(s.fd, dsts.Head().ToSlice()) if err != nil { return 0, translateIOSyscallError(err) } @@ -166,8 +165,8 @@ func (s *socketOperations) Write(ctx context.Context, _ *fs.File, src usermem.IO return 0, nil } if srcs.NumBlocks() == 1 { - // Skip allocating []syscall.Iovec. - n, err := syscall.Write(s.fd, srcs.Head().ToSlice()) + // Skip allocating []unix.Iovec. + n, err := unix.Write(s.fd, srcs.Head().ToSlice()) if err != nil { return 0, translateIOSyscallError(err) } @@ -184,12 +183,12 @@ func (s *socketOpsCommon) Connect(t *kernel.Task, sockaddr []byte, blocking bool sockaddr = sockaddr[:sizeofSockaddr] } - _, _, errno := syscall.Syscall(syscall.SYS_CONNECT, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr))) + _, _, errno := unix.Syscall(unix.SYS_CONNECT, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr))) if errno == 0 { return nil } - if errno != syscall.EINPROGRESS || !blocking { + if errno != unix.EINPROGRESS || !blocking { return syserr.FromError(translateIOSyscallError(errno)) } @@ -208,12 +207,12 @@ func (s *socketOpsCommon) Connect(t *kernel.Task, sockaddr []byte, blocking bool return syserr.FromError(err) } } - val, err := syscall.GetsockoptInt(s.fd, syscall.SOL_SOCKET, syscall.SO_ERROR) + val, err := unix.GetsockoptInt(s.fd, unix.SOL_SOCKET, unix.SO_ERROR) if err != nil { return syserr.FromError(err) } if val != 0 { - return syserr.FromError(syscall.Errno(uintptr(val))) + return syserr.FromError(unix.Errno(uintptr(val))) } return nil } @@ -234,7 +233,7 @@ func (s *socketOpsCommon) Accept(t *kernel.Task, peerRequested bool, flags int, // Conservatively ignore all flags specified by the application and add // SOCK_NONBLOCK since socketOpsCommon requires it. - fd, syscallErr := accept4(s.fd, peerAddrPtr, peerAddrlenPtr, syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC) + fd, syscallErr := accept4(s.fd, peerAddrPtr, peerAddrlenPtr, unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC) if blocking { var ch chan struct{} for syscallErr == syserror.ErrWouldBlock { @@ -248,7 +247,7 @@ func (s *socketOpsCommon) Accept(t *kernel.Task, peerRequested bool, flags int, s.EventRegister(&e, waiter.EventIn) defer s.EventUnregister(&e) } - fd, syscallErr = accept4(s.fd, peerAddrPtr, peerAddrlenPtr, syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC) + fd, syscallErr = accept4(s.fd, peerAddrPtr, peerAddrlenPtr, unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC) } } @@ -264,27 +263,27 @@ func (s *socketOpsCommon) Accept(t *kernel.Task, peerRequested bool, flags int, kerr error ) if kernel.VFS2Enabled { - f, err := newVFS2Socket(t, s.family, s.stype, s.protocol, fd, uint32(flags&syscall.SOCK_NONBLOCK)) + f, err := newVFS2Socket(t, s.family, s.stype, s.protocol, fd, uint32(flags&unix.SOCK_NONBLOCK)) if err != nil { - syscall.Close(fd) + unix.Close(fd) return 0, nil, 0, err } defer f.DecRef(t) kfd, kerr = t.NewFDFromVFS2(0, f, kernel.FDFlags{ - CloseOnExec: flags&syscall.SOCK_CLOEXEC != 0, + CloseOnExec: flags&unix.SOCK_CLOEXEC != 0, }) t.Kernel().RecordSocketVFS2(f) } else { - f, err := newSocketFile(t, s.family, s.stype, s.protocol, fd, flags&syscall.SOCK_NONBLOCK != 0) + f, err := newSocketFile(t, s.family, s.stype, s.protocol, fd, flags&unix.SOCK_NONBLOCK != 0) if err != nil { - syscall.Close(fd) + unix.Close(fd) return 0, nil, 0, err } defer f.DecRef(t) kfd, kerr = t.NewFDFrom(0, f, kernel.FDFlags{ - CloseOnExec: flags&syscall.SOCK_CLOEXEC != 0, + CloseOnExec: flags&unix.SOCK_CLOEXEC != 0, }) t.Kernel().RecordSocket(f) } @@ -298,7 +297,7 @@ func (s *socketOpsCommon) Bind(t *kernel.Task, sockaddr []byte) *syserr.Error { sockaddr = sockaddr[:sizeofSockaddr] } - _, _, errno := syscall.Syscall(syscall.SYS_BIND, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr))) + _, _, errno := unix.Syscall(unix.SYS_BIND, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr))) if errno != 0 { return syserr.FromError(errno) } @@ -307,14 +306,14 @@ func (s *socketOpsCommon) Bind(t *kernel.Task, sockaddr []byte) *syserr.Error { // Listen implements socket.Socket.Listen. func (s *socketOpsCommon) Listen(t *kernel.Task, backlog int) *syserr.Error { - return syserr.FromError(syscall.Listen(s.fd, backlog)) + return syserr.FromError(unix.Listen(s.fd, backlog)) } // Shutdown implements socket.Socket.Shutdown. func (s *socketOpsCommon) Shutdown(t *kernel.Task, how int) *syserr.Error { switch how { - case syscall.SHUT_RD, syscall.SHUT_WR, syscall.SHUT_RDWR: - return syserr.FromError(syscall.Shutdown(s.fd, how)) + case unix.SHUT_RD, unix.SHUT_WR, unix.SHUT_RDWR: + return syserr.FromError(unix.Shutdown(s.fd, how)) default: return syserr.ErrInvalidArgument } @@ -344,7 +343,7 @@ func (s *socketOpsCommon) GetSockOpt(t *kernel.Task, level int, name int, outPtr case linux.SO_ERROR, linux.SO_KEEPALIVE, linux.SO_SNDBUF, linux.SO_RCVBUF, linux.SO_REUSEADDR, linux.SO_TIMESTAMP: optlen = sizeofInt32 case linux.SO_LINGER: - optlen = syscall.SizeofLinger + optlen = unix.SizeofLinger } case linux.SOL_TCP: switch name { @@ -407,18 +406,18 @@ func (s *socketOpsCommon) SetSockOpt(t *kernel.Task, level int, name int, opt [] } opt = opt[:optlen] - _, _, errno := syscall.Syscall6(syscall.SYS_SETSOCKOPT, uintptr(s.fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(len(opt)), 0) + _, _, errno := unix.Syscall6(unix.SYS_SETSOCKOPT, uintptr(s.fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(len(opt)), 0) if errno != 0 { return syserr.FromError(errno) } return nil } -func (s *socketOpsCommon) recvMsgFromHost(iovs []syscall.Iovec, flags int, senderRequested bool, controlLen uint64) (uint64, int, []byte, []byte, error) { +func (s *socketOpsCommon) recvMsgFromHost(iovs []unix.Iovec, flags int, senderRequested bool, controlLen uint64) (uint64, int, []byte, []byte, error) { // We always do a non-blocking recv*(). - sysflags := flags | syscall.MSG_DONTWAIT + sysflags := flags | unix.MSG_DONTWAIT - msg := syscall.Msghdr{} + msg := unix.Msghdr{} if len(iovs) > 0 { msg.Iov = &iovs[0] msg.Iovlen = uint64(len(iovs)) @@ -448,7 +447,7 @@ func (s *socketOpsCommon) recvMsgFromHost(iovs []syscall.Iovec, flags int, sende // RecvMsg implements socket.Socket.RecvMsg. func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags int, haveDeadline bool, deadline ktime.Time, senderRequested bool, controlLen uint64) (int, int, linux.SockAddr, uint32, socket.ControlMessages, *syserr.Error) { // Only allow known and safe flags. - if flags&^(syscall.MSG_DONTWAIT|syscall.MSG_PEEK|syscall.MSG_TRUNC|syscall.MSG_ERRQUEUE) != 0 { + if flags&^(unix.MSG_DONTWAIT|unix.MSG_PEEK|unix.MSG_TRUNC|unix.MSG_ERRQUEUE) != 0 { return 0, 0, nil, 0, socket.ControlMessages{}, syserr.ErrInvalidArgument } @@ -483,7 +482,7 @@ func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags var ch chan struct{} n, err := copyToDst() // recv*(MSG_ERRQUEUE) never blocks, even without MSG_DONTWAIT. - if flags&(syscall.MSG_DONTWAIT|syscall.MSG_ERRQUEUE) == 0 { + if flags&(unix.MSG_DONTWAIT|unix.MSG_ERRQUEUE) == 0 { for err == syserror.ErrWouldBlock { // We only expect blocking to come from the actual syscall, in which // case it can't have returned any data. @@ -547,7 +546,7 @@ func parseUnixControlMessages(unixControlMessages []unix.SocketControlMessage) s binary.Unmarshal(unixCmsg.Data[:addr.SizeBytes()], usermem.ByteOrder, &addr) controlMessages.IP.OriginalDstAddress = &addr - case syscall.IP_RECVERR: + case unix.IP_RECVERR: var errCmsg linux.SockErrCMsgIPv4 errCmsg.UnmarshalBytes(unixCmsg.Data) controlMessages.IP.SockErr = &errCmsg @@ -564,7 +563,7 @@ func parseUnixControlMessages(unixControlMessages []unix.SocketControlMessage) s binary.Unmarshal(unixCmsg.Data[:addr.SizeBytes()], usermem.ByteOrder, &addr) controlMessages.IP.OriginalDstAddress = &addr - case syscall.IPV6_RECVERR: + case unix.IPV6_RECVERR: var errCmsg linux.SockErrCMsgIPv6 errCmsg.UnmarshalBytes(unixCmsg.Data) controlMessages.IP.SockErr = &errCmsg @@ -584,7 +583,7 @@ func parseUnixControlMessages(unixControlMessages []unix.SocketControlMessage) s // SendMsg implements socket.Socket.SendMsg. func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []byte, flags int, haveDeadline bool, deadline ktime.Time, controlMessages socket.ControlMessages) (int, *syserr.Error) { // Only allow known and safe flags. - if flags&^(syscall.MSG_DONTWAIT|syscall.MSG_EOR|syscall.MSG_FASTOPEN|syscall.MSG_MORE|syscall.MSG_NOSIGNAL) != 0 { + if flags&^(unix.MSG_DONTWAIT|unix.MSG_EOR|unix.MSG_FASTOPEN|unix.MSG_MORE|unix.MSG_NOSIGNAL) != 0 { return 0, syserr.ErrInvalidArgument } @@ -606,12 +605,12 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b } // We always do a non-blocking send*(). - sysflags := flags | syscall.MSG_DONTWAIT + sysflags := flags | unix.MSG_DONTWAIT if srcs.NumBlocks() == 1 && len(controlBuf) == 0 { - // Skip allocating []syscall.Iovec. + // Skip allocating []unix.Iovec. src := srcs.Head() - n, _, errno := syscall.Syscall6(syscall.SYS_SENDTO, uintptr(s.fd), src.Addr(), uintptr(src.Len()), uintptr(sysflags), uintptr(firstBytePtr(to)), uintptr(len(to))) + n, _, errno := unix.Syscall6(unix.SYS_SENDTO, uintptr(s.fd), src.Addr(), uintptr(src.Len()), uintptr(sysflags), uintptr(firstBytePtr(to)), uintptr(len(to))) if errno != 0 { return 0, translateIOSyscallError(errno) } @@ -619,7 +618,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b } iovs := safemem.IovecsFromBlockSeq(srcs) - msg := syscall.Msghdr{ + msg := unix.Msghdr{ Iov: &iovs[0], Iovlen: uint64(len(iovs)), } @@ -636,7 +635,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b var ch chan struct{} n, err := src.CopyInTo(t, sendmsgFromBlocks) - if flags&syscall.MSG_DONTWAIT == 0 { + if flags&unix.MSG_DONTWAIT == 0 { for err == syserror.ErrWouldBlock { // We only expect blocking to come from the actual syscall, in which // case it can't have returned any data. @@ -664,7 +663,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b } func translateIOSyscallError(err error) error { - if err == syscall.EAGAIN || err == syscall.EWOULDBLOCK { + if err == unix.EAGAIN || err == unix.EWOULDBLOCK { return syserror.ErrWouldBlock } return err @@ -673,9 +672,9 @@ func translateIOSyscallError(err error) error { // State implements socket.Socket.State. func (s *socketOpsCommon) State() uint32 { info := linux.TCPInfo{} - buf, err := getsockopt(s.fd, syscall.SOL_TCP, syscall.TCP_INFO, linux.SizeOfTCPInfo) + buf, err := getsockopt(s.fd, unix.SOL_TCP, unix.TCP_INFO, linux.SizeOfTCPInfo) if err != nil { - if err != syscall.ENOPROTOOPT { + if err != unix.ENOPROTOOPT { log.Warningf("Failed to get TCP socket info from %+v: %v", s, err) } // For non-TCP sockets, silently ignore the failure. @@ -715,16 +714,16 @@ func (p *socketProvider) Socket(t *kernel.Task, stypeflags linux.SockType, proto // Only accept TCP and UDP. stype := stypeflags & linux.SOCK_TYPE_MASK switch stype { - case syscall.SOCK_STREAM: + case unix.SOCK_STREAM: switch protocol { - case 0, syscall.IPPROTO_TCP: + case 0, unix.IPPROTO_TCP: // ok default: return nil, nil } - case syscall.SOCK_DGRAM: + case unix.SOCK_DGRAM: switch protocol { - case 0, syscall.IPPROTO_UDP: + case 0, unix.IPPROTO_UDP: // ok default: return nil, nil @@ -736,11 +735,11 @@ func (p *socketProvider) Socket(t *kernel.Task, stypeflags linux.SockType, proto // Conservatively ignore all flags specified by the application and add // SOCK_NONBLOCK since socketOperations requires it. Pass a protocol of 0 // to simplify the syscall filters, since 0 and IPPROTO_* are equivalent. - fd, err := syscall.Socket(p.family, int(stype)|syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC, 0) + fd, err := unix.Socket(p.family, int(stype)|unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC, 0) if err != nil { return nil, syserr.FromError(err) } - return newSocketFile(t, p.family, stype, protocol, fd, stypeflags&syscall.SOCK_NONBLOCK != 0) + return newSocketFile(t, p.family, stype, protocol, fd, stypeflags&unix.SOCK_NONBLOCK != 0) } // Pair implements socket.Provider.Pair. @@ -752,7 +751,7 @@ func (p *socketProvider) Pair(t *kernel.Task, stype linux.SockType, protocol int // LINT.ThenChange(./socket_vfs2.go) func init() { - for _, family := range []int{syscall.AF_INET, syscall.AF_INET6} { + for _, family := range []int{unix.AF_INET, unix.AF_INET6} { socket.RegisterProvider(family, &socketProvider{family}) socket.RegisterProviderVFS2(family, &socketProviderVFS2{family}) } diff --git a/pkg/sentry/socket/hostinet/socket_unsafe.go b/pkg/sentry/socket/hostinet/socket_unsafe.go index 3f420c2ec..2890e640d 100644 --- a/pkg/sentry/socket/hostinet/socket_unsafe.go +++ b/pkg/sentry/socket/hostinet/socket_unsafe.go @@ -15,9 +15,9 @@ package hostinet import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/sentry/arch" @@ -36,8 +36,8 @@ func firstBytePtr(bs []byte) unsafe.Pointer { } // Preconditions: len(dsts) != 0. -func readv(fd int, dsts []syscall.Iovec) (uint64, error) { - n, _, errno := syscall.Syscall(syscall.SYS_READV, uintptr(fd), uintptr(unsafe.Pointer(&dsts[0])), uintptr(len(dsts))) +func readv(fd int, dsts []unix.Iovec) (uint64, error) { + n, _, errno := unix.Syscall(unix.SYS_READV, uintptr(fd), uintptr(unsafe.Pointer(&dsts[0])), uintptr(len(dsts))) if errno != 0 { return 0, translateIOSyscallError(errno) } @@ -45,8 +45,8 @@ func readv(fd int, dsts []syscall.Iovec) (uint64, error) { } // Preconditions: len(srcs) != 0. -func writev(fd int, srcs []syscall.Iovec) (uint64, error) { - n, _, errno := syscall.Syscall(syscall.SYS_WRITEV, uintptr(fd), uintptr(unsafe.Pointer(&srcs[0])), uintptr(len(srcs))) +func writev(fd int, srcs []unix.Iovec) (uint64, error) { + n, _, errno := unix.Syscall(unix.SYS_WRITEV, uintptr(fd), uintptr(unsafe.Pointer(&srcs[0])), uintptr(len(srcs))) if errno != 0 { return 0, translateIOSyscallError(errno) } @@ -55,9 +55,9 @@ func writev(fd int, srcs []syscall.Iovec) (uint64, error) { func ioctl(ctx context.Context, fd int, io usermem.IO, args arch.SyscallArguments) (uintptr, error) { switch cmd := uintptr(args[1].Int()); cmd { - case syscall.TIOCINQ, syscall.TIOCOUTQ: + case unix.TIOCINQ, unix.TIOCOUTQ: var val int32 - if _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), cmd, uintptr(unsafe.Pointer(&val))); errno != 0 { + if _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), cmd, uintptr(unsafe.Pointer(&val))); errno != 0 { return 0, translateIOSyscallError(errno) } var buf [4]byte @@ -73,7 +73,7 @@ func ioctl(ctx context.Context, fd int, io usermem.IO, args arch.SyscallArgument } func accept4(fd int, addr *byte, addrlen *uint32, flags int) (int, error) { - afd, _, errno := syscall.Syscall6(syscall.SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(addr)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) + afd, _, errno := unix.Syscall6(unix.SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(addr)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) if errno != 0 { return 0, translateIOSyscallError(errno) } @@ -83,7 +83,7 @@ func accept4(fd int, addr *byte, addrlen *uint32, flags int) (int, error) { func getsockopt(fd int, level, name int, optlen int) ([]byte, error) { opt := make([]byte, optlen) optlen32 := int32(len(opt)) - _, _, errno := syscall.Syscall6(syscall.SYS_GETSOCKOPT, uintptr(fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(unsafe.Pointer(&optlen32)), 0) + _, _, errno := unix.Syscall6(unix.SYS_GETSOCKOPT, uintptr(fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(unsafe.Pointer(&optlen32)), 0) if errno != 0 { return nil, errno } @@ -94,7 +94,7 @@ func getsockopt(fd int, level, name int, optlen int) ([]byte, error) { func (s *socketOpsCommon) GetSockName(t *kernel.Task) (linux.SockAddr, uint32, *syserr.Error) { addr := make([]byte, sizeofSockaddr) addrlen := uint32(len(addr)) - _, _, errno := syscall.Syscall(syscall.SYS_GETSOCKNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen))) + _, _, errno := unix.Syscall(unix.SYS_GETSOCKNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen))) if errno != 0 { return nil, 0, syserr.FromError(errno) } @@ -105,7 +105,7 @@ func (s *socketOpsCommon) GetSockName(t *kernel.Task) (linux.SockAddr, uint32, * func (s *socketOpsCommon) GetPeerName(t *kernel.Task) (linux.SockAddr, uint32, *syserr.Error) { addr := make([]byte, sizeofSockaddr) addrlen := uint32(len(addr)) - _, _, errno := syscall.Syscall(syscall.SYS_GETPEERNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen))) + _, _, errno := unix.Syscall(unix.SYS_GETPEERNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen))) if errno != 0 { return nil, 0, syserr.FromError(errno) } @@ -114,7 +114,7 @@ func (s *socketOpsCommon) GetPeerName(t *kernel.Task) (linux.SockAddr, uint32, * func recvfrom(fd int, dst []byte, flags int, from *[]byte) (uint64, error) { fromLen := uint32(len(*from)) - n, _, errno := syscall.Syscall6(syscall.SYS_RECVFROM, uintptr(fd), uintptr(firstBytePtr(dst)), uintptr(len(dst)), uintptr(flags), uintptr(firstBytePtr(*from)), uintptr(unsafe.Pointer(&fromLen))) + n, _, errno := unix.Syscall6(unix.SYS_RECVFROM, uintptr(fd), uintptr(firstBytePtr(dst)), uintptr(len(dst)), uintptr(flags), uintptr(firstBytePtr(*from)), uintptr(unsafe.Pointer(&fromLen))) if errno != 0 { return 0, translateIOSyscallError(errno) } @@ -122,16 +122,16 @@ func recvfrom(fd int, dst []byte, flags int, from *[]byte) (uint64, error) { return uint64(n), nil } -func recvmsg(fd int, msg *syscall.Msghdr, flags int) (uint64, error) { - n, _, errno := syscall.Syscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags)) +func recvmsg(fd int, msg *unix.Msghdr, flags int) (uint64, error) { + n, _, errno := unix.Syscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags)) if errno != 0 { return 0, translateIOSyscallError(errno) } return uint64(n), nil } -func sendmsg(fd int, msg *syscall.Msghdr, flags int) (uint64, error) { - n, _, errno := syscall.Syscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags)) +func sendmsg(fd int, msg *unix.Msghdr, flags int) (uint64, error) { + n, _, errno := unix.Syscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags)) if errno != 0 { return 0, translateIOSyscallError(errno) } diff --git a/pkg/sentry/socket/hostinet/socket_vfs2.go b/pkg/sentry/socket/hostinet/socket_vfs2.go index dc03ccb47..5d55cc64d 100644 --- a/pkg/sentry/socket/hostinet/socket_vfs2.go +++ b/pkg/sentry/socket/hostinet/socket_vfs2.go @@ -15,8 +15,7 @@ package hostinet import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fdnotifier" @@ -160,16 +159,16 @@ func (p *socketProviderVFS2) Socket(t *kernel.Task, stypeflags linux.SockType, p // Only accept TCP and UDP. stype := stypeflags & linux.SOCK_TYPE_MASK switch stype { - case syscall.SOCK_STREAM: + case unix.SOCK_STREAM: switch protocol { - case 0, syscall.IPPROTO_TCP: + case 0, unix.IPPROTO_TCP: // ok default: return nil, nil } - case syscall.SOCK_DGRAM: + case unix.SOCK_DGRAM: switch protocol { - case 0, syscall.IPPROTO_UDP: + case 0, unix.IPPROTO_UDP: // ok default: return nil, nil @@ -181,11 +180,11 @@ func (p *socketProviderVFS2) Socket(t *kernel.Task, stypeflags linux.SockType, p // Conservatively ignore all flags specified by the application and add // SOCK_NONBLOCK since socketOperations requires it. Pass a protocol of 0 // to simplify the syscall filters, since 0 and IPPROTO_* are equivalent. - fd, err := syscall.Socket(p.family, int(stype)|syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC, 0) + fd, err := unix.Socket(p.family, int(stype)|unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC, 0) if err != nil { return nil, syserr.FromError(err) } - return newVFS2Socket(t, p.family, stype, protocol, fd, uint32(stypeflags&syscall.SOCK_NONBLOCK)) + return newVFS2Socket(t, p.family, stype, protocol, fd, uint32(stypeflags&unix.SOCK_NONBLOCK)) } // Pair implements socket.Provider.Pair. diff --git a/pkg/sentry/socket/hostinet/stack.go b/pkg/sentry/socket/hostinet/stack.go index 7e7857ac3..e6323244c 100644 --- a/pkg/sentry/socket/hostinet/stack.go +++ b/pkg/sentry/socket/hostinet/stack.go @@ -24,6 +24,7 @@ import ( "strings" "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/binary" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/log" @@ -138,14 +139,14 @@ func (s *Stack) Configure() error { // netlink messages. func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.NetlinkMessage, interfaces map[int32]inet.Interface, interfaceAddrs map[int32][]inet.InterfaceAddr) error { for _, link := range links { - if link.Header.Type != syscall.RTM_NEWLINK { + if link.Header.Type != unix.RTM_NEWLINK { continue } - if len(link.Data) < syscall.SizeofIfInfomsg { - return fmt.Errorf("RTM_GETLINK returned RTM_NEWLINK message with invalid data length (%d bytes, expected at least %d bytes)", len(link.Data), syscall.SizeofIfInfomsg) + if len(link.Data) < unix.SizeofIfInfomsg { + return fmt.Errorf("RTM_GETLINK returned RTM_NEWLINK message with invalid data length (%d bytes, expected at least %d bytes)", len(link.Data), unix.SizeofIfInfomsg) } - var ifinfo syscall.IfInfomsg - binary.Unmarshal(link.Data[:syscall.SizeofIfInfomsg], usermem.ByteOrder, &ifinfo) + var ifinfo unix.IfInfomsg + binary.Unmarshal(link.Data[:unix.SizeofIfInfomsg], usermem.ByteOrder, &ifinfo) inetIF := inet.Interface{ DeviceType: ifinfo.Type, Flags: ifinfo.Flags, @@ -159,9 +160,9 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli } for _, attr := range attrs { switch attr.Attr.Type { - case syscall.IFLA_ADDRESS: + case unix.IFLA_ADDRESS: inetIF.Addr = attr.Value - case syscall.IFLA_IFNAME: + case unix.IFLA_IFNAME: inetIF.Name = string(attr.Value[:len(attr.Value)-1]) } } @@ -169,14 +170,14 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli } for _, addr := range addrs { - if addr.Header.Type != syscall.RTM_NEWADDR { + if addr.Header.Type != unix.RTM_NEWADDR { continue } - if len(addr.Data) < syscall.SizeofIfAddrmsg { - return fmt.Errorf("RTM_GETADDR returned RTM_NEWADDR message with invalid data length (%d bytes, expected at least %d bytes)", len(addr.Data), syscall.SizeofIfAddrmsg) + if len(addr.Data) < unix.SizeofIfAddrmsg { + return fmt.Errorf("RTM_GETADDR returned RTM_NEWADDR message with invalid data length (%d bytes, expected at least %d bytes)", len(addr.Data), unix.SizeofIfAddrmsg) } - var ifaddr syscall.IfAddrmsg - binary.Unmarshal(addr.Data[:syscall.SizeofIfAddrmsg], usermem.ByteOrder, &ifaddr) + var ifaddr unix.IfAddrmsg + binary.Unmarshal(addr.Data[:unix.SizeofIfAddrmsg], usermem.ByteOrder, &ifaddr) inetAddr := inet.InterfaceAddr{ Family: ifaddr.Family, PrefixLen: ifaddr.Prefixlen, @@ -188,7 +189,7 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli } for _, attr := range attrs { switch attr.Attr.Type { - case syscall.IFA_ADDRESS: + case unix.IFA_ADDRESS: inetAddr.Addr = attr.Value } } @@ -203,12 +204,12 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli func ExtractHostRoutes(routeMsgs []syscall.NetlinkMessage) ([]inet.Route, error) { var routes []inet.Route for _, routeMsg := range routeMsgs { - if routeMsg.Header.Type != syscall.RTM_NEWROUTE { + if routeMsg.Header.Type != unix.RTM_NEWROUTE { continue } - var ifRoute syscall.RtMsg - binary.Unmarshal(routeMsg.Data[:syscall.SizeofRtMsg], usermem.ByteOrder, &ifRoute) + var ifRoute unix.RtMsg + binary.Unmarshal(routeMsg.Data[:unix.SizeofRtMsg], usermem.ByteOrder, &ifRoute) inetRoute := inet.Route{ Family: ifRoute.Family, DstLen: ifRoute.Dst_len, @@ -231,13 +232,13 @@ func ExtractHostRoutes(routeMsgs []syscall.NetlinkMessage) ([]inet.Route, error) for _, attr := range attrs { switch attr.Attr.Type { - case syscall.RTA_DST: + case unix.RTA_DST: inetRoute.DstAddr = attr.Value - case syscall.RTA_SRC: + case unix.RTA_SRC: inetRoute.SrcAddr = attr.Value - case syscall.RTA_GATEWAY: + case unix.RTA_GATEWAY: inetRoute.GatewayAddr = attr.Value - case syscall.RTA_OIF: + case unix.RTA_OIF: expected := int(binary.Size(inetRoute.OutputInterface)) if len(attr.Value) != expected { return nil, fmt.Errorf("RTM_GETROUTE returned RTM_NEWROUTE message with invalid attribute data length (%d bytes, expected %d bytes)", len(attr.Value), expected) @@ -253,12 +254,12 @@ func ExtractHostRoutes(routeMsgs []syscall.NetlinkMessage) ([]inet.Route, error) } func addHostInterfaces(s *Stack) error { - links, err := doNetlinkRouteRequest(syscall.RTM_GETLINK) + links, err := doNetlinkRouteRequest(unix.RTM_GETLINK) if err != nil { return fmt.Errorf("RTM_GETLINK failed: %v", err) } - addrs, err := doNetlinkRouteRequest(syscall.RTM_GETADDR) + addrs, err := doNetlinkRouteRequest(unix.RTM_GETADDR) if err != nil { return fmt.Errorf("RTM_GETADDR failed: %v", err) } @@ -267,7 +268,7 @@ func addHostInterfaces(s *Stack) error { } func addHostRoutes(s *Stack) error { - routes, err := doNetlinkRouteRequest(syscall.RTM_GETROUTE) + routes, err := doNetlinkRouteRequest(unix.RTM_GETROUTE) if err != nil { return fmt.Errorf("RTM_GETROUTE failed: %v", err) } diff --git a/pkg/sentry/socket/netlink/route/BUILD b/pkg/sentry/socket/netlink/route/BUILD index 93127398d..744fc74f4 100644 --- a/pkg/sentry/socket/netlink/route/BUILD +++ b/pkg/sentry/socket/netlink/route/BUILD @@ -16,5 +16,6 @@ go_library( "//pkg/sentry/kernel/auth", "//pkg/sentry/socket/netlink", "//pkg/syserr", + "@org_golang_x_sys//unix:go_default_library", ], ) diff --git a/pkg/sentry/socket/netlink/route/protocol.go b/pkg/sentry/socket/netlink/route/protocol.go index f4d034c13..5a2255db3 100644 --- a/pkg/sentry/socket/netlink/route/protocol.go +++ b/pkg/sentry/socket/netlink/route/protocol.go @@ -17,8 +17,8 @@ package route import ( "bytes" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/sentry/inet" @@ -436,7 +436,7 @@ func (p *Protocol) newAddr(ctx context.Context, msg *netlink.Message, ms *netlin Flags: ifa.Flags, Addr: value, }) - if err == syscall.EEXIST { + if err == unix.EEXIST { flags := msg.Header().Flags if flags&linux.NLM_F_EXCL != 0 { return syserr.ErrExists diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go index f77a867f1..f2dc7c90b 100644 --- a/pkg/sentry/socket/netstack/netstack.go +++ b/pkg/sentry/socket/netstack/netstack.go @@ -31,7 +31,6 @@ import ( "io/ioutil" "math" "reflect" - "syscall" "time" "golang.org/x/sys/unix" @@ -835,7 +834,7 @@ func getSockOptSocket(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, fam return &optP, nil case linux.SO_PEERCRED: - if family != linux.AF_UNIX || outLen < syscall.SizeofUcred { + if family != linux.AF_UNIX || outLen < unix.SizeofUcred { return nil, syserr.ErrInvalidArgument } @@ -3199,15 +3198,15 @@ func nicStateFlagsToLinux(f stack.NICStateFlags) uint32 { } func isTCPSocket(skType linux.SockType, skProto int) bool { - return skType == linux.SOCK_STREAM && (skProto == 0 || skProto == syscall.IPPROTO_TCP) + return skType == linux.SOCK_STREAM && (skProto == 0 || skProto == unix.IPPROTO_TCP) } func isUDPSocket(skType linux.SockType, skProto int) bool { - return skType == linux.SOCK_DGRAM && (skProto == 0 || skProto == syscall.IPPROTO_UDP) + return skType == linux.SOCK_DGRAM && (skProto == 0 || skProto == unix.IPPROTO_UDP) } func isICMPSocket(skType linux.SockType, skProto int) bool { - return skType == linux.SOCK_DGRAM && (skProto == syscall.IPPROTO_ICMP || skProto == syscall.IPPROTO_ICMPV6) + return skType == linux.SOCK_DGRAM && (skProto == unix.IPPROTO_ICMP || skProto == unix.IPPROTO_ICMPV6) } // State implements socket.Socket.State. State translates the internal state diff --git a/pkg/sentry/socket/netstack/provider.go b/pkg/sentry/socket/netstack/provider.go index 2515dda80..8605ad507 100644 --- a/pkg/sentry/socket/netstack/provider.go +++ b/pkg/sentry/socket/netstack/provider.go @@ -15,8 +15,7 @@ package netstack import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/sentry/fs" @@ -48,18 +47,18 @@ type provider struct { func getTransportProtocol(ctx context.Context, stype linux.SockType, protocol int) (tcpip.TransportProtocolNumber, bool, *syserr.Error) { switch stype { case linux.SOCK_STREAM: - if protocol != 0 && protocol != syscall.IPPROTO_TCP { + if protocol != 0 && protocol != unix.IPPROTO_TCP { return 0, true, syserr.ErrInvalidArgument } return tcp.ProtocolNumber, true, nil case linux.SOCK_DGRAM: switch protocol { - case 0, syscall.IPPROTO_UDP: + case 0, unix.IPPROTO_UDP: return udp.ProtocolNumber, true, nil - case syscall.IPPROTO_ICMP: + case unix.IPPROTO_ICMP: return header.ICMPv4ProtocolNumber, true, nil - case syscall.IPPROTO_ICMPV6: + case unix.IPPROTO_ICMPV6: return header.ICMPv6ProtocolNumber, true, nil } @@ -71,18 +70,18 @@ func getTransportProtocol(ctx context.Context, stype linux.SockType, protocol in } switch protocol { - case syscall.IPPROTO_ICMP: + case unix.IPPROTO_ICMP: return header.ICMPv4ProtocolNumber, true, nil - case syscall.IPPROTO_ICMPV6: + case unix.IPPROTO_ICMPV6: return header.ICMPv6ProtocolNumber, true, nil - case syscall.IPPROTO_UDP: + case unix.IPPROTO_UDP: return header.UDPProtocolNumber, true, nil - case syscall.IPPROTO_TCP: + case unix.IPPROTO_TCP: return header.TCPProtocolNumber, true, nil // IPPROTO_RAW signifies that the raw socket isn't assigned to // a transport protocol. Users will be able to write packets' // IP headers and won't receive anything. - case syscall.IPPROTO_RAW: + case unix.IPPROTO_RAW: return tcpip.TransportProtocolNumber(0), false, nil } } diff --git a/pkg/sentry/socket/socket.go b/pkg/sentry/socket/socket.go index cc535d794..909341dcf 100644 --- a/pkg/sentry/socket/socket.go +++ b/pkg/sentry/socket/socket.go @@ -21,8 +21,8 @@ import ( "bytes" "fmt" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/binary" "gvisor.dev/gvisor/pkg/context" @@ -198,42 +198,42 @@ type SocketVFS2 interface { // // It is implemented by both Socket and SocketVFS2. type SocketOps interface { - // Connect implements the connect(2) linux syscall. + // Connect implements the connect(2) linux unix. Connect(t *kernel.Task, sockaddr []byte, blocking bool) *syserr.Error - // Accept implements the accept4(2) linux syscall. + // Accept implements the accept4(2) linux unix. // Returns fd, real peer address length and error. Real peer address // length is only set if len(peer) > 0. Accept(t *kernel.Task, peerRequested bool, flags int, blocking bool) (int32, linux.SockAddr, uint32, *syserr.Error) - // Bind implements the bind(2) linux syscall. + // Bind implements the bind(2) linux unix. Bind(t *kernel.Task, sockaddr []byte) *syserr.Error - // Listen implements the listen(2) linux syscall. + // Listen implements the listen(2) linux unix. Listen(t *kernel.Task, backlog int) *syserr.Error - // Shutdown implements the shutdown(2) linux syscall. + // Shutdown implements the shutdown(2) linux unix. Shutdown(t *kernel.Task, how int) *syserr.Error - // GetSockOpt implements the getsockopt(2) linux syscall. + // GetSockOpt implements the getsockopt(2) linux unix. GetSockOpt(t *kernel.Task, level int, name int, outPtr usermem.Addr, outLen int) (marshal.Marshallable, *syserr.Error) - // SetSockOpt implements the setsockopt(2) linux syscall. + // SetSockOpt implements the setsockopt(2) linux unix. SetSockOpt(t *kernel.Task, level int, name int, opt []byte) *syserr.Error - // GetSockName implements the getsockname(2) linux syscall. + // GetSockName implements the getsockname(2) linux unix. // // addrLen is the address length to be returned to the application, not // necessarily the actual length of the address. GetSockName(t *kernel.Task) (addr linux.SockAddr, addrLen uint32, err *syserr.Error) - // GetPeerName implements the getpeername(2) linux syscall. + // GetPeerName implements the getpeername(2) linux unix. // // addrLen is the address length to be returned to the application, not // necessarily the actual length of the address. GetPeerName(t *kernel.Task) (addr linux.SockAddr, addrLen uint32, err *syserr.Error) - // RecvMsg implements the recvmsg(2) linux syscall. + // RecvMsg implements the recvmsg(2) linux unix. // // senderAddrLen is the address length to be returned to the application, // not necessarily the actual length of the address. @@ -246,7 +246,7 @@ type SocketOps interface { // If err != nil, the recv was not successful. RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags int, haveDeadline bool, deadline ktime.Time, senderRequested bool, controlDataLen uint64) (n int, msgFlags int, senderAddr linux.SockAddr, senderAddrLen uint32, controlMessages ControlMessages, err *syserr.Error) - // SendMsg implements the sendmsg(2) linux syscall. SendMsg does not take + // SendMsg implements the sendmsg(2) linux unix. SendMsg does not take // ownership of the ControlMessage on error. // // If n > 0, err will either be nil or an error from t.Block. @@ -569,21 +569,21 @@ func emitUnimplementedEvent(t *kernel.Task, name int) { // given family. func UnmarshalSockAddr(family int, data []byte) linux.SockAddr { switch family { - case syscall.AF_INET: + case unix.AF_INET: var addr linux.SockAddrInet - binary.Unmarshal(data[:syscall.SizeofSockaddrInet4], usermem.ByteOrder, &addr) + binary.Unmarshal(data[:unix.SizeofSockaddrInet4], usermem.ByteOrder, &addr) return &addr - case syscall.AF_INET6: + case unix.AF_INET6: var addr linux.SockAddrInet6 - binary.Unmarshal(data[:syscall.SizeofSockaddrInet6], usermem.ByteOrder, &addr) + binary.Unmarshal(data[:unix.SizeofSockaddrInet6], usermem.ByteOrder, &addr) return &addr - case syscall.AF_UNIX: + case unix.AF_UNIX: var addr linux.SockAddrUnix - binary.Unmarshal(data[:syscall.SizeofSockaddrUnix], usermem.ByteOrder, &addr) + binary.Unmarshal(data[:unix.SizeofSockaddrUnix], usermem.ByteOrder, &addr) return &addr - case syscall.AF_NETLINK: + case unix.AF_NETLINK: var addr linux.SockAddrNetlink - binary.Unmarshal(data[:syscall.SizeofSockaddrNetlink], usermem.ByteOrder, &addr) + binary.Unmarshal(data[:unix.SizeofSockaddrNetlink], usermem.ByteOrder, &addr) return &addr default: panic(fmt.Sprintf("Unsupported socket family %v", family)) diff --git a/pkg/sentry/socket/unix/BUILD b/pkg/sentry/socket/unix/BUILD index acf2ab8e7..ff53a26b7 100644 --- a/pkg/sentry/socket/unix/BUILD +++ b/pkg/sentry/socket/unix/BUILD @@ -64,5 +64,6 @@ go_library( "//pkg/tcpip", "//pkg/usermem", "//pkg/waiter", + "@org_golang_x_sys//unix:go_default_library", ], ) diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go index 32e5d2304..63165e1d4 100644 --- a/pkg/sentry/socket/unix/unix.go +++ b/pkg/sentry/socket/unix/unix.go @@ -19,8 +19,8 @@ package unix import ( "fmt" "strings" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fspath" @@ -600,14 +600,14 @@ func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags // Calculate the number of FDs for which we have space and if we are // requesting credentials. var wantCreds bool - rightsLen := int(controlDataLen) - syscall.SizeofCmsghdr + rightsLen := int(controlDataLen) - unix.SizeofCmsghdr if s.Passcred() { // Credentials take priority if they are enabled and there is space. wantCreds = rightsLen > 0 if !wantCreds { msgFlags |= linux.MSG_CTRUNC } - credLen := syscall.CmsgSpace(syscall.SizeofUcred) + credLen := unix.CmsgSpace(unix.SizeofUcred) rightsLen -= credLen } // FDs are 32 bit (4 byte) ints. |