summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2021-03-03 18:43:27 +0000
committergVisor bot <gvisor-bot@google.com>2021-03-03 18:43:27 +0000
commitaae5455fe381c4cbc956f61c971284ee05c52dfc (patch)
tree2b1cb0233968680dcd0374f20ee826cf311bda95 /pkg/sentry
parente2599d556573b05eb3714c1e791fa29431dc3d3f (diff)
parenta9441aea2780da8c93da1c73da860219f98438de (diff)
Merge release-20210301.0-5-ga9441aea2 (automated)
Diffstat (limited to 'pkg/sentry')
-rw-r--r--pkg/sentry/arch/arch_amd64.go10
-rw-r--r--pkg/sentry/arch/arch_arm64.go6
-rw-r--r--pkg/sentry/arch/arch_x86.go20
-rw-r--r--pkg/sentry/arch/signal_amd64.go6
-rw-r--r--pkg/sentry/arch/signal_arm64.go5
-rw-r--r--pkg/sentry/fs/attr.go10
-rw-r--r--pkg/sentry/fs/dirent.go50
-rw-r--r--pkg/sentry/fs/fdpipe/pipe.go14
-rw-r--r--pkg/sentry/fs/fdpipe/pipe_opener.go8
-rw-r--r--pkg/sentry/fs/fsutil/host_file_mapper.go32
-rw-r--r--pkg/sentry/fs/gofer/attr.go5
-rw-r--r--pkg/sentry/fs/gofer/file.go4
-rw-r--r--pkg/sentry/fs/gofer/inode.go12
-rw-r--r--pkg/sentry/fs/gofer/util.go5
-rw-r--r--pkg/sentry/fs/host/control.go9
-rw-r--r--pkg/sentry/fs/host/descriptor.go12
-rw-r--r--pkg/sentry/fs/host/file.go32
-rw-r--r--pkg/sentry/fs/host/inode.go23
-rw-r--r--pkg/sentry/fs/host/inode_state.go6
-rw-r--r--pkg/sentry/fs/host/ioctl_unsafe.go10
-rw-r--r--pkg/sentry/fs/host/socket.go18
-rw-r--r--pkg/sentry/fs/host/socket_iovec.go11
-rw-r--r--pkg/sentry/fs/host/socket_state.go4
-rw-r--r--pkg/sentry/fs/host/socket_unsafe.go17
-rw-r--r--pkg/sentry/fs/host/util.go28
-rw-r--r--pkg/sentry/fs/host/util_amd64_unsafe.go13
-rw-r--r--pkg/sentry/fs/host/util_arm64_unsafe.go13
-rw-r--r--pkg/sentry/fs/host/util_unsafe.go20
-rw-r--r--pkg/sentry/fs/lock/lock.go8
-rw-r--r--pkg/sentry/fs/mounts.go8
-rw-r--r--pkg/sentry/fs/ramfs/dir.go6
-rw-r--r--pkg/sentry/fs/save.go4
-rw-r--r--pkg/sentry/fsimpl/eventfd/eventfd.go22
-rw-r--r--pkg/sentry/fsimpl/fuse/connection_control.go4
-rw-r--r--pkg/sentry/fsimpl/fuse/dev.go7
-rw-r--r--pkg/sentry/fsimpl/fuse/request_response.go4
-rw-r--r--pkg/sentry/fsimpl/gofer/gofer.go18
-rw-r--r--pkg/sentry/fsimpl/gofer/handle.go5
-rw-r--r--pkg/sentry/fsimpl/gofer/socket.go5
-rw-r--r--pkg/sentry/fsimpl/gofer/special_file.go4
-rw-r--r--pkg/sentry/fsimpl/host/control.go7
-rw-r--r--pkg/sentry/fsimpl/host/host.go47
-rw-r--r--pkg/sentry/fsimpl/host/ioctl_unsafe.go10
-rw-r--r--pkg/sentry/fsimpl/host/save_restore.go8
-rw-r--r--pkg/sentry/fsimpl/host/socket.go18
-rw-r--r--pkg/sentry/fsimpl/host/socket_iovec.go11
-rw-r--r--pkg/sentry/fsimpl/host/socket_unsafe.go17
-rw-r--r--pkg/sentry/fsimpl/host/util.go8
-rw-r--r--pkg/sentry/fsimpl/host/util_unsafe.go9
-rw-r--r--pkg/sentry/hostfd/hostfd_unsafe.go17
-rw-r--r--pkg/sentry/hostmm/hostmm.go10
-rw-r--r--pkg/sentry/hostmm/membarrier.go12
-rw-r--r--pkg/sentry/kernel/abstract_socket_namespace.go4
-rw-r--r--pkg/sentry/kernel/epoll/epoll.go16
-rw-r--r--pkg/sentry/kernel/eventfd/eventfd.go22
-rw-r--r--pkg/sentry/kernel/fd_table.go32
-rw-r--r--pkg/sentry/kernel/pipe/pipe.go4
-rw-r--r--pkg/sentry/kernel/pipe/pipe_util.go4
-rw-r--r--pkg/sentry/kernel/seccomp.go5
-rw-r--r--pkg/sentry/kernel/task_syscall.go10
-rw-r--r--pkg/sentry/limits/limits.go7
-rw-r--r--pkg/sentry/pgalloc/pgalloc.go30
-rw-r--r--pkg/sentry/pgalloc/pgalloc_unsafe.go7
-rw-r--r--pkg/sentry/pgalloc/save_restore.go4
-rw-r--r--pkg/sentry/platform/kvm/bluepill.go6
-rw-r--r--pkg/sentry/platform/kvm/bluepill_amd64.go5
-rw-r--r--pkg/sentry/platform/kvm/bluepill_amd64_unsafe.go10
-rw-r--r--pkg/sentry/platform/kvm/bluepill_arm64.go5
-rw-r--r--pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go16
-rw-r--r--pkg/sentry/platform/kvm/bluepill_fault.go12
-rw-r--r--pkg/sentry/platform/kvm/bluepill_unsafe.go18
-rw-r--r--pkg/sentry/platform/kvm/filters_amd64.go14
-rw-r--r--pkg/sentry/platform/kvm/filters_arm64.go12
-rw-r--r--pkg/sentry/platform/kvm/kvm.go10
-rw-r--r--pkg/sentry/platform/kvm/kvm_amd64_unsafe.go15
-rw-r--r--pkg/sentry/platform/kvm/kvm_arm64_unsafe.go5
-rw-r--r--pkg/sentry/platform/kvm/machine.go18
-rw-r--r--pkg/sentry/platform/kvm/machine_amd64.go32
-rw-r--r--pkg/sentry/platform/kvm/machine_amd64_unsafe.go48
-rw-r--r--pkg/sentry/platform/kvm/machine_arm64_unsafe.go32
-rw-r--r--pkg/sentry/platform/kvm/machine_unsafe.go34
-rw-r--r--pkg/sentry/platform/kvm/physical_map.go10
-rw-r--r--pkg/sentry/platform/ptrace/filters.go9
-rw-r--r--pkg/sentry/platform/ptrace/ptrace_arm64_unsafe.go18
-rw-r--r--pkg/sentry/platform/ptrace/ptrace_unsafe.go66
-rw-r--r--pkg/sentry/platform/ptrace/stub_unsafe.go18
-rw-r--r--pkg/sentry/platform/ptrace/subprocess.go77
-rw-r--r--pkg/sentry/platform/ptrace/subprocess_amd64.go19
-rw-r--r--pkg/sentry/platform/ptrace/subprocess_arm64.go11
-rw-r--r--pkg/sentry/platform/ptrace/subprocess_linux.go66
-rw-r--r--pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go6
-rw-r--r--pkg/sentry/sighandling/sighandling.go4
-rw-r--r--pkg/sentry/sighandling/sighandling_unsafe.go6
-rw-r--r--pkg/sentry/socket/hostinet/socket.go97
-rw-r--r--pkg/sentry/socket/hostinet/socket_unsafe.go32
-rw-r--r--pkg/sentry/socket/hostinet/socket_vfs2.go15
-rw-r--r--pkg/sentry/socket/hostinet/stack.go47
-rw-r--r--pkg/sentry/socket/netlink/route/protocol.go4
-rw-r--r--pkg/sentry/socket/netstack/netstack.go9
-rw-r--r--pkg/sentry/socket/netstack/provider.go21
-rw-r--r--pkg/sentry/socket/socket.go40
-rw-r--r--pkg/sentry/socket/unix/unix.go6
-rw-r--r--pkg/sentry/state/state_unsafe.go6
-rw-r--r--pkg/sentry/strace/clone.go47
-rw-r--r--pkg/sentry/strace/open.go39
-rw-r--r--pkg/sentry/syscalls/linux/sys_file.go7
-rw-r--r--pkg/sentry/syscalls/linux/sys_thread.go4
-rw-r--r--pkg/sentry/time/sampler_unsafe.go11
-rw-r--r--pkg/sentry/usage/memory.go4
109 files changed, 891 insertions, 917 deletions
diff --git a/pkg/sentry/arch/arch_amd64.go b/pkg/sentry/arch/arch_amd64.go
index c7d3a206d..15d8ddb40 100644
--- a/pkg/sentry/arch/arch_amd64.go
+++ b/pkg/sentry/arch/arch_amd64.go
@@ -20,8 +20,8 @@ import (
"bytes"
"fmt"
"math/rand"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/cpuid"
"gvisor.dev/gvisor/pkg/marshal"
"gvisor.dev/gvisor/pkg/marshal/primitive"
@@ -210,7 +210,7 @@ func mmapRand(max uint64) usermem.Addr {
func (c *context64) NewMmapLayout(min, max usermem.Addr, r *limits.LimitSet) (MmapLayout, error) {
min, ok := min.RoundUp()
if !ok {
- return MmapLayout{}, syscall.EINVAL
+ return MmapLayout{}, unix.EINVAL
}
if max > maxAddr64 {
max = maxAddr64
@@ -218,7 +218,7 @@ func (c *context64) NewMmapLayout(min, max usermem.Addr, r *limits.LimitSet) (Mm
max = max.RoundDown()
if min > max {
- return MmapLayout{}, syscall.EINVAL
+ return MmapLayout{}, unix.EINVAL
}
stackSize := r.Get(limits.Stack)
@@ -297,7 +297,7 @@ const userStructSize = 928
// PtracePeekUser implements Context.PtracePeekUser.
func (c *context64) PtracePeekUser(addr uintptr) (marshal.Marshallable, error) {
if addr&7 != 0 || addr >= userStructSize {
- return nil, syscall.EIO
+ return nil, unix.EIO
}
// PTRACE_PEEKUSER and PTRACE_POKEUSER are only effective on regs and
// u_debugreg, returning 0 or silently no-oping for other fields
@@ -315,7 +315,7 @@ func (c *context64) PtracePeekUser(addr uintptr) (marshal.Marshallable, error) {
// PtracePokeUser implements Context.PtracePokeUser.
func (c *context64) PtracePokeUser(addr, data uintptr) error {
if addr&7 != 0 || addr >= userStructSize {
- return syscall.EIO
+ return unix.EIO
}
if addr < uintptr(ptraceRegistersSize) {
regs := c.ptraceGetRegs()
diff --git a/pkg/sentry/arch/arch_arm64.go b/pkg/sentry/arch/arch_arm64.go
index 680d23a9f..0c61a3ff7 100644
--- a/pkg/sentry/arch/arch_arm64.go
+++ b/pkg/sentry/arch/arch_arm64.go
@@ -19,8 +19,8 @@ package arch
import (
"fmt"
"math/rand"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/cpuid"
"gvisor.dev/gvisor/pkg/marshal"
"gvisor.dev/gvisor/pkg/marshal/primitive"
@@ -194,7 +194,7 @@ func mmapRand(max uint64) usermem.Addr {
func (c *context64) NewMmapLayout(min, max usermem.Addr, r *limits.LimitSet) (MmapLayout, error) {
min, ok := min.RoundUp()
if !ok {
- return MmapLayout{}, syscall.EINVAL
+ return MmapLayout{}, unix.EINVAL
}
if max > maxAddr64 {
max = maxAddr64
@@ -202,7 +202,7 @@ func (c *context64) NewMmapLayout(min, max usermem.Addr, r *limits.LimitSet) (Mm
max = max.RoundDown()
if min > max {
- return MmapLayout{}, syscall.EINVAL
+ return MmapLayout{}, unix.EINVAL
}
stackSize := r.Get(limits.Stack)
diff --git a/pkg/sentry/arch/arch_x86.go b/pkg/sentry/arch/arch_x86.go
index b9405b320..641ada92f 100644
--- a/pkg/sentry/arch/arch_x86.go
+++ b/pkg/sentry/arch/arch_x86.go
@@ -19,8 +19,8 @@ package arch
import (
"fmt"
"io"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/cpuid"
"gvisor.dev/gvisor/pkg/log"
@@ -334,28 +334,28 @@ func (s *State) PtraceSetRegs(src io.Reader) (int, error) {
regs.Ss = uint64(uint16(regs.Ss))
// In Linux this validation is via arch/x86/kernel/ptrace.c:putreg().
if !isUserSegmentSelector(regs.Cs) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
if regs.Ds != 0 && !isUserSegmentSelector(regs.Ds) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
if regs.Es != 0 && !isUserSegmentSelector(regs.Es) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
if regs.Fs != 0 && !isUserSegmentSelector(regs.Fs) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
if regs.Gs != 0 && !isUserSegmentSelector(regs.Gs) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
if !isUserSegmentSelector(regs.Ss) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
if !isValidSegmentBase(regs.Fs_base) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
if !isValidSegmentBase(regs.Gs_base) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
// CS and SS are validated, but changes to them are otherwise silently
// ignored on amd64.
@@ -512,7 +512,7 @@ func (s *State) ptraceSetXstateRegs(src io.Reader, maxlen int) (int, error) {
// permits setting a register set smaller than minXstateBytes, but it has
// the same silent truncation behavior in kernel/ptrace.c:ptrace_regset().)
if maxlen < minXstateBytes {
- return 0, syscall.EFAULT
+ return 0, unix.EFAULT
}
ess, _ := s.FeatureSet.ExtendedStateSize()
if maxlen > int(ess) {
diff --git a/pkg/sentry/arch/signal_amd64.go b/pkg/sentry/arch/signal_amd64.go
index 72e07a988..e6557cab6 100644
--- a/pkg/sentry/arch/signal_amd64.go
+++ b/pkg/sentry/arch/signal_amd64.go
@@ -18,8 +18,8 @@ package arch
import (
"math"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/marshal/primitive"
@@ -187,7 +187,7 @@ func (c *context64) SignalSetup(st *Stack, act *SignalAct, info *SignalInfo, alt
// for the signal stack. This is not allowed, and should immediately
// force signal delivery (reverting to the default handler).
if act.IsOnStack() && alt.IsEnabled() && !alt.Contains(frameBottom) {
- return syscall.EFAULT
+ return unix.EFAULT
}
// Adjust the code.
@@ -210,7 +210,7 @@ func (c *context64) SignalSetup(st *Stack, act *SignalAct, info *SignalInfo, alt
}
} else {
// amd64 requires a restorer.
- return syscall.EFAULT
+ return unix.EFAULT
}
// Set up registers.
diff --git a/pkg/sentry/arch/signal_arm64.go b/pkg/sentry/arch/signal_arm64.go
index 71596130d..4491008c2 100644
--- a/pkg/sentry/arch/signal_arm64.go
+++ b/pkg/sentry/arch/signal_arm64.go
@@ -17,8 +17,7 @@
package arch
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/usermem"
@@ -115,7 +114,7 @@ func (c *context64) SignalSetup(st *Stack, act *SignalAct, info *SignalInfo, alt
// for the signal stack. This is not allowed, and should immediately
// force signal delivery (reverting to the default handler).
if act.IsOnStack() && alt.IsEnabled() && !alt.Contains(frameBottom) {
- return syscall.EFAULT
+ return unix.EFAULT
}
// Adjust the code.
diff --git a/pkg/sentry/fs/attr.go b/pkg/sentry/fs/attr.go
index f60bd423d..b90f7c1be 100644
--- a/pkg/sentry/fs/attr.go
+++ b/pkg/sentry/fs/attr.go
@@ -17,8 +17,8 @@ package fs
import (
"fmt"
"os"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/p9"
@@ -355,17 +355,17 @@ func (p PermMask) String() string {
return fmt.Sprintf("PermMask{Read: %v, Write: %v, Execute: %v}", p.Read, p.Write, p.Execute)
}
-// Mode returns the system mode (syscall.S_IXOTH, etc.) for these permissions
+// Mode returns the system mode (unix.S_IXOTH, etc.) for these permissions
// in the "other" bits.
func (p PermMask) Mode() (mode os.FileMode) {
if p.Read {
- mode |= syscall.S_IROTH
+ mode |= unix.S_IROTH
}
if p.Write {
- mode |= syscall.S_IWOTH
+ mode |= unix.S_IWOTH
}
if p.Execute {
- mode |= syscall.S_IXOTH
+ mode |= unix.S_IXOTH
}
return
}
diff --git a/pkg/sentry/fs/dirent.go b/pkg/sentry/fs/dirent.go
index 00c526b03..9d5d40954 100644
--- a/pkg/sentry/fs/dirent.go
+++ b/pkg/sentry/fs/dirent.go
@@ -18,8 +18,8 @@ import (
"fmt"
"path"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/refs"
@@ -418,7 +418,7 @@ func (d *Dirent) descendantOf(p *Dirent) bool {
// * name must must not contain "/"s.
func (d *Dirent) walk(ctx context.Context, root *Dirent, name string, walkMayUnlock bool) (*Dirent, error) {
if !IsDir(d.Inode.StableAttr) {
- return nil, syscall.ENOTDIR
+ return nil, unix.ENOTDIR
}
if name == "" || name == "." {
@@ -452,7 +452,7 @@ func (d *Dirent) walk(ctx context.Context, root *Dirent, name string, walkMayUnl
// hard reference on them, and they contain virtually no state). But this is
// good house-keeping.
child.DecRef(ctx)
- return nil, syscall.ENOENT
+ return nil, unix.ENOENT
}
// Do we need to revalidate this child?
@@ -518,7 +518,7 @@ func (d *Dirent) walk(ctx context.Context, root *Dirent, name string, walkMayUnl
if cd.IsNegative() {
// If so, don't leak a reference and short circuit.
child.DecRef(ctx)
- return nil, syscall.ENOENT
+ return nil, unix.ENOENT
}
// We make the judgement call that if c raced with cd they are close enough to have
@@ -545,7 +545,7 @@ func (d *Dirent) walk(ctx context.Context, root *Dirent, name string, walkMayUnl
if c.IsNegative() {
// Don't drop a reference on the negative Dirent, it was just installed and this is the
// only reference we'll ever get. d owns the reference.
- return nil, syscall.ENOENT
+ return nil, unix.ENOENT
}
// Return the positive Dirent.
@@ -611,7 +611,7 @@ func (d *Dirent) Create(ctx context.Context, root *Dirent, name string, flags Fi
// Does something already exist?
if d.exists(ctx, root, name) {
- return nil, syscall.EEXIST
+ return nil, unix.EEXIST
}
// Try the create. We need to trust the file system to return EEXIST (or something
@@ -674,7 +674,7 @@ func (d *Dirent) genericCreate(ctx context.Context, root *Dirent, name string, c
// Does something already exist?
if d.exists(ctx, root, name) {
- return syscall.EEXIST
+ return unix.EEXIST
}
// Remove any negative Dirent. We've already asserted above with d.exists
@@ -718,12 +718,12 @@ func (d *Dirent) CreateLink(ctx context.Context, root *Dirent, oldname, newname
func (d *Dirent) CreateHardLink(ctx context.Context, root *Dirent, target *Dirent, name string) error {
// Make sure that target does not span filesystems.
if d.Inode.MountSource != target.Inode.MountSource {
- return syscall.EXDEV
+ return unix.EXDEV
}
// Directories are never linkable. See fs/namei.c:vfs_link.
if IsDir(target.Inode.StableAttr) {
- return syscall.EPERM
+ return unix.EPERM
}
return d.genericCreate(ctx, root, name, func() error {
@@ -759,8 +759,8 @@ func (d *Dirent) Bind(ctx context.Context, root *Dirent, name string, data trans
d.finishCreate(ctx, childDir, name)
return nil
})
- if err == syscall.EEXIST {
- return nil, syscall.EADDRINUSE
+ if err == unix.EEXIST {
+ return nil, unix.EADDRINUSE
}
if err != nil {
return nil, err
@@ -1033,14 +1033,14 @@ func (d *Dirent) Remove(ctx context.Context, root *Dirent, name string, dirPath
// Remove cannot remove directories.
if IsDir(child.Inode.StableAttr) {
- return syscall.EISDIR
+ return unix.EISDIR
} else if dirPath {
- return syscall.ENOTDIR
+ return unix.ENOTDIR
}
// Remove cannot remove a mount point.
if child.isMountPoint() {
- return syscall.EBUSY
+ return unix.EBUSY
}
// Try to remove name on the file system.
@@ -1087,11 +1087,11 @@ func (d *Dirent) RemoveDirectory(ctx context.Context, root *Dirent, name string)
// Check for dots.
if name == "." {
// Rejected as the last component by rmdir(2).
- return syscall.EINVAL
+ return unix.EINVAL
}
if name == ".." {
// If d was found, then its parent is not empty.
- return syscall.ENOTEMPTY
+ return unix.ENOTEMPTY
}
// Try to walk to the node.
@@ -1104,12 +1104,12 @@ func (d *Dirent) RemoveDirectory(ctx context.Context, root *Dirent, name string)
// RemoveDirectory can only remove directories.
if !IsDir(child.Inode.StableAttr) {
- return syscall.ENOTDIR
+ return unix.ENOTDIR
}
// Remove cannot remove a mount point.
if child.isMountPoint() {
- return syscall.EBUSY
+ return unix.EBUSY
}
// Try to remove name on the file system.
@@ -1294,7 +1294,7 @@ func lockForRename(oldParent *Dirent, oldName string, newParent *Dirent, newName
// more specifically of oldParent/oldName. That is, we're
// trying to rename something into a subdirectory of
// itself.
- err = syscall.EINVAL
+ err = unix.EINVAL
}
return func() {
newParent.mu.Unlock()
@@ -1420,12 +1420,12 @@ func Rename(ctx context.Context, root *Dirent, oldParent *Dirent, oldName string
// Check that the renamed dirent is not a mount point.
if renamed.isMountPointLocked() {
- return syscall.EBUSY
+ return unix.EBUSY
}
// Source should not be an ancestor of the target.
if newParent.descendantOf(renamed) {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Per rename(2): "... EACCES: ... or oldpath is a directory and does not
@@ -1465,13 +1465,13 @@ func Rename(ctx context.Context, root *Dirent, oldParent *Dirent, oldName string
// ancestor of target, but ENOTEMPTY if the target is
// an ancestor of source (unless RENAME_EXCHANGE flag
// is present). See fs/namei.c:renameat2.
- return syscall.ENOTEMPTY
+ return unix.ENOTEMPTY
}
// Check that replaced is not a mount point.
if replaced.isMountPointLocked() {
replaced.DecRef(ctx)
- return syscall.EBUSY
+ return unix.EBUSY
}
// Require that a directory is replaced by a directory.
@@ -1479,11 +1479,11 @@ func Rename(ctx context.Context, root *Dirent, oldParent *Dirent, oldName string
newIsDir := IsDir(replaced.Inode.StableAttr)
if !newIsDir && oldIsDir {
replaced.DecRef(ctx)
- return syscall.ENOTDIR
+ return unix.ENOTDIR
}
if !oldIsDir && newIsDir {
replaced.DecRef(ctx)
- return syscall.EISDIR
+ return unix.EISDIR
}
// Allow the file system to drop extra references on replaced.
diff --git a/pkg/sentry/fs/fdpipe/pipe.go b/pkg/sentry/fs/fdpipe/pipe.go
index b99199798..757b7d511 100644
--- a/pkg/sentry/fs/fdpipe/pipe.go
+++ b/pkg/sentry/fs/fdpipe/pipe.go
@@ -17,8 +17,8 @@ package fdpipe
import (
"os"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -82,16 +82,16 @@ func newPipeOperations(ctx context.Context, opener NonBlockingOpener, flags fs.F
// init initializes p.file.
func (p *pipeOperations) init() error {
- var s syscall.Stat_t
- if err := syscall.Fstat(p.file.FD(), &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(p.file.FD(), &s); err != nil {
log.Warningf("pipe: cannot stat fd %d: %v", p.file.FD(), err)
- return syscall.EINVAL
+ return unix.EINVAL
}
- if (s.Mode & syscall.S_IFMT) != syscall.S_IFIFO {
+ if (s.Mode & unix.S_IFMT) != unix.S_IFIFO {
log.Warningf("pipe: cannot load fd %d as pipe, file type: %o", p.file.FD(), s.Mode)
- return syscall.EINVAL
+ return unix.EINVAL
}
- if err := syscall.SetNonblock(p.file.FD(), true); err != nil {
+ if err := unix.SetNonblock(p.file.FD(), true); err != nil {
return err
}
return fdnotifier.AddFD(int32(p.file.FD()), &p.Queue)
diff --git a/pkg/sentry/fs/fdpipe/pipe_opener.go b/pkg/sentry/fs/fdpipe/pipe_opener.go
index 0c3595998..adda19168 100644
--- a/pkg/sentry/fs/fdpipe/pipe_opener.go
+++ b/pkg/sentry/fs/fdpipe/pipe_opener.go
@@ -17,9 +17,9 @@ package fdpipe
import (
"io"
"os"
- "syscall"
"time"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -96,7 +96,7 @@ func (p *pipeOpenState) TryOpen(ctx context.Context, opener NonBlockingOpener, f
switch {
// Reject invalid configurations so they don't accidentally succeed below.
case !flags.Read && !flags.Write:
- return nil, syscall.EINVAL
+ return nil, unix.EINVAL
// Handle opening RDWR or with O_NONBLOCK: will never block, so try only once.
case (flags.Read && flags.Write) || flags.NonBlocking:
@@ -155,7 +155,7 @@ func (p *pipeOpenState) TryOpenReadOnly(ctx context.Context, opener NonBlockingO
// Any error that is not EWOULDBLOCK also means we're not
// ready yet, and probably never will be ready. In this
// case we need to close the host pipe we opened.
- if unwrapError(rerr) != syscall.EWOULDBLOCK {
+ if unwrapError(rerr) != unix.EWOULDBLOCK {
p.hostFile.Close()
return nil, rerr
}
@@ -183,7 +183,7 @@ func (p *pipeOpenState) TryOpenReadOnly(ctx context.Context, opener NonBlockingO
// to an syserror.ErrWouldBlock, to tell callers to retry.
func (*pipeOpenState) TryOpenWriteOnly(ctx context.Context, opener NonBlockingOpener) (*pipeOperations, error) {
hostFile, err := opener.NonBlockingOpen(ctx, fs.PermMask{Write: true})
- if unwrapError(err) == syscall.ENXIO {
+ if unwrapError(err) == unix.ENXIO {
return nil, syserror.ErrWouldBlock
}
if err != nil {
diff --git a/pkg/sentry/fs/fsutil/host_file_mapper.go b/pkg/sentry/fs/fsutil/host_file_mapper.go
index 4468f5dd2..54f7b7cdc 100644
--- a/pkg/sentry/fs/fsutil/host_file_mapper.go
+++ b/pkg/sentry/fs/fsutil/host_file_mapper.go
@@ -16,8 +16,8 @@ package fsutil
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/safemem"
"gvisor.dev/gvisor/pkg/sentry/memmap"
@@ -44,7 +44,7 @@ type HostFileMapper struct {
mapsMu sync.Mutex `state:"nosave"`
// mappings maps chunk start offsets to mappings of those chunks,
- // obtained by calling syscall.Mmap. mappings is protected by
+ // obtained by calling unix.Mmap. mappings is protected by
// mapsMu.
mappings map[uint64]mapping `state:"nosave"`
}
@@ -157,19 +157,19 @@ func (f *HostFileMapper) MapInternal(fr memmap.FileRange, fd int, write bool) (s
// Preconditions: f.mapsMu must be locked.
func (f *HostFileMapper) forEachMappingBlockLocked(fr memmap.FileRange, fd int, write bool, fn func(safemem.Block)) error {
- prot := syscall.PROT_READ
+ prot := unix.PROT_READ
if write {
- prot |= syscall.PROT_WRITE
+ prot |= unix.PROT_WRITE
}
for chunkStart := fr.Start &^ chunkMask; chunkStart < fr.End; chunkStart += chunkSize {
m, ok := f.mappings[chunkStart]
if !ok {
- addr, _, errno := syscall.Syscall6(
- syscall.SYS_MMAP,
+ addr, _, errno := unix.Syscall6(
+ unix.SYS_MMAP,
0,
chunkSize,
uintptr(prot),
- syscall.MAP_SHARED,
+ unix.MAP_SHARED,
uintptr(fd),
uintptr(chunkStart))
if errno != 0 {
@@ -178,12 +178,12 @@ func (f *HostFileMapper) forEachMappingBlockLocked(fr memmap.FileRange, fd int,
m = mapping{addr, write}
f.mappings[chunkStart] = m
} else if write && !m.writable {
- addr, _, errno := syscall.Syscall6(
- syscall.SYS_MMAP,
+ addr, _, errno := unix.Syscall6(
+ unix.SYS_MMAP,
m.addr,
chunkSize,
uintptr(prot),
- syscall.MAP_SHARED|syscall.MAP_FIXED,
+ unix.MAP_SHARED|unix.MAP_FIXED,
uintptr(fd),
uintptr(chunkStart))
if errno != 0 {
@@ -219,7 +219,7 @@ func (f *HostFileMapper) UnmapAll() {
// * f.mapsMu must be locked.
// * f.mappings[chunkStart] == m.
func (f *HostFileMapper) unmapAndRemoveLocked(chunkStart uint64, m mapping) {
- if _, _, errno := syscall.Syscall(syscall.SYS_MUNMAP, m.addr, chunkSize, 0); errno != 0 {
+ if _, _, errno := unix.Syscall(unix.SYS_MUNMAP, m.addr, chunkSize, 0); errno != 0 {
// This leaks address space and is unexpected, but is otherwise
// harmless, so complain but don't panic.
log.Warningf("HostFileMapper: failed to unmap mapping %#x for chunk %#x: %v", m.addr, chunkStart, errno)
@@ -234,16 +234,16 @@ func (f *HostFileMapper) RegenerateMappings(fd int) error {
defer f.mapsMu.Unlock()
for chunkStart, m := range f.mappings {
- prot := syscall.PROT_READ
+ prot := unix.PROT_READ
if m.writable {
- prot |= syscall.PROT_WRITE
+ prot |= unix.PROT_WRITE
}
- _, _, errno := syscall.Syscall6(
- syscall.SYS_MMAP,
+ _, _, errno := unix.Syscall6(
+ unix.SYS_MMAP,
m.addr,
chunkSize,
uintptr(prot),
- syscall.MAP_SHARED|syscall.MAP_FIXED,
+ unix.MAP_SHARED|unix.MAP_FIXED,
uintptr(fd),
uintptr(chunkStart))
if errno != 0 {
diff --git a/pkg/sentry/fs/gofer/attr.go b/pkg/sentry/fs/gofer/attr.go
index e5579095b..cffc756cc 100644
--- a/pkg/sentry/fs/gofer/attr.go
+++ b/pkg/sentry/fs/gofer/attr.go
@@ -15,8 +15,7 @@
package gofer
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/p9"
"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -36,7 +35,7 @@ func getattr(ctx context.Context, file contextFile) (p9.QID, p9.AttrMask, p9.Att
// Require mode, size, and raw device id.
if !valid.Mode || !valid.Size || !valid.RDev {
- return qid, valid, attr, syscall.EIO
+ return qid, valid, attr, unix.EIO
}
return qid, valid, attr, nil
diff --git a/pkg/sentry/fs/gofer/file.go b/pkg/sentry/fs/gofer/file.go
index bb63448cb..06d450ba6 100644
--- a/pkg/sentry/fs/gofer/file.go
+++ b/pkg/sentry/fs/gofer/file.go
@@ -16,9 +16,9 @@ package gofer
import (
"fmt"
- "syscall"
"time"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/p9"
@@ -307,7 +307,7 @@ func (f *fileOperations) Fsync(ctx context.Context, file *fs.File, start, end in
// Sync remote caches.
if f.handles.Host != nil {
// Sync the host fd directly.
- return syscall.Fsync(f.handles.Host.FD())
+ return unix.Fsync(f.handles.Host.FD())
}
// Otherwise sync on the p9.File handle.
return f.handles.File.fsync(ctx)
diff --git a/pkg/sentry/fs/gofer/inode.go b/pkg/sentry/fs/gofer/inode.go
index e840b6f5e..b97635ec4 100644
--- a/pkg/sentry/fs/gofer/inode.go
+++ b/pkg/sentry/fs/gofer/inode.go
@@ -16,8 +16,8 @@ package gofer
import (
"errors"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fd"
@@ -273,7 +273,7 @@ func (i *inodeFileState) recreateReadHandles(ctx context.Context, writer *handle
// operations on the old will see the new data. Then, make the new handle take
// ownereship of the old FD and mark the old readHandle to not close the FD
// when done.
- if err := syscall.Dup3(h.Host.FD(), i.readHandles.Host.FD(), syscall.O_CLOEXEC); err != nil {
+ if err := unix.Dup3(h.Host.FD(), i.readHandles.Host.FD(), unix.O_CLOEXEC); err != nil {
return err
}
@@ -489,7 +489,7 @@ func (i *inodeOperations) GetFile(ctx context.Context, d *fs.Dirent, flags fs.Fi
func (i *inodeOperations) getFileSocket(ctx context.Context, d *fs.Dirent, flags fs.FileFlags) (*fs.File, error) {
f, err := i.fileState.file.connect(ctx, p9.AnonymousSocket)
if err != nil {
- return nil, syscall.EIO
+ return nil, unix.EIO
}
fsf, err := host.NewSocketWithDirent(ctx, d, f, flags)
if err != nil {
@@ -654,7 +654,7 @@ func (i *inodeOperations) WriteOut(ctx context.Context, inode *fs.Inode) error {
// Readlink implements fs.InodeOperations.Readlink.
func (i *inodeOperations) Readlink(ctx context.Context, inode *fs.Inode) (string, error) {
if !fs.IsSymlink(inode.StableAttr) {
- return "", syscall.ENOLINK
+ return "", unix.ENOLINK
}
return i.fileState.file.readlink(ctx)
}
@@ -704,10 +704,10 @@ func (i *inodeOperations) configureMMap(file *fs.File, opts *memmap.MMapOpts) er
}
func init() {
- syserror.AddErrorUnwrapper(func(err error) (syscall.Errno, bool) {
+ syserror.AddErrorUnwrapper(func(err error) (unix.Errno, bool) {
if _, ok := err.(p9.ErrSocket); ok {
// Treat as an I/O error.
- return syscall.EIO, true
+ return unix.EIO, true
}
return 0, false
})
diff --git a/pkg/sentry/fs/gofer/util.go b/pkg/sentry/fs/gofer/util.go
index 47a6c69bf..3cc6a7f7b 100644
--- a/pkg/sentry/fs/gofer/util.go
+++ b/pkg/sentry/fs/gofer/util.go
@@ -15,8 +15,7 @@
package gofer
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/p9"
"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -67,6 +66,6 @@ func openFlagsFromPerms(p fs.PermMask) (p9.OpenFlags, error) {
case p.Read:
return p9.ReadOnly, nil
default:
- return 0, syscall.EINVAL
+ return 0, unix.EINVAL
}
}
diff --git a/pkg/sentry/fs/host/control.go b/pkg/sentry/fs/host/control.go
index 0d8d36afa..e53998be1 100644
--- a/pkg/sentry/fs/host/control.go
+++ b/pkg/sentry/fs/host/control.go
@@ -15,8 +15,7 @@
package host
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/fs"
"gvisor.dev/gvisor/pkg/sentry/socket/control"
@@ -59,7 +58,7 @@ func (c *scmRights) Clone() transport.RightsControlMessage {
// Release implements transport.RightsControlMessage.Release.
func (c *scmRights) Release(ctx context.Context) {
for _, fd := range c.fds {
- syscall.Close(fd)
+ unix.Close(fd)
}
c.fds = nil
}
@@ -71,7 +70,7 @@ func fdsToFiles(ctx context.Context, fds []int) []*fs.File {
for _, fd := range fds {
// Get flags. We do it here because they may be modified
// by subsequent functions.
- fileFlags, _, errno := syscall.Syscall(syscall.SYS_FCNTL, uintptr(fd), syscall.F_GETFL, 0)
+ fileFlags, _, errno := unix.Syscall(unix.SYS_FCNTL, uintptr(fd), unix.F_GETFL, 0)
if errno != 0 {
ctx.Warningf("Error retrieving host FD flags: %v", error(errno))
break
@@ -86,7 +85,7 @@ func fdsToFiles(ctx context.Context, fds []int) []*fs.File {
// Set known flags.
file.SetFlags(fs.SettableFileFlags{
- NonBlocking: fileFlags&syscall.O_NONBLOCK != 0,
+ NonBlocking: fileFlags&unix.O_NONBLOCK != 0,
})
files = append(files, file)
diff --git a/pkg/sentry/fs/host/descriptor.go b/pkg/sentry/fs/host/descriptor.go
index cfdce6a74..5667b94a1 100644
--- a/pkg/sentry/fs/host/descriptor.go
+++ b/pkg/sentry/fs/host/descriptor.go
@@ -16,8 +16,8 @@ package host
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fdnotifier"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/waiter"
@@ -48,14 +48,14 @@ func newDescriptor(fd int, saveable bool, wouldBlock bool, queue *waiter.Queue)
origFD := -1
if saveable {
var err error
- ownedFD, err = syscall.Dup(fd)
+ ownedFD, err = unix.Dup(fd)
if err != nil {
return nil, err
}
origFD = fd
}
if wouldBlock {
- if err := syscall.SetNonblock(ownedFD, true); err != nil {
+ if err := unix.SetNonblock(ownedFD, true); err != nil {
return nil, err
}
if err := fdnotifier.AddFD(int32(ownedFD), queue); err != nil {
@@ -72,12 +72,12 @@ func newDescriptor(fd int, saveable bool, wouldBlock bool, queue *waiter.Queue)
// initAfterLoad initializes the value of the descriptor after Load.
func (d *descriptor) initAfterLoad(id uint64, queue *waiter.Queue) error {
var err error
- d.value, err = syscall.Dup(d.origFD)
+ d.value, err = unix.Dup(d.origFD)
if err != nil {
return fmt.Errorf("failed to dup restored fd %d: %v", d.origFD, err)
}
if d.wouldBlock {
- if err := syscall.SetNonblock(d.value, true); err != nil {
+ if err := unix.SetNonblock(d.value, true); err != nil {
return err
}
if err := fdnotifier.AddFD(int32(d.value), queue); err != nil {
@@ -92,7 +92,7 @@ func (d *descriptor) Release() {
if d.wouldBlock {
fdnotifier.RemoveFD(int32(d.value))
}
- if err := syscall.Close(d.value); err != nil {
+ if err := unix.Close(d.value); err != nil {
log.Warningf("error closing fd %d: %v", d.value, err)
}
d.value = -1
diff --git a/pkg/sentry/fs/host/file.go b/pkg/sentry/fs/host/file.go
index fd4e057d8..07bd078b7 100644
--- a/pkg/sentry/fs/host/file.go
+++ b/pkg/sentry/fs/host/file.go
@@ -16,8 +16,8 @@ package host
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -78,16 +78,16 @@ func ImportFile(ctx context.Context, fd int, isTTY bool) (*fs.File, error) {
// newFileFromDonatedFD returns an fs.File from a donated FD. If the FD is
// saveable, then saveable is true.
func newFileFromDonatedFD(ctx context.Context, donated int, saveable, isTTY bool) (*fs.File, error) {
- var s syscall.Stat_t
- if err := syscall.Fstat(donated, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(donated, &s); err != nil {
return nil, err
}
flags, err := fileFlagsFromDonatedFD(donated)
if err != nil {
return nil, err
}
- switch s.Mode & syscall.S_IFMT {
- case syscall.S_IFSOCK:
+ switch s.Mode & unix.S_IFMT {
+ case unix.S_IFSOCK:
if isTTY {
return nil, fmt.Errorf("cannot import host socket as TTY")
}
@@ -121,19 +121,19 @@ func newFileFromDonatedFD(ctx context.Context, donated int, saveable, isTTY bool
}
func fileFlagsFromDonatedFD(donated int) (fs.FileFlags, error) {
- flags, _, errno := syscall.Syscall(syscall.SYS_FCNTL, uintptr(donated), syscall.F_GETFL, 0)
+ flags, _, errno := unix.Syscall(unix.SYS_FCNTL, uintptr(donated), unix.F_GETFL, 0)
if errno != 0 {
log.Warningf("Failed to get file flags for donated FD %d (errno=%d)", donated, errno)
- return fs.FileFlags{}, syscall.EIO
+ return fs.FileFlags{}, unix.EIO
}
- accmode := flags & syscall.O_ACCMODE
+ accmode := flags & unix.O_ACCMODE
return fs.FileFlags{
- Direct: flags&syscall.O_DIRECT != 0,
- NonBlocking: flags&syscall.O_NONBLOCK != 0,
- Sync: flags&syscall.O_SYNC != 0,
- Append: flags&syscall.O_APPEND != 0,
- Read: accmode == syscall.O_RDONLY || accmode == syscall.O_RDWR,
- Write: accmode == syscall.O_WRONLY || accmode == syscall.O_RDWR,
+ Direct: flags&unix.O_DIRECT != 0,
+ NonBlocking: flags&unix.O_NONBLOCK != 0,
+ Sync: flags&unix.O_SYNC != 0,
+ Append: flags&unix.O_APPEND != 0,
+ Read: accmode == unix.O_RDONLY || accmode == unix.O_RDWR,
+ Write: accmode == unix.O_WRONLY || accmode == unix.O_RDWR,
}, nil
}
@@ -182,7 +182,7 @@ func (f *fileOperations) Readdir(ctx context.Context, file *fs.File, serializer
func (f *fileOperations) IterateDir(ctx context.Context, d *fs.Dirent, dirCtx *fs.DirCtx, offset int) (int, error) {
// We only support non-directory file descriptors that have been
// imported, so just claim that this isn't a directory, even if it is.
- return offset, syscall.ENOTDIR
+ return offset, unix.ENOTDIR
}
// Write implements fs.FileOperations.Write.
@@ -252,7 +252,7 @@ func (f *fileOperations) Fsync(ctx context.Context, file *fs.File, start int64,
}
fallthrough
case fs.SyncBackingStorage:
- return syscall.Fsync(f.iops.fileState.FD())
+ return unix.Fsync(f.iops.fileState.FD())
}
panic("invalid sync type")
}
diff --git a/pkg/sentry/fs/host/inode.go b/pkg/sentry/fs/host/inode.go
index df4b265fa..e299b532c 100644
--- a/pkg/sentry/fs/host/inode.go
+++ b/pkg/sentry/fs/host/inode.go
@@ -15,8 +15,7 @@
package host
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/safemem"
@@ -117,12 +116,12 @@ func (i *inodeFileState) SetMaskedAttributes(ctx context.Context, mask fs.AttrMa
return syserror.EPERM
}
if mask.Perms {
- if err := syscall.Fchmod(i.FD(), uint32(attr.Perms.LinuxMode())); err != nil {
+ if err := unix.Fchmod(i.FD(), uint32(attr.Perms.LinuxMode())); err != nil {
return err
}
}
if mask.Size {
- if err := syscall.Ftruncate(i.FD(), attr.Size); err != nil {
+ if err := unix.Ftruncate(i.FD(), attr.Size); err != nil {
return err
}
}
@@ -142,7 +141,7 @@ func (i *inodeFileState) SetMaskedAttributes(ctx context.Context, mask fs.AttrMa
// Sync implements fsutil.CachedFileObject.Sync.
func (i *inodeFileState) Sync(ctx context.Context) error {
- return syscall.Fsync(i.FD())
+ return unix.Fsync(i.FD())
}
// FD implements fsutil.CachedFileObject.FD.
@@ -151,8 +150,8 @@ func (i *inodeFileState) FD() int {
}
func (i *inodeFileState) unstableAttr(ctx context.Context) (fs.UnstableAttr, error) {
- var s syscall.Stat_t
- if err := syscall.Fstat(i.FD(), &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.FD(), &s); err != nil {
return fs.UnstableAttr{}, err
}
return unstableAttr(&s), nil
@@ -160,7 +159,7 @@ func (i *inodeFileState) unstableAttr(ctx context.Context) (fs.UnstableAttr, err
// Allocate implements fsutil.CachedFileObject.Allocate.
func (i *inodeFileState) Allocate(_ context.Context, offset, length int64) error {
- return syscall.Fallocate(i.FD(), 0, offset, length)
+ return unix.Fallocate(i.FD(), 0, offset, length)
}
// inodeOperations implements fs.InodeOperations.
@@ -169,8 +168,8 @@ var _ fs.InodeOperations = (*inodeOperations)(nil)
// newInode returns a new fs.Inode backed by the host FD.
func newInode(ctx context.Context, msrc *fs.MountSource, fd int, saveable bool) (*fs.Inode, error) {
// Retrieve metadata.
- var s syscall.Stat_t
- err := syscall.Fstat(fd, &s)
+ var s unix.Stat_t
+ err := unix.Fstat(fd, &s)
if err != nil {
return nil, err
}
@@ -324,7 +323,7 @@ func (i *inodeOperations) SetPermissions(ctx context.Context, inode *fs.Inode, f
// Then just change the timestamps on the FD, the host
// will synchronize the metadata update with any host
// inode and page cache.
- return syscall.Fchmod(i.fileState.FD(), uint32(f.LinuxMode())) == nil
+ return unix.Fchmod(i.fileState.FD(), uint32(f.LinuxMode())) == nil
}
// Otherwise update our cached metadata.
return i.cachingInodeOps.SetPermissions(ctx, inode, f)
@@ -350,7 +349,7 @@ func (i *inodeOperations) Truncate(ctx context.Context, inode *fs.Inode, size in
// Then just change the file size on the FD, the host
// will synchronize the metadata update with any host
// inode and page cache.
- return syscall.Ftruncate(i.fileState.FD(), size)
+ return unix.Ftruncate(i.fileState.FD(), size)
}
// Otherwise we need to go through cachingInodeOps, even if the host page
// cache is in use, to invalidate private copies of truncated pages.
diff --git a/pkg/sentry/fs/host/inode_state.go b/pkg/sentry/fs/host/inode_state.go
index 1adbd4562..03531b7e7 100644
--- a/pkg/sentry/fs/host/inode_state.go
+++ b/pkg/sentry/fs/host/inode_state.go
@@ -16,8 +16,8 @@ package host
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/sentry/device"
"gvisor.dev/gvisor/pkg/sentry/fs"
)
@@ -30,8 +30,8 @@ func (i *inodeFileState) afterLoad() {
}
// Remap the inode number.
- var s syscall.Stat_t
- if err := syscall.Fstat(i.FD(), &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.FD(), &s); err != nil {
panic(fs.ErrCorruption{fmt.Errorf("failed to get metadata for fd %d: %v", i.FD(), err)})
}
key := device.MultiDeviceKey{
diff --git a/pkg/sentry/fs/host/ioctl_unsafe.go b/pkg/sentry/fs/host/ioctl_unsafe.go
index 150ac8e19..303ea4d9b 100644
--- a/pkg/sentry/fs/host/ioctl_unsafe.go
+++ b/pkg/sentry/fs/host/ioctl_unsafe.go
@@ -15,9 +15,9 @@
package host
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
@@ -25,7 +25,7 @@ import (
func ioctlGetTermios(fd int) (*linux.Termios, error) {
var t linux.Termios
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t)))
if errno != 0 {
return nil, errno
}
@@ -33,7 +33,7 @@ func ioctlGetTermios(fd int) (*linux.Termios, error) {
}
func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error {
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t)))
if errno != 0 {
return errno
}
@@ -42,7 +42,7 @@ func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error {
func ioctlGetWinsize(fd int) (*linux.Winsize, error) {
var w linux.Winsize
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w)))
if errno != 0 {
return nil, errno
}
@@ -50,7 +50,7 @@ func ioctlGetWinsize(fd int) (*linux.Winsize, error) {
}
func ioctlSetWinsize(fd int, w *linux.Winsize) error {
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w)))
if errno != 0 {
return errno
}
diff --git a/pkg/sentry/fs/host/socket.go b/pkg/sentry/fs/host/socket.go
index 2b58fc52c..f2d96d1ec 100644
--- a/pkg/sentry/fs/host/socket.go
+++ b/pkg/sentry/fs/host/socket.go
@@ -17,8 +17,8 @@ package host
import (
"fmt"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fd"
@@ -75,26 +75,26 @@ type ConnectedEndpoint struct {
// init performs initialization required for creating new ConnectedEndpoints and
// for restoring them.
func (c *ConnectedEndpoint) init() *syserr.Error {
- family, err := syscall.GetsockoptInt(c.file.FD(), syscall.SOL_SOCKET, syscall.SO_DOMAIN)
+ family, err := unix.GetsockoptInt(c.file.FD(), unix.SOL_SOCKET, unix.SO_DOMAIN)
if err != nil {
return syserr.FromError(err)
}
- if family != syscall.AF_UNIX {
+ if family != unix.AF_UNIX {
// We only allow Unix sockets.
return syserr.ErrInvalidEndpointState
}
- stype, err := syscall.GetsockoptInt(c.file.FD(), syscall.SOL_SOCKET, syscall.SO_TYPE)
+ stype, err := unix.GetsockoptInt(c.file.FD(), unix.SOL_SOCKET, unix.SO_TYPE)
if err != nil {
return syserr.FromError(err)
}
- if err := syscall.SetNonblock(c.file.FD(), true); err != nil {
+ if err := unix.SetNonblock(c.file.FD(), true); err != nil {
return syserr.FromError(err)
}
- sndbuf, err := syscall.GetsockoptInt(c.file.FD(), syscall.SOL_SOCKET, syscall.SO_SNDBUF)
+ sndbuf, err := unix.GetsockoptInt(c.file.FD(), unix.SOL_SOCKET, unix.SO_SNDBUF)
if err != nil {
return syserr.FromError(err)
}
@@ -168,7 +168,7 @@ func newSocket(ctx context.Context, orgfd int, saveable bool) (*fs.File, error)
srfd := -1
if saveable {
var err error
- ownedfd, err = syscall.Dup(orgfd)
+ ownedfd, err = unix.Dup(orgfd)
if err != nil {
return nil, err
}
@@ -233,7 +233,7 @@ func (c *ConnectedEndpoint) CloseSend() {
c.mu.Lock()
defer c.mu.Unlock()
- if err := syscall.Shutdown(c.file.FD(), syscall.SHUT_WR); err != nil {
+ if err := unix.Shutdown(c.file.FD(), unix.SHUT_WR); err != nil {
// A well-formed UDS shutdown can't fail. See
// net/unix/af_unix.c:unix_shutdown.
panic(fmt.Sprintf("failed write shutdown on host socket %+v: %v", c, err))
@@ -333,7 +333,7 @@ func (c *ConnectedEndpoint) CloseRecv() {
c.mu.Lock()
defer c.mu.Unlock()
- if err := syscall.Shutdown(c.file.FD(), syscall.SHUT_RD); err != nil {
+ if err := unix.Shutdown(c.file.FD(), unix.SHUT_RD); err != nil {
// A well-formed UDS shutdown can't fail. See
// net/unix/af_unix.c:unix_shutdown.
panic(fmt.Sprintf("failed read shutdown on host socket %+v: %v", c, err))
diff --git a/pkg/sentry/fs/host/socket_iovec.go b/pkg/sentry/fs/host/socket_iovec.go
index 905afb50d..7380d75e7 100644
--- a/pkg/sentry/fs/host/socket_iovec.go
+++ b/pkg/sentry/fs/host/socket_iovec.go
@@ -15,8 +15,7 @@
package host
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/iovec"
"gvisor.dev/gvisor/pkg/syserror"
)
@@ -54,7 +53,7 @@ func copyFromMulti(dst []byte, src [][]byte) {
//
// If intermediate != nil, iovecs references intermediate rather than bufs and
// the caller must copy to/from bufs as necessary.
-func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []syscall.Iovec, intermediate []byte, err error) {
+func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []unix.Iovec, intermediate []byte, err error) {
var iovsRequired int
for _, b := range bufs {
length += int64(len(b))
@@ -78,14 +77,14 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec
// Use a single intermediate buffer instead.
b := make([]byte, stopLen)
- return stopLen, []syscall.Iovec{{
+ return stopLen, []unix.Iovec{{
Base: &b[0],
Len: uint64(stopLen),
}}, b, err
}
var total int64
- iovecs = make([]syscall.Iovec, 0, iovsRequired)
+ iovecs = make([]unix.Iovec, 0, iovsRequired)
for i := range bufs {
l := len(bufs[i])
if l == 0 {
@@ -97,7 +96,7 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec
stop = stopLen - total
}
- iovecs = append(iovecs, syscall.Iovec{
+ iovecs = append(iovecs, unix.Iovec{
Base: &bufs[i][0],
Len: uint64(stop),
})
diff --git a/pkg/sentry/fs/host/socket_state.go b/pkg/sentry/fs/host/socket_state.go
index 498018f0a..1d3e5298a 100644
--- a/pkg/sentry/fs/host/socket_state.go
+++ b/pkg/sentry/fs/host/socket_state.go
@@ -16,8 +16,8 @@ package host
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fd"
)
@@ -30,7 +30,7 @@ func (c *ConnectedEndpoint) beforeSave() {
// afterLoad is invoked by stateify.
func (c *ConnectedEndpoint) afterLoad() {
- f, err := syscall.Dup(c.srfd)
+ f, err := unix.Dup(c.srfd)
if err != nil {
panic(fmt.Sprintf("failed to dup restored FD %d: %v", c.srfd, err))
}
diff --git a/pkg/sentry/fs/host/socket_unsafe.go b/pkg/sentry/fs/host/socket_unsafe.go
index c8231e0aa..95f5d39bd 100644
--- a/pkg/sentry/fs/host/socket_unsafe.go
+++ b/pkg/sentry/fs/host/socket_unsafe.go
@@ -15,8 +15,9 @@
package host
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
// LINT.IfChange
@@ -26,9 +27,9 @@ import (
// If the total length of bufs is > maxlen, fdReadVec will do a partial read
// and err will indicate why the message was truncated.
func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (readLen int64, msgLen int64, controlLen uint64, controlTrunc bool, err error) {
- flags := uintptr(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC)
+ flags := uintptr(unix.MSG_DONTWAIT | unix.MSG_TRUNC)
if peek {
- flags |= syscall.MSG_PEEK
+ flags |= unix.MSG_PEEK
}
// Always truncate the receive buffer. All socket types will truncate
@@ -39,7 +40,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
return 0, 0, 0, false, err
}
- var msg syscall.Msghdr
+ var msg unix.Msghdr
if len(control) != 0 {
msg.Control = &control[0]
msg.Controllen = uint64(len(control))
@@ -50,7 +51,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
msg.Iovlen = uint64(len(iovecs))
}
- rawN, _, e := syscall.RawSyscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags)
+ rawN, _, e := unix.RawSyscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags)
if e != 0 {
// N.B. prioritize the syscall error over the buildIovec error.
return 0, 0, 0, false, e
@@ -62,7 +63,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
copyToMulti(bufs, intermediate)
}
- controlTrunc = msg.Flags&syscall.MSG_CTRUNC == syscall.MSG_CTRUNC
+ controlTrunc = msg.Flags&unix.MSG_CTRUNC == unix.MSG_CTRUNC
if n > length {
return length, n, msg.Controllen, controlTrunc, nil
@@ -87,13 +88,13 @@ func fdWriteVec(fd int, bufs [][]byte, maxlen int64, truncate bool) (int64, int6
copyFromMulti(intermediate, bufs)
}
- var msg syscall.Msghdr
+ var msg unix.Msghdr
if len(iovecs) > 0 {
msg.Iov = &iovecs[0]
msg.Iovlen = uint64(len(iovecs))
}
- n, _, e := syscall.RawSyscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), syscall.MSG_DONTWAIT|syscall.MSG_NOSIGNAL)
+ n, _, e := unix.RawSyscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), unix.MSG_DONTWAIT|unix.MSG_NOSIGNAL)
if e != 0 {
// N.B. prioritize the syscall error over the buildIovec error.
return 0, length, e
diff --git a/pkg/sentry/fs/host/util.go b/pkg/sentry/fs/host/util.go
index 1b0356930..ab74724a3 100644
--- a/pkg/sentry/fs/host/util.go
+++ b/pkg/sentry/fs/host/util.go
@@ -16,8 +16,8 @@ package host
import (
"os"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/sentry/device"
@@ -27,21 +27,21 @@ import (
"gvisor.dev/gvisor/pkg/syserror"
)
-func nodeType(s *syscall.Stat_t) fs.InodeType {
- switch x := (s.Mode & syscall.S_IFMT); x {
- case syscall.S_IFLNK:
+func nodeType(s *unix.Stat_t) fs.InodeType {
+ switch x := (s.Mode & unix.S_IFMT); x {
+ case unix.S_IFLNK:
return fs.Symlink
- case syscall.S_IFIFO:
+ case unix.S_IFIFO:
return fs.Pipe
- case syscall.S_IFCHR:
+ case unix.S_IFCHR:
return fs.CharacterDevice
- case syscall.S_IFBLK:
+ case unix.S_IFBLK:
return fs.BlockDevice
- case syscall.S_IFSOCK:
+ case unix.S_IFSOCK:
return fs.Socket
- case syscall.S_IFDIR:
+ case unix.S_IFDIR:
return fs.Directory
- case syscall.S_IFREG:
+ case unix.S_IFREG:
return fs.RegularFile
default:
// This shouldn't happen, but just in case...
@@ -50,12 +50,12 @@ func nodeType(s *syscall.Stat_t) fs.InodeType {
}
}
-func wouldBlock(s *syscall.Stat_t) bool {
+func wouldBlock(s *unix.Stat_t) bool {
typ := nodeType(s)
return typ == fs.Pipe || typ == fs.Socket || typ == fs.CharacterDevice
}
-func stableAttr(s *syscall.Stat_t) fs.StableAttr {
+func stableAttr(s *unix.Stat_t) fs.StableAttr {
return fs.StableAttr{
Type: nodeType(s),
DeviceID: hostFileDevice.DeviceID(),
@@ -67,14 +67,14 @@ func stableAttr(s *syscall.Stat_t) fs.StableAttr {
}
}
-func owner(s *syscall.Stat_t) fs.FileOwner {
+func owner(s *unix.Stat_t) fs.FileOwner {
return fs.FileOwner{
UID: auth.KUID(s.Uid),
GID: auth.KGID(s.Gid),
}
}
-func unstableAttr(s *syscall.Stat_t) fs.UnstableAttr {
+func unstableAttr(s *unix.Stat_t) fs.UnstableAttr {
return fs.UnstableAttr{
Size: s.Size,
Usage: s.Blocks * 512,
diff --git a/pkg/sentry/fs/host/util_amd64_unsafe.go b/pkg/sentry/fs/host/util_amd64_unsafe.go
index 66da6e9f5..21782f1da 100644
--- a/pkg/sentry/fs/host/util_amd64_unsafe.go
+++ b/pkg/sentry/fs/host/util_amd64_unsafe.go
@@ -17,18 +17,19 @@
package host
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
-func fstatat(fd int, name string, flags int) (syscall.Stat_t, error) {
- var stat syscall.Stat_t
- namePtr, err := syscall.BytePtrFromString(name)
+func fstatat(fd int, name string, flags int) (unix.Stat_t, error) {
+ var stat unix.Stat_t
+ namePtr, err := unix.BytePtrFromString(name)
if err != nil {
return stat, err
}
- _, _, errno := syscall.Syscall6(
- syscall.SYS_NEWFSTATAT,
+ _, _, errno := unix.Syscall6(
+ unix.SYS_NEWFSTATAT,
uintptr(fd),
uintptr(unsafe.Pointer(namePtr)),
uintptr(unsafe.Pointer(&stat)),
diff --git a/pkg/sentry/fs/host/util_arm64_unsafe.go b/pkg/sentry/fs/host/util_arm64_unsafe.go
index e8cb94aeb..ed8f5242a 100644
--- a/pkg/sentry/fs/host/util_arm64_unsafe.go
+++ b/pkg/sentry/fs/host/util_arm64_unsafe.go
@@ -17,18 +17,19 @@
package host
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
-func fstatat(fd int, name string, flags int) (syscall.Stat_t, error) {
- var stat syscall.Stat_t
- namePtr, err := syscall.BytePtrFromString(name)
+func fstatat(fd int, name string, flags int) (unix.Stat_t, error) {
+ var stat unix.Stat_t
+ namePtr, err := unix.BytePtrFromString(name)
if err != nil {
return stat, err
}
- _, _, errno := syscall.Syscall6(
- syscall.SYS_FSTATAT,
+ _, _, errno := unix.Syscall6(
+ unix.SYS_FSTATAT,
uintptr(fd),
uintptr(unsafe.Pointer(namePtr)),
uintptr(unsafe.Pointer(&stat)),
diff --git a/pkg/sentry/fs/host/util_unsafe.go b/pkg/sentry/fs/host/util_unsafe.go
index 23bd35d64..3c5e3ed6d 100644
--- a/pkg/sentry/fs/host/util_unsafe.go
+++ b/pkg/sentry/fs/host/util_unsafe.go
@@ -15,9 +15,9 @@
package host
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/sentry/fs"
ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
@@ -30,8 +30,8 @@ func readLink(fd int) (string, error) {
// Buffer sizing copied from os.Readlink.
for l := 128; ; l *= 2 {
b := make([]byte, l)
- n, _, errno := syscall.Syscall6(
- syscall.SYS_READLINKAT,
+ n, _, errno := unix.Syscall6(
+ unix.SYS_READLINKAT,
uintptr(fd),
uintptr(unsafe.Pointer(&NulByte)), // ""
uintptr(unsafe.Pointer(&b[0])),
@@ -46,25 +46,25 @@ func readLink(fd int) (string, error) {
}
}
-func timespecFromTimestamp(t ktime.Time, omit, setSysTime bool) syscall.Timespec {
+func timespecFromTimestamp(t ktime.Time, omit, setSysTime bool) unix.Timespec {
if omit {
- return syscall.Timespec{0, linux.UTIME_OMIT}
+ return unix.Timespec{0, linux.UTIME_OMIT}
}
if setSysTime {
- return syscall.Timespec{0, linux.UTIME_NOW}
+ return unix.Timespec{0, linux.UTIME_NOW}
}
- return syscall.NsecToTimespec(t.Nanoseconds())
+ return unix.NsecToTimespec(t.Nanoseconds())
}
func setTimestamps(fd int, ts fs.TimeSpec) error {
if ts.ATimeOmit && ts.MTimeOmit {
return nil
}
- var sts [2]syscall.Timespec
+ var sts [2]unix.Timespec
sts[0] = timespecFromTimestamp(ts.ATime, ts.ATimeOmit, ts.ATimeSetSystemTime)
sts[1] = timespecFromTimestamp(ts.MTime, ts.MTimeOmit, ts.MTimeSetSystemTime)
- _, _, errno := syscall.Syscall6(
- syscall.SYS_UTIMENSAT,
+ _, _, errno := unix.Syscall6(
+ unix.SYS_UTIMENSAT,
uintptr(fd),
0, /* path */
uintptr(unsafe.Pointer(&sts)),
diff --git a/pkg/sentry/fs/lock/lock.go b/pkg/sentry/fs/lock/lock.go
index 57686ce07..7d7a207cc 100644
--- a/pkg/sentry/fs/lock/lock.go
+++ b/pkg/sentry/fs/lock/lock.go
@@ -52,8 +52,8 @@ package lock
import (
"fmt"
"math"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sync"
@@ -456,7 +456,7 @@ func ComputeRange(start, length, offset int64) (LockRange, error) {
// fcntl(2): "l_start can be a negative number provided the offset
// does not lie before the start of the file"
if offset < 0 {
- return LockRange{}, syscall.EINVAL
+ return LockRange{}, unix.EINVAL
}
// fcntl(2): Specifying 0 for l_len has the special meaning: lock all
@@ -478,10 +478,10 @@ func ComputeRange(start, length, offset int64) (LockRange, error) {
// Add to offset using a negative length (subtract).
offset += length
if offset < 0 {
- return LockRange{}, syscall.EINVAL
+ return LockRange{}, unix.EINVAL
}
if signedEnd < offset {
- return LockRange{}, syscall.EOVERFLOW
+ return LockRange{}, unix.EOVERFLOW
}
// At this point signedEnd cannot be negative,
// since we asserted that offset is not negative
diff --git a/pkg/sentry/fs/mounts.go b/pkg/sentry/fs/mounts.go
index d741c4339..243098a09 100644
--- a/pkg/sentry/fs/mounts.go
+++ b/pkg/sentry/fs/mounts.go
@@ -17,8 +17,8 @@ package fs
import (
"fmt"
"math"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/refs"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
@@ -571,13 +571,13 @@ func (mns *MountNamespace) resolve(ctx context.Context, root, node *Dirent, rema
// Make sure we didn't exhaust the traversal budget.
if *remainingTraversals == 0 {
target.DecRef(ctx)
- return nil, syscall.ELOOP
+ return nil, unix.ELOOP
}
node.DecRef(ctx) // Drop the original reference.
return target, nil
- case syscall.ENOLINK:
+ case unix.ENOLINK:
// Not a symlink.
return node, nil
@@ -586,7 +586,7 @@ func (mns *MountNamespace) resolve(ctx context.Context, root, node *Dirent, rema
// First, check if we should traverse.
if *remainingTraversals == 0 {
- return nil, syscall.ELOOP
+ return nil, unix.ELOOP
}
// Read the target path.
diff --git a/pkg/sentry/fs/ramfs/dir.go b/pkg/sentry/fs/ramfs/dir.go
index f4fcddecb..19990f9db 100644
--- a/pkg/sentry/fs/ramfs/dir.go
+++ b/pkg/sentry/fs/ramfs/dir.go
@@ -17,8 +17,8 @@ package ramfs
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -378,8 +378,8 @@ func (d *Dir) Bind(ctx context.Context, dir *fs.Inode, name string, ep transport
inode, err := d.createInodeOperationsCommon(ctx, name, func() (*fs.Inode, error) {
return d.NewBoundEndpoint(ctx, dir, ep, perms)
})
- if err == syscall.EEXIST {
- return nil, syscall.EADDRINUSE
+ if err == unix.EEXIST {
+ return nil, unix.EADDRINUSE
}
if err != nil {
return nil, err
diff --git a/pkg/sentry/fs/save.go b/pkg/sentry/fs/save.go
index fe5c76b44..1de9735dc 100644
--- a/pkg/sentry/fs/save.go
+++ b/pkg/sentry/fs/save.go
@@ -16,8 +16,8 @@ package fs
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/log"
)
@@ -65,7 +65,7 @@ func SaveFileFsyncError(err error) error {
case nil:
// We succeeded, everything is great.
return nil
- case syscall.EBADF, syscall.EINVAL, syscall.EROFS, syscall.ENOSYS, syscall.EPERM:
+ case unix.EBADF, unix.EINVAL, unix.EROFS, unix.ENOSYS, unix.EPERM:
// These errors mean that the underlying node might not be syncable,
// which we expect to be reported as such even from the gofer.
log.Infof("failed to sync during save: %v", err)
diff --git a/pkg/sentry/fsimpl/eventfd/eventfd.go b/pkg/sentry/fsimpl/eventfd/eventfd.go
index 5b29f2358..7f810f720 100644
--- a/pkg/sentry/fsimpl/eventfd/eventfd.go
+++ b/pkg/sentry/fsimpl/eventfd/eventfd.go
@@ -18,8 +18,8 @@ package eventfd
import (
"math"
"sync"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -92,13 +92,13 @@ func (efd *EventFileDescription) HostFD() (int, error) {
flags |= linux.EFD_SEMAPHORE
}
- fd, _, errno := syscall.Syscall(syscall.SYS_EVENTFD2, uintptr(efd.val), uintptr(flags), 0)
+ fd, _, errno := unix.Syscall(unix.SYS_EVENTFD2, uintptr(efd.val), uintptr(flags), 0)
if errno != 0 {
return -1, errno
}
if err := fdnotifier.AddFD(int32(fd), &efd.queue); err != nil {
- if closeErr := syscall.Close(int(fd)); closeErr != nil {
+ if closeErr := unix.Close(int(fd)); closeErr != nil {
log.Warningf("close(%d) eventfd failed: %v", fd, closeErr)
}
return -1, err
@@ -114,7 +114,7 @@ func (efd *EventFileDescription) Release(context.Context) {
defer efd.mu.Unlock()
if efd.hostfd >= 0 {
fdnotifier.RemoveFD(int32(efd.hostfd))
- if closeErr := syscall.Close(int(efd.hostfd)); closeErr != nil {
+ if closeErr := unix.Close(int(efd.hostfd)); closeErr != nil {
log.Warningf("close(%d) eventfd failed: %v", efd.hostfd, closeErr)
}
efd.hostfd = -1
@@ -124,7 +124,7 @@ func (efd *EventFileDescription) Release(context.Context) {
// Read implements vfs.FileDescriptionImpl.Read.
func (efd *EventFileDescription) Read(ctx context.Context, dst usermem.IOSequence, _ vfs.ReadOptions) (int64, error) {
if dst.NumBytes() < 8 {
- return 0, syscall.EINVAL
+ return 0, unix.EINVAL
}
if err := efd.read(ctx, dst); err != nil {
return 0, err
@@ -135,7 +135,7 @@ func (efd *EventFileDescription) Read(ctx context.Context, dst usermem.IOSequenc
// Write implements vfs.FileDescriptionImpl.Write.
func (efd *EventFileDescription) Write(ctx context.Context, src usermem.IOSequence, _ vfs.WriteOptions) (int64, error) {
if src.NumBytes() < 8 {
- return 0, syscall.EINVAL
+ return 0, unix.EINVAL
}
if err := efd.write(ctx, src); err != nil {
return 0, err
@@ -146,8 +146,8 @@ func (efd *EventFileDescription) Write(ctx context.Context, src usermem.IOSequen
// Preconditions: Must be called with efd.mu locked.
func (efd *EventFileDescription) hostReadLocked(ctx context.Context, dst usermem.IOSequence) error {
var buf [8]byte
- if _, err := syscall.Read(efd.hostfd, buf[:]); err != nil {
- if err == syscall.EWOULDBLOCK {
+ if _, err := unix.Read(efd.hostfd, buf[:]); err != nil {
+ if err == unix.EWOULDBLOCK {
return syserror.ErrWouldBlock
}
return err
@@ -197,8 +197,8 @@ func (efd *EventFileDescription) read(ctx context.Context, dst usermem.IOSequenc
func (efd *EventFileDescription) hostWriteLocked(val uint64) error {
var buf [8]byte
usermem.ByteOrder.PutUint64(buf[:], val)
- _, err := syscall.Write(efd.hostfd, buf[:])
- if err == syscall.EWOULDBLOCK {
+ _, err := unix.Write(efd.hostfd, buf[:])
+ if err == unix.EWOULDBLOCK {
return syserror.ErrWouldBlock
}
return err
@@ -217,7 +217,7 @@ func (efd *EventFileDescription) write(ctx context.Context, src usermem.IOSequen
// Signal is an internal function to signal the event fd.
func (efd *EventFileDescription) Signal(val uint64) error {
if val == math.MaxUint64 {
- return syscall.EINVAL
+ return unix.EINVAL
}
efd.mu.Lock()
diff --git a/pkg/sentry/fsimpl/fuse/connection_control.go b/pkg/sentry/fsimpl/fuse/connection_control.go
index 4ab894965..948502db6 100644
--- a/pkg/sentry/fsimpl/fuse/connection_control.go
+++ b/pkg/sentry/fsimpl/fuse/connection_control.go
@@ -16,8 +16,8 @@ package fuse
import (
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
@@ -230,7 +230,7 @@ func (conn *connection) Abort(ctx context.Context) {
// sendError() will remove them from `fd.completion` map.
// Will enter the path of a normally received error.
for _, toTerminate := range terminate {
- conn.fd.sendError(ctx, -int32(syscall.ECONNABORTED), toTerminate)
+ conn.fd.sendError(ctx, -int32(unix.ECONNABORTED), toTerminate)
}
// 3. The requests not yet written to FUSE device.
diff --git a/pkg/sentry/fsimpl/fuse/dev.go b/pkg/sentry/fsimpl/fuse/dev.go
index 1bbe6fdb7..1eeb95216 100644
--- a/pkg/sentry/fsimpl/fuse/dev.go
+++ b/pkg/sentry/fsimpl/fuse/dev.go
@@ -15,8 +15,7 @@
package fuse
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/kernel"
@@ -176,9 +175,9 @@ func (fd *DeviceFD) readLocked(ctx context.Context, dst usermem.IOSequence, opts
// The request is too large. Cannot process it. All requests must be smaller than the
// negotiated size as specified by Connection.MaxWrite set as part of the FUSE_INIT
// handshake.
- errno := -int32(syscall.EIO)
+ errno := -int32(unix.EIO)
if req.hdr.Opcode == linux.FUSE_SETXATTR {
- errno = -int32(syscall.E2BIG)
+ errno = -int32(unix.E2BIG)
}
// Return the error to the calling task.
diff --git a/pkg/sentry/fsimpl/fuse/request_response.go b/pkg/sentry/fsimpl/fuse/request_response.go
index 41d679358..10fb9d7d2 100644
--- a/pkg/sentry/fsimpl/fuse/request_response.go
+++ b/pkg/sentry/fsimpl/fuse/request_response.go
@@ -16,8 +16,8 @@ package fuse
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/marshal"
"gvisor.dev/gvisor/pkg/sentry/kernel"
@@ -199,7 +199,7 @@ func (r *Response) Error() error {
return nil
}
- sysErrNo := syscall.Errno(-errno)
+ sysErrNo := unix.Errno(-errno)
return error(sysErrNo)
}
diff --git a/pkg/sentry/fsimpl/gofer/gofer.go b/pkg/sentry/fsimpl/gofer/gofer.go
index 094d993a8..1508cbdf1 100644
--- a/pkg/sentry/fsimpl/gofer/gofer.go
+++ b/pkg/sentry/fsimpl/gofer/gofer.go
@@ -40,8 +40,8 @@ import (
"strconv"
"strings"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/log"
@@ -550,10 +550,10 @@ func (fs *filesystem) Release(ctx context.Context) {
d.dataMu.Unlock()
// Close host FDs if they exist.
if d.readFD >= 0 {
- syscall.Close(int(d.readFD))
+ unix.Close(int(d.readFD))
}
if d.writeFD >= 0 && d.readFD != d.writeFD {
- syscall.Close(int(d.writeFD))
+ unix.Close(int(d.writeFD))
}
d.readFD = -1
d.writeFD = -1
@@ -1505,10 +1505,10 @@ func (d *dentry) destroyLocked(ctx context.Context) {
d.readFile = p9file{}
d.writeFile = p9file{}
if d.readFD >= 0 {
- syscall.Close(int(d.readFD))
+ unix.Close(int(d.readFD))
}
if d.writeFD >= 0 && d.readFD != d.writeFD {
- syscall.Close(int(d.writeFD))
+ unix.Close(int(d.writeFD))
}
d.readFD = -1
d.writeFD = -1
@@ -1686,7 +1686,7 @@ func (d *dentry) ensureSharedHandle(ctx context.Context, read, write, trunc bool
// may use the old or new file description, but this
// doesn't matter since they refer to the same file, and
// any racing mappings must be read-only.
- if err := syscall.Dup3(int(h.fd), int(d.readFD), syscall.O_CLOEXEC); err != nil {
+ if err := unix.Dup3(int(h.fd), int(d.readFD), unix.O_CLOEXEC); err != nil {
oldFD := d.readFD
d.handleMu.Unlock()
ctx.Warningf("gofer.dentry.ensureSharedHandle: failed to dup fd %d to fd %d: %v", h.fd, oldFD, err)
@@ -1772,7 +1772,7 @@ func (d *dentry) ensureSharedHandle(ctx context.Context, read, write, trunc bool
d.mapsMu.Unlock()
}
for _, fd := range fdsToClose {
- syscall.Close(int(fd))
+ unix.Close(int(fd))
}
return nil
@@ -1808,7 +1808,7 @@ func (d *dentry) syncRemoteFileLocked(ctx context.Context) error {
// handles otherwise.
if d.writeFD >= 0 {
ctx.UninterruptibleSleepStart(false)
- err := syscall.Fsync(int(d.writeFD))
+ err := unix.Fsync(int(d.writeFD))
ctx.UninterruptibleSleepFinish(false)
return err
}
@@ -1817,7 +1817,7 @@ func (d *dentry) syncRemoteFileLocked(ctx context.Context) error {
}
if d.readFD >= 0 {
ctx.UninterruptibleSleepStart(false)
- err := syscall.Fsync(int(d.readFD))
+ err := unix.Fsync(int(d.readFD))
ctx.UninterruptibleSleepFinish(false)
return err
}
diff --git a/pkg/sentry/fsimpl/gofer/handle.go b/pkg/sentry/fsimpl/gofer/handle.go
index a9ebe1206..0bc201d1c 100644
--- a/pkg/sentry/fsimpl/gofer/handle.go
+++ b/pkg/sentry/fsimpl/gofer/handle.go
@@ -15,8 +15,7 @@
package gofer
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/p9"
"gvisor.dev/gvisor/pkg/safemem"
@@ -73,7 +72,7 @@ func (h *handle) close(ctx context.Context) {
h.file.close(ctx)
h.file = p9file{}
if h.fd >= 0 {
- syscall.Close(int(h.fd))
+ unix.Close(int(h.fd))
h.fd = -1
}
}
diff --git a/pkg/sentry/fsimpl/gofer/socket.go b/pkg/sentry/fsimpl/gofer/socket.go
index a21199eac..fe15f8583 100644
--- a/pkg/sentry/fsimpl/gofer/socket.go
+++ b/pkg/sentry/fsimpl/gofer/socket.go
@@ -15,8 +15,7 @@
package gofer
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/log"
@@ -118,7 +117,7 @@ func (e *endpoint) newConnectedEndpoint(ctx context.Context, flags p9.ConnectFla
return nil, syserr.ErrConnectionRefused
}
// Dup the fd so that the new endpoint can manage its lifetime.
- hostFD, err := syscall.Dup(hostFile.FD())
+ hostFD, err := unix.Dup(hostFile.FD())
if err != nil {
log.Warningf("Could not dup host socket fd %d: %v", hostFile.FD(), err)
return nil, syserr.FromError(err)
diff --git a/pkg/sentry/fsimpl/gofer/special_file.go b/pkg/sentry/fsimpl/gofer/special_file.go
index ae972fcb5..ac3b5b621 100644
--- a/pkg/sentry/fsimpl/gofer/special_file.go
+++ b/pkg/sentry/fsimpl/gofer/special_file.go
@@ -16,8 +16,8 @@ package gofer
import (
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -376,7 +376,7 @@ func (fd *specialFileFD) sync(ctx context.Context, forFilesystemSync bool) error
// RPC.
if fd.handle.fd >= 0 {
ctx.UninterruptibleSleepStart(false)
- err := syscall.Fsync(int(fd.handle.fd))
+ err := unix.Fsync(int(fd.handle.fd))
ctx.UninterruptibleSleepFinish(false)
return err
}
diff --git a/pkg/sentry/fsimpl/host/control.go b/pkg/sentry/fsimpl/host/control.go
index 13ef48cb5..1680d456e 100644
--- a/pkg/sentry/fsimpl/host/control.go
+++ b/pkg/sentry/fsimpl/host/control.go
@@ -15,8 +15,7 @@
package host
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/kernel"
@@ -60,7 +59,7 @@ func (c *scmRights) Clone() transport.RightsControlMessage {
// Release implements transport.RightsControlMessage.Release.
func (c *scmRights) Release(ctx context.Context) {
for _, fd := range c.fds {
- syscall.Close(fd)
+ unix.Close(fd)
}
c.fds = nil
}
@@ -72,7 +71,7 @@ func fdsToFiles(ctx context.Context, fds []int) []*vfs.FileDescription {
for _, fd := range fds {
// Get flags. We do it here because they may be modified
// by subsequent functions.
- fileFlags, _, errno := syscall.Syscall(syscall.SYS_FCNTL, uintptr(fd), syscall.F_GETFL, 0)
+ fileFlags, _, errno := unix.Syscall(unix.SYS_FCNTL, uintptr(fd), unix.F_GETFL, 0)
if errno != 0 {
ctx.Warningf("Error retrieving host FD flags: %v", error(errno))
break
diff --git a/pkg/sentry/fsimpl/host/host.go b/pkg/sentry/fsimpl/host/host.go
index 05f11fbd5..ad5de80dc 100644
--- a/pkg/sentry/fsimpl/host/host.go
+++ b/pkg/sentry/fsimpl/host/host.go
@@ -20,7 +20,6 @@ import (
"fmt"
"math"
"sync/atomic"
- "syscall"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
@@ -112,7 +111,7 @@ func newInode(ctx context.Context, fs *filesystem, hostFD int, savable bool, fil
seekable := err != syserror.ESPIPE
// We expect regular files to be seekable, as this is required for them to
// be memory-mappable.
- if !seekable && fileType == syscall.S_IFREG {
+ if !seekable && fileType == unix.S_IFREG {
ctx.Infof("host.newInode: host FD %d is a non-seekable regular file", hostFD)
return nil, syserror.ESPIPE
}
@@ -121,7 +120,7 @@ func newInode(ctx context.Context, fs *filesystem, hostFD int, savable bool, fil
hostFD: hostFD,
ino: fs.NextIno(),
ftype: uint16(fileType),
- mayBlock: fileType != syscall.S_IFREG && fileType != syscall.S_IFDIR,
+ mayBlock: fileType != unix.S_IFREG && fileType != unix.S_IFDIR,
seekable: seekable,
isTTY: isTTY,
savable: savable,
@@ -132,7 +131,7 @@ func newInode(ctx context.Context, fs *filesystem, hostFD int, savable bool, fil
// If the hostFD can return EWOULDBLOCK when set to non-blocking, do so and
// handle blocking behavior in the sentry.
if i.mayBlock {
- if err := syscall.SetNonblock(i.hostFD, true); err != nil {
+ if err := unix.SetNonblock(i.hostFD, true); err != nil {
return nil, err
}
if err := fdnotifier.AddFD(int32(i.hostFD), &i.queue); err != nil {
@@ -175,7 +174,7 @@ func NewFD(ctx context.Context, mnt *vfs.Mount, hostFD int, opts *NewFDOptions)
flags := opts.Flags
if !opts.HaveFlags {
// Get flags for the imported FD.
- flagsInt, err := unix.FcntlInt(uintptr(hostFD), syscall.F_GETFL, 0)
+ flagsInt, err := unix.FcntlInt(uintptr(hostFD), unix.F_GETFL, 0)
if err != nil {
return nil, err
}
@@ -263,8 +262,8 @@ func (fs *filesystem) PrependPath(ctx context.Context, vfsroot, vd vfs.VirtualDe
// CheckPermissions implements kernfs.Inode.CheckPermissions.
func (i *inode) CheckPermissions(ctx context.Context, creds *auth.Credentials, ats vfs.AccessTypes) error {
- var s syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &s); err != nil {
return err
}
return vfs.GenericCheckPermissions(creds, ats, linux.FileMode(s.Mode), auth.KUID(s.Uid), auth.KGID(s.Gid))
@@ -272,8 +271,8 @@ func (i *inode) CheckPermissions(ctx context.Context, creds *auth.Credentials, a
// Mode implements kernfs.Inode.Mode.
func (i *inode) Mode() linux.FileMode {
- var s syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &s); err != nil {
// Retrieving the mode from the host fd using fstat(2) should not fail.
// If the syscall does not succeed, something is fundamentally wrong.
panic(fmt.Sprintf("failed to retrieve mode from host fd %d: %v", i.hostFD, err))
@@ -405,8 +404,8 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre
if m&^(linux.STATX_MODE|linux.STATX_SIZE|linux.STATX_ATIME|linux.STATX_MTIME) != 0 {
return syserror.EPERM
}
- var hostStat syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &hostStat); err != nil {
+ var hostStat unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &hostStat); err != nil {
return err
}
if err := vfs.CheckSetStat(ctx, creds, &opts, linux.FileMode(hostStat.Mode), auth.KUID(hostStat.Uid), auth.KGID(hostStat.Gid)); err != nil {
@@ -414,7 +413,7 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre
}
if m&linux.STATX_MODE != 0 {
- if err := syscall.Fchmod(i.hostFD, uint32(s.Mode)); err != nil {
+ if err := unix.Fchmod(i.hostFD, uint32(s.Mode)); err != nil {
return err
}
}
@@ -422,7 +421,7 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre
if hostStat.Mode&linux.S_IFMT != linux.S_IFREG {
return syserror.EINVAL
}
- if err := syscall.Ftruncate(i.hostFD, int64(s.Size)); err != nil {
+ if err := unix.Ftruncate(i.hostFD, int64(s.Size)); err != nil {
return err
}
oldSize := uint64(hostStat.Size)
@@ -435,7 +434,7 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre
}
}
if m&(linux.STATX_ATIME|linux.STATX_MTIME) != 0 {
- ts := [2]syscall.Timespec{
+ ts := [2]unix.Timespec{
toTimespec(s.Atime, m&linux.STATX_ATIME == 0),
toTimespec(s.Mtime, m&linux.STATX_MTIME == 0),
}
@@ -468,8 +467,8 @@ func (i *inode) Open(ctx context.Context, rp *vfs.ResolvingPath, d *kernfs.Dentr
}
func (i *inode) open(ctx context.Context, d *kernfs.Dentry, mnt *vfs.Mount, flags uint32) (*vfs.FileDescription, error) {
- var s syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &s); err != nil {
return nil, err
}
fileType := s.Mode & linux.FileTypeMask
@@ -477,10 +476,10 @@ func (i *inode) open(ctx context.Context, d *kernfs.Dentry, mnt *vfs.Mount, flag
// Constrain flags to a subset we can handle.
//
// TODO(gvisor.dev/issue/2601): Support O_NONBLOCK by adding RWF_NOWAIT to pread/pwrite calls.
- flags &= syscall.O_ACCMODE | syscall.O_NONBLOCK | syscall.O_DSYNC | syscall.O_SYNC | syscall.O_APPEND
+ flags &= unix.O_ACCMODE | unix.O_NONBLOCK | unix.O_DSYNC | unix.O_SYNC | unix.O_APPEND
switch fileType {
- case syscall.S_IFSOCK:
+ case unix.S_IFSOCK:
if i.isTTY {
log.Warningf("cannot use host socket fd %d as TTY", i.hostFD)
return nil, syserror.ENOTTY
@@ -493,7 +492,7 @@ func (i *inode) open(ctx context.Context, d *kernfs.Dentry, mnt *vfs.Mount, flag
// Currently, we only allow Unix sockets to be imported.
return unixsocket.NewFileDescription(ep, ep.Type(), flags, mnt, d.VFSDentry(), &i.locks)
- case syscall.S_IFREG, syscall.S_IFIFO, syscall.S_IFCHR:
+ case unix.S_IFREG, unix.S_IFIFO, unix.S_IFCHR:
if i.isTTY {
fd := &TTYFileDescription{
fileDescription: fileDescription{inode: i},
@@ -675,8 +674,8 @@ func (f *fileDescription) Write(ctx context.Context, src usermem.IOSequence, opt
// and writing to the host fd. This is an unavoidable race condition because
// we cannot enforce synchronization on the host.
if f.vfsfd.StatusFlags()&linux.O_APPEND != 0 {
- var s syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &s); err != nil {
f.offsetMu.Unlock()
return 0, err
}
@@ -737,8 +736,8 @@ func (f *fileDescription) Seek(_ context.Context, offset int64, whence int32) (i
f.offset += offset
case linux.SEEK_END:
- var s syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &s); err != nil {
return f.offset, err
}
size := s.Size
@@ -781,7 +780,7 @@ func (f *fileDescription) Sync(ctx context.Context) error {
func (f *fileDescription) ConfigureMMap(_ context.Context, opts *memmap.MMapOpts) error {
// NOTE(b/38213152): Technically, some obscure char devices can be memory
// mapped, but we only allow regular files.
- if f.inode.ftype != syscall.S_IFREG {
+ if f.inode.ftype != unix.S_IFREG {
return syserror.ENODEV
}
i := f.inode
diff --git a/pkg/sentry/fsimpl/host/ioctl_unsafe.go b/pkg/sentry/fsimpl/host/ioctl_unsafe.go
index 0983bf7d8..f666a5875 100644
--- a/pkg/sentry/fsimpl/host/ioctl_unsafe.go
+++ b/pkg/sentry/fsimpl/host/ioctl_unsafe.go
@@ -15,15 +15,15 @@
package host
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
func ioctlGetTermios(fd int) (*linux.Termios, error) {
var t linux.Termios
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t)))
if errno != 0 {
return nil, errno
}
@@ -31,7 +31,7 @@ func ioctlGetTermios(fd int) (*linux.Termios, error) {
}
func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error {
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t)))
if errno != 0 {
return errno
}
@@ -40,7 +40,7 @@ func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error {
func ioctlGetWinsize(fd int) (*linux.Winsize, error) {
var w linux.Winsize
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w)))
if errno != 0 {
return nil, errno
}
@@ -48,7 +48,7 @@ func ioctlGetWinsize(fd int) (*linux.Winsize, error) {
}
func ioctlSetWinsize(fd int, w *linux.Winsize) error {
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w)))
if errno != 0 {
return errno
}
diff --git a/pkg/sentry/fsimpl/host/save_restore.go b/pkg/sentry/fsimpl/host/save_restore.go
index 8800652a9..5688bddc8 100644
--- a/pkg/sentry/fsimpl/host/save_restore.go
+++ b/pkg/sentry/fsimpl/host/save_restore.go
@@ -18,8 +18,8 @@ import (
"fmt"
"io"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fdnotifier"
"gvisor.dev/gvisor/pkg/safemem"
"gvisor.dev/gvisor/pkg/sentry/hostfd"
@@ -31,7 +31,7 @@ func (i *inode) beforeSave() {
if !i.savable {
panic("host.inode is not savable")
}
- if i.ftype == syscall.S_IFIFO {
+ if i.ftype == unix.S_IFIFO {
// If this pipe FD is readable, drain it so that bytes in the pipe can
// be read after restore. (This is a legacy VFS1 feature.) We don't
// know if the pipe FD is readable, so just try reading and tolerate
@@ -45,7 +45,7 @@ func (i *inode) beforeSave() {
i.buf = append(i.buf, buf[:n]...)
}
if err != nil {
- if err == io.EOF || err == syscall.EAGAIN || err == syscall.EBADF {
+ if err == io.EOF || err == unix.EAGAIN || err == unix.EBADF {
break
}
panic(fmt.Errorf("host.inode.beforeSave: buffering from pipe failed: %v", err))
@@ -60,7 +60,7 @@ func (i *inode) beforeSave() {
// afterLoad is invoked by stateify.
func (i *inode) afterLoad() {
if i.mayBlock {
- if err := syscall.SetNonblock(i.hostFD, true); err != nil {
+ if err := unix.SetNonblock(i.hostFD, true); err != nil {
panic(fmt.Sprintf("host.inode.afterLoad: failed to set host FD %d non-blocking: %v", i.hostFD, err))
}
if err := fdnotifier.AddFD(int32(i.hostFD), &i.queue); err != nil {
diff --git a/pkg/sentry/fsimpl/host/socket.go b/pkg/sentry/fsimpl/host/socket.go
index 6763f5b0c..056f910aa 100644
--- a/pkg/sentry/fsimpl/host/socket.go
+++ b/pkg/sentry/fsimpl/host/socket.go
@@ -17,8 +17,8 @@ package host
import (
"fmt"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -87,26 +87,26 @@ type ConnectedEndpoint struct {
func (c *ConnectedEndpoint) init() *syserr.Error {
c.InitRefs()
- family, err := syscall.GetsockoptInt(c.fd, syscall.SOL_SOCKET, syscall.SO_DOMAIN)
+ family, err := unix.GetsockoptInt(c.fd, unix.SOL_SOCKET, unix.SO_DOMAIN)
if err != nil {
return syserr.FromError(err)
}
- if family != syscall.AF_UNIX {
+ if family != unix.AF_UNIX {
// We only allow Unix sockets.
return syserr.ErrInvalidEndpointState
}
- stype, err := syscall.GetsockoptInt(c.fd, syscall.SOL_SOCKET, syscall.SO_TYPE)
+ stype, err := unix.GetsockoptInt(c.fd, unix.SOL_SOCKET, unix.SO_TYPE)
if err != nil {
return syserr.FromError(err)
}
- if err := syscall.SetNonblock(c.fd, true); err != nil {
+ if err := unix.SetNonblock(c.fd, true); err != nil {
return syserr.FromError(err)
}
- sndbuf, err := syscall.GetsockoptInt(c.fd, syscall.SOL_SOCKET, syscall.SO_SNDBUF)
+ sndbuf, err := unix.GetsockoptInt(c.fd, unix.SOL_SOCKET, unix.SO_SNDBUF)
if err != nil {
return syserr.FromError(err)
}
@@ -177,7 +177,7 @@ func (c *ConnectedEndpoint) CloseSend() {
c.mu.Lock()
defer c.mu.Unlock()
- if err := syscall.Shutdown(c.fd, syscall.SHUT_WR); err != nil {
+ if err := unix.Shutdown(c.fd, unix.SHUT_WR); err != nil {
// A well-formed UDS shutdown can't fail. See
// net/unix/af_unix.c:unix_shutdown.
panic(fmt.Sprintf("failed write shutdown on host socket %+v: %v", c, err))
@@ -270,7 +270,7 @@ func (c *ConnectedEndpoint) CloseRecv() {
c.mu.Lock()
defer c.mu.Unlock()
- if err := syscall.Shutdown(c.fd, syscall.SHUT_RD); err != nil {
+ if err := unix.Shutdown(c.fd, unix.SHUT_RD); err != nil {
// A well-formed UDS shutdown can't fail. See
// net/unix/af_unix.c:unix_shutdown.
panic(fmt.Sprintf("failed read shutdown on host socket %+v: %v", c, err))
@@ -358,7 +358,7 @@ func (e *SCMConnectedEndpoint) Release(ctx context.Context) {
e.DecRef(func() {
e.mu.Lock()
fdnotifier.RemoveFD(int32(e.fd))
- if err := syscall.Close(e.fd); err != nil {
+ if err := unix.Close(e.fd); err != nil {
log.Warningf("Failed to close host fd %d: %v", err)
}
e.destroyLocked()
diff --git a/pkg/sentry/fsimpl/host/socket_iovec.go b/pkg/sentry/fsimpl/host/socket_iovec.go
index fc0d5fd38..b123a63ee 100644
--- a/pkg/sentry/fsimpl/host/socket_iovec.go
+++ b/pkg/sentry/fsimpl/host/socket_iovec.go
@@ -15,8 +15,7 @@
package host
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/iovec"
"gvisor.dev/gvisor/pkg/syserror"
)
@@ -52,7 +51,7 @@ func copyFromMulti(dst []byte, src [][]byte) {
//
// If intermediate != nil, iovecs references intermediate rather than bufs and
// the caller must copy to/from bufs as necessary.
-func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []syscall.Iovec, intermediate []byte, err error) {
+func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []unix.Iovec, intermediate []byte, err error) {
var iovsRequired int
for _, b := range bufs {
length += int64(len(b))
@@ -76,14 +75,14 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec
// Use a single intermediate buffer instead.
b := make([]byte, stopLen)
- return stopLen, []syscall.Iovec{{
+ return stopLen, []unix.Iovec{{
Base: &b[0],
Len: uint64(stopLen),
}}, b, err
}
var total int64
- iovecs = make([]syscall.Iovec, 0, iovsRequired)
+ iovecs = make([]unix.Iovec, 0, iovsRequired)
for i := range bufs {
l := len(bufs[i])
if l == 0 {
@@ -95,7 +94,7 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec
stop = stopLen - total
}
- iovecs = append(iovecs, syscall.Iovec{
+ iovecs = append(iovecs, unix.Iovec{
Base: &bufs[i][0],
Len: uint64(stop),
})
diff --git a/pkg/sentry/fsimpl/host/socket_unsafe.go b/pkg/sentry/fsimpl/host/socket_unsafe.go
index c0bf45f08..34f24e95c 100644
--- a/pkg/sentry/fsimpl/host/socket_unsafe.go
+++ b/pkg/sentry/fsimpl/host/socket_unsafe.go
@@ -15,8 +15,9 @@
package host
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
// fdReadVec receives from fd to bufs.
@@ -24,9 +25,9 @@ import (
// If the total length of bufs is > maxlen, fdReadVec will do a partial read
// and err will indicate why the message was truncated.
func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (readLen int64, msgLen int64, controlLen uint64, controlTrunc bool, err error) {
- flags := uintptr(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC)
+ flags := uintptr(unix.MSG_DONTWAIT | unix.MSG_TRUNC)
if peek {
- flags |= syscall.MSG_PEEK
+ flags |= unix.MSG_PEEK
}
// Always truncate the receive buffer. All socket types will truncate
@@ -37,7 +38,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
return 0, 0, 0, false, err
}
- var msg syscall.Msghdr
+ var msg unix.Msghdr
if len(control) != 0 {
msg.Control = &control[0]
msg.Controllen = uint64(len(control))
@@ -48,7 +49,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
msg.Iovlen = uint64(len(iovecs))
}
- rawN, _, e := syscall.RawSyscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags)
+ rawN, _, e := unix.RawSyscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags)
if e != 0 {
// N.B. prioritize the syscall error over the buildIovec error.
return 0, 0, 0, false, e
@@ -60,7 +61,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
copyToMulti(bufs, intermediate)
}
- controlTrunc = msg.Flags&syscall.MSG_CTRUNC == syscall.MSG_CTRUNC
+ controlTrunc = msg.Flags&unix.MSG_CTRUNC == unix.MSG_CTRUNC
if n > length {
return length, n, msg.Controllen, controlTrunc, nil
@@ -85,13 +86,13 @@ func fdWriteVec(fd int, bufs [][]byte, maxlen int64, truncate bool) (int64, int6
copyFromMulti(intermediate, bufs)
}
- var msg syscall.Msghdr
+ var msg unix.Msghdr
if len(iovecs) > 0 {
msg.Iov = &iovecs[0]
msg.Iovlen = uint64(len(iovecs))
}
- n, _, e := syscall.RawSyscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), syscall.MSG_DONTWAIT|syscall.MSG_NOSIGNAL)
+ n, _, e := unix.RawSyscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), unix.MSG_DONTWAIT|unix.MSG_NOSIGNAL)
if e != 0 {
// N.B. prioritize the syscall error over the buildIovec error.
return 0, length, e
diff --git a/pkg/sentry/fsimpl/host/util.go b/pkg/sentry/fsimpl/host/util.go
index b2f43a119..63b465859 100644
--- a/pkg/sentry/fsimpl/host/util.go
+++ b/pkg/sentry/fsimpl/host/util.go
@@ -15,21 +15,19 @@
package host
import (
- "syscall"
-
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/syserror"
)
-func toTimespec(ts linux.StatxTimestamp, omit bool) syscall.Timespec {
+func toTimespec(ts linux.StatxTimestamp, omit bool) unix.Timespec {
if omit {
- return syscall.Timespec{
+ return unix.Timespec{
Sec: 0,
Nsec: unix.UTIME_OMIT,
}
}
- return syscall.Timespec{
+ return unix.Timespec{
Sec: ts.Sec,
Nsec: int64(ts.Nsec),
}
diff --git a/pkg/sentry/fsimpl/host/util_unsafe.go b/pkg/sentry/fsimpl/host/util_unsafe.go
index 5136ac844..b36eed2e2 100644
--- a/pkg/sentry/fsimpl/host/util_unsafe.go
+++ b/pkg/sentry/fsimpl/host/util_unsafe.go
@@ -15,13 +15,14 @@
package host
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
-func setTimestamps(fd int, ts *[2]syscall.Timespec) error {
- _, _, errno := syscall.Syscall6(
- syscall.SYS_UTIMENSAT,
+func setTimestamps(fd int, ts *[2]unix.Timespec) error {
+ _, _, errno := unix.Syscall6(
+ unix.SYS_UTIMENSAT,
uintptr(fd),
0, /* path */
uintptr(unsafe.Pointer(ts)),
diff --git a/pkg/sentry/hostfd/hostfd_unsafe.go b/pkg/sentry/hostfd/hostfd_unsafe.go
index 694371b1c..03c6d2a16 100644
--- a/pkg/sentry/hostfd/hostfd_unsafe.go
+++ b/pkg/sentry/hostfd/hostfd_unsafe.go
@@ -16,7 +16,6 @@ package hostfd
import (
"io"
- "syscall"
"unsafe"
"golang.org/x/sys/unix"
@@ -33,15 +32,15 @@ func Preadv2(fd int32, dsts safemem.BlockSeq, offset int64, flags uint32) (uint6
// return EFAULT if appropriate, instead of raising SIGBUS.
var (
n uintptr
- e syscall.Errno
+ e unix.Errno
)
if flags == 0 && dsts.NumBlocks() == 1 {
// Use read() or pread() to avoid iovec allocation and copying.
dst := dsts.Head()
if offset == -1 {
- n, _, e = syscall.Syscall(unix.SYS_READ, uintptr(fd), dst.Addr(), uintptr(dst.Len()))
+ n, _, e = unix.Syscall(unix.SYS_READ, uintptr(fd), dst.Addr(), uintptr(dst.Len()))
} else {
- n, _, e = syscall.Syscall6(unix.SYS_PREAD64, uintptr(fd), dst.Addr(), uintptr(dst.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */)
+ n, _, e = unix.Syscall6(unix.SYS_PREAD64, uintptr(fd), dst.Addr(), uintptr(dst.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */)
}
} else {
iovs := safemem.IovecsFromBlockSeq(dsts)
@@ -49,7 +48,7 @@ func Preadv2(fd int32, dsts safemem.BlockSeq, offset int64, flags uint32) (uint6
log.Debugf("hostfd.Preadv2: truncating from %d iovecs to %d", len(iovs), maxIov)
iovs = iovs[:maxIov]
}
- n, _, e = syscall.Syscall6(unix.SYS_PREADV2, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, uintptr(flags))
+ n, _, e = unix.Syscall6(unix.SYS_PREADV2, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, uintptr(flags))
}
if e != 0 {
return 0, e
@@ -69,15 +68,15 @@ func Pwritev2(fd int32, srcs safemem.BlockSeq, offset int64, flags uint32) (uint
// return EFAULT if appropriate, instead of raising SIGBUS.
var (
n uintptr
- e syscall.Errno
+ e unix.Errno
)
if flags == 0 && srcs.NumBlocks() == 1 {
// Use write() or pwrite() to avoid iovec allocation and copying.
src := srcs.Head()
if offset == -1 {
- n, _, e = syscall.Syscall(unix.SYS_WRITE, uintptr(fd), src.Addr(), uintptr(src.Len()))
+ n, _, e = unix.Syscall(unix.SYS_WRITE, uintptr(fd), src.Addr(), uintptr(src.Len()))
} else {
- n, _, e = syscall.Syscall6(unix.SYS_PWRITE64, uintptr(fd), src.Addr(), uintptr(src.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */)
+ n, _, e = unix.Syscall6(unix.SYS_PWRITE64, uintptr(fd), src.Addr(), uintptr(src.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */)
}
} else {
iovs := safemem.IovecsFromBlockSeq(srcs)
@@ -85,7 +84,7 @@ func Pwritev2(fd int32, srcs safemem.BlockSeq, offset int64, flags uint32) (uint
log.Debugf("hostfd.Preadv2: truncating from %d iovecs to %d", len(iovs), maxIov)
iovs = iovs[:maxIov]
}
- n, _, e = syscall.Syscall6(unix.SYS_PWRITEV2, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, uintptr(flags))
+ n, _, e = unix.Syscall6(unix.SYS_PWRITEV2, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, uintptr(flags))
}
if e != 0 {
return 0, e
diff --git a/pkg/sentry/hostmm/hostmm.go b/pkg/sentry/hostmm/hostmm.go
index 506c7864a..c47b96b54 100644
--- a/pkg/sentry/hostmm/hostmm.go
+++ b/pkg/sentry/hostmm/hostmm.go
@@ -20,8 +20,8 @@ import (
"fmt"
"os"
"path"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/usermem"
@@ -60,7 +60,7 @@ func NotifyCurrentMemcgPressureCallback(f func(), level string) (func(), error)
}
// Don't use fmt.Fprintf since the whole string needs to be written in a
- // single syscall.
+ // single unix.
eventControlStr := fmt.Sprintf("%d %d %s", eventFD.FD(), pressureFile.Fd(), level)
if n, err := eventControlFile.Write([]byte(eventControlStr)); n != len(eventControlStr) || err != nil {
eventFD.Close()
@@ -80,7 +80,7 @@ func NotifyCurrentMemcgPressureCallback(f func(), level string) (func(), error)
for {
n, err := rw.Read(buf[:])
if err != nil {
- if err == syscall.EINTR {
+ if err == unix.EINTR {
continue
}
panic(fmt.Sprintf("failed to read from memory pressure level eventfd: %v", err))
@@ -107,7 +107,7 @@ func NotifyCurrentMemcgPressureCallback(f func(), level string) (func(), error)
for {
n, err := rw.Write(buf[:])
if err != nil {
- if err == syscall.EINTR {
+ if err == unix.EINTR {
continue
}
panic(fmt.Sprintf("failed to write to memory pressure level eventfd: %v", err))
@@ -122,7 +122,7 @@ func NotifyCurrentMemcgPressureCallback(f func(), level string) (func(), error)
}
func newEventFD() (*fd.FD, error) {
- f, _, e := syscall.Syscall(syscall.SYS_EVENTFD2, 0, 0, 0)
+ f, _, e := unix.Syscall(unix.SYS_EVENTFD2, 0, 0, 0)
if e != 0 {
return nil, fmt.Errorf("failed to create eventfd: %v", e)
}
diff --git a/pkg/sentry/hostmm/membarrier.go b/pkg/sentry/hostmm/membarrier.go
index 4468d75f1..e4e61a398 100644
--- a/pkg/sentry/hostmm/membarrier.go
+++ b/pkg/sentry/hostmm/membarrier.go
@@ -15,8 +15,6 @@
package hostmm
import (
- "syscall"
-
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/log"
@@ -28,9 +26,9 @@ var (
)
func init() {
- supported, _, e := syscall.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_QUERY, 0 /* flags */, 0 /* unused */)
+ supported, _, e := unix.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_QUERY, 0 /* flags */, 0 /* unused */)
if e != 0 {
- if e != syscall.ENOSYS {
+ if e != unix.ENOSYS {
log.Warningf("membarrier(MEMBARRIER_CMD_QUERY) failed: %s", e.Error())
}
return
@@ -46,7 +44,7 @@ func init() {
haveMembarrierGlobal = true
}
if req := uintptr(linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED | linux.MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED); supported&req == req {
- if _, _, e := syscall.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED, 0 /* flags */, 0 /* unused */); e != 0 {
+ if _, _, e := unix.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED, 0 /* flags */, 0 /* unused */); e != 0 {
log.Warningf("membarrier(MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED) failed: %s", e.Error())
} else {
haveMembarrierPrivateExpedited = true
@@ -66,7 +64,7 @@ func HaveGlobalMemoryBarrier() bool {
//
// Preconditions: HaveGlobalMemoryBarrier() == true.
func GlobalMemoryBarrier() error {
- if _, _, e := syscall.Syscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_GLOBAL, 0 /* flags */, 0 /* unused */); e != 0 {
+ if _, _, e := unix.Syscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_GLOBAL, 0 /* flags */, 0 /* unused */); e != 0 {
return e
}
return nil
@@ -83,7 +81,7 @@ func HaveProcessMemoryBarrier() bool {
//
// Preconditions: HaveProcessMemoryBarrier() == true.
func ProcessMemoryBarrier() error {
- if _, _, e := syscall.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED, 0 /* flags */, 0 /* unused */); e != 0 {
+ if _, _, e := unix.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED, 0 /* flags */, 0 /* unused */); e != 0 {
return e
}
return nil
diff --git a/pkg/sentry/kernel/abstract_socket_namespace.go b/pkg/sentry/kernel/abstract_socket_namespace.go
index 0ddbe5ff6..d100e58d7 100644
--- a/pkg/sentry/kernel/abstract_socket_namespace.go
+++ b/pkg/sentry/kernel/abstract_socket_namespace.go
@@ -16,8 +16,8 @@ package kernel
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/refsvfs2"
"gvisor.dev/gvisor/pkg/sentry/socket/unix/transport"
@@ -97,7 +97,7 @@ func (a *AbstractSocketNamespace) Bind(ctx context.Context, name string, ep tran
if ep, ok := a.endpoints[name]; ok {
if ep.socket.TryIncRef() {
ep.socket.DecRef(ctx)
- return syscall.EADDRINUSE
+ return unix.EADDRINUSE
}
}
diff --git a/pkg/sentry/kernel/epoll/epoll.go b/pkg/sentry/kernel/epoll/epoll.go
index 407b6e917..ba73a7812 100644
--- a/pkg/sentry/kernel/epoll/epoll.go
+++ b/pkg/sentry/kernel/epoll/epoll.go
@@ -24,8 +24,8 @@ package epoll
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/refs"
@@ -173,12 +173,12 @@ func (e *EventPoll) Release(ctx context.Context) {
// Read implements fs.FileOperations.Read.
func (*EventPoll) Read(context.Context, *fs.File, usermem.IOSequence, int64) (int64, error) {
- return 0, syscall.ENOSYS
+ return 0, unix.ENOSYS
}
// Write implements fs.FileOperations.Write.
func (*EventPoll) Write(context.Context, *fs.File, usermem.IOSequence, int64) (int64, error) {
- return 0, syscall.ENOSYS
+ return 0, unix.ENOSYS
}
// eventsAvailable determines if 'e' has events available for delivery.
@@ -358,18 +358,18 @@ func (e *EventPoll) AddEntry(id FileIdentifier, flags EntryFlags, mask waiter.Ev
// Fail if the file already has an entry.
if _, ok := e.files[id]; ok {
- return syscall.EEXIST
+ return unix.EEXIST
}
// Check if a cycle would be created. We use 4 as the limit because
// that's the value used by linux and we want to emulate it.
if ep != nil {
if e == ep {
- return syscall.EINVAL
+ return unix.EINVAL
}
if ep.observes(e, 4) {
- return syscall.ELOOP
+ return unix.ELOOP
}
}
@@ -404,7 +404,7 @@ func (e *EventPoll) UpdateEntry(id FileIdentifier, flags EntryFlags, mask waiter
// Fail if the file doesn't have an entry.
entry, ok := e.files[id]
if !ok {
- return syscall.ENOENT
+ return unix.ENOENT
}
// Unregister the old mask and remove entry from the list it's in, so
@@ -435,7 +435,7 @@ func (e *EventPoll) RemoveEntry(ctx context.Context, id FileIdentifier) error {
// Fail if the file doesn't have an entry.
entry, ok := e.files[id]
if !ok {
- return syscall.ENOENT
+ return unix.ENOENT
}
// Unregister from file first so that no concurrent attempts will be
diff --git a/pkg/sentry/kernel/eventfd/eventfd.go b/pkg/sentry/kernel/eventfd/eventfd.go
index bbf568dfc..64f1cc631 100644
--- a/pkg/sentry/kernel/eventfd/eventfd.go
+++ b/pkg/sentry/kernel/eventfd/eventfd.go
@@ -18,8 +18,8 @@ package eventfd
import (
"math"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -91,13 +91,13 @@ func (e *EventOperations) HostFD() (int, error) {
flags |= linux.EFD_SEMAPHORE
}
- fd, _, err := syscall.Syscall(syscall.SYS_EVENTFD2, uintptr(e.val), uintptr(flags), 0)
+ fd, _, err := unix.Syscall(unix.SYS_EVENTFD2, uintptr(e.val), uintptr(flags), 0)
if err != 0 {
return -1, err
}
if err := fdnotifier.AddFD(int32(fd), &e.wq); err != nil {
- syscall.Close(int(fd))
+ unix.Close(int(fd))
return -1, err
}
@@ -111,7 +111,7 @@ func (e *EventOperations) Release(context.Context) {
defer e.mu.Unlock()
if e.hostfd >= 0 {
fdnotifier.RemoveFD(int32(e.hostfd))
- syscall.Close(e.hostfd)
+ unix.Close(e.hostfd)
e.hostfd = -1
}
}
@@ -119,7 +119,7 @@ func (e *EventOperations) Release(context.Context) {
// Read implements fs.FileOperations.Read.
func (e *EventOperations) Read(ctx context.Context, _ *fs.File, dst usermem.IOSequence, _ int64) (int64, error) {
if dst.NumBytes() < 8 {
- return 0, syscall.EINVAL
+ return 0, unix.EINVAL
}
if err := e.read(ctx, dst); err != nil {
return 0, err
@@ -130,7 +130,7 @@ func (e *EventOperations) Read(ctx context.Context, _ *fs.File, dst usermem.IOSe
// Write implements fs.FileOperations.Write.
func (e *EventOperations) Write(ctx context.Context, _ *fs.File, src usermem.IOSequence, _ int64) (int64, error) {
if src.NumBytes() < 8 {
- return 0, syscall.EINVAL
+ return 0, unix.EINVAL
}
if err := e.write(ctx, src); err != nil {
return 0, err
@@ -142,8 +142,8 @@ func (e *EventOperations) Write(ctx context.Context, _ *fs.File, src usermem.IOS
func (e *EventOperations) hostRead(ctx context.Context, dst usermem.IOSequence) error {
var buf [8]byte
- if _, err := syscall.Read(e.hostfd, buf[:]); err != nil {
- if err == syscall.EWOULDBLOCK {
+ if _, err := unix.Read(e.hostfd, buf[:]); err != nil {
+ if err == unix.EWOULDBLOCK {
return syserror.ErrWouldBlock
}
return err
@@ -195,8 +195,8 @@ func (e *EventOperations) read(ctx context.Context, dst usermem.IOSequence) erro
func (e *EventOperations) hostWrite(val uint64) error {
var buf [8]byte
usermem.ByteOrder.PutUint64(buf[:], val)
- _, err := syscall.Write(e.hostfd, buf[:])
- if err == syscall.EWOULDBLOCK {
+ _, err := unix.Write(e.hostfd, buf[:])
+ if err == unix.EWOULDBLOCK {
return syserror.ErrWouldBlock
}
return err
@@ -215,7 +215,7 @@ func (e *EventOperations) write(ctx context.Context, src usermem.IOSequence) err
// Signal is an internal function to signal the event fd.
func (e *EventOperations) Signal(val uint64) error {
if val == math.MaxUint64 {
- return syscall.EINVAL
+ return unix.EINVAL
}
e.mu.Lock()
diff --git a/pkg/sentry/kernel/fd_table.go b/pkg/sentry/kernel/fd_table.go
index a6afabb1c..10885688c 100644
--- a/pkg/sentry/kernel/fd_table.go
+++ b/pkg/sentry/kernel/fd_table.go
@@ -19,8 +19,8 @@ import (
"math"
"strings"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -253,7 +253,7 @@ func (f *FDTable) String() string {
func (f *FDTable) NewFDs(ctx context.Context, fd int32, files []*fs.File, flags FDFlags) (fds []int32, err error) {
if fd < 0 {
// Don't accept negative FDs.
- return nil, syscall.EINVAL
+ return nil, unix.EINVAL
}
// Default limit.
@@ -266,7 +266,7 @@ func (f *FDTable) NewFDs(ctx context.Context, fd int32, files []*fs.File, flags
end = int32(lim.Cur)
}
if fd >= end {
- return nil, syscall.EMFILE
+ return nil, unix.EMFILE
}
}
@@ -300,7 +300,7 @@ func (f *FDTable) NewFDs(ctx context.Context, fd int32, files []*fs.File, flags
for _, file := range files[:len(fds)] {
file.DecRef(ctx)
}
- return nil, syscall.EMFILE
+ return nil, unix.EMFILE
}
if fd == f.next {
@@ -318,7 +318,7 @@ func (f *FDTable) NewFDs(ctx context.Context, fd int32, files []*fs.File, flags
func (f *FDTable) NewFDsVFS2(ctx context.Context, fd int32, files []*vfs.FileDescription, flags FDFlags) (fds []int32, err error) {
if fd < 0 {
// Don't accept negative FDs.
- return nil, syscall.EINVAL
+ return nil, unix.EINVAL
}
// Default limit.
@@ -331,7 +331,7 @@ func (f *FDTable) NewFDsVFS2(ctx context.Context, fd int32, files []*vfs.FileDes
end = int32(lim.Cur)
}
if fd >= end {
- return nil, syscall.EMFILE
+ return nil, unix.EMFILE
}
}
@@ -365,7 +365,7 @@ func (f *FDTable) NewFDsVFS2(ctx context.Context, fd int32, files []*vfs.FileDes
for _, file := range files[:len(fds)] {
file.DecRef(ctx)
}
- return nil, syscall.EMFILE
+ return nil, unix.EMFILE
}
if fd == f.next {
@@ -382,7 +382,7 @@ func (f *FDTable) NewFDsVFS2(ctx context.Context, fd int32, files []*vfs.FileDes
func (f *FDTable) NewFDVFS2(ctx context.Context, minfd int32, file *vfs.FileDescription, flags FDFlags) (int32, error) {
if minfd < 0 {
// Don't accept negative FDs.
- return -1, syscall.EINVAL
+ return -1, unix.EINVAL
}
// Default limit.
@@ -395,7 +395,7 @@ func (f *FDTable) NewFDVFS2(ctx context.Context, minfd int32, file *vfs.FileDesc
end = int32(lim.Cur)
}
if minfd >= end {
- return -1, syscall.EMFILE
+ return -1, unix.EMFILE
}
}
@@ -418,7 +418,7 @@ func (f *FDTable) NewFDVFS2(ctx context.Context, minfd int32, file *vfs.FileDesc
}
fd++
}
- return -1, syscall.EMFILE
+ return -1, unix.EMFILE
}
// NewFDAt sets the file reference for the given FD. If there is an active
@@ -452,13 +452,13 @@ func (f *FDTable) NewFDAtVFS2(ctx context.Context, fd int32, file *vfs.FileDescr
func (f *FDTable) newFDAt(ctx context.Context, fd int32, file *fs.File, fileVFS2 *vfs.FileDescription, flags FDFlags) (*fs.File, *vfs.FileDescription, error) {
if fd < 0 {
// Don't accept negative FDs.
- return nil, nil, syscall.EBADF
+ return nil, nil, unix.EBADF
}
// Check the limit for the provided file.
if limitSet := limits.FromContext(ctx); limitSet != nil {
if lim := limitSet.Get(limits.NumberOfFiles); lim.Cur != limits.Infinity && uint64(fd) >= lim.Cur {
- return nil, nil, syscall.EMFILE
+ return nil, nil, unix.EMFILE
}
}
@@ -476,7 +476,7 @@ func (f *FDTable) newFDAt(ctx context.Context, fd int32, file *fs.File, fileVFS2
func (f *FDTable) SetFlags(ctx context.Context, fd int32, flags FDFlags) error {
if fd < 0 {
// Don't accept negative FDs.
- return syscall.EBADF
+ return unix.EBADF
}
f.mu.Lock()
@@ -485,7 +485,7 @@ func (f *FDTable) SetFlags(ctx context.Context, fd int32, flags FDFlags) error {
file, _, _ := f.get(fd)
if file == nil {
// No file found.
- return syscall.EBADF
+ return unix.EBADF
}
// Update the flags.
@@ -499,7 +499,7 @@ func (f *FDTable) SetFlags(ctx context.Context, fd int32, flags FDFlags) error {
func (f *FDTable) SetFlagsVFS2(ctx context.Context, fd int32, flags FDFlags) error {
if fd < 0 {
// Don't accept negative FDs.
- return syscall.EBADF
+ return unix.EBADF
}
f.mu.Lock()
@@ -508,7 +508,7 @@ func (f *FDTable) SetFlagsVFS2(ctx context.Context, fd int32, flags FDFlags) err
file, _, _ := f.getVFS2(fd)
if file == nil {
// No file found.
- return syscall.EBADF
+ return unix.EBADF
}
// Update the flags.
diff --git a/pkg/sentry/kernel/pipe/pipe.go b/pkg/sentry/kernel/pipe/pipe.go
index 2c8668fc4..68a55a186 100644
--- a/pkg/sentry/kernel/pipe/pipe.go
+++ b/pkg/sentry/kernel/pipe/pipe.go
@@ -19,8 +19,8 @@ import (
"fmt"
"io"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/safemem"
"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -244,7 +244,7 @@ func (p *Pipe) consumeLocked(n int64) {
func (p *Pipe) writeLocked(count int64, f func(safemem.BlockSeq) (uint64, error)) (int64, error) {
// Can't write to a pipe with no readers.
if !p.HasReaders() {
- return 0, syscall.EPIPE
+ return 0, unix.EPIPE
}
avail := p.max - p.size
diff --git a/pkg/sentry/kernel/pipe/pipe_util.go b/pkg/sentry/kernel/pipe/pipe_util.go
index 77246edbe..76ea389ca 100644
--- a/pkg/sentry/kernel/pipe/pipe_util.go
+++ b/pkg/sentry/kernel/pipe/pipe_util.go
@@ -17,8 +17,8 @@ package pipe
import (
"io"
"math"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/amutex"
"gvisor.dev/gvisor/pkg/context"
@@ -139,7 +139,7 @@ func (p *Pipe) Ioctl(ctx context.Context, io usermem.IO, args arch.SyscallArgume
_, err := primitive.CopyInt32Out(&iocc, args[2].Pointer(), int32(v))
return 0, err
default:
- return 0, syscall.ENOTTY
+ return 0, unix.ENOTTY
}
}
diff --git a/pkg/sentry/kernel/seccomp.go b/pkg/sentry/kernel/seccomp.go
index 60917e7d3..8163a6132 100644
--- a/pkg/sentry/kernel/seccomp.go
+++ b/pkg/sentry/kernel/seccomp.go
@@ -15,8 +15,7 @@
package kernel
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/bpf"
"gvisor.dev/gvisor/pkg/sentry/arch"
@@ -83,7 +82,7 @@ func (t *Task) checkSeccompSyscall(sysno int32, args arch.SyscallArguments, ip u
// the system call is not executed."
if !t.ptraceSeccomp(result.Data()) {
// This useless-looking temporary is needed because Go.
- tmp := uintptr(syscall.ENOSYS)
+ tmp := uintptr(unix.ENOSYS)
t.Arch().SetReturn(-tmp)
return linux.SECCOMP_RET_ERRNO
}
diff --git a/pkg/sentry/kernel/task_syscall.go b/pkg/sentry/kernel/task_syscall.go
index 0141459e7..2e84bd88a 100644
--- a/pkg/sentry/kernel/task_syscall.go
+++ b/pkg/sentry/kernel/task_syscall.go
@@ -18,8 +18,8 @@ import (
"fmt"
"os"
"runtime/trace"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/bits"
"gvisor.dev/gvisor/pkg/marshal"
@@ -113,7 +113,7 @@ func (t *Task) executeSyscall(sysno uintptr, args arch.SyscallArguments) (rval u
if bits.IsOn32(fe, ExternalAfterEnable) && (s.ExternalFilterAfter == nil || s.ExternalFilterAfter(t, sysno, args)) {
t.invokeExternal()
- // Don't reinvoke the syscall.
+ // Don't reinvoke the unix.
}
if bits.IsAnyOn32(fe, StraceEnableBits) {
@@ -147,7 +147,7 @@ func (t *Task) doSyscall() taskRunState {
// Tracers expect to see this between when the task traps into the kernel
// to perform a syscall and when the syscall is actually invoked.
// This useless-looking temporary is needed because Go.
- tmp := uintptr(syscall.ENOSYS)
+ tmp := uintptr(unix.ENOSYS)
t.Arch().SetReturn(-tmp)
// Check seccomp filters. The nil check is for performance (as seccomp use
@@ -379,7 +379,7 @@ func ExtractErrno(err error, sysno int) int {
switch err := err.(type) {
case nil:
return 0
- case syscall.Errno:
+ case unix.Errno:
return int(err)
case syserror.SyscallRestartErrno:
return int(err)
@@ -387,7 +387,7 @@ func ExtractErrno(err error, sysno int) int {
// Bus errors may generate SIGBUS, but for syscalls they still
// return EFAULT. See case in task_run.go where the fault is
// handled (and the SIGBUS is delivered).
- return int(syscall.EFAULT)
+ return int(unix.EFAULT)
case *os.PathError:
return ExtractErrno(err.Err, sysno)
case *os.LinkError:
diff --git a/pkg/sentry/limits/limits.go b/pkg/sentry/limits/limits.go
index 31b9e9ff6..7c6c4df01 100644
--- a/pkg/sentry/limits/limits.go
+++ b/pkg/sentry/limits/limits.go
@@ -16,8 +16,7 @@
package limits
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/sync"
)
@@ -125,10 +124,10 @@ func (l *LimitSet) Set(t LimitType, v Limit, privileged bool) (Limit, error) {
if _, ok := l.data[t]; ok {
// Unprivileged users can only lower their hard limits.
if l.data[t].Max < v.Max && !privileged {
- return Limit{}, syscall.EPERM
+ return Limit{}, unix.EPERM
}
if v.Cur > v.Max {
- return Limit{}, syscall.EINVAL
+ return Limit{}, unix.EINVAL
}
}
old := l.data[t]
diff --git a/pkg/sentry/pgalloc/pgalloc.go b/pkg/sentry/pgalloc/pgalloc.go
index d99be7f46..58cc11a13 100644
--- a/pkg/sentry/pgalloc/pgalloc.go
+++ b/pkg/sentry/pgalloc/pgalloc.go
@@ -26,9 +26,9 @@ import (
"math"
"os"
"sync/atomic"
- "syscall"
"time"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/log"
@@ -341,12 +341,12 @@ func NewMemoryFile(file *os.File, opts MemoryFileOpts) (*MemoryFile, error) {
// Work around IMA by immediately creating a temporary PROT_EXEC mapping,
// while the backing file is still small. IMA will ignore any future
// mappings.
- m, _, errno := syscall.Syscall6(
- syscall.SYS_MMAP,
+ m, _, errno := unix.Syscall6(
+ unix.SYS_MMAP,
0,
usermem.PageSize,
- syscall.PROT_EXEC,
- syscall.MAP_SHARED,
+ unix.PROT_EXEC,
+ unix.MAP_SHARED,
file.Fd(),
0)
if errno != 0 {
@@ -354,8 +354,8 @@ func NewMemoryFile(file *os.File, opts MemoryFileOpts) (*MemoryFile, error) {
// don't return it.
log.Warningf("Failed to pre-map MemoryFile PROT_EXEC: %v", errno)
} else {
- if _, _, errno := syscall.Syscall(
- syscall.SYS_MUNMAP,
+ if _, _, errno := unix.Syscall(
+ unix.SYS_MUNMAP,
m,
usermem.PageSize,
0); errno != 0 {
@@ -584,7 +584,7 @@ func (f *MemoryFile) decommitFile(fr memmap.FileRange) error {
// "After a successful call, subsequent reads from this range will
// return zeroes. The FALLOC_FL_PUNCH_HOLE flag must be ORed with
// FALLOC_FL_KEEP_SIZE in mode ..." - fallocate(2)
- return syscall.Fallocate(
+ return unix.Fallocate(
int(f.file.Fd()),
_FALLOC_FL_PUNCH_HOLE|_FALLOC_FL_KEEP_SIZE,
int64(fr.Start),
@@ -730,12 +730,12 @@ func (f *MemoryFile) getChunkMapping(chunk int) ([]uintptr, uintptr, error) {
if m := mappings[chunk]; m != 0 {
return mappings, m, nil
}
- m, _, errno := syscall.Syscall6(
- syscall.SYS_MMAP,
+ m, _, errno := unix.Syscall6(
+ unix.SYS_MMAP,
0,
chunkSize,
- syscall.PROT_READ|syscall.PROT_WRITE,
- syscall.MAP_SHARED,
+ unix.PROT_READ|unix.PROT_WRITE,
+ unix.MAP_SHARED,
f.file.Fd(),
uintptr(chunk<<chunkShift))
if errno != 0 {
@@ -1012,8 +1012,8 @@ func (f *MemoryFile) TotalUsage() (uint64, error) {
// Stat the underlying file to discover the underlying usage. stat(2)
// always reports the allocated block count in units of 512 bytes. This
// includes pages in the page cache and swapped pages.
- var stat syscall.Stat_t
- if err := syscall.Fstat(int(f.file.Fd()), &stat); err != nil {
+ var stat unix.Stat_t
+ if err := unix.Fstat(int(f.file.Fd()), &stat); err != nil {
return 0, err
}
return uint64(stat.Blocks * 512), nil
@@ -1093,7 +1093,7 @@ func (f *MemoryFile) runReclaim() {
mappings := f.mappings.Load().([]uintptr)
for i, m := range mappings {
if m != 0 {
- _, _, errno := syscall.Syscall(syscall.SYS_MUNMAP, m, chunkSize, 0)
+ _, _, errno := unix.Syscall(unix.SYS_MUNMAP, m, chunkSize, 0)
if errno != 0 {
log.Warningf("Failed to unmap mapping %#x for MemoryFile chunk %d: %v", m, i, errno)
}
diff --git a/pkg/sentry/pgalloc/pgalloc_unsafe.go b/pkg/sentry/pgalloc/pgalloc_unsafe.go
index a4b5d581c..71f8f66c1 100644
--- a/pkg/sentry/pgalloc/pgalloc_unsafe.go
+++ b/pkg/sentry/pgalloc/pgalloc_unsafe.go
@@ -16,8 +16,9 @@ package pgalloc
import (
"reflect"
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
func unsafeSlice(addr uintptr, length int) (slice []byte) {
@@ -29,8 +30,8 @@ func unsafeSlice(addr uintptr, length int) (slice []byte) {
}
func mincore(s []byte, buf []byte) error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_MINCORE,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_MINCORE,
uintptr(unsafe.Pointer(&s[0])),
uintptr(len(s)),
uintptr(unsafe.Pointer(&buf[0]))); errno != 0 {
diff --git a/pkg/sentry/pgalloc/save_restore.go b/pkg/sentry/pgalloc/save_restore.go
index 78317fa35..e05c8d074 100644
--- a/pkg/sentry/pgalloc/save_restore.go
+++ b/pkg/sentry/pgalloc/save_restore.go
@@ -21,8 +21,8 @@ import (
"io"
"runtime"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/sentry/usage"
"gvisor.dev/gvisor/pkg/state"
@@ -66,7 +66,7 @@ func (f *MemoryFile) SaveTo(ctx context.Context, w wire.Writer) error {
// associated backing store. This is equivalent to punching a hole
// in the corresponding byte range of the backing store (see
// fallocate(2))." - madvise(2)
- if err := syscall.Madvise(pg, syscall.MADV_REMOVE); err != nil {
+ if err := unix.Madvise(pg, unix.MADV_REMOVE); err != nil {
// This doesn't impact the correctness of saved memory, it
// just means that we're incrementally more likely to OOM.
// Complain, but don't abort saving.
diff --git a/pkg/sentry/platform/kvm/bluepill.go b/pkg/sentry/platform/kvm/bluepill.go
index 2c970162e..fd1131638 100644
--- a/pkg/sentry/platform/kvm/bluepill.go
+++ b/pkg/sentry/platform/kvm/bluepill.go
@@ -17,8 +17,8 @@ package kvm
import (
"fmt"
"reflect"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/safecopy"
"gvisor.dev/gvisor/pkg/sentry/arch"
@@ -41,7 +41,7 @@ var (
//
// We use SIGCHLD because it is not masked by the runtime, and
// it will be ignored properly by other parts of the kernel.
- bounceSignal = syscall.SIGCHLD
+ bounceSignal = unix.SIGCHLD
// bounceSignalMask has only bounceSignal set.
bounceSignalMask = uint64(1 << (uint64(bounceSignal) - 1))
@@ -62,7 +62,7 @@ var (
//
//go:nosplit
func redpill() {
- syscall.RawSyscall(^uintptr(0), 0, 0, 0)
+ unix.RawSyscall(^uintptr(0), 0, 0, 0)
}
// dieHandler is called by dieTrampoline.
diff --git a/pkg/sentry/platform/kvm/bluepill_amd64.go b/pkg/sentry/platform/kvm/bluepill_amd64.go
index 83a4766fb..f4b9a5321 100644
--- a/pkg/sentry/platform/kvm/bluepill_amd64.go
+++ b/pkg/sentry/platform/kvm/bluepill_amd64.go
@@ -17,15 +17,14 @@
package kvm
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/sentry/arch"
)
var (
// The action for bluepillSignal is changed by sigaction().
- bluepillSignal = syscall.SIGSEGV
+ bluepillSignal = unix.SIGSEGV
)
// bluepillArchEnter is called during bluepillEnter.
diff --git a/pkg/sentry/platform/kvm/bluepill_amd64_unsafe.go b/pkg/sentry/platform/kvm/bluepill_amd64_unsafe.go
index 0063e947b..198bafdea 100644
--- a/pkg/sentry/platform/kvm/bluepill_amd64_unsafe.go
+++ b/pkg/sentry/platform/kvm/bluepill_amd64_unsafe.go
@@ -17,9 +17,9 @@
package kvm
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/sentry/arch"
)
@@ -68,8 +68,8 @@ func getHypercallID(addr uintptr) int {
func bluepillStopGuest(c *vCPU) {
// Interrupt: we must have requested an interrupt
// window; set the interrupt line.
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_INTERRUPT,
uintptr(unsafe.Pointer(&bounce))); errno != 0 {
@@ -83,8 +83,8 @@ func bluepillStopGuest(c *vCPU) {
//
//go:nosplit
func bluepillSigBus(c *vCPU) {
- if _, _, errno := syscall.RawSyscall( // escapes: no.
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall( // escapes: no.
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_NMI, 0); errno != 0 {
throw("NMI injection failed")
diff --git a/pkg/sentry/platform/kvm/bluepill_arm64.go b/pkg/sentry/platform/kvm/bluepill_arm64.go
index 6846abee9..e26b7da8d 100644
--- a/pkg/sentry/platform/kvm/bluepill_arm64.go
+++ b/pkg/sentry/platform/kvm/bluepill_arm64.go
@@ -17,15 +17,14 @@
package kvm
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/sentry/arch"
)
var (
// The action for bluepillSignal is changed by sigaction().
- bluepillSignal = syscall.SIGILL
+ bluepillSignal = unix.SIGILL
// vcpuSErrBounce is the event of system error for bouncing KVM.
vcpuSErrBounce = kvmVcpuEvents{
diff --git a/pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go b/pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go
index dbbf2a897..07fc4f216 100644
--- a/pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go
+++ b/pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go
@@ -17,9 +17,9 @@
package kvm
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/sentry/arch"
)
@@ -80,8 +80,8 @@ func getHypercallID(addr uintptr) int {
//
//go:nosplit
func bluepillStopGuest(c *vCPU) {
- if _, _, errno := syscall.RawSyscall( // escapes: no.
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall( // escapes: no.
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_VCPU_EVENTS,
uintptr(unsafe.Pointer(&vcpuSErrBounce))); errno != 0 {
@@ -94,12 +94,12 @@ func bluepillStopGuest(c *vCPU) {
//go:nosplit
func bluepillSigBus(c *vCPU) {
// Host must support ARM64_HAS_RAS_EXTN.
- if _, _, errno := syscall.RawSyscall( // escapes: no.
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall( // escapes: no.
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_VCPU_EVENTS,
uintptr(unsafe.Pointer(&vcpuSErrNMI))); errno != 0 {
- if errno == syscall.EINVAL {
+ if errno == unix.EINVAL {
throw("No ARM64_HAS_RAS_EXTN feature in host.")
}
throw("nmi sErr injection failed")
@@ -110,8 +110,8 @@ func bluepillSigBus(c *vCPU) {
//
//go:nosplit
func bluepillExtDabt(c *vCPU) {
- if _, _, errno := syscall.RawSyscall( // escapes: no.
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall( // escapes: no.
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_VCPU_EVENTS,
uintptr(unsafe.Pointer(&vcpuExtDabt))); errno != 0 {
diff --git a/pkg/sentry/platform/kvm/bluepill_fault.go b/pkg/sentry/platform/kvm/bluepill_fault.go
index a182e4f22..37c53fa02 100644
--- a/pkg/sentry/platform/kvm/bluepill_fault.go
+++ b/pkg/sentry/platform/kvm/bluepill_fault.go
@@ -16,8 +16,8 @@ package kvm
import (
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/usermem"
)
@@ -40,7 +40,7 @@ const (
//
//go:nosplit
func yield() {
- syscall.RawSyscall(syscall.SYS_SCHED_YIELD, 0, 0, 0)
+ unix.RawSyscall(unix.SYS_SCHED_YIELD, 0, 0, 0)
}
// calculateBluepillFault calculates the fault address range.
@@ -112,16 +112,16 @@ func handleBluepillFault(m *machine, physical uintptr, phyRegions []physicalRegi
atomic.StoreUint32(&m.nextSlot, slot)
switch errno {
- case syscall.EEXIST:
+ case unix.EEXIST:
// The region already exists. It's possible that we raced with
// another vCPU here. We just revert nextSlot and return true,
// because this must have been satisfied by some other vCPU.
return virtualStart + (physical - physicalStart), true
- case syscall.EINVAL:
+ case unix.EINVAL:
throw("set memory region failed; out of slots")
- case syscall.ENOMEM:
+ case unix.ENOMEM:
throw("set memory region failed: out of memory")
- case syscall.EFAULT:
+ case unix.EFAULT:
throw("set memory region failed: invalid physical range")
default:
throw("set memory region failed: unknown reason")
diff --git a/pkg/sentry/platform/kvm/bluepill_unsafe.go b/pkg/sentry/platform/kvm/bluepill_unsafe.go
index 55da6dd95..6f87236ad 100644
--- a/pkg/sentry/platform/kvm/bluepill_unsafe.go
+++ b/pkg/sentry/platform/kvm/bluepill_unsafe.go
@@ -21,9 +21,9 @@ package kvm
import (
"sync/atomic"
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/sentry/arch"
)
@@ -102,23 +102,23 @@ func bluepillHandler(context unsafe.Pointer) {
}
for {
- _, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(c.fd), _KVM_RUN, 0) // escapes: no.
+ _, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(c.fd), _KVM_RUN, 0) // escapes: no.
switch errno {
case 0: // Expected case.
- case syscall.EINTR:
+ case unix.EINTR:
// First, we process whatever pending signal
// interrupted KVM. Since we're in a signal handler
// currently, all signals are masked and the signal
// must have been delivered directly to this thread.
- timeout := syscall.Timespec{}
- sig, _, errno := syscall.RawSyscall6( // escapes: no.
- syscall.SYS_RT_SIGTIMEDWAIT,
+ timeout := unix.Timespec{}
+ sig, _, errno := unix.RawSyscall6( // escapes: no.
+ unix.SYS_RT_SIGTIMEDWAIT,
uintptr(unsafe.Pointer(&bounceSignalMask)),
0, // siginfo.
uintptr(unsafe.Pointer(&timeout)), // timeout.
8, // sigset size.
0, 0)
- if errno == syscall.EAGAIN {
+ if errno == unix.EAGAIN {
continue
}
if errno != 0 {
@@ -140,7 +140,7 @@ func bluepillHandler(context unsafe.Pointer) {
c.runData.requestInterruptWindow = 1
continue // Rerun vCPU.
}
- case syscall.EFAULT:
+ case unix.EFAULT:
// If a fault is not serviceable due to the host
// backing pages having page permissions, instead of an
// MMIO exit we receive EFAULT from the run ioctl. We
@@ -148,7 +148,7 @@ func bluepillHandler(context unsafe.Pointer) {
// mode and have interrupts disabled.
bluepillSigBus(c)
continue // Rerun vCPU.
- case syscall.ENOSYS:
+ case unix.ENOSYS:
bluepillHandleEnosys(c)
continue
default:
diff --git a/pkg/sentry/platform/kvm/filters_amd64.go b/pkg/sentry/platform/kvm/filters_amd64.go
index d3d216aa5..a78be3403 100644
--- a/pkg/sentry/platform/kvm/filters_amd64.go
+++ b/pkg/sentry/platform/kvm/filters_amd64.go
@@ -15,8 +15,6 @@
package kvm
import (
- "syscall"
-
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
@@ -26,17 +24,17 @@ import (
// SyscallFilters returns syscalls made exclusively by the KVM platform.
func (*KVM) SyscallFilters() seccomp.SyscallRules {
return seccomp.SyscallRules{
- syscall.SYS_ARCH_PRCTL: {},
- syscall.SYS_IOCTL: {},
+ unix.SYS_ARCH_PRCTL: {},
+ unix.SYS_IOCTL: {},
unix.SYS_MEMBARRIER: []seccomp.Rule{
{
seccomp.EqualTo(linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED),
seccomp.EqualTo(0),
},
},
- syscall.SYS_MMAP: {},
- syscall.SYS_RT_SIGSUSPEND: {},
- syscall.SYS_RT_SIGTIMEDWAIT: {},
- 0xffffffffffffffff: {}, // KVM uses syscall -1 to transition to host.
+ unix.SYS_MMAP: {},
+ unix.SYS_RT_SIGSUSPEND: {},
+ unix.SYS_RT_SIGTIMEDWAIT: {},
+ 0xffffffffffffffff: {}, // KVM uses syscall -1 to transition to host.
}
}
diff --git a/pkg/sentry/platform/kvm/filters_arm64.go b/pkg/sentry/platform/kvm/filters_arm64.go
index 21abc2a3d..4e5b91048 100644
--- a/pkg/sentry/platform/kvm/filters_arm64.go
+++ b/pkg/sentry/platform/kvm/filters_arm64.go
@@ -15,8 +15,6 @@
package kvm
import (
- "syscall"
-
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
@@ -26,16 +24,16 @@ import (
// SyscallFilters returns syscalls made exclusively by the KVM platform.
func (*KVM) SyscallFilters() seccomp.SyscallRules {
return seccomp.SyscallRules{
- syscall.SYS_IOCTL: {},
+ unix.SYS_IOCTL: {},
unix.SYS_MEMBARRIER: []seccomp.Rule{
{
seccomp.EqualTo(linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED),
seccomp.EqualTo(0),
},
},
- syscall.SYS_MMAP: {},
- syscall.SYS_RT_SIGSUSPEND: {},
- syscall.SYS_RT_SIGTIMEDWAIT: {},
- 0xffffffffffffffff: {}, // KVM uses syscall -1 to transition to host.
+ unix.SYS_MMAP: {},
+ unix.SYS_RT_SIGSUSPEND: {},
+ unix.SYS_RT_SIGTIMEDWAIT: {},
+ 0xffffffffffffffff: {}, // KVM uses syscall -1 to transition to host.
}
}
diff --git a/pkg/sentry/platform/kvm/kvm.go b/pkg/sentry/platform/kvm/kvm.go
index 7bdf57436..92c05a9ad 100644
--- a/pkg/sentry/platform/kvm/kvm.go
+++ b/pkg/sentry/platform/kvm/kvm.go
@@ -18,8 +18,8 @@ package kvm
import (
"fmt"
"os"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/ring0/pagetables"
"gvisor.dev/gvisor/pkg/sentry/platform"
@@ -77,7 +77,7 @@ var (
// OpenDevice opens the KVM device at /dev/kvm and returns the File.
func OpenDevice() (*os.File, error) {
- f, err := os.OpenFile("/dev/kvm", syscall.O_RDWR, 0)
+ f, err := os.OpenFile("/dev/kvm", unix.O_RDWR, 0)
if err != nil {
return nil, fmt.Errorf("error opening /dev/kvm: %v", err)
}
@@ -99,11 +99,11 @@ func New(deviceFile *os.File) (*KVM, error) {
// Create a new VM fd.
var (
vm uintptr
- errno syscall.Errno
+ errno unix.Errno
)
for {
- vm, _, errno = syscall.Syscall(syscall.SYS_IOCTL, fd, _KVM_CREATE_VM, 0)
- if errno == syscall.EINTR {
+ vm, _, errno = unix.Syscall(unix.SYS_IOCTL, fd, _KVM_CREATE_VM, 0)
+ if errno == unix.EINTR {
continue
}
if errno != 0 {
diff --git a/pkg/sentry/platform/kvm/kvm_amd64_unsafe.go b/pkg/sentry/platform/kvm/kvm_amd64_unsafe.go
index 46c4b9113..0c43d72f4 100644
--- a/pkg/sentry/platform/kvm/kvm_amd64_unsafe.go
+++ b/pkg/sentry/platform/kvm/kvm_amd64_unsafe.go
@@ -18,8 +18,9 @@ package kvm
import (
"fmt"
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
var (
@@ -30,7 +31,7 @@ var (
func updateSystemValues(fd int) error {
// Extract the mmap size.
- sz, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(fd), _KVM_GET_VCPU_MMAP_SIZE, 0)
+ sz, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(fd), _KVM_GET_VCPU_MMAP_SIZE, 0)
if errno != 0 {
return fmt.Errorf("getting VCPU mmap size: %v", errno)
}
@@ -39,19 +40,19 @@ func updateSystemValues(fd int) error {
runDataSize = int(sz)
// Must do the dance to figure out the number of entries.
- _, _, errno = syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ _, _, errno = unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(fd),
_KVM_GET_SUPPORTED_CPUID,
uintptr(unsafe.Pointer(&cpuidSupported)))
- if errno != 0 && errno != syscall.ENOMEM {
+ if errno != 0 && errno != unix.ENOMEM {
// Some other error occurred.
return fmt.Errorf("getting supported CPUID: %v", errno)
}
// The number should now be correct.
- _, _, errno = syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ _, _, errno = unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(fd),
_KVM_GET_SUPPORTED_CPUID,
uintptr(unsafe.Pointer(&cpuidSupported)))
diff --git a/pkg/sentry/platform/kvm/kvm_arm64_unsafe.go b/pkg/sentry/platform/kvm/kvm_arm64_unsafe.go
index 48ccf8474..f07a9f34d 100644
--- a/pkg/sentry/platform/kvm/kvm_arm64_unsafe.go
+++ b/pkg/sentry/platform/kvm/kvm_arm64_unsafe.go
@@ -18,7 +18,8 @@ package kvm
import (
"fmt"
- "syscall"
+
+ "golang.org/x/sys/unix"
)
var (
@@ -28,7 +29,7 @@ var (
func updateSystemValues(fd int) error {
// Extract the mmap size.
- sz, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(fd), _KVM_GET_VCPU_MMAP_SIZE, 0)
+ sz, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(fd), _KVM_GET_VCPU_MMAP_SIZE, 0)
if errno != 0 {
return fmt.Errorf("getting VCPU mmap size: %v", errno)
}
diff --git a/pkg/sentry/platform/kvm/machine.go b/pkg/sentry/platform/kvm/machine.go
index 1ece1b8d8..0e4cf01e1 100644
--- a/pkg/sentry/platform/kvm/machine.go
+++ b/pkg/sentry/platform/kvm/machine.go
@@ -18,8 +18,8 @@ import (
"fmt"
"runtime"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/atomicbitops"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/procid"
@@ -153,7 +153,7 @@ type dieState struct {
func (m *machine) newVCPU() *vCPU {
// Create the vCPU.
id := int(atomic.AddUint32(&m.nextID, 1) - 1)
- fd, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(m.fd), _KVM_CREATE_VCPU, uintptr(id))
+ fd, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(m.fd), _KVM_CREATE_VCPU, uintptr(id))
if errno != 0 {
panic(fmt.Sprintf("error creating new vCPU: %v", errno))
}
@@ -193,7 +193,7 @@ func newMachine(vm int) (*machine, error) {
m.available.L = &m.mu
// Pull the maximum vCPUs.
- maxVCPUs, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(m.fd), _KVM_CHECK_EXTENSION, _KVM_CAP_MAX_VCPUS)
+ maxVCPUs, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(m.fd), _KVM_CHECK_EXTENSION, _KVM_CAP_MAX_VCPUS)
if errno != 0 {
m.maxVCPUs = _KVM_NR_VCPUS
} else {
@@ -205,7 +205,7 @@ func newMachine(vm int) (*machine, error) {
m.kernel.Init(m.maxVCPUs)
// Pull the maximum slots.
- maxSlots, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(m.fd), _KVM_CHECK_EXTENSION, _KVM_CAP_MAX_MEMSLOTS)
+ maxSlots, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(m.fd), _KVM_CHECK_EXTENSION, _KVM_CAP_MAX_MEMSLOTS)
if errno != 0 {
m.maxSlots = _KVM_NR_MEMSLOTS
} else {
@@ -357,13 +357,13 @@ func (m *machine) Destroy() {
panic(fmt.Sprintf("error unmapping rundata: %v", err))
}
}
- if err := syscall.Close(int(c.fd)); err != nil {
+ if err := unix.Close(int(c.fd)); err != nil {
panic(fmt.Sprintf("error closing vCPU fd: %v", err))
}
}
// vCPUs are gone: teardown machine state.
- if err := syscall.Close(m.fd); err != nil {
+ if err := unix.Close(m.fd); err != nil {
panic(fmt.Sprintf("error closing VM fd: %v", err))
}
}
@@ -546,7 +546,7 @@ func (c *vCPU) NotifyInterrupt() {
}
// pid is used below in bounce.
-var pid = syscall.Getpid()
+var pid = unix.Getpid()
// bounce forces a return to the kernel or to host mode.
//
@@ -588,9 +588,9 @@ func (c *vCPU) bounce(forceGuestExit bool) {
// under memory pressure. Since we already
// marked ourselves as a waiter, we need to
// ensure that a signal is actually delivered.
- if err := syscall.Tgkill(pid, int(atomic.LoadUint64(&c.tid)), bounceSignal); err == nil {
+ if err := unix.Tgkill(pid, int(atomic.LoadUint64(&c.tid)), bounceSignal); err == nil {
break
- } else if err.(syscall.Errno) == syscall.EAGAIN {
+ } else if err.(unix.Errno) == unix.EAGAIN {
continue
} else {
// Nothing else should be returned by tgkill.
diff --git a/pkg/sentry/platform/kvm/machine_amd64.go b/pkg/sentry/platform/kvm/machine_amd64.go
index 59c752d73..6e583baa3 100644
--- a/pkg/sentry/platform/kvm/machine_amd64.go
+++ b/pkg/sentry/platform/kvm/machine_amd64.go
@@ -21,8 +21,8 @@ import (
"math/big"
"reflect"
"runtime/debug"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/cpuid"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/ring0/pagetables"
@@ -36,8 +36,8 @@ import (
func (m *machine) initArchState() error {
// Set the legacy TSS address. This address is covered by the reserved
// range (up to 4GB). In fact, this is a main reason it exists.
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(m.fd),
_KVM_SET_TSS_ADDR,
uintptr(reservedMemory-(3*usermem.PageSize))); errno != 0 {
@@ -297,13 +297,13 @@ func (c *vCPU) fault(signal int32, info *arch.SignalInfo) (usermem.AccessType, e
func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo) (usermem.AccessType, error) {
// Check for canonical addresses.
if regs := switchOpts.Registers; !ring0.IsCanonical(regs.Rip) {
- return nonCanonical(regs.Rip, int32(syscall.SIGSEGV), info)
+ return nonCanonical(regs.Rip, int32(unix.SIGSEGV), info)
} else if !ring0.IsCanonical(regs.Rsp) {
- return nonCanonical(regs.Rsp, int32(syscall.SIGBUS), info)
+ return nonCanonical(regs.Rsp, int32(unix.SIGBUS), info)
} else if !ring0.IsCanonical(regs.Fs_base) {
- return nonCanonical(regs.Fs_base, int32(syscall.SIGBUS), info)
+ return nonCanonical(regs.Fs_base, int32(unix.SIGBUS), info)
} else if !ring0.IsCanonical(regs.Gs_base) {
- return nonCanonical(regs.Gs_base, int32(syscall.SIGBUS), info)
+ return nonCanonical(regs.Gs_base, int32(unix.SIGBUS), info)
}
// Assign PCIDs.
@@ -332,11 +332,11 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
return usermem.NoAccess, nil
case ring0.PageFault:
- return c.fault(int32(syscall.SIGSEGV), info)
+ return c.fault(int32(unix.SIGSEGV), info)
case ring0.Debug, ring0.Breakpoint:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGTRAP),
+ Signo: int32(unix.SIGTRAP),
Code: 1, // TRAP_BRKPT (breakpoint).
}
info.SetAddr(switchOpts.Registers.Rip) // Include address.
@@ -348,7 +348,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
ring0.InvalidTSS,
ring0.StackSegmentFault:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGSEGV),
+ Signo: int32(unix.SIGSEGV),
Code: arch.SignalInfoKernel,
}
info.SetAddr(switchOpts.Registers.Rip) // Include address.
@@ -362,7 +362,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
case ring0.InvalidOpcode:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGILL),
+ Signo: int32(unix.SIGILL),
Code: 1, // ILL_ILLOPC (illegal opcode).
}
info.SetAddr(switchOpts.Registers.Rip) // Include address.
@@ -370,7 +370,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
case ring0.DivideByZero:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGFPE),
+ Signo: int32(unix.SIGFPE),
Code: 1, // FPE_INTDIV (divide by zero).
}
info.SetAddr(switchOpts.Registers.Rip) // Include address.
@@ -378,7 +378,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
case ring0.Overflow:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGFPE),
+ Signo: int32(unix.SIGFPE),
Code: 2, // FPE_INTOVF (integer overflow).
}
info.SetAddr(switchOpts.Registers.Rip) // Include address.
@@ -387,7 +387,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
case ring0.X87FloatingPointException,
ring0.SIMDFloatingPointException:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGFPE),
+ Signo: int32(unix.SIGFPE),
Code: 7, // FPE_FLTINV (invalid operation).
}
info.SetAddr(switchOpts.Registers.Rip) // Include address.
@@ -398,7 +398,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
case ring0.AlignmentCheck:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGBUS),
+ Signo: int32(unix.SIGBUS),
Code: 2, // BUS_ADRERR (physical address does not exist).
}
return usermem.NoAccess, platform.ErrContextSignal
@@ -409,7 +409,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
// really not. This could happen, e.g. if some file is
// truncated (and would generate a SIGBUS) and we map it
// directly into the instance.
- return c.fault(int32(syscall.SIGBUS), info)
+ return c.fault(int32(unix.SIGBUS), info)
case ring0.DeviceNotAvailable,
ring0.DoubleFault,
diff --git a/pkg/sentry/platform/kvm/machine_amd64_unsafe.go b/pkg/sentry/platform/kvm/machine_amd64_unsafe.go
index b430f92c6..83bcc7406 100644
--- a/pkg/sentry/platform/kvm/machine_amd64_unsafe.go
+++ b/pkg/sentry/platform/kvm/machine_amd64_unsafe.go
@@ -19,9 +19,9 @@ package kvm
import (
"fmt"
"sync/atomic"
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
@@ -31,15 +31,15 @@ import (
//
//go:nosplit
func (c *vCPU) loadSegments(tid uint64) {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_ARCH_PRCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_ARCH_PRCTL,
linux.ARCH_GET_FS,
uintptr(unsafe.Pointer(&c.CPU.Registers().Fs_base)),
0); errno != 0 {
throw("getting FS segment")
}
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_ARCH_PRCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_ARCH_PRCTL,
linux.ARCH_GET_GS,
uintptr(unsafe.Pointer(&c.CPU.Registers().Gs_base)),
0); errno != 0 {
@@ -50,8 +50,8 @@ func (c *vCPU) loadSegments(tid uint64) {
// setCPUID sets the CPUID to be used by the guest.
func (c *vCPU) setCPUID() error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_CPUID2,
uintptr(unsafe.Pointer(&cpuidSupported))); errno != 0 {
@@ -64,8 +64,8 @@ func (c *vCPU) setCPUID() error {
//
// If mustSucceed is true, then this function panics on error.
func (c *vCPU) getTSCFreq() (uintptr, error) {
- rawFreq, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ rawFreq, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_GET_TSC_KHZ,
0 /* ignored */)
@@ -77,8 +77,8 @@ func (c *vCPU) getTSCFreq() (uintptr, error) {
// setTSCFreq sets the TSC frequency.
func (c *vCPU) setTSCFreq(freq uintptr) error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_TSC_KHZ,
freq /* khz */); errno != 0 {
@@ -95,8 +95,8 @@ func (c *vCPU) setTSC(value uint64) error {
}
registers.entries[0].index = _MSR_IA32_TSC
registers.entries[0].data = value
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_MSRS,
uintptr(unsafe.Pointer(&registers))); errno != 0 {
@@ -108,9 +108,9 @@ func (c *vCPU) setTSC(value uint64) error {
// setUserRegisters sets user registers in the vCPU.
//
//go:nosplit
-func (c *vCPU) setUserRegisters(uregs *userRegs) syscall.Errno {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+func (c *vCPU) setUserRegisters(uregs *userRegs) unix.Errno {
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_REGS,
uintptr(unsafe.Pointer(uregs))); errno != 0 {
@@ -124,9 +124,9 @@ func (c *vCPU) setUserRegisters(uregs *userRegs) syscall.Errno {
// This is safe to call from a nosplit context.
//
//go:nosplit
-func (c *vCPU) getUserRegisters(uregs *userRegs) syscall.Errno {
- if _, _, errno := syscall.RawSyscall( // escapes: no.
- syscall.SYS_IOCTL,
+func (c *vCPU) getUserRegisters(uregs *userRegs) unix.Errno {
+ if _, _, errno := unix.RawSyscall( // escapes: no.
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_GET_REGS,
uintptr(unsafe.Pointer(uregs))); errno != 0 {
@@ -137,8 +137,8 @@ func (c *vCPU) getUserRegisters(uregs *userRegs) syscall.Errno {
// setSystemRegisters sets system registers.
func (c *vCPU) setSystemRegisters(sregs *systemRegs) error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_SREGS,
uintptr(unsafe.Pointer(sregs))); errno != 0 {
@@ -150,9 +150,9 @@ func (c *vCPU) setSystemRegisters(sregs *systemRegs) error {
// getSystemRegisters sets system registers.
//
//go:nosplit
-func (c *vCPU) getSystemRegisters(sregs *systemRegs) syscall.Errno {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+func (c *vCPU) getSystemRegisters(sregs *systemRegs) unix.Errno {
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_GET_SREGS,
uintptr(unsafe.Pointer(sregs))); errno != 0 {
diff --git a/pkg/sentry/platform/kvm/machine_arm64_unsafe.go b/pkg/sentry/platform/kvm/machine_arm64_unsafe.go
index 78cbd9701..059aa43d0 100644
--- a/pkg/sentry/platform/kvm/machine_arm64_unsafe.go
+++ b/pkg/sentry/platform/kvm/machine_arm64_unsafe.go
@@ -20,9 +20,9 @@ import (
"fmt"
"reflect"
"sync/atomic"
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/ring0/pagetables"
"gvisor.dev/gvisor/pkg/sentry/arch"
@@ -39,8 +39,8 @@ var vcpuInit kvmVcpuInit
// initArchState initializes architecture-specific state.
func (m *machine) initArchState() error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(m.fd),
_KVM_ARM_PREFERRED_TARGET,
uintptr(unsafe.Pointer(&vcpuInit))); errno != 0 {
@@ -62,8 +62,8 @@ func (c *vCPU) initArchState() error {
regGet.addr = uint64(reflect.ValueOf(&dataGet).Pointer())
vcpuInit.features[0] |= (1 << _KVM_ARM_VCPU_PSCI_0_2)
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_ARM_VCPU_INIT,
uintptr(unsafe.Pointer(&vcpuInit))); errno != 0 {
@@ -186,8 +186,8 @@ func (c *vCPU) loadSegments(tid uint64) {
}
func (c *vCPU) setOneRegister(reg *kvmOneReg) error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_ONE_REG,
uintptr(unsafe.Pointer(reg))); errno != 0 {
@@ -197,8 +197,8 @@ func (c *vCPU) setOneRegister(reg *kvmOneReg) error {
}
func (c *vCPU) getOneRegister(reg *kvmOneReg) error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_GET_ONE_REG,
uintptr(unsafe.Pointer(reg))); errno != 0 {
@@ -211,9 +211,9 @@ func (c *vCPU) getOneRegister(reg *kvmOneReg) error {
func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo) (usermem.AccessType, error) {
// Check for canonical addresses.
if regs := switchOpts.Registers; !ring0.IsCanonical(regs.Pc) {
- return nonCanonical(regs.Pc, int32(syscall.SIGSEGV), info)
+ return nonCanonical(regs.Pc, int32(unix.SIGSEGV), info)
} else if !ring0.IsCanonical(regs.Sp) {
- return nonCanonical(regs.Sp, int32(syscall.SIGSEGV), info)
+ return nonCanonical(regs.Sp, int32(unix.SIGSEGV), info)
}
// Assign PCIDs.
@@ -247,23 +247,23 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
// Fast path: system call executed.
return usermem.NoAccess, nil
case ring0.PageFault:
- return c.fault(int32(syscall.SIGSEGV), info)
+ return c.fault(int32(unix.SIGSEGV), info)
case ring0.El0ErrNMI:
- return c.fault(int32(syscall.SIGBUS), info)
+ return c.fault(int32(unix.SIGBUS), info)
case ring0.Vector(bounce): // ring0.VirtualizationException.
return usermem.NoAccess, platform.ErrContextInterrupt
case ring0.El0SyncUndef:
- return c.fault(int32(syscall.SIGILL), info)
+ return c.fault(int32(unix.SIGILL), info)
case ring0.El0SyncDbg:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGTRAP),
+ Signo: int32(unix.SIGTRAP),
Code: 1, // TRAP_BRKPT (breakpoint).
}
info.SetAddr(switchOpts.Registers.Pc) // Include address.
return usermem.AccessType{}, platform.ErrContextSignal
case ring0.El0SyncSpPc:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGBUS),
+ Signo: int32(unix.SIGBUS),
Code: 2, // BUS_ADRERR (physical address does not exist).
}
return usermem.NoAccess, platform.ErrContextSignal
diff --git a/pkg/sentry/platform/kvm/machine_unsafe.go b/pkg/sentry/platform/kvm/machine_unsafe.go
index c322551d2..49e1c7136 100644
--- a/pkg/sentry/platform/kvm/machine_unsafe.go
+++ b/pkg/sentry/platform/kvm/machine_unsafe.go
@@ -23,9 +23,9 @@ import (
"fmt"
"math"
"sync/atomic"
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
@@ -41,7 +41,7 @@ func exitsyscall()
// directly (instead of wrapping in an error) to avoid allocations.
//
//go:nosplit
-func (m *machine) setMemoryRegion(slot int, physical, length, virtual uintptr, flags uint32) syscall.Errno {
+func (m *machine) setMemoryRegion(slot int, physical, length, virtual uintptr, flags uint32) unix.Errno {
userRegion := userMemoryRegion{
slot: uint32(slot),
flags: uint32(flags),
@@ -51,8 +51,8 @@ func (m *machine) setMemoryRegion(slot int, physical, length, virtual uintptr, f
}
// Set the region.
- _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(m.fd),
_KVM_SET_USER_MEMORY_REGION,
uintptr(unsafe.Pointer(&userRegion)))
@@ -61,12 +61,12 @@ func (m *machine) setMemoryRegion(slot int, physical, length, virtual uintptr, f
// mapRunData maps the vCPU run data.
func mapRunData(fd int) (*runData, error) {
- r, _, errno := syscall.RawSyscall6(
- syscall.SYS_MMAP,
+ r, _, errno := unix.RawSyscall6(
+ unix.SYS_MMAP,
0,
uintptr(runDataSize),
- syscall.PROT_READ|syscall.PROT_WRITE,
- syscall.MAP_SHARED,
+ unix.PROT_READ|unix.PROT_WRITE,
+ unix.MAP_SHARED,
uintptr(fd),
0)
if errno != 0 {
@@ -77,8 +77,8 @@ func mapRunData(fd int) (*runData, error) {
// unmapRunData unmaps the vCPU run data.
func unmapRunData(r *runData) error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_MUNMAP,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_MUNMAP,
uintptr(unsafe.Pointer(r)),
uintptr(runDataSize),
0); errno != 0 {
@@ -115,8 +115,8 @@ func (a *atomicAddressSpace) get() *addressSpace {
//
//go:nosplit
func (c *vCPU) notify() {
- _, _, errno := syscall.RawSyscall6( // escapes: no.
- syscall.SYS_FUTEX,
+ _, _, errno := unix.RawSyscall6( // escapes: no.
+ unix.SYS_FUTEX,
uintptr(unsafe.Pointer(&c.state)),
linux.FUTEX_WAKE|linux.FUTEX_PRIVATE_FLAG,
math.MaxInt32, // Number of waiters.
@@ -133,13 +133,13 @@ func (c *vCPU) notify() {
//
// This panics on error.
func (c *vCPU) waitUntilNot(state uint32) {
- _, _, errno := syscall.Syscall6(
- syscall.SYS_FUTEX,
+ _, _, errno := unix.Syscall6(
+ unix.SYS_FUTEX,
uintptr(unsafe.Pointer(&c.state)),
linux.FUTEX_WAIT|linux.FUTEX_PRIVATE_FLAG,
uintptr(state),
0, 0, 0)
- if errno != 0 && errno != syscall.EINTR && errno != syscall.EAGAIN {
+ if errno != 0 && errno != unix.EINTR && errno != unix.EAGAIN {
panic("futex wait error")
}
}
@@ -159,8 +159,8 @@ func (c *vCPU) setSignalMask() error {
data.length = 8 // Fixed sigset size.
data.mask1 = ^uint32(bounceSignalMask & 0xffffffff)
data.mask2 = ^uint32(bounceSignalMask >> 32)
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_SIGNAL_MASK,
uintptr(unsafe.Pointer(&data))); errno != 0 {
diff --git a/pkg/sentry/platform/kvm/physical_map.go b/pkg/sentry/platform/kvm/physical_map.go
index 8bdec93ae..7376d8b8d 100644
--- a/pkg/sentry/platform/kvm/physical_map.go
+++ b/pkg/sentry/platform/kvm/physical_map.go
@@ -17,8 +17,8 @@ package kvm
import (
"fmt"
"sort"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/usermem"
@@ -90,12 +90,12 @@ func fillAddressSpace() (excludedRegions []region) {
required := uintptr(requiredAddr)
current := required // Attempted mmap size.
for filled := uintptr(0); filled < required && current > 0; {
- addr, _, errno := syscall.RawSyscall6(
- syscall.SYS_MMAP,
+ addr, _, errno := unix.RawSyscall6(
+ unix.SYS_MMAP,
0, // Suggested address.
current,
- syscall.PROT_NONE,
- syscall.MAP_ANONYMOUS|syscall.MAP_PRIVATE|syscall.MAP_NORESERVE,
+ unix.PROT_NONE,
+ unix.MAP_ANONYMOUS|unix.MAP_PRIVATE|unix.MAP_NORESERVE,
0, 0)
if errno != 0 {
// Attempt half the size; overflow not possible.
diff --git a/pkg/sentry/platform/ptrace/filters.go b/pkg/sentry/platform/ptrace/filters.go
index 20fc62acb..ba4503b0d 100644
--- a/pkg/sentry/platform/ptrace/filters.go
+++ b/pkg/sentry/platform/ptrace/filters.go
@@ -15,16 +15,15 @@
package ptrace
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/seccomp"
)
// SyscallFilters returns syscalls made exclusively by the ptrace platform.
func (*PTrace) SyscallFilters() seccomp.SyscallRules {
return seccomp.SyscallRules{
- syscall.SYS_PTRACE: {},
- syscall.SYS_TGKILL: {},
- syscall.SYS_WAIT4: {},
+ unix.SYS_PTRACE: {},
+ unix.SYS_TGKILL: {},
+ unix.SYS_WAIT4: {},
}
}
diff --git a/pkg/sentry/platform/ptrace/ptrace_arm64_unsafe.go b/pkg/sentry/platform/ptrace/ptrace_arm64_unsafe.go
index 32b8a6be9..4f7fe993a 100644
--- a/pkg/sentry/platform/ptrace/ptrace_arm64_unsafe.go
+++ b/pkg/sentry/platform/ptrace/ptrace_arm64_unsafe.go
@@ -17,21 +17,21 @@
package ptrace
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
// getTLS gets the thread local storage register.
func (t *thread) getTLS(tls *uint64) error {
- iovec := syscall.Iovec{
+ iovec := unix.Iovec{
Base: (*byte)(unsafe.Pointer(tls)),
Len: uint64(unsafe.Sizeof(*tls)),
}
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_GETREGSET,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_GETREGSET,
uintptr(t.tid),
linux.NT_ARM_TLS,
uintptr(unsafe.Pointer(&iovec)),
@@ -44,13 +44,13 @@ func (t *thread) getTLS(tls *uint64) error {
// setTLS sets the thread local storage register.
func (t *thread) setTLS(tls *uint64) error {
- iovec := syscall.Iovec{
+ iovec := unix.Iovec{
Base: (*byte)(unsafe.Pointer(tls)),
Len: uint64(unsafe.Sizeof(*tls)),
}
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_SETREGSET,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_SETREGSET,
uintptr(t.tid),
linux.NT_ARM_TLS,
uintptr(unsafe.Pointer(&iovec)),
diff --git a/pkg/sentry/platform/ptrace/ptrace_unsafe.go b/pkg/sentry/platform/ptrace/ptrace_unsafe.go
index 8b72d24e8..2c21f946e 100644
--- a/pkg/sentry/platform/ptrace/ptrace_unsafe.go
+++ b/pkg/sentry/platform/ptrace/ptrace_unsafe.go
@@ -15,9 +15,9 @@
package ptrace
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/sentry/arch"
"gvisor.dev/gvisor/pkg/usermem"
@@ -25,13 +25,13 @@ import (
// getRegs gets the general purpose register set.
func (t *thread) getRegs(regs *arch.Registers) error {
- iovec := syscall.Iovec{
+ iovec := unix.Iovec{
Base: (*byte)(unsafe.Pointer(regs)),
Len: uint64(unsafe.Sizeof(*regs)),
}
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_GETREGSET,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_GETREGSET,
uintptr(t.tid),
linux.NT_PRSTATUS,
uintptr(unsafe.Pointer(&iovec)),
@@ -44,13 +44,13 @@ func (t *thread) getRegs(regs *arch.Registers) error {
// setRegs sets the general purpose register set.
func (t *thread) setRegs(regs *arch.Registers) error {
- iovec := syscall.Iovec{
+ iovec := unix.Iovec{
Base: (*byte)(unsafe.Pointer(regs)),
Len: uint64(unsafe.Sizeof(*regs)),
}
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_SETREGSET,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_SETREGSET,
uintptr(t.tid),
linux.NT_PRSTATUS,
uintptr(unsafe.Pointer(&iovec)),
@@ -61,15 +61,15 @@ func (t *thread) setRegs(regs *arch.Registers) error {
return nil
}
-// getFPRegs gets the floating-point data via the GETREGSET ptrace syscall.
+// getFPRegs gets the floating-point data via the GETREGSET ptrace unix.
func (t *thread) getFPRegs(fpState *arch.FloatingPointData, fpLen uint64, useXsave bool) error {
- iovec := syscall.Iovec{
+ iovec := unix.Iovec{
Base: (*byte)(fpState),
Len: fpLen,
}
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_GETREGSET,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_GETREGSET,
uintptr(t.tid),
fpRegSet(useXsave),
uintptr(unsafe.Pointer(&iovec)),
@@ -80,15 +80,15 @@ func (t *thread) getFPRegs(fpState *arch.FloatingPointData, fpLen uint64, useXsa
return nil
}
-// setFPRegs sets the floating-point data via the SETREGSET ptrace syscall.
+// setFPRegs sets the floating-point data via the SETREGSET ptrace unix.
func (t *thread) setFPRegs(fpState *arch.FloatingPointData, fpLen uint64, useXsave bool) error {
- iovec := syscall.Iovec{
+ iovec := unix.Iovec{
Base: (*byte)(fpState),
Len: fpLen,
}
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_SETREGSET,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_SETREGSET,
uintptr(t.tid),
fpRegSet(useXsave),
uintptr(unsafe.Pointer(&iovec)),
@@ -101,9 +101,9 @@ func (t *thread) setFPRegs(fpState *arch.FloatingPointData, fpLen uint64, useXsa
// getSignalInfo retrieves information about the signal that caused the stop.
func (t *thread) getSignalInfo(si *arch.SignalInfo) error {
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_GETSIGINFO,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_GETSIGINFO,
uintptr(t.tid),
0,
uintptr(unsafe.Pointer(si)),
@@ -123,18 +123,18 @@ func (t *thread) getSignalInfo(si *arch.SignalInfo) error {
func (t *thread) clone() (*thread, error) {
r, ok := usermem.Addr(stackPointer(&t.initRegs)).RoundUp()
if !ok {
- return nil, syscall.EINVAL
+ return nil, unix.EINVAL
}
rval, err := t.syscallIgnoreInterrupt(
&t.initRegs,
- syscall.SYS_CLONE,
+ unix.SYS_CLONE,
arch.SyscallArgument{Value: uintptr(
- syscall.CLONE_FILES |
- syscall.CLONE_FS |
- syscall.CLONE_SIGHAND |
- syscall.CLONE_THREAD |
- syscall.CLONE_PTRACE |
- syscall.CLONE_VM)},
+ unix.CLONE_FILES |
+ unix.CLONE_FS |
+ unix.CLONE_SIGHAND |
+ unix.CLONE_THREAD |
+ unix.CLONE_PTRACE |
+ unix.CLONE_VM)},
// The stack pointer is just made up, but we have it be
// something sensible so the kernel doesn't think we're
// up to no good. Which we are.
@@ -158,9 +158,9 @@ func (t *thread) clone() (*thread, error) {
// getEventMessage retrieves a message about the ptrace event that just happened.
func (t *thread) getEventMessage() (uintptr, error) {
var msg uintptr
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_GETEVENTMSG,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_GETEVENTMSG,
uintptr(t.tid),
0,
uintptr(unsafe.Pointer(&msg)),
diff --git a/pkg/sentry/platform/ptrace/stub_unsafe.go b/pkg/sentry/platform/ptrace/stub_unsafe.go
index 341dde143..780227248 100644
--- a/pkg/sentry/platform/ptrace/stub_unsafe.go
+++ b/pkg/sentry/platform/ptrace/stub_unsafe.go
@@ -16,9 +16,9 @@ package ptrace
import (
"reflect"
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/safecopy"
"gvisor.dev/gvisor/pkg/usermem"
)
@@ -56,17 +56,17 @@ func stubInit() {
// something that may have been there already. We just walk
// down the address space until we find a place where the stub
// can be placed.
- addr, _, errno := syscall.RawSyscall6(
- syscall.SYS_MMAP,
+ addr, _, errno := unix.RawSyscall6(
+ unix.SYS_MMAP,
stubStart,
mapLen,
- syscall.PROT_WRITE|syscall.PROT_READ,
- syscall.MAP_PRIVATE|syscall.MAP_ANONYMOUS,
+ unix.PROT_WRITE|unix.PROT_READ,
+ unix.MAP_PRIVATE|unix.MAP_ANONYMOUS,
0 /* fd */, 0 /* offset */)
if addr != stubStart || errno != 0 {
if addr != 0 {
// Unmap the region we've mapped accidentally.
- syscall.RawSyscall(syscall.SYS_MUNMAP, addr, mapLen, 0)
+ unix.RawSyscall(unix.SYS_MUNMAP, addr, mapLen, 0)
}
// Attempt to begin at a lower address.
@@ -79,11 +79,11 @@ func stubInit() {
copy(targetSlice, stubSlice)
// Make the stub executable.
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_MPROTECT,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_MPROTECT,
stubStart,
mapLen,
- syscall.PROT_EXEC|syscall.PROT_READ); errno != 0 {
+ unix.PROT_EXEC|unix.PROT_READ); errno != 0 {
panic("mprotect failed: " + errno.Error())
}
diff --git a/pkg/sentry/platform/ptrace/subprocess.go b/pkg/sentry/platform/ptrace/subprocess.go
index 17fb0a0d8..acccbfe2e 100644
--- a/pkg/sentry/platform/ptrace/subprocess.go
+++ b/pkg/sentry/platform/ptrace/subprocess.go
@@ -18,7 +18,6 @@ import (
"fmt"
"os"
"runtime"
- "syscall"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/log"
@@ -35,9 +34,9 @@ import (
//
// These constants are only used in subprocess.go.
const (
- ERESTARTSYS = syscall.Errno(512)
- ERESTARTNOINTR = syscall.Errno(513)
- ERESTARTNOHAND = syscall.Errno(514)
+ ERESTARTSYS = unix.Errno(512)
+ ERESTARTNOINTR = unix.Errno(513)
+ ERESTARTNOHAND = unix.Errno(514)
)
// globalPool exists to solve two distinct problems:
@@ -96,7 +95,7 @@ func (tp *threadPool) lookupOrCreate(currentTID int32, newThread func() *thread)
// threads never exiting.
for origTID, t := range tp.threads {
// Signal zero is an easy existence check.
- if err := syscall.Tgkill(syscall.Getpid(), int(origTID), 0); err != nil {
+ if err := unix.Tgkill(unix.Getpid(), int(origTID), 0); err != nil {
// This thread has been abandoned; reuse it.
delete(tp.threads, origTID)
tp.threads[currentTID] = t
@@ -186,7 +185,7 @@ func newSubprocess(create func() (*thread, error)) (*subprocess, error) {
// (Hopefully nobody tgkilled it with a signal <
// SIGSTOP before the SIGSTOP was delivered, in which
// case that signal would be delivered before SIGSTOP.)
- if sig := t.wait(stopped); sig != syscall.SIGSTOP {
+ if sig := t.wait(stopped); sig != unix.SIGSTOP {
panic(fmt.Sprintf("error waiting for new clone: expected SIGSTOP, got %v", sig))
}
@@ -269,7 +268,7 @@ func (s *subprocess) newThread() *thread {
// attach attaches to the thread.
func (t *thread) attach() {
- if _, _, errno := syscall.RawSyscall6(syscall.SYS_PTRACE, syscall.PTRACE_ATTACH, uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
+ if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_ATTACH, uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
panic(fmt.Sprintf("unable to attach: %v", errno))
}
@@ -277,7 +276,7 @@ func (t *thread) attach() {
// stopped from the SIGSTOP queued by CLONE_PTRACE (see inner loop of
// newSubprocess), so we always expect to see signal-delivery-stop with
// SIGSTOP.
- if sig := t.wait(stopped); sig != syscall.SIGSTOP {
+ if sig := t.wait(stopped); sig != unix.SIGSTOP {
panic(fmt.Sprintf("wait failed: expected SIGSTOP, got %v", sig))
}
@@ -301,7 +300,7 @@ func (t *thread) grabInitRegs() {
//
// Because the SIGSTOP is not suppressed, the thread will enter group-stop.
func (t *thread) detach() {
- if _, _, errno := syscall.RawSyscall6(syscall.SYS_PTRACE, syscall.PTRACE_DETACH, uintptr(t.tid), 0, uintptr(syscall.SIGSTOP), 0, 0); errno != 0 {
+ if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_DETACH, uintptr(t.tid), 0, uintptr(unix.SIGSTOP), 0, 0); errno != 0 {
panic(fmt.Sprintf("can't detach new clone: %v", errno))
}
}
@@ -331,14 +330,14 @@ func (t *thread) dumpAndPanic(message string) {
func (t *thread) unexpectedStubExit() {
msg, err := t.getEventMessage()
- status := syscall.WaitStatus(msg)
- if status.Signaled() && status.Signal() == syscall.SIGKILL {
+ status := unix.WaitStatus(msg)
+ if status.Signaled() && status.Signal() == unix.SIGKILL {
// SIGKILL can be only sent by a user or OOM-killer. In both
// these cases, we don't need to panic. There is no reasons to
// think that something wrong in gVisor.
log.Warningf("The ptrace stub process %v has been killed by SIGKILL.", t.tgid)
pid := os.Getpid()
- syscall.Tgkill(pid, pid, syscall.Signal(syscall.SIGKILL))
+ unix.Tgkill(pid, pid, unix.Signal(unix.SIGKILL))
}
t.dumpAndPanic(fmt.Sprintf("wait failed: the process %d:%d exited: %x (err %v)", t.tgid, t.tid, msg, err))
}
@@ -346,12 +345,12 @@ func (t *thread) unexpectedStubExit() {
// wait waits for a stop event.
//
// Precondition: outcome is a valid waitOutcome.
-func (t *thread) wait(outcome waitOutcome) syscall.Signal {
- var status syscall.WaitStatus
+func (t *thread) wait(outcome waitOutcome) unix.Signal {
+ var status unix.WaitStatus
for {
- r, err := syscall.Wait4(int(t.tid), &status, syscall.WALL|syscall.WUNTRACED, nil)
- if err == syscall.EINTR || err == syscall.EAGAIN {
+ r, err := unix.Wait4(int(t.tid), &status, unix.WALL|unix.WUNTRACED, nil)
+ if err == unix.EINTR || err == unix.EAGAIN {
// Wait was interrupted; wait again.
continue
} else if err != nil {
@@ -369,12 +368,12 @@ func (t *thread) wait(outcome waitOutcome) syscall.Signal {
if stopSig == 0 {
continue // Spurious stop.
}
- if stopSig == syscall.SIGTRAP {
- if status.TrapCause() == syscall.PTRACE_EVENT_EXIT {
+ if stopSig == unix.SIGTRAP {
+ if status.TrapCause() == unix.PTRACE_EVENT_EXIT {
t.unexpectedStubExit()
}
// Re-encode the trap cause the way it's expected.
- return stopSig | syscall.Signal(status.TrapCause()<<8)
+ return stopSig | unix.Signal(status.TrapCause()<<8)
}
// Not a trap signal.
return stopSig
@@ -382,7 +381,7 @@ func (t *thread) wait(outcome waitOutcome) syscall.Signal {
if !status.Exited() && !status.Signaled() {
t.dumpAndPanic(fmt.Sprintf("ptrace status unexpected: got %v, wanted exited", status))
}
- return syscall.Signal(status.ExitStatus())
+ return unix.Signal(status.ExitStatus())
default:
// Should not happen.
t.dumpAndPanic(fmt.Sprintf("unknown outcome: %v", outcome))
@@ -397,7 +396,7 @@ func (t *thread) wait(outcome waitOutcome) syscall.Signal {
// manually created threads.
func (t *thread) destroy() {
t.detach()
- syscall.Tgkill(int(t.tgid), int(t.tid), syscall.Signal(syscall.SIGKILL))
+ unix.Tgkill(int(t.tgid), int(t.tid), unix.Signal(unix.SIGKILL))
t.wait(killed)
}
@@ -407,12 +406,12 @@ func (t *thread) init() {
// set PTRACE_O_EXITKILL to ensure that the unexpected exit of the
// sentry will immediately kill the associated stubs.
const PTRACE_O_EXITKILL = 0x100000
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_SETOPTIONS,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_SETOPTIONS,
uintptr(t.tid),
0,
- syscall.PTRACE_O_TRACESYSGOOD|syscall.PTRACE_O_TRACEEXIT|PTRACE_O_EXITKILL,
+ unix.PTRACE_O_TRACESYSGOOD|unix.PTRACE_O_TRACEEXIT|PTRACE_O_EXITKILL,
0, 0)
if errno != 0 {
panic(fmt.Sprintf("ptrace set options failed: %v", errno))
@@ -434,17 +433,17 @@ func (t *thread) syscall(regs *arch.Registers) (uintptr, error) {
// Execute the syscall instruction. The task has to stop on the
// trap instruction which is right after the syscall
// instruction.
- if _, _, errno := syscall.RawSyscall6(syscall.SYS_PTRACE, syscall.PTRACE_CONT, uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
+ if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_CONT, uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
panic(fmt.Sprintf("ptrace syscall-enter failed: %v", errno))
}
sig := t.wait(stopped)
- if sig == syscall.SIGTRAP {
+ if sig == unix.SIGTRAP {
// Reached syscall-enter-stop.
break
} else {
// Some other signal caused a thread stop; ignore.
- if sig != syscall.SIGSTOP && sig != syscall.SIGCHLD {
+ if sig != unix.SIGSTOP && sig != unix.SIGCHLD {
log.Warningf("The thread %d:%d has been interrupted by %d", t.tgid, t.tid, sig)
}
continue
@@ -483,7 +482,7 @@ func (t *thread) syscallIgnoreInterrupt(
// NotifyInterrupt implements interrupt.Receiver.NotifyInterrupt.
func (t *thread) NotifyInterrupt() {
- syscall.Tgkill(int(t.tgid), int(t.tid), syscall.Signal(platform.SignalInterrupt))
+ unix.Tgkill(int(t.tgid), int(t.tid), unix.Signal(platform.SignalInterrupt))
}
// switchToApp is called from the main SwitchToApp entrypoint.
@@ -532,15 +531,15 @@ func (s *subprocess) switchToApp(c *context, ac arch.Context) bool {
for {
// Start running until the next system call.
if isSingleStepping(regs) {
- if _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
+ if _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
unix.PTRACE_SYSEMU_SINGLESTEP,
uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
panic(fmt.Sprintf("ptrace sysemu failed: %v", errno))
}
} else {
- if _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
+ if _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
unix.PTRACE_SYSEMU,
uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
panic(fmt.Sprintf("ptrace sysemu failed: %v", errno))
@@ -550,7 +549,7 @@ func (s *subprocess) switchToApp(c *context, ac arch.Context) bool {
// Wait for the syscall-enter stop.
sig := t.wait(stopped)
- if sig == syscall.SIGSTOP {
+ if sig == unix.SIGSTOP {
// SIGSTOP was delivered to another thread in the same thread
// group, which initiated another group stop. Just ignore it.
continue
@@ -571,7 +570,7 @@ func (s *subprocess) switchToApp(c *context, ac arch.Context) bool {
}
// Is it a system call?
- if sig == (syscallEvent | syscall.SIGTRAP) {
+ if sig == (syscallEvent | unix.SIGTRAP) {
s.arm64SyscallWorkaround(t, regs)
// Ensure registers are sane.
@@ -619,14 +618,14 @@ func (s *subprocess) syscall(sysno uintptr, args ...arch.SyscallArgument) (uintp
func (s *subprocess) MapFile(addr usermem.Addr, f memmap.File, fr memmap.FileRange, at usermem.AccessType, precommit bool) error {
var flags int
if precommit {
- flags |= syscall.MAP_POPULATE
+ flags |= unix.MAP_POPULATE
}
_, err := s.syscall(
- syscall.SYS_MMAP,
+ unix.SYS_MMAP,
arch.SyscallArgument{Value: uintptr(addr)},
arch.SyscallArgument{Value: uintptr(fr.Length())},
arch.SyscallArgument{Value: uintptr(at.Prot())},
- arch.SyscallArgument{Value: uintptr(flags | syscall.MAP_SHARED | syscall.MAP_FIXED)},
+ arch.SyscallArgument{Value: uintptr(flags | unix.MAP_SHARED | unix.MAP_FIXED)},
arch.SyscallArgument{Value: uintptr(f.FD())},
arch.SyscallArgument{Value: uintptr(fr.Start)})
return err
@@ -653,7 +652,7 @@ func (s *subprocess) Unmap(addr usermem.Addr, length uint64) {
}
s.mu.Unlock()
_, err := s.syscall(
- syscall.SYS_MUNMAP,
+ unix.SYS_MUNMAP,
arch.SyscallArgument{Value: uintptr(addr)},
arch.SyscallArgument{Value: uintptr(length)})
if err != nil {
diff --git a/pkg/sentry/platform/ptrace/subprocess_amd64.go b/pkg/sentry/platform/ptrace/subprocess_amd64.go
index 04815282b..9252c0bd7 100644
--- a/pkg/sentry/platform/ptrace/subprocess_amd64.go
+++ b/pkg/sentry/platform/ptrace/subprocess_amd64.go
@@ -19,7 +19,6 @@ package ptrace
import (
"fmt"
"strings"
- "syscall"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
@@ -96,7 +95,7 @@ func updateSyscallRegs(regs *arch.Registers) {
func syscallReturnValue(regs *arch.Registers) (uintptr, error) {
rval := int64(regs.Rax)
if rval < 0 {
- return 0, syscall.Errno(-rval)
+ return 0, unix.Errno(-rval)
}
return uintptr(rval), nil
}
@@ -179,7 +178,7 @@ func patchSignalInfo(regs *arch.Registers, signalInfo *arch.SignalInfo) {
//
//go:nosplit
func enableCpuidFault() {
- syscall.RawSyscall6(syscall.SYS_ARCH_PRCTL, linux.ARCH_SET_CPUID, 0, 0, 0, 0, 0)
+ unix.RawSyscall6(unix.SYS_ARCH_PRCTL, linux.ARCH_SET_CPUID, 0, 0, 0, 0, 0)
}
// appendArchSeccompRules append architecture specific seccomp rules when creating BPF program.
@@ -189,9 +188,9 @@ func appendArchSeccompRules(rules []seccomp.RuleSet, defaultAction linux.BPFActi
// Rules for trapping vsyscall access.
seccomp.RuleSet{
Rules: seccomp.SyscallRules{
- syscall.SYS_GETTIMEOFDAY: {},
- syscall.SYS_TIME: {},
- unix.SYS_GETCPU: {}, // SYS_GETCPU was not defined in package syscall on amd64.
+ unix.SYS_GETTIMEOFDAY: {},
+ unix.SYS_TIME: {},
+ unix.SYS_GETCPU: {}, // SYS_GETCPU was not defined in package syscall on amd64.
},
Action: linux.SECCOMP_RET_TRAP,
Vsyscall: true,
@@ -200,7 +199,7 @@ func appendArchSeccompRules(rules []seccomp.RuleSet, defaultAction linux.BPFActi
rules = append(rules,
seccomp.RuleSet{
Rules: seccomp.SyscallRules{
- syscall.SYS_ARCH_PRCTL: []seccomp.Rule{
+ unix.SYS_ARCH_PRCTL: []seccomp.Rule{
{seccomp.EqualTo(linux.ARCH_SET_CPUID), seccomp.EqualTo(0)},
},
},
@@ -227,19 +226,19 @@ func probeSeccomp() bool {
// Set registers to the yield system call. This call is not allowed
// by the filters specified in the attachThread function.
- regs := createSyscallRegs(&t.initRegs, syscall.SYS_SCHED_YIELD)
+ regs := createSyscallRegs(&t.initRegs, unix.SYS_SCHED_YIELD)
if err := t.setRegs(&regs); err != nil {
panic(fmt.Sprintf("ptrace set regs failed: %v", err))
}
for {
// Attempt an emulation.
- if _, _, errno := syscall.RawSyscall6(syscall.SYS_PTRACE, unix.PTRACE_SYSEMU, uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
+ if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_SYSEMU, uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
panic(fmt.Sprintf("ptrace syscall-enter failed: %v", errno))
}
sig := t.wait(stopped)
- if sig == (syscallEvent | syscall.SIGTRAP) {
+ if sig == (syscallEvent | unix.SIGTRAP) {
// Did the seccomp errno hook already run? This would
// indicate that seccomp is first in line and we're
// less than 4.8.
diff --git a/pkg/sentry/platform/ptrace/subprocess_arm64.go b/pkg/sentry/platform/ptrace/subprocess_arm64.go
index 416132967..c0cbc0686 100644
--- a/pkg/sentry/platform/ptrace/subprocess_arm64.go
+++ b/pkg/sentry/platform/ptrace/subprocess_arm64.go
@@ -19,7 +19,6 @@ package ptrace
import (
"fmt"
"strings"
- "syscall"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
@@ -99,7 +98,7 @@ func updateSyscallRegs(regs *arch.Registers) {
func syscallReturnValue(regs *arch.Registers) (uintptr, error) {
rval := int64(regs.Regs[0])
if rval < 0 {
- return 0, syscall.Errno(-rval)
+ return 0, unix.Errno(-rval)
}
return uintptr(rval), nil
}
@@ -185,8 +184,8 @@ func (s *subprocess) arm64SyscallWorkaround(t *thread, regs *arch.Registers) {
// signal, resume a stub thread and catch it on a signal handling.
t.NotifyInterrupt()
for {
- if _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
+ if _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
unix.PTRACE_SYSEMU,
uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
panic(fmt.Sprintf("ptrace sysemu failed: %v", errno))
@@ -194,12 +193,12 @@ func (s *subprocess) arm64SyscallWorkaround(t *thread, regs *arch.Registers) {
// Wait for the syscall-enter stop.
sig := t.wait(stopped)
- if sig == syscall.SIGSTOP {
+ if sig == unix.SIGSTOP {
// SIGSTOP was delivered to another thread in the same thread
// group, which initiated another group stop. Just ignore it.
continue
}
- if sig == (syscallEvent | syscall.SIGTRAP) {
+ if sig == (syscallEvent | unix.SIGTRAP) {
t.dumpAndPanic(fmt.Sprintf("unexpected syscall event"))
}
break
diff --git a/pkg/sentry/platform/ptrace/subprocess_linux.go b/pkg/sentry/platform/ptrace/subprocess_linux.go
index 8548853da..4f0260432 100644
--- a/pkg/sentry/platform/ptrace/subprocess_linux.go
+++ b/pkg/sentry/platform/ptrace/subprocess_linux.go
@@ -18,8 +18,8 @@ package ptrace
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/procid"
@@ -27,7 +27,7 @@ import (
"gvisor.dev/gvisor/pkg/sentry/arch"
)
-const syscallEvent syscall.Signal = 0x80
+const syscallEvent unix.Signal = 0x80
// createStub creates a fresh stub processes.
//
@@ -63,7 +63,7 @@ func createStub() (*thread, error) {
//
// In addition, we set the PTRACE_O_TRACEEXIT option to log more
// information about a stub process when it receives a fatal signal.
- return attachedThread(uintptr(syscall.SIGKILL)|syscall.CLONE_FILES, defaultAction)
+ return attachedThread(uintptr(unix.SIGKILL)|unix.CLONE_FILES, defaultAction)
}
// attachedThread returns a new attached thread.
@@ -78,38 +78,38 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro
if defaultAction != linux.SECCOMP_RET_ALLOW {
rules = append(rules, seccomp.RuleSet{
Rules: seccomp.SyscallRules{
- syscall.SYS_CLONE: []seccomp.Rule{
+ unix.SYS_CLONE: []seccomp.Rule{
// Allow creation of new subprocesses (used by the master).
- {seccomp.EqualTo(syscall.CLONE_FILES | syscall.SIGKILL)},
+ {seccomp.EqualTo(unix.CLONE_FILES | unix.SIGKILL)},
// Allow creation of new threads within a single address space (used by addresss spaces).
{seccomp.EqualTo(
- syscall.CLONE_FILES |
- syscall.CLONE_FS |
- syscall.CLONE_SIGHAND |
- syscall.CLONE_THREAD |
- syscall.CLONE_PTRACE |
- syscall.CLONE_VM)},
+ unix.CLONE_FILES |
+ unix.CLONE_FS |
+ unix.CLONE_SIGHAND |
+ unix.CLONE_THREAD |
+ unix.CLONE_PTRACE |
+ unix.CLONE_VM)},
},
// For the initial process creation.
- syscall.SYS_WAIT4: {},
- syscall.SYS_EXIT: {},
+ unix.SYS_WAIT4: {},
+ unix.SYS_EXIT: {},
// For the stub prctl dance (all).
- syscall.SYS_PRCTL: []seccomp.Rule{
- {seccomp.EqualTo(syscall.PR_SET_PDEATHSIG), seccomp.EqualTo(syscall.SIGKILL)},
+ unix.SYS_PRCTL: []seccomp.Rule{
+ {seccomp.EqualTo(unix.PR_SET_PDEATHSIG), seccomp.EqualTo(unix.SIGKILL)},
},
- syscall.SYS_GETPPID: {},
+ unix.SYS_GETPPID: {},
// For the stub to stop itself (all).
- syscall.SYS_GETPID: {},
- syscall.SYS_KILL: []seccomp.Rule{
- {seccomp.MatchAny{}, seccomp.EqualTo(syscall.SIGSTOP)},
+ unix.SYS_GETPID: {},
+ unix.SYS_KILL: []seccomp.Rule{
+ {seccomp.MatchAny{}, seccomp.EqualTo(unix.SIGSTOP)},
},
// Injected to support the address space operations.
- syscall.SYS_MMAP: {},
- syscall.SYS_MUNMAP: {},
+ unix.SYS_MMAP: {},
+ unix.SYS_MUNMAP: {},
},
Action: linux.SECCOMP_RET_ALLOW,
})
@@ -125,17 +125,17 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro
var (
pid uintptr
ppid uintptr
- errno syscall.Errno
+ errno unix.Errno
)
// Remember the current ppid for the pdeathsig race.
- ppid, _, _ = syscall.RawSyscall(syscall.SYS_GETPID, 0, 0, 0)
+ ppid, _, _ = unix.RawSyscall(unix.SYS_GETPID, 0, 0, 0)
// Among other things, beforeFork masks all signals.
beforeFork()
// Do the clone.
- pid, _, errno = syscall.RawSyscall6(syscall.SYS_CLONE, flags, 0, 0, 0, 0, 0)
+ pid, _, errno = unix.RawSyscall6(unix.SYS_CLONE, flags, 0, 0, 0, 0, 0)
if errno != 0 {
afterFork()
return nil, errno
@@ -152,7 +152,7 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro
tid: int32(pid),
cpu: ^uint32(0),
}
- if sig := t.wait(stopped); sig != syscall.SIGSTOP {
+ if sig := t.wait(stopped); sig != unix.SIGSTOP {
return nil, fmt.Errorf("wait failed: expected SIGSTOP, got %v", sig)
}
t.attach()
@@ -165,8 +165,8 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro
// prevents the stub from getting PTY job control signals intended only
// for the sentry process. We must call this before restoring signal
// mask.
- if _, _, errno := syscall.RawSyscall(syscall.SYS_SETSID, 0, 0, 0); errno != 0 {
- syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0)
+ if _, _, errno := unix.RawSyscall(unix.SYS_SETSID, 0, 0, 0); errno != 0 {
+ unix.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0)
}
// afterForkInChild resets all signals to their default dispositions
@@ -176,13 +176,13 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro
// Explicitly unmask all signals to ensure that the tracer can see
// them.
if errno := unmaskAllSignals(); errno != 0 {
- syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0)
+ unix.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0)
}
// Set an aggressive BPF filter for the stub and all it's children. See
// the description of the BPF program built above.
if errno := seccomp.SetFilter(instrs); errno != 0 {
- syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0)
+ unix.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0)
}
// Enable cpuid-faulting.
@@ -218,8 +218,8 @@ func (s *subprocess) createStub() (*thread, error) {
// See above re: SIGKILL.
pid, err := t.syscallIgnoreInterrupt(
&regs,
- syscall.SYS_CLONE,
- arch.SyscallArgument{Value: uintptr(syscall.SIGKILL | syscall.CLONE_FILES)},
+ unix.SYS_CLONE,
+ arch.SyscallArgument{Value: uintptr(unix.SIGKILL | unix.CLONE_FILES)},
arch.SyscallArgument{Value: 0},
arch.SyscallArgument{Value: 0},
arch.SyscallArgument{Value: 0},
@@ -237,10 +237,10 @@ func (s *subprocess) createStub() (*thread, error) {
// If the child actually exited, the attach below will fail.
_, err = t.syscallIgnoreInterrupt(
&t.initRegs,
- syscall.SYS_WAIT4,
+ unix.SYS_WAIT4,
arch.SyscallArgument{Value: uintptr(pid)},
arch.SyscallArgument{Value: 0},
- arch.SyscallArgument{Value: syscall.WALL | syscall.WUNTRACED},
+ arch.SyscallArgument{Value: unix.WALL | unix.WUNTRACED},
arch.SyscallArgument{Value: 0},
arch.SyscallArgument{Value: 0},
arch.SyscallArgument{Value: 0})
diff --git a/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go b/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go
index 533e45497..9c342c59b 100644
--- a/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go
+++ b/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go
@@ -18,17 +18,17 @@
package ptrace
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
// unmaskAllSignals unmasks all signals on the current thread.
//
//go:nosplit
-func unmaskAllSignals() syscall.Errno {
+func unmaskAllSignals() unix.Errno {
var set linux.SignalSet
- _, _, errno := syscall.RawSyscall6(syscall.SYS_RT_SIGPROCMASK, linux.SIG_SETMASK, uintptr(unsafe.Pointer(&set)), 0, linux.SignalSetSize, 0, 0)
+ _, _, errno := unix.RawSyscall6(unix.SYS_RT_SIGPROCMASK, linux.SIG_SETMASK, uintptr(unsafe.Pointer(&set)), 0, linux.SignalSetSize, 0, 0)
return errno
}
diff --git a/pkg/sentry/sighandling/sighandling.go b/pkg/sentry/sighandling/sighandling.go
index 83195d5a1..bdaf8af29 100644
--- a/pkg/sentry/sighandling/sighandling.go
+++ b/pkg/sentry/sighandling/sighandling.go
@@ -19,8 +19,8 @@ import (
"os"
"os/signal"
"reflect"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
@@ -90,7 +90,7 @@ func StartSignalForwarding(handler func(linux.Signal)) func() {
if sig == int(linux.SIGURG) {
continue
}
- signal.Notify(sigchan, syscall.Signal(sig))
+ signal.Notify(sigchan, unix.Signal(sig))
}
// Start up our listener.
go handleSignals(sigchans, handler, stop, done) // S/R-SAFE: synchronized by Kernel.extMu.
diff --git a/pkg/sentry/sighandling/sighandling_unsafe.go b/pkg/sentry/sighandling/sighandling_unsafe.go
index 1ebe22d34..d6a2fbe34 100644
--- a/pkg/sentry/sighandling/sighandling_unsafe.go
+++ b/pkg/sentry/sighandling/sighandling_unsafe.go
@@ -15,9 +15,9 @@
package sighandling
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
@@ -36,11 +36,11 @@ func IgnoreChildStop() error {
var sa sigaction
// Get the existing signal handler information, and set the flag.
- if _, _, e := syscall.RawSyscall6(syscall.SYS_RT_SIGACTION, uintptr(syscall.SIGCHLD), 0, uintptr(unsafe.Pointer(&sa)), linux.SignalSetSize, 0, 0); e != 0 {
+ if _, _, e := unix.RawSyscall6(unix.SYS_RT_SIGACTION, uintptr(unix.SIGCHLD), 0, uintptr(unsafe.Pointer(&sa)), linux.SignalSetSize, 0, 0); e != 0 {
return e
}
sa.flags |= linux.SA_NOCLDSTOP
- if _, _, e := syscall.RawSyscall6(syscall.SYS_RT_SIGACTION, uintptr(syscall.SIGCHLD), uintptr(unsafe.Pointer(&sa)), 0, linux.SignalSetSize, 0, 0); e != 0 {
+ if _, _, e := unix.RawSyscall6(unix.SYS_RT_SIGACTION, uintptr(unix.SIGCHLD), uintptr(unsafe.Pointer(&sa)), 0, linux.SignalSetSize, 0, 0); e != 0 {
return e
}
diff --git a/pkg/sentry/socket/hostinet/socket.go b/pkg/sentry/socket/hostinet/socket.go
index 17f59ba1f..c711d0684 100644
--- a/pkg/sentry/socket/hostinet/socket.go
+++ b/pkg/sentry/socket/hostinet/socket.go
@@ -16,7 +16,6 @@ package hostinet
import (
"fmt"
- "syscall"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
@@ -45,10 +44,10 @@ const (
// sizeofSockaddr is the size in bytes of the largest sockaddr type
// supported by this package.
- sizeofSockaddr = syscall.SizeofSockaddrInet6 // sizeof(sockaddr_in6) > sizeof(sockaddr_in)
+ sizeofSockaddr = unix.SizeofSockaddrInet6 // sizeof(sockaddr_in6) > sizeof(sockaddr_in)
// maxControlLen is the maximum size of a control message buffer used in a
- // recvmsg or sendmsg syscall.
+ // recvmsg or sendmsg unix.
maxControlLen = 1024
)
@@ -107,7 +106,7 @@ func newSocketFile(ctx context.Context, family int, stype linux.SockType, protoc
// Release implements fs.FileOperations.Release.
func (s *socketOpsCommon) Release(context.Context) {
fdnotifier.RemoveFD(int32(s.fd))
- syscall.Close(s.fd)
+ unix.Close(s.fd)
}
// Readiness implements waiter.Waitable.Readiness.
@@ -143,8 +142,8 @@ func (s *socketOperations) Read(ctx context.Context, _ *fs.File, dst usermem.IOS
return 0, nil
}
if dsts.NumBlocks() == 1 {
- // Skip allocating []syscall.Iovec.
- n, err := syscall.Read(s.fd, dsts.Head().ToSlice())
+ // Skip allocating []unix.Iovec.
+ n, err := unix.Read(s.fd, dsts.Head().ToSlice())
if err != nil {
return 0, translateIOSyscallError(err)
}
@@ -166,8 +165,8 @@ func (s *socketOperations) Write(ctx context.Context, _ *fs.File, src usermem.IO
return 0, nil
}
if srcs.NumBlocks() == 1 {
- // Skip allocating []syscall.Iovec.
- n, err := syscall.Write(s.fd, srcs.Head().ToSlice())
+ // Skip allocating []unix.Iovec.
+ n, err := unix.Write(s.fd, srcs.Head().ToSlice())
if err != nil {
return 0, translateIOSyscallError(err)
}
@@ -184,12 +183,12 @@ func (s *socketOpsCommon) Connect(t *kernel.Task, sockaddr []byte, blocking bool
sockaddr = sockaddr[:sizeofSockaddr]
}
- _, _, errno := syscall.Syscall(syscall.SYS_CONNECT, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr)))
+ _, _, errno := unix.Syscall(unix.SYS_CONNECT, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr)))
if errno == 0 {
return nil
}
- if errno != syscall.EINPROGRESS || !blocking {
+ if errno != unix.EINPROGRESS || !blocking {
return syserr.FromError(translateIOSyscallError(errno))
}
@@ -208,12 +207,12 @@ func (s *socketOpsCommon) Connect(t *kernel.Task, sockaddr []byte, blocking bool
return syserr.FromError(err)
}
}
- val, err := syscall.GetsockoptInt(s.fd, syscall.SOL_SOCKET, syscall.SO_ERROR)
+ val, err := unix.GetsockoptInt(s.fd, unix.SOL_SOCKET, unix.SO_ERROR)
if err != nil {
return syserr.FromError(err)
}
if val != 0 {
- return syserr.FromError(syscall.Errno(uintptr(val)))
+ return syserr.FromError(unix.Errno(uintptr(val)))
}
return nil
}
@@ -234,7 +233,7 @@ func (s *socketOpsCommon) Accept(t *kernel.Task, peerRequested bool, flags int,
// Conservatively ignore all flags specified by the application and add
// SOCK_NONBLOCK since socketOpsCommon requires it.
- fd, syscallErr := accept4(s.fd, peerAddrPtr, peerAddrlenPtr, syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC)
+ fd, syscallErr := accept4(s.fd, peerAddrPtr, peerAddrlenPtr, unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC)
if blocking {
var ch chan struct{}
for syscallErr == syserror.ErrWouldBlock {
@@ -248,7 +247,7 @@ func (s *socketOpsCommon) Accept(t *kernel.Task, peerRequested bool, flags int,
s.EventRegister(&e, waiter.EventIn)
defer s.EventUnregister(&e)
}
- fd, syscallErr = accept4(s.fd, peerAddrPtr, peerAddrlenPtr, syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC)
+ fd, syscallErr = accept4(s.fd, peerAddrPtr, peerAddrlenPtr, unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC)
}
}
@@ -264,27 +263,27 @@ func (s *socketOpsCommon) Accept(t *kernel.Task, peerRequested bool, flags int,
kerr error
)
if kernel.VFS2Enabled {
- f, err := newVFS2Socket(t, s.family, s.stype, s.protocol, fd, uint32(flags&syscall.SOCK_NONBLOCK))
+ f, err := newVFS2Socket(t, s.family, s.stype, s.protocol, fd, uint32(flags&unix.SOCK_NONBLOCK))
if err != nil {
- syscall.Close(fd)
+ unix.Close(fd)
return 0, nil, 0, err
}
defer f.DecRef(t)
kfd, kerr = t.NewFDFromVFS2(0, f, kernel.FDFlags{
- CloseOnExec: flags&syscall.SOCK_CLOEXEC != 0,
+ CloseOnExec: flags&unix.SOCK_CLOEXEC != 0,
})
t.Kernel().RecordSocketVFS2(f)
} else {
- f, err := newSocketFile(t, s.family, s.stype, s.protocol, fd, flags&syscall.SOCK_NONBLOCK != 0)
+ f, err := newSocketFile(t, s.family, s.stype, s.protocol, fd, flags&unix.SOCK_NONBLOCK != 0)
if err != nil {
- syscall.Close(fd)
+ unix.Close(fd)
return 0, nil, 0, err
}
defer f.DecRef(t)
kfd, kerr = t.NewFDFrom(0, f, kernel.FDFlags{
- CloseOnExec: flags&syscall.SOCK_CLOEXEC != 0,
+ CloseOnExec: flags&unix.SOCK_CLOEXEC != 0,
})
t.Kernel().RecordSocket(f)
}
@@ -298,7 +297,7 @@ func (s *socketOpsCommon) Bind(t *kernel.Task, sockaddr []byte) *syserr.Error {
sockaddr = sockaddr[:sizeofSockaddr]
}
- _, _, errno := syscall.Syscall(syscall.SYS_BIND, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr)))
+ _, _, errno := unix.Syscall(unix.SYS_BIND, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr)))
if errno != 0 {
return syserr.FromError(errno)
}
@@ -307,14 +306,14 @@ func (s *socketOpsCommon) Bind(t *kernel.Task, sockaddr []byte) *syserr.Error {
// Listen implements socket.Socket.Listen.
func (s *socketOpsCommon) Listen(t *kernel.Task, backlog int) *syserr.Error {
- return syserr.FromError(syscall.Listen(s.fd, backlog))
+ return syserr.FromError(unix.Listen(s.fd, backlog))
}
// Shutdown implements socket.Socket.Shutdown.
func (s *socketOpsCommon) Shutdown(t *kernel.Task, how int) *syserr.Error {
switch how {
- case syscall.SHUT_RD, syscall.SHUT_WR, syscall.SHUT_RDWR:
- return syserr.FromError(syscall.Shutdown(s.fd, how))
+ case unix.SHUT_RD, unix.SHUT_WR, unix.SHUT_RDWR:
+ return syserr.FromError(unix.Shutdown(s.fd, how))
default:
return syserr.ErrInvalidArgument
}
@@ -344,7 +343,7 @@ func (s *socketOpsCommon) GetSockOpt(t *kernel.Task, level int, name int, outPtr
case linux.SO_ERROR, linux.SO_KEEPALIVE, linux.SO_SNDBUF, linux.SO_RCVBUF, linux.SO_REUSEADDR, linux.SO_TIMESTAMP:
optlen = sizeofInt32
case linux.SO_LINGER:
- optlen = syscall.SizeofLinger
+ optlen = unix.SizeofLinger
}
case linux.SOL_TCP:
switch name {
@@ -407,18 +406,18 @@ func (s *socketOpsCommon) SetSockOpt(t *kernel.Task, level int, name int, opt []
}
opt = opt[:optlen]
- _, _, errno := syscall.Syscall6(syscall.SYS_SETSOCKOPT, uintptr(s.fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(len(opt)), 0)
+ _, _, errno := unix.Syscall6(unix.SYS_SETSOCKOPT, uintptr(s.fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(len(opt)), 0)
if errno != 0 {
return syserr.FromError(errno)
}
return nil
}
-func (s *socketOpsCommon) recvMsgFromHost(iovs []syscall.Iovec, flags int, senderRequested bool, controlLen uint64) (uint64, int, []byte, []byte, error) {
+func (s *socketOpsCommon) recvMsgFromHost(iovs []unix.Iovec, flags int, senderRequested bool, controlLen uint64) (uint64, int, []byte, []byte, error) {
// We always do a non-blocking recv*().
- sysflags := flags | syscall.MSG_DONTWAIT
+ sysflags := flags | unix.MSG_DONTWAIT
- msg := syscall.Msghdr{}
+ msg := unix.Msghdr{}
if len(iovs) > 0 {
msg.Iov = &iovs[0]
msg.Iovlen = uint64(len(iovs))
@@ -448,7 +447,7 @@ func (s *socketOpsCommon) recvMsgFromHost(iovs []syscall.Iovec, flags int, sende
// RecvMsg implements socket.Socket.RecvMsg.
func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags int, haveDeadline bool, deadline ktime.Time, senderRequested bool, controlLen uint64) (int, int, linux.SockAddr, uint32, socket.ControlMessages, *syserr.Error) {
// Only allow known and safe flags.
- if flags&^(syscall.MSG_DONTWAIT|syscall.MSG_PEEK|syscall.MSG_TRUNC|syscall.MSG_ERRQUEUE) != 0 {
+ if flags&^(unix.MSG_DONTWAIT|unix.MSG_PEEK|unix.MSG_TRUNC|unix.MSG_ERRQUEUE) != 0 {
return 0, 0, nil, 0, socket.ControlMessages{}, syserr.ErrInvalidArgument
}
@@ -483,7 +482,7 @@ func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags
var ch chan struct{}
n, err := copyToDst()
// recv*(MSG_ERRQUEUE) never blocks, even without MSG_DONTWAIT.
- if flags&(syscall.MSG_DONTWAIT|syscall.MSG_ERRQUEUE) == 0 {
+ if flags&(unix.MSG_DONTWAIT|unix.MSG_ERRQUEUE) == 0 {
for err == syserror.ErrWouldBlock {
// We only expect blocking to come from the actual syscall, in which
// case it can't have returned any data.
@@ -547,7 +546,7 @@ func parseUnixControlMessages(unixControlMessages []unix.SocketControlMessage) s
binary.Unmarshal(unixCmsg.Data[:addr.SizeBytes()], usermem.ByteOrder, &addr)
controlMessages.IP.OriginalDstAddress = &addr
- case syscall.IP_RECVERR:
+ case unix.IP_RECVERR:
var errCmsg linux.SockErrCMsgIPv4
errCmsg.UnmarshalBytes(unixCmsg.Data)
controlMessages.IP.SockErr = &errCmsg
@@ -564,7 +563,7 @@ func parseUnixControlMessages(unixControlMessages []unix.SocketControlMessage) s
binary.Unmarshal(unixCmsg.Data[:addr.SizeBytes()], usermem.ByteOrder, &addr)
controlMessages.IP.OriginalDstAddress = &addr
- case syscall.IPV6_RECVERR:
+ case unix.IPV6_RECVERR:
var errCmsg linux.SockErrCMsgIPv6
errCmsg.UnmarshalBytes(unixCmsg.Data)
controlMessages.IP.SockErr = &errCmsg
@@ -584,7 +583,7 @@ func parseUnixControlMessages(unixControlMessages []unix.SocketControlMessage) s
// SendMsg implements socket.Socket.SendMsg.
func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []byte, flags int, haveDeadline bool, deadline ktime.Time, controlMessages socket.ControlMessages) (int, *syserr.Error) {
// Only allow known and safe flags.
- if flags&^(syscall.MSG_DONTWAIT|syscall.MSG_EOR|syscall.MSG_FASTOPEN|syscall.MSG_MORE|syscall.MSG_NOSIGNAL) != 0 {
+ if flags&^(unix.MSG_DONTWAIT|unix.MSG_EOR|unix.MSG_FASTOPEN|unix.MSG_MORE|unix.MSG_NOSIGNAL) != 0 {
return 0, syserr.ErrInvalidArgument
}
@@ -606,12 +605,12 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b
}
// We always do a non-blocking send*().
- sysflags := flags | syscall.MSG_DONTWAIT
+ sysflags := flags | unix.MSG_DONTWAIT
if srcs.NumBlocks() == 1 && len(controlBuf) == 0 {
- // Skip allocating []syscall.Iovec.
+ // Skip allocating []unix.Iovec.
src := srcs.Head()
- n, _, errno := syscall.Syscall6(syscall.SYS_SENDTO, uintptr(s.fd), src.Addr(), uintptr(src.Len()), uintptr(sysflags), uintptr(firstBytePtr(to)), uintptr(len(to)))
+ n, _, errno := unix.Syscall6(unix.SYS_SENDTO, uintptr(s.fd), src.Addr(), uintptr(src.Len()), uintptr(sysflags), uintptr(firstBytePtr(to)), uintptr(len(to)))
if errno != 0 {
return 0, translateIOSyscallError(errno)
}
@@ -619,7 +618,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b
}
iovs := safemem.IovecsFromBlockSeq(srcs)
- msg := syscall.Msghdr{
+ msg := unix.Msghdr{
Iov: &iovs[0],
Iovlen: uint64(len(iovs)),
}
@@ -636,7 +635,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b
var ch chan struct{}
n, err := src.CopyInTo(t, sendmsgFromBlocks)
- if flags&syscall.MSG_DONTWAIT == 0 {
+ if flags&unix.MSG_DONTWAIT == 0 {
for err == syserror.ErrWouldBlock {
// We only expect blocking to come from the actual syscall, in which
// case it can't have returned any data.
@@ -664,7 +663,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b
}
func translateIOSyscallError(err error) error {
- if err == syscall.EAGAIN || err == syscall.EWOULDBLOCK {
+ if err == unix.EAGAIN || err == unix.EWOULDBLOCK {
return syserror.ErrWouldBlock
}
return err
@@ -673,9 +672,9 @@ func translateIOSyscallError(err error) error {
// State implements socket.Socket.State.
func (s *socketOpsCommon) State() uint32 {
info := linux.TCPInfo{}
- buf, err := getsockopt(s.fd, syscall.SOL_TCP, syscall.TCP_INFO, linux.SizeOfTCPInfo)
+ buf, err := getsockopt(s.fd, unix.SOL_TCP, unix.TCP_INFO, linux.SizeOfTCPInfo)
if err != nil {
- if err != syscall.ENOPROTOOPT {
+ if err != unix.ENOPROTOOPT {
log.Warningf("Failed to get TCP socket info from %+v: %v", s, err)
}
// For non-TCP sockets, silently ignore the failure.
@@ -715,16 +714,16 @@ func (p *socketProvider) Socket(t *kernel.Task, stypeflags linux.SockType, proto
// Only accept TCP and UDP.
stype := stypeflags & linux.SOCK_TYPE_MASK
switch stype {
- case syscall.SOCK_STREAM:
+ case unix.SOCK_STREAM:
switch protocol {
- case 0, syscall.IPPROTO_TCP:
+ case 0, unix.IPPROTO_TCP:
// ok
default:
return nil, nil
}
- case syscall.SOCK_DGRAM:
+ case unix.SOCK_DGRAM:
switch protocol {
- case 0, syscall.IPPROTO_UDP:
+ case 0, unix.IPPROTO_UDP:
// ok
default:
return nil, nil
@@ -736,11 +735,11 @@ func (p *socketProvider) Socket(t *kernel.Task, stypeflags linux.SockType, proto
// Conservatively ignore all flags specified by the application and add
// SOCK_NONBLOCK since socketOperations requires it. Pass a protocol of 0
// to simplify the syscall filters, since 0 and IPPROTO_* are equivalent.
- fd, err := syscall.Socket(p.family, int(stype)|syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC, 0)
+ fd, err := unix.Socket(p.family, int(stype)|unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC, 0)
if err != nil {
return nil, syserr.FromError(err)
}
- return newSocketFile(t, p.family, stype, protocol, fd, stypeflags&syscall.SOCK_NONBLOCK != 0)
+ return newSocketFile(t, p.family, stype, protocol, fd, stypeflags&unix.SOCK_NONBLOCK != 0)
}
// Pair implements socket.Provider.Pair.
@@ -752,7 +751,7 @@ func (p *socketProvider) Pair(t *kernel.Task, stype linux.SockType, protocol int
// LINT.ThenChange(./socket_vfs2.go)
func init() {
- for _, family := range []int{syscall.AF_INET, syscall.AF_INET6} {
+ for _, family := range []int{unix.AF_INET, unix.AF_INET6} {
socket.RegisterProvider(family, &socketProvider{family})
socket.RegisterProviderVFS2(family, &socketProviderVFS2{family})
}
diff --git a/pkg/sentry/socket/hostinet/socket_unsafe.go b/pkg/sentry/socket/hostinet/socket_unsafe.go
index 3f420c2ec..2890e640d 100644
--- a/pkg/sentry/socket/hostinet/socket_unsafe.go
+++ b/pkg/sentry/socket/hostinet/socket_unsafe.go
@@ -15,9 +15,9 @@
package hostinet
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/arch"
@@ -36,8 +36,8 @@ func firstBytePtr(bs []byte) unsafe.Pointer {
}
// Preconditions: len(dsts) != 0.
-func readv(fd int, dsts []syscall.Iovec) (uint64, error) {
- n, _, errno := syscall.Syscall(syscall.SYS_READV, uintptr(fd), uintptr(unsafe.Pointer(&dsts[0])), uintptr(len(dsts)))
+func readv(fd int, dsts []unix.Iovec) (uint64, error) {
+ n, _, errno := unix.Syscall(unix.SYS_READV, uintptr(fd), uintptr(unsafe.Pointer(&dsts[0])), uintptr(len(dsts)))
if errno != 0 {
return 0, translateIOSyscallError(errno)
}
@@ -45,8 +45,8 @@ func readv(fd int, dsts []syscall.Iovec) (uint64, error) {
}
// Preconditions: len(srcs) != 0.
-func writev(fd int, srcs []syscall.Iovec) (uint64, error) {
- n, _, errno := syscall.Syscall(syscall.SYS_WRITEV, uintptr(fd), uintptr(unsafe.Pointer(&srcs[0])), uintptr(len(srcs)))
+func writev(fd int, srcs []unix.Iovec) (uint64, error) {
+ n, _, errno := unix.Syscall(unix.SYS_WRITEV, uintptr(fd), uintptr(unsafe.Pointer(&srcs[0])), uintptr(len(srcs)))
if errno != 0 {
return 0, translateIOSyscallError(errno)
}
@@ -55,9 +55,9 @@ func writev(fd int, srcs []syscall.Iovec) (uint64, error) {
func ioctl(ctx context.Context, fd int, io usermem.IO, args arch.SyscallArguments) (uintptr, error) {
switch cmd := uintptr(args[1].Int()); cmd {
- case syscall.TIOCINQ, syscall.TIOCOUTQ:
+ case unix.TIOCINQ, unix.TIOCOUTQ:
var val int32
- if _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), cmd, uintptr(unsafe.Pointer(&val))); errno != 0 {
+ if _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), cmd, uintptr(unsafe.Pointer(&val))); errno != 0 {
return 0, translateIOSyscallError(errno)
}
var buf [4]byte
@@ -73,7 +73,7 @@ func ioctl(ctx context.Context, fd int, io usermem.IO, args arch.SyscallArgument
}
func accept4(fd int, addr *byte, addrlen *uint32, flags int) (int, error) {
- afd, _, errno := syscall.Syscall6(syscall.SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(addr)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+ afd, _, errno := unix.Syscall6(unix.SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(addr)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
if errno != 0 {
return 0, translateIOSyscallError(errno)
}
@@ -83,7 +83,7 @@ func accept4(fd int, addr *byte, addrlen *uint32, flags int) (int, error) {
func getsockopt(fd int, level, name int, optlen int) ([]byte, error) {
opt := make([]byte, optlen)
optlen32 := int32(len(opt))
- _, _, errno := syscall.Syscall6(syscall.SYS_GETSOCKOPT, uintptr(fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(unsafe.Pointer(&optlen32)), 0)
+ _, _, errno := unix.Syscall6(unix.SYS_GETSOCKOPT, uintptr(fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(unsafe.Pointer(&optlen32)), 0)
if errno != 0 {
return nil, errno
}
@@ -94,7 +94,7 @@ func getsockopt(fd int, level, name int, optlen int) ([]byte, error) {
func (s *socketOpsCommon) GetSockName(t *kernel.Task) (linux.SockAddr, uint32, *syserr.Error) {
addr := make([]byte, sizeofSockaddr)
addrlen := uint32(len(addr))
- _, _, errno := syscall.Syscall(syscall.SYS_GETSOCKNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen)))
+ _, _, errno := unix.Syscall(unix.SYS_GETSOCKNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen)))
if errno != 0 {
return nil, 0, syserr.FromError(errno)
}
@@ -105,7 +105,7 @@ func (s *socketOpsCommon) GetSockName(t *kernel.Task) (linux.SockAddr, uint32, *
func (s *socketOpsCommon) GetPeerName(t *kernel.Task) (linux.SockAddr, uint32, *syserr.Error) {
addr := make([]byte, sizeofSockaddr)
addrlen := uint32(len(addr))
- _, _, errno := syscall.Syscall(syscall.SYS_GETPEERNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen)))
+ _, _, errno := unix.Syscall(unix.SYS_GETPEERNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen)))
if errno != 0 {
return nil, 0, syserr.FromError(errno)
}
@@ -114,7 +114,7 @@ func (s *socketOpsCommon) GetPeerName(t *kernel.Task) (linux.SockAddr, uint32, *
func recvfrom(fd int, dst []byte, flags int, from *[]byte) (uint64, error) {
fromLen := uint32(len(*from))
- n, _, errno := syscall.Syscall6(syscall.SYS_RECVFROM, uintptr(fd), uintptr(firstBytePtr(dst)), uintptr(len(dst)), uintptr(flags), uintptr(firstBytePtr(*from)), uintptr(unsafe.Pointer(&fromLen)))
+ n, _, errno := unix.Syscall6(unix.SYS_RECVFROM, uintptr(fd), uintptr(firstBytePtr(dst)), uintptr(len(dst)), uintptr(flags), uintptr(firstBytePtr(*from)), uintptr(unsafe.Pointer(&fromLen)))
if errno != 0 {
return 0, translateIOSyscallError(errno)
}
@@ -122,16 +122,16 @@ func recvfrom(fd int, dst []byte, flags int, from *[]byte) (uint64, error) {
return uint64(n), nil
}
-func recvmsg(fd int, msg *syscall.Msghdr, flags int) (uint64, error) {
- n, _, errno := syscall.Syscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+func recvmsg(fd int, msg *unix.Msghdr, flags int) (uint64, error) {
+ n, _, errno := unix.Syscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags))
if errno != 0 {
return 0, translateIOSyscallError(errno)
}
return uint64(n), nil
}
-func sendmsg(fd int, msg *syscall.Msghdr, flags int) (uint64, error) {
- n, _, errno := syscall.Syscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+func sendmsg(fd int, msg *unix.Msghdr, flags int) (uint64, error) {
+ n, _, errno := unix.Syscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags))
if errno != 0 {
return 0, translateIOSyscallError(errno)
}
diff --git a/pkg/sentry/socket/hostinet/socket_vfs2.go b/pkg/sentry/socket/hostinet/socket_vfs2.go
index dc03ccb47..5d55cc64d 100644
--- a/pkg/sentry/socket/hostinet/socket_vfs2.go
+++ b/pkg/sentry/socket/hostinet/socket_vfs2.go
@@ -15,8 +15,7 @@
package hostinet
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -160,16 +159,16 @@ func (p *socketProviderVFS2) Socket(t *kernel.Task, stypeflags linux.SockType, p
// Only accept TCP and UDP.
stype := stypeflags & linux.SOCK_TYPE_MASK
switch stype {
- case syscall.SOCK_STREAM:
+ case unix.SOCK_STREAM:
switch protocol {
- case 0, syscall.IPPROTO_TCP:
+ case 0, unix.IPPROTO_TCP:
// ok
default:
return nil, nil
}
- case syscall.SOCK_DGRAM:
+ case unix.SOCK_DGRAM:
switch protocol {
- case 0, syscall.IPPROTO_UDP:
+ case 0, unix.IPPROTO_UDP:
// ok
default:
return nil, nil
@@ -181,11 +180,11 @@ func (p *socketProviderVFS2) Socket(t *kernel.Task, stypeflags linux.SockType, p
// Conservatively ignore all flags specified by the application and add
// SOCK_NONBLOCK since socketOperations requires it. Pass a protocol of 0
// to simplify the syscall filters, since 0 and IPPROTO_* are equivalent.
- fd, err := syscall.Socket(p.family, int(stype)|syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC, 0)
+ fd, err := unix.Socket(p.family, int(stype)|unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC, 0)
if err != nil {
return nil, syserr.FromError(err)
}
- return newVFS2Socket(t, p.family, stype, protocol, fd, uint32(stypeflags&syscall.SOCK_NONBLOCK))
+ return newVFS2Socket(t, p.family, stype, protocol, fd, uint32(stypeflags&unix.SOCK_NONBLOCK))
}
// Pair implements socket.Provider.Pair.
diff --git a/pkg/sentry/socket/hostinet/stack.go b/pkg/sentry/socket/hostinet/stack.go
index 7e7857ac3..e6323244c 100644
--- a/pkg/sentry/socket/hostinet/stack.go
+++ b/pkg/sentry/socket/hostinet/stack.go
@@ -24,6 +24,7 @@ import (
"strings"
"syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/binary"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/log"
@@ -138,14 +139,14 @@ func (s *Stack) Configure() error {
// netlink messages.
func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.NetlinkMessage, interfaces map[int32]inet.Interface, interfaceAddrs map[int32][]inet.InterfaceAddr) error {
for _, link := range links {
- if link.Header.Type != syscall.RTM_NEWLINK {
+ if link.Header.Type != unix.RTM_NEWLINK {
continue
}
- if len(link.Data) < syscall.SizeofIfInfomsg {
- return fmt.Errorf("RTM_GETLINK returned RTM_NEWLINK message with invalid data length (%d bytes, expected at least %d bytes)", len(link.Data), syscall.SizeofIfInfomsg)
+ if len(link.Data) < unix.SizeofIfInfomsg {
+ return fmt.Errorf("RTM_GETLINK returned RTM_NEWLINK message with invalid data length (%d bytes, expected at least %d bytes)", len(link.Data), unix.SizeofIfInfomsg)
}
- var ifinfo syscall.IfInfomsg
- binary.Unmarshal(link.Data[:syscall.SizeofIfInfomsg], usermem.ByteOrder, &ifinfo)
+ var ifinfo unix.IfInfomsg
+ binary.Unmarshal(link.Data[:unix.SizeofIfInfomsg], usermem.ByteOrder, &ifinfo)
inetIF := inet.Interface{
DeviceType: ifinfo.Type,
Flags: ifinfo.Flags,
@@ -159,9 +160,9 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli
}
for _, attr := range attrs {
switch attr.Attr.Type {
- case syscall.IFLA_ADDRESS:
+ case unix.IFLA_ADDRESS:
inetIF.Addr = attr.Value
- case syscall.IFLA_IFNAME:
+ case unix.IFLA_IFNAME:
inetIF.Name = string(attr.Value[:len(attr.Value)-1])
}
}
@@ -169,14 +170,14 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli
}
for _, addr := range addrs {
- if addr.Header.Type != syscall.RTM_NEWADDR {
+ if addr.Header.Type != unix.RTM_NEWADDR {
continue
}
- if len(addr.Data) < syscall.SizeofIfAddrmsg {
- return fmt.Errorf("RTM_GETADDR returned RTM_NEWADDR message with invalid data length (%d bytes, expected at least %d bytes)", len(addr.Data), syscall.SizeofIfAddrmsg)
+ if len(addr.Data) < unix.SizeofIfAddrmsg {
+ return fmt.Errorf("RTM_GETADDR returned RTM_NEWADDR message with invalid data length (%d bytes, expected at least %d bytes)", len(addr.Data), unix.SizeofIfAddrmsg)
}
- var ifaddr syscall.IfAddrmsg
- binary.Unmarshal(addr.Data[:syscall.SizeofIfAddrmsg], usermem.ByteOrder, &ifaddr)
+ var ifaddr unix.IfAddrmsg
+ binary.Unmarshal(addr.Data[:unix.SizeofIfAddrmsg], usermem.ByteOrder, &ifaddr)
inetAddr := inet.InterfaceAddr{
Family: ifaddr.Family,
PrefixLen: ifaddr.Prefixlen,
@@ -188,7 +189,7 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli
}
for _, attr := range attrs {
switch attr.Attr.Type {
- case syscall.IFA_ADDRESS:
+ case unix.IFA_ADDRESS:
inetAddr.Addr = attr.Value
}
}
@@ -203,12 +204,12 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli
func ExtractHostRoutes(routeMsgs []syscall.NetlinkMessage) ([]inet.Route, error) {
var routes []inet.Route
for _, routeMsg := range routeMsgs {
- if routeMsg.Header.Type != syscall.RTM_NEWROUTE {
+ if routeMsg.Header.Type != unix.RTM_NEWROUTE {
continue
}
- var ifRoute syscall.RtMsg
- binary.Unmarshal(routeMsg.Data[:syscall.SizeofRtMsg], usermem.ByteOrder, &ifRoute)
+ var ifRoute unix.RtMsg
+ binary.Unmarshal(routeMsg.Data[:unix.SizeofRtMsg], usermem.ByteOrder, &ifRoute)
inetRoute := inet.Route{
Family: ifRoute.Family,
DstLen: ifRoute.Dst_len,
@@ -231,13 +232,13 @@ func ExtractHostRoutes(routeMsgs []syscall.NetlinkMessage) ([]inet.Route, error)
for _, attr := range attrs {
switch attr.Attr.Type {
- case syscall.RTA_DST:
+ case unix.RTA_DST:
inetRoute.DstAddr = attr.Value
- case syscall.RTA_SRC:
+ case unix.RTA_SRC:
inetRoute.SrcAddr = attr.Value
- case syscall.RTA_GATEWAY:
+ case unix.RTA_GATEWAY:
inetRoute.GatewayAddr = attr.Value
- case syscall.RTA_OIF:
+ case unix.RTA_OIF:
expected := int(binary.Size(inetRoute.OutputInterface))
if len(attr.Value) != expected {
return nil, fmt.Errorf("RTM_GETROUTE returned RTM_NEWROUTE message with invalid attribute data length (%d bytes, expected %d bytes)", len(attr.Value), expected)
@@ -253,12 +254,12 @@ func ExtractHostRoutes(routeMsgs []syscall.NetlinkMessage) ([]inet.Route, error)
}
func addHostInterfaces(s *Stack) error {
- links, err := doNetlinkRouteRequest(syscall.RTM_GETLINK)
+ links, err := doNetlinkRouteRequest(unix.RTM_GETLINK)
if err != nil {
return fmt.Errorf("RTM_GETLINK failed: %v", err)
}
- addrs, err := doNetlinkRouteRequest(syscall.RTM_GETADDR)
+ addrs, err := doNetlinkRouteRequest(unix.RTM_GETADDR)
if err != nil {
return fmt.Errorf("RTM_GETADDR failed: %v", err)
}
@@ -267,7 +268,7 @@ func addHostInterfaces(s *Stack) error {
}
func addHostRoutes(s *Stack) error {
- routes, err := doNetlinkRouteRequest(syscall.RTM_GETROUTE)
+ routes, err := doNetlinkRouteRequest(unix.RTM_GETROUTE)
if err != nil {
return fmt.Errorf("RTM_GETROUTE failed: %v", err)
}
diff --git a/pkg/sentry/socket/netlink/route/protocol.go b/pkg/sentry/socket/netlink/route/protocol.go
index f4d034c13..5a2255db3 100644
--- a/pkg/sentry/socket/netlink/route/protocol.go
+++ b/pkg/sentry/socket/netlink/route/protocol.go
@@ -17,8 +17,8 @@ package route
import (
"bytes"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/inet"
@@ -436,7 +436,7 @@ func (p *Protocol) newAddr(ctx context.Context, msg *netlink.Message, ms *netlin
Flags: ifa.Flags,
Addr: value,
})
- if err == syscall.EEXIST {
+ if err == unix.EEXIST {
flags := msg.Header().Flags
if flags&linux.NLM_F_EXCL != 0 {
return syserr.ErrExists
diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go
index f77a867f1..f2dc7c90b 100644
--- a/pkg/sentry/socket/netstack/netstack.go
+++ b/pkg/sentry/socket/netstack/netstack.go
@@ -31,7 +31,6 @@ import (
"io/ioutil"
"math"
"reflect"
- "syscall"
"time"
"golang.org/x/sys/unix"
@@ -835,7 +834,7 @@ func getSockOptSocket(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, fam
return &optP, nil
case linux.SO_PEERCRED:
- if family != linux.AF_UNIX || outLen < syscall.SizeofUcred {
+ if family != linux.AF_UNIX || outLen < unix.SizeofUcred {
return nil, syserr.ErrInvalidArgument
}
@@ -3199,15 +3198,15 @@ func nicStateFlagsToLinux(f stack.NICStateFlags) uint32 {
}
func isTCPSocket(skType linux.SockType, skProto int) bool {
- return skType == linux.SOCK_STREAM && (skProto == 0 || skProto == syscall.IPPROTO_TCP)
+ return skType == linux.SOCK_STREAM && (skProto == 0 || skProto == unix.IPPROTO_TCP)
}
func isUDPSocket(skType linux.SockType, skProto int) bool {
- return skType == linux.SOCK_DGRAM && (skProto == 0 || skProto == syscall.IPPROTO_UDP)
+ return skType == linux.SOCK_DGRAM && (skProto == 0 || skProto == unix.IPPROTO_UDP)
}
func isICMPSocket(skType linux.SockType, skProto int) bool {
- return skType == linux.SOCK_DGRAM && (skProto == syscall.IPPROTO_ICMP || skProto == syscall.IPPROTO_ICMPV6)
+ return skType == linux.SOCK_DGRAM && (skProto == unix.IPPROTO_ICMP || skProto == unix.IPPROTO_ICMPV6)
}
// State implements socket.Socket.State. State translates the internal state
diff --git a/pkg/sentry/socket/netstack/provider.go b/pkg/sentry/socket/netstack/provider.go
index 2515dda80..8605ad507 100644
--- a/pkg/sentry/socket/netstack/provider.go
+++ b/pkg/sentry/socket/netstack/provider.go
@@ -15,8 +15,7 @@
package netstack
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -48,18 +47,18 @@ type provider struct {
func getTransportProtocol(ctx context.Context, stype linux.SockType, protocol int) (tcpip.TransportProtocolNumber, bool, *syserr.Error) {
switch stype {
case linux.SOCK_STREAM:
- if protocol != 0 && protocol != syscall.IPPROTO_TCP {
+ if protocol != 0 && protocol != unix.IPPROTO_TCP {
return 0, true, syserr.ErrInvalidArgument
}
return tcp.ProtocolNumber, true, nil
case linux.SOCK_DGRAM:
switch protocol {
- case 0, syscall.IPPROTO_UDP:
+ case 0, unix.IPPROTO_UDP:
return udp.ProtocolNumber, true, nil
- case syscall.IPPROTO_ICMP:
+ case unix.IPPROTO_ICMP:
return header.ICMPv4ProtocolNumber, true, nil
- case syscall.IPPROTO_ICMPV6:
+ case unix.IPPROTO_ICMPV6:
return header.ICMPv6ProtocolNumber, true, nil
}
@@ -71,18 +70,18 @@ func getTransportProtocol(ctx context.Context, stype linux.SockType, protocol in
}
switch protocol {
- case syscall.IPPROTO_ICMP:
+ case unix.IPPROTO_ICMP:
return header.ICMPv4ProtocolNumber, true, nil
- case syscall.IPPROTO_ICMPV6:
+ case unix.IPPROTO_ICMPV6:
return header.ICMPv6ProtocolNumber, true, nil
- case syscall.IPPROTO_UDP:
+ case unix.IPPROTO_UDP:
return header.UDPProtocolNumber, true, nil
- case syscall.IPPROTO_TCP:
+ case unix.IPPROTO_TCP:
return header.TCPProtocolNumber, true, nil
// IPPROTO_RAW signifies that the raw socket isn't assigned to
// a transport protocol. Users will be able to write packets'
// IP headers and won't receive anything.
- case syscall.IPPROTO_RAW:
+ case unix.IPPROTO_RAW:
return tcpip.TransportProtocolNumber(0), false, nil
}
}
diff --git a/pkg/sentry/socket/socket.go b/pkg/sentry/socket/socket.go
index cc535d794..909341dcf 100644
--- a/pkg/sentry/socket/socket.go
+++ b/pkg/sentry/socket/socket.go
@@ -21,8 +21,8 @@ import (
"bytes"
"fmt"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/binary"
"gvisor.dev/gvisor/pkg/context"
@@ -198,42 +198,42 @@ type SocketVFS2 interface {
//
// It is implemented by both Socket and SocketVFS2.
type SocketOps interface {
- // Connect implements the connect(2) linux syscall.
+ // Connect implements the connect(2) linux unix.
Connect(t *kernel.Task, sockaddr []byte, blocking bool) *syserr.Error
- // Accept implements the accept4(2) linux syscall.
+ // Accept implements the accept4(2) linux unix.
// Returns fd, real peer address length and error. Real peer address
// length is only set if len(peer) > 0.
Accept(t *kernel.Task, peerRequested bool, flags int, blocking bool) (int32, linux.SockAddr, uint32, *syserr.Error)
- // Bind implements the bind(2) linux syscall.
+ // Bind implements the bind(2) linux unix.
Bind(t *kernel.Task, sockaddr []byte) *syserr.Error
- // Listen implements the listen(2) linux syscall.
+ // Listen implements the listen(2) linux unix.
Listen(t *kernel.Task, backlog int) *syserr.Error
- // Shutdown implements the shutdown(2) linux syscall.
+ // Shutdown implements the shutdown(2) linux unix.
Shutdown(t *kernel.Task, how int) *syserr.Error
- // GetSockOpt implements the getsockopt(2) linux syscall.
+ // GetSockOpt implements the getsockopt(2) linux unix.
GetSockOpt(t *kernel.Task, level int, name int, outPtr usermem.Addr, outLen int) (marshal.Marshallable, *syserr.Error)
- // SetSockOpt implements the setsockopt(2) linux syscall.
+ // SetSockOpt implements the setsockopt(2) linux unix.
SetSockOpt(t *kernel.Task, level int, name int, opt []byte) *syserr.Error
- // GetSockName implements the getsockname(2) linux syscall.
+ // GetSockName implements the getsockname(2) linux unix.
//
// addrLen is the address length to be returned to the application, not
// necessarily the actual length of the address.
GetSockName(t *kernel.Task) (addr linux.SockAddr, addrLen uint32, err *syserr.Error)
- // GetPeerName implements the getpeername(2) linux syscall.
+ // GetPeerName implements the getpeername(2) linux unix.
//
// addrLen is the address length to be returned to the application, not
// necessarily the actual length of the address.
GetPeerName(t *kernel.Task) (addr linux.SockAddr, addrLen uint32, err *syserr.Error)
- // RecvMsg implements the recvmsg(2) linux syscall.
+ // RecvMsg implements the recvmsg(2) linux unix.
//
// senderAddrLen is the address length to be returned to the application,
// not necessarily the actual length of the address.
@@ -246,7 +246,7 @@ type SocketOps interface {
// If err != nil, the recv was not successful.
RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags int, haveDeadline bool, deadline ktime.Time, senderRequested bool, controlDataLen uint64) (n int, msgFlags int, senderAddr linux.SockAddr, senderAddrLen uint32, controlMessages ControlMessages, err *syserr.Error)
- // SendMsg implements the sendmsg(2) linux syscall. SendMsg does not take
+ // SendMsg implements the sendmsg(2) linux unix. SendMsg does not take
// ownership of the ControlMessage on error.
//
// If n > 0, err will either be nil or an error from t.Block.
@@ -569,21 +569,21 @@ func emitUnimplementedEvent(t *kernel.Task, name int) {
// given family.
func UnmarshalSockAddr(family int, data []byte) linux.SockAddr {
switch family {
- case syscall.AF_INET:
+ case unix.AF_INET:
var addr linux.SockAddrInet
- binary.Unmarshal(data[:syscall.SizeofSockaddrInet4], usermem.ByteOrder, &addr)
+ binary.Unmarshal(data[:unix.SizeofSockaddrInet4], usermem.ByteOrder, &addr)
return &addr
- case syscall.AF_INET6:
+ case unix.AF_INET6:
var addr linux.SockAddrInet6
- binary.Unmarshal(data[:syscall.SizeofSockaddrInet6], usermem.ByteOrder, &addr)
+ binary.Unmarshal(data[:unix.SizeofSockaddrInet6], usermem.ByteOrder, &addr)
return &addr
- case syscall.AF_UNIX:
+ case unix.AF_UNIX:
var addr linux.SockAddrUnix
- binary.Unmarshal(data[:syscall.SizeofSockaddrUnix], usermem.ByteOrder, &addr)
+ binary.Unmarshal(data[:unix.SizeofSockaddrUnix], usermem.ByteOrder, &addr)
return &addr
- case syscall.AF_NETLINK:
+ case unix.AF_NETLINK:
var addr linux.SockAddrNetlink
- binary.Unmarshal(data[:syscall.SizeofSockaddrNetlink], usermem.ByteOrder, &addr)
+ binary.Unmarshal(data[:unix.SizeofSockaddrNetlink], usermem.ByteOrder, &addr)
return &addr
default:
panic(fmt.Sprintf("Unsupported socket family %v", family))
diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go
index 32e5d2304..63165e1d4 100644
--- a/pkg/sentry/socket/unix/unix.go
+++ b/pkg/sentry/socket/unix/unix.go
@@ -19,8 +19,8 @@ package unix
import (
"fmt"
"strings"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fspath"
@@ -600,14 +600,14 @@ func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags
// Calculate the number of FDs for which we have space and if we are
// requesting credentials.
var wantCreds bool
- rightsLen := int(controlDataLen) - syscall.SizeofCmsghdr
+ rightsLen := int(controlDataLen) - unix.SizeofCmsghdr
if s.Passcred() {
// Credentials take priority if they are enabled and there is space.
wantCreds = rightsLen > 0
if !wantCreds {
msgFlags |= linux.MSG_CTRUNC
}
- credLen := syscall.CmsgSpace(syscall.SizeofUcred)
+ credLen := unix.CmsgSpace(unix.SizeofUcred)
rightsLen -= credLen
}
// FDs are 32 bit (4 byte) ints.
diff --git a/pkg/sentry/state/state_unsafe.go b/pkg/sentry/state/state_unsafe.go
index d271c6fc9..a3da028c4 100644
--- a/pkg/sentry/state/state_unsafe.go
+++ b/pkg/sentry/state/state_unsafe.go
@@ -16,17 +16,17 @@ package state
import (
"fmt"
- "syscall"
"time"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
// CPUTime returns the CPU time usage by Sentry and app.
func CPUTime() (time.Duration, error) {
- var ts syscall.Timespec
- _, _, errno := syscall.RawSyscall(syscall.SYS_CLOCK_GETTIME, uintptr(linux.CLOCK_PROCESS_CPUTIME_ID), uintptr(unsafe.Pointer(&ts)), 0)
+ var ts unix.Timespec
+ _, _, errno := unix.RawSyscall(unix.SYS_CLOCK_GETTIME, uintptr(linux.CLOCK_PROCESS_CPUTIME_ID), uintptr(unsafe.Pointer(&ts)), 0)
if errno != 0 {
return 0, fmt.Errorf("failed calling clock_gettime(CLOCK_PROCESS_CPUTIME_ID): errno=%d", errno)
}
diff --git a/pkg/sentry/strace/clone.go b/pkg/sentry/strace/clone.go
index e99158712..ab1060426 100644
--- a/pkg/sentry/strace/clone.go
+++ b/pkg/sentry/strace/clone.go
@@ -15,99 +15,98 @@
package strace
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi"
)
// CloneFlagSet is the set of clone(2) flags.
var CloneFlagSet = abi.FlagSet{
{
- Flag: syscall.CLONE_VM,
+ Flag: unix.CLONE_VM,
Name: "CLONE_VM",
},
{
- Flag: syscall.CLONE_FS,
+ Flag: unix.CLONE_FS,
Name: "CLONE_FS",
},
{
- Flag: syscall.CLONE_FILES,
+ Flag: unix.CLONE_FILES,
Name: "CLONE_FILES",
},
{
- Flag: syscall.CLONE_SIGHAND,
+ Flag: unix.CLONE_SIGHAND,
Name: "CLONE_SIGHAND",
},
{
- Flag: syscall.CLONE_PTRACE,
+ Flag: unix.CLONE_PTRACE,
Name: "CLONE_PTRACE",
},
{
- Flag: syscall.CLONE_VFORK,
+ Flag: unix.CLONE_VFORK,
Name: "CLONE_VFORK",
},
{
- Flag: syscall.CLONE_PARENT,
+ Flag: unix.CLONE_PARENT,
Name: "CLONE_PARENT",
},
{
- Flag: syscall.CLONE_THREAD,
+ Flag: unix.CLONE_THREAD,
Name: "CLONE_THREAD",
},
{
- Flag: syscall.CLONE_NEWNS,
+ Flag: unix.CLONE_NEWNS,
Name: "CLONE_NEWNS",
},
{
- Flag: syscall.CLONE_SYSVSEM,
+ Flag: unix.CLONE_SYSVSEM,
Name: "CLONE_SYSVSEM",
},
{
- Flag: syscall.CLONE_SETTLS,
+ Flag: unix.CLONE_SETTLS,
Name: "CLONE_SETTLS",
},
{
- Flag: syscall.CLONE_PARENT_SETTID,
+ Flag: unix.CLONE_PARENT_SETTID,
Name: "CLONE_PARENT_SETTID",
},
{
- Flag: syscall.CLONE_CHILD_CLEARTID,
+ Flag: unix.CLONE_CHILD_CLEARTID,
Name: "CLONE_CHILD_CLEARTID",
},
{
- Flag: syscall.CLONE_DETACHED,
+ Flag: unix.CLONE_DETACHED,
Name: "CLONE_DETACHED",
},
{
- Flag: syscall.CLONE_UNTRACED,
+ Flag: unix.CLONE_UNTRACED,
Name: "CLONE_UNTRACED",
},
{
- Flag: syscall.CLONE_CHILD_SETTID,
+ Flag: unix.CLONE_CHILD_SETTID,
Name: "CLONE_CHILD_SETTID",
},
{
- Flag: syscall.CLONE_NEWUTS,
+ Flag: unix.CLONE_NEWUTS,
Name: "CLONE_NEWUTS",
},
{
- Flag: syscall.CLONE_NEWIPC,
+ Flag: unix.CLONE_NEWIPC,
Name: "CLONE_NEWIPC",
},
{
- Flag: syscall.CLONE_NEWUSER,
+ Flag: unix.CLONE_NEWUSER,
Name: "CLONE_NEWUSER",
},
{
- Flag: syscall.CLONE_NEWPID,
+ Flag: unix.CLONE_NEWPID,
Name: "CLONE_NEWPID",
},
{
- Flag: syscall.CLONE_NEWNET,
+ Flag: unix.CLONE_NEWNET,
Name: "CLONE_NEWNET",
},
{
- Flag: syscall.CLONE_IO,
+ Flag: unix.CLONE_IO,
Name: "CLONE_IO",
},
}
diff --git a/pkg/sentry/strace/open.go b/pkg/sentry/strace/open.go
index e40bcb53b..5769360da 100644
--- a/pkg/sentry/strace/open.go
+++ b/pkg/sentry/strace/open.go
@@ -15,62 +15,61 @@
package strace
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi"
)
// OpenMode represents the mode to open(2) a file.
var OpenMode = abi.ValueSet{
- syscall.O_RDWR: "O_RDWR",
- syscall.O_WRONLY: "O_WRONLY",
- syscall.O_RDONLY: "O_RDONLY",
+ unix.O_RDWR: "O_RDWR",
+ unix.O_WRONLY: "O_WRONLY",
+ unix.O_RDONLY: "O_RDONLY",
}
// OpenFlagSet is the set of open(2) flags.
var OpenFlagSet = abi.FlagSet{
{
- Flag: syscall.O_APPEND,
+ Flag: unix.O_APPEND,
Name: "O_APPEND",
},
{
- Flag: syscall.O_ASYNC,
+ Flag: unix.O_ASYNC,
Name: "O_ASYNC",
},
{
- Flag: syscall.O_CLOEXEC,
+ Flag: unix.O_CLOEXEC,
Name: "O_CLOEXEC",
},
{
- Flag: syscall.O_CREAT,
+ Flag: unix.O_CREAT,
Name: "O_CREAT",
},
{
- Flag: syscall.O_DIRECT,
+ Flag: unix.O_DIRECT,
Name: "O_DIRECT",
},
{
- Flag: syscall.O_DIRECTORY,
+ Flag: unix.O_DIRECTORY,
Name: "O_DIRECTORY",
},
{
- Flag: syscall.O_EXCL,
+ Flag: unix.O_EXCL,
Name: "O_EXCL",
},
{
- Flag: syscall.O_NOATIME,
+ Flag: unix.O_NOATIME,
Name: "O_NOATIME",
},
{
- Flag: syscall.O_NOCTTY,
+ Flag: unix.O_NOCTTY,
Name: "O_NOCTTY",
},
{
- Flag: syscall.O_NOFOLLOW,
+ Flag: unix.O_NOFOLLOW,
Name: "O_NOFOLLOW",
},
{
- Flag: syscall.O_NONBLOCK,
+ Flag: unix.O_NONBLOCK,
Name: "O_NONBLOCK",
},
{
@@ -78,18 +77,18 @@ var OpenFlagSet = abi.FlagSet{
Name: "O_PATH",
},
{
- Flag: syscall.O_SYNC,
+ Flag: unix.O_SYNC,
Name: "O_SYNC",
},
{
- Flag: syscall.O_TRUNC,
+ Flag: unix.O_TRUNC,
Name: "O_TRUNC",
},
}
func open(val uint64) string {
- s := OpenMode.Parse(val & syscall.O_ACCMODE)
- if flags := OpenFlagSet.Parse(val &^ syscall.O_ACCMODE); flags != "" {
+ s := OpenMode.Parse(val & unix.O_ACCMODE)
+ if flags := OpenFlagSet.Parse(val &^ unix.O_ACCMODE); flags != "" {
s += "|" + flags
}
return s
diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go
index a6253626e..fd9649340 100644
--- a/pkg/sentry/syscalls/linux/sys_file.go
+++ b/pkg/sentry/syscalls/linux/sys_file.go
@@ -15,8 +15,7 @@
package linux
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/marshal/primitive"
@@ -368,7 +367,7 @@ func createAt(t *kernel.Task, dirFD int32, addr usermem.Addr, flags uint, mode l
// Are we able to resolve further?
if remainingTraversals == 0 {
- return syscall.ELOOP
+ return unix.ELOOP
}
// Resolve the symlink to a path via Readlink.
@@ -2217,7 +2216,7 @@ func MemfdCreate(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.S
allowSeals := flags&linux.MFD_ALLOW_SEALING != 0
cloExec := flags&linux.MFD_CLOEXEC != 0
- name, err := t.CopyInString(addr, syscall.PathMax-len(memfdPrefix))
+ name, err := t.CopyInString(addr, unix.PathMax-len(memfdPrefix))
if err != nil {
return 0, nil, err
}
diff --git a/pkg/sentry/syscalls/linux/sys_thread.go b/pkg/sentry/syscalls/linux/sys_thread.go
index 8e7ac0ffe..44738c40c 100644
--- a/pkg/sentry/syscalls/linux/sys_thread.go
+++ b/pkg/sentry/syscalls/linux/sys_thread.go
@@ -16,8 +16,8 @@ package linux
import (
"path"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/marshal/primitive"
"gvisor.dev/gvisor/pkg/sentry/arch"
@@ -417,7 +417,7 @@ func Waitid(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
si.SetUID(int32(wr.UID))
// TODO(b/73541790): convert kernel.ExitStatus to functions and make
// WaitResult.Status a linux.WaitStatus.
- s := syscall.WaitStatus(wr.Status)
+ s := unix.WaitStatus(wr.Status)
switch {
case s.Exited():
si.Code = arch.CLD_EXITED
diff --git a/pkg/sentry/time/sampler_unsafe.go b/pkg/sentry/time/sampler_unsafe.go
index e76180217..2ab57c5f8 100644
--- a/pkg/sentry/time/sampler_unsafe.go
+++ b/pkg/sentry/time/sampler_unsafe.go
@@ -15,8 +15,9 @@
package time
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
// syscallTSCReferenceClocks is the standard referenceClocks, collecting
@@ -32,8 +33,8 @@ func (syscallTSCReferenceClocks) Sample(c ClockID) (sample, error) {
s.before = Rdtsc()
// Don't call clockGettime to avoid a call which may call morestack.
- var ts syscall.Timespec
- _, _, e := syscall.RawSyscall(syscall.SYS_CLOCK_GETTIME, uintptr(c), uintptr(unsafe.Pointer(&ts)), 0)
+ var ts unix.Timespec
+ _, _, e := unix.RawSyscall(unix.SYS_CLOCK_GETTIME, uintptr(c), uintptr(unsafe.Pointer(&ts)), 0)
if e != 0 {
return sample{}, e
}
@@ -46,8 +47,8 @@ func (syscallTSCReferenceClocks) Sample(c ClockID) (sample, error) {
// clockGettime calls SYS_CLOCK_GETTIME, returning time in nanoseconds.
func clockGettime(c ClockID) (ReferenceNS, error) {
- var ts syscall.Timespec
- _, _, e := syscall.RawSyscall(syscall.SYS_CLOCK_GETTIME, uintptr(c), uintptr(unsafe.Pointer(&ts)), 0)
+ var ts unix.Timespec
+ _, _, e := unix.RawSyscall(unix.SYS_CLOCK_GETTIME, uintptr(c), uintptr(unsafe.Pointer(&ts)), 0)
if e != 0 {
return 0, e
}
diff --git a/pkg/sentry/usage/memory.go b/pkg/sentry/usage/memory.go
index 5ed6726ab..581862ee2 100644
--- a/pkg/sentry/usage/memory.go
+++ b/pkg/sentry/usage/memory.go
@@ -18,8 +18,8 @@ import (
"fmt"
"os"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/bits"
"gvisor.dev/gvisor/pkg/memutil"
"gvisor.dev/gvisor/pkg/sync"
@@ -132,7 +132,7 @@ func Init() error {
// always be the case for a newly mapped page from /dev/shm. If we obtain
// the shared memory through some other means in the future, we may have to
// explicitly zero the page.
- mmap, err := syscall.Mmap(int(file.Fd()), 0, int(RTMemoryStatsSize), syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_SHARED)
+ mmap, err := unix.Mmap(int(file.Fd()), 0, int(RTMemoryStatsSize), unix.PROT_READ|unix.PROT_WRITE, unix.MAP_SHARED)
if err != nil {
return fmt.Errorf("error mapping usage file: %v", err)
}