[syserror] Update syserror to linuxerr for EACCES, EBADF, and EPERM.

Update all instances of the above errors to the faster linuxerr implementation.
With the temporary linuxerr.Equals(), no logical changes are made.

PiperOrigin-RevId: 382306655

9 files changed, 58 insertions, 57 deletions

diff --git a/pkg/sentry/vfs/anonfs.go b/pkg/sentry/vfs/anonfs.go
index 8b3612200..bb8c26e46 100644
--- a/pkg/sentry/vfs/anonfs.go
+++ b/pkg/sentry/vfs/anonfs.go
@@ -133,7 +133,7 @@ func (fs *anonFilesystem) LinkAt(ctx context.Context, rp *ResolvingPath, vd Virt
 	if !rp.Final() {
 		return syserror.ENOTDIR
 	}
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // MkdirAt implements FilesystemImpl.MkdirAt.
@@ -141,7 +141,7 @@ func (fs *anonFilesystem) MkdirAt(ctx context.Context, rp *ResolvingPath, opts M
 	if !rp.Final() {
 		return syserror.ENOTDIR
 	}
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // MknodAt implements FilesystemImpl.MknodAt.
@@ -149,7 +149,7 @@ func (fs *anonFilesystem) MknodAt(ctx context.Context, rp *ResolvingPath, opts M
 	if !rp.Final() {
 		return syserror.ENOTDIR
 	}
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // OpenAt implements FilesystemImpl.OpenAt.
@@ -173,7 +173,7 @@ func (fs *anonFilesystem) RenameAt(ctx context.Context, rp *ResolvingPath, oldPa
 	if !rp.Final() {
 		return syserror.ENOTDIR
 	}
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // RmdirAt implements FilesystemImpl.RmdirAt.
@@ -181,7 +181,7 @@ func (fs *anonFilesystem) RmdirAt(ctx context.Context, rp *ResolvingPath) error
 	if !rp.Final() {
 		return syserror.ENOTDIR
 	}
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // SetStatAt implements FilesystemImpl.SetStatAt.
@@ -232,7 +232,7 @@ func (fs *anonFilesystem) SymlinkAt(ctx context.Context, rp *ResolvingPath, targ
 	if !rp.Final() {
 		return syserror.ENOTDIR
 	}
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // UnlinkAt implements FilesystemImpl.UnlinkAt.
@@ -240,7 +240,7 @@ func (fs *anonFilesystem) UnlinkAt(ctx context.Context, rp *ResolvingPath) error
 	if !rp.Final() {
 		return syserror.ENOTDIR
 	}
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // BoundEndpointAt implements FilesystemImpl.BoundEndpointAt.
@@ -275,7 +275,7 @@ func (fs *anonFilesystem) SetXattrAt(ctx context.Context, rp *ResolvingPath, opt
 	if !rp.Done() {
 		return syserror.ENOTDIR
 	}
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // RemoveXattrAt implements FilesystemImpl.RemoveXattrAt.
@@ -283,7 +283,7 @@ func (fs *anonFilesystem) RemoveXattrAt(ctx context.Context, rp *ResolvingPath,
 	if !rp.Done() {
 		return syserror.ENOTDIR
 	}
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // PrependPath implements FilesystemImpl.PrependPath.
diff --git a/pkg/sentry/vfs/file_description.go b/pkg/sentry/vfs/file_description.go
index 63ee0aab3..6ded82baf 100644
--- a/pkg/sentry/vfs/file_description.go
+++ b/pkg/sentry/vfs/file_description.go
@@ -253,7 +253,7 @@ func (fd *FileDescription) SetStatusFlags(ctx context.Context, creds *auth.Crede
 			return err
 		}
 		if (stat.AttributesMask&linux.STATX_ATTR_APPEND != 0) && (stat.Attributes&linux.STATX_ATTR_APPEND != 0) {
-			return syserror.EPERM
+			return linuxerr.EPERM
 		}
 	}
 	if (flags&linux.O_NOATIME != 0) && (oldFlags&linux.O_NOATIME == 0) {
@@ -267,10 +267,10 @@ func (fd *FileDescription) SetStatusFlags(ctx context.Context, creds *auth.Crede
 			return err
 		}
 		if stat.Mask&linux.STATX_UID == 0 {
-			return syserror.EPERM
+			return linuxerr.EPERM
 		}
 		if !CanActAsOwner(creds, auth.KUID(stat.UID)) {
-			return syserror.EPERM
+			return linuxerr.EPERM
 		}
 	}
 	if flags&linux.O_DIRECT != 0 && !fd.opts.AllowDirectIO {
@@ -568,7 +568,7 @@ func (fd *FileDescription) StatFS(ctx context.Context) (linux.Statfs, error) {
 // Allocate grows file represented by FileDescription to offset + length bytes.
 func (fd *FileDescription) Allocate(ctx context.Context, mode, offset, length uint64) error {
 	if !fd.IsWritable() {
-		return syserror.EBADF
+		return linuxerr.EBADF
 	}
 	if err := fd.impl.Allocate(ctx, mode, offset, length); err != nil {
 		return err
@@ -606,7 +606,7 @@ func (fd *FileDescription) PRead(ctx context.Context, dst usermem.IOSequence, of
 		return 0, syserror.ESPIPE
 	}
 	if !fd.readable {
-		return 0, syserror.EBADF
+		return 0, linuxerr.EBADF
 	}
 	start := fsmetric.StartReadWait()
 	n, err := fd.impl.PRead(ctx, dst, offset, opts)
@@ -621,7 +621,7 @@ func (fd *FileDescription) PRead(ctx context.Context, dst usermem.IOSequence, of
 // Read is similar to PRead, but does not specify an offset.
 func (fd *FileDescription) Read(ctx context.Context, dst usermem.IOSequence, opts ReadOptions) (int64, error) {
 	if !fd.readable {
-		return 0, syserror.EBADF
+		return 0, linuxerr.EBADF
 	}
 	start := fsmetric.StartReadWait()
 	n, err := fd.impl.Read(ctx, dst, opts)
@@ -641,7 +641,7 @@ func (fd *FileDescription) PWrite(ctx context.Context, src usermem.IOSequence, o
 		return 0, syserror.ESPIPE
 	}
 	if !fd.writable {
-		return 0, syserror.EBADF
+		return 0, linuxerr.EBADF
 	}
 	n, err := fd.impl.PWrite(ctx, src, offset, opts)
 	if n > 0 {
@@ -653,7 +653,7 @@ func (fd *FileDescription) PWrite(ctx context.Context, src usermem.IOSequence, o
 // Write is similar to PWrite, but does not specify an offset.
 func (fd *FileDescription) Write(ctx context.Context, src usermem.IOSequence, opts WriteOptions) (int64, error) {
 	if !fd.writable {
-		return 0, syserror.EBADF
+		return 0, linuxerr.EBADF
 	}
 	n, err := fd.impl.Write(ctx, src, opts)
 	if n > 0 {
diff --git a/pkg/sentry/vfs/file_description_impl_util.go b/pkg/sentry/vfs/file_description_impl_util.go
index cffb46aab..c947d0c6c 100644
--- a/pkg/sentry/vfs/file_description_impl_util.go
+++ b/pkg/sentry/vfs/file_description_impl_util.go
@@ -504,25 +504,25 @@ func (BadLockFD) SupportsLocks() bool {
 
 // LockBSD implements FileDescriptionImpl.LockBSD.
 func (BadLockFD) LockBSD(ctx context.Context, uid fslock.UniqueID, ownerPID int32, t fslock.LockType, block fslock.Blocker) error {
-	return syserror.EBADF
+	return linuxerr.EBADF
 }
 
 // UnlockBSD implements FileDescriptionImpl.UnlockBSD.
 func (BadLockFD) UnlockBSD(ctx context.Context, uid fslock.UniqueID) error {
-	return syserror.EBADF
+	return linuxerr.EBADF
 }
 
 // LockPOSIX implements FileDescriptionImpl.LockPOSIX.
 func (BadLockFD) LockPOSIX(ctx context.Context, uid fslock.UniqueID, ownerPID int32, t fslock.LockType, r fslock.LockRange, block fslock.Blocker) error {
-	return syserror.EBADF
+	return linuxerr.EBADF
 }
 
 // UnlockPOSIX implements FileDescriptionImpl.UnlockPOSIX.
 func (BadLockFD) UnlockPOSIX(ctx context.Context, uid fslock.UniqueID, r fslock.LockRange) error {
-	return syserror.EBADF
+	return linuxerr.EBADF
 }
 
 // TestPOSIX implements FileDescriptionImpl.TestPOSIX.
 func (BadLockFD) TestPOSIX(ctx context.Context, uid fslock.UniqueID, t fslock.LockType, r fslock.LockRange) (linux.Flock, error) {
-	return linux.Flock{}, syserror.EBADF
+	return linux.Flock{}, linuxerr.EBADF
 }
diff --git a/pkg/sentry/vfs/file_description_impl_util_test.go b/pkg/sentry/vfs/file_description_impl_util_test.go
index 566ad856a..3423dede1 100644
--- a/pkg/sentry/vfs/file_description_impl_util_test.go
+++ b/pkg/sentry/vfs/file_description_impl_util_test.go
@@ -103,7 +103,7 @@ func (fd *testFD) Stat(ctx context.Context, opts StatOptions) (linux.Statx, erro
 
 // SetStat implements FileDescriptionImpl.SetStat.
 func (fd *testFD) SetStat(ctx context.Context, opts SetStatOptions) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 func TestGenCountFD(t *testing.T) {
diff --git a/pkg/sentry/vfs/inotify.go b/pkg/sentry/vfs/inotify.go
index a7655bbb5..ebbbda697 100644
--- a/pkg/sentry/vfs/inotify.go
+++ b/pkg/sentry/vfs/inotify.go
@@ -195,7 +195,7 @@ func (*Inotify) PWrite(ctx context.Context, src usermem.IOSequence, offset int64
 
 // Write implements FileDescriptionImpl.Write.
 func (*Inotify) Write(ctx context.Context, src usermem.IOSequence, opts WriteOptions) (int64, error) {
-	return 0, syserror.EBADF
+	return 0, linuxerr.EBADF
 }
 
 // Read implements FileDescriptionImpl.Read.
@@ -333,7 +333,7 @@ func (i *Inotify) AddWatch(target *Dentry, mask uint32) (int32, error) {
 	if ws == nil {
 		// While Linux supports inotify watches on all filesystem types, watches on
 		// filesystems like kernfs are not generally useful, so we do not.
-		return 0, syserror.EPERM
+		return 0, linuxerr.EPERM
 	}
 	// Does the target already have a watch from this inotify instance?
 	if existing := ws.Lookup(i.id); existing != nil {
diff --git a/pkg/sentry/vfs/mount.go b/pkg/sentry/vfs/mount.go
index 03857dfc8..ceb1e5fff 100644
--- a/pkg/sentry/vfs/mount.go
+++ b/pkg/sentry/vfs/mount.go
@@ -293,7 +293,7 @@ func (vfs *VirtualFilesystem) UmountAt(ctx context.Context, creds *auth.Credenti
 	// namespace, and not in the owner user namespace for the target mount. See
 	// fs/namespace.c:SYSCALL_DEFINE2(umount, ...)
 	if opts.Flags&linux.MNT_FORCE != 0 && creds.HasCapabilityIn(linux.CAP_SYS_ADMIN, creds.UserNamespace.Root()) {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 
 	vd, err := vfs.GetDentryAt(ctx, creds, pop, &GetDentryOptions{})
diff --git a/pkg/sentry/vfs/opath.go b/pkg/sentry/vfs/opath.go
index e9651b631..da0b33b79 100644
--- a/pkg/sentry/vfs/opath.go
+++ b/pkg/sentry/vfs/opath.go
@@ -17,10 +17,10 @@ package vfs
 import (
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 	"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
 	"gvisor.dev/gvisor/pkg/sentry/memmap"
-	"gvisor.dev/gvisor/pkg/syserror"
 	"gvisor.dev/gvisor/pkg/usermem"
 )
 
@@ -40,77 +40,77 @@ func (fd *opathFD) Release(context.Context) {
 
 // Allocate implements FileDescriptionImpl.Allocate.
 func (fd *opathFD) Allocate(ctx context.Context, mode, offset, length uint64) error {
-	return syserror.EBADF
+	return linuxerr.EBADF
 }
 
 // PRead implements FileDescriptionImpl.PRead.
 func (fd *opathFD) PRead(ctx context.Context, dst usermem.IOSequence, offset int64, opts ReadOptions) (int64, error) {
-	return 0, syserror.EBADF
+	return 0, linuxerr.EBADF
 }
 
 // Read implements FileDescriptionImpl.Read.
 func (fd *opathFD) Read(ctx context.Context, dst usermem.IOSequence, opts ReadOptions) (int64, error) {
-	return 0, syserror.EBADF
+	return 0, linuxerr.EBADF
 }
 
 // PWrite implements FileDescriptionImpl.PWrite.
 func (fd *opathFD) PWrite(ctx context.Context, src usermem.IOSequence, offset int64, opts WriteOptions) (int64, error) {
-	return 0, syserror.EBADF
+	return 0, linuxerr.EBADF
 }
 
 // Write implements FileDescriptionImpl.Write.
 func (fd *opathFD) Write(ctx context.Context, src usermem.IOSequence, opts WriteOptions) (int64, error) {
-	return 0, syserror.EBADF
+	return 0, linuxerr.EBADF
 }
 
 // Ioctl implements FileDescriptionImpl.Ioctl.
 func (fd *opathFD) Ioctl(ctx context.Context, uio usermem.IO, args arch.SyscallArguments) (uintptr, error) {
-	return 0, syserror.EBADF
+	return 0, linuxerr.EBADF
 }
 
 // IterDirents implements FileDescriptionImpl.IterDirents.
 func (fd *opathFD) IterDirents(ctx context.Context, cb IterDirentsCallback) error {
-	return syserror.EBADF
+	return linuxerr.EBADF
 }
 
 // Seek implements FileDescriptionImpl.Seek.
 func (fd *opathFD) Seek(ctx context.Context, offset int64, whence int32) (int64, error) {
-	return 0, syserror.EBADF
+	return 0, linuxerr.EBADF
 }
 
 // ConfigureMMap implements FileDescriptionImpl.ConfigureMMap.
 func (fd *opathFD) ConfigureMMap(ctx context.Context, opts *memmap.MMapOpts) error {
-	return syserror.EBADF
+	return linuxerr.EBADF
 }
 
 // ListXattr implements FileDescriptionImpl.ListXattr.
 func (fd *opathFD) ListXattr(ctx context.Context, size uint64) ([]string, error) {
-	return nil, syserror.EBADF
+	return nil, linuxerr.EBADF
 }
 
 // GetXattr implements FileDescriptionImpl.GetXattr.
 func (fd *opathFD) GetXattr(ctx context.Context, opts GetXattrOptions) (string, error) {
-	return "", syserror.EBADF
+	return "", linuxerr.EBADF
 }
 
 // SetXattr implements FileDescriptionImpl.SetXattr.
 func (fd *opathFD) SetXattr(ctx context.Context, opts SetXattrOptions) error {
-	return syserror.EBADF
+	return linuxerr.EBADF
 }
 
 // RemoveXattr implements FileDescriptionImpl.RemoveXattr.
 func (fd *opathFD) RemoveXattr(ctx context.Context, name string) error {
-	return syserror.EBADF
+	return linuxerr.EBADF
 }
 
 // Sync implements FileDescriptionImpl.Sync.
 func (fd *opathFD) Sync(ctx context.Context) error {
-	return syserror.EBADF
+	return linuxerr.EBADF
 }
 
 // SetStat implements FileDescriptionImpl.SetStat.
 func (fd *opathFD) SetStat(ctx context.Context, opts SetStatOptions) error {
-	return syserror.EBADF
+	return linuxerr.EBADF
 }
 
 // Stat implements FileDescriptionImpl.Stat.
diff --git a/pkg/sentry/vfs/permissions.go b/pkg/sentry/vfs/permissions.go
index b7704874f..22abdd5b8 100644
--- a/pkg/sentry/vfs/permissions.go
+++ b/pkg/sentry/vfs/permissions.go
@@ -20,6 +20,7 @@ import (
 
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
 	"gvisor.dev/gvisor/pkg/sentry/limits"
 	"gvisor.dev/gvisor/pkg/syserror"
@@ -77,7 +78,7 @@ func GenericCheckPermissions(creds *auth.Credentials, ats AccessTypes, mode linu
 	// the caller's user namespace; compare
 	// kernel/capability.c:privileged_wrt_inode_uidgid().
 	if !kuid.In(creds.UserNamespace).Ok() || !kgid.In(creds.UserNamespace).Ok() {
-		return syserror.EACCES
+		return linuxerr.EACCES
 	}
 	// CAP_DAC_READ_SEARCH allows the caller to read and search arbitrary
 	// directories, and read arbitrary non-directory files.
@@ -94,7 +95,7 @@ func GenericCheckPermissions(creds *auth.Credentials, ats AccessTypes, mode linu
 			return nil
 		}
 	}
-	return syserror.EACCES
+	return linuxerr.EACCES
 }
 
 // MayLink determines whether creating a hard link to a file with the given
@@ -110,12 +111,12 @@ func MayLink(creds *auth.Credentials, mode linux.FileMode, kuid auth.KUID, kgid
 
 	// Only regular files can be hard linked.
 	if mode.FileType() != linux.S_IFREG {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 
 	// Setuid files should not get pinned to the filesystem.
 	if mode&linux.S_ISUID != 0 {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 
 	// Executable setgid files should not get pinned to the filesystem, but we
@@ -123,7 +124,7 @@ func MayLink(creds *auth.Credentials, mode linux.FileMode, kuid auth.KUID, kgid
 
 	// Hardlinking to unreadable or unwritable sources is dangerous.
 	if err := GenericCheckPermissions(creds, MayRead|MayWrite, mode, kuid, kgid); err != nil {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 	return nil
 }
@@ -199,7 +200,7 @@ func CheckSetStat(ctx context.Context, creds *auth.Credentials, opts *SetStatOpt
 	}
 	if stat.Mask&linux.STATX_MODE != 0 {
 		if !CanActAsOwner(creds, kuid) {
-			return syserror.EPERM
+			return linuxerr.EPERM
 		}
 		// TODO(b/30815691): "If the calling process is not privileged (Linux:
 		// does not have the CAP_FSETID capability), and the group of the file
@@ -210,13 +211,13 @@ func CheckSetStat(ctx context.Context, creds *auth.Credentials, opts *SetStatOpt
 	if stat.Mask&linux.STATX_UID != 0 {
 		if !((creds.EffectiveKUID == kuid && auth.KUID(stat.UID) == kuid) ||
 			HasCapabilityOnFile(creds, linux.CAP_CHOWN, kuid, kgid)) {
-			return syserror.EPERM
+			return linuxerr.EPERM
 		}
 	}
 	if stat.Mask&linux.STATX_GID != 0 {
 		if !((creds.EffectiveKUID == kuid && creds.InGroup(auth.KGID(stat.GID))) ||
 			HasCapabilityOnFile(creds, linux.CAP_CHOWN, kuid, kgid)) {
-			return syserror.EPERM
+			return linuxerr.EPERM
 		}
 	}
 	if opts.NeedWritePerm && !creds.HasCapability(linux.CAP_DAC_OVERRIDE) {
@@ -229,7 +230,7 @@ func CheckSetStat(ctx context.Context, creds *auth.Credentials, opts *SetStatOpt
 			if (stat.Mask&linux.STATX_ATIME != 0 && stat.Atime.Nsec != linux.UTIME_NOW) ||
 				(stat.Mask&linux.STATX_MTIME != 0 && stat.Mtime.Nsec != linux.UTIME_NOW) ||
 				(stat.Mask&linux.STATX_CTIME != 0 && stat.Ctime.Nsec != linux.UTIME_NOW) {
-				return syserror.EPERM
+				return linuxerr.EPERM
 			}
 			if err := GenericCheckPermissions(creds, MayWrite, mode, kuid, kgid); err != nil {
 				return err
@@ -252,7 +253,7 @@ func CheckDeleteSticky(creds *auth.Credentials, parentMode linux.FileMode, paren
 		HasCapabilityOnFile(creds, linux.CAP_FOWNER, childKUID, childKGID) {
 		return nil
 	}
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // CanActAsOwner returns true if creds can act as the owner of a file with the
@@ -306,7 +307,7 @@ func CheckXattrPermissions(creds *auth.Credentials, ats AccessTypes, mode linux.
 			return nil
 		}
 		if ats.MayWrite() {
-			return syserror.EPERM
+			return linuxerr.EPERM
 		}
 		return syserror.ENODATA
 	case strings.HasPrefix(name, linux.XATTR_USER_PREFIX):
@@ -316,12 +317,12 @@ func CheckXattrPermissions(creds *auth.Credentials, ats AccessTypes, mode linux.
 		filetype := mode.FileType()
 		if filetype != linux.ModeRegular && filetype != linux.ModeDirectory {
 			if ats.MayWrite() {
-				return syserror.EPERM
+				return linuxerr.EPERM
 			}
 			return syserror.ENODATA
 		}
 		if filetype == linux.ModeDirectory && mode&linux.ModeSticky != 0 && ats.MayWrite() && !CanActAsOwner(creds, kuid) {
-			return syserror.EPERM
+			return linuxerr.EPERM
 		}
 	}
 	return nil
diff --git a/pkg/sentry/vfs/vfs.go b/pkg/sentry/vfs/vfs.go
index f2aabb905..0e94be174 100644
--- a/pkg/sentry/vfs/vfs.go
+++ b/pkg/sentry/vfs/vfs.go
@@ -449,7 +449,7 @@ func (vfs *VirtualFilesystem) OpenAt(ctx context.Context, creds *auth.Credential
 			if opts.FileExec {
 				if fd.Mount().Flags.NoExec {
 					fd.DecRef(ctx)
-					return nil, syserror.EACCES
+					return nil, linuxerr.EACCES
 				}
 
 				// Only a regular file can be executed.
@@ -460,7 +460,7 @@ func (vfs *VirtualFilesystem) OpenAt(ctx context.Context, creds *auth.Credential
 				}
 				if stat.Mask&linux.STATX_TYPE == 0 || stat.Mode&linux.S_IFMT != linux.S_IFREG {
 					fd.DecRef(ctx)
-					return nil, syserror.EACCES
+					return nil, linuxerr.EACCES
 				}
 			}