summaryrefslogtreecommitdiffhomepage
path: root/pkg
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2021-03-03 18:43:27 +0000
committergVisor bot <gvisor-bot@google.com>2021-03-03 18:43:27 +0000
commitaae5455fe381c4cbc956f61c971284ee05c52dfc (patch)
tree2b1cb0233968680dcd0374f20ee826cf311bda95 /pkg
parente2599d556573b05eb3714c1e791fa29431dc3d3f (diff)
parenta9441aea2780da8c93da1c73da860219f98438de (diff)
Merge release-20210301.0-5-ga9441aea2 (automated)
Diffstat (limited to 'pkg')
-rw-r--r--pkg/eventchannel/event.go4
-rw-r--r--pkg/fd/fd.go31
-rw-r--r--pkg/fdchannel/fdchannel_unsafe.go40
-rw-r--r--pkg/fdnotifier/fdnotifier.go15
-rw-r--r--pkg/fdnotifier/poll_unsafe.go12
-rw-r--r--pkg/flipcall/flipcall.go5
-rw-r--r--pkg/flipcall/futex_linux.go10
-rw-r--r--pkg/flipcall/packet_window_allocator.go10
-rw-r--r--pkg/flipcall/packet_window_mmap_amd64.go8
-rw-r--r--pkg/flipcall/packet_window_mmap_arm64.go8
-rw-r--r--pkg/iovec/iovec.go15
-rw-r--r--pkg/log/log.go4
-rw-r--r--pkg/memutil/memutil_unsafe.go7
-rw-r--r--pkg/p9/client.go15
-rw-r--r--pkg/p9/client_file.go78
-rw-r--r--pkg/p9/file.go13
-rw-r--r--pkg/p9/handlers.go210
-rw-r--r--pkg/p9/server.go8
-rw-r--r--pkg/p9/transport.go6
-rw-r--r--pkg/p9/transport_flipcall.go4
-rw-r--r--pkg/safecopy/safecopy.go10
-rw-r--r--pkg/safecopy/safecopy_unsafe.go13
-rw-r--r--pkg/safemem/seq_unsafe.go10
-rw-r--r--pkg/seccomp/seccomp_unsafe.go12
-rw-r--r--pkg/sentry/arch/arch_amd64.go10
-rw-r--r--pkg/sentry/arch/arch_arm64.go6
-rw-r--r--pkg/sentry/arch/arch_x86.go20
-rw-r--r--pkg/sentry/arch/signal_amd64.go6
-rw-r--r--pkg/sentry/arch/signal_arm64.go5
-rw-r--r--pkg/sentry/fs/attr.go10
-rw-r--r--pkg/sentry/fs/dirent.go50
-rw-r--r--pkg/sentry/fs/fdpipe/pipe.go14
-rw-r--r--pkg/sentry/fs/fdpipe/pipe_opener.go8
-rw-r--r--pkg/sentry/fs/fsutil/host_file_mapper.go32
-rw-r--r--pkg/sentry/fs/gofer/attr.go5
-rw-r--r--pkg/sentry/fs/gofer/file.go4
-rw-r--r--pkg/sentry/fs/gofer/inode.go12
-rw-r--r--pkg/sentry/fs/gofer/util.go5
-rw-r--r--pkg/sentry/fs/host/control.go9
-rw-r--r--pkg/sentry/fs/host/descriptor.go12
-rw-r--r--pkg/sentry/fs/host/file.go32
-rw-r--r--pkg/sentry/fs/host/inode.go23
-rw-r--r--pkg/sentry/fs/host/inode_state.go6
-rw-r--r--pkg/sentry/fs/host/ioctl_unsafe.go10
-rw-r--r--pkg/sentry/fs/host/socket.go18
-rw-r--r--pkg/sentry/fs/host/socket_iovec.go11
-rw-r--r--pkg/sentry/fs/host/socket_state.go4
-rw-r--r--pkg/sentry/fs/host/socket_unsafe.go17
-rw-r--r--pkg/sentry/fs/host/util.go28
-rw-r--r--pkg/sentry/fs/host/util_amd64_unsafe.go13
-rw-r--r--pkg/sentry/fs/host/util_arm64_unsafe.go13
-rw-r--r--pkg/sentry/fs/host/util_unsafe.go20
-rw-r--r--pkg/sentry/fs/lock/lock.go8
-rw-r--r--pkg/sentry/fs/mounts.go8
-rw-r--r--pkg/sentry/fs/ramfs/dir.go6
-rw-r--r--pkg/sentry/fs/save.go4
-rw-r--r--pkg/sentry/fsimpl/eventfd/eventfd.go22
-rw-r--r--pkg/sentry/fsimpl/fuse/connection_control.go4
-rw-r--r--pkg/sentry/fsimpl/fuse/dev.go7
-rw-r--r--pkg/sentry/fsimpl/fuse/request_response.go4
-rw-r--r--pkg/sentry/fsimpl/gofer/gofer.go18
-rw-r--r--pkg/sentry/fsimpl/gofer/handle.go5
-rw-r--r--pkg/sentry/fsimpl/gofer/socket.go5
-rw-r--r--pkg/sentry/fsimpl/gofer/special_file.go4
-rw-r--r--pkg/sentry/fsimpl/host/control.go7
-rw-r--r--pkg/sentry/fsimpl/host/host.go47
-rw-r--r--pkg/sentry/fsimpl/host/ioctl_unsafe.go10
-rw-r--r--pkg/sentry/fsimpl/host/save_restore.go8
-rw-r--r--pkg/sentry/fsimpl/host/socket.go18
-rw-r--r--pkg/sentry/fsimpl/host/socket_iovec.go11
-rw-r--r--pkg/sentry/fsimpl/host/socket_unsafe.go17
-rw-r--r--pkg/sentry/fsimpl/host/util.go8
-rw-r--r--pkg/sentry/fsimpl/host/util_unsafe.go9
-rw-r--r--pkg/sentry/hostfd/hostfd_unsafe.go17
-rw-r--r--pkg/sentry/hostmm/hostmm.go10
-rw-r--r--pkg/sentry/hostmm/membarrier.go12
-rw-r--r--pkg/sentry/kernel/abstract_socket_namespace.go4
-rw-r--r--pkg/sentry/kernel/epoll/epoll.go16
-rw-r--r--pkg/sentry/kernel/eventfd/eventfd.go22
-rw-r--r--pkg/sentry/kernel/fd_table.go32
-rw-r--r--pkg/sentry/kernel/pipe/pipe.go4
-rw-r--r--pkg/sentry/kernel/pipe/pipe_util.go4
-rw-r--r--pkg/sentry/kernel/seccomp.go5
-rw-r--r--pkg/sentry/kernel/task_syscall.go10
-rw-r--r--pkg/sentry/limits/limits.go7
-rw-r--r--pkg/sentry/pgalloc/pgalloc.go30
-rw-r--r--pkg/sentry/pgalloc/pgalloc_unsafe.go7
-rw-r--r--pkg/sentry/pgalloc/save_restore.go4
-rw-r--r--pkg/sentry/platform/kvm/bluepill.go6
-rw-r--r--pkg/sentry/platform/kvm/bluepill_amd64.go5
-rw-r--r--pkg/sentry/platform/kvm/bluepill_amd64_unsafe.go10
-rw-r--r--pkg/sentry/platform/kvm/bluepill_arm64.go5
-rw-r--r--pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go16
-rw-r--r--pkg/sentry/platform/kvm/bluepill_fault.go12
-rw-r--r--pkg/sentry/platform/kvm/bluepill_unsafe.go18
-rw-r--r--pkg/sentry/platform/kvm/filters_amd64.go14
-rw-r--r--pkg/sentry/platform/kvm/filters_arm64.go12
-rw-r--r--pkg/sentry/platform/kvm/kvm.go10
-rw-r--r--pkg/sentry/platform/kvm/kvm_amd64_unsafe.go15
-rw-r--r--pkg/sentry/platform/kvm/kvm_arm64_unsafe.go5
-rw-r--r--pkg/sentry/platform/kvm/machine.go18
-rw-r--r--pkg/sentry/platform/kvm/machine_amd64.go32
-rw-r--r--pkg/sentry/platform/kvm/machine_amd64_unsafe.go48
-rw-r--r--pkg/sentry/platform/kvm/machine_arm64_unsafe.go32
-rw-r--r--pkg/sentry/platform/kvm/machine_unsafe.go34
-rw-r--r--pkg/sentry/platform/kvm/physical_map.go10
-rw-r--r--pkg/sentry/platform/ptrace/filters.go9
-rw-r--r--pkg/sentry/platform/ptrace/ptrace_arm64_unsafe.go18
-rw-r--r--pkg/sentry/platform/ptrace/ptrace_unsafe.go66
-rw-r--r--pkg/sentry/platform/ptrace/stub_unsafe.go18
-rw-r--r--pkg/sentry/platform/ptrace/subprocess.go77
-rw-r--r--pkg/sentry/platform/ptrace/subprocess_amd64.go19
-rw-r--r--pkg/sentry/platform/ptrace/subprocess_arm64.go11
-rw-r--r--pkg/sentry/platform/ptrace/subprocess_linux.go66
-rw-r--r--pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go6
-rw-r--r--pkg/sentry/sighandling/sighandling.go4
-rw-r--r--pkg/sentry/sighandling/sighandling_unsafe.go6
-rw-r--r--pkg/sentry/socket/hostinet/socket.go97
-rw-r--r--pkg/sentry/socket/hostinet/socket_unsafe.go32
-rw-r--r--pkg/sentry/socket/hostinet/socket_vfs2.go15
-rw-r--r--pkg/sentry/socket/hostinet/stack.go47
-rw-r--r--pkg/sentry/socket/netlink/route/protocol.go4
-rw-r--r--pkg/sentry/socket/netstack/netstack.go9
-rw-r--r--pkg/sentry/socket/netstack/provider.go21
-rw-r--r--pkg/sentry/socket/socket.go40
-rw-r--r--pkg/sentry/socket/unix/unix.go6
-rw-r--r--pkg/sentry/state/state_unsafe.go6
-rw-r--r--pkg/sentry/strace/clone.go47
-rw-r--r--pkg/sentry/strace/open.go39
-rw-r--r--pkg/sentry/syscalls/linux/sys_file.go7
-rw-r--r--pkg/sentry/syscalls/linux/sys_thread.go4
-rw-r--r--pkg/sentry/time/sampler_unsafe.go11
-rw-r--r--pkg/sentry/usage/memory.go4
-rw-r--r--pkg/shim/proc/exec.go3
-rw-r--r--pkg/shim/proc/init.go8
-rw-r--r--pkg/shim/proc/io.go10
-rw-r--r--pkg/shim/runsc/runsc.go6
-rw-r--r--pkg/shim/service.go3
-rw-r--r--pkg/shim/service_linux.go8
-rw-r--r--pkg/syserr/host_linux.go9
-rw-r--r--pkg/syserr/syserr.go262
-rw-r--r--pkg/syserror/syserror.go131
-rw-r--r--pkg/tcpip/link/fdbased/endpoint.go17
-rw-r--r--pkg/tcpip/link/fdbased/mmap.go3
-rw-r--r--pkg/tcpip/link/fdbased/mmap_unsafe.go11
-rw-r--r--pkg/tcpip/link/fdbased/packet_dispatchers.go15
-rw-r--r--pkg/tcpip/link/rawfile/blockingpoll_noyield_unsafe.go7
-rw-r--r--pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go5
-rw-r--r--pkg/tcpip/link/rawfile/errors.go45
-rw-r--r--pkg/tcpip/link/rawfile/rawfile_unsafe.go33
-rw-r--r--pkg/tcpip/link/sharedmem/rx.go46
-rw-r--r--pkg/tcpip/link/sharedmem/sharedmem.go4
-rw-r--r--pkg/tcpip/link/sharedmem/tx.go22
-rw-r--r--pkg/tcpip/link/tun/tun_unsafe.go17
-rw-r--r--pkg/unet/unet.go88
-rw-r--r--pkg/unet/unet_unsafe.go55
-rw-r--r--pkg/usermem/access_type.go12
-rw-r--r--pkg/usermem/usermem_arm64.go7
158 files changed, 1573 insertions, 1610 deletions
diff --git a/pkg/eventchannel/event.go b/pkg/eventchannel/event.go
index 7172ce75d..98dfeb1f5 100644
--- a/pkg/eventchannel/event.go
+++ b/pkg/eventchannel/event.go
@@ -22,8 +22,8 @@ package eventchannel
import (
"encoding/binary"
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"google.golang.org/protobuf/encoding/prototext"
"google.golang.org/protobuf/proto"
pb "gvisor.dev/gvisor/pkg/eventchannel/eventchannel_go_proto"
@@ -155,7 +155,7 @@ func (s *socketEmitter) Emit(msg proto.Message) (bool, error) {
for done := 0; done < len(p); {
n, err := s.socket.Write(p[done:])
if err != nil {
- return (err == syscall.EPIPE), err
+ return (err == unix.EPIPE), err
}
done += n
}
diff --git a/pkg/fd/fd.go b/pkg/fd/fd.go
index cc6b0cdf1..290673a7e 100644
--- a/pkg/fd/fd.go
+++ b/pkg/fd/fd.go
@@ -21,7 +21,8 @@ import (
"os"
"runtime"
"sync/atomic"
- "syscall"
+
+ "golang.org/x/sys/unix"
)
// ReadWriter implements io.ReadWriter, io.ReaderAt, and io.WriterAt for fd. It
@@ -49,7 +50,7 @@ func fixCount(n int, err error) (int, error) {
// Read implements io.Reader.
func (r *ReadWriter) Read(b []byte) (int, error) {
- c, err := fixCount(syscall.Read(r.FD(), b))
+ c, err := fixCount(unix.Read(r.FD(), b))
if c == 0 && len(b) > 0 && err == nil {
return 0, io.EOF
}
@@ -62,7 +63,7 @@ func (r *ReadWriter) Read(b []byte) (int, error) {
func (r *ReadWriter) ReadAt(b []byte, off int64) (c int, err error) {
for len(b) > 0 {
var m int
- m, err = fixCount(syscall.Pread(r.FD(), b, off))
+ m, err = fixCount(unix.Pread(r.FD(), b, off))
if m == 0 && err == nil {
return c, io.EOF
}
@@ -82,21 +83,21 @@ func (r *ReadWriter) Write(b []byte) (int, error) {
var n, remaining int
for remaining = len(b); remaining > 0; {
woff := len(b) - remaining
- n, err = syscall.Write(r.FD(), b[woff:])
+ n, err = unix.Write(r.FD(), b[woff:])
if n > 0 {
- // syscall.Write wrote some bytes. This is the common case.
+ // unix.Write wrote some bytes. This is the common case.
remaining -= n
} else {
if err == nil {
- // syscall.Write did not write anything nor did it return an error.
+ // unix.Write did not write anything nor did it return an error.
//
- // There is no way to guarantee that a subsequent syscall.Write will
+ // There is no way to guarantee that a subsequent unix.Write will
// make forward progress so just panic.
- panic(fmt.Sprintf("syscall.Write returned %d with no error", n))
+ panic(fmt.Sprintf("unix.Write returned %d with no error", n))
}
- if err != syscall.EINTR {
+ if err != unix.EINTR {
// If the write failed for anything other than a signal, bail out.
break
}
@@ -110,7 +111,7 @@ func (r *ReadWriter) Write(b []byte) (int, error) {
func (r *ReadWriter) WriteAt(b []byte, off int64) (c int, err error) {
for len(b) > 0 {
var m int
- m, err = fixCount(syscall.Pwrite(r.FD(), b, off))
+ m, err = fixCount(unix.Pwrite(r.FD(), b, off))
if err != nil {
break
}
@@ -167,7 +168,7 @@ func New(fd int) *FD {
//
// The returned FD is always blocking (Go 1.9+).
func NewFromFile(file *os.File) (*FD, error) {
- fd, err := syscall.Dup(int(file.Fd()))
+ fd, err := unix.Dup(int(file.Fd()))
// Technically, the runtime may call the finalizer on file as soon as
// Fd() returns.
runtime.KeepAlive(file)
@@ -196,7 +197,7 @@ func NewFromFiles(files []*os.File) ([]*FD, error) {
// Open is equivalent to open(2).
func Open(path string, openmode int, perm uint32) (*FD, error) {
- f, err := syscall.Open(path, openmode|syscall.O_LARGEFILE, perm)
+ f, err := unix.Open(path, openmode|unix.O_LARGEFILE, perm)
if err != nil {
return nil, err
}
@@ -205,7 +206,7 @@ func Open(path string, openmode int, perm uint32) (*FD, error) {
// OpenAt is equivalent to openat(2).
func OpenAt(dir *FD, path string, flags int, mode uint32) (*FD, error) {
- f, err := syscall.Openat(dir.FD(), path, flags, mode)
+ f, err := unix.Openat(dir.FD(), path, flags, mode)
if err != nil {
return nil, err
}
@@ -220,7 +221,7 @@ func OpenAt(dir *FD, path string, flags int, mode uint32) (*FD, error) {
// Concurrently calling Close and any other method is undefined.
func (f *FD) Close() error {
runtime.SetFinalizer(f, nil)
- return syscall.Close(int(atomic.SwapInt64(&f.fd, -1)))
+ return unix.Close(int(atomic.SwapInt64(&f.fd, -1)))
}
// Release relinquishes ownership of the contained file descriptor.
@@ -241,7 +242,7 @@ func (f *FD) Release() int {
// This operation is somewhat expensive, so care should be taken to minimize
// its use.
func (f *FD) File() (*os.File, error) {
- fd, err := syscall.Dup(f.FD())
+ fd, err := unix.Dup(f.FD())
if err != nil {
return nil, err
}
diff --git a/pkg/fdchannel/fdchannel_unsafe.go b/pkg/fdchannel/fdchannel_unsafe.go
index 0ebdedf26..1f24a448d 100644
--- a/pkg/fdchannel/fdchannel_unsafe.go
+++ b/pkg/fdchannel/fdchannel_unsafe.go
@@ -20,9 +20,9 @@ package fdchannel
import (
"fmt"
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/gohacks"
)
@@ -33,7 +33,7 @@ const sizeofInt32 = int(unsafe.Sizeof(int32(0)))
// representing connected sockets that may be passed to separate calls to
// NewEndpoint to create connected Endpoints.
func NewConnectedSockets() ([2]int, error) {
- return syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_SEQPACKET|syscall.SOCK_CLOEXEC, 0)
+ return unix.Socketpair(unix.AF_UNIX, unix.SOCK_SEQPACKET|unix.SOCK_CLOEXEC, 0)
}
// Endpoint sends file descriptors to, and receives them from, another
@@ -42,8 +42,8 @@ func NewConnectedSockets() ([2]int, error) {
// Endpoint is not copyable or movable by value.
type Endpoint struct {
sockfd int32
- msghdr syscall.Msghdr
- cmsg *syscall.Cmsghdr // followed by sizeofInt32 bytes of data
+ msghdr unix.Msghdr
+ cmsg *unix.Cmsghdr // followed by sizeofInt32 bytes of data
}
// Init must be called on zero-value Endpoints before first use. sockfd must be
@@ -53,11 +53,11 @@ func (ep *Endpoint) Init(sockfd int) {
// domains) permit zero-length datagrams." - recv(2). Experimentally,
// sendmsg+recvmsg for a zero-length datagram is slightly faster than
// sendmsg+recvmsg for a single byte over a stream socket.
- cmsgSlice := make([]byte, syscall.CmsgSpace(sizeofInt32))
+ cmsgSlice := make([]byte, unix.CmsgSpace(sizeofInt32))
cmsgSliceHdr := (*gohacks.SliceHeader)(unsafe.Pointer(&cmsgSlice))
ep.sockfd = int32(sockfd)
ep.msghdr.Control = (*byte)(cmsgSliceHdr.Data)
- ep.cmsg = (*syscall.Cmsghdr)(cmsgSliceHdr.Data)
+ ep.cmsg = (*unix.Cmsghdr)(cmsgSliceHdr.Data)
// ep.msghdr.Controllen and ep.cmsg.* are mutated by recvmsg(2), so they're
// set before calling sendmsg/recvmsg.
}
@@ -73,7 +73,7 @@ func NewEndpoint(sockfd int) *Endpoint {
// Destroy releases resources owned by ep. No other Endpoint methods may be
// called after Destroy.
func (ep *Endpoint) Destroy() {
- syscall.Close(int(ep.sockfd))
+ unix.Close(int(ep.sockfd))
ep.sockfd = -1
}
@@ -84,19 +84,19 @@ func (ep *Endpoint) Destroy() {
// Shutdown is the only Endpoint method that may be called concurrently with
// other methods.
func (ep *Endpoint) Shutdown() {
- syscall.Shutdown(int(ep.sockfd), syscall.SHUT_RDWR)
+ unix.Shutdown(int(ep.sockfd), unix.SHUT_RDWR)
}
// SendFD sends the open file description represented by the given file
// descriptor to the connected Endpoint.
func (ep *Endpoint) SendFD(fd int) error {
- cmsgLen := syscall.CmsgLen(sizeofInt32)
- ep.cmsg.Level = syscall.SOL_SOCKET
- ep.cmsg.Type = syscall.SCM_RIGHTS
+ cmsgLen := unix.CmsgLen(sizeofInt32)
+ ep.cmsg.Level = unix.SOL_SOCKET
+ ep.cmsg.Type = unix.SCM_RIGHTS
ep.cmsg.SetLen(cmsgLen)
*ep.cmsgData() = int32(fd)
ep.msghdr.SetControllen(cmsgLen)
- _, _, e := syscall.Syscall(syscall.SYS_SENDMSG, uintptr(ep.sockfd), uintptr(unsafe.Pointer(&ep.msghdr)), 0)
+ _, _, e := unix.Syscall(unix.SYS_SENDMSG, uintptr(ep.sockfd), uintptr(unsafe.Pointer(&ep.msghdr)), 0)
if e != 0 {
return e
}
@@ -118,13 +118,13 @@ func (ep *Endpoint) RecvFDNonblock() (int, error) {
}
func (ep *Endpoint) recvFD(nonblock bool) (int, error) {
- cmsgLen := syscall.CmsgLen(sizeofInt32)
+ cmsgLen := unix.CmsgLen(sizeofInt32)
ep.msghdr.SetControllen(cmsgLen)
- var e syscall.Errno
+ var e unix.Errno
if nonblock {
- _, _, e = syscall.RawSyscall(syscall.SYS_RECVMSG, uintptr(ep.sockfd), uintptr(unsafe.Pointer(&ep.msghdr)), syscall.MSG_TRUNC|syscall.MSG_DONTWAIT)
+ _, _, e = unix.RawSyscall(unix.SYS_RECVMSG, uintptr(ep.sockfd), uintptr(unsafe.Pointer(&ep.msghdr)), unix.MSG_TRUNC|unix.MSG_DONTWAIT)
} else {
- _, _, e = syscall.Syscall(syscall.SYS_RECVMSG, uintptr(ep.sockfd), uintptr(unsafe.Pointer(&ep.msghdr)), syscall.MSG_TRUNC)
+ _, _, e = unix.Syscall(unix.SYS_RECVMSG, uintptr(ep.sockfd), uintptr(unsafe.Pointer(&ep.msghdr)), unix.MSG_TRUNC)
}
if e != 0 {
return -1, e
@@ -132,13 +132,13 @@ func (ep *Endpoint) recvFD(nonblock bool) (int, error) {
if int(ep.msghdr.Controllen) != cmsgLen {
return -1, fmt.Errorf("received control message has incorrect length: got %d, wanted %d", ep.msghdr.Controllen, cmsgLen)
}
- if ep.cmsg.Level != syscall.SOL_SOCKET || ep.cmsg.Type != syscall.SCM_RIGHTS {
- return -1, fmt.Errorf("received control message has incorrect (level, type): got (%v, %v), wanted (%v, %v)", ep.cmsg.Level, ep.cmsg.Type, syscall.SOL_SOCKET, syscall.SCM_RIGHTS)
+ if ep.cmsg.Level != unix.SOL_SOCKET || ep.cmsg.Type != unix.SCM_RIGHTS {
+ return -1, fmt.Errorf("received control message has incorrect (level, type): got (%v, %v), wanted (%v, %v)", ep.cmsg.Level, ep.cmsg.Type, unix.SOL_SOCKET, unix.SCM_RIGHTS)
}
return int(*ep.cmsgData()), nil
}
func (ep *Endpoint) cmsgData() *int32 {
- // syscall.CmsgLen(0) == syscall.cmsgAlignOf(syscall.SizeofCmsghdr)
- return (*int32)(unsafe.Pointer(uintptr(unsafe.Pointer(ep.cmsg)) + uintptr(syscall.CmsgLen(0))))
+ // unix.CmsgLen(0) == unix.cmsgAlignOf(unix.SizeofCmsghdr)
+ return (*int32)(unsafe.Pointer(uintptr(unsafe.Pointer(ep.cmsg)) + uintptr(unix.CmsgLen(0))))
}
diff --git a/pkg/fdnotifier/fdnotifier.go b/pkg/fdnotifier/fdnotifier.go
index a6b63c982..1290d5d10 100644
--- a/pkg/fdnotifier/fdnotifier.go
+++ b/pkg/fdnotifier/fdnotifier.go
@@ -22,7 +22,6 @@ package fdnotifier
import (
"fmt"
- "syscall"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/sync"
@@ -51,7 +50,7 @@ type notifier struct {
// newNotifier creates a new notifier object.
func newNotifier() (*notifier, error) {
- epfd, err := syscall.EpollCreate1(0)
+ epfd, err := unix.EpollCreate1(0)
if err != nil {
return nil, err
}
@@ -72,22 +71,22 @@ func (n *notifier) waitFD(fd int32, fi *fdInfo, mask waiter.EventMask) error {
return nil
}
- e := syscall.EpollEvent{
+ e := unix.EpollEvent{
Events: mask.ToLinux() | unix.EPOLLET,
Fd: fd,
}
switch {
case !fi.waiting && mask != 0:
- if err := syscall.EpollCtl(n.epFD, syscall.EPOLL_CTL_ADD, int(fd), &e); err != nil {
+ if err := unix.EpollCtl(n.epFD, unix.EPOLL_CTL_ADD, int(fd), &e); err != nil {
return err
}
fi.waiting = true
case fi.waiting && mask == 0:
- syscall.EpollCtl(n.epFD, syscall.EPOLL_CTL_DEL, int(fd), nil)
+ unix.EpollCtl(n.epFD, unix.EPOLL_CTL_DEL, int(fd), nil)
fi.waiting = false
case fi.waiting && mask != 0:
- if err := syscall.EpollCtl(n.epFD, syscall.EPOLL_CTL_MOD, int(fd), &e); err != nil {
+ if err := unix.EpollCtl(n.epFD, unix.EPOLL_CTL_MOD, int(fd), &e); err != nil {
return err
}
}
@@ -144,10 +143,10 @@ func (n *notifier) hasFD(fd int32) bool {
// notifications from the epoll object. Once notifications arrive, they are
// dispatched to the registered queue.
func (n *notifier) waitAndNotify() error {
- e := make([]syscall.EpollEvent, 100)
+ e := make([]unix.EpollEvent, 100)
for {
v, err := epollWait(n.epFD, e, -1)
- if err == syscall.EINTR {
+ if err == unix.EINTR {
continue
}
diff --git a/pkg/fdnotifier/poll_unsafe.go b/pkg/fdnotifier/poll_unsafe.go
index ec2f997a2..493ea8375 100644
--- a/pkg/fdnotifier/poll_unsafe.go
+++ b/pkg/fdnotifier/poll_unsafe.go
@@ -17,9 +17,9 @@
package fdnotifier
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/waiter"
)
@@ -35,16 +35,16 @@ func NonBlockingPoll(fd int32, mask waiter.EventMask) waiter.EventMask {
events: int16(mask.ToLinux()),
}
- ts := syscall.Timespec{
+ ts := unix.Timespec{
Sec: 0,
Nsec: 0,
}
for {
- n, _, err := syscall.RawSyscall6(syscall.SYS_PPOLL, uintptr(unsafe.Pointer(&e)), 1,
+ n, _, err := unix.RawSyscall6(unix.SYS_PPOLL, uintptr(unsafe.Pointer(&e)), 1,
uintptr(unsafe.Pointer(&ts)), 0, 0, 0)
// Interrupted by signal, try again.
- if err == syscall.EINTR {
+ if err == unix.EINTR {
continue
}
// If an error occur we'll conservatively say the FD is ready for
@@ -66,14 +66,14 @@ func NonBlockingPoll(fd int32, mask waiter.EventMask) waiter.EventMask {
// epollWait performs a blocking wait on epfd.
//
// Preconditions: len(events) > 0
-func epollWait(epfd int, events []syscall.EpollEvent, msec int) (int, error) {
+func epollWait(epfd int, events []unix.EpollEvent, msec int) (int, error) {
if len(events) == 0 {
panic("Empty events passed to EpollWait")
}
// We actually use epoll_pwait with NULL sigmask instead of epoll_wait
// since that is what the Go >= 1.11 runtime prefers.
- r, _, e := syscall.Syscall6(syscall.SYS_EPOLL_PWAIT, uintptr(epfd), uintptr(unsafe.Pointer(&events[0])), uintptr(len(events)), uintptr(msec), 0, 0)
+ r, _, e := unix.Syscall6(unix.SYS_EPOLL_PWAIT, uintptr(epfd), uintptr(unsafe.Pointer(&events[0])), uintptr(len(events)), uintptr(msec), 0, 0)
if e != 0 {
return 0, e
}
diff --git a/pkg/flipcall/flipcall.go b/pkg/flipcall/flipcall.go
index c4a3366ce..8d8309a73 100644
--- a/pkg/flipcall/flipcall.go
+++ b/pkg/flipcall/flipcall.go
@@ -20,7 +20,8 @@ import (
"fmt"
"math"
"sync/atomic"
- "syscall"
+
+ "golang.org/x/sys/unix"
)
// An Endpoint provides the ability to synchronously transfer data and control
@@ -130,7 +131,7 @@ func (ep *Endpoint) Destroy() {
}
func (ep *Endpoint) unmapPacket() {
- syscall.RawSyscall(syscall.SYS_MUNMAP, ep.packet, uintptr(ep.dataCap)+PacketHeaderBytes, 0)
+ unix.RawSyscall(unix.SYS_MUNMAP, ep.packet, uintptr(ep.dataCap)+PacketHeaderBytes, 0)
ep.packet = 0
}
diff --git a/pkg/flipcall/futex_linux.go b/pkg/flipcall/futex_linux.go
index 0e559ee16..c212f05f1 100644
--- a/pkg/flipcall/futex_linux.go
+++ b/pkg/flipcall/futex_linux.go
@@ -20,8 +20,8 @@ import (
"fmt"
"runtime"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
@@ -66,22 +66,22 @@ func (ep *Endpoint) futexWaitUntilActive() error {
}
func (ep *Endpoint) futexWakeConnState(numThreads int32) error {
- if _, _, e := syscall.RawSyscall(syscall.SYS_FUTEX, ep.packet, linux.FUTEX_WAKE, uintptr(numThreads)); e != 0 {
+ if _, _, e := unix.RawSyscall(unix.SYS_FUTEX, ep.packet, linux.FUTEX_WAKE, uintptr(numThreads)); e != 0 {
return e
}
return nil
}
func (ep *Endpoint) futexWaitConnState(curState uint32) error {
- _, _, e := syscall.Syscall6(syscall.SYS_FUTEX, ep.packet, linux.FUTEX_WAIT, uintptr(curState), 0, 0, 0)
- if e != 0 && e != syscall.EAGAIN && e != syscall.EINTR {
+ _, _, e := unix.Syscall6(unix.SYS_FUTEX, ep.packet, linux.FUTEX_WAIT, uintptr(curState), 0, 0, 0)
+ if e != 0 && e != unix.EAGAIN && e != unix.EINTR {
return e
}
return nil
}
func yieldThread() {
- syscall.Syscall(syscall.SYS_SCHED_YIELD, 0, 0, 0)
+ unix.Syscall(unix.SYS_SCHED_YIELD, 0, 0, 0)
// The thread we're trying to yield to may be waiting for a Go runtime P.
// runtime.Gosched() will hand off ours if necessary.
runtime.Gosched()
diff --git a/pkg/flipcall/packet_window_allocator.go b/pkg/flipcall/packet_window_allocator.go
index af9cc3d21..9122c97b7 100644
--- a/pkg/flipcall/packet_window_allocator.go
+++ b/pkg/flipcall/packet_window_allocator.go
@@ -18,8 +18,8 @@ import (
"fmt"
"math/bits"
"os"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/memutil"
)
@@ -85,8 +85,8 @@ func (pwa *PacketWindowAllocator) Init() error {
// Apply F_SEAL_SHRINK to prevent either party from causing SIGBUS in the
// other by truncating the file, and F_SEAL_SEAL to prevent either party
// from applying F_SEAL_GROW or F_SEAL_WRITE.
- if _, _, e := syscall.RawSyscall(syscall.SYS_FCNTL, uintptr(fd), linux.F_ADD_SEALS, linux.F_SEAL_SHRINK|linux.F_SEAL_SEAL); e != 0 {
- syscall.Close(fd)
+ if _, _, e := unix.RawSyscall(unix.SYS_FCNTL, uintptr(fd), linux.F_ADD_SEALS, linux.F_SEAL_SHRINK|linux.F_SEAL_SEAL); e != 0 {
+ unix.Close(fd)
return fmt.Errorf("failed to apply memfd seals: %v", e)
}
pwa.fd = fd
@@ -106,7 +106,7 @@ func NewPacketWindowAllocator() (*PacketWindowAllocator, error) {
// Destroy releases resources owned by pwa. This invalidates file descriptors
// previously returned by pwa.FD() and pwd.Allocate().
func (pwa *PacketWindowAllocator) Destroy() {
- syscall.Close(pwa.fd)
+ unix.Close(pwa.fd)
}
// FD represents the file descriptor of the shared memory file backing pwa.
@@ -158,7 +158,7 @@ func (pwa *PacketWindowAllocator) ensureFileSize(min int64) error {
}
newSize = newNewSize
}
- if err := syscall.Ftruncate(pwa.FD(), newSize); err != nil {
+ if err := unix.Ftruncate(pwa.FD(), newSize); err != nil {
return fmt.Errorf("ftruncate failed: %v", err)
}
pwa.fileSize = newSize
diff --git a/pkg/flipcall/packet_window_mmap_amd64.go b/pkg/flipcall/packet_window_mmap_amd64.go
index 869183b11..ced587a2a 100644
--- a/pkg/flipcall/packet_window_mmap_amd64.go
+++ b/pkg/flipcall/packet_window_mmap_amd64.go
@@ -14,12 +14,10 @@
package flipcall
-import (
- "syscall"
-)
+import "golang.org/x/sys/unix"
// Return a memory mapping of the pwd in memory that can be shared outside the sandbox.
-func packetWindowMmap(pwd PacketWindowDescriptor) (uintptr, syscall.Errno) {
- m, _, err := syscall.RawSyscall6(syscall.SYS_MMAP, 0, uintptr(pwd.Length), syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_SHARED, uintptr(pwd.FD), uintptr(pwd.Offset))
+func packetWindowMmap(pwd PacketWindowDescriptor) (uintptr, unix.Errno) {
+ m, _, err := unix.RawSyscall6(unix.SYS_MMAP, 0, uintptr(pwd.Length), unix.PROT_READ|unix.PROT_WRITE, unix.MAP_SHARED, uintptr(pwd.FD), uintptr(pwd.Offset))
return m, err
}
diff --git a/pkg/flipcall/packet_window_mmap_arm64.go b/pkg/flipcall/packet_window_mmap_arm64.go
index b9c9c44f6..87ad1a4a1 100644
--- a/pkg/flipcall/packet_window_mmap_arm64.go
+++ b/pkg/flipcall/packet_window_mmap_arm64.go
@@ -16,12 +16,10 @@
package flipcall
-import (
- "syscall"
-)
+import "golang.org/x/sys/unix"
// Return a memory mapping of the pwd in memory that can be shared outside the sandbox.
-func packetWindowMmap(pwd PacketWindowDescriptor) (uintptr, syscall.Errno) {
- m, _, err := syscall.RawSyscall6(syscall.SYS_MMAP, 0, uintptr(pwd.Length), syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_SHARED, uintptr(pwd.FD), uintptr(pwd.Offset))
+func packetWindowMmap(pwd PacketWindowDescriptor) (uintptr, unix.Errno) {
+ m, _, err := unix.RawSyscall6(unix.SYS_MMAP, 0, uintptr(pwd.Length), unix.PROT_READ|unix.PROT_WRITE, unix.MAP_SHARED, uintptr(pwd.FD), uintptr(pwd.Offset))
return m, err
}
diff --git a/pkg/iovec/iovec.go b/pkg/iovec/iovec.go
index dd70fe80f..0789c74bf 100644
--- a/pkg/iovec/iovec.go
+++ b/pkg/iovec/iovec.go
@@ -19,18 +19,17 @@
package iovec
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
// MaxIovs is the maximum number of iovecs host platform can accept.
var MaxIovs = linux.UIO_MAXIOV
-// Builder is a builder for slice of syscall.Iovec.
+// Builder is a builder for slice of unix.Iovec.
type Builder struct {
- iovec []syscall.Iovec
- storage [8]syscall.Iovec
+ iovec []unix.Iovec
+ storage [8]unix.Iovec
// overflow tracks the last buffer when iovec length is at MaxIovs.
overflow []byte
@@ -48,7 +47,7 @@ func (b *Builder) Add(buf []byte) {
b.addByAppend(buf)
return
}
- b.iovec = append(b.iovec, syscall.Iovec{
+ b.iovec = append(b.iovec, unix.Iovec{
Base: &buf[0],
Len: uint64(len(buf)),
})
@@ -62,7 +61,7 @@ func (b *Builder) Add(buf []byte) {
func (b *Builder) addByAppend(buf []byte) {
b.overflow = append(b.overflow, buf...)
- b.iovec[len(b.iovec)-1] = syscall.Iovec{
+ b.iovec[len(b.iovec)-1] = unix.Iovec{
Base: &b.overflow[0],
Len: uint64(len(b.overflow)),
}
@@ -70,6 +69,6 @@ func (b *Builder) addByAppend(buf []byte) {
// Build returns the final Iovec slice. The length of returned iovec will not
// excceed MaxIovs.
-func (b *Builder) Build() []syscall.Iovec {
+func (b *Builder) Build() []unix.Iovec {
return b.iovec
}
diff --git a/pkg/log/log.go b/pkg/log/log.go
index 2e3408357..d39af3bf4 100644
--- a/pkg/log/log.go
+++ b/pkg/log/log.go
@@ -38,9 +38,9 @@ import (
"os"
"runtime"
"sync/atomic"
- "syscall"
"time"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/linewriter"
"gvisor.dev/gvisor/pkg/sync"
)
@@ -105,7 +105,7 @@ func (l *Writer) Write(data []byte) (int, error) {
n += w
// Is it a non-blocking socket?
- if pathErr, ok := err.(*os.PathError); ok && pathErr.Err == syscall.EAGAIN {
+ if pathErr, ok := err.(*os.PathError); ok && pathErr.Err == unix.EAGAIN {
runtime.Gosched()
continue
}
diff --git a/pkg/memutil/memutil_unsafe.go b/pkg/memutil/memutil_unsafe.go
index 979d942a9..6676d1ce3 100644
--- a/pkg/memutil/memutil_unsafe.go
+++ b/pkg/memutil/memutil_unsafe.go
@@ -19,7 +19,6 @@ package memutil
import (
"fmt"
- "syscall"
"unsafe"
"golang.org/x/sys/unix"
@@ -27,13 +26,13 @@ import (
// CreateMemFD creates a memfd file and returns the fd.
func CreateMemFD(name string, flags int) (int, error) {
- p, err := syscall.BytePtrFromString(name)
+ p, err := unix.BytePtrFromString(name)
if err != nil {
return -1, err
}
- fd, _, e := syscall.Syscall(unix.SYS_MEMFD_CREATE, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+ fd, _, e := unix.Syscall(unix.SYS_MEMFD_CREATE, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
if e != 0 {
- if e == syscall.ENOSYS {
+ if e == unix.ENOSYS {
return -1, fmt.Errorf("memfd_create(2) is not implemented. Check that you have Linux 3.17 or higher")
}
return -1, e
diff --git a/pkg/p9/client.go b/pkg/p9/client.go
index 3f4324ac1..764f1f970 100644
--- a/pkg/p9/client.go
+++ b/pkg/p9/client.go
@@ -17,7 +17,6 @@ package p9
import (
"errors"
"fmt"
- "syscall"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/flipcall"
@@ -180,7 +179,7 @@ func NewClient(socket *unet.Socket, messageSize uint32, version string) (*Client
}, &rversion)
// The server told us to try again with a lower version.
- if err == syscall.EAGAIN {
+ if err == unix.EAGAIN {
if requested == lowestSupportedVersion {
return nil, ErrVersionsExhausted
}
@@ -250,7 +249,7 @@ func (c *Client) watch(socket *unet.Socket) {
// Wait for a shutdown event.
for {
n, err := unix.Ppoll(events, nil, nil)
- if err == syscall.EINTR || err == syscall.EAGAIN {
+ if err == unix.EINTR || err == unix.EAGAIN {
continue
}
if err != nil {
@@ -437,7 +436,7 @@ func (c *Client) sendRecvLegacySyscallErr(t message, r message) error {
received, err := c.sendRecvLegacy(t, r)
if !received {
log.Warningf("p9.Client.sendRecvChannel: %v", err)
- return syscall.EIO
+ return unix.EIO
}
return err
}
@@ -485,7 +484,7 @@ func (c *Client) sendRecvLegacy(t message, r message) (bool, error) {
// For convenience, we transform these directly
// into errors. Handlers need not handle this case.
if rlerr, ok := resp.r.(*Rlerror); ok {
- return true, syscall.Errno(rlerr.Error)
+ return true, unix.Errno(rlerr.Error)
}
// At this point, we know it matches.
@@ -524,7 +523,7 @@ func (c *Client) sendRecvChannel(t message, r message) error {
// Map all transport errors to EIO, but ensure that the real error
// is logged.
log.Warningf("p9.Client.sendRecvChannel: flipcall.Endpoint.Connect: %v", err)
- return syscall.EIO
+ return unix.EIO
}
}
@@ -537,14 +536,14 @@ func (c *Client) sendRecvChannel(t message, r message) error {
c.channelsMu.Unlock()
c.channelsWg.Done()
log.Warningf("p9.Client.sendRecvChannel: p9.channel.send: %v", err)
- return syscall.EIO
+ return unix.EIO
}
// Parse the server's response.
resp, retErr := ch.recv(r, rsz)
if resp == nil {
log.Warningf("p9.Client.sendRecvChannel: p9.channel.recv: %v", retErr)
- retErr = syscall.EIO
+ retErr = unix.EIO
}
// Release the channel.
diff --git a/pkg/p9/client_file.go b/pkg/p9/client_file.go
index 8b46a2987..7abc82e1b 100644
--- a/pkg/p9/client_file.go
+++ b/pkg/p9/client_file.go
@@ -18,8 +18,8 @@ import (
"fmt"
"io"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/log"
)
@@ -69,7 +69,7 @@ type clientFile struct {
// Walk implements File.Walk.
func (c *clientFile) Walk(names []string) ([]QID, File, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return nil, nil, syscall.EBADF
+ return nil, nil, unix.EBADF
}
fid, ok := c.client.fidPool.Get()
@@ -90,7 +90,7 @@ func (c *clientFile) Walk(names []string) ([]QID, File, error) {
// WalkGetAttr implements File.WalkGetAttr.
func (c *clientFile) WalkGetAttr(components []string) ([]QID, File, AttrMask, Attr, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return nil, nil, AttrMask{}, Attr{}, syscall.EBADF
+ return nil, nil, AttrMask{}, Attr{}, unix.EBADF
}
if !versionSupportsTwalkgetattr(c.client.version) {
@@ -124,7 +124,7 @@ func (c *clientFile) WalkGetAttr(components []string) ([]QID, File, AttrMask, At
// StatFS implements File.StatFS.
func (c *clientFile) StatFS() (FSStat, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return FSStat{}, syscall.EBADF
+ return FSStat{}, unix.EBADF
}
rstatfs := Rstatfs{}
@@ -138,7 +138,7 @@ func (c *clientFile) StatFS() (FSStat, error) {
// FSync implements File.FSync.
func (c *clientFile) FSync() error {
if atomic.LoadUint32(&c.closed) != 0 {
- return syscall.EBADF
+ return unix.EBADF
}
return c.client.sendRecv(&Tfsync{FID: c.fid}, &Rfsync{})
@@ -147,7 +147,7 @@ func (c *clientFile) FSync() error {
// GetAttr implements File.GetAttr.
func (c *clientFile) GetAttr(req AttrMask) (QID, AttrMask, Attr, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return QID{}, AttrMask{}, Attr{}, syscall.EBADF
+ return QID{}, AttrMask{}, Attr{}, unix.EBADF
}
rgetattr := Rgetattr{}
@@ -161,7 +161,7 @@ func (c *clientFile) GetAttr(req AttrMask) (QID, AttrMask, Attr, error) {
// SetAttr implements File.SetAttr.
func (c *clientFile) SetAttr(valid SetAttrMask, attr SetAttr) error {
if atomic.LoadUint32(&c.closed) != 0 {
- return syscall.EBADF
+ return unix.EBADF
}
return c.client.sendRecv(&Tsetattr{FID: c.fid, Valid: valid, SetAttr: attr}, &Rsetattr{})
@@ -170,10 +170,10 @@ func (c *clientFile) SetAttr(valid SetAttrMask, attr SetAttr) error {
// GetXattr implements File.GetXattr.
func (c *clientFile) GetXattr(name string, size uint64) (string, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return "", syscall.EBADF
+ return "", unix.EBADF
}
if !versionSupportsGetSetXattr(c.client.version) {
- return "", syscall.EOPNOTSUPP
+ return "", unix.EOPNOTSUPP
}
rgetxattr := Rgetxattr{}
@@ -187,10 +187,10 @@ func (c *clientFile) GetXattr(name string, size uint64) (string, error) {
// SetXattr implements File.SetXattr.
func (c *clientFile) SetXattr(name, value string, flags uint32) error {
if atomic.LoadUint32(&c.closed) != 0 {
- return syscall.EBADF
+ return unix.EBADF
}
if !versionSupportsGetSetXattr(c.client.version) {
- return syscall.EOPNOTSUPP
+ return unix.EOPNOTSUPP
}
return c.client.sendRecv(&Tsetxattr{FID: c.fid, Name: name, Value: value, Flags: flags}, &Rsetxattr{})
@@ -199,10 +199,10 @@ func (c *clientFile) SetXattr(name, value string, flags uint32) error {
// ListXattr implements File.ListXattr.
func (c *clientFile) ListXattr(size uint64) (map[string]struct{}, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return nil, syscall.EBADF
+ return nil, unix.EBADF
}
if !versionSupportsListRemoveXattr(c.client.version) {
- return nil, syscall.EOPNOTSUPP
+ return nil, unix.EOPNOTSUPP
}
rlistxattr := Rlistxattr{}
@@ -220,10 +220,10 @@ func (c *clientFile) ListXattr(size uint64) (map[string]struct{}, error) {
// RemoveXattr implements File.RemoveXattr.
func (c *clientFile) RemoveXattr(name string) error {
if atomic.LoadUint32(&c.closed) != 0 {
- return syscall.EBADF
+ return unix.EBADF
}
if !versionSupportsListRemoveXattr(c.client.version) {
- return syscall.EOPNOTSUPP
+ return unix.EOPNOTSUPP
}
return c.client.sendRecv(&Tremovexattr{FID: c.fid, Name: name}, &Rremovexattr{})
@@ -232,10 +232,10 @@ func (c *clientFile) RemoveXattr(name string) error {
// Allocate implements File.Allocate.
func (c *clientFile) Allocate(mode AllocateMode, offset, length uint64) error {
if atomic.LoadUint32(&c.closed) != 0 {
- return syscall.EBADF
+ return unix.EBADF
}
if !versionSupportsTallocate(c.client.version) {
- return syscall.EOPNOTSUPP
+ return unix.EOPNOTSUPP
}
return c.client.sendRecv(&Tallocate{FID: c.fid, Mode: mode, Offset: offset, Length: length}, &Rallocate{})
@@ -248,7 +248,7 @@ func (c *clientFile) Allocate(mode AllocateMode, offset, length uint64) error {
func (c *clientFile) Remove() error {
// Avoid double close.
if !atomic.CompareAndSwapUint32(&c.closed, 0, 1) {
- return syscall.EBADF
+ return unix.EBADF
}
// Send the remove message.
@@ -269,7 +269,7 @@ func (c *clientFile) Remove() error {
func (c *clientFile) Close() error {
// Avoid double close.
if !atomic.CompareAndSwapUint32(&c.closed, 0, 1) {
- return syscall.EBADF
+ return unix.EBADF
}
// Send the close message.
@@ -302,7 +302,7 @@ func (c *clientFile) SetAttrClose(valid SetAttrMask, attr SetAttr) error {
// Avoid double close.
if !atomic.CompareAndSwapUint32(&c.closed, 0, 1) {
- return syscall.EBADF
+ return unix.EBADF
}
// Send the message.
@@ -321,7 +321,7 @@ func (c *clientFile) SetAttrClose(valid SetAttrMask, attr SetAttr) error {
// Open implements File.Open.
func (c *clientFile) Open(flags OpenFlags) (*fd.FD, QID, uint32, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return nil, QID{}, 0, syscall.EBADF
+ return nil, QID{}, 0, unix.EBADF
}
rlopen := Rlopen{}
@@ -335,11 +335,11 @@ func (c *clientFile) Open(flags OpenFlags) (*fd.FD, QID, uint32, error) {
// Connect implements File.Connect.
func (c *clientFile) Connect(flags ConnectFlags) (*fd.FD, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return nil, syscall.EBADF
+ return nil, unix.EBADF
}
if !VersionSupportsConnect(c.client.version) {
- return nil, syscall.ECONNREFUSED
+ return nil, unix.ECONNREFUSED
}
rlconnect := Rlconnect{}
@@ -404,7 +404,7 @@ func (c *clientFile) ReadAt(p []byte, offset uint64) (int, error) {
func (c *clientFile) readAt(p []byte, offset uint64) (int, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return 0, syscall.EBADF
+ return 0, unix.EBADF
}
rread := Rread{Data: p}
@@ -435,7 +435,7 @@ func (c *clientFile) WriteAt(p []byte, offset uint64) (int, error) {
func (c *clientFile) writeAt(p []byte, offset uint64) (int, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return 0, syscall.EBADF
+ return 0, unix.EBADF
}
rwrite := Rwrite{}
@@ -500,12 +500,12 @@ func (r *ReadWriterFile) WriteAt(p []byte, offset int64) (int, error) {
// Rename implements File.Rename.
func (c *clientFile) Rename(dir File, name string) error {
if atomic.LoadUint32(&c.closed) != 0 {
- return syscall.EBADF
+ return unix.EBADF
}
clientDir, ok := dir.(*clientFile)
if !ok {
- return syscall.EBADF
+ return unix.EBADF
}
return c.client.sendRecv(&Trename{FID: c.fid, Directory: clientDir.fid, Name: name}, &Rrename{})
@@ -514,7 +514,7 @@ func (c *clientFile) Rename(dir File, name string) error {
// Create implements File.Create.
func (c *clientFile) Create(name string, openFlags OpenFlags, permissions FileMode, uid UID, gid GID) (*fd.FD, File, QID, uint32, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return nil, nil, QID{}, 0, syscall.EBADF
+ return nil, nil, QID{}, 0, unix.EBADF
}
msg := Tlcreate{
@@ -545,7 +545,7 @@ func (c *clientFile) Create(name string, openFlags OpenFlags, permissions FileMo
// Mkdir implements File.Mkdir.
func (c *clientFile) Mkdir(name string, permissions FileMode, uid UID, gid GID) (QID, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return QID{}, syscall.EBADF
+ return QID{}, unix.EBADF
}
msg := Tmkdir{
@@ -575,7 +575,7 @@ func (c *clientFile) Mkdir(name string, permissions FileMode, uid UID, gid GID)
// Symlink implements File.Symlink.
func (c *clientFile) Symlink(oldname string, newname string, uid UID, gid GID) (QID, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return QID{}, syscall.EBADF
+ return QID{}, unix.EBADF
}
msg := Tsymlink{
@@ -605,12 +605,12 @@ func (c *clientFile) Symlink(oldname string, newname string, uid UID, gid GID) (
// Link implements File.Link.
func (c *clientFile) Link(target File, newname string) error {
if atomic.LoadUint32(&c.closed) != 0 {
- return syscall.EBADF
+ return unix.EBADF
}
targetFile, ok := target.(*clientFile)
if !ok {
- return syscall.EBADF
+ return unix.EBADF
}
return c.client.sendRecv(&Tlink{Directory: c.fid, Name: newname, Target: targetFile.fid}, &Rlink{})
@@ -619,7 +619,7 @@ func (c *clientFile) Link(target File, newname string) error {
// Mknod implements File.Mknod.
func (c *clientFile) Mknod(name string, mode FileMode, major uint32, minor uint32, uid UID, gid GID) (QID, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return QID{}, syscall.EBADF
+ return QID{}, unix.EBADF
}
msg := Tmknod{
@@ -651,12 +651,12 @@ func (c *clientFile) Mknod(name string, mode FileMode, major uint32, minor uint3
// RenameAt implements File.RenameAt.
func (c *clientFile) RenameAt(oldname string, newdir File, newname string) error {
if atomic.LoadUint32(&c.closed) != 0 {
- return syscall.EBADF
+ return unix.EBADF
}
clientNewDir, ok := newdir.(*clientFile)
if !ok {
- return syscall.EBADF
+ return unix.EBADF
}
return c.client.sendRecv(&Trenameat{OldDirectory: c.fid, OldName: oldname, NewDirectory: clientNewDir.fid, NewName: newname}, &Rrenameat{})
@@ -665,7 +665,7 @@ func (c *clientFile) RenameAt(oldname string, newdir File, newname string) error
// UnlinkAt implements File.UnlinkAt.
func (c *clientFile) UnlinkAt(name string, flags uint32) error {
if atomic.LoadUint32(&c.closed) != 0 {
- return syscall.EBADF
+ return unix.EBADF
}
return c.client.sendRecv(&Tunlinkat{Directory: c.fid, Name: name, Flags: flags}, &Runlinkat{})
@@ -674,7 +674,7 @@ func (c *clientFile) UnlinkAt(name string, flags uint32) error {
// Readdir implements File.Readdir.
func (c *clientFile) Readdir(offset uint64, count uint32) ([]Dirent, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return nil, syscall.EBADF
+ return nil, unix.EBADF
}
rreaddir := Rreaddir{}
@@ -688,7 +688,7 @@ func (c *clientFile) Readdir(offset uint64, count uint32) ([]Dirent, error) {
// Readlink implements File.Readlink.
func (c *clientFile) Readlink() (string, error) {
if atomic.LoadUint32(&c.closed) != 0 {
- return "", syscall.EBADF
+ return "", unix.EBADF
}
rreadlink := Rreadlink{}
@@ -702,7 +702,7 @@ func (c *clientFile) Readlink() (string, error) {
// Flush implements File.Flush.
func (c *clientFile) Flush() error {
if atomic.LoadUint32(&c.closed) != 0 {
- return syscall.EBADF
+ return unix.EBADF
}
if !VersionSupportsTflushf(c.client.version) {
diff --git a/pkg/p9/file.go b/pkg/p9/file.go
index c2e3a3f98..c59c6a65b 100644
--- a/pkg/p9/file.go
+++ b/pkg/p9/file.go
@@ -15,8 +15,7 @@
package p9
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fd"
)
@@ -67,7 +66,7 @@ type File interface {
// WalkGetAttr walks to the next file and returns its maximal set of
// attributes.
//
- // Server-side p9.Files may return syscall.ENOSYS to indicate that Walk
+ // Server-side p9.Files may return unix.ENOSYS to indicate that Walk
// and GetAttr should be used separately to satisfy this request.
//
// On the server, WalkGetAttr has a read concurrency guarantee.
@@ -160,7 +159,7 @@ type File interface {
// Read reads from this file. Open must be called first.
//
- // This may return io.EOF in addition to syscall.Errno values.
+ // This may return io.EOF in addition to unix.Errno values.
//
// On the server, ReadAt has a read concurrency guarantee. See Open for
// additional requirements regarding lazy path resolution.
@@ -168,7 +167,7 @@ type File interface {
// Write writes to this file. Open must be called first.
//
- // This may return io.EOF in addition to syscall.Errno values.
+ // This may return io.EOF in addition to unix.Errno values.
//
// On the server, WriteAt has a read concurrency guarantee. See Open
// for additional requirements regarding lazy path resolution.
@@ -239,7 +238,7 @@ type File interface {
// Readdir reads directory entries.
//
- // This may return io.EOF in addition to syscall.Errno values.
+ // This may return io.EOF in addition to unix.Errno values.
//
// On the server, Readdir has a read concurrency guarantee.
Readdir(offset uint64, count uint32) ([]Dirent, error)
@@ -292,7 +291,7 @@ type DefaultWalkGetAttr struct{}
// WalkGetAttr implements File.WalkGetAttr.
func (DefaultWalkGetAttr) WalkGetAttr([]string) ([]QID, File, AttrMask, Attr, error) {
- return nil, nil, AttrMask{}, Attr{}, syscall.ENOSYS
+ return nil, nil, AttrMask{}, Attr{}, unix.ENOSYS
}
// DisallowClientCalls panics if a client-only function is called.
diff --git a/pkg/p9/handlers.go b/pkg/p9/handlers.go
index 81ceb37c5..58312d0cc 100644
--- a/pkg/p9/handlers.go
+++ b/pkg/p9/handlers.go
@@ -21,28 +21,28 @@ import (
"path"
"strings"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/log"
)
-// ExtractErrno extracts a syscall.Errno from a error, best effort.
-func ExtractErrno(err error) syscall.Errno {
+// ExtractErrno extracts a unix.Errno from a error, best effort.
+func ExtractErrno(err error) unix.Errno {
switch err {
case os.ErrNotExist:
- return syscall.ENOENT
+ return unix.ENOENT
case os.ErrExist:
- return syscall.EEXIST
+ return unix.EEXIST
case os.ErrPermission:
- return syscall.EACCES
+ return unix.EACCES
case os.ErrInvalid:
- return syscall.EINVAL
+ return unix.EINVAL
}
// Attempt to unwrap.
switch e := err.(type) {
- case syscall.Errno:
+ case unix.Errno:
return e
case *os.PathError:
return ExtractErrno(e.Err)
@@ -54,7 +54,7 @@ func ExtractErrno(err error) syscall.Errno {
// Default case.
log.Warningf("unknown error: %v", err)
- return syscall.EIO
+ return unix.EIO
}
// newErr returns a new error message from an error.
@@ -77,20 +77,20 @@ type handler interface {
// handle implements handler.handle.
func (t *Tversion) handle(cs *connState) message {
if t.MSize == 0 {
- return newErr(syscall.EINVAL)
+ return newErr(unix.EINVAL)
}
if t.MSize > maximumLength {
- return newErr(syscall.EINVAL)
+ return newErr(unix.EINVAL)
}
atomic.StoreUint32(&cs.messageSize, t.MSize)
requested, ok := parseVersion(t.Version)
if !ok {
- return newErr(syscall.EINVAL)
+ return newErr(unix.EINVAL)
}
// The server cannot support newer versions that it doesn't know about. In this
// case we return EAGAIN to tell the client to try again with a lower version.
if requested > highestSupportedVersion {
- return newErr(syscall.EAGAIN)
+ return newErr(unix.EAGAIN)
}
// From Tversion(9P): "The server may respond with the client’s version
// string, or a version string identifying an earlier defined protocol version".
@@ -112,13 +112,13 @@ func checkSafeName(name string) error {
if name != "" && !strings.Contains(name, "/") && name != "." && name != ".." {
return nil
}
- return syscall.EINVAL
+ return unix.EINVAL
}
// handle implements handler.handle.
func (t *Tclunk) handle(cs *connState) message {
if !cs.DeleteFID(t.FID) {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
return &Rclunk{}
}
@@ -126,7 +126,7 @@ func (t *Tclunk) handle(cs *connState) message {
func (t *Tsetattrclunk) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
@@ -136,7 +136,7 @@ func (t *Tsetattrclunk) handle(cs *connState) message {
// there were multiple links and you can still change the
// corresponding inode information.
if ref.isDeleted() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Set the attributes.
@@ -146,7 +146,7 @@ func (t *Tsetattrclunk) handle(cs *connState) message {
// Try to delete FID even in case of failure above. Since the state of the
// file is unknown to the caller, it will not attempt to close the file again.
if !cs.DeleteFID(t.FID) {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
if setAttrErr != nil {
return newErr(setAttrErr)
@@ -158,7 +158,7 @@ func (t *Tsetattrclunk) handle(cs *connState) message {
func (t *Tremove) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
@@ -172,7 +172,7 @@ func (t *Tremove) handle(cs *connState) message {
err := ref.safelyGlobal(func() error {
// Is this a root? Can't remove that.
if ref.isRoot() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// N.B. this remove operation is permitted, even if the file is open.
@@ -180,7 +180,7 @@ func (t *Tremove) handle(cs *connState) message {
// Is this file already deleted?
if ref.isDeleted() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Retrieve the file's proper name.
@@ -204,7 +204,7 @@ func (t *Tremove) handle(cs *connState) message {
// of removing the file if permissions allow."
// https://swtch.com/plan9port/man/man9/remove.html
if !cs.DeleteFID(t.FID) {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
if err != nil {
return newErr(err)
@@ -217,14 +217,14 @@ func (t *Tremove) handle(cs *connState) message {
//
// We don't support authentication, so this just returns ENOSYS.
func (t *Tauth) handle(cs *connState) message {
- return newErr(syscall.ENOSYS)
+ return newErr(unix.ENOSYS)
}
// handle implements handler.handle.
func (t *Tattach) handle(cs *connState) message {
// Ensure no authentication FID is provided.
if t.Auth.AuthenticationFID != NoFID {
- return newErr(syscall.EINVAL)
+ return newErr(unix.EINVAL)
}
// Must provide an absolute path.
@@ -247,7 +247,7 @@ func (t *Tattach) handle(cs *connState) message {
}
if !valid.Mode {
sf.Close() // Drop file.
- return newErr(syscall.EINVAL)
+ return newErr(unix.EINVAL)
}
// Build a transient reference.
@@ -292,7 +292,7 @@ func CanOpen(mode FileMode) bool {
func (t *Tlopen) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
@@ -304,22 +304,22 @@ func (t *Tlopen) handle(cs *connState) message {
if err := ref.safelyRead(func() (err error) {
// Has it been deleted already?
if ref.isDeleted() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Has it been opened already?
if ref.opened || !CanOpen(ref.mode) {
- return syscall.EINVAL
+ return unix.EINVAL
}
if ref.mode.IsDir() {
// Directory must be opened ReadOnly.
if t.Flags&OpenFlagsModeMask != ReadOnly {
- return syscall.EISDIR
+ return unix.EISDIR
}
// Directory not truncatable.
if t.Flags&OpenTruncate != 0 {
- return syscall.EISDIR
+ return unix.EISDIR
}
}
@@ -345,7 +345,7 @@ func (t *Tlcreate) do(cs *connState, uid UID) (*Rlcreate, error) {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return nil, syscall.EBADF
+ return nil, unix.EBADF
}
defer ref.DecRef()
@@ -359,12 +359,12 @@ func (t *Tlcreate) do(cs *connState, uid UID) (*Rlcreate, error) {
if err := ref.safelyWrite(func() (err error) {
// Don't allow creation from non-directories or deleted directories.
if ref.isDeleted() || !ref.mode.IsDir() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Not allowed on open directories.
if ref.opened {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Do the create.
@@ -422,7 +422,7 @@ func (t *Tsymlink) do(cs *connState, uid UID) (*Rsymlink, error) {
ref, ok := cs.LookupFID(t.Directory)
if !ok {
- return nil, syscall.EBADF
+ return nil, unix.EBADF
}
defer ref.DecRef()
@@ -430,12 +430,12 @@ func (t *Tsymlink) do(cs *connState, uid UID) (*Rsymlink, error) {
if err := ref.safelyWrite(func() (err error) {
// Don't allow symlinks from non-directories or deleted directories.
if ref.isDeleted() || !ref.mode.IsDir() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Not allowed on open directories.
if ref.opened {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Do the symlink.
@@ -456,25 +456,25 @@ func (t *Tlink) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.Directory)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
refTarget, ok := cs.LookupFID(t.Target)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer refTarget.DecRef()
if err := ref.safelyWrite(func() (err error) {
// Don't allow create links from non-directories or deleted directories.
if ref.isDeleted() || !ref.mode.IsDir() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Not allowed on open directories.
if ref.opened {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Do the link.
@@ -497,13 +497,13 @@ func (t *Trenameat) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.OldDirectory)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
refTarget, ok := cs.LookupFID(t.NewDirectory)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer refTarget.DecRef()
@@ -511,12 +511,12 @@ func (t *Trenameat) handle(cs *connState) message {
if err := ref.safelyGlobal(func() (err error) {
// Don't allow renaming across deleted directories.
if ref.isDeleted() || !ref.mode.IsDir() || refTarget.isDeleted() || !refTarget.mode.IsDir() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Not allowed on open directories.
if ref.opened {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Is this the same file? If yes, short-circuit and return success.
@@ -547,19 +547,19 @@ func (t *Tunlinkat) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.Directory)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
if err := ref.safelyWrite(func() (err error) {
// Don't allow deletion from non-directories or deleted directories.
if ref.isDeleted() || !ref.mode.IsDir() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Not allowed on open directories.
if ref.opened {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Before we do the unlink itself, we need to ensure that there
@@ -599,25 +599,25 @@ func (t *Trename) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
refTarget, ok := cs.LookupFID(t.Directory)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer refTarget.DecRef()
if err := ref.safelyGlobal(func() (err error) {
// Don't allow a root rename.
if ref.isRoot() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Don't allow renaming deleting entries, or target non-directories.
if ref.isDeleted() || refTarget.isDeleted() || !refTarget.mode.IsDir() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// If the parent is deleted, but we not, something is seriously wrong.
@@ -656,7 +656,7 @@ func (t *Trename) handle(cs *connState) message {
func (t *Treadlink) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
@@ -666,7 +666,7 @@ func (t *Treadlink) handle(cs *connState) message {
// check if this file is opened because symlinks cannot be
// opened.
if ref.isDeleted() || !ref.mode.IsSymlink() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Do the read.
@@ -683,13 +683,13 @@ func (t *Treadlink) handle(cs *connState) message {
func (t *Tread) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
// Constrain the size of the read buffer.
if int(t.Count) > int(maximumLength) {
- return newErr(syscall.ENOBUFS)
+ return newErr(unix.ENOBUFS)
}
var (
@@ -699,12 +699,12 @@ func (t *Tread) handle(cs *connState) message {
if err := ref.safelyRead(func() (err error) {
// Has it been opened already?
if !ref.opened {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Can it be read? Check permissions.
if ref.openFlags&OpenFlagsModeMask == WriteOnly {
- return syscall.EPERM
+ return unix.EPERM
}
n, err = ref.file.ReadAt(data, t.Offset)
@@ -720,7 +720,7 @@ func (t *Tread) handle(cs *connState) message {
func (t *Twrite) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
@@ -728,12 +728,12 @@ func (t *Twrite) handle(cs *connState) message {
if err := ref.safelyRead(func() (err error) {
// Has it been opened already?
if !ref.opened {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Can it be written? Check permissions.
if ref.openFlags&OpenFlagsModeMask == ReadOnly {
- return syscall.EPERM
+ return unix.EPERM
}
n, err = ref.file.WriteAt(t.Data, t.Offset)
@@ -761,7 +761,7 @@ func (t *Tmknod) do(cs *connState, uid UID) (*Rmknod, error) {
ref, ok := cs.LookupFID(t.Directory)
if !ok {
- return nil, syscall.EBADF
+ return nil, unix.EBADF
}
defer ref.DecRef()
@@ -769,12 +769,12 @@ func (t *Tmknod) do(cs *connState, uid UID) (*Rmknod, error) {
if err := ref.safelyWrite(func() (err error) {
// Don't allow mknod on deleted files.
if ref.isDeleted() || !ref.mode.IsDir() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Not allowed on open directories.
if ref.opened {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Do the mknod.
@@ -803,7 +803,7 @@ func (t *Tmkdir) do(cs *connState, uid UID) (*Rmkdir, error) {
ref, ok := cs.LookupFID(t.Directory)
if !ok {
- return nil, syscall.EBADF
+ return nil, unix.EBADF
}
defer ref.DecRef()
@@ -811,12 +811,12 @@ func (t *Tmkdir) do(cs *connState, uid UID) (*Rmkdir, error) {
if err := ref.safelyWrite(func() (err error) {
// Don't allow mkdir on deleted files.
if ref.isDeleted() || !ref.mode.IsDir() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Not allowed on open directories.
if ref.opened {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Do the mkdir.
@@ -833,7 +833,7 @@ func (t *Tmkdir) do(cs *connState, uid UID) (*Rmkdir, error) {
func (t *Tgetattr) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
@@ -861,7 +861,7 @@ func (t *Tgetattr) handle(cs *connState) message {
func (t *Tsetattr) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
@@ -871,7 +871,7 @@ func (t *Tsetattr) handle(cs *connState) message {
// there were multiple links and you can still change the
// corresponding inode information.
if ref.isDeleted() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Set the attributes.
@@ -887,24 +887,24 @@ func (t *Tsetattr) handle(cs *connState) message {
func (t *Tallocate) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
if err := ref.safelyWrite(func() error {
// Has it been opened already?
if !ref.opened {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Can it be written? Check permissions.
if ref.openFlags&OpenFlagsModeMask == ReadOnly {
- return syscall.EBADF
+ return unix.EBADF
}
// We don't allow allocate on files that have been deleted.
if ref.isDeleted() {
- return syscall.EINVAL
+ return unix.EINVAL
}
return ref.file.Allocate(t.Mode, t.Offset, t.Length)
@@ -919,31 +919,31 @@ func (t *Tallocate) handle(cs *connState) message {
func (t *Txattrwalk) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
// We don't support extended attributes.
- return newErr(syscall.ENODATA)
+ return newErr(unix.ENODATA)
}
// handle implements handler.handle.
func (t *Txattrcreate) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
// We don't support extended attributes.
- return newErr(syscall.ENOSYS)
+ return newErr(unix.ENOSYS)
}
// handle implements handler.handle.
func (t *Tgetxattr) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
@@ -951,7 +951,7 @@ func (t *Tgetxattr) handle(cs *connState) message {
if err := ref.safelyRead(func() (err error) {
// Don't allow getxattr on files that have been deleted.
if ref.isDeleted() {
- return syscall.EINVAL
+ return unix.EINVAL
}
val, err = ref.file.GetXattr(t.Name, t.Size)
return err
@@ -965,14 +965,14 @@ func (t *Tgetxattr) handle(cs *connState) message {
func (t *Tsetxattr) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
if err := ref.safelyWrite(func() error {
// Don't allow setxattr on files that have been deleted.
if ref.isDeleted() {
- return syscall.EINVAL
+ return unix.EINVAL
}
return ref.file.SetXattr(t.Name, t.Value, t.Flags)
}); err != nil {
@@ -985,7 +985,7 @@ func (t *Tsetxattr) handle(cs *connState) message {
func (t *Tlistxattr) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
@@ -993,7 +993,7 @@ func (t *Tlistxattr) handle(cs *connState) message {
if err := ref.safelyRead(func() (err error) {
// Don't allow listxattr on files that have been deleted.
if ref.isDeleted() {
- return syscall.EINVAL
+ return unix.EINVAL
}
xattrs, err = ref.file.ListXattr(t.Size)
return err
@@ -1012,14 +1012,14 @@ func (t *Tlistxattr) handle(cs *connState) message {
func (t *Tremovexattr) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
if err := ref.safelyWrite(func() error {
// Don't allow removexattr on files that have been deleted.
if ref.isDeleted() {
- return syscall.EINVAL
+ return unix.EINVAL
}
return ref.file.RemoveXattr(t.Name)
}); err != nil {
@@ -1032,7 +1032,7 @@ func (t *Tremovexattr) handle(cs *connState) message {
func (t *Treaddir) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.Directory)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
@@ -1040,12 +1040,12 @@ func (t *Treaddir) handle(cs *connState) message {
if err := ref.safelyRead(func() (err error) {
// Don't allow reading deleted directories.
if ref.isDeleted() || !ref.mode.IsDir() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Has it been opened yet?
if !ref.opened {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Read the entries.
@@ -1065,14 +1065,14 @@ func (t *Treaddir) handle(cs *connState) message {
func (t *Tfsync) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
if err := ref.safelyRead(func() (err error) {
// Has it been opened yet?
if !ref.opened {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Perform the sync.
@@ -1088,7 +1088,7 @@ func (t *Tfsync) handle(cs *connState) message {
func (t *Tstatfs) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
@@ -1104,7 +1104,7 @@ func (t *Tstatfs) handle(cs *connState) message {
func (t *Tflushf) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
@@ -1121,7 +1121,7 @@ func (t *Tflushf) handle(cs *connState) message {
func walkOne(qids []QID, from File, names []string, getattr bool) ([]QID, File, AttrMask, Attr, error) {
if len(names) > 1 {
// We require exactly zero or one elements.
- return nil, nil, AttrMask{}, Attr{}, syscall.EINVAL
+ return nil, nil, AttrMask{}, Attr{}, unix.EINVAL
}
var (
localQIDs []QID
@@ -1134,7 +1134,7 @@ func walkOne(qids []QID, from File, names []string, getattr bool) ([]QID, File,
case getattr:
localQIDs, sf, valid, attr, err = from.WalkGetAttr(names)
// Can't put fallthrough in the if because Go.
- if err != syscall.ENOSYS {
+ if err != unix.ENOSYS {
break
}
fallthrough
@@ -1159,7 +1159,7 @@ func walkOne(qids []QID, from File, names []string, getattr bool) ([]QID, File,
if len(localQIDs) != 1 {
// Expected a single QID.
sf.Close()
- return nil, nil, AttrMask{}, Attr{}, syscall.EINVAL
+ return nil, nil, AttrMask{}, Attr{}, unix.EINVAL
}
return append(qids, localQIDs...), sf, valid, attr, nil
}
@@ -1181,7 +1181,7 @@ func doWalk(cs *connState, ref *fidRef, names []string, getattr bool) (qids []QI
// Has it been opened already?
err = ref.safelyRead(func() (err error) {
if ref.opened {
- return syscall.EBUSY
+ return unix.EBUSY
}
return nil
})
@@ -1237,7 +1237,7 @@ func doWalk(cs *connState, ref *fidRef, names []string, getattr bool) (qids []QI
// a proper directory and we have additional paths to walk.
if !walkRef.mode.IsDir() {
walkRef.DecRef() // Drop walk reference; no lock required.
- return nil, nil, AttrMask{}, Attr{}, syscall.EINVAL
+ return nil, nil, AttrMask{}, Attr{}, unix.EINVAL
}
var sf File // Temporary.
@@ -1283,7 +1283,7 @@ func doWalk(cs *connState, ref *fidRef, names []string, getattr bool) (qids []QI
func (t *Twalk) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
@@ -1303,7 +1303,7 @@ func (t *Twalk) handle(cs *connState) message {
func (t *Twalkgetattr) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
@@ -1359,7 +1359,7 @@ func (t *Tumknod) handle(cs *connState) message {
func (t *Tlconnect) handle(cs *connState) message {
ref, ok := cs.LookupFID(t.FID)
if !ok {
- return newErr(syscall.EBADF)
+ return newErr(unix.EBADF)
}
defer ref.DecRef()
@@ -1367,7 +1367,7 @@ func (t *Tlconnect) handle(cs *connState) message {
if err := ref.safelyRead(func() (err error) {
// Don't allow connecting to deleted files.
if ref.isDeleted() || !ref.mode.IsSocket() {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Do the connect.
@@ -1391,7 +1391,7 @@ func (t *Tchannel) handle(cs *connState) message {
ch := cs.lookupChannel(t.ID)
if ch == nil {
- return newErr(syscall.ENOSYS)
+ return newErr(unix.ENOSYS)
}
// Return the payload. Note that we need to duplicate the file
@@ -1405,19 +1405,19 @@ func (t *Tchannel) handle(cs *connState) message {
switch t.Control {
case 0:
// Open the main data channel.
- mfd, err := syscall.Dup(int(cs.channelAlloc.FD()))
+ mfd, err := unix.Dup(int(cs.channelAlloc.FD()))
if err != nil {
return newErr(err)
}
rchannel.SetFilePayload(fd.New(mfd))
case 1:
- cfd, err := syscall.Dup(ch.client.FD())
+ cfd, err := unix.Dup(ch.client.FD())
if err != nil {
return newErr(err)
}
rchannel.SetFilePayload(fd.New(cfd))
default:
- return newErr(syscall.EINVAL)
+ return newErr(unix.EINVAL)
}
return rchannel
}
diff --git a/pkg/p9/server.go b/pkg/p9/server.go
index 290d5b9ce..ff1172ed6 100644
--- a/pkg/p9/server.go
+++ b/pkg/p9/server.go
@@ -18,8 +18,8 @@ import (
"io"
"runtime/debug"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/fdchannel"
"gvisor.dev/gvisor/pkg/flipcall"
@@ -483,7 +483,7 @@ func (cs *connState) lookupChannel(id uint32) *channel {
func (cs *connState) handle(m message) (r message) {
if !cs.reqGate.Enter() {
// connState.stop() has been called; the connection is shutting down.
- r = newErr(syscall.ECONNRESET)
+ r = newErr(unix.ECONNRESET)
return
}
defer func() {
@@ -498,7 +498,7 @@ func (cs *connState) handle(m message) (r message) {
// Wrap in an EFAULT error; we don't really have a
// better way to describe this kind of error. It will
// usually manifest as a result of the test framework.
- r = newErr(syscall.EFAULT)
+ r = newErr(unix.EFAULT)
}
}()
if handler, ok := m.(handler); ok {
@@ -506,7 +506,7 @@ func (cs *connState) handle(m message) (r message) {
r = handler.handle(cs)
} else {
// Produce an ENOSYS error.
- r = newErr(syscall.ENOSYS)
+ r = newErr(unix.ENOSYS)
}
return
}
diff --git a/pkg/p9/transport.go b/pkg/p9/transport.go
index 02e665345..add607b9d 100644
--- a/pkg/p9/transport.go
+++ b/pkg/p9/transport.go
@@ -19,8 +19,8 @@ import (
"fmt"
"io"
"io/ioutil"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/sync"
@@ -187,7 +187,7 @@ func recv(s *unet.Socket, msize uint32, lookup lookupTagAndType) (Tag, message,
// fds are caught and used is handled below,
// and the fds variable will be set to nil.
for _, fd := range fds {
- syscall.Close(fd)
+ unix.Close(fd)
}
}()
r.EnableFDs(0)
@@ -323,7 +323,7 @@ func recv(s *unet.Socket, msize uint32, lookup lookupTagAndType) (Tag, message,
// Close the rest. We support only one.
for i := 1; i < len(fds); i++ {
- syscall.Close(fds[i])
+ unix.Close(fds[i])
}
// Don't close in the defer.
diff --git a/pkg/p9/transport_flipcall.go b/pkg/p9/transport_flipcall.go
index 38038abdf..802254a90 100644
--- a/pkg/p9/transport_flipcall.go
+++ b/pkg/p9/transport_flipcall.go
@@ -16,8 +16,8 @@ package p9
import (
"runtime"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/fdchannel"
"gvisor.dev/gvisor/pkg/flipcall"
@@ -236,7 +236,7 @@ func (ch *channel) recv(r message, rsz uint32) (message, error) {
// Convert errors appropriately; see above.
if rlerr, ok := r.(*Rlerror); ok {
- return r, syscall.Errno(rlerr.Error)
+ return r, unix.Errno(rlerr.Error)
}
return r, nil
diff --git a/pkg/safecopy/safecopy.go b/pkg/safecopy/safecopy.go
index 2fb7e5809..1e0af5889 100644
--- a/pkg/safecopy/safecopy.go
+++ b/pkg/safecopy/safecopy.go
@@ -20,8 +20,8 @@ import (
"fmt"
"reflect"
"runtime"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/syserror"
)
@@ -127,16 +127,16 @@ func initializeAddresses() {
func init() {
initializeAddresses()
- if err := ReplaceSignalHandler(syscall.SIGSEGV, reflect.ValueOf(signalHandler).Pointer(), &savedSigSegVHandler); err != nil {
+ if err := ReplaceSignalHandler(unix.SIGSEGV, reflect.ValueOf(signalHandler).Pointer(), &savedSigSegVHandler); err != nil {
panic(fmt.Sprintf("Unable to set handler for SIGSEGV: %v", err))
}
- if err := ReplaceSignalHandler(syscall.SIGBUS, reflect.ValueOf(signalHandler).Pointer(), &savedSigBusHandler); err != nil {
+ if err := ReplaceSignalHandler(unix.SIGBUS, reflect.ValueOf(signalHandler).Pointer(), &savedSigBusHandler); err != nil {
panic(fmt.Sprintf("Unable to set handler for SIGBUS: %v", err))
}
- syserror.AddErrorUnwrapper(func(e error) (syscall.Errno, bool) {
+ syserror.AddErrorUnwrapper(func(e error) (unix.Errno, bool) {
switch e.(type) {
case SegvError, BusError, AlignmentError:
- return syscall.EFAULT, true
+ return unix.EFAULT, true
default:
return 0, false
}
diff --git a/pkg/safecopy/safecopy_unsafe.go b/pkg/safecopy/safecopy_unsafe.go
index 41dd567f3..a075cf88e 100644
--- a/pkg/safecopy/safecopy_unsafe.go
+++ b/pkg/safecopy/safecopy_unsafe.go
@@ -17,8 +17,9 @@ package safecopy
import (
"fmt"
"runtime"
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
// maxRegisterSize is the maximum register size used in memcpy and memclr. It
@@ -310,9 +311,9 @@ func errorFromFaultSignal(addr uintptr, sig int32) error {
switch sig {
case 0:
return nil
- case int32(syscall.SIGSEGV):
+ case int32(unix.SIGSEGV):
return SegvError{addr}
- case int32(syscall.SIGBUS):
+ case int32(unix.SIGBUS):
return BusError{addr}
default:
panic(fmt.Sprintf("safecopy got unexpected signal %d at address %#x", sig, addr))
@@ -328,7 +329,7 @@ func errorFromFaultSignal(addr uintptr, sig int32) error {
// handlers for appropriate signals. These handlers will call the previous
// handler however, and if this is function is being used externally then the
// same courtesy is expected.
-func ReplaceSignalHandler(sig syscall.Signal, handler uintptr, previous *uintptr) error {
+func ReplaceSignalHandler(sig unix.Signal, handler uintptr, previous *uintptr) error {
var sa struct {
handler uintptr
flags uint64
@@ -340,7 +341,7 @@ func ReplaceSignalHandler(sig syscall.Signal, handler uintptr, previous *uintptr
// Get the existing signal handler information, and save the current
// handler. Once we replace it, we will use this pointer to fall back to
// it when we receive other signals.
- if _, _, e := syscall.RawSyscall6(syscall.SYS_RT_SIGACTION, uintptr(sig), 0, uintptr(unsafe.Pointer(&sa)), maskLen, 0, 0); e != 0 {
+ if _, _, e := unix.RawSyscall6(unix.SYS_RT_SIGACTION, uintptr(sig), 0, uintptr(unsafe.Pointer(&sa)), maskLen, 0, 0); e != 0 {
return e
}
@@ -353,7 +354,7 @@ func ReplaceSignalHandler(sig syscall.Signal, handler uintptr, previous *uintptr
// Install our own handler.
sa.handler = handler
- if _, _, e := syscall.RawSyscall6(syscall.SYS_RT_SIGACTION, uintptr(sig), uintptr(unsafe.Pointer(&sa)), 0, maskLen, 0, 0); e != 0 {
+ if _, _, e := unix.RawSyscall6(unix.SYS_RT_SIGACTION, uintptr(sig), uintptr(unsafe.Pointer(&sa)), 0, maskLen, 0, 0); e != 0 {
return e
}
diff --git a/pkg/safemem/seq_unsafe.go b/pkg/safemem/seq_unsafe.go
index b315b0e5a..bbf8740a5 100644
--- a/pkg/safemem/seq_unsafe.go
+++ b/pkg/safemem/seq_unsafe.go
@@ -17,9 +17,9 @@ package safemem
import (
"bytes"
"fmt"
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/gohacks"
)
@@ -304,12 +304,12 @@ func ZeroSeq(dsts BlockSeq) (uint64, error) {
return done, nil
}
-// IovecsFromBlockSeq returns a []syscall.Iovec representing seq.
-func IovecsFromBlockSeq(bs BlockSeq) []syscall.Iovec {
- iovs := make([]syscall.Iovec, 0, bs.NumBlocks())
+// IovecsFromBlockSeq returns a []unix.Iovec representing seq.
+func IovecsFromBlockSeq(bs BlockSeq) []unix.Iovec {
+ iovs := make([]unix.Iovec, 0, bs.NumBlocks())
for ; !bs.IsEmpty(); bs = bs.Tail() {
b := bs.Head()
- iovs = append(iovs, syscall.Iovec{
+ iovs = append(iovs, unix.Iovec{
Base: &b.ToSlice()[0],
Len: uint64(b.Len()),
})
diff --git a/pkg/seccomp/seccomp_unsafe.go b/pkg/seccomp/seccomp_unsafe.go
index f7e986589..7202591df 100644
--- a/pkg/seccomp/seccomp_unsafe.go
+++ b/pkg/seccomp/seccomp_unsafe.go
@@ -15,9 +15,9 @@
package seccomp
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
@@ -26,9 +26,9 @@ import (
// This is safe to call from an afterFork context.
//
//go:nosplit
-func SetFilter(instrs []linux.BPFInstruction) syscall.Errno {
+func SetFilter(instrs []linux.BPFInstruction) unix.Errno {
// PR_SET_NO_NEW_PRIVS is required in order to enable seccomp. See seccomp(2) for details.
- if _, _, errno := syscall.RawSyscall6(syscall.SYS_PRCTL, linux.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0, 0); errno != 0 {
+ if _, _, errno := unix.RawSyscall6(unix.SYS_PRCTL, linux.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0, 0); errno != 0 {
return errno
}
@@ -44,7 +44,7 @@ func isKillProcessAvailable() (bool, error) {
if errno := seccomp(linux.SECCOMP_GET_ACTION_AVAIL, 0, unsafe.Pointer(&action)); errno != 0 {
// EINVAL: SECCOMP_GET_ACTION_AVAIL not in this kernel yet.
// EOPNOTSUPP: SECCOMP_RET_KILL_PROCESS not supported.
- if errno == syscall.EINVAL || errno == syscall.EOPNOTSUPP {
+ if errno == unix.EINVAL || errno == unix.EOPNOTSUPP {
return false, nil
}
return false, errno
@@ -55,8 +55,8 @@ func isKillProcessAvailable() (bool, error) {
// seccomp calls seccomp(2). This is safe to call from an afterFork context.
//
//go:nosplit
-func seccomp(op, flags uint32, ptr unsafe.Pointer) syscall.Errno {
- if _, _, errno := syscall.RawSyscall(SYS_SECCOMP, uintptr(op), uintptr(flags), uintptr(ptr)); errno != 0 {
+func seccomp(op, flags uint32, ptr unsafe.Pointer) unix.Errno {
+ if _, _, errno := unix.RawSyscall(SYS_SECCOMP, uintptr(op), uintptr(flags), uintptr(ptr)); errno != 0 {
return errno
}
return 0
diff --git a/pkg/sentry/arch/arch_amd64.go b/pkg/sentry/arch/arch_amd64.go
index c7d3a206d..15d8ddb40 100644
--- a/pkg/sentry/arch/arch_amd64.go
+++ b/pkg/sentry/arch/arch_amd64.go
@@ -20,8 +20,8 @@ import (
"bytes"
"fmt"
"math/rand"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/cpuid"
"gvisor.dev/gvisor/pkg/marshal"
"gvisor.dev/gvisor/pkg/marshal/primitive"
@@ -210,7 +210,7 @@ func mmapRand(max uint64) usermem.Addr {
func (c *context64) NewMmapLayout(min, max usermem.Addr, r *limits.LimitSet) (MmapLayout, error) {
min, ok := min.RoundUp()
if !ok {
- return MmapLayout{}, syscall.EINVAL
+ return MmapLayout{}, unix.EINVAL
}
if max > maxAddr64 {
max = maxAddr64
@@ -218,7 +218,7 @@ func (c *context64) NewMmapLayout(min, max usermem.Addr, r *limits.LimitSet) (Mm
max = max.RoundDown()
if min > max {
- return MmapLayout{}, syscall.EINVAL
+ return MmapLayout{}, unix.EINVAL
}
stackSize := r.Get(limits.Stack)
@@ -297,7 +297,7 @@ const userStructSize = 928
// PtracePeekUser implements Context.PtracePeekUser.
func (c *context64) PtracePeekUser(addr uintptr) (marshal.Marshallable, error) {
if addr&7 != 0 || addr >= userStructSize {
- return nil, syscall.EIO
+ return nil, unix.EIO
}
// PTRACE_PEEKUSER and PTRACE_POKEUSER are only effective on regs and
// u_debugreg, returning 0 or silently no-oping for other fields
@@ -315,7 +315,7 @@ func (c *context64) PtracePeekUser(addr uintptr) (marshal.Marshallable, error) {
// PtracePokeUser implements Context.PtracePokeUser.
func (c *context64) PtracePokeUser(addr, data uintptr) error {
if addr&7 != 0 || addr >= userStructSize {
- return syscall.EIO
+ return unix.EIO
}
if addr < uintptr(ptraceRegistersSize) {
regs := c.ptraceGetRegs()
diff --git a/pkg/sentry/arch/arch_arm64.go b/pkg/sentry/arch/arch_arm64.go
index 680d23a9f..0c61a3ff7 100644
--- a/pkg/sentry/arch/arch_arm64.go
+++ b/pkg/sentry/arch/arch_arm64.go
@@ -19,8 +19,8 @@ package arch
import (
"fmt"
"math/rand"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/cpuid"
"gvisor.dev/gvisor/pkg/marshal"
"gvisor.dev/gvisor/pkg/marshal/primitive"
@@ -194,7 +194,7 @@ func mmapRand(max uint64) usermem.Addr {
func (c *context64) NewMmapLayout(min, max usermem.Addr, r *limits.LimitSet) (MmapLayout, error) {
min, ok := min.RoundUp()
if !ok {
- return MmapLayout{}, syscall.EINVAL
+ return MmapLayout{}, unix.EINVAL
}
if max > maxAddr64 {
max = maxAddr64
@@ -202,7 +202,7 @@ func (c *context64) NewMmapLayout(min, max usermem.Addr, r *limits.LimitSet) (Mm
max = max.RoundDown()
if min > max {
- return MmapLayout{}, syscall.EINVAL
+ return MmapLayout{}, unix.EINVAL
}
stackSize := r.Get(limits.Stack)
diff --git a/pkg/sentry/arch/arch_x86.go b/pkg/sentry/arch/arch_x86.go
index b9405b320..641ada92f 100644
--- a/pkg/sentry/arch/arch_x86.go
+++ b/pkg/sentry/arch/arch_x86.go
@@ -19,8 +19,8 @@ package arch
import (
"fmt"
"io"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/cpuid"
"gvisor.dev/gvisor/pkg/log"
@@ -334,28 +334,28 @@ func (s *State) PtraceSetRegs(src io.Reader) (int, error) {
regs.Ss = uint64(uint16(regs.Ss))
// In Linux this validation is via arch/x86/kernel/ptrace.c:putreg().
if !isUserSegmentSelector(regs.Cs) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
if regs.Ds != 0 && !isUserSegmentSelector(regs.Ds) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
if regs.Es != 0 && !isUserSegmentSelector(regs.Es) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
if regs.Fs != 0 && !isUserSegmentSelector(regs.Fs) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
if regs.Gs != 0 && !isUserSegmentSelector(regs.Gs) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
if !isUserSegmentSelector(regs.Ss) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
if !isValidSegmentBase(regs.Fs_base) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
if !isValidSegmentBase(regs.Gs_base) {
- return 0, syscall.EIO
+ return 0, unix.EIO
}
// CS and SS are validated, but changes to them are otherwise silently
// ignored on amd64.
@@ -512,7 +512,7 @@ func (s *State) ptraceSetXstateRegs(src io.Reader, maxlen int) (int, error) {
// permits setting a register set smaller than minXstateBytes, but it has
// the same silent truncation behavior in kernel/ptrace.c:ptrace_regset().)
if maxlen < minXstateBytes {
- return 0, syscall.EFAULT
+ return 0, unix.EFAULT
}
ess, _ := s.FeatureSet.ExtendedStateSize()
if maxlen > int(ess) {
diff --git a/pkg/sentry/arch/signal_amd64.go b/pkg/sentry/arch/signal_amd64.go
index 72e07a988..e6557cab6 100644
--- a/pkg/sentry/arch/signal_amd64.go
+++ b/pkg/sentry/arch/signal_amd64.go
@@ -18,8 +18,8 @@ package arch
import (
"math"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/marshal/primitive"
@@ -187,7 +187,7 @@ func (c *context64) SignalSetup(st *Stack, act *SignalAct, info *SignalInfo, alt
// for the signal stack. This is not allowed, and should immediately
// force signal delivery (reverting to the default handler).
if act.IsOnStack() && alt.IsEnabled() && !alt.Contains(frameBottom) {
- return syscall.EFAULT
+ return unix.EFAULT
}
// Adjust the code.
@@ -210,7 +210,7 @@ func (c *context64) SignalSetup(st *Stack, act *SignalAct, info *SignalInfo, alt
}
} else {
// amd64 requires a restorer.
- return syscall.EFAULT
+ return unix.EFAULT
}
// Set up registers.
diff --git a/pkg/sentry/arch/signal_arm64.go b/pkg/sentry/arch/signal_arm64.go
index 71596130d..4491008c2 100644
--- a/pkg/sentry/arch/signal_arm64.go
+++ b/pkg/sentry/arch/signal_arm64.go
@@ -17,8 +17,7 @@
package arch
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/usermem"
@@ -115,7 +114,7 @@ func (c *context64) SignalSetup(st *Stack, act *SignalAct, info *SignalInfo, alt
// for the signal stack. This is not allowed, and should immediately
// force signal delivery (reverting to the default handler).
if act.IsOnStack() && alt.IsEnabled() && !alt.Contains(frameBottom) {
- return syscall.EFAULT
+ return unix.EFAULT
}
// Adjust the code.
diff --git a/pkg/sentry/fs/attr.go b/pkg/sentry/fs/attr.go
index f60bd423d..b90f7c1be 100644
--- a/pkg/sentry/fs/attr.go
+++ b/pkg/sentry/fs/attr.go
@@ -17,8 +17,8 @@ package fs
import (
"fmt"
"os"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/p9"
@@ -355,17 +355,17 @@ func (p PermMask) String() string {
return fmt.Sprintf("PermMask{Read: %v, Write: %v, Execute: %v}", p.Read, p.Write, p.Execute)
}
-// Mode returns the system mode (syscall.S_IXOTH, etc.) for these permissions
+// Mode returns the system mode (unix.S_IXOTH, etc.) for these permissions
// in the "other" bits.
func (p PermMask) Mode() (mode os.FileMode) {
if p.Read {
- mode |= syscall.S_IROTH
+ mode |= unix.S_IROTH
}
if p.Write {
- mode |= syscall.S_IWOTH
+ mode |= unix.S_IWOTH
}
if p.Execute {
- mode |= syscall.S_IXOTH
+ mode |= unix.S_IXOTH
}
return
}
diff --git a/pkg/sentry/fs/dirent.go b/pkg/sentry/fs/dirent.go
index 00c526b03..9d5d40954 100644
--- a/pkg/sentry/fs/dirent.go
+++ b/pkg/sentry/fs/dirent.go
@@ -18,8 +18,8 @@ import (
"fmt"
"path"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/refs"
@@ -418,7 +418,7 @@ func (d *Dirent) descendantOf(p *Dirent) bool {
// * name must must not contain "/"s.
func (d *Dirent) walk(ctx context.Context, root *Dirent, name string, walkMayUnlock bool) (*Dirent, error) {
if !IsDir(d.Inode.StableAttr) {
- return nil, syscall.ENOTDIR
+ return nil, unix.ENOTDIR
}
if name == "" || name == "." {
@@ -452,7 +452,7 @@ func (d *Dirent) walk(ctx context.Context, root *Dirent, name string, walkMayUnl
// hard reference on them, and they contain virtually no state). But this is
// good house-keeping.
child.DecRef(ctx)
- return nil, syscall.ENOENT
+ return nil, unix.ENOENT
}
// Do we need to revalidate this child?
@@ -518,7 +518,7 @@ func (d *Dirent) walk(ctx context.Context, root *Dirent, name string, walkMayUnl
if cd.IsNegative() {
// If so, don't leak a reference and short circuit.
child.DecRef(ctx)
- return nil, syscall.ENOENT
+ return nil, unix.ENOENT
}
// We make the judgement call that if c raced with cd they are close enough to have
@@ -545,7 +545,7 @@ func (d *Dirent) walk(ctx context.Context, root *Dirent, name string, walkMayUnl
if c.IsNegative() {
// Don't drop a reference on the negative Dirent, it was just installed and this is the
// only reference we'll ever get. d owns the reference.
- return nil, syscall.ENOENT
+ return nil, unix.ENOENT
}
// Return the positive Dirent.
@@ -611,7 +611,7 @@ func (d *Dirent) Create(ctx context.Context, root *Dirent, name string, flags Fi
// Does something already exist?
if d.exists(ctx, root, name) {
- return nil, syscall.EEXIST
+ return nil, unix.EEXIST
}
// Try the create. We need to trust the file system to return EEXIST (or something
@@ -674,7 +674,7 @@ func (d *Dirent) genericCreate(ctx context.Context, root *Dirent, name string, c
// Does something already exist?
if d.exists(ctx, root, name) {
- return syscall.EEXIST
+ return unix.EEXIST
}
// Remove any negative Dirent. We've already asserted above with d.exists
@@ -718,12 +718,12 @@ func (d *Dirent) CreateLink(ctx context.Context, root *Dirent, oldname, newname
func (d *Dirent) CreateHardLink(ctx context.Context, root *Dirent, target *Dirent, name string) error {
// Make sure that target does not span filesystems.
if d.Inode.MountSource != target.Inode.MountSource {
- return syscall.EXDEV
+ return unix.EXDEV
}
// Directories are never linkable. See fs/namei.c:vfs_link.
if IsDir(target.Inode.StableAttr) {
- return syscall.EPERM
+ return unix.EPERM
}
return d.genericCreate(ctx, root, name, func() error {
@@ -759,8 +759,8 @@ func (d *Dirent) Bind(ctx context.Context, root *Dirent, name string, data trans
d.finishCreate(ctx, childDir, name)
return nil
})
- if err == syscall.EEXIST {
- return nil, syscall.EADDRINUSE
+ if err == unix.EEXIST {
+ return nil, unix.EADDRINUSE
}
if err != nil {
return nil, err
@@ -1033,14 +1033,14 @@ func (d *Dirent) Remove(ctx context.Context, root *Dirent, name string, dirPath
// Remove cannot remove directories.
if IsDir(child.Inode.StableAttr) {
- return syscall.EISDIR
+ return unix.EISDIR
} else if dirPath {
- return syscall.ENOTDIR
+ return unix.ENOTDIR
}
// Remove cannot remove a mount point.
if child.isMountPoint() {
- return syscall.EBUSY
+ return unix.EBUSY
}
// Try to remove name on the file system.
@@ -1087,11 +1087,11 @@ func (d *Dirent) RemoveDirectory(ctx context.Context, root *Dirent, name string)
// Check for dots.
if name == "." {
// Rejected as the last component by rmdir(2).
- return syscall.EINVAL
+ return unix.EINVAL
}
if name == ".." {
// If d was found, then its parent is not empty.
- return syscall.ENOTEMPTY
+ return unix.ENOTEMPTY
}
// Try to walk to the node.
@@ -1104,12 +1104,12 @@ func (d *Dirent) RemoveDirectory(ctx context.Context, root *Dirent, name string)
// RemoveDirectory can only remove directories.
if !IsDir(child.Inode.StableAttr) {
- return syscall.ENOTDIR
+ return unix.ENOTDIR
}
// Remove cannot remove a mount point.
if child.isMountPoint() {
- return syscall.EBUSY
+ return unix.EBUSY
}
// Try to remove name on the file system.
@@ -1294,7 +1294,7 @@ func lockForRename(oldParent *Dirent, oldName string, newParent *Dirent, newName
// more specifically of oldParent/oldName. That is, we're
// trying to rename something into a subdirectory of
// itself.
- err = syscall.EINVAL
+ err = unix.EINVAL
}
return func() {
newParent.mu.Unlock()
@@ -1420,12 +1420,12 @@ func Rename(ctx context.Context, root *Dirent, oldParent *Dirent, oldName string
// Check that the renamed dirent is not a mount point.
if renamed.isMountPointLocked() {
- return syscall.EBUSY
+ return unix.EBUSY
}
// Source should not be an ancestor of the target.
if newParent.descendantOf(renamed) {
- return syscall.EINVAL
+ return unix.EINVAL
}
// Per rename(2): "... EACCES: ... or oldpath is a directory and does not
@@ -1465,13 +1465,13 @@ func Rename(ctx context.Context, root *Dirent, oldParent *Dirent, oldName string
// ancestor of target, but ENOTEMPTY if the target is
// an ancestor of source (unless RENAME_EXCHANGE flag
// is present). See fs/namei.c:renameat2.
- return syscall.ENOTEMPTY
+ return unix.ENOTEMPTY
}
// Check that replaced is not a mount point.
if replaced.isMountPointLocked() {
replaced.DecRef(ctx)
- return syscall.EBUSY
+ return unix.EBUSY
}
// Require that a directory is replaced by a directory.
@@ -1479,11 +1479,11 @@ func Rename(ctx context.Context, root *Dirent, oldParent *Dirent, oldName string
newIsDir := IsDir(replaced.Inode.StableAttr)
if !newIsDir && oldIsDir {
replaced.DecRef(ctx)
- return syscall.ENOTDIR
+ return unix.ENOTDIR
}
if !oldIsDir && newIsDir {
replaced.DecRef(ctx)
- return syscall.EISDIR
+ return unix.EISDIR
}
// Allow the file system to drop extra references on replaced.
diff --git a/pkg/sentry/fs/fdpipe/pipe.go b/pkg/sentry/fs/fdpipe/pipe.go
index b99199798..757b7d511 100644
--- a/pkg/sentry/fs/fdpipe/pipe.go
+++ b/pkg/sentry/fs/fdpipe/pipe.go
@@ -17,8 +17,8 @@ package fdpipe
import (
"os"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -82,16 +82,16 @@ func newPipeOperations(ctx context.Context, opener NonBlockingOpener, flags fs.F
// init initializes p.file.
func (p *pipeOperations) init() error {
- var s syscall.Stat_t
- if err := syscall.Fstat(p.file.FD(), &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(p.file.FD(), &s); err != nil {
log.Warningf("pipe: cannot stat fd %d: %v", p.file.FD(), err)
- return syscall.EINVAL
+ return unix.EINVAL
}
- if (s.Mode & syscall.S_IFMT) != syscall.S_IFIFO {
+ if (s.Mode & unix.S_IFMT) != unix.S_IFIFO {
log.Warningf("pipe: cannot load fd %d as pipe, file type: %o", p.file.FD(), s.Mode)
- return syscall.EINVAL
+ return unix.EINVAL
}
- if err := syscall.SetNonblock(p.file.FD(), true); err != nil {
+ if err := unix.SetNonblock(p.file.FD(), true); err != nil {
return err
}
return fdnotifier.AddFD(int32(p.file.FD()), &p.Queue)
diff --git a/pkg/sentry/fs/fdpipe/pipe_opener.go b/pkg/sentry/fs/fdpipe/pipe_opener.go
index 0c3595998..adda19168 100644
--- a/pkg/sentry/fs/fdpipe/pipe_opener.go
+++ b/pkg/sentry/fs/fdpipe/pipe_opener.go
@@ -17,9 +17,9 @@ package fdpipe
import (
"io"
"os"
- "syscall"
"time"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -96,7 +96,7 @@ func (p *pipeOpenState) TryOpen(ctx context.Context, opener NonBlockingOpener, f
switch {
// Reject invalid configurations so they don't accidentally succeed below.
case !flags.Read && !flags.Write:
- return nil, syscall.EINVAL
+ return nil, unix.EINVAL
// Handle opening RDWR or with O_NONBLOCK: will never block, so try only once.
case (flags.Read && flags.Write) || flags.NonBlocking:
@@ -155,7 +155,7 @@ func (p *pipeOpenState) TryOpenReadOnly(ctx context.Context, opener NonBlockingO
// Any error that is not EWOULDBLOCK also means we're not
// ready yet, and probably never will be ready. In this
// case we need to close the host pipe we opened.
- if unwrapError(rerr) != syscall.EWOULDBLOCK {
+ if unwrapError(rerr) != unix.EWOULDBLOCK {
p.hostFile.Close()
return nil, rerr
}
@@ -183,7 +183,7 @@ func (p *pipeOpenState) TryOpenReadOnly(ctx context.Context, opener NonBlockingO
// to an syserror.ErrWouldBlock, to tell callers to retry.
func (*pipeOpenState) TryOpenWriteOnly(ctx context.Context, opener NonBlockingOpener) (*pipeOperations, error) {
hostFile, err := opener.NonBlockingOpen(ctx, fs.PermMask{Write: true})
- if unwrapError(err) == syscall.ENXIO {
+ if unwrapError(err) == unix.ENXIO {
return nil, syserror.ErrWouldBlock
}
if err != nil {
diff --git a/pkg/sentry/fs/fsutil/host_file_mapper.go b/pkg/sentry/fs/fsutil/host_file_mapper.go
index 4468f5dd2..54f7b7cdc 100644
--- a/pkg/sentry/fs/fsutil/host_file_mapper.go
+++ b/pkg/sentry/fs/fsutil/host_file_mapper.go
@@ -16,8 +16,8 @@ package fsutil
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/safemem"
"gvisor.dev/gvisor/pkg/sentry/memmap"
@@ -44,7 +44,7 @@ type HostFileMapper struct {
mapsMu sync.Mutex `state:"nosave"`
// mappings maps chunk start offsets to mappings of those chunks,
- // obtained by calling syscall.Mmap. mappings is protected by
+ // obtained by calling unix.Mmap. mappings is protected by
// mapsMu.
mappings map[uint64]mapping `state:"nosave"`
}
@@ -157,19 +157,19 @@ func (f *HostFileMapper) MapInternal(fr memmap.FileRange, fd int, write bool) (s
// Preconditions: f.mapsMu must be locked.
func (f *HostFileMapper) forEachMappingBlockLocked(fr memmap.FileRange, fd int, write bool, fn func(safemem.Block)) error {
- prot := syscall.PROT_READ
+ prot := unix.PROT_READ
if write {
- prot |= syscall.PROT_WRITE
+ prot |= unix.PROT_WRITE
}
for chunkStart := fr.Start &^ chunkMask; chunkStart < fr.End; chunkStart += chunkSize {
m, ok := f.mappings[chunkStart]
if !ok {
- addr, _, errno := syscall.Syscall6(
- syscall.SYS_MMAP,
+ addr, _, errno := unix.Syscall6(
+ unix.SYS_MMAP,
0,
chunkSize,
uintptr(prot),
- syscall.MAP_SHARED,
+ unix.MAP_SHARED,
uintptr(fd),
uintptr(chunkStart))
if errno != 0 {
@@ -178,12 +178,12 @@ func (f *HostFileMapper) forEachMappingBlockLocked(fr memmap.FileRange, fd int,
m = mapping{addr, write}
f.mappings[chunkStart] = m
} else if write && !m.writable {
- addr, _, errno := syscall.Syscall6(
- syscall.SYS_MMAP,
+ addr, _, errno := unix.Syscall6(
+ unix.SYS_MMAP,
m.addr,
chunkSize,
uintptr(prot),
- syscall.MAP_SHARED|syscall.MAP_FIXED,
+ unix.MAP_SHARED|unix.MAP_FIXED,
uintptr(fd),
uintptr(chunkStart))
if errno != 0 {
@@ -219,7 +219,7 @@ func (f *HostFileMapper) UnmapAll() {
// * f.mapsMu must be locked.
// * f.mappings[chunkStart] == m.
func (f *HostFileMapper) unmapAndRemoveLocked(chunkStart uint64, m mapping) {
- if _, _, errno := syscall.Syscall(syscall.SYS_MUNMAP, m.addr, chunkSize, 0); errno != 0 {
+ if _, _, errno := unix.Syscall(unix.SYS_MUNMAP, m.addr, chunkSize, 0); errno != 0 {
// This leaks address space and is unexpected, but is otherwise
// harmless, so complain but don't panic.
log.Warningf("HostFileMapper: failed to unmap mapping %#x for chunk %#x: %v", m.addr, chunkStart, errno)
@@ -234,16 +234,16 @@ func (f *HostFileMapper) RegenerateMappings(fd int) error {
defer f.mapsMu.Unlock()
for chunkStart, m := range f.mappings {
- prot := syscall.PROT_READ
+ prot := unix.PROT_READ
if m.writable {
- prot |= syscall.PROT_WRITE
+ prot |= unix.PROT_WRITE
}
- _, _, errno := syscall.Syscall6(
- syscall.SYS_MMAP,
+ _, _, errno := unix.Syscall6(
+ unix.SYS_MMAP,
m.addr,
chunkSize,
uintptr(prot),
- syscall.MAP_SHARED|syscall.MAP_FIXED,
+ unix.MAP_SHARED|unix.MAP_FIXED,
uintptr(fd),
uintptr(chunkStart))
if errno != 0 {
diff --git a/pkg/sentry/fs/gofer/attr.go b/pkg/sentry/fs/gofer/attr.go
index e5579095b..cffc756cc 100644
--- a/pkg/sentry/fs/gofer/attr.go
+++ b/pkg/sentry/fs/gofer/attr.go
@@ -15,8 +15,7 @@
package gofer
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/p9"
"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -36,7 +35,7 @@ func getattr(ctx context.Context, file contextFile) (p9.QID, p9.AttrMask, p9.Att
// Require mode, size, and raw device id.
if !valid.Mode || !valid.Size || !valid.RDev {
- return qid, valid, attr, syscall.EIO
+ return qid, valid, attr, unix.EIO
}
return qid, valid, attr, nil
diff --git a/pkg/sentry/fs/gofer/file.go b/pkg/sentry/fs/gofer/file.go
index bb63448cb..06d450ba6 100644
--- a/pkg/sentry/fs/gofer/file.go
+++ b/pkg/sentry/fs/gofer/file.go
@@ -16,9 +16,9 @@ package gofer
import (
"fmt"
- "syscall"
"time"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/p9"
@@ -307,7 +307,7 @@ func (f *fileOperations) Fsync(ctx context.Context, file *fs.File, start, end in
// Sync remote caches.
if f.handles.Host != nil {
// Sync the host fd directly.
- return syscall.Fsync(f.handles.Host.FD())
+ return unix.Fsync(f.handles.Host.FD())
}
// Otherwise sync on the p9.File handle.
return f.handles.File.fsync(ctx)
diff --git a/pkg/sentry/fs/gofer/inode.go b/pkg/sentry/fs/gofer/inode.go
index e840b6f5e..b97635ec4 100644
--- a/pkg/sentry/fs/gofer/inode.go
+++ b/pkg/sentry/fs/gofer/inode.go
@@ -16,8 +16,8 @@ package gofer
import (
"errors"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fd"
@@ -273,7 +273,7 @@ func (i *inodeFileState) recreateReadHandles(ctx context.Context, writer *handle
// operations on the old will see the new data. Then, make the new handle take
// ownereship of the old FD and mark the old readHandle to not close the FD
// when done.
- if err := syscall.Dup3(h.Host.FD(), i.readHandles.Host.FD(), syscall.O_CLOEXEC); err != nil {
+ if err := unix.Dup3(h.Host.FD(), i.readHandles.Host.FD(), unix.O_CLOEXEC); err != nil {
return err
}
@@ -489,7 +489,7 @@ func (i *inodeOperations) GetFile(ctx context.Context, d *fs.Dirent, flags fs.Fi
func (i *inodeOperations) getFileSocket(ctx context.Context, d *fs.Dirent, flags fs.FileFlags) (*fs.File, error) {
f, err := i.fileState.file.connect(ctx, p9.AnonymousSocket)
if err != nil {
- return nil, syscall.EIO
+ return nil, unix.EIO
}
fsf, err := host.NewSocketWithDirent(ctx, d, f, flags)
if err != nil {
@@ -654,7 +654,7 @@ func (i *inodeOperations) WriteOut(ctx context.Context, inode *fs.Inode) error {
// Readlink implements fs.InodeOperations.Readlink.
func (i *inodeOperations) Readlink(ctx context.Context, inode *fs.Inode) (string, error) {
if !fs.IsSymlink(inode.StableAttr) {
- return "", syscall.ENOLINK
+ return "", unix.ENOLINK
}
return i.fileState.file.readlink(ctx)
}
@@ -704,10 +704,10 @@ func (i *inodeOperations) configureMMap(file *fs.File, opts *memmap.MMapOpts) er
}
func init() {
- syserror.AddErrorUnwrapper(func(err error) (syscall.Errno, bool) {
+ syserror.AddErrorUnwrapper(func(err error) (unix.Errno, bool) {
if _, ok := err.(p9.ErrSocket); ok {
// Treat as an I/O error.
- return syscall.EIO, true
+ return unix.EIO, true
}
return 0, false
})
diff --git a/pkg/sentry/fs/gofer/util.go b/pkg/sentry/fs/gofer/util.go
index 47a6c69bf..3cc6a7f7b 100644
--- a/pkg/sentry/fs/gofer/util.go
+++ b/pkg/sentry/fs/gofer/util.go
@@ -15,8 +15,7 @@
package gofer
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/p9"
"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -67,6 +66,6 @@ func openFlagsFromPerms(p fs.PermMask) (p9.OpenFlags, error) {
case p.Read:
return p9.ReadOnly, nil
default:
- return 0, syscall.EINVAL
+ return 0, unix.EINVAL
}
}
diff --git a/pkg/sentry/fs/host/control.go b/pkg/sentry/fs/host/control.go
index 0d8d36afa..e53998be1 100644
--- a/pkg/sentry/fs/host/control.go
+++ b/pkg/sentry/fs/host/control.go
@@ -15,8 +15,7 @@
package host
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/fs"
"gvisor.dev/gvisor/pkg/sentry/socket/control"
@@ -59,7 +58,7 @@ func (c *scmRights) Clone() transport.RightsControlMessage {
// Release implements transport.RightsControlMessage.Release.
func (c *scmRights) Release(ctx context.Context) {
for _, fd := range c.fds {
- syscall.Close(fd)
+ unix.Close(fd)
}
c.fds = nil
}
@@ -71,7 +70,7 @@ func fdsToFiles(ctx context.Context, fds []int) []*fs.File {
for _, fd := range fds {
// Get flags. We do it here because they may be modified
// by subsequent functions.
- fileFlags, _, errno := syscall.Syscall(syscall.SYS_FCNTL, uintptr(fd), syscall.F_GETFL, 0)
+ fileFlags, _, errno := unix.Syscall(unix.SYS_FCNTL, uintptr(fd), unix.F_GETFL, 0)
if errno != 0 {
ctx.Warningf("Error retrieving host FD flags: %v", error(errno))
break
@@ -86,7 +85,7 @@ func fdsToFiles(ctx context.Context, fds []int) []*fs.File {
// Set known flags.
file.SetFlags(fs.SettableFileFlags{
- NonBlocking: fileFlags&syscall.O_NONBLOCK != 0,
+ NonBlocking: fileFlags&unix.O_NONBLOCK != 0,
})
files = append(files, file)
diff --git a/pkg/sentry/fs/host/descriptor.go b/pkg/sentry/fs/host/descriptor.go
index cfdce6a74..5667b94a1 100644
--- a/pkg/sentry/fs/host/descriptor.go
+++ b/pkg/sentry/fs/host/descriptor.go
@@ -16,8 +16,8 @@ package host
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fdnotifier"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/waiter"
@@ -48,14 +48,14 @@ func newDescriptor(fd int, saveable bool, wouldBlock bool, queue *waiter.Queue)
origFD := -1
if saveable {
var err error
- ownedFD, err = syscall.Dup(fd)
+ ownedFD, err = unix.Dup(fd)
if err != nil {
return nil, err
}
origFD = fd
}
if wouldBlock {
- if err := syscall.SetNonblock(ownedFD, true); err != nil {
+ if err := unix.SetNonblock(ownedFD, true); err != nil {
return nil, err
}
if err := fdnotifier.AddFD(int32(ownedFD), queue); err != nil {
@@ -72,12 +72,12 @@ func newDescriptor(fd int, saveable bool, wouldBlock bool, queue *waiter.Queue)
// initAfterLoad initializes the value of the descriptor after Load.
func (d *descriptor) initAfterLoad(id uint64, queue *waiter.Queue) error {
var err error
- d.value, err = syscall.Dup(d.origFD)
+ d.value, err = unix.Dup(d.origFD)
if err != nil {
return fmt.Errorf("failed to dup restored fd %d: %v", d.origFD, err)
}
if d.wouldBlock {
- if err := syscall.SetNonblock(d.value, true); err != nil {
+ if err := unix.SetNonblock(d.value, true); err != nil {
return err
}
if err := fdnotifier.AddFD(int32(d.value), queue); err != nil {
@@ -92,7 +92,7 @@ func (d *descriptor) Release() {
if d.wouldBlock {
fdnotifier.RemoveFD(int32(d.value))
}
- if err := syscall.Close(d.value); err != nil {
+ if err := unix.Close(d.value); err != nil {
log.Warningf("error closing fd %d: %v", d.value, err)
}
d.value = -1
diff --git a/pkg/sentry/fs/host/file.go b/pkg/sentry/fs/host/file.go
index fd4e057d8..07bd078b7 100644
--- a/pkg/sentry/fs/host/file.go
+++ b/pkg/sentry/fs/host/file.go
@@ -16,8 +16,8 @@ package host
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -78,16 +78,16 @@ func ImportFile(ctx context.Context, fd int, isTTY bool) (*fs.File, error) {
// newFileFromDonatedFD returns an fs.File from a donated FD. If the FD is
// saveable, then saveable is true.
func newFileFromDonatedFD(ctx context.Context, donated int, saveable, isTTY bool) (*fs.File, error) {
- var s syscall.Stat_t
- if err := syscall.Fstat(donated, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(donated, &s); err != nil {
return nil, err
}
flags, err := fileFlagsFromDonatedFD(donated)
if err != nil {
return nil, err
}
- switch s.Mode & syscall.S_IFMT {
- case syscall.S_IFSOCK:
+ switch s.Mode & unix.S_IFMT {
+ case unix.S_IFSOCK:
if isTTY {
return nil, fmt.Errorf("cannot import host socket as TTY")
}
@@ -121,19 +121,19 @@ func newFileFromDonatedFD(ctx context.Context, donated int, saveable, isTTY bool
}
func fileFlagsFromDonatedFD(donated int) (fs.FileFlags, error) {
- flags, _, errno := syscall.Syscall(syscall.SYS_FCNTL, uintptr(donated), syscall.F_GETFL, 0)
+ flags, _, errno := unix.Syscall(unix.SYS_FCNTL, uintptr(donated), unix.F_GETFL, 0)
if errno != 0 {
log.Warningf("Failed to get file flags for donated FD %d (errno=%d)", donated, errno)
- return fs.FileFlags{}, syscall.EIO
+ return fs.FileFlags{}, unix.EIO
}
- accmode := flags & syscall.O_ACCMODE
+ accmode := flags & unix.O_ACCMODE
return fs.FileFlags{
- Direct: flags&syscall.O_DIRECT != 0,
- NonBlocking: flags&syscall.O_NONBLOCK != 0,
- Sync: flags&syscall.O_SYNC != 0,
- Append: flags&syscall.O_APPEND != 0,
- Read: accmode == syscall.O_RDONLY || accmode == syscall.O_RDWR,
- Write: accmode == syscall.O_WRONLY || accmode == syscall.O_RDWR,
+ Direct: flags&unix.O_DIRECT != 0,
+ NonBlocking: flags&unix.O_NONBLOCK != 0,
+ Sync: flags&unix.O_SYNC != 0,
+ Append: flags&unix.O_APPEND != 0,
+ Read: accmode == unix.O_RDONLY || accmode == unix.O_RDWR,
+ Write: accmode == unix.O_WRONLY || accmode == unix.O_RDWR,
}, nil
}
@@ -182,7 +182,7 @@ func (f *fileOperations) Readdir(ctx context.Context, file *fs.File, serializer
func (f *fileOperations) IterateDir(ctx context.Context, d *fs.Dirent, dirCtx *fs.DirCtx, offset int) (int, error) {
// We only support non-directory file descriptors that have been
// imported, so just claim that this isn't a directory, even if it is.
- return offset, syscall.ENOTDIR
+ return offset, unix.ENOTDIR
}
// Write implements fs.FileOperations.Write.
@@ -252,7 +252,7 @@ func (f *fileOperations) Fsync(ctx context.Context, file *fs.File, start int64,
}
fallthrough
case fs.SyncBackingStorage:
- return syscall.Fsync(f.iops.fileState.FD())
+ return unix.Fsync(f.iops.fileState.FD())
}
panic("invalid sync type")
}
diff --git a/pkg/sentry/fs/host/inode.go b/pkg/sentry/fs/host/inode.go
index df4b265fa..e299b532c 100644
--- a/pkg/sentry/fs/host/inode.go
+++ b/pkg/sentry/fs/host/inode.go
@@ -15,8 +15,7 @@
package host
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/safemem"
@@ -117,12 +116,12 @@ func (i *inodeFileState) SetMaskedAttributes(ctx context.Context, mask fs.AttrMa
return syserror.EPERM
}
if mask.Perms {
- if err := syscall.Fchmod(i.FD(), uint32(attr.Perms.LinuxMode())); err != nil {
+ if err := unix.Fchmod(i.FD(), uint32(attr.Perms.LinuxMode())); err != nil {
return err
}
}
if mask.Size {
- if err := syscall.Ftruncate(i.FD(), attr.Size); err != nil {
+ if err := unix.Ftruncate(i.FD(), attr.Size); err != nil {
return err
}
}
@@ -142,7 +141,7 @@ func (i *inodeFileState) SetMaskedAttributes(ctx context.Context, mask fs.AttrMa
// Sync implements fsutil.CachedFileObject.Sync.
func (i *inodeFileState) Sync(ctx context.Context) error {
- return syscall.Fsync(i.FD())
+ return unix.Fsync(i.FD())
}
// FD implements fsutil.CachedFileObject.FD.
@@ -151,8 +150,8 @@ func (i *inodeFileState) FD() int {
}
func (i *inodeFileState) unstableAttr(ctx context.Context) (fs.UnstableAttr, error) {
- var s syscall.Stat_t
- if err := syscall.Fstat(i.FD(), &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.FD(), &s); err != nil {
return fs.UnstableAttr{}, err
}
return unstableAttr(&s), nil
@@ -160,7 +159,7 @@ func (i *inodeFileState) unstableAttr(ctx context.Context) (fs.UnstableAttr, err
// Allocate implements fsutil.CachedFileObject.Allocate.
func (i *inodeFileState) Allocate(_ context.Context, offset, length int64) error {
- return syscall.Fallocate(i.FD(), 0, offset, length)
+ return unix.Fallocate(i.FD(), 0, offset, length)
}
// inodeOperations implements fs.InodeOperations.
@@ -169,8 +168,8 @@ var _ fs.InodeOperations = (*inodeOperations)(nil)
// newInode returns a new fs.Inode backed by the host FD.
func newInode(ctx context.Context, msrc *fs.MountSource, fd int, saveable bool) (*fs.Inode, error) {
// Retrieve metadata.
- var s syscall.Stat_t
- err := syscall.Fstat(fd, &s)
+ var s unix.Stat_t
+ err := unix.Fstat(fd, &s)
if err != nil {
return nil, err
}
@@ -324,7 +323,7 @@ func (i *inodeOperations) SetPermissions(ctx context.Context, inode *fs.Inode, f
// Then just change the timestamps on the FD, the host
// will synchronize the metadata update with any host
// inode and page cache.
- return syscall.Fchmod(i.fileState.FD(), uint32(f.LinuxMode())) == nil
+ return unix.Fchmod(i.fileState.FD(), uint32(f.LinuxMode())) == nil
}
// Otherwise update our cached metadata.
return i.cachingInodeOps.SetPermissions(ctx, inode, f)
@@ -350,7 +349,7 @@ func (i *inodeOperations) Truncate(ctx context.Context, inode *fs.Inode, size in
// Then just change the file size on the FD, the host
// will synchronize the metadata update with any host
// inode and page cache.
- return syscall.Ftruncate(i.fileState.FD(), size)
+ return unix.Ftruncate(i.fileState.FD(), size)
}
// Otherwise we need to go through cachingInodeOps, even if the host page
// cache is in use, to invalidate private copies of truncated pages.
diff --git a/pkg/sentry/fs/host/inode_state.go b/pkg/sentry/fs/host/inode_state.go
index 1adbd4562..03531b7e7 100644
--- a/pkg/sentry/fs/host/inode_state.go
+++ b/pkg/sentry/fs/host/inode_state.go
@@ -16,8 +16,8 @@ package host
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/sentry/device"
"gvisor.dev/gvisor/pkg/sentry/fs"
)
@@ -30,8 +30,8 @@ func (i *inodeFileState) afterLoad() {
}
// Remap the inode number.
- var s syscall.Stat_t
- if err := syscall.Fstat(i.FD(), &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.FD(), &s); err != nil {
panic(fs.ErrCorruption{fmt.Errorf("failed to get metadata for fd %d: %v", i.FD(), err)})
}
key := device.MultiDeviceKey{
diff --git a/pkg/sentry/fs/host/ioctl_unsafe.go b/pkg/sentry/fs/host/ioctl_unsafe.go
index 150ac8e19..303ea4d9b 100644
--- a/pkg/sentry/fs/host/ioctl_unsafe.go
+++ b/pkg/sentry/fs/host/ioctl_unsafe.go
@@ -15,9 +15,9 @@
package host
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
@@ -25,7 +25,7 @@ import (
func ioctlGetTermios(fd int) (*linux.Termios, error) {
var t linux.Termios
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t)))
if errno != 0 {
return nil, errno
}
@@ -33,7 +33,7 @@ func ioctlGetTermios(fd int) (*linux.Termios, error) {
}
func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error {
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t)))
if errno != 0 {
return errno
}
@@ -42,7 +42,7 @@ func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error {
func ioctlGetWinsize(fd int) (*linux.Winsize, error) {
var w linux.Winsize
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w)))
if errno != 0 {
return nil, errno
}
@@ -50,7 +50,7 @@ func ioctlGetWinsize(fd int) (*linux.Winsize, error) {
}
func ioctlSetWinsize(fd int, w *linux.Winsize) error {
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w)))
if errno != 0 {
return errno
}
diff --git a/pkg/sentry/fs/host/socket.go b/pkg/sentry/fs/host/socket.go
index 2b58fc52c..f2d96d1ec 100644
--- a/pkg/sentry/fs/host/socket.go
+++ b/pkg/sentry/fs/host/socket.go
@@ -17,8 +17,8 @@ package host
import (
"fmt"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fd"
@@ -75,26 +75,26 @@ type ConnectedEndpoint struct {
// init performs initialization required for creating new ConnectedEndpoints and
// for restoring them.
func (c *ConnectedEndpoint) init() *syserr.Error {
- family, err := syscall.GetsockoptInt(c.file.FD(), syscall.SOL_SOCKET, syscall.SO_DOMAIN)
+ family, err := unix.GetsockoptInt(c.file.FD(), unix.SOL_SOCKET, unix.SO_DOMAIN)
if err != nil {
return syserr.FromError(err)
}
- if family != syscall.AF_UNIX {
+ if family != unix.AF_UNIX {
// We only allow Unix sockets.
return syserr.ErrInvalidEndpointState
}
- stype, err := syscall.GetsockoptInt(c.file.FD(), syscall.SOL_SOCKET, syscall.SO_TYPE)
+ stype, err := unix.GetsockoptInt(c.file.FD(), unix.SOL_SOCKET, unix.SO_TYPE)
if err != nil {
return syserr.FromError(err)
}
- if err := syscall.SetNonblock(c.file.FD(), true); err != nil {
+ if err := unix.SetNonblock(c.file.FD(), true); err != nil {
return syserr.FromError(err)
}
- sndbuf, err := syscall.GetsockoptInt(c.file.FD(), syscall.SOL_SOCKET, syscall.SO_SNDBUF)
+ sndbuf, err := unix.GetsockoptInt(c.file.FD(), unix.SOL_SOCKET, unix.SO_SNDBUF)
if err != nil {
return syserr.FromError(err)
}
@@ -168,7 +168,7 @@ func newSocket(ctx context.Context, orgfd int, saveable bool) (*fs.File, error)
srfd := -1
if saveable {
var err error
- ownedfd, err = syscall.Dup(orgfd)
+ ownedfd, err = unix.Dup(orgfd)
if err != nil {
return nil, err
}
@@ -233,7 +233,7 @@ func (c *ConnectedEndpoint) CloseSend() {
c.mu.Lock()
defer c.mu.Unlock()
- if err := syscall.Shutdown(c.file.FD(), syscall.SHUT_WR); err != nil {
+ if err := unix.Shutdown(c.file.FD(), unix.SHUT_WR); err != nil {
// A well-formed UDS shutdown can't fail. See
// net/unix/af_unix.c:unix_shutdown.
panic(fmt.Sprintf("failed write shutdown on host socket %+v: %v", c, err))
@@ -333,7 +333,7 @@ func (c *ConnectedEndpoint) CloseRecv() {
c.mu.Lock()
defer c.mu.Unlock()
- if err := syscall.Shutdown(c.file.FD(), syscall.SHUT_RD); err != nil {
+ if err := unix.Shutdown(c.file.FD(), unix.SHUT_RD); err != nil {
// A well-formed UDS shutdown can't fail. See
// net/unix/af_unix.c:unix_shutdown.
panic(fmt.Sprintf("failed read shutdown on host socket %+v: %v", c, err))
diff --git a/pkg/sentry/fs/host/socket_iovec.go b/pkg/sentry/fs/host/socket_iovec.go
index 905afb50d..7380d75e7 100644
--- a/pkg/sentry/fs/host/socket_iovec.go
+++ b/pkg/sentry/fs/host/socket_iovec.go
@@ -15,8 +15,7 @@
package host
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/iovec"
"gvisor.dev/gvisor/pkg/syserror"
)
@@ -54,7 +53,7 @@ func copyFromMulti(dst []byte, src [][]byte) {
//
// If intermediate != nil, iovecs references intermediate rather than bufs and
// the caller must copy to/from bufs as necessary.
-func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []syscall.Iovec, intermediate []byte, err error) {
+func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []unix.Iovec, intermediate []byte, err error) {
var iovsRequired int
for _, b := range bufs {
length += int64(len(b))
@@ -78,14 +77,14 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec
// Use a single intermediate buffer instead.
b := make([]byte, stopLen)
- return stopLen, []syscall.Iovec{{
+ return stopLen, []unix.Iovec{{
Base: &b[0],
Len: uint64(stopLen),
}}, b, err
}
var total int64
- iovecs = make([]syscall.Iovec, 0, iovsRequired)
+ iovecs = make([]unix.Iovec, 0, iovsRequired)
for i := range bufs {
l := len(bufs[i])
if l == 0 {
@@ -97,7 +96,7 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec
stop = stopLen - total
}
- iovecs = append(iovecs, syscall.Iovec{
+ iovecs = append(iovecs, unix.Iovec{
Base: &bufs[i][0],
Len: uint64(stop),
})
diff --git a/pkg/sentry/fs/host/socket_state.go b/pkg/sentry/fs/host/socket_state.go
index 498018f0a..1d3e5298a 100644
--- a/pkg/sentry/fs/host/socket_state.go
+++ b/pkg/sentry/fs/host/socket_state.go
@@ -16,8 +16,8 @@ package host
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fd"
)
@@ -30,7 +30,7 @@ func (c *ConnectedEndpoint) beforeSave() {
// afterLoad is invoked by stateify.
func (c *ConnectedEndpoint) afterLoad() {
- f, err := syscall.Dup(c.srfd)
+ f, err := unix.Dup(c.srfd)
if err != nil {
panic(fmt.Sprintf("failed to dup restored FD %d: %v", c.srfd, err))
}
diff --git a/pkg/sentry/fs/host/socket_unsafe.go b/pkg/sentry/fs/host/socket_unsafe.go
index c8231e0aa..95f5d39bd 100644
--- a/pkg/sentry/fs/host/socket_unsafe.go
+++ b/pkg/sentry/fs/host/socket_unsafe.go
@@ -15,8 +15,9 @@
package host
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
// LINT.IfChange
@@ -26,9 +27,9 @@ import (
// If the total length of bufs is > maxlen, fdReadVec will do a partial read
// and err will indicate why the message was truncated.
func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (readLen int64, msgLen int64, controlLen uint64, controlTrunc bool, err error) {
- flags := uintptr(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC)
+ flags := uintptr(unix.MSG_DONTWAIT | unix.MSG_TRUNC)
if peek {
- flags |= syscall.MSG_PEEK
+ flags |= unix.MSG_PEEK
}
// Always truncate the receive buffer. All socket types will truncate
@@ -39,7 +40,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
return 0, 0, 0, false, err
}
- var msg syscall.Msghdr
+ var msg unix.Msghdr
if len(control) != 0 {
msg.Control = &control[0]
msg.Controllen = uint64(len(control))
@@ -50,7 +51,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
msg.Iovlen = uint64(len(iovecs))
}
- rawN, _, e := syscall.RawSyscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags)
+ rawN, _, e := unix.RawSyscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags)
if e != 0 {
// N.B. prioritize the syscall error over the buildIovec error.
return 0, 0, 0, false, e
@@ -62,7 +63,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
copyToMulti(bufs, intermediate)
}
- controlTrunc = msg.Flags&syscall.MSG_CTRUNC == syscall.MSG_CTRUNC
+ controlTrunc = msg.Flags&unix.MSG_CTRUNC == unix.MSG_CTRUNC
if n > length {
return length, n, msg.Controllen, controlTrunc, nil
@@ -87,13 +88,13 @@ func fdWriteVec(fd int, bufs [][]byte, maxlen int64, truncate bool) (int64, int6
copyFromMulti(intermediate, bufs)
}
- var msg syscall.Msghdr
+ var msg unix.Msghdr
if len(iovecs) > 0 {
msg.Iov = &iovecs[0]
msg.Iovlen = uint64(len(iovecs))
}
- n, _, e := syscall.RawSyscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), syscall.MSG_DONTWAIT|syscall.MSG_NOSIGNAL)
+ n, _, e := unix.RawSyscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), unix.MSG_DONTWAIT|unix.MSG_NOSIGNAL)
if e != 0 {
// N.B. prioritize the syscall error over the buildIovec error.
return 0, length, e
diff --git a/pkg/sentry/fs/host/util.go b/pkg/sentry/fs/host/util.go
index 1b0356930..ab74724a3 100644
--- a/pkg/sentry/fs/host/util.go
+++ b/pkg/sentry/fs/host/util.go
@@ -16,8 +16,8 @@ package host
import (
"os"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/sentry/device"
@@ -27,21 +27,21 @@ import (
"gvisor.dev/gvisor/pkg/syserror"
)
-func nodeType(s *syscall.Stat_t) fs.InodeType {
- switch x := (s.Mode & syscall.S_IFMT); x {
- case syscall.S_IFLNK:
+func nodeType(s *unix.Stat_t) fs.InodeType {
+ switch x := (s.Mode & unix.S_IFMT); x {
+ case unix.S_IFLNK:
return fs.Symlink
- case syscall.S_IFIFO:
+ case unix.S_IFIFO:
return fs.Pipe
- case syscall.S_IFCHR:
+ case unix.S_IFCHR:
return fs.CharacterDevice
- case syscall.S_IFBLK:
+ case unix.S_IFBLK:
return fs.BlockDevice
- case syscall.S_IFSOCK:
+ case unix.S_IFSOCK:
return fs.Socket
- case syscall.S_IFDIR:
+ case unix.S_IFDIR:
return fs.Directory
- case syscall.S_IFREG:
+ case unix.S_IFREG:
return fs.RegularFile
default:
// This shouldn't happen, but just in case...
@@ -50,12 +50,12 @@ func nodeType(s *syscall.Stat_t) fs.InodeType {
}
}
-func wouldBlock(s *syscall.Stat_t) bool {
+func wouldBlock(s *unix.Stat_t) bool {
typ := nodeType(s)
return typ == fs.Pipe || typ == fs.Socket || typ == fs.CharacterDevice
}
-func stableAttr(s *syscall.Stat_t) fs.StableAttr {
+func stableAttr(s *unix.Stat_t) fs.StableAttr {
return fs.StableAttr{
Type: nodeType(s),
DeviceID: hostFileDevice.DeviceID(),
@@ -67,14 +67,14 @@ func stableAttr(s *syscall.Stat_t) fs.StableAttr {
}
}
-func owner(s *syscall.Stat_t) fs.FileOwner {
+func owner(s *unix.Stat_t) fs.FileOwner {
return fs.FileOwner{
UID: auth.KUID(s.Uid),
GID: auth.KGID(s.Gid),
}
}
-func unstableAttr(s *syscall.Stat_t) fs.UnstableAttr {
+func unstableAttr(s *unix.Stat_t) fs.UnstableAttr {
return fs.UnstableAttr{
Size: s.Size,
Usage: s.Blocks * 512,
diff --git a/pkg/sentry/fs/host/util_amd64_unsafe.go b/pkg/sentry/fs/host/util_amd64_unsafe.go
index 66da6e9f5..21782f1da 100644
--- a/pkg/sentry/fs/host/util_amd64_unsafe.go
+++ b/pkg/sentry/fs/host/util_amd64_unsafe.go
@@ -17,18 +17,19 @@
package host
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
-func fstatat(fd int, name string, flags int) (syscall.Stat_t, error) {
- var stat syscall.Stat_t
- namePtr, err := syscall.BytePtrFromString(name)
+func fstatat(fd int, name string, flags int) (unix.Stat_t, error) {
+ var stat unix.Stat_t
+ namePtr, err := unix.BytePtrFromString(name)
if err != nil {
return stat, err
}
- _, _, errno := syscall.Syscall6(
- syscall.SYS_NEWFSTATAT,
+ _, _, errno := unix.Syscall6(
+ unix.SYS_NEWFSTATAT,
uintptr(fd),
uintptr(unsafe.Pointer(namePtr)),
uintptr(unsafe.Pointer(&stat)),
diff --git a/pkg/sentry/fs/host/util_arm64_unsafe.go b/pkg/sentry/fs/host/util_arm64_unsafe.go
index e8cb94aeb..ed8f5242a 100644
--- a/pkg/sentry/fs/host/util_arm64_unsafe.go
+++ b/pkg/sentry/fs/host/util_arm64_unsafe.go
@@ -17,18 +17,19 @@
package host
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
-func fstatat(fd int, name string, flags int) (syscall.Stat_t, error) {
- var stat syscall.Stat_t
- namePtr, err := syscall.BytePtrFromString(name)
+func fstatat(fd int, name string, flags int) (unix.Stat_t, error) {
+ var stat unix.Stat_t
+ namePtr, err := unix.BytePtrFromString(name)
if err != nil {
return stat, err
}
- _, _, errno := syscall.Syscall6(
- syscall.SYS_FSTATAT,
+ _, _, errno := unix.Syscall6(
+ unix.SYS_FSTATAT,
uintptr(fd),
uintptr(unsafe.Pointer(namePtr)),
uintptr(unsafe.Pointer(&stat)),
diff --git a/pkg/sentry/fs/host/util_unsafe.go b/pkg/sentry/fs/host/util_unsafe.go
index 23bd35d64..3c5e3ed6d 100644
--- a/pkg/sentry/fs/host/util_unsafe.go
+++ b/pkg/sentry/fs/host/util_unsafe.go
@@ -15,9 +15,9 @@
package host
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/sentry/fs"
ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
@@ -30,8 +30,8 @@ func readLink(fd int) (string, error) {
// Buffer sizing copied from os.Readlink.
for l := 128; ; l *= 2 {
b := make([]byte, l)
- n, _, errno := syscall.Syscall6(
- syscall.SYS_READLINKAT,
+ n, _, errno := unix.Syscall6(
+ unix.SYS_READLINKAT,
uintptr(fd),
uintptr(unsafe.Pointer(&NulByte)), // ""
uintptr(unsafe.Pointer(&b[0])),
@@ -46,25 +46,25 @@ func readLink(fd int) (string, error) {
}
}
-func timespecFromTimestamp(t ktime.Time, omit, setSysTime bool) syscall.Timespec {
+func timespecFromTimestamp(t ktime.Time, omit, setSysTime bool) unix.Timespec {
if omit {
- return syscall.Timespec{0, linux.UTIME_OMIT}
+ return unix.Timespec{0, linux.UTIME_OMIT}
}
if setSysTime {
- return syscall.Timespec{0, linux.UTIME_NOW}
+ return unix.Timespec{0, linux.UTIME_NOW}
}
- return syscall.NsecToTimespec(t.Nanoseconds())
+ return unix.NsecToTimespec(t.Nanoseconds())
}
func setTimestamps(fd int, ts fs.TimeSpec) error {
if ts.ATimeOmit && ts.MTimeOmit {
return nil
}
- var sts [2]syscall.Timespec
+ var sts [2]unix.Timespec
sts[0] = timespecFromTimestamp(ts.ATime, ts.ATimeOmit, ts.ATimeSetSystemTime)
sts[1] = timespecFromTimestamp(ts.MTime, ts.MTimeOmit, ts.MTimeSetSystemTime)
- _, _, errno := syscall.Syscall6(
- syscall.SYS_UTIMENSAT,
+ _, _, errno := unix.Syscall6(
+ unix.SYS_UTIMENSAT,
uintptr(fd),
0, /* path */
uintptr(unsafe.Pointer(&sts)),
diff --git a/pkg/sentry/fs/lock/lock.go b/pkg/sentry/fs/lock/lock.go
index 57686ce07..7d7a207cc 100644
--- a/pkg/sentry/fs/lock/lock.go
+++ b/pkg/sentry/fs/lock/lock.go
@@ -52,8 +52,8 @@ package lock
import (
"fmt"
"math"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sync"
@@ -456,7 +456,7 @@ func ComputeRange(start, length, offset int64) (LockRange, error) {
// fcntl(2): "l_start can be a negative number provided the offset
// does not lie before the start of the file"
if offset < 0 {
- return LockRange{}, syscall.EINVAL
+ return LockRange{}, unix.EINVAL
}
// fcntl(2): Specifying 0 for l_len has the special meaning: lock all
@@ -478,10 +478,10 @@ func ComputeRange(start, length, offset int64) (LockRange, error) {
// Add to offset using a negative length (subtract).
offset += length
if offset < 0 {
- return LockRange{}, syscall.EINVAL
+ return LockRange{}, unix.EINVAL
}
if signedEnd < offset {
- return LockRange{}, syscall.EOVERFLOW
+ return LockRange{}, unix.EOVERFLOW
}
// At this point signedEnd cannot be negative,
// since we asserted that offset is not negative
diff --git a/pkg/sentry/fs/mounts.go b/pkg/sentry/fs/mounts.go
index d741c4339..243098a09 100644
--- a/pkg/sentry/fs/mounts.go
+++ b/pkg/sentry/fs/mounts.go
@@ -17,8 +17,8 @@ package fs
import (
"fmt"
"math"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/refs"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
@@ -571,13 +571,13 @@ func (mns *MountNamespace) resolve(ctx context.Context, root, node *Dirent, rema
// Make sure we didn't exhaust the traversal budget.
if *remainingTraversals == 0 {
target.DecRef(ctx)
- return nil, syscall.ELOOP
+ return nil, unix.ELOOP
}
node.DecRef(ctx) // Drop the original reference.
return target, nil
- case syscall.ENOLINK:
+ case unix.ENOLINK:
// Not a symlink.
return node, nil
@@ -586,7 +586,7 @@ func (mns *MountNamespace) resolve(ctx context.Context, root, node *Dirent, rema
// First, check if we should traverse.
if *remainingTraversals == 0 {
- return nil, syscall.ELOOP
+ return nil, unix.ELOOP
}
// Read the target path.
diff --git a/pkg/sentry/fs/ramfs/dir.go b/pkg/sentry/fs/ramfs/dir.go
index f4fcddecb..19990f9db 100644
--- a/pkg/sentry/fs/ramfs/dir.go
+++ b/pkg/sentry/fs/ramfs/dir.go
@@ -17,8 +17,8 @@ package ramfs
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -378,8 +378,8 @@ func (d *Dir) Bind(ctx context.Context, dir *fs.Inode, name string, ep transport
inode, err := d.createInodeOperationsCommon(ctx, name, func() (*fs.Inode, error) {
return d.NewBoundEndpoint(ctx, dir, ep, perms)
})
- if err == syscall.EEXIST {
- return nil, syscall.EADDRINUSE
+ if err == unix.EEXIST {
+ return nil, unix.EADDRINUSE
}
if err != nil {
return nil, err
diff --git a/pkg/sentry/fs/save.go b/pkg/sentry/fs/save.go
index fe5c76b44..1de9735dc 100644
--- a/pkg/sentry/fs/save.go
+++ b/pkg/sentry/fs/save.go
@@ -16,8 +16,8 @@ package fs
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/log"
)
@@ -65,7 +65,7 @@ func SaveFileFsyncError(err error) error {
case nil:
// We succeeded, everything is great.
return nil
- case syscall.EBADF, syscall.EINVAL, syscall.EROFS, syscall.ENOSYS, syscall.EPERM:
+ case unix.EBADF, unix.EINVAL, unix.EROFS, unix.ENOSYS, unix.EPERM:
// These errors mean that the underlying node might not be syncable,
// which we expect to be reported as such even from the gofer.
log.Infof("failed to sync during save: %v", err)
diff --git a/pkg/sentry/fsimpl/eventfd/eventfd.go b/pkg/sentry/fsimpl/eventfd/eventfd.go
index 5b29f2358..7f810f720 100644
--- a/pkg/sentry/fsimpl/eventfd/eventfd.go
+++ b/pkg/sentry/fsimpl/eventfd/eventfd.go
@@ -18,8 +18,8 @@ package eventfd
import (
"math"
"sync"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -92,13 +92,13 @@ func (efd *EventFileDescription) HostFD() (int, error) {
flags |= linux.EFD_SEMAPHORE
}
- fd, _, errno := syscall.Syscall(syscall.SYS_EVENTFD2, uintptr(efd.val), uintptr(flags), 0)
+ fd, _, errno := unix.Syscall(unix.SYS_EVENTFD2, uintptr(efd.val), uintptr(flags), 0)
if errno != 0 {
return -1, errno
}
if err := fdnotifier.AddFD(int32(fd), &efd.queue); err != nil {
- if closeErr := syscall.Close(int(fd)); closeErr != nil {
+ if closeErr := unix.Close(int(fd)); closeErr != nil {
log.Warningf("close(%d) eventfd failed: %v", fd, closeErr)
}
return -1, err
@@ -114,7 +114,7 @@ func (efd *EventFileDescription) Release(context.Context) {
defer efd.mu.Unlock()
if efd.hostfd >= 0 {
fdnotifier.RemoveFD(int32(efd.hostfd))
- if closeErr := syscall.Close(int(efd.hostfd)); closeErr != nil {
+ if closeErr := unix.Close(int(efd.hostfd)); closeErr != nil {
log.Warningf("close(%d) eventfd failed: %v", efd.hostfd, closeErr)
}
efd.hostfd = -1
@@ -124,7 +124,7 @@ func (efd *EventFileDescription) Release(context.Context) {
// Read implements vfs.FileDescriptionImpl.Read.
func (efd *EventFileDescription) Read(ctx context.Context, dst usermem.IOSequence, _ vfs.ReadOptions) (int64, error) {
if dst.NumBytes() < 8 {
- return 0, syscall.EINVAL
+ return 0, unix.EINVAL
}
if err := efd.read(ctx, dst); err != nil {
return 0, err
@@ -135,7 +135,7 @@ func (efd *EventFileDescription) Read(ctx context.Context, dst usermem.IOSequenc
// Write implements vfs.FileDescriptionImpl.Write.
func (efd *EventFileDescription) Write(ctx context.Context, src usermem.IOSequence, _ vfs.WriteOptions) (int64, error) {
if src.NumBytes() < 8 {
- return 0, syscall.EINVAL
+ return 0, unix.EINVAL
}
if err := efd.write(ctx, src); err != nil {
return 0, err
@@ -146,8 +146,8 @@ func (efd *EventFileDescription) Write(ctx context.Context, src usermem.IOSequen
// Preconditions: Must be called with efd.mu locked.
func (efd *EventFileDescription) hostReadLocked(ctx context.Context, dst usermem.IOSequence) error {
var buf [8]byte
- if _, err := syscall.Read(efd.hostfd, buf[:]); err != nil {
- if err == syscall.EWOULDBLOCK {
+ if _, err := unix.Read(efd.hostfd, buf[:]); err != nil {
+ if err == unix.EWOULDBLOCK {
return syserror.ErrWouldBlock
}
return err
@@ -197,8 +197,8 @@ func (efd *EventFileDescription) read(ctx context.Context, dst usermem.IOSequenc
func (efd *EventFileDescription) hostWriteLocked(val uint64) error {
var buf [8]byte
usermem.ByteOrder.PutUint64(buf[:], val)
- _, err := syscall.Write(efd.hostfd, buf[:])
- if err == syscall.EWOULDBLOCK {
+ _, err := unix.Write(efd.hostfd, buf[:])
+ if err == unix.EWOULDBLOCK {
return syserror.ErrWouldBlock
}
return err
@@ -217,7 +217,7 @@ func (efd *EventFileDescription) write(ctx context.Context, src usermem.IOSequen
// Signal is an internal function to signal the event fd.
func (efd *EventFileDescription) Signal(val uint64) error {
if val == math.MaxUint64 {
- return syscall.EINVAL
+ return unix.EINVAL
}
efd.mu.Lock()
diff --git a/pkg/sentry/fsimpl/fuse/connection_control.go b/pkg/sentry/fsimpl/fuse/connection_control.go
index 4ab894965..948502db6 100644
--- a/pkg/sentry/fsimpl/fuse/connection_control.go
+++ b/pkg/sentry/fsimpl/fuse/connection_control.go
@@ -16,8 +16,8 @@ package fuse
import (
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
@@ -230,7 +230,7 @@ func (conn *connection) Abort(ctx context.Context) {
// sendError() will remove them from `fd.completion` map.
// Will enter the path of a normally received error.
for _, toTerminate := range terminate {
- conn.fd.sendError(ctx, -int32(syscall.ECONNABORTED), toTerminate)
+ conn.fd.sendError(ctx, -int32(unix.ECONNABORTED), toTerminate)
}
// 3. The requests not yet written to FUSE device.
diff --git a/pkg/sentry/fsimpl/fuse/dev.go b/pkg/sentry/fsimpl/fuse/dev.go
index 1bbe6fdb7..1eeb95216 100644
--- a/pkg/sentry/fsimpl/fuse/dev.go
+++ b/pkg/sentry/fsimpl/fuse/dev.go
@@ -15,8 +15,7 @@
package fuse
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/kernel"
@@ -176,9 +175,9 @@ func (fd *DeviceFD) readLocked(ctx context.Context, dst usermem.IOSequence, opts
// The request is too large. Cannot process it. All requests must be smaller than the
// negotiated size as specified by Connection.MaxWrite set as part of the FUSE_INIT
// handshake.
- errno := -int32(syscall.EIO)
+ errno := -int32(unix.EIO)
if req.hdr.Opcode == linux.FUSE_SETXATTR {
- errno = -int32(syscall.E2BIG)
+ errno = -int32(unix.E2BIG)
}
// Return the error to the calling task.
diff --git a/pkg/sentry/fsimpl/fuse/request_response.go b/pkg/sentry/fsimpl/fuse/request_response.go
index 41d679358..10fb9d7d2 100644
--- a/pkg/sentry/fsimpl/fuse/request_response.go
+++ b/pkg/sentry/fsimpl/fuse/request_response.go
@@ -16,8 +16,8 @@ package fuse
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/marshal"
"gvisor.dev/gvisor/pkg/sentry/kernel"
@@ -199,7 +199,7 @@ func (r *Response) Error() error {
return nil
}
- sysErrNo := syscall.Errno(-errno)
+ sysErrNo := unix.Errno(-errno)
return error(sysErrNo)
}
diff --git a/pkg/sentry/fsimpl/gofer/gofer.go b/pkg/sentry/fsimpl/gofer/gofer.go
index 094d993a8..1508cbdf1 100644
--- a/pkg/sentry/fsimpl/gofer/gofer.go
+++ b/pkg/sentry/fsimpl/gofer/gofer.go
@@ -40,8 +40,8 @@ import (
"strconv"
"strings"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/log"
@@ -550,10 +550,10 @@ func (fs *filesystem) Release(ctx context.Context) {
d.dataMu.Unlock()
// Close host FDs if they exist.
if d.readFD >= 0 {
- syscall.Close(int(d.readFD))
+ unix.Close(int(d.readFD))
}
if d.writeFD >= 0 && d.readFD != d.writeFD {
- syscall.Close(int(d.writeFD))
+ unix.Close(int(d.writeFD))
}
d.readFD = -1
d.writeFD = -1
@@ -1505,10 +1505,10 @@ func (d *dentry) destroyLocked(ctx context.Context) {
d.readFile = p9file{}
d.writeFile = p9file{}
if d.readFD >= 0 {
- syscall.Close(int(d.readFD))
+ unix.Close(int(d.readFD))
}
if d.writeFD >= 0 && d.readFD != d.writeFD {
- syscall.Close(int(d.writeFD))
+ unix.Close(int(d.writeFD))
}
d.readFD = -1
d.writeFD = -1
@@ -1686,7 +1686,7 @@ func (d *dentry) ensureSharedHandle(ctx context.Context, read, write, trunc bool
// may use the old or new file description, but this
// doesn't matter since they refer to the same file, and
// any racing mappings must be read-only.
- if err := syscall.Dup3(int(h.fd), int(d.readFD), syscall.O_CLOEXEC); err != nil {
+ if err := unix.Dup3(int(h.fd), int(d.readFD), unix.O_CLOEXEC); err != nil {
oldFD := d.readFD
d.handleMu.Unlock()
ctx.Warningf("gofer.dentry.ensureSharedHandle: failed to dup fd %d to fd %d: %v", h.fd, oldFD, err)
@@ -1772,7 +1772,7 @@ func (d *dentry) ensureSharedHandle(ctx context.Context, read, write, trunc bool
d.mapsMu.Unlock()
}
for _, fd := range fdsToClose {
- syscall.Close(int(fd))
+ unix.Close(int(fd))
}
return nil
@@ -1808,7 +1808,7 @@ func (d *dentry) syncRemoteFileLocked(ctx context.Context) error {
// handles otherwise.
if d.writeFD >= 0 {
ctx.UninterruptibleSleepStart(false)
- err := syscall.Fsync(int(d.writeFD))
+ err := unix.Fsync(int(d.writeFD))
ctx.UninterruptibleSleepFinish(false)
return err
}
@@ -1817,7 +1817,7 @@ func (d *dentry) syncRemoteFileLocked(ctx context.Context) error {
}
if d.readFD >= 0 {
ctx.UninterruptibleSleepStart(false)
- err := syscall.Fsync(int(d.readFD))
+ err := unix.Fsync(int(d.readFD))
ctx.UninterruptibleSleepFinish(false)
return err
}
diff --git a/pkg/sentry/fsimpl/gofer/handle.go b/pkg/sentry/fsimpl/gofer/handle.go
index a9ebe1206..0bc201d1c 100644
--- a/pkg/sentry/fsimpl/gofer/handle.go
+++ b/pkg/sentry/fsimpl/gofer/handle.go
@@ -15,8 +15,7 @@
package gofer
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/p9"
"gvisor.dev/gvisor/pkg/safemem"
@@ -73,7 +72,7 @@ func (h *handle) close(ctx context.Context) {
h.file.close(ctx)
h.file = p9file{}
if h.fd >= 0 {
- syscall.Close(int(h.fd))
+ unix.Close(int(h.fd))
h.fd = -1
}
}
diff --git a/pkg/sentry/fsimpl/gofer/socket.go b/pkg/sentry/fsimpl/gofer/socket.go
index a21199eac..fe15f8583 100644
--- a/pkg/sentry/fsimpl/gofer/socket.go
+++ b/pkg/sentry/fsimpl/gofer/socket.go
@@ -15,8 +15,7 @@
package gofer
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/log"
@@ -118,7 +117,7 @@ func (e *endpoint) newConnectedEndpoint(ctx context.Context, flags p9.ConnectFla
return nil, syserr.ErrConnectionRefused
}
// Dup the fd so that the new endpoint can manage its lifetime.
- hostFD, err := syscall.Dup(hostFile.FD())
+ hostFD, err := unix.Dup(hostFile.FD())
if err != nil {
log.Warningf("Could not dup host socket fd %d: %v", hostFile.FD(), err)
return nil, syserr.FromError(err)
diff --git a/pkg/sentry/fsimpl/gofer/special_file.go b/pkg/sentry/fsimpl/gofer/special_file.go
index ae972fcb5..ac3b5b621 100644
--- a/pkg/sentry/fsimpl/gofer/special_file.go
+++ b/pkg/sentry/fsimpl/gofer/special_file.go
@@ -16,8 +16,8 @@ package gofer
import (
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -376,7 +376,7 @@ func (fd *specialFileFD) sync(ctx context.Context, forFilesystemSync bool) error
// RPC.
if fd.handle.fd >= 0 {
ctx.UninterruptibleSleepStart(false)
- err := syscall.Fsync(int(fd.handle.fd))
+ err := unix.Fsync(int(fd.handle.fd))
ctx.UninterruptibleSleepFinish(false)
return err
}
diff --git a/pkg/sentry/fsimpl/host/control.go b/pkg/sentry/fsimpl/host/control.go
index 13ef48cb5..1680d456e 100644
--- a/pkg/sentry/fsimpl/host/control.go
+++ b/pkg/sentry/fsimpl/host/control.go
@@ -15,8 +15,7 @@
package host
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/kernel"
@@ -60,7 +59,7 @@ func (c *scmRights) Clone() transport.RightsControlMessage {
// Release implements transport.RightsControlMessage.Release.
func (c *scmRights) Release(ctx context.Context) {
for _, fd := range c.fds {
- syscall.Close(fd)
+ unix.Close(fd)
}
c.fds = nil
}
@@ -72,7 +71,7 @@ func fdsToFiles(ctx context.Context, fds []int) []*vfs.FileDescription {
for _, fd := range fds {
// Get flags. We do it here because they may be modified
// by subsequent functions.
- fileFlags, _, errno := syscall.Syscall(syscall.SYS_FCNTL, uintptr(fd), syscall.F_GETFL, 0)
+ fileFlags, _, errno := unix.Syscall(unix.SYS_FCNTL, uintptr(fd), unix.F_GETFL, 0)
if errno != 0 {
ctx.Warningf("Error retrieving host FD flags: %v", error(errno))
break
diff --git a/pkg/sentry/fsimpl/host/host.go b/pkg/sentry/fsimpl/host/host.go
index 05f11fbd5..ad5de80dc 100644
--- a/pkg/sentry/fsimpl/host/host.go
+++ b/pkg/sentry/fsimpl/host/host.go
@@ -20,7 +20,6 @@ import (
"fmt"
"math"
"sync/atomic"
- "syscall"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
@@ -112,7 +111,7 @@ func newInode(ctx context.Context, fs *filesystem, hostFD int, savable bool, fil
seekable := err != syserror.ESPIPE
// We expect regular files to be seekable, as this is required for them to
// be memory-mappable.
- if !seekable && fileType == syscall.S_IFREG {
+ if !seekable && fileType == unix.S_IFREG {
ctx.Infof("host.newInode: host FD %d is a non-seekable regular file", hostFD)
return nil, syserror.ESPIPE
}
@@ -121,7 +120,7 @@ func newInode(ctx context.Context, fs *filesystem, hostFD int, savable bool, fil
hostFD: hostFD,
ino: fs.NextIno(),
ftype: uint16(fileType),
- mayBlock: fileType != syscall.S_IFREG && fileType != syscall.S_IFDIR,
+ mayBlock: fileType != unix.S_IFREG && fileType != unix.S_IFDIR,
seekable: seekable,
isTTY: isTTY,
savable: savable,
@@ -132,7 +131,7 @@ func newInode(ctx context.Context, fs *filesystem, hostFD int, savable bool, fil
// If the hostFD can return EWOULDBLOCK when set to non-blocking, do so and
// handle blocking behavior in the sentry.
if i.mayBlock {
- if err := syscall.SetNonblock(i.hostFD, true); err != nil {
+ if err := unix.SetNonblock(i.hostFD, true); err != nil {
return nil, err
}
if err := fdnotifier.AddFD(int32(i.hostFD), &i.queue); err != nil {
@@ -175,7 +174,7 @@ func NewFD(ctx context.Context, mnt *vfs.Mount, hostFD int, opts *NewFDOptions)
flags := opts.Flags
if !opts.HaveFlags {
// Get flags for the imported FD.
- flagsInt, err := unix.FcntlInt(uintptr(hostFD), syscall.F_GETFL, 0)
+ flagsInt, err := unix.FcntlInt(uintptr(hostFD), unix.F_GETFL, 0)
if err != nil {
return nil, err
}
@@ -263,8 +262,8 @@ func (fs *filesystem) PrependPath(ctx context.Context, vfsroot, vd vfs.VirtualDe
// CheckPermissions implements kernfs.Inode.CheckPermissions.
func (i *inode) CheckPermissions(ctx context.Context, creds *auth.Credentials, ats vfs.AccessTypes) error {
- var s syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &s); err != nil {
return err
}
return vfs.GenericCheckPermissions(creds, ats, linux.FileMode(s.Mode), auth.KUID(s.Uid), auth.KGID(s.Gid))
@@ -272,8 +271,8 @@ func (i *inode) CheckPermissions(ctx context.Context, creds *auth.Credentials, a
// Mode implements kernfs.Inode.Mode.
func (i *inode) Mode() linux.FileMode {
- var s syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &s); err != nil {
// Retrieving the mode from the host fd using fstat(2) should not fail.
// If the syscall does not succeed, something is fundamentally wrong.
panic(fmt.Sprintf("failed to retrieve mode from host fd %d: %v", i.hostFD, err))
@@ -405,8 +404,8 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre
if m&^(linux.STATX_MODE|linux.STATX_SIZE|linux.STATX_ATIME|linux.STATX_MTIME) != 0 {
return syserror.EPERM
}
- var hostStat syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &hostStat); err != nil {
+ var hostStat unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &hostStat); err != nil {
return err
}
if err := vfs.CheckSetStat(ctx, creds, &opts, linux.FileMode(hostStat.Mode), auth.KUID(hostStat.Uid), auth.KGID(hostStat.Gid)); err != nil {
@@ -414,7 +413,7 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre
}
if m&linux.STATX_MODE != 0 {
- if err := syscall.Fchmod(i.hostFD, uint32(s.Mode)); err != nil {
+ if err := unix.Fchmod(i.hostFD, uint32(s.Mode)); err != nil {
return err
}
}
@@ -422,7 +421,7 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre
if hostStat.Mode&linux.S_IFMT != linux.S_IFREG {
return syserror.EINVAL
}
- if err := syscall.Ftruncate(i.hostFD, int64(s.Size)); err != nil {
+ if err := unix.Ftruncate(i.hostFD, int64(s.Size)); err != nil {
return err
}
oldSize := uint64(hostStat.Size)
@@ -435,7 +434,7 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre
}
}
if m&(linux.STATX_ATIME|linux.STATX_MTIME) != 0 {
- ts := [2]syscall.Timespec{
+ ts := [2]unix.Timespec{
toTimespec(s.Atime, m&linux.STATX_ATIME == 0),
toTimespec(s.Mtime, m&linux.STATX_MTIME == 0),
}
@@ -468,8 +467,8 @@ func (i *inode) Open(ctx context.Context, rp *vfs.ResolvingPath, d *kernfs.Dentr
}
func (i *inode) open(ctx context.Context, d *kernfs.Dentry, mnt *vfs.Mount, flags uint32) (*vfs.FileDescription, error) {
- var s syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &s); err != nil {
return nil, err
}
fileType := s.Mode & linux.FileTypeMask
@@ -477,10 +476,10 @@ func (i *inode) open(ctx context.Context, d *kernfs.Dentry, mnt *vfs.Mount, flag
// Constrain flags to a subset we can handle.
//
// TODO(gvisor.dev/issue/2601): Support O_NONBLOCK by adding RWF_NOWAIT to pread/pwrite calls.
- flags &= syscall.O_ACCMODE | syscall.O_NONBLOCK | syscall.O_DSYNC | syscall.O_SYNC | syscall.O_APPEND
+ flags &= unix.O_ACCMODE | unix.O_NONBLOCK | unix.O_DSYNC | unix.O_SYNC | unix.O_APPEND
switch fileType {
- case syscall.S_IFSOCK:
+ case unix.S_IFSOCK:
if i.isTTY {
log.Warningf("cannot use host socket fd %d as TTY", i.hostFD)
return nil, syserror.ENOTTY
@@ -493,7 +492,7 @@ func (i *inode) open(ctx context.Context, d *kernfs.Dentry, mnt *vfs.Mount, flag
// Currently, we only allow Unix sockets to be imported.
return unixsocket.NewFileDescription(ep, ep.Type(), flags, mnt, d.VFSDentry(), &i.locks)
- case syscall.S_IFREG, syscall.S_IFIFO, syscall.S_IFCHR:
+ case unix.S_IFREG, unix.S_IFIFO, unix.S_IFCHR:
if i.isTTY {
fd := &TTYFileDescription{
fileDescription: fileDescription{inode: i},
@@ -675,8 +674,8 @@ func (f *fileDescription) Write(ctx context.Context, src usermem.IOSequence, opt
// and writing to the host fd. This is an unavoidable race condition because
// we cannot enforce synchronization on the host.
if f.vfsfd.StatusFlags()&linux.O_APPEND != 0 {
- var s syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &s); err != nil {
f.offsetMu.Unlock()
return 0, err
}
@@ -737,8 +736,8 @@ func (f *fileDescription) Seek(_ context.Context, offset int64, whence int32) (i
f.offset += offset
case linux.SEEK_END:
- var s syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &s); err != nil {
return f.offset, err
}
size := s.Size
@@ -781,7 +780,7 @@ func (f *fileDescription) Sync(ctx context.Context) error {
func (f *fileDescription) ConfigureMMap(_ context.Context, opts *memmap.MMapOpts) error {
// NOTE(b/38213152): Technically, some obscure char devices can be memory
// mapped, but we only allow regular files.
- if f.inode.ftype != syscall.S_IFREG {
+ if f.inode.ftype != unix.S_IFREG {
return syserror.ENODEV
}
i := f.inode
diff --git a/pkg/sentry/fsimpl/host/ioctl_unsafe.go b/pkg/sentry/fsimpl/host/ioctl_unsafe.go
index 0983bf7d8..f666a5875 100644
--- a/pkg/sentry/fsimpl/host/ioctl_unsafe.go
+++ b/pkg/sentry/fsimpl/host/ioctl_unsafe.go
@@ -15,15 +15,15 @@
package host
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
func ioctlGetTermios(fd int) (*linux.Termios, error) {
var t linux.Termios
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t)))
if errno != 0 {
return nil, errno
}
@@ -31,7 +31,7 @@ func ioctlGetTermios(fd int) (*linux.Termios, error) {
}
func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error {
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t)))
if errno != 0 {
return errno
}
@@ -40,7 +40,7 @@ func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error {
func ioctlGetWinsize(fd int) (*linux.Winsize, error) {
var w linux.Winsize
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w)))
if errno != 0 {
return nil, errno
}
@@ -48,7 +48,7 @@ func ioctlGetWinsize(fd int) (*linux.Winsize, error) {
}
func ioctlSetWinsize(fd int, w *linux.Winsize) error {
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w)))
if errno != 0 {
return errno
}
diff --git a/pkg/sentry/fsimpl/host/save_restore.go b/pkg/sentry/fsimpl/host/save_restore.go
index 8800652a9..5688bddc8 100644
--- a/pkg/sentry/fsimpl/host/save_restore.go
+++ b/pkg/sentry/fsimpl/host/save_restore.go
@@ -18,8 +18,8 @@ import (
"fmt"
"io"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fdnotifier"
"gvisor.dev/gvisor/pkg/safemem"
"gvisor.dev/gvisor/pkg/sentry/hostfd"
@@ -31,7 +31,7 @@ func (i *inode) beforeSave() {
if !i.savable {
panic("host.inode is not savable")
}
- if i.ftype == syscall.S_IFIFO {
+ if i.ftype == unix.S_IFIFO {
// If this pipe FD is readable, drain it so that bytes in the pipe can
// be read after restore. (This is a legacy VFS1 feature.) We don't
// know if the pipe FD is readable, so just try reading and tolerate
@@ -45,7 +45,7 @@ func (i *inode) beforeSave() {
i.buf = append(i.buf, buf[:n]...)
}
if err != nil {
- if err == io.EOF || err == syscall.EAGAIN || err == syscall.EBADF {
+ if err == io.EOF || err == unix.EAGAIN || err == unix.EBADF {
break
}
panic(fmt.Errorf("host.inode.beforeSave: buffering from pipe failed: %v", err))
@@ -60,7 +60,7 @@ func (i *inode) beforeSave() {
// afterLoad is invoked by stateify.
func (i *inode) afterLoad() {
if i.mayBlock {
- if err := syscall.SetNonblock(i.hostFD, true); err != nil {
+ if err := unix.SetNonblock(i.hostFD, true); err != nil {
panic(fmt.Sprintf("host.inode.afterLoad: failed to set host FD %d non-blocking: %v", i.hostFD, err))
}
if err := fdnotifier.AddFD(int32(i.hostFD), &i.queue); err != nil {
diff --git a/pkg/sentry/fsimpl/host/socket.go b/pkg/sentry/fsimpl/host/socket.go
index 6763f5b0c..056f910aa 100644
--- a/pkg/sentry/fsimpl/host/socket.go
+++ b/pkg/sentry/fsimpl/host/socket.go
@@ -17,8 +17,8 @@ package host
import (
"fmt"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -87,26 +87,26 @@ type ConnectedEndpoint struct {
func (c *ConnectedEndpoint) init() *syserr.Error {
c.InitRefs()
- family, err := syscall.GetsockoptInt(c.fd, syscall.SOL_SOCKET, syscall.SO_DOMAIN)
+ family, err := unix.GetsockoptInt(c.fd, unix.SOL_SOCKET, unix.SO_DOMAIN)
if err != nil {
return syserr.FromError(err)
}
- if family != syscall.AF_UNIX {
+ if family != unix.AF_UNIX {
// We only allow Unix sockets.
return syserr.ErrInvalidEndpointState
}
- stype, err := syscall.GetsockoptInt(c.fd, syscall.SOL_SOCKET, syscall.SO_TYPE)
+ stype, err := unix.GetsockoptInt(c.fd, unix.SOL_SOCKET, unix.SO_TYPE)
if err != nil {
return syserr.FromError(err)
}
- if err := syscall.SetNonblock(c.fd, true); err != nil {
+ if err := unix.SetNonblock(c.fd, true); err != nil {
return syserr.FromError(err)
}
- sndbuf, err := syscall.GetsockoptInt(c.fd, syscall.SOL_SOCKET, syscall.SO_SNDBUF)
+ sndbuf, err := unix.GetsockoptInt(c.fd, unix.SOL_SOCKET, unix.SO_SNDBUF)
if err != nil {
return syserr.FromError(err)
}
@@ -177,7 +177,7 @@ func (c *ConnectedEndpoint) CloseSend() {
c.mu.Lock()
defer c.mu.Unlock()
- if err := syscall.Shutdown(c.fd, syscall.SHUT_WR); err != nil {
+ if err := unix.Shutdown(c.fd, unix.SHUT_WR); err != nil {
// A well-formed UDS shutdown can't fail. See
// net/unix/af_unix.c:unix_shutdown.
panic(fmt.Sprintf("failed write shutdown on host socket %+v: %v", c, err))
@@ -270,7 +270,7 @@ func (c *ConnectedEndpoint) CloseRecv() {
c.mu.Lock()
defer c.mu.Unlock()
- if err := syscall.Shutdown(c.fd, syscall.SHUT_RD); err != nil {
+ if err := unix.Shutdown(c.fd, unix.SHUT_RD); err != nil {
// A well-formed UDS shutdown can't fail. See
// net/unix/af_unix.c:unix_shutdown.
panic(fmt.Sprintf("failed read shutdown on host socket %+v: %v", c, err))
@@ -358,7 +358,7 @@ func (e *SCMConnectedEndpoint) Release(ctx context.Context) {
e.DecRef(func() {
e.mu.Lock()
fdnotifier.RemoveFD(int32(e.fd))
- if err := syscall.Close(e.fd); err != nil {
+ if err := unix.Close(e.fd); err != nil {
log.Warningf("Failed to close host fd %d: %v", err)
}
e.destroyLocked()
diff --git a/pkg/sentry/fsimpl/host/socket_iovec.go b/pkg/sentry/fsimpl/host/socket_iovec.go
index fc0d5fd38..b123a63ee 100644
--- a/pkg/sentry/fsimpl/host/socket_iovec.go
+++ b/pkg/sentry/fsimpl/host/socket_iovec.go
@@ -15,8 +15,7 @@
package host
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/iovec"
"gvisor.dev/gvisor/pkg/syserror"
)
@@ -52,7 +51,7 @@ func copyFromMulti(dst []byte, src [][]byte) {
//
// If intermediate != nil, iovecs references intermediate rather than bufs and
// the caller must copy to/from bufs as necessary.
-func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []syscall.Iovec, intermediate []byte, err error) {
+func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []unix.Iovec, intermediate []byte, err error) {
var iovsRequired int
for _, b := range bufs {
length += int64(len(b))
@@ -76,14 +75,14 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec
// Use a single intermediate buffer instead.
b := make([]byte, stopLen)
- return stopLen, []syscall.Iovec{{
+ return stopLen, []unix.Iovec{{
Base: &b[0],
Len: uint64(stopLen),
}}, b, err
}
var total int64
- iovecs = make([]syscall.Iovec, 0, iovsRequired)
+ iovecs = make([]unix.Iovec, 0, iovsRequired)
for i := range bufs {
l := len(bufs[i])
if l == 0 {
@@ -95,7 +94,7 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec
stop = stopLen - total
}
- iovecs = append(iovecs, syscall.Iovec{
+ iovecs = append(iovecs, unix.Iovec{
Base: &bufs[i][0],
Len: uint64(stop),
})
diff --git a/pkg/sentry/fsimpl/host/socket_unsafe.go b/pkg/sentry/fsimpl/host/socket_unsafe.go
index c0bf45f08..34f24e95c 100644
--- a/pkg/sentry/fsimpl/host/socket_unsafe.go
+++ b/pkg/sentry/fsimpl/host/socket_unsafe.go
@@ -15,8 +15,9 @@
package host
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
// fdReadVec receives from fd to bufs.
@@ -24,9 +25,9 @@ import (
// If the total length of bufs is > maxlen, fdReadVec will do a partial read
// and err will indicate why the message was truncated.
func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (readLen int64, msgLen int64, controlLen uint64, controlTrunc bool, err error) {
- flags := uintptr(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC)
+ flags := uintptr(unix.MSG_DONTWAIT | unix.MSG_TRUNC)
if peek {
- flags |= syscall.MSG_PEEK
+ flags |= unix.MSG_PEEK
}
// Always truncate the receive buffer. All socket types will truncate
@@ -37,7 +38,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
return 0, 0, 0, false, err
}
- var msg syscall.Msghdr
+ var msg unix.Msghdr
if len(control) != 0 {
msg.Control = &control[0]
msg.Controllen = uint64(len(control))
@@ -48,7 +49,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
msg.Iovlen = uint64(len(iovecs))
}
- rawN, _, e := syscall.RawSyscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags)
+ rawN, _, e := unix.RawSyscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags)
if e != 0 {
// N.B. prioritize the syscall error over the buildIovec error.
return 0, 0, 0, false, e
@@ -60,7 +61,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
copyToMulti(bufs, intermediate)
}
- controlTrunc = msg.Flags&syscall.MSG_CTRUNC == syscall.MSG_CTRUNC
+ controlTrunc = msg.Flags&unix.MSG_CTRUNC == unix.MSG_CTRUNC
if n > length {
return length, n, msg.Controllen, controlTrunc, nil
@@ -85,13 +86,13 @@ func fdWriteVec(fd int, bufs [][]byte, maxlen int64, truncate bool) (int64, int6
copyFromMulti(intermediate, bufs)
}
- var msg syscall.Msghdr
+ var msg unix.Msghdr
if len(iovecs) > 0 {
msg.Iov = &iovecs[0]
msg.Iovlen = uint64(len(iovecs))
}
- n, _, e := syscall.RawSyscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), syscall.MSG_DONTWAIT|syscall.MSG_NOSIGNAL)
+ n, _, e := unix.RawSyscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), unix.MSG_DONTWAIT|unix.MSG_NOSIGNAL)
if e != 0 {
// N.B. prioritize the syscall error over the buildIovec error.
return 0, length, e
diff --git a/pkg/sentry/fsimpl/host/util.go b/pkg/sentry/fsimpl/host/util.go
index b2f43a119..63b465859 100644
--- a/pkg/sentry/fsimpl/host/util.go
+++ b/pkg/sentry/fsimpl/host/util.go
@@ -15,21 +15,19 @@
package host
import (
- "syscall"
-
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/syserror"
)
-func toTimespec(ts linux.StatxTimestamp, omit bool) syscall.Timespec {
+func toTimespec(ts linux.StatxTimestamp, omit bool) unix.Timespec {
if omit {
- return syscall.Timespec{
+ return unix.Timespec{
Sec: 0,
Nsec: unix.UTIME_OMIT,
}
}
- return syscall.Timespec{
+ return unix.Timespec{
Sec: ts.Sec,
Nsec: int64(ts.Nsec),
}
diff --git a/pkg/sentry/fsimpl/host/util_unsafe.go b/pkg/sentry/fsimpl/host/util_unsafe.go
index 5136ac844..b36eed2e2 100644
--- a/pkg/sentry/fsimpl/host/util_unsafe.go
+++ b/pkg/sentry/fsimpl/host/util_unsafe.go
@@ -15,13 +15,14 @@
package host
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
-func setTimestamps(fd int, ts *[2]syscall.Timespec) error {
- _, _, errno := syscall.Syscall6(
- syscall.SYS_UTIMENSAT,
+func setTimestamps(fd int, ts *[2]unix.Timespec) error {
+ _, _, errno := unix.Syscall6(
+ unix.SYS_UTIMENSAT,
uintptr(fd),
0, /* path */
uintptr(unsafe.Pointer(ts)),
diff --git a/pkg/sentry/hostfd/hostfd_unsafe.go b/pkg/sentry/hostfd/hostfd_unsafe.go
index 694371b1c..03c6d2a16 100644
--- a/pkg/sentry/hostfd/hostfd_unsafe.go
+++ b/pkg/sentry/hostfd/hostfd_unsafe.go
@@ -16,7 +16,6 @@ package hostfd
import (
"io"
- "syscall"
"unsafe"
"golang.org/x/sys/unix"
@@ -33,15 +32,15 @@ func Preadv2(fd int32, dsts safemem.BlockSeq, offset int64, flags uint32) (uint6
// return EFAULT if appropriate, instead of raising SIGBUS.
var (
n uintptr
- e syscall.Errno
+ e unix.Errno
)
if flags == 0 && dsts.NumBlocks() == 1 {
// Use read() or pread() to avoid iovec allocation and copying.
dst := dsts.Head()
if offset == -1 {
- n, _, e = syscall.Syscall(unix.SYS_READ, uintptr(fd), dst.Addr(), uintptr(dst.Len()))
+ n, _, e = unix.Syscall(unix.SYS_READ, uintptr(fd), dst.Addr(), uintptr(dst.Len()))
} else {
- n, _, e = syscall.Syscall6(unix.SYS_PREAD64, uintptr(fd), dst.Addr(), uintptr(dst.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */)
+ n, _, e = unix.Syscall6(unix.SYS_PREAD64, uintptr(fd), dst.Addr(), uintptr(dst.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */)
}
} else {
iovs := safemem.IovecsFromBlockSeq(dsts)
@@ -49,7 +48,7 @@ func Preadv2(fd int32, dsts safemem.BlockSeq, offset int64, flags uint32) (uint6
log.Debugf("hostfd.Preadv2: truncating from %d iovecs to %d", len(iovs), maxIov)
iovs = iovs[:maxIov]
}
- n, _, e = syscall.Syscall6(unix.SYS_PREADV2, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, uintptr(flags))
+ n, _, e = unix.Syscall6(unix.SYS_PREADV2, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, uintptr(flags))
}
if e != 0 {
return 0, e
@@ -69,15 +68,15 @@ func Pwritev2(fd int32, srcs safemem.BlockSeq, offset int64, flags uint32) (uint
// return EFAULT if appropriate, instead of raising SIGBUS.
var (
n uintptr
- e syscall.Errno
+ e unix.Errno
)
if flags == 0 && srcs.NumBlocks() == 1 {
// Use write() or pwrite() to avoid iovec allocation and copying.
src := srcs.Head()
if offset == -1 {
- n, _, e = syscall.Syscall(unix.SYS_WRITE, uintptr(fd), src.Addr(), uintptr(src.Len()))
+ n, _, e = unix.Syscall(unix.SYS_WRITE, uintptr(fd), src.Addr(), uintptr(src.Len()))
} else {
- n, _, e = syscall.Syscall6(unix.SYS_PWRITE64, uintptr(fd), src.Addr(), uintptr(src.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */)
+ n, _, e = unix.Syscall6(unix.SYS_PWRITE64, uintptr(fd), src.Addr(), uintptr(src.Len()), uintptr(offset), 0 /* pos_h */, 0 /* unused */)
}
} else {
iovs := safemem.IovecsFromBlockSeq(srcs)
@@ -85,7 +84,7 @@ func Pwritev2(fd int32, srcs safemem.BlockSeq, offset int64, flags uint32) (uint
log.Debugf("hostfd.Preadv2: truncating from %d iovecs to %d", len(iovs), maxIov)
iovs = iovs[:maxIov]
}
- n, _, e = syscall.Syscall6(unix.SYS_PWRITEV2, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, uintptr(flags))
+ n, _, e = unix.Syscall6(unix.SYS_PWRITEV2, uintptr(fd), uintptr((unsafe.Pointer)(&iovs[0])), uintptr(len(iovs)), uintptr(offset), 0 /* pos_h */, uintptr(flags))
}
if e != 0 {
return 0, e
diff --git a/pkg/sentry/hostmm/hostmm.go b/pkg/sentry/hostmm/hostmm.go
index 506c7864a..c47b96b54 100644
--- a/pkg/sentry/hostmm/hostmm.go
+++ b/pkg/sentry/hostmm/hostmm.go
@@ -20,8 +20,8 @@ import (
"fmt"
"os"
"path"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/usermem"
@@ -60,7 +60,7 @@ func NotifyCurrentMemcgPressureCallback(f func(), level string) (func(), error)
}
// Don't use fmt.Fprintf since the whole string needs to be written in a
- // single syscall.
+ // single unix.
eventControlStr := fmt.Sprintf("%d %d %s", eventFD.FD(), pressureFile.Fd(), level)
if n, err := eventControlFile.Write([]byte(eventControlStr)); n != len(eventControlStr) || err != nil {
eventFD.Close()
@@ -80,7 +80,7 @@ func NotifyCurrentMemcgPressureCallback(f func(), level string) (func(), error)
for {
n, err := rw.Read(buf[:])
if err != nil {
- if err == syscall.EINTR {
+ if err == unix.EINTR {
continue
}
panic(fmt.Sprintf("failed to read from memory pressure level eventfd: %v", err))
@@ -107,7 +107,7 @@ func NotifyCurrentMemcgPressureCallback(f func(), level string) (func(), error)
for {
n, err := rw.Write(buf[:])
if err != nil {
- if err == syscall.EINTR {
+ if err == unix.EINTR {
continue
}
panic(fmt.Sprintf("failed to write to memory pressure level eventfd: %v", err))
@@ -122,7 +122,7 @@ func NotifyCurrentMemcgPressureCallback(f func(), level string) (func(), error)
}
func newEventFD() (*fd.FD, error) {
- f, _, e := syscall.Syscall(syscall.SYS_EVENTFD2, 0, 0, 0)
+ f, _, e := unix.Syscall(unix.SYS_EVENTFD2, 0, 0, 0)
if e != 0 {
return nil, fmt.Errorf("failed to create eventfd: %v", e)
}
diff --git a/pkg/sentry/hostmm/membarrier.go b/pkg/sentry/hostmm/membarrier.go
index 4468d75f1..e4e61a398 100644
--- a/pkg/sentry/hostmm/membarrier.go
+++ b/pkg/sentry/hostmm/membarrier.go
@@ -15,8 +15,6 @@
package hostmm
import (
- "syscall"
-
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/log"
@@ -28,9 +26,9 @@ var (
)
func init() {
- supported, _, e := syscall.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_QUERY, 0 /* flags */, 0 /* unused */)
+ supported, _, e := unix.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_QUERY, 0 /* flags */, 0 /* unused */)
if e != 0 {
- if e != syscall.ENOSYS {
+ if e != unix.ENOSYS {
log.Warningf("membarrier(MEMBARRIER_CMD_QUERY) failed: %s", e.Error())
}
return
@@ -46,7 +44,7 @@ func init() {
haveMembarrierGlobal = true
}
if req := uintptr(linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED | linux.MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED); supported&req == req {
- if _, _, e := syscall.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED, 0 /* flags */, 0 /* unused */); e != 0 {
+ if _, _, e := unix.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED, 0 /* flags */, 0 /* unused */); e != 0 {
log.Warningf("membarrier(MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED) failed: %s", e.Error())
} else {
haveMembarrierPrivateExpedited = true
@@ -66,7 +64,7 @@ func HaveGlobalMemoryBarrier() bool {
//
// Preconditions: HaveGlobalMemoryBarrier() == true.
func GlobalMemoryBarrier() error {
- if _, _, e := syscall.Syscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_GLOBAL, 0 /* flags */, 0 /* unused */); e != 0 {
+ if _, _, e := unix.Syscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_GLOBAL, 0 /* flags */, 0 /* unused */); e != 0 {
return e
}
return nil
@@ -83,7 +81,7 @@ func HaveProcessMemoryBarrier() bool {
//
// Preconditions: HaveProcessMemoryBarrier() == true.
func ProcessMemoryBarrier() error {
- if _, _, e := syscall.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED, 0 /* flags */, 0 /* unused */); e != 0 {
+ if _, _, e := unix.RawSyscall(unix.SYS_MEMBARRIER, linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED, 0 /* flags */, 0 /* unused */); e != 0 {
return e
}
return nil
diff --git a/pkg/sentry/kernel/abstract_socket_namespace.go b/pkg/sentry/kernel/abstract_socket_namespace.go
index 0ddbe5ff6..d100e58d7 100644
--- a/pkg/sentry/kernel/abstract_socket_namespace.go
+++ b/pkg/sentry/kernel/abstract_socket_namespace.go
@@ -16,8 +16,8 @@ package kernel
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/refsvfs2"
"gvisor.dev/gvisor/pkg/sentry/socket/unix/transport"
@@ -97,7 +97,7 @@ func (a *AbstractSocketNamespace) Bind(ctx context.Context, name string, ep tran
if ep, ok := a.endpoints[name]; ok {
if ep.socket.TryIncRef() {
ep.socket.DecRef(ctx)
- return syscall.EADDRINUSE
+ return unix.EADDRINUSE
}
}
diff --git a/pkg/sentry/kernel/epoll/epoll.go b/pkg/sentry/kernel/epoll/epoll.go
index 407b6e917..ba73a7812 100644
--- a/pkg/sentry/kernel/epoll/epoll.go
+++ b/pkg/sentry/kernel/epoll/epoll.go
@@ -24,8 +24,8 @@ package epoll
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/refs"
@@ -173,12 +173,12 @@ func (e *EventPoll) Release(ctx context.Context) {
// Read implements fs.FileOperations.Read.
func (*EventPoll) Read(context.Context, *fs.File, usermem.IOSequence, int64) (int64, error) {
- return 0, syscall.ENOSYS
+ return 0, unix.ENOSYS
}
// Write implements fs.FileOperations.Write.
func (*EventPoll) Write(context.Context, *fs.File, usermem.IOSequence, int64) (int64, error) {
- return 0, syscall.ENOSYS
+ return 0, unix.ENOSYS
}
// eventsAvailable determines if 'e' has events available for delivery.
@@ -358,18 +358,18 @@ func (e *EventPoll) AddEntry(id FileIdentifier, flags EntryFlags, mask waiter.Ev
// Fail if the file already has an entry.
if _, ok := e.files[id]; ok {
- return syscall.EEXIST
+ return unix.EEXIST
}
// Check if a cycle would be created. We use 4 as the limit because
// that's the value used by linux and we want to emulate it.
if ep != nil {
if e == ep {
- return syscall.EINVAL
+ return unix.EINVAL
}
if ep.observes(e, 4) {
- return syscall.ELOOP
+ return unix.ELOOP
}
}
@@ -404,7 +404,7 @@ func (e *EventPoll) UpdateEntry(id FileIdentifier, flags EntryFlags, mask waiter
// Fail if the file doesn't have an entry.
entry, ok := e.files[id]
if !ok {
- return syscall.ENOENT
+ return unix.ENOENT
}
// Unregister the old mask and remove entry from the list it's in, so
@@ -435,7 +435,7 @@ func (e *EventPoll) RemoveEntry(ctx context.Context, id FileIdentifier) error {
// Fail if the file doesn't have an entry.
entry, ok := e.files[id]
if !ok {
- return syscall.ENOENT
+ return unix.ENOENT
}
// Unregister from file first so that no concurrent attempts will be
diff --git a/pkg/sentry/kernel/eventfd/eventfd.go b/pkg/sentry/kernel/eventfd/eventfd.go
index bbf568dfc..64f1cc631 100644
--- a/pkg/sentry/kernel/eventfd/eventfd.go
+++ b/pkg/sentry/kernel/eventfd/eventfd.go
@@ -18,8 +18,8 @@ package eventfd
import (
"math"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -91,13 +91,13 @@ func (e *EventOperations) HostFD() (int, error) {
flags |= linux.EFD_SEMAPHORE
}
- fd, _, err := syscall.Syscall(syscall.SYS_EVENTFD2, uintptr(e.val), uintptr(flags), 0)
+ fd, _, err := unix.Syscall(unix.SYS_EVENTFD2, uintptr(e.val), uintptr(flags), 0)
if err != 0 {
return -1, err
}
if err := fdnotifier.AddFD(int32(fd), &e.wq); err != nil {
- syscall.Close(int(fd))
+ unix.Close(int(fd))
return -1, err
}
@@ -111,7 +111,7 @@ func (e *EventOperations) Release(context.Context) {
defer e.mu.Unlock()
if e.hostfd >= 0 {
fdnotifier.RemoveFD(int32(e.hostfd))
- syscall.Close(e.hostfd)
+ unix.Close(e.hostfd)
e.hostfd = -1
}
}
@@ -119,7 +119,7 @@ func (e *EventOperations) Release(context.Context) {
// Read implements fs.FileOperations.Read.
func (e *EventOperations) Read(ctx context.Context, _ *fs.File, dst usermem.IOSequence, _ int64) (int64, error) {
if dst.NumBytes() < 8 {
- return 0, syscall.EINVAL
+ return 0, unix.EINVAL
}
if err := e.read(ctx, dst); err != nil {
return 0, err
@@ -130,7 +130,7 @@ func (e *EventOperations) Read(ctx context.Context, _ *fs.File, dst usermem.IOSe
// Write implements fs.FileOperations.Write.
func (e *EventOperations) Write(ctx context.Context, _ *fs.File, src usermem.IOSequence, _ int64) (int64, error) {
if src.NumBytes() < 8 {
- return 0, syscall.EINVAL
+ return 0, unix.EINVAL
}
if err := e.write(ctx, src); err != nil {
return 0, err
@@ -142,8 +142,8 @@ func (e *EventOperations) Write(ctx context.Context, _ *fs.File, src usermem.IOS
func (e *EventOperations) hostRead(ctx context.Context, dst usermem.IOSequence) error {
var buf [8]byte
- if _, err := syscall.Read(e.hostfd, buf[:]); err != nil {
- if err == syscall.EWOULDBLOCK {
+ if _, err := unix.Read(e.hostfd, buf[:]); err != nil {
+ if err == unix.EWOULDBLOCK {
return syserror.ErrWouldBlock
}
return err
@@ -195,8 +195,8 @@ func (e *EventOperations) read(ctx context.Context, dst usermem.IOSequence) erro
func (e *EventOperations) hostWrite(val uint64) error {
var buf [8]byte
usermem.ByteOrder.PutUint64(buf[:], val)
- _, err := syscall.Write(e.hostfd, buf[:])
- if err == syscall.EWOULDBLOCK {
+ _, err := unix.Write(e.hostfd, buf[:])
+ if err == unix.EWOULDBLOCK {
return syserror.ErrWouldBlock
}
return err
@@ -215,7 +215,7 @@ func (e *EventOperations) write(ctx context.Context, src usermem.IOSequence) err
// Signal is an internal function to signal the event fd.
func (e *EventOperations) Signal(val uint64) error {
if val == math.MaxUint64 {
- return syscall.EINVAL
+ return unix.EINVAL
}
e.mu.Lock()
diff --git a/pkg/sentry/kernel/fd_table.go b/pkg/sentry/kernel/fd_table.go
index a6afabb1c..10885688c 100644
--- a/pkg/sentry/kernel/fd_table.go
+++ b/pkg/sentry/kernel/fd_table.go
@@ -19,8 +19,8 @@ import (
"math"
"strings"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -253,7 +253,7 @@ func (f *FDTable) String() string {
func (f *FDTable) NewFDs(ctx context.Context, fd int32, files []*fs.File, flags FDFlags) (fds []int32, err error) {
if fd < 0 {
// Don't accept negative FDs.
- return nil, syscall.EINVAL
+ return nil, unix.EINVAL
}
// Default limit.
@@ -266,7 +266,7 @@ func (f *FDTable) NewFDs(ctx context.Context, fd int32, files []*fs.File, flags
end = int32(lim.Cur)
}
if fd >= end {
- return nil, syscall.EMFILE
+ return nil, unix.EMFILE
}
}
@@ -300,7 +300,7 @@ func (f *FDTable) NewFDs(ctx context.Context, fd int32, files []*fs.File, flags
for _, file := range files[:len(fds)] {
file.DecRef(ctx)
}
- return nil, syscall.EMFILE
+ return nil, unix.EMFILE
}
if fd == f.next {
@@ -318,7 +318,7 @@ func (f *FDTable) NewFDs(ctx context.Context, fd int32, files []*fs.File, flags
func (f *FDTable) NewFDsVFS2(ctx context.Context, fd int32, files []*vfs.FileDescription, flags FDFlags) (fds []int32, err error) {
if fd < 0 {
// Don't accept negative FDs.
- return nil, syscall.EINVAL
+ return nil, unix.EINVAL
}
// Default limit.
@@ -331,7 +331,7 @@ func (f *FDTable) NewFDsVFS2(ctx context.Context, fd int32, files []*vfs.FileDes
end = int32(lim.Cur)
}
if fd >= end {
- return nil, syscall.EMFILE
+ return nil, unix.EMFILE
}
}
@@ -365,7 +365,7 @@ func (f *FDTable) NewFDsVFS2(ctx context.Context, fd int32, files []*vfs.FileDes
for _, file := range files[:len(fds)] {
file.DecRef(ctx)
}
- return nil, syscall.EMFILE
+ return nil, unix.EMFILE
}
if fd == f.next {
@@ -382,7 +382,7 @@ func (f *FDTable) NewFDsVFS2(ctx context.Context, fd int32, files []*vfs.FileDes
func (f *FDTable) NewFDVFS2(ctx context.Context, minfd int32, file *vfs.FileDescription, flags FDFlags) (int32, error) {
if minfd < 0 {
// Don't accept negative FDs.
- return -1, syscall.EINVAL
+ return -1, unix.EINVAL
}
// Default limit.
@@ -395,7 +395,7 @@ func (f *FDTable) NewFDVFS2(ctx context.Context, minfd int32, file *vfs.FileDesc
end = int32(lim.Cur)
}
if minfd >= end {
- return -1, syscall.EMFILE
+ return -1, unix.EMFILE
}
}
@@ -418,7 +418,7 @@ func (f *FDTable) NewFDVFS2(ctx context.Context, minfd int32, file *vfs.FileDesc
}
fd++
}
- return -1, syscall.EMFILE
+ return -1, unix.EMFILE
}
// NewFDAt sets the file reference for the given FD. If there is an active
@@ -452,13 +452,13 @@ func (f *FDTable) NewFDAtVFS2(ctx context.Context, fd int32, file *vfs.FileDescr
func (f *FDTable) newFDAt(ctx context.Context, fd int32, file *fs.File, fileVFS2 *vfs.FileDescription, flags FDFlags) (*fs.File, *vfs.FileDescription, error) {
if fd < 0 {
// Don't accept negative FDs.
- return nil, nil, syscall.EBADF
+ return nil, nil, unix.EBADF
}
// Check the limit for the provided file.
if limitSet := limits.FromContext(ctx); limitSet != nil {
if lim := limitSet.Get(limits.NumberOfFiles); lim.Cur != limits.Infinity && uint64(fd) >= lim.Cur {
- return nil, nil, syscall.EMFILE
+ return nil, nil, unix.EMFILE
}
}
@@ -476,7 +476,7 @@ func (f *FDTable) newFDAt(ctx context.Context, fd int32, file *fs.File, fileVFS2
func (f *FDTable) SetFlags(ctx context.Context, fd int32, flags FDFlags) error {
if fd < 0 {
// Don't accept negative FDs.
- return syscall.EBADF
+ return unix.EBADF
}
f.mu.Lock()
@@ -485,7 +485,7 @@ func (f *FDTable) SetFlags(ctx context.Context, fd int32, flags FDFlags) error {
file, _, _ := f.get(fd)
if file == nil {
// No file found.
- return syscall.EBADF
+ return unix.EBADF
}
// Update the flags.
@@ -499,7 +499,7 @@ func (f *FDTable) SetFlags(ctx context.Context, fd int32, flags FDFlags) error {
func (f *FDTable) SetFlagsVFS2(ctx context.Context, fd int32, flags FDFlags) error {
if fd < 0 {
// Don't accept negative FDs.
- return syscall.EBADF
+ return unix.EBADF
}
f.mu.Lock()
@@ -508,7 +508,7 @@ func (f *FDTable) SetFlagsVFS2(ctx context.Context, fd int32, flags FDFlags) err
file, _, _ := f.getVFS2(fd)
if file == nil {
// No file found.
- return syscall.EBADF
+ return unix.EBADF
}
// Update the flags.
diff --git a/pkg/sentry/kernel/pipe/pipe.go b/pkg/sentry/kernel/pipe/pipe.go
index 2c8668fc4..68a55a186 100644
--- a/pkg/sentry/kernel/pipe/pipe.go
+++ b/pkg/sentry/kernel/pipe/pipe.go
@@ -19,8 +19,8 @@ import (
"fmt"
"io"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/safemem"
"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -244,7 +244,7 @@ func (p *Pipe) consumeLocked(n int64) {
func (p *Pipe) writeLocked(count int64, f func(safemem.BlockSeq) (uint64, error)) (int64, error) {
// Can't write to a pipe with no readers.
if !p.HasReaders() {
- return 0, syscall.EPIPE
+ return 0, unix.EPIPE
}
avail := p.max - p.size
diff --git a/pkg/sentry/kernel/pipe/pipe_util.go b/pkg/sentry/kernel/pipe/pipe_util.go
index 77246edbe..76ea389ca 100644
--- a/pkg/sentry/kernel/pipe/pipe_util.go
+++ b/pkg/sentry/kernel/pipe/pipe_util.go
@@ -17,8 +17,8 @@ package pipe
import (
"io"
"math"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/amutex"
"gvisor.dev/gvisor/pkg/context"
@@ -139,7 +139,7 @@ func (p *Pipe) Ioctl(ctx context.Context, io usermem.IO, args arch.SyscallArgume
_, err := primitive.CopyInt32Out(&iocc, args[2].Pointer(), int32(v))
return 0, err
default:
- return 0, syscall.ENOTTY
+ return 0, unix.ENOTTY
}
}
diff --git a/pkg/sentry/kernel/seccomp.go b/pkg/sentry/kernel/seccomp.go
index 60917e7d3..8163a6132 100644
--- a/pkg/sentry/kernel/seccomp.go
+++ b/pkg/sentry/kernel/seccomp.go
@@ -15,8 +15,7 @@
package kernel
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/bpf"
"gvisor.dev/gvisor/pkg/sentry/arch"
@@ -83,7 +82,7 @@ func (t *Task) checkSeccompSyscall(sysno int32, args arch.SyscallArguments, ip u
// the system call is not executed."
if !t.ptraceSeccomp(result.Data()) {
// This useless-looking temporary is needed because Go.
- tmp := uintptr(syscall.ENOSYS)
+ tmp := uintptr(unix.ENOSYS)
t.Arch().SetReturn(-tmp)
return linux.SECCOMP_RET_ERRNO
}
diff --git a/pkg/sentry/kernel/task_syscall.go b/pkg/sentry/kernel/task_syscall.go
index 0141459e7..2e84bd88a 100644
--- a/pkg/sentry/kernel/task_syscall.go
+++ b/pkg/sentry/kernel/task_syscall.go
@@ -18,8 +18,8 @@ import (
"fmt"
"os"
"runtime/trace"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/bits"
"gvisor.dev/gvisor/pkg/marshal"
@@ -113,7 +113,7 @@ func (t *Task) executeSyscall(sysno uintptr, args arch.SyscallArguments) (rval u
if bits.IsOn32(fe, ExternalAfterEnable) && (s.ExternalFilterAfter == nil || s.ExternalFilterAfter(t, sysno, args)) {
t.invokeExternal()
- // Don't reinvoke the syscall.
+ // Don't reinvoke the unix.
}
if bits.IsAnyOn32(fe, StraceEnableBits) {
@@ -147,7 +147,7 @@ func (t *Task) doSyscall() taskRunState {
// Tracers expect to see this between when the task traps into the kernel
// to perform a syscall and when the syscall is actually invoked.
// This useless-looking temporary is needed because Go.
- tmp := uintptr(syscall.ENOSYS)
+ tmp := uintptr(unix.ENOSYS)
t.Arch().SetReturn(-tmp)
// Check seccomp filters. The nil check is for performance (as seccomp use
@@ -379,7 +379,7 @@ func ExtractErrno(err error, sysno int) int {
switch err := err.(type) {
case nil:
return 0
- case syscall.Errno:
+ case unix.Errno:
return int(err)
case syserror.SyscallRestartErrno:
return int(err)
@@ -387,7 +387,7 @@ func ExtractErrno(err error, sysno int) int {
// Bus errors may generate SIGBUS, but for syscalls they still
// return EFAULT. See case in task_run.go where the fault is
// handled (and the SIGBUS is delivered).
- return int(syscall.EFAULT)
+ return int(unix.EFAULT)
case *os.PathError:
return ExtractErrno(err.Err, sysno)
case *os.LinkError:
diff --git a/pkg/sentry/limits/limits.go b/pkg/sentry/limits/limits.go
index 31b9e9ff6..7c6c4df01 100644
--- a/pkg/sentry/limits/limits.go
+++ b/pkg/sentry/limits/limits.go
@@ -16,8 +16,7 @@
package limits
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/sync"
)
@@ -125,10 +124,10 @@ func (l *LimitSet) Set(t LimitType, v Limit, privileged bool) (Limit, error) {
if _, ok := l.data[t]; ok {
// Unprivileged users can only lower their hard limits.
if l.data[t].Max < v.Max && !privileged {
- return Limit{}, syscall.EPERM
+ return Limit{}, unix.EPERM
}
if v.Cur > v.Max {
- return Limit{}, syscall.EINVAL
+ return Limit{}, unix.EINVAL
}
}
old := l.data[t]
diff --git a/pkg/sentry/pgalloc/pgalloc.go b/pkg/sentry/pgalloc/pgalloc.go
index d99be7f46..58cc11a13 100644
--- a/pkg/sentry/pgalloc/pgalloc.go
+++ b/pkg/sentry/pgalloc/pgalloc.go
@@ -26,9 +26,9 @@ import (
"math"
"os"
"sync/atomic"
- "syscall"
"time"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/log"
@@ -341,12 +341,12 @@ func NewMemoryFile(file *os.File, opts MemoryFileOpts) (*MemoryFile, error) {
// Work around IMA by immediately creating a temporary PROT_EXEC mapping,
// while the backing file is still small. IMA will ignore any future
// mappings.
- m, _, errno := syscall.Syscall6(
- syscall.SYS_MMAP,
+ m, _, errno := unix.Syscall6(
+ unix.SYS_MMAP,
0,
usermem.PageSize,
- syscall.PROT_EXEC,
- syscall.MAP_SHARED,
+ unix.PROT_EXEC,
+ unix.MAP_SHARED,
file.Fd(),
0)
if errno != 0 {
@@ -354,8 +354,8 @@ func NewMemoryFile(file *os.File, opts MemoryFileOpts) (*MemoryFile, error) {
// don't return it.
log.Warningf("Failed to pre-map MemoryFile PROT_EXEC: %v", errno)
} else {
- if _, _, errno := syscall.Syscall(
- syscall.SYS_MUNMAP,
+ if _, _, errno := unix.Syscall(
+ unix.SYS_MUNMAP,
m,
usermem.PageSize,
0); errno != 0 {
@@ -584,7 +584,7 @@ func (f *MemoryFile) decommitFile(fr memmap.FileRange) error {
// "After a successful call, subsequent reads from this range will
// return zeroes. The FALLOC_FL_PUNCH_HOLE flag must be ORed with
// FALLOC_FL_KEEP_SIZE in mode ..." - fallocate(2)
- return syscall.Fallocate(
+ return unix.Fallocate(
int(f.file.Fd()),
_FALLOC_FL_PUNCH_HOLE|_FALLOC_FL_KEEP_SIZE,
int64(fr.Start),
@@ -730,12 +730,12 @@ func (f *MemoryFile) getChunkMapping(chunk int) ([]uintptr, uintptr, error) {
if m := mappings[chunk]; m != 0 {
return mappings, m, nil
}
- m, _, errno := syscall.Syscall6(
- syscall.SYS_MMAP,
+ m, _, errno := unix.Syscall6(
+ unix.SYS_MMAP,
0,
chunkSize,
- syscall.PROT_READ|syscall.PROT_WRITE,
- syscall.MAP_SHARED,
+ unix.PROT_READ|unix.PROT_WRITE,
+ unix.MAP_SHARED,
f.file.Fd(),
uintptr(chunk<<chunkShift))
if errno != 0 {
@@ -1012,8 +1012,8 @@ func (f *MemoryFile) TotalUsage() (uint64, error) {
// Stat the underlying file to discover the underlying usage. stat(2)
// always reports the allocated block count in units of 512 bytes. This
// includes pages in the page cache and swapped pages.
- var stat syscall.Stat_t
- if err := syscall.Fstat(int(f.file.Fd()), &stat); err != nil {
+ var stat unix.Stat_t
+ if err := unix.Fstat(int(f.file.Fd()), &stat); err != nil {
return 0, err
}
return uint64(stat.Blocks * 512), nil
@@ -1093,7 +1093,7 @@ func (f *MemoryFile) runReclaim() {
mappings := f.mappings.Load().([]uintptr)
for i, m := range mappings {
if m != 0 {
- _, _, errno := syscall.Syscall(syscall.SYS_MUNMAP, m, chunkSize, 0)
+ _, _, errno := unix.Syscall(unix.SYS_MUNMAP, m, chunkSize, 0)
if errno != 0 {
log.Warningf("Failed to unmap mapping %#x for MemoryFile chunk %d: %v", m, i, errno)
}
diff --git a/pkg/sentry/pgalloc/pgalloc_unsafe.go b/pkg/sentry/pgalloc/pgalloc_unsafe.go
index a4b5d581c..71f8f66c1 100644
--- a/pkg/sentry/pgalloc/pgalloc_unsafe.go
+++ b/pkg/sentry/pgalloc/pgalloc_unsafe.go
@@ -16,8 +16,9 @@ package pgalloc
import (
"reflect"
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
func unsafeSlice(addr uintptr, length int) (slice []byte) {
@@ -29,8 +30,8 @@ func unsafeSlice(addr uintptr, length int) (slice []byte) {
}
func mincore(s []byte, buf []byte) error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_MINCORE,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_MINCORE,
uintptr(unsafe.Pointer(&s[0])),
uintptr(len(s)),
uintptr(unsafe.Pointer(&buf[0]))); errno != 0 {
diff --git a/pkg/sentry/pgalloc/save_restore.go b/pkg/sentry/pgalloc/save_restore.go
index 78317fa35..e05c8d074 100644
--- a/pkg/sentry/pgalloc/save_restore.go
+++ b/pkg/sentry/pgalloc/save_restore.go
@@ -21,8 +21,8 @@ import (
"io"
"runtime"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/sentry/usage"
"gvisor.dev/gvisor/pkg/state"
@@ -66,7 +66,7 @@ func (f *MemoryFile) SaveTo(ctx context.Context, w wire.Writer) error {
// associated backing store. This is equivalent to punching a hole
// in the corresponding byte range of the backing store (see
// fallocate(2))." - madvise(2)
- if err := syscall.Madvise(pg, syscall.MADV_REMOVE); err != nil {
+ if err := unix.Madvise(pg, unix.MADV_REMOVE); err != nil {
// This doesn't impact the correctness of saved memory, it
// just means that we're incrementally more likely to OOM.
// Complain, but don't abort saving.
diff --git a/pkg/sentry/platform/kvm/bluepill.go b/pkg/sentry/platform/kvm/bluepill.go
index 2c970162e..fd1131638 100644
--- a/pkg/sentry/platform/kvm/bluepill.go
+++ b/pkg/sentry/platform/kvm/bluepill.go
@@ -17,8 +17,8 @@ package kvm
import (
"fmt"
"reflect"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/safecopy"
"gvisor.dev/gvisor/pkg/sentry/arch"
@@ -41,7 +41,7 @@ var (
//
// We use SIGCHLD because it is not masked by the runtime, and
// it will be ignored properly by other parts of the kernel.
- bounceSignal = syscall.SIGCHLD
+ bounceSignal = unix.SIGCHLD
// bounceSignalMask has only bounceSignal set.
bounceSignalMask = uint64(1 << (uint64(bounceSignal) - 1))
@@ -62,7 +62,7 @@ var (
//
//go:nosplit
func redpill() {
- syscall.RawSyscall(^uintptr(0), 0, 0, 0)
+ unix.RawSyscall(^uintptr(0), 0, 0, 0)
}
// dieHandler is called by dieTrampoline.
diff --git a/pkg/sentry/platform/kvm/bluepill_amd64.go b/pkg/sentry/platform/kvm/bluepill_amd64.go
index 83a4766fb..f4b9a5321 100644
--- a/pkg/sentry/platform/kvm/bluepill_amd64.go
+++ b/pkg/sentry/platform/kvm/bluepill_amd64.go
@@ -17,15 +17,14 @@
package kvm
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/sentry/arch"
)
var (
// The action for bluepillSignal is changed by sigaction().
- bluepillSignal = syscall.SIGSEGV
+ bluepillSignal = unix.SIGSEGV
)
// bluepillArchEnter is called during bluepillEnter.
diff --git a/pkg/sentry/platform/kvm/bluepill_amd64_unsafe.go b/pkg/sentry/platform/kvm/bluepill_amd64_unsafe.go
index 0063e947b..198bafdea 100644
--- a/pkg/sentry/platform/kvm/bluepill_amd64_unsafe.go
+++ b/pkg/sentry/platform/kvm/bluepill_amd64_unsafe.go
@@ -17,9 +17,9 @@
package kvm
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/sentry/arch"
)
@@ -68,8 +68,8 @@ func getHypercallID(addr uintptr) int {
func bluepillStopGuest(c *vCPU) {
// Interrupt: we must have requested an interrupt
// window; set the interrupt line.
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_INTERRUPT,
uintptr(unsafe.Pointer(&bounce))); errno != 0 {
@@ -83,8 +83,8 @@ func bluepillStopGuest(c *vCPU) {
//
//go:nosplit
func bluepillSigBus(c *vCPU) {
- if _, _, errno := syscall.RawSyscall( // escapes: no.
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall( // escapes: no.
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_NMI, 0); errno != 0 {
throw("NMI injection failed")
diff --git a/pkg/sentry/platform/kvm/bluepill_arm64.go b/pkg/sentry/platform/kvm/bluepill_arm64.go
index 6846abee9..e26b7da8d 100644
--- a/pkg/sentry/platform/kvm/bluepill_arm64.go
+++ b/pkg/sentry/platform/kvm/bluepill_arm64.go
@@ -17,15 +17,14 @@
package kvm
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/sentry/arch"
)
var (
// The action for bluepillSignal is changed by sigaction().
- bluepillSignal = syscall.SIGILL
+ bluepillSignal = unix.SIGILL
// vcpuSErrBounce is the event of system error for bouncing KVM.
vcpuSErrBounce = kvmVcpuEvents{
diff --git a/pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go b/pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go
index dbbf2a897..07fc4f216 100644
--- a/pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go
+++ b/pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go
@@ -17,9 +17,9 @@
package kvm
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/sentry/arch"
)
@@ -80,8 +80,8 @@ func getHypercallID(addr uintptr) int {
//
//go:nosplit
func bluepillStopGuest(c *vCPU) {
- if _, _, errno := syscall.RawSyscall( // escapes: no.
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall( // escapes: no.
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_VCPU_EVENTS,
uintptr(unsafe.Pointer(&vcpuSErrBounce))); errno != 0 {
@@ -94,12 +94,12 @@ func bluepillStopGuest(c *vCPU) {
//go:nosplit
func bluepillSigBus(c *vCPU) {
// Host must support ARM64_HAS_RAS_EXTN.
- if _, _, errno := syscall.RawSyscall( // escapes: no.
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall( // escapes: no.
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_VCPU_EVENTS,
uintptr(unsafe.Pointer(&vcpuSErrNMI))); errno != 0 {
- if errno == syscall.EINVAL {
+ if errno == unix.EINVAL {
throw("No ARM64_HAS_RAS_EXTN feature in host.")
}
throw("nmi sErr injection failed")
@@ -110,8 +110,8 @@ func bluepillSigBus(c *vCPU) {
//
//go:nosplit
func bluepillExtDabt(c *vCPU) {
- if _, _, errno := syscall.RawSyscall( // escapes: no.
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall( // escapes: no.
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_VCPU_EVENTS,
uintptr(unsafe.Pointer(&vcpuExtDabt))); errno != 0 {
diff --git a/pkg/sentry/platform/kvm/bluepill_fault.go b/pkg/sentry/platform/kvm/bluepill_fault.go
index a182e4f22..37c53fa02 100644
--- a/pkg/sentry/platform/kvm/bluepill_fault.go
+++ b/pkg/sentry/platform/kvm/bluepill_fault.go
@@ -16,8 +16,8 @@ package kvm
import (
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/usermem"
)
@@ -40,7 +40,7 @@ const (
//
//go:nosplit
func yield() {
- syscall.RawSyscall(syscall.SYS_SCHED_YIELD, 0, 0, 0)
+ unix.RawSyscall(unix.SYS_SCHED_YIELD, 0, 0, 0)
}
// calculateBluepillFault calculates the fault address range.
@@ -112,16 +112,16 @@ func handleBluepillFault(m *machine, physical uintptr, phyRegions []physicalRegi
atomic.StoreUint32(&m.nextSlot, slot)
switch errno {
- case syscall.EEXIST:
+ case unix.EEXIST:
// The region already exists. It's possible that we raced with
// another vCPU here. We just revert nextSlot and return true,
// because this must have been satisfied by some other vCPU.
return virtualStart + (physical - physicalStart), true
- case syscall.EINVAL:
+ case unix.EINVAL:
throw("set memory region failed; out of slots")
- case syscall.ENOMEM:
+ case unix.ENOMEM:
throw("set memory region failed: out of memory")
- case syscall.EFAULT:
+ case unix.EFAULT:
throw("set memory region failed: invalid physical range")
default:
throw("set memory region failed: unknown reason")
diff --git a/pkg/sentry/platform/kvm/bluepill_unsafe.go b/pkg/sentry/platform/kvm/bluepill_unsafe.go
index 55da6dd95..6f87236ad 100644
--- a/pkg/sentry/platform/kvm/bluepill_unsafe.go
+++ b/pkg/sentry/platform/kvm/bluepill_unsafe.go
@@ -21,9 +21,9 @@ package kvm
import (
"sync/atomic"
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/sentry/arch"
)
@@ -102,23 +102,23 @@ func bluepillHandler(context unsafe.Pointer) {
}
for {
- _, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(c.fd), _KVM_RUN, 0) // escapes: no.
+ _, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(c.fd), _KVM_RUN, 0) // escapes: no.
switch errno {
case 0: // Expected case.
- case syscall.EINTR:
+ case unix.EINTR:
// First, we process whatever pending signal
// interrupted KVM. Since we're in a signal handler
// currently, all signals are masked and the signal
// must have been delivered directly to this thread.
- timeout := syscall.Timespec{}
- sig, _, errno := syscall.RawSyscall6( // escapes: no.
- syscall.SYS_RT_SIGTIMEDWAIT,
+ timeout := unix.Timespec{}
+ sig, _, errno := unix.RawSyscall6( // escapes: no.
+ unix.SYS_RT_SIGTIMEDWAIT,
uintptr(unsafe.Pointer(&bounceSignalMask)),
0, // siginfo.
uintptr(unsafe.Pointer(&timeout)), // timeout.
8, // sigset size.
0, 0)
- if errno == syscall.EAGAIN {
+ if errno == unix.EAGAIN {
continue
}
if errno != 0 {
@@ -140,7 +140,7 @@ func bluepillHandler(context unsafe.Pointer) {
c.runData.requestInterruptWindow = 1
continue // Rerun vCPU.
}
- case syscall.EFAULT:
+ case unix.EFAULT:
// If a fault is not serviceable due to the host
// backing pages having page permissions, instead of an
// MMIO exit we receive EFAULT from the run ioctl. We
@@ -148,7 +148,7 @@ func bluepillHandler(context unsafe.Pointer) {
// mode and have interrupts disabled.
bluepillSigBus(c)
continue // Rerun vCPU.
- case syscall.ENOSYS:
+ case unix.ENOSYS:
bluepillHandleEnosys(c)
continue
default:
diff --git a/pkg/sentry/platform/kvm/filters_amd64.go b/pkg/sentry/platform/kvm/filters_amd64.go
index d3d216aa5..a78be3403 100644
--- a/pkg/sentry/platform/kvm/filters_amd64.go
+++ b/pkg/sentry/platform/kvm/filters_amd64.go
@@ -15,8 +15,6 @@
package kvm
import (
- "syscall"
-
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
@@ -26,17 +24,17 @@ import (
// SyscallFilters returns syscalls made exclusively by the KVM platform.
func (*KVM) SyscallFilters() seccomp.SyscallRules {
return seccomp.SyscallRules{
- syscall.SYS_ARCH_PRCTL: {},
- syscall.SYS_IOCTL: {},
+ unix.SYS_ARCH_PRCTL: {},
+ unix.SYS_IOCTL: {},
unix.SYS_MEMBARRIER: []seccomp.Rule{
{
seccomp.EqualTo(linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED),
seccomp.EqualTo(0),
},
},
- syscall.SYS_MMAP: {},
- syscall.SYS_RT_SIGSUSPEND: {},
- syscall.SYS_RT_SIGTIMEDWAIT: {},
- 0xffffffffffffffff: {}, // KVM uses syscall -1 to transition to host.
+ unix.SYS_MMAP: {},
+ unix.SYS_RT_SIGSUSPEND: {},
+ unix.SYS_RT_SIGTIMEDWAIT: {},
+ 0xffffffffffffffff: {}, // KVM uses syscall -1 to transition to host.
}
}
diff --git a/pkg/sentry/platform/kvm/filters_arm64.go b/pkg/sentry/platform/kvm/filters_arm64.go
index 21abc2a3d..4e5b91048 100644
--- a/pkg/sentry/platform/kvm/filters_arm64.go
+++ b/pkg/sentry/platform/kvm/filters_arm64.go
@@ -15,8 +15,6 @@
package kvm
import (
- "syscall"
-
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
@@ -26,16 +24,16 @@ import (
// SyscallFilters returns syscalls made exclusively by the KVM platform.
func (*KVM) SyscallFilters() seccomp.SyscallRules {
return seccomp.SyscallRules{
- syscall.SYS_IOCTL: {},
+ unix.SYS_IOCTL: {},
unix.SYS_MEMBARRIER: []seccomp.Rule{
{
seccomp.EqualTo(linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED),
seccomp.EqualTo(0),
},
},
- syscall.SYS_MMAP: {},
- syscall.SYS_RT_SIGSUSPEND: {},
- syscall.SYS_RT_SIGTIMEDWAIT: {},
- 0xffffffffffffffff: {}, // KVM uses syscall -1 to transition to host.
+ unix.SYS_MMAP: {},
+ unix.SYS_RT_SIGSUSPEND: {},
+ unix.SYS_RT_SIGTIMEDWAIT: {},
+ 0xffffffffffffffff: {}, // KVM uses syscall -1 to transition to host.
}
}
diff --git a/pkg/sentry/platform/kvm/kvm.go b/pkg/sentry/platform/kvm/kvm.go
index 7bdf57436..92c05a9ad 100644
--- a/pkg/sentry/platform/kvm/kvm.go
+++ b/pkg/sentry/platform/kvm/kvm.go
@@ -18,8 +18,8 @@ package kvm
import (
"fmt"
"os"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/ring0/pagetables"
"gvisor.dev/gvisor/pkg/sentry/platform"
@@ -77,7 +77,7 @@ var (
// OpenDevice opens the KVM device at /dev/kvm and returns the File.
func OpenDevice() (*os.File, error) {
- f, err := os.OpenFile("/dev/kvm", syscall.O_RDWR, 0)
+ f, err := os.OpenFile("/dev/kvm", unix.O_RDWR, 0)
if err != nil {
return nil, fmt.Errorf("error opening /dev/kvm: %v", err)
}
@@ -99,11 +99,11 @@ func New(deviceFile *os.File) (*KVM, error) {
// Create a new VM fd.
var (
vm uintptr
- errno syscall.Errno
+ errno unix.Errno
)
for {
- vm, _, errno = syscall.Syscall(syscall.SYS_IOCTL, fd, _KVM_CREATE_VM, 0)
- if errno == syscall.EINTR {
+ vm, _, errno = unix.Syscall(unix.SYS_IOCTL, fd, _KVM_CREATE_VM, 0)
+ if errno == unix.EINTR {
continue
}
if errno != 0 {
diff --git a/pkg/sentry/platform/kvm/kvm_amd64_unsafe.go b/pkg/sentry/platform/kvm/kvm_amd64_unsafe.go
index 46c4b9113..0c43d72f4 100644
--- a/pkg/sentry/platform/kvm/kvm_amd64_unsafe.go
+++ b/pkg/sentry/platform/kvm/kvm_amd64_unsafe.go
@@ -18,8 +18,9 @@ package kvm
import (
"fmt"
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
var (
@@ -30,7 +31,7 @@ var (
func updateSystemValues(fd int) error {
// Extract the mmap size.
- sz, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(fd), _KVM_GET_VCPU_MMAP_SIZE, 0)
+ sz, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(fd), _KVM_GET_VCPU_MMAP_SIZE, 0)
if errno != 0 {
return fmt.Errorf("getting VCPU mmap size: %v", errno)
}
@@ -39,19 +40,19 @@ func updateSystemValues(fd int) error {
runDataSize = int(sz)
// Must do the dance to figure out the number of entries.
- _, _, errno = syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ _, _, errno = unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(fd),
_KVM_GET_SUPPORTED_CPUID,
uintptr(unsafe.Pointer(&cpuidSupported)))
- if errno != 0 && errno != syscall.ENOMEM {
+ if errno != 0 && errno != unix.ENOMEM {
// Some other error occurred.
return fmt.Errorf("getting supported CPUID: %v", errno)
}
// The number should now be correct.
- _, _, errno = syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ _, _, errno = unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(fd),
_KVM_GET_SUPPORTED_CPUID,
uintptr(unsafe.Pointer(&cpuidSupported)))
diff --git a/pkg/sentry/platform/kvm/kvm_arm64_unsafe.go b/pkg/sentry/platform/kvm/kvm_arm64_unsafe.go
index 48ccf8474..f07a9f34d 100644
--- a/pkg/sentry/platform/kvm/kvm_arm64_unsafe.go
+++ b/pkg/sentry/platform/kvm/kvm_arm64_unsafe.go
@@ -18,7 +18,8 @@ package kvm
import (
"fmt"
- "syscall"
+
+ "golang.org/x/sys/unix"
)
var (
@@ -28,7 +29,7 @@ var (
func updateSystemValues(fd int) error {
// Extract the mmap size.
- sz, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(fd), _KVM_GET_VCPU_MMAP_SIZE, 0)
+ sz, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(fd), _KVM_GET_VCPU_MMAP_SIZE, 0)
if errno != 0 {
return fmt.Errorf("getting VCPU mmap size: %v", errno)
}
diff --git a/pkg/sentry/platform/kvm/machine.go b/pkg/sentry/platform/kvm/machine.go
index 1ece1b8d8..0e4cf01e1 100644
--- a/pkg/sentry/platform/kvm/machine.go
+++ b/pkg/sentry/platform/kvm/machine.go
@@ -18,8 +18,8 @@ import (
"fmt"
"runtime"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/atomicbitops"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/procid"
@@ -153,7 +153,7 @@ type dieState struct {
func (m *machine) newVCPU() *vCPU {
// Create the vCPU.
id := int(atomic.AddUint32(&m.nextID, 1) - 1)
- fd, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(m.fd), _KVM_CREATE_VCPU, uintptr(id))
+ fd, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(m.fd), _KVM_CREATE_VCPU, uintptr(id))
if errno != 0 {
panic(fmt.Sprintf("error creating new vCPU: %v", errno))
}
@@ -193,7 +193,7 @@ func newMachine(vm int) (*machine, error) {
m.available.L = &m.mu
// Pull the maximum vCPUs.
- maxVCPUs, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(m.fd), _KVM_CHECK_EXTENSION, _KVM_CAP_MAX_VCPUS)
+ maxVCPUs, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(m.fd), _KVM_CHECK_EXTENSION, _KVM_CAP_MAX_VCPUS)
if errno != 0 {
m.maxVCPUs = _KVM_NR_VCPUS
} else {
@@ -205,7 +205,7 @@ func newMachine(vm int) (*machine, error) {
m.kernel.Init(m.maxVCPUs)
// Pull the maximum slots.
- maxSlots, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(m.fd), _KVM_CHECK_EXTENSION, _KVM_CAP_MAX_MEMSLOTS)
+ maxSlots, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(m.fd), _KVM_CHECK_EXTENSION, _KVM_CAP_MAX_MEMSLOTS)
if errno != 0 {
m.maxSlots = _KVM_NR_MEMSLOTS
} else {
@@ -357,13 +357,13 @@ func (m *machine) Destroy() {
panic(fmt.Sprintf("error unmapping rundata: %v", err))
}
}
- if err := syscall.Close(int(c.fd)); err != nil {
+ if err := unix.Close(int(c.fd)); err != nil {
panic(fmt.Sprintf("error closing vCPU fd: %v", err))
}
}
// vCPUs are gone: teardown machine state.
- if err := syscall.Close(m.fd); err != nil {
+ if err := unix.Close(m.fd); err != nil {
panic(fmt.Sprintf("error closing VM fd: %v", err))
}
}
@@ -546,7 +546,7 @@ func (c *vCPU) NotifyInterrupt() {
}
// pid is used below in bounce.
-var pid = syscall.Getpid()
+var pid = unix.Getpid()
// bounce forces a return to the kernel or to host mode.
//
@@ -588,9 +588,9 @@ func (c *vCPU) bounce(forceGuestExit bool) {
// under memory pressure. Since we already
// marked ourselves as a waiter, we need to
// ensure that a signal is actually delivered.
- if err := syscall.Tgkill(pid, int(atomic.LoadUint64(&c.tid)), bounceSignal); err == nil {
+ if err := unix.Tgkill(pid, int(atomic.LoadUint64(&c.tid)), bounceSignal); err == nil {
break
- } else if err.(syscall.Errno) == syscall.EAGAIN {
+ } else if err.(unix.Errno) == unix.EAGAIN {
continue
} else {
// Nothing else should be returned by tgkill.
diff --git a/pkg/sentry/platform/kvm/machine_amd64.go b/pkg/sentry/platform/kvm/machine_amd64.go
index 59c752d73..6e583baa3 100644
--- a/pkg/sentry/platform/kvm/machine_amd64.go
+++ b/pkg/sentry/platform/kvm/machine_amd64.go
@@ -21,8 +21,8 @@ import (
"math/big"
"reflect"
"runtime/debug"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/cpuid"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/ring0/pagetables"
@@ -36,8 +36,8 @@ import (
func (m *machine) initArchState() error {
// Set the legacy TSS address. This address is covered by the reserved
// range (up to 4GB). In fact, this is a main reason it exists.
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(m.fd),
_KVM_SET_TSS_ADDR,
uintptr(reservedMemory-(3*usermem.PageSize))); errno != 0 {
@@ -297,13 +297,13 @@ func (c *vCPU) fault(signal int32, info *arch.SignalInfo) (usermem.AccessType, e
func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo) (usermem.AccessType, error) {
// Check for canonical addresses.
if regs := switchOpts.Registers; !ring0.IsCanonical(regs.Rip) {
- return nonCanonical(regs.Rip, int32(syscall.SIGSEGV), info)
+ return nonCanonical(regs.Rip, int32(unix.SIGSEGV), info)
} else if !ring0.IsCanonical(regs.Rsp) {
- return nonCanonical(regs.Rsp, int32(syscall.SIGBUS), info)
+ return nonCanonical(regs.Rsp, int32(unix.SIGBUS), info)
} else if !ring0.IsCanonical(regs.Fs_base) {
- return nonCanonical(regs.Fs_base, int32(syscall.SIGBUS), info)
+ return nonCanonical(regs.Fs_base, int32(unix.SIGBUS), info)
} else if !ring0.IsCanonical(regs.Gs_base) {
- return nonCanonical(regs.Gs_base, int32(syscall.SIGBUS), info)
+ return nonCanonical(regs.Gs_base, int32(unix.SIGBUS), info)
}
// Assign PCIDs.
@@ -332,11 +332,11 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
return usermem.NoAccess, nil
case ring0.PageFault:
- return c.fault(int32(syscall.SIGSEGV), info)
+ return c.fault(int32(unix.SIGSEGV), info)
case ring0.Debug, ring0.Breakpoint:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGTRAP),
+ Signo: int32(unix.SIGTRAP),
Code: 1, // TRAP_BRKPT (breakpoint).
}
info.SetAddr(switchOpts.Registers.Rip) // Include address.
@@ -348,7 +348,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
ring0.InvalidTSS,
ring0.StackSegmentFault:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGSEGV),
+ Signo: int32(unix.SIGSEGV),
Code: arch.SignalInfoKernel,
}
info.SetAddr(switchOpts.Registers.Rip) // Include address.
@@ -362,7 +362,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
case ring0.InvalidOpcode:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGILL),
+ Signo: int32(unix.SIGILL),
Code: 1, // ILL_ILLOPC (illegal opcode).
}
info.SetAddr(switchOpts.Registers.Rip) // Include address.
@@ -370,7 +370,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
case ring0.DivideByZero:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGFPE),
+ Signo: int32(unix.SIGFPE),
Code: 1, // FPE_INTDIV (divide by zero).
}
info.SetAddr(switchOpts.Registers.Rip) // Include address.
@@ -378,7 +378,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
case ring0.Overflow:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGFPE),
+ Signo: int32(unix.SIGFPE),
Code: 2, // FPE_INTOVF (integer overflow).
}
info.SetAddr(switchOpts.Registers.Rip) // Include address.
@@ -387,7 +387,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
case ring0.X87FloatingPointException,
ring0.SIMDFloatingPointException:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGFPE),
+ Signo: int32(unix.SIGFPE),
Code: 7, // FPE_FLTINV (invalid operation).
}
info.SetAddr(switchOpts.Registers.Rip) // Include address.
@@ -398,7 +398,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
case ring0.AlignmentCheck:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGBUS),
+ Signo: int32(unix.SIGBUS),
Code: 2, // BUS_ADRERR (physical address does not exist).
}
return usermem.NoAccess, platform.ErrContextSignal
@@ -409,7 +409,7 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
// really not. This could happen, e.g. if some file is
// truncated (and would generate a SIGBUS) and we map it
// directly into the instance.
- return c.fault(int32(syscall.SIGBUS), info)
+ return c.fault(int32(unix.SIGBUS), info)
case ring0.DeviceNotAvailable,
ring0.DoubleFault,
diff --git a/pkg/sentry/platform/kvm/machine_amd64_unsafe.go b/pkg/sentry/platform/kvm/machine_amd64_unsafe.go
index b430f92c6..83bcc7406 100644
--- a/pkg/sentry/platform/kvm/machine_amd64_unsafe.go
+++ b/pkg/sentry/platform/kvm/machine_amd64_unsafe.go
@@ -19,9 +19,9 @@ package kvm
import (
"fmt"
"sync/atomic"
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
@@ -31,15 +31,15 @@ import (
//
//go:nosplit
func (c *vCPU) loadSegments(tid uint64) {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_ARCH_PRCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_ARCH_PRCTL,
linux.ARCH_GET_FS,
uintptr(unsafe.Pointer(&c.CPU.Registers().Fs_base)),
0); errno != 0 {
throw("getting FS segment")
}
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_ARCH_PRCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_ARCH_PRCTL,
linux.ARCH_GET_GS,
uintptr(unsafe.Pointer(&c.CPU.Registers().Gs_base)),
0); errno != 0 {
@@ -50,8 +50,8 @@ func (c *vCPU) loadSegments(tid uint64) {
// setCPUID sets the CPUID to be used by the guest.
func (c *vCPU) setCPUID() error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_CPUID2,
uintptr(unsafe.Pointer(&cpuidSupported))); errno != 0 {
@@ -64,8 +64,8 @@ func (c *vCPU) setCPUID() error {
//
// If mustSucceed is true, then this function panics on error.
func (c *vCPU) getTSCFreq() (uintptr, error) {
- rawFreq, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ rawFreq, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_GET_TSC_KHZ,
0 /* ignored */)
@@ -77,8 +77,8 @@ func (c *vCPU) getTSCFreq() (uintptr, error) {
// setTSCFreq sets the TSC frequency.
func (c *vCPU) setTSCFreq(freq uintptr) error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_TSC_KHZ,
freq /* khz */); errno != 0 {
@@ -95,8 +95,8 @@ func (c *vCPU) setTSC(value uint64) error {
}
registers.entries[0].index = _MSR_IA32_TSC
registers.entries[0].data = value
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_MSRS,
uintptr(unsafe.Pointer(&registers))); errno != 0 {
@@ -108,9 +108,9 @@ func (c *vCPU) setTSC(value uint64) error {
// setUserRegisters sets user registers in the vCPU.
//
//go:nosplit
-func (c *vCPU) setUserRegisters(uregs *userRegs) syscall.Errno {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+func (c *vCPU) setUserRegisters(uregs *userRegs) unix.Errno {
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_REGS,
uintptr(unsafe.Pointer(uregs))); errno != 0 {
@@ -124,9 +124,9 @@ func (c *vCPU) setUserRegisters(uregs *userRegs) syscall.Errno {
// This is safe to call from a nosplit context.
//
//go:nosplit
-func (c *vCPU) getUserRegisters(uregs *userRegs) syscall.Errno {
- if _, _, errno := syscall.RawSyscall( // escapes: no.
- syscall.SYS_IOCTL,
+func (c *vCPU) getUserRegisters(uregs *userRegs) unix.Errno {
+ if _, _, errno := unix.RawSyscall( // escapes: no.
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_GET_REGS,
uintptr(unsafe.Pointer(uregs))); errno != 0 {
@@ -137,8 +137,8 @@ func (c *vCPU) getUserRegisters(uregs *userRegs) syscall.Errno {
// setSystemRegisters sets system registers.
func (c *vCPU) setSystemRegisters(sregs *systemRegs) error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_SREGS,
uintptr(unsafe.Pointer(sregs))); errno != 0 {
@@ -150,9 +150,9 @@ func (c *vCPU) setSystemRegisters(sregs *systemRegs) error {
// getSystemRegisters sets system registers.
//
//go:nosplit
-func (c *vCPU) getSystemRegisters(sregs *systemRegs) syscall.Errno {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+func (c *vCPU) getSystemRegisters(sregs *systemRegs) unix.Errno {
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_GET_SREGS,
uintptr(unsafe.Pointer(sregs))); errno != 0 {
diff --git a/pkg/sentry/platform/kvm/machine_arm64_unsafe.go b/pkg/sentry/platform/kvm/machine_arm64_unsafe.go
index 78cbd9701..059aa43d0 100644
--- a/pkg/sentry/platform/kvm/machine_arm64_unsafe.go
+++ b/pkg/sentry/platform/kvm/machine_arm64_unsafe.go
@@ -20,9 +20,9 @@ import (
"fmt"
"reflect"
"sync/atomic"
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/ring0/pagetables"
"gvisor.dev/gvisor/pkg/sentry/arch"
@@ -39,8 +39,8 @@ var vcpuInit kvmVcpuInit
// initArchState initializes architecture-specific state.
func (m *machine) initArchState() error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(m.fd),
_KVM_ARM_PREFERRED_TARGET,
uintptr(unsafe.Pointer(&vcpuInit))); errno != 0 {
@@ -62,8 +62,8 @@ func (c *vCPU) initArchState() error {
regGet.addr = uint64(reflect.ValueOf(&dataGet).Pointer())
vcpuInit.features[0] |= (1 << _KVM_ARM_VCPU_PSCI_0_2)
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_ARM_VCPU_INIT,
uintptr(unsafe.Pointer(&vcpuInit))); errno != 0 {
@@ -186,8 +186,8 @@ func (c *vCPU) loadSegments(tid uint64) {
}
func (c *vCPU) setOneRegister(reg *kvmOneReg) error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_ONE_REG,
uintptr(unsafe.Pointer(reg))); errno != 0 {
@@ -197,8 +197,8 @@ func (c *vCPU) setOneRegister(reg *kvmOneReg) error {
}
func (c *vCPU) getOneRegister(reg *kvmOneReg) error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_GET_ONE_REG,
uintptr(unsafe.Pointer(reg))); errno != 0 {
@@ -211,9 +211,9 @@ func (c *vCPU) getOneRegister(reg *kvmOneReg) error {
func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo) (usermem.AccessType, error) {
// Check for canonical addresses.
if regs := switchOpts.Registers; !ring0.IsCanonical(regs.Pc) {
- return nonCanonical(regs.Pc, int32(syscall.SIGSEGV), info)
+ return nonCanonical(regs.Pc, int32(unix.SIGSEGV), info)
} else if !ring0.IsCanonical(regs.Sp) {
- return nonCanonical(regs.Sp, int32(syscall.SIGSEGV), info)
+ return nonCanonical(regs.Sp, int32(unix.SIGSEGV), info)
}
// Assign PCIDs.
@@ -247,23 +247,23 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *arch.SignalInfo)
// Fast path: system call executed.
return usermem.NoAccess, nil
case ring0.PageFault:
- return c.fault(int32(syscall.SIGSEGV), info)
+ return c.fault(int32(unix.SIGSEGV), info)
case ring0.El0ErrNMI:
- return c.fault(int32(syscall.SIGBUS), info)
+ return c.fault(int32(unix.SIGBUS), info)
case ring0.Vector(bounce): // ring0.VirtualizationException.
return usermem.NoAccess, platform.ErrContextInterrupt
case ring0.El0SyncUndef:
- return c.fault(int32(syscall.SIGILL), info)
+ return c.fault(int32(unix.SIGILL), info)
case ring0.El0SyncDbg:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGTRAP),
+ Signo: int32(unix.SIGTRAP),
Code: 1, // TRAP_BRKPT (breakpoint).
}
info.SetAddr(switchOpts.Registers.Pc) // Include address.
return usermem.AccessType{}, platform.ErrContextSignal
case ring0.El0SyncSpPc:
*info = arch.SignalInfo{
- Signo: int32(syscall.SIGBUS),
+ Signo: int32(unix.SIGBUS),
Code: 2, // BUS_ADRERR (physical address does not exist).
}
return usermem.NoAccess, platform.ErrContextSignal
diff --git a/pkg/sentry/platform/kvm/machine_unsafe.go b/pkg/sentry/platform/kvm/machine_unsafe.go
index c322551d2..49e1c7136 100644
--- a/pkg/sentry/platform/kvm/machine_unsafe.go
+++ b/pkg/sentry/platform/kvm/machine_unsafe.go
@@ -23,9 +23,9 @@ import (
"fmt"
"math"
"sync/atomic"
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
@@ -41,7 +41,7 @@ func exitsyscall()
// directly (instead of wrapping in an error) to avoid allocations.
//
//go:nosplit
-func (m *machine) setMemoryRegion(slot int, physical, length, virtual uintptr, flags uint32) syscall.Errno {
+func (m *machine) setMemoryRegion(slot int, physical, length, virtual uintptr, flags uint32) unix.Errno {
userRegion := userMemoryRegion{
slot: uint32(slot),
flags: uint32(flags),
@@ -51,8 +51,8 @@ func (m *machine) setMemoryRegion(slot int, physical, length, virtual uintptr, f
}
// Set the region.
- _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(m.fd),
_KVM_SET_USER_MEMORY_REGION,
uintptr(unsafe.Pointer(&userRegion)))
@@ -61,12 +61,12 @@ func (m *machine) setMemoryRegion(slot int, physical, length, virtual uintptr, f
// mapRunData maps the vCPU run data.
func mapRunData(fd int) (*runData, error) {
- r, _, errno := syscall.RawSyscall6(
- syscall.SYS_MMAP,
+ r, _, errno := unix.RawSyscall6(
+ unix.SYS_MMAP,
0,
uintptr(runDataSize),
- syscall.PROT_READ|syscall.PROT_WRITE,
- syscall.MAP_SHARED,
+ unix.PROT_READ|unix.PROT_WRITE,
+ unix.MAP_SHARED,
uintptr(fd),
0)
if errno != 0 {
@@ -77,8 +77,8 @@ func mapRunData(fd int) (*runData, error) {
// unmapRunData unmaps the vCPU run data.
func unmapRunData(r *runData) error {
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_MUNMAP,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_MUNMAP,
uintptr(unsafe.Pointer(r)),
uintptr(runDataSize),
0); errno != 0 {
@@ -115,8 +115,8 @@ func (a *atomicAddressSpace) get() *addressSpace {
//
//go:nosplit
func (c *vCPU) notify() {
- _, _, errno := syscall.RawSyscall6( // escapes: no.
- syscall.SYS_FUTEX,
+ _, _, errno := unix.RawSyscall6( // escapes: no.
+ unix.SYS_FUTEX,
uintptr(unsafe.Pointer(&c.state)),
linux.FUTEX_WAKE|linux.FUTEX_PRIVATE_FLAG,
math.MaxInt32, // Number of waiters.
@@ -133,13 +133,13 @@ func (c *vCPU) notify() {
//
// This panics on error.
func (c *vCPU) waitUntilNot(state uint32) {
- _, _, errno := syscall.Syscall6(
- syscall.SYS_FUTEX,
+ _, _, errno := unix.Syscall6(
+ unix.SYS_FUTEX,
uintptr(unsafe.Pointer(&c.state)),
linux.FUTEX_WAIT|linux.FUTEX_PRIVATE_FLAG,
uintptr(state),
0, 0, 0)
- if errno != 0 && errno != syscall.EINTR && errno != syscall.EAGAIN {
+ if errno != 0 && errno != unix.EINTR && errno != unix.EAGAIN {
panic("futex wait error")
}
}
@@ -159,8 +159,8 @@ func (c *vCPU) setSignalMask() error {
data.length = 8 // Fixed sigset size.
data.mask1 = ^uint32(bounceSignalMask & 0xffffffff)
data.mask2 = ^uint32(bounceSignalMask >> 32)
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_IOCTL,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_IOCTL,
uintptr(c.fd),
_KVM_SET_SIGNAL_MASK,
uintptr(unsafe.Pointer(&data))); errno != 0 {
diff --git a/pkg/sentry/platform/kvm/physical_map.go b/pkg/sentry/platform/kvm/physical_map.go
index 8bdec93ae..7376d8b8d 100644
--- a/pkg/sentry/platform/kvm/physical_map.go
+++ b/pkg/sentry/platform/kvm/physical_map.go
@@ -17,8 +17,8 @@ package kvm
import (
"fmt"
"sort"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/ring0"
"gvisor.dev/gvisor/pkg/usermem"
@@ -90,12 +90,12 @@ func fillAddressSpace() (excludedRegions []region) {
required := uintptr(requiredAddr)
current := required // Attempted mmap size.
for filled := uintptr(0); filled < required && current > 0; {
- addr, _, errno := syscall.RawSyscall6(
- syscall.SYS_MMAP,
+ addr, _, errno := unix.RawSyscall6(
+ unix.SYS_MMAP,
0, // Suggested address.
current,
- syscall.PROT_NONE,
- syscall.MAP_ANONYMOUS|syscall.MAP_PRIVATE|syscall.MAP_NORESERVE,
+ unix.PROT_NONE,
+ unix.MAP_ANONYMOUS|unix.MAP_PRIVATE|unix.MAP_NORESERVE,
0, 0)
if errno != 0 {
// Attempt half the size; overflow not possible.
diff --git a/pkg/sentry/platform/ptrace/filters.go b/pkg/sentry/platform/ptrace/filters.go
index 20fc62acb..ba4503b0d 100644
--- a/pkg/sentry/platform/ptrace/filters.go
+++ b/pkg/sentry/platform/ptrace/filters.go
@@ -15,16 +15,15 @@
package ptrace
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/seccomp"
)
// SyscallFilters returns syscalls made exclusively by the ptrace platform.
func (*PTrace) SyscallFilters() seccomp.SyscallRules {
return seccomp.SyscallRules{
- syscall.SYS_PTRACE: {},
- syscall.SYS_TGKILL: {},
- syscall.SYS_WAIT4: {},
+ unix.SYS_PTRACE: {},
+ unix.SYS_TGKILL: {},
+ unix.SYS_WAIT4: {},
}
}
diff --git a/pkg/sentry/platform/ptrace/ptrace_arm64_unsafe.go b/pkg/sentry/platform/ptrace/ptrace_arm64_unsafe.go
index 32b8a6be9..4f7fe993a 100644
--- a/pkg/sentry/platform/ptrace/ptrace_arm64_unsafe.go
+++ b/pkg/sentry/platform/ptrace/ptrace_arm64_unsafe.go
@@ -17,21 +17,21 @@
package ptrace
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
// getTLS gets the thread local storage register.
func (t *thread) getTLS(tls *uint64) error {
- iovec := syscall.Iovec{
+ iovec := unix.Iovec{
Base: (*byte)(unsafe.Pointer(tls)),
Len: uint64(unsafe.Sizeof(*tls)),
}
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_GETREGSET,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_GETREGSET,
uintptr(t.tid),
linux.NT_ARM_TLS,
uintptr(unsafe.Pointer(&iovec)),
@@ -44,13 +44,13 @@ func (t *thread) getTLS(tls *uint64) error {
// setTLS sets the thread local storage register.
func (t *thread) setTLS(tls *uint64) error {
- iovec := syscall.Iovec{
+ iovec := unix.Iovec{
Base: (*byte)(unsafe.Pointer(tls)),
Len: uint64(unsafe.Sizeof(*tls)),
}
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_SETREGSET,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_SETREGSET,
uintptr(t.tid),
linux.NT_ARM_TLS,
uintptr(unsafe.Pointer(&iovec)),
diff --git a/pkg/sentry/platform/ptrace/ptrace_unsafe.go b/pkg/sentry/platform/ptrace/ptrace_unsafe.go
index 8b72d24e8..2c21f946e 100644
--- a/pkg/sentry/platform/ptrace/ptrace_unsafe.go
+++ b/pkg/sentry/platform/ptrace/ptrace_unsafe.go
@@ -15,9 +15,9 @@
package ptrace
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/sentry/arch"
"gvisor.dev/gvisor/pkg/usermem"
@@ -25,13 +25,13 @@ import (
// getRegs gets the general purpose register set.
func (t *thread) getRegs(regs *arch.Registers) error {
- iovec := syscall.Iovec{
+ iovec := unix.Iovec{
Base: (*byte)(unsafe.Pointer(regs)),
Len: uint64(unsafe.Sizeof(*regs)),
}
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_GETREGSET,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_GETREGSET,
uintptr(t.tid),
linux.NT_PRSTATUS,
uintptr(unsafe.Pointer(&iovec)),
@@ -44,13 +44,13 @@ func (t *thread) getRegs(regs *arch.Registers) error {
// setRegs sets the general purpose register set.
func (t *thread) setRegs(regs *arch.Registers) error {
- iovec := syscall.Iovec{
+ iovec := unix.Iovec{
Base: (*byte)(unsafe.Pointer(regs)),
Len: uint64(unsafe.Sizeof(*regs)),
}
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_SETREGSET,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_SETREGSET,
uintptr(t.tid),
linux.NT_PRSTATUS,
uintptr(unsafe.Pointer(&iovec)),
@@ -61,15 +61,15 @@ func (t *thread) setRegs(regs *arch.Registers) error {
return nil
}
-// getFPRegs gets the floating-point data via the GETREGSET ptrace syscall.
+// getFPRegs gets the floating-point data via the GETREGSET ptrace unix.
func (t *thread) getFPRegs(fpState *arch.FloatingPointData, fpLen uint64, useXsave bool) error {
- iovec := syscall.Iovec{
+ iovec := unix.Iovec{
Base: (*byte)(fpState),
Len: fpLen,
}
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_GETREGSET,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_GETREGSET,
uintptr(t.tid),
fpRegSet(useXsave),
uintptr(unsafe.Pointer(&iovec)),
@@ -80,15 +80,15 @@ func (t *thread) getFPRegs(fpState *arch.FloatingPointData, fpLen uint64, useXsa
return nil
}
-// setFPRegs sets the floating-point data via the SETREGSET ptrace syscall.
+// setFPRegs sets the floating-point data via the SETREGSET ptrace unix.
func (t *thread) setFPRegs(fpState *arch.FloatingPointData, fpLen uint64, useXsave bool) error {
- iovec := syscall.Iovec{
+ iovec := unix.Iovec{
Base: (*byte)(fpState),
Len: fpLen,
}
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_SETREGSET,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_SETREGSET,
uintptr(t.tid),
fpRegSet(useXsave),
uintptr(unsafe.Pointer(&iovec)),
@@ -101,9 +101,9 @@ func (t *thread) setFPRegs(fpState *arch.FloatingPointData, fpLen uint64, useXsa
// getSignalInfo retrieves information about the signal that caused the stop.
func (t *thread) getSignalInfo(si *arch.SignalInfo) error {
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_GETSIGINFO,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_GETSIGINFO,
uintptr(t.tid),
0,
uintptr(unsafe.Pointer(si)),
@@ -123,18 +123,18 @@ func (t *thread) getSignalInfo(si *arch.SignalInfo) error {
func (t *thread) clone() (*thread, error) {
r, ok := usermem.Addr(stackPointer(&t.initRegs)).RoundUp()
if !ok {
- return nil, syscall.EINVAL
+ return nil, unix.EINVAL
}
rval, err := t.syscallIgnoreInterrupt(
&t.initRegs,
- syscall.SYS_CLONE,
+ unix.SYS_CLONE,
arch.SyscallArgument{Value: uintptr(
- syscall.CLONE_FILES |
- syscall.CLONE_FS |
- syscall.CLONE_SIGHAND |
- syscall.CLONE_THREAD |
- syscall.CLONE_PTRACE |
- syscall.CLONE_VM)},
+ unix.CLONE_FILES |
+ unix.CLONE_FS |
+ unix.CLONE_SIGHAND |
+ unix.CLONE_THREAD |
+ unix.CLONE_PTRACE |
+ unix.CLONE_VM)},
// The stack pointer is just made up, but we have it be
// something sensible so the kernel doesn't think we're
// up to no good. Which we are.
@@ -158,9 +158,9 @@ func (t *thread) clone() (*thread, error) {
// getEventMessage retrieves a message about the ptrace event that just happened.
func (t *thread) getEventMessage() (uintptr, error) {
var msg uintptr
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_GETEVENTMSG,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_GETEVENTMSG,
uintptr(t.tid),
0,
uintptr(unsafe.Pointer(&msg)),
diff --git a/pkg/sentry/platform/ptrace/stub_unsafe.go b/pkg/sentry/platform/ptrace/stub_unsafe.go
index 341dde143..780227248 100644
--- a/pkg/sentry/platform/ptrace/stub_unsafe.go
+++ b/pkg/sentry/platform/ptrace/stub_unsafe.go
@@ -16,9 +16,9 @@ package ptrace
import (
"reflect"
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/safecopy"
"gvisor.dev/gvisor/pkg/usermem"
)
@@ -56,17 +56,17 @@ func stubInit() {
// something that may have been there already. We just walk
// down the address space until we find a place where the stub
// can be placed.
- addr, _, errno := syscall.RawSyscall6(
- syscall.SYS_MMAP,
+ addr, _, errno := unix.RawSyscall6(
+ unix.SYS_MMAP,
stubStart,
mapLen,
- syscall.PROT_WRITE|syscall.PROT_READ,
- syscall.MAP_PRIVATE|syscall.MAP_ANONYMOUS,
+ unix.PROT_WRITE|unix.PROT_READ,
+ unix.MAP_PRIVATE|unix.MAP_ANONYMOUS,
0 /* fd */, 0 /* offset */)
if addr != stubStart || errno != 0 {
if addr != 0 {
// Unmap the region we've mapped accidentally.
- syscall.RawSyscall(syscall.SYS_MUNMAP, addr, mapLen, 0)
+ unix.RawSyscall(unix.SYS_MUNMAP, addr, mapLen, 0)
}
// Attempt to begin at a lower address.
@@ -79,11 +79,11 @@ func stubInit() {
copy(targetSlice, stubSlice)
// Make the stub executable.
- if _, _, errno := syscall.RawSyscall(
- syscall.SYS_MPROTECT,
+ if _, _, errno := unix.RawSyscall(
+ unix.SYS_MPROTECT,
stubStart,
mapLen,
- syscall.PROT_EXEC|syscall.PROT_READ); errno != 0 {
+ unix.PROT_EXEC|unix.PROT_READ); errno != 0 {
panic("mprotect failed: " + errno.Error())
}
diff --git a/pkg/sentry/platform/ptrace/subprocess.go b/pkg/sentry/platform/ptrace/subprocess.go
index 17fb0a0d8..acccbfe2e 100644
--- a/pkg/sentry/platform/ptrace/subprocess.go
+++ b/pkg/sentry/platform/ptrace/subprocess.go
@@ -18,7 +18,6 @@ import (
"fmt"
"os"
"runtime"
- "syscall"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/log"
@@ -35,9 +34,9 @@ import (
//
// These constants are only used in subprocess.go.
const (
- ERESTARTSYS = syscall.Errno(512)
- ERESTARTNOINTR = syscall.Errno(513)
- ERESTARTNOHAND = syscall.Errno(514)
+ ERESTARTSYS = unix.Errno(512)
+ ERESTARTNOINTR = unix.Errno(513)
+ ERESTARTNOHAND = unix.Errno(514)
)
// globalPool exists to solve two distinct problems:
@@ -96,7 +95,7 @@ func (tp *threadPool) lookupOrCreate(currentTID int32, newThread func() *thread)
// threads never exiting.
for origTID, t := range tp.threads {
// Signal zero is an easy existence check.
- if err := syscall.Tgkill(syscall.Getpid(), int(origTID), 0); err != nil {
+ if err := unix.Tgkill(unix.Getpid(), int(origTID), 0); err != nil {
// This thread has been abandoned; reuse it.
delete(tp.threads, origTID)
tp.threads[currentTID] = t
@@ -186,7 +185,7 @@ func newSubprocess(create func() (*thread, error)) (*subprocess, error) {
// (Hopefully nobody tgkilled it with a signal <
// SIGSTOP before the SIGSTOP was delivered, in which
// case that signal would be delivered before SIGSTOP.)
- if sig := t.wait(stopped); sig != syscall.SIGSTOP {
+ if sig := t.wait(stopped); sig != unix.SIGSTOP {
panic(fmt.Sprintf("error waiting for new clone: expected SIGSTOP, got %v", sig))
}
@@ -269,7 +268,7 @@ func (s *subprocess) newThread() *thread {
// attach attaches to the thread.
func (t *thread) attach() {
- if _, _, errno := syscall.RawSyscall6(syscall.SYS_PTRACE, syscall.PTRACE_ATTACH, uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
+ if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_ATTACH, uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
panic(fmt.Sprintf("unable to attach: %v", errno))
}
@@ -277,7 +276,7 @@ func (t *thread) attach() {
// stopped from the SIGSTOP queued by CLONE_PTRACE (see inner loop of
// newSubprocess), so we always expect to see signal-delivery-stop with
// SIGSTOP.
- if sig := t.wait(stopped); sig != syscall.SIGSTOP {
+ if sig := t.wait(stopped); sig != unix.SIGSTOP {
panic(fmt.Sprintf("wait failed: expected SIGSTOP, got %v", sig))
}
@@ -301,7 +300,7 @@ func (t *thread) grabInitRegs() {
//
// Because the SIGSTOP is not suppressed, the thread will enter group-stop.
func (t *thread) detach() {
- if _, _, errno := syscall.RawSyscall6(syscall.SYS_PTRACE, syscall.PTRACE_DETACH, uintptr(t.tid), 0, uintptr(syscall.SIGSTOP), 0, 0); errno != 0 {
+ if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_DETACH, uintptr(t.tid), 0, uintptr(unix.SIGSTOP), 0, 0); errno != 0 {
panic(fmt.Sprintf("can't detach new clone: %v", errno))
}
}
@@ -331,14 +330,14 @@ func (t *thread) dumpAndPanic(message string) {
func (t *thread) unexpectedStubExit() {
msg, err := t.getEventMessage()
- status := syscall.WaitStatus(msg)
- if status.Signaled() && status.Signal() == syscall.SIGKILL {
+ status := unix.WaitStatus(msg)
+ if status.Signaled() && status.Signal() == unix.SIGKILL {
// SIGKILL can be only sent by a user or OOM-killer. In both
// these cases, we don't need to panic. There is no reasons to
// think that something wrong in gVisor.
log.Warningf("The ptrace stub process %v has been killed by SIGKILL.", t.tgid)
pid := os.Getpid()
- syscall.Tgkill(pid, pid, syscall.Signal(syscall.SIGKILL))
+ unix.Tgkill(pid, pid, unix.Signal(unix.SIGKILL))
}
t.dumpAndPanic(fmt.Sprintf("wait failed: the process %d:%d exited: %x (err %v)", t.tgid, t.tid, msg, err))
}
@@ -346,12 +345,12 @@ func (t *thread) unexpectedStubExit() {
// wait waits for a stop event.
//
// Precondition: outcome is a valid waitOutcome.
-func (t *thread) wait(outcome waitOutcome) syscall.Signal {
- var status syscall.WaitStatus
+func (t *thread) wait(outcome waitOutcome) unix.Signal {
+ var status unix.WaitStatus
for {
- r, err := syscall.Wait4(int(t.tid), &status, syscall.WALL|syscall.WUNTRACED, nil)
- if err == syscall.EINTR || err == syscall.EAGAIN {
+ r, err := unix.Wait4(int(t.tid), &status, unix.WALL|unix.WUNTRACED, nil)
+ if err == unix.EINTR || err == unix.EAGAIN {
// Wait was interrupted; wait again.
continue
} else if err != nil {
@@ -369,12 +368,12 @@ func (t *thread) wait(outcome waitOutcome) syscall.Signal {
if stopSig == 0 {
continue // Spurious stop.
}
- if stopSig == syscall.SIGTRAP {
- if status.TrapCause() == syscall.PTRACE_EVENT_EXIT {
+ if stopSig == unix.SIGTRAP {
+ if status.TrapCause() == unix.PTRACE_EVENT_EXIT {
t.unexpectedStubExit()
}
// Re-encode the trap cause the way it's expected.
- return stopSig | syscall.Signal(status.TrapCause()<<8)
+ return stopSig | unix.Signal(status.TrapCause()<<8)
}
// Not a trap signal.
return stopSig
@@ -382,7 +381,7 @@ func (t *thread) wait(outcome waitOutcome) syscall.Signal {
if !status.Exited() && !status.Signaled() {
t.dumpAndPanic(fmt.Sprintf("ptrace status unexpected: got %v, wanted exited", status))
}
- return syscall.Signal(status.ExitStatus())
+ return unix.Signal(status.ExitStatus())
default:
// Should not happen.
t.dumpAndPanic(fmt.Sprintf("unknown outcome: %v", outcome))
@@ -397,7 +396,7 @@ func (t *thread) wait(outcome waitOutcome) syscall.Signal {
// manually created threads.
func (t *thread) destroy() {
t.detach()
- syscall.Tgkill(int(t.tgid), int(t.tid), syscall.Signal(syscall.SIGKILL))
+ unix.Tgkill(int(t.tgid), int(t.tid), unix.Signal(unix.SIGKILL))
t.wait(killed)
}
@@ -407,12 +406,12 @@ func (t *thread) init() {
// set PTRACE_O_EXITKILL to ensure that the unexpected exit of the
// sentry will immediately kill the associated stubs.
const PTRACE_O_EXITKILL = 0x100000
- _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
- syscall.PTRACE_SETOPTIONS,
+ _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
+ unix.PTRACE_SETOPTIONS,
uintptr(t.tid),
0,
- syscall.PTRACE_O_TRACESYSGOOD|syscall.PTRACE_O_TRACEEXIT|PTRACE_O_EXITKILL,
+ unix.PTRACE_O_TRACESYSGOOD|unix.PTRACE_O_TRACEEXIT|PTRACE_O_EXITKILL,
0, 0)
if errno != 0 {
panic(fmt.Sprintf("ptrace set options failed: %v", errno))
@@ -434,17 +433,17 @@ func (t *thread) syscall(regs *arch.Registers) (uintptr, error) {
// Execute the syscall instruction. The task has to stop on the
// trap instruction which is right after the syscall
// instruction.
- if _, _, errno := syscall.RawSyscall6(syscall.SYS_PTRACE, syscall.PTRACE_CONT, uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
+ if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_CONT, uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
panic(fmt.Sprintf("ptrace syscall-enter failed: %v", errno))
}
sig := t.wait(stopped)
- if sig == syscall.SIGTRAP {
+ if sig == unix.SIGTRAP {
// Reached syscall-enter-stop.
break
} else {
// Some other signal caused a thread stop; ignore.
- if sig != syscall.SIGSTOP && sig != syscall.SIGCHLD {
+ if sig != unix.SIGSTOP && sig != unix.SIGCHLD {
log.Warningf("The thread %d:%d has been interrupted by %d", t.tgid, t.tid, sig)
}
continue
@@ -483,7 +482,7 @@ func (t *thread) syscallIgnoreInterrupt(
// NotifyInterrupt implements interrupt.Receiver.NotifyInterrupt.
func (t *thread) NotifyInterrupt() {
- syscall.Tgkill(int(t.tgid), int(t.tid), syscall.Signal(platform.SignalInterrupt))
+ unix.Tgkill(int(t.tgid), int(t.tid), unix.Signal(platform.SignalInterrupt))
}
// switchToApp is called from the main SwitchToApp entrypoint.
@@ -532,15 +531,15 @@ func (s *subprocess) switchToApp(c *context, ac arch.Context) bool {
for {
// Start running until the next system call.
if isSingleStepping(regs) {
- if _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
+ if _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
unix.PTRACE_SYSEMU_SINGLESTEP,
uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
panic(fmt.Sprintf("ptrace sysemu failed: %v", errno))
}
} else {
- if _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
+ if _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
unix.PTRACE_SYSEMU,
uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
panic(fmt.Sprintf("ptrace sysemu failed: %v", errno))
@@ -550,7 +549,7 @@ func (s *subprocess) switchToApp(c *context, ac arch.Context) bool {
// Wait for the syscall-enter stop.
sig := t.wait(stopped)
- if sig == syscall.SIGSTOP {
+ if sig == unix.SIGSTOP {
// SIGSTOP was delivered to another thread in the same thread
// group, which initiated another group stop. Just ignore it.
continue
@@ -571,7 +570,7 @@ func (s *subprocess) switchToApp(c *context, ac arch.Context) bool {
}
// Is it a system call?
- if sig == (syscallEvent | syscall.SIGTRAP) {
+ if sig == (syscallEvent | unix.SIGTRAP) {
s.arm64SyscallWorkaround(t, regs)
// Ensure registers are sane.
@@ -619,14 +618,14 @@ func (s *subprocess) syscall(sysno uintptr, args ...arch.SyscallArgument) (uintp
func (s *subprocess) MapFile(addr usermem.Addr, f memmap.File, fr memmap.FileRange, at usermem.AccessType, precommit bool) error {
var flags int
if precommit {
- flags |= syscall.MAP_POPULATE
+ flags |= unix.MAP_POPULATE
}
_, err := s.syscall(
- syscall.SYS_MMAP,
+ unix.SYS_MMAP,
arch.SyscallArgument{Value: uintptr(addr)},
arch.SyscallArgument{Value: uintptr(fr.Length())},
arch.SyscallArgument{Value: uintptr(at.Prot())},
- arch.SyscallArgument{Value: uintptr(flags | syscall.MAP_SHARED | syscall.MAP_FIXED)},
+ arch.SyscallArgument{Value: uintptr(flags | unix.MAP_SHARED | unix.MAP_FIXED)},
arch.SyscallArgument{Value: uintptr(f.FD())},
arch.SyscallArgument{Value: uintptr(fr.Start)})
return err
@@ -653,7 +652,7 @@ func (s *subprocess) Unmap(addr usermem.Addr, length uint64) {
}
s.mu.Unlock()
_, err := s.syscall(
- syscall.SYS_MUNMAP,
+ unix.SYS_MUNMAP,
arch.SyscallArgument{Value: uintptr(addr)},
arch.SyscallArgument{Value: uintptr(length)})
if err != nil {
diff --git a/pkg/sentry/platform/ptrace/subprocess_amd64.go b/pkg/sentry/platform/ptrace/subprocess_amd64.go
index 04815282b..9252c0bd7 100644
--- a/pkg/sentry/platform/ptrace/subprocess_amd64.go
+++ b/pkg/sentry/platform/ptrace/subprocess_amd64.go
@@ -19,7 +19,6 @@ package ptrace
import (
"fmt"
"strings"
- "syscall"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
@@ -96,7 +95,7 @@ func updateSyscallRegs(regs *arch.Registers) {
func syscallReturnValue(regs *arch.Registers) (uintptr, error) {
rval := int64(regs.Rax)
if rval < 0 {
- return 0, syscall.Errno(-rval)
+ return 0, unix.Errno(-rval)
}
return uintptr(rval), nil
}
@@ -179,7 +178,7 @@ func patchSignalInfo(regs *arch.Registers, signalInfo *arch.SignalInfo) {
//
//go:nosplit
func enableCpuidFault() {
- syscall.RawSyscall6(syscall.SYS_ARCH_PRCTL, linux.ARCH_SET_CPUID, 0, 0, 0, 0, 0)
+ unix.RawSyscall6(unix.SYS_ARCH_PRCTL, linux.ARCH_SET_CPUID, 0, 0, 0, 0, 0)
}
// appendArchSeccompRules append architecture specific seccomp rules when creating BPF program.
@@ -189,9 +188,9 @@ func appendArchSeccompRules(rules []seccomp.RuleSet, defaultAction linux.BPFActi
// Rules for trapping vsyscall access.
seccomp.RuleSet{
Rules: seccomp.SyscallRules{
- syscall.SYS_GETTIMEOFDAY: {},
- syscall.SYS_TIME: {},
- unix.SYS_GETCPU: {}, // SYS_GETCPU was not defined in package syscall on amd64.
+ unix.SYS_GETTIMEOFDAY: {},
+ unix.SYS_TIME: {},
+ unix.SYS_GETCPU: {}, // SYS_GETCPU was not defined in package syscall on amd64.
},
Action: linux.SECCOMP_RET_TRAP,
Vsyscall: true,
@@ -200,7 +199,7 @@ func appendArchSeccompRules(rules []seccomp.RuleSet, defaultAction linux.BPFActi
rules = append(rules,
seccomp.RuleSet{
Rules: seccomp.SyscallRules{
- syscall.SYS_ARCH_PRCTL: []seccomp.Rule{
+ unix.SYS_ARCH_PRCTL: []seccomp.Rule{
{seccomp.EqualTo(linux.ARCH_SET_CPUID), seccomp.EqualTo(0)},
},
},
@@ -227,19 +226,19 @@ func probeSeccomp() bool {
// Set registers to the yield system call. This call is not allowed
// by the filters specified in the attachThread function.
- regs := createSyscallRegs(&t.initRegs, syscall.SYS_SCHED_YIELD)
+ regs := createSyscallRegs(&t.initRegs, unix.SYS_SCHED_YIELD)
if err := t.setRegs(&regs); err != nil {
panic(fmt.Sprintf("ptrace set regs failed: %v", err))
}
for {
// Attempt an emulation.
- if _, _, errno := syscall.RawSyscall6(syscall.SYS_PTRACE, unix.PTRACE_SYSEMU, uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
+ if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_SYSEMU, uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
panic(fmt.Sprintf("ptrace syscall-enter failed: %v", errno))
}
sig := t.wait(stopped)
- if sig == (syscallEvent | syscall.SIGTRAP) {
+ if sig == (syscallEvent | unix.SIGTRAP) {
// Did the seccomp errno hook already run? This would
// indicate that seccomp is first in line and we're
// less than 4.8.
diff --git a/pkg/sentry/platform/ptrace/subprocess_arm64.go b/pkg/sentry/platform/ptrace/subprocess_arm64.go
index 416132967..c0cbc0686 100644
--- a/pkg/sentry/platform/ptrace/subprocess_arm64.go
+++ b/pkg/sentry/platform/ptrace/subprocess_arm64.go
@@ -19,7 +19,6 @@ package ptrace
import (
"fmt"
"strings"
- "syscall"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
@@ -99,7 +98,7 @@ func updateSyscallRegs(regs *arch.Registers) {
func syscallReturnValue(regs *arch.Registers) (uintptr, error) {
rval := int64(regs.Regs[0])
if rval < 0 {
- return 0, syscall.Errno(-rval)
+ return 0, unix.Errno(-rval)
}
return uintptr(rval), nil
}
@@ -185,8 +184,8 @@ func (s *subprocess) arm64SyscallWorkaround(t *thread, regs *arch.Registers) {
// signal, resume a stub thread and catch it on a signal handling.
t.NotifyInterrupt()
for {
- if _, _, errno := syscall.RawSyscall6(
- syscall.SYS_PTRACE,
+ if _, _, errno := unix.RawSyscall6(
+ unix.SYS_PTRACE,
unix.PTRACE_SYSEMU,
uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
panic(fmt.Sprintf("ptrace sysemu failed: %v", errno))
@@ -194,12 +193,12 @@ func (s *subprocess) arm64SyscallWorkaround(t *thread, regs *arch.Registers) {
// Wait for the syscall-enter stop.
sig := t.wait(stopped)
- if sig == syscall.SIGSTOP {
+ if sig == unix.SIGSTOP {
// SIGSTOP was delivered to another thread in the same thread
// group, which initiated another group stop. Just ignore it.
continue
}
- if sig == (syscallEvent | syscall.SIGTRAP) {
+ if sig == (syscallEvent | unix.SIGTRAP) {
t.dumpAndPanic(fmt.Sprintf("unexpected syscall event"))
}
break
diff --git a/pkg/sentry/platform/ptrace/subprocess_linux.go b/pkg/sentry/platform/ptrace/subprocess_linux.go
index 8548853da..4f0260432 100644
--- a/pkg/sentry/platform/ptrace/subprocess_linux.go
+++ b/pkg/sentry/platform/ptrace/subprocess_linux.go
@@ -18,8 +18,8 @@ package ptrace
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/procid"
@@ -27,7 +27,7 @@ import (
"gvisor.dev/gvisor/pkg/sentry/arch"
)
-const syscallEvent syscall.Signal = 0x80
+const syscallEvent unix.Signal = 0x80
// createStub creates a fresh stub processes.
//
@@ -63,7 +63,7 @@ func createStub() (*thread, error) {
//
// In addition, we set the PTRACE_O_TRACEEXIT option to log more
// information about a stub process when it receives a fatal signal.
- return attachedThread(uintptr(syscall.SIGKILL)|syscall.CLONE_FILES, defaultAction)
+ return attachedThread(uintptr(unix.SIGKILL)|unix.CLONE_FILES, defaultAction)
}
// attachedThread returns a new attached thread.
@@ -78,38 +78,38 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro
if defaultAction != linux.SECCOMP_RET_ALLOW {
rules = append(rules, seccomp.RuleSet{
Rules: seccomp.SyscallRules{
- syscall.SYS_CLONE: []seccomp.Rule{
+ unix.SYS_CLONE: []seccomp.Rule{
// Allow creation of new subprocesses (used by the master).
- {seccomp.EqualTo(syscall.CLONE_FILES | syscall.SIGKILL)},
+ {seccomp.EqualTo(unix.CLONE_FILES | unix.SIGKILL)},
// Allow creation of new threads within a single address space (used by addresss spaces).
{seccomp.EqualTo(
- syscall.CLONE_FILES |
- syscall.CLONE_FS |
- syscall.CLONE_SIGHAND |
- syscall.CLONE_THREAD |
- syscall.CLONE_PTRACE |
- syscall.CLONE_VM)},
+ unix.CLONE_FILES |
+ unix.CLONE_FS |
+ unix.CLONE_SIGHAND |
+ unix.CLONE_THREAD |
+ unix.CLONE_PTRACE |
+ unix.CLONE_VM)},
},
// For the initial process creation.
- syscall.SYS_WAIT4: {},
- syscall.SYS_EXIT: {},
+ unix.SYS_WAIT4: {},
+ unix.SYS_EXIT: {},
// For the stub prctl dance (all).
- syscall.SYS_PRCTL: []seccomp.Rule{
- {seccomp.EqualTo(syscall.PR_SET_PDEATHSIG), seccomp.EqualTo(syscall.SIGKILL)},
+ unix.SYS_PRCTL: []seccomp.Rule{
+ {seccomp.EqualTo(unix.PR_SET_PDEATHSIG), seccomp.EqualTo(unix.SIGKILL)},
},
- syscall.SYS_GETPPID: {},
+ unix.SYS_GETPPID: {},
// For the stub to stop itself (all).
- syscall.SYS_GETPID: {},
- syscall.SYS_KILL: []seccomp.Rule{
- {seccomp.MatchAny{}, seccomp.EqualTo(syscall.SIGSTOP)},
+ unix.SYS_GETPID: {},
+ unix.SYS_KILL: []seccomp.Rule{
+ {seccomp.MatchAny{}, seccomp.EqualTo(unix.SIGSTOP)},
},
// Injected to support the address space operations.
- syscall.SYS_MMAP: {},
- syscall.SYS_MUNMAP: {},
+ unix.SYS_MMAP: {},
+ unix.SYS_MUNMAP: {},
},
Action: linux.SECCOMP_RET_ALLOW,
})
@@ -125,17 +125,17 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro
var (
pid uintptr
ppid uintptr
- errno syscall.Errno
+ errno unix.Errno
)
// Remember the current ppid for the pdeathsig race.
- ppid, _, _ = syscall.RawSyscall(syscall.SYS_GETPID, 0, 0, 0)
+ ppid, _, _ = unix.RawSyscall(unix.SYS_GETPID, 0, 0, 0)
// Among other things, beforeFork masks all signals.
beforeFork()
// Do the clone.
- pid, _, errno = syscall.RawSyscall6(syscall.SYS_CLONE, flags, 0, 0, 0, 0, 0)
+ pid, _, errno = unix.RawSyscall6(unix.SYS_CLONE, flags, 0, 0, 0, 0, 0)
if errno != 0 {
afterFork()
return nil, errno
@@ -152,7 +152,7 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro
tid: int32(pid),
cpu: ^uint32(0),
}
- if sig := t.wait(stopped); sig != syscall.SIGSTOP {
+ if sig := t.wait(stopped); sig != unix.SIGSTOP {
return nil, fmt.Errorf("wait failed: expected SIGSTOP, got %v", sig)
}
t.attach()
@@ -165,8 +165,8 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro
// prevents the stub from getting PTY job control signals intended only
// for the sentry process. We must call this before restoring signal
// mask.
- if _, _, errno := syscall.RawSyscall(syscall.SYS_SETSID, 0, 0, 0); errno != 0 {
- syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0)
+ if _, _, errno := unix.RawSyscall(unix.SYS_SETSID, 0, 0, 0); errno != 0 {
+ unix.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0)
}
// afterForkInChild resets all signals to their default dispositions
@@ -176,13 +176,13 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro
// Explicitly unmask all signals to ensure that the tracer can see
// them.
if errno := unmaskAllSignals(); errno != 0 {
- syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0)
+ unix.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0)
}
// Set an aggressive BPF filter for the stub and all it's children. See
// the description of the BPF program built above.
if errno := seccomp.SetFilter(instrs); errno != 0 {
- syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0)
+ unix.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0)
}
// Enable cpuid-faulting.
@@ -218,8 +218,8 @@ func (s *subprocess) createStub() (*thread, error) {
// See above re: SIGKILL.
pid, err := t.syscallIgnoreInterrupt(
&regs,
- syscall.SYS_CLONE,
- arch.SyscallArgument{Value: uintptr(syscall.SIGKILL | syscall.CLONE_FILES)},
+ unix.SYS_CLONE,
+ arch.SyscallArgument{Value: uintptr(unix.SIGKILL | unix.CLONE_FILES)},
arch.SyscallArgument{Value: 0},
arch.SyscallArgument{Value: 0},
arch.SyscallArgument{Value: 0},
@@ -237,10 +237,10 @@ func (s *subprocess) createStub() (*thread, error) {
// If the child actually exited, the attach below will fail.
_, err = t.syscallIgnoreInterrupt(
&t.initRegs,
- syscall.SYS_WAIT4,
+ unix.SYS_WAIT4,
arch.SyscallArgument{Value: uintptr(pid)},
arch.SyscallArgument{Value: 0},
- arch.SyscallArgument{Value: syscall.WALL | syscall.WUNTRACED},
+ arch.SyscallArgument{Value: unix.WALL | unix.WUNTRACED},
arch.SyscallArgument{Value: 0},
arch.SyscallArgument{Value: 0},
arch.SyscallArgument{Value: 0})
diff --git a/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go b/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go
index 533e45497..9c342c59b 100644
--- a/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go
+++ b/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go
@@ -18,17 +18,17 @@
package ptrace
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
// unmaskAllSignals unmasks all signals on the current thread.
//
//go:nosplit
-func unmaskAllSignals() syscall.Errno {
+func unmaskAllSignals() unix.Errno {
var set linux.SignalSet
- _, _, errno := syscall.RawSyscall6(syscall.SYS_RT_SIGPROCMASK, linux.SIG_SETMASK, uintptr(unsafe.Pointer(&set)), 0, linux.SignalSetSize, 0, 0)
+ _, _, errno := unix.RawSyscall6(unix.SYS_RT_SIGPROCMASK, linux.SIG_SETMASK, uintptr(unsafe.Pointer(&set)), 0, linux.SignalSetSize, 0, 0)
return errno
}
diff --git a/pkg/sentry/sighandling/sighandling.go b/pkg/sentry/sighandling/sighandling.go
index 83195d5a1..bdaf8af29 100644
--- a/pkg/sentry/sighandling/sighandling.go
+++ b/pkg/sentry/sighandling/sighandling.go
@@ -19,8 +19,8 @@ import (
"os"
"os/signal"
"reflect"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
@@ -90,7 +90,7 @@ func StartSignalForwarding(handler func(linux.Signal)) func() {
if sig == int(linux.SIGURG) {
continue
}
- signal.Notify(sigchan, syscall.Signal(sig))
+ signal.Notify(sigchan, unix.Signal(sig))
}
// Start up our listener.
go handleSignals(sigchans, handler, stop, done) // S/R-SAFE: synchronized by Kernel.extMu.
diff --git a/pkg/sentry/sighandling/sighandling_unsafe.go b/pkg/sentry/sighandling/sighandling_unsafe.go
index 1ebe22d34..d6a2fbe34 100644
--- a/pkg/sentry/sighandling/sighandling_unsafe.go
+++ b/pkg/sentry/sighandling/sighandling_unsafe.go
@@ -15,9 +15,9 @@
package sighandling
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
@@ -36,11 +36,11 @@ func IgnoreChildStop() error {
var sa sigaction
// Get the existing signal handler information, and set the flag.
- if _, _, e := syscall.RawSyscall6(syscall.SYS_RT_SIGACTION, uintptr(syscall.SIGCHLD), 0, uintptr(unsafe.Pointer(&sa)), linux.SignalSetSize, 0, 0); e != 0 {
+ if _, _, e := unix.RawSyscall6(unix.SYS_RT_SIGACTION, uintptr(unix.SIGCHLD), 0, uintptr(unsafe.Pointer(&sa)), linux.SignalSetSize, 0, 0); e != 0 {
return e
}
sa.flags |= linux.SA_NOCLDSTOP
- if _, _, e := syscall.RawSyscall6(syscall.SYS_RT_SIGACTION, uintptr(syscall.SIGCHLD), uintptr(unsafe.Pointer(&sa)), 0, linux.SignalSetSize, 0, 0); e != 0 {
+ if _, _, e := unix.RawSyscall6(unix.SYS_RT_SIGACTION, uintptr(unix.SIGCHLD), uintptr(unsafe.Pointer(&sa)), 0, linux.SignalSetSize, 0, 0); e != 0 {
return e
}
diff --git a/pkg/sentry/socket/hostinet/socket.go b/pkg/sentry/socket/hostinet/socket.go
index 17f59ba1f..c711d0684 100644
--- a/pkg/sentry/socket/hostinet/socket.go
+++ b/pkg/sentry/socket/hostinet/socket.go
@@ -16,7 +16,6 @@ package hostinet
import (
"fmt"
- "syscall"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
@@ -45,10 +44,10 @@ const (
// sizeofSockaddr is the size in bytes of the largest sockaddr type
// supported by this package.
- sizeofSockaddr = syscall.SizeofSockaddrInet6 // sizeof(sockaddr_in6) > sizeof(sockaddr_in)
+ sizeofSockaddr = unix.SizeofSockaddrInet6 // sizeof(sockaddr_in6) > sizeof(sockaddr_in)
// maxControlLen is the maximum size of a control message buffer used in a
- // recvmsg or sendmsg syscall.
+ // recvmsg or sendmsg unix.
maxControlLen = 1024
)
@@ -107,7 +106,7 @@ func newSocketFile(ctx context.Context, family int, stype linux.SockType, protoc
// Release implements fs.FileOperations.Release.
func (s *socketOpsCommon) Release(context.Context) {
fdnotifier.RemoveFD(int32(s.fd))
- syscall.Close(s.fd)
+ unix.Close(s.fd)
}
// Readiness implements waiter.Waitable.Readiness.
@@ -143,8 +142,8 @@ func (s *socketOperations) Read(ctx context.Context, _ *fs.File, dst usermem.IOS
return 0, nil
}
if dsts.NumBlocks() == 1 {
- // Skip allocating []syscall.Iovec.
- n, err := syscall.Read(s.fd, dsts.Head().ToSlice())
+ // Skip allocating []unix.Iovec.
+ n, err := unix.Read(s.fd, dsts.Head().ToSlice())
if err != nil {
return 0, translateIOSyscallError(err)
}
@@ -166,8 +165,8 @@ func (s *socketOperations) Write(ctx context.Context, _ *fs.File, src usermem.IO
return 0, nil
}
if srcs.NumBlocks() == 1 {
- // Skip allocating []syscall.Iovec.
- n, err := syscall.Write(s.fd, srcs.Head().ToSlice())
+ // Skip allocating []unix.Iovec.
+ n, err := unix.Write(s.fd, srcs.Head().ToSlice())
if err != nil {
return 0, translateIOSyscallError(err)
}
@@ -184,12 +183,12 @@ func (s *socketOpsCommon) Connect(t *kernel.Task, sockaddr []byte, blocking bool
sockaddr = sockaddr[:sizeofSockaddr]
}
- _, _, errno := syscall.Syscall(syscall.SYS_CONNECT, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr)))
+ _, _, errno := unix.Syscall(unix.SYS_CONNECT, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr)))
if errno == 0 {
return nil
}
- if errno != syscall.EINPROGRESS || !blocking {
+ if errno != unix.EINPROGRESS || !blocking {
return syserr.FromError(translateIOSyscallError(errno))
}
@@ -208,12 +207,12 @@ func (s *socketOpsCommon) Connect(t *kernel.Task, sockaddr []byte, blocking bool
return syserr.FromError(err)
}
}
- val, err := syscall.GetsockoptInt(s.fd, syscall.SOL_SOCKET, syscall.SO_ERROR)
+ val, err := unix.GetsockoptInt(s.fd, unix.SOL_SOCKET, unix.SO_ERROR)
if err != nil {
return syserr.FromError(err)
}
if val != 0 {
- return syserr.FromError(syscall.Errno(uintptr(val)))
+ return syserr.FromError(unix.Errno(uintptr(val)))
}
return nil
}
@@ -234,7 +233,7 @@ func (s *socketOpsCommon) Accept(t *kernel.Task, peerRequested bool, flags int,
// Conservatively ignore all flags specified by the application and add
// SOCK_NONBLOCK since socketOpsCommon requires it.
- fd, syscallErr := accept4(s.fd, peerAddrPtr, peerAddrlenPtr, syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC)
+ fd, syscallErr := accept4(s.fd, peerAddrPtr, peerAddrlenPtr, unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC)
if blocking {
var ch chan struct{}
for syscallErr == syserror.ErrWouldBlock {
@@ -248,7 +247,7 @@ func (s *socketOpsCommon) Accept(t *kernel.Task, peerRequested bool, flags int,
s.EventRegister(&e, waiter.EventIn)
defer s.EventUnregister(&e)
}
- fd, syscallErr = accept4(s.fd, peerAddrPtr, peerAddrlenPtr, syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC)
+ fd, syscallErr = accept4(s.fd, peerAddrPtr, peerAddrlenPtr, unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC)
}
}
@@ -264,27 +263,27 @@ func (s *socketOpsCommon) Accept(t *kernel.Task, peerRequested bool, flags int,
kerr error
)
if kernel.VFS2Enabled {
- f, err := newVFS2Socket(t, s.family, s.stype, s.protocol, fd, uint32(flags&syscall.SOCK_NONBLOCK))
+ f, err := newVFS2Socket(t, s.family, s.stype, s.protocol, fd, uint32(flags&unix.SOCK_NONBLOCK))
if err != nil {
- syscall.Close(fd)
+ unix.Close(fd)
return 0, nil, 0, err
}
defer f.DecRef(t)
kfd, kerr = t.NewFDFromVFS2(0, f, kernel.FDFlags{
- CloseOnExec: flags&syscall.SOCK_CLOEXEC != 0,
+ CloseOnExec: flags&unix.SOCK_CLOEXEC != 0,
})
t.Kernel().RecordSocketVFS2(f)
} else {
- f, err := newSocketFile(t, s.family, s.stype, s.protocol, fd, flags&syscall.SOCK_NONBLOCK != 0)
+ f, err := newSocketFile(t, s.family, s.stype, s.protocol, fd, flags&unix.SOCK_NONBLOCK != 0)
if err != nil {
- syscall.Close(fd)
+ unix.Close(fd)
return 0, nil, 0, err
}
defer f.DecRef(t)
kfd, kerr = t.NewFDFrom(0, f, kernel.FDFlags{
- CloseOnExec: flags&syscall.SOCK_CLOEXEC != 0,
+ CloseOnExec: flags&unix.SOCK_CLOEXEC != 0,
})
t.Kernel().RecordSocket(f)
}
@@ -298,7 +297,7 @@ func (s *socketOpsCommon) Bind(t *kernel.Task, sockaddr []byte) *syserr.Error {
sockaddr = sockaddr[:sizeofSockaddr]
}
- _, _, errno := syscall.Syscall(syscall.SYS_BIND, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr)))
+ _, _, errno := unix.Syscall(unix.SYS_BIND, uintptr(s.fd), uintptr(firstBytePtr(sockaddr)), uintptr(len(sockaddr)))
if errno != 0 {
return syserr.FromError(errno)
}
@@ -307,14 +306,14 @@ func (s *socketOpsCommon) Bind(t *kernel.Task, sockaddr []byte) *syserr.Error {
// Listen implements socket.Socket.Listen.
func (s *socketOpsCommon) Listen(t *kernel.Task, backlog int) *syserr.Error {
- return syserr.FromError(syscall.Listen(s.fd, backlog))
+ return syserr.FromError(unix.Listen(s.fd, backlog))
}
// Shutdown implements socket.Socket.Shutdown.
func (s *socketOpsCommon) Shutdown(t *kernel.Task, how int) *syserr.Error {
switch how {
- case syscall.SHUT_RD, syscall.SHUT_WR, syscall.SHUT_RDWR:
- return syserr.FromError(syscall.Shutdown(s.fd, how))
+ case unix.SHUT_RD, unix.SHUT_WR, unix.SHUT_RDWR:
+ return syserr.FromError(unix.Shutdown(s.fd, how))
default:
return syserr.ErrInvalidArgument
}
@@ -344,7 +343,7 @@ func (s *socketOpsCommon) GetSockOpt(t *kernel.Task, level int, name int, outPtr
case linux.SO_ERROR, linux.SO_KEEPALIVE, linux.SO_SNDBUF, linux.SO_RCVBUF, linux.SO_REUSEADDR, linux.SO_TIMESTAMP:
optlen = sizeofInt32
case linux.SO_LINGER:
- optlen = syscall.SizeofLinger
+ optlen = unix.SizeofLinger
}
case linux.SOL_TCP:
switch name {
@@ -407,18 +406,18 @@ func (s *socketOpsCommon) SetSockOpt(t *kernel.Task, level int, name int, opt []
}
opt = opt[:optlen]
- _, _, errno := syscall.Syscall6(syscall.SYS_SETSOCKOPT, uintptr(s.fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(len(opt)), 0)
+ _, _, errno := unix.Syscall6(unix.SYS_SETSOCKOPT, uintptr(s.fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(len(opt)), 0)
if errno != 0 {
return syserr.FromError(errno)
}
return nil
}
-func (s *socketOpsCommon) recvMsgFromHost(iovs []syscall.Iovec, flags int, senderRequested bool, controlLen uint64) (uint64, int, []byte, []byte, error) {
+func (s *socketOpsCommon) recvMsgFromHost(iovs []unix.Iovec, flags int, senderRequested bool, controlLen uint64) (uint64, int, []byte, []byte, error) {
// We always do a non-blocking recv*().
- sysflags := flags | syscall.MSG_DONTWAIT
+ sysflags := flags | unix.MSG_DONTWAIT
- msg := syscall.Msghdr{}
+ msg := unix.Msghdr{}
if len(iovs) > 0 {
msg.Iov = &iovs[0]
msg.Iovlen = uint64(len(iovs))
@@ -448,7 +447,7 @@ func (s *socketOpsCommon) recvMsgFromHost(iovs []syscall.Iovec, flags int, sende
// RecvMsg implements socket.Socket.RecvMsg.
func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags int, haveDeadline bool, deadline ktime.Time, senderRequested bool, controlLen uint64) (int, int, linux.SockAddr, uint32, socket.ControlMessages, *syserr.Error) {
// Only allow known and safe flags.
- if flags&^(syscall.MSG_DONTWAIT|syscall.MSG_PEEK|syscall.MSG_TRUNC|syscall.MSG_ERRQUEUE) != 0 {
+ if flags&^(unix.MSG_DONTWAIT|unix.MSG_PEEK|unix.MSG_TRUNC|unix.MSG_ERRQUEUE) != 0 {
return 0, 0, nil, 0, socket.ControlMessages{}, syserr.ErrInvalidArgument
}
@@ -483,7 +482,7 @@ func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags
var ch chan struct{}
n, err := copyToDst()
// recv*(MSG_ERRQUEUE) never blocks, even without MSG_DONTWAIT.
- if flags&(syscall.MSG_DONTWAIT|syscall.MSG_ERRQUEUE) == 0 {
+ if flags&(unix.MSG_DONTWAIT|unix.MSG_ERRQUEUE) == 0 {
for err == syserror.ErrWouldBlock {
// We only expect blocking to come from the actual syscall, in which
// case it can't have returned any data.
@@ -547,7 +546,7 @@ func parseUnixControlMessages(unixControlMessages []unix.SocketControlMessage) s
binary.Unmarshal(unixCmsg.Data[:addr.SizeBytes()], usermem.ByteOrder, &addr)
controlMessages.IP.OriginalDstAddress = &addr
- case syscall.IP_RECVERR:
+ case unix.IP_RECVERR:
var errCmsg linux.SockErrCMsgIPv4
errCmsg.UnmarshalBytes(unixCmsg.Data)
controlMessages.IP.SockErr = &errCmsg
@@ -564,7 +563,7 @@ func parseUnixControlMessages(unixControlMessages []unix.SocketControlMessage) s
binary.Unmarshal(unixCmsg.Data[:addr.SizeBytes()], usermem.ByteOrder, &addr)
controlMessages.IP.OriginalDstAddress = &addr
- case syscall.IPV6_RECVERR:
+ case unix.IPV6_RECVERR:
var errCmsg linux.SockErrCMsgIPv6
errCmsg.UnmarshalBytes(unixCmsg.Data)
controlMessages.IP.SockErr = &errCmsg
@@ -584,7 +583,7 @@ func parseUnixControlMessages(unixControlMessages []unix.SocketControlMessage) s
// SendMsg implements socket.Socket.SendMsg.
func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []byte, flags int, haveDeadline bool, deadline ktime.Time, controlMessages socket.ControlMessages) (int, *syserr.Error) {
// Only allow known and safe flags.
- if flags&^(syscall.MSG_DONTWAIT|syscall.MSG_EOR|syscall.MSG_FASTOPEN|syscall.MSG_MORE|syscall.MSG_NOSIGNAL) != 0 {
+ if flags&^(unix.MSG_DONTWAIT|unix.MSG_EOR|unix.MSG_FASTOPEN|unix.MSG_MORE|unix.MSG_NOSIGNAL) != 0 {
return 0, syserr.ErrInvalidArgument
}
@@ -606,12 +605,12 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b
}
// We always do a non-blocking send*().
- sysflags := flags | syscall.MSG_DONTWAIT
+ sysflags := flags | unix.MSG_DONTWAIT
if srcs.NumBlocks() == 1 && len(controlBuf) == 0 {
- // Skip allocating []syscall.Iovec.
+ // Skip allocating []unix.Iovec.
src := srcs.Head()
- n, _, errno := syscall.Syscall6(syscall.SYS_SENDTO, uintptr(s.fd), src.Addr(), uintptr(src.Len()), uintptr(sysflags), uintptr(firstBytePtr(to)), uintptr(len(to)))
+ n, _, errno := unix.Syscall6(unix.SYS_SENDTO, uintptr(s.fd), src.Addr(), uintptr(src.Len()), uintptr(sysflags), uintptr(firstBytePtr(to)), uintptr(len(to)))
if errno != 0 {
return 0, translateIOSyscallError(errno)
}
@@ -619,7 +618,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b
}
iovs := safemem.IovecsFromBlockSeq(srcs)
- msg := syscall.Msghdr{
+ msg := unix.Msghdr{
Iov: &iovs[0],
Iovlen: uint64(len(iovs)),
}
@@ -636,7 +635,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b
var ch chan struct{}
n, err := src.CopyInTo(t, sendmsgFromBlocks)
- if flags&syscall.MSG_DONTWAIT == 0 {
+ if flags&unix.MSG_DONTWAIT == 0 {
for err == syserror.ErrWouldBlock {
// We only expect blocking to come from the actual syscall, in which
// case it can't have returned any data.
@@ -664,7 +663,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b
}
func translateIOSyscallError(err error) error {
- if err == syscall.EAGAIN || err == syscall.EWOULDBLOCK {
+ if err == unix.EAGAIN || err == unix.EWOULDBLOCK {
return syserror.ErrWouldBlock
}
return err
@@ -673,9 +672,9 @@ func translateIOSyscallError(err error) error {
// State implements socket.Socket.State.
func (s *socketOpsCommon) State() uint32 {
info := linux.TCPInfo{}
- buf, err := getsockopt(s.fd, syscall.SOL_TCP, syscall.TCP_INFO, linux.SizeOfTCPInfo)
+ buf, err := getsockopt(s.fd, unix.SOL_TCP, unix.TCP_INFO, linux.SizeOfTCPInfo)
if err != nil {
- if err != syscall.ENOPROTOOPT {
+ if err != unix.ENOPROTOOPT {
log.Warningf("Failed to get TCP socket info from %+v: %v", s, err)
}
// For non-TCP sockets, silently ignore the failure.
@@ -715,16 +714,16 @@ func (p *socketProvider) Socket(t *kernel.Task, stypeflags linux.SockType, proto
// Only accept TCP and UDP.
stype := stypeflags & linux.SOCK_TYPE_MASK
switch stype {
- case syscall.SOCK_STREAM:
+ case unix.SOCK_STREAM:
switch protocol {
- case 0, syscall.IPPROTO_TCP:
+ case 0, unix.IPPROTO_TCP:
// ok
default:
return nil, nil
}
- case syscall.SOCK_DGRAM:
+ case unix.SOCK_DGRAM:
switch protocol {
- case 0, syscall.IPPROTO_UDP:
+ case 0, unix.IPPROTO_UDP:
// ok
default:
return nil, nil
@@ -736,11 +735,11 @@ func (p *socketProvider) Socket(t *kernel.Task, stypeflags linux.SockType, proto
// Conservatively ignore all flags specified by the application and add
// SOCK_NONBLOCK since socketOperations requires it. Pass a protocol of 0
// to simplify the syscall filters, since 0 and IPPROTO_* are equivalent.
- fd, err := syscall.Socket(p.family, int(stype)|syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC, 0)
+ fd, err := unix.Socket(p.family, int(stype)|unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC, 0)
if err != nil {
return nil, syserr.FromError(err)
}
- return newSocketFile(t, p.family, stype, protocol, fd, stypeflags&syscall.SOCK_NONBLOCK != 0)
+ return newSocketFile(t, p.family, stype, protocol, fd, stypeflags&unix.SOCK_NONBLOCK != 0)
}
// Pair implements socket.Provider.Pair.
@@ -752,7 +751,7 @@ func (p *socketProvider) Pair(t *kernel.Task, stype linux.SockType, protocol int
// LINT.ThenChange(./socket_vfs2.go)
func init() {
- for _, family := range []int{syscall.AF_INET, syscall.AF_INET6} {
+ for _, family := range []int{unix.AF_INET, unix.AF_INET6} {
socket.RegisterProvider(family, &socketProvider{family})
socket.RegisterProviderVFS2(family, &socketProviderVFS2{family})
}
diff --git a/pkg/sentry/socket/hostinet/socket_unsafe.go b/pkg/sentry/socket/hostinet/socket_unsafe.go
index 3f420c2ec..2890e640d 100644
--- a/pkg/sentry/socket/hostinet/socket_unsafe.go
+++ b/pkg/sentry/socket/hostinet/socket_unsafe.go
@@ -15,9 +15,9 @@
package hostinet
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/arch"
@@ -36,8 +36,8 @@ func firstBytePtr(bs []byte) unsafe.Pointer {
}
// Preconditions: len(dsts) != 0.
-func readv(fd int, dsts []syscall.Iovec) (uint64, error) {
- n, _, errno := syscall.Syscall(syscall.SYS_READV, uintptr(fd), uintptr(unsafe.Pointer(&dsts[0])), uintptr(len(dsts)))
+func readv(fd int, dsts []unix.Iovec) (uint64, error) {
+ n, _, errno := unix.Syscall(unix.SYS_READV, uintptr(fd), uintptr(unsafe.Pointer(&dsts[0])), uintptr(len(dsts)))
if errno != 0 {
return 0, translateIOSyscallError(errno)
}
@@ -45,8 +45,8 @@ func readv(fd int, dsts []syscall.Iovec) (uint64, error) {
}
// Preconditions: len(srcs) != 0.
-func writev(fd int, srcs []syscall.Iovec) (uint64, error) {
- n, _, errno := syscall.Syscall(syscall.SYS_WRITEV, uintptr(fd), uintptr(unsafe.Pointer(&srcs[0])), uintptr(len(srcs)))
+func writev(fd int, srcs []unix.Iovec) (uint64, error) {
+ n, _, errno := unix.Syscall(unix.SYS_WRITEV, uintptr(fd), uintptr(unsafe.Pointer(&srcs[0])), uintptr(len(srcs)))
if errno != 0 {
return 0, translateIOSyscallError(errno)
}
@@ -55,9 +55,9 @@ func writev(fd int, srcs []syscall.Iovec) (uint64, error) {
func ioctl(ctx context.Context, fd int, io usermem.IO, args arch.SyscallArguments) (uintptr, error) {
switch cmd := uintptr(args[1].Int()); cmd {
- case syscall.TIOCINQ, syscall.TIOCOUTQ:
+ case unix.TIOCINQ, unix.TIOCOUTQ:
var val int32
- if _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), cmd, uintptr(unsafe.Pointer(&val))); errno != 0 {
+ if _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), cmd, uintptr(unsafe.Pointer(&val))); errno != 0 {
return 0, translateIOSyscallError(errno)
}
var buf [4]byte
@@ -73,7 +73,7 @@ func ioctl(ctx context.Context, fd int, io usermem.IO, args arch.SyscallArgument
}
func accept4(fd int, addr *byte, addrlen *uint32, flags int) (int, error) {
- afd, _, errno := syscall.Syscall6(syscall.SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(addr)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+ afd, _, errno := unix.Syscall6(unix.SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(addr)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
if errno != 0 {
return 0, translateIOSyscallError(errno)
}
@@ -83,7 +83,7 @@ func accept4(fd int, addr *byte, addrlen *uint32, flags int) (int, error) {
func getsockopt(fd int, level, name int, optlen int) ([]byte, error) {
opt := make([]byte, optlen)
optlen32 := int32(len(opt))
- _, _, errno := syscall.Syscall6(syscall.SYS_GETSOCKOPT, uintptr(fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(unsafe.Pointer(&optlen32)), 0)
+ _, _, errno := unix.Syscall6(unix.SYS_GETSOCKOPT, uintptr(fd), uintptr(level), uintptr(name), uintptr(firstBytePtr(opt)), uintptr(unsafe.Pointer(&optlen32)), 0)
if errno != 0 {
return nil, errno
}
@@ -94,7 +94,7 @@ func getsockopt(fd int, level, name int, optlen int) ([]byte, error) {
func (s *socketOpsCommon) GetSockName(t *kernel.Task) (linux.SockAddr, uint32, *syserr.Error) {
addr := make([]byte, sizeofSockaddr)
addrlen := uint32(len(addr))
- _, _, errno := syscall.Syscall(syscall.SYS_GETSOCKNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen)))
+ _, _, errno := unix.Syscall(unix.SYS_GETSOCKNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen)))
if errno != 0 {
return nil, 0, syserr.FromError(errno)
}
@@ -105,7 +105,7 @@ func (s *socketOpsCommon) GetSockName(t *kernel.Task) (linux.SockAddr, uint32, *
func (s *socketOpsCommon) GetPeerName(t *kernel.Task) (linux.SockAddr, uint32, *syserr.Error) {
addr := make([]byte, sizeofSockaddr)
addrlen := uint32(len(addr))
- _, _, errno := syscall.Syscall(syscall.SYS_GETPEERNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen)))
+ _, _, errno := unix.Syscall(unix.SYS_GETPEERNAME, uintptr(s.fd), uintptr(unsafe.Pointer(&addr[0])), uintptr(unsafe.Pointer(&addrlen)))
if errno != 0 {
return nil, 0, syserr.FromError(errno)
}
@@ -114,7 +114,7 @@ func (s *socketOpsCommon) GetPeerName(t *kernel.Task) (linux.SockAddr, uint32, *
func recvfrom(fd int, dst []byte, flags int, from *[]byte) (uint64, error) {
fromLen := uint32(len(*from))
- n, _, errno := syscall.Syscall6(syscall.SYS_RECVFROM, uintptr(fd), uintptr(firstBytePtr(dst)), uintptr(len(dst)), uintptr(flags), uintptr(firstBytePtr(*from)), uintptr(unsafe.Pointer(&fromLen)))
+ n, _, errno := unix.Syscall6(unix.SYS_RECVFROM, uintptr(fd), uintptr(firstBytePtr(dst)), uintptr(len(dst)), uintptr(flags), uintptr(firstBytePtr(*from)), uintptr(unsafe.Pointer(&fromLen)))
if errno != 0 {
return 0, translateIOSyscallError(errno)
}
@@ -122,16 +122,16 @@ func recvfrom(fd int, dst []byte, flags int, from *[]byte) (uint64, error) {
return uint64(n), nil
}
-func recvmsg(fd int, msg *syscall.Msghdr, flags int) (uint64, error) {
- n, _, errno := syscall.Syscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+func recvmsg(fd int, msg *unix.Msghdr, flags int) (uint64, error) {
+ n, _, errno := unix.Syscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags))
if errno != 0 {
return 0, translateIOSyscallError(errno)
}
return uint64(n), nil
}
-func sendmsg(fd int, msg *syscall.Msghdr, flags int) (uint64, error) {
- n, _, errno := syscall.Syscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+func sendmsg(fd int, msg *unix.Msghdr, flags int) (uint64, error) {
+ n, _, errno := unix.Syscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags))
if errno != 0 {
return 0, translateIOSyscallError(errno)
}
diff --git a/pkg/sentry/socket/hostinet/socket_vfs2.go b/pkg/sentry/socket/hostinet/socket_vfs2.go
index dc03ccb47..5d55cc64d 100644
--- a/pkg/sentry/socket/hostinet/socket_vfs2.go
+++ b/pkg/sentry/socket/hostinet/socket_vfs2.go
@@ -15,8 +15,7 @@
package hostinet
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -160,16 +159,16 @@ func (p *socketProviderVFS2) Socket(t *kernel.Task, stypeflags linux.SockType, p
// Only accept TCP and UDP.
stype := stypeflags & linux.SOCK_TYPE_MASK
switch stype {
- case syscall.SOCK_STREAM:
+ case unix.SOCK_STREAM:
switch protocol {
- case 0, syscall.IPPROTO_TCP:
+ case 0, unix.IPPROTO_TCP:
// ok
default:
return nil, nil
}
- case syscall.SOCK_DGRAM:
+ case unix.SOCK_DGRAM:
switch protocol {
- case 0, syscall.IPPROTO_UDP:
+ case 0, unix.IPPROTO_UDP:
// ok
default:
return nil, nil
@@ -181,11 +180,11 @@ func (p *socketProviderVFS2) Socket(t *kernel.Task, stypeflags linux.SockType, p
// Conservatively ignore all flags specified by the application and add
// SOCK_NONBLOCK since socketOperations requires it. Pass a protocol of 0
// to simplify the syscall filters, since 0 and IPPROTO_* are equivalent.
- fd, err := syscall.Socket(p.family, int(stype)|syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC, 0)
+ fd, err := unix.Socket(p.family, int(stype)|unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC, 0)
if err != nil {
return nil, syserr.FromError(err)
}
- return newVFS2Socket(t, p.family, stype, protocol, fd, uint32(stypeflags&syscall.SOCK_NONBLOCK))
+ return newVFS2Socket(t, p.family, stype, protocol, fd, uint32(stypeflags&unix.SOCK_NONBLOCK))
}
// Pair implements socket.Provider.Pair.
diff --git a/pkg/sentry/socket/hostinet/stack.go b/pkg/sentry/socket/hostinet/stack.go
index 7e7857ac3..e6323244c 100644
--- a/pkg/sentry/socket/hostinet/stack.go
+++ b/pkg/sentry/socket/hostinet/stack.go
@@ -24,6 +24,7 @@ import (
"strings"
"syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/binary"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/log"
@@ -138,14 +139,14 @@ func (s *Stack) Configure() error {
// netlink messages.
func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.NetlinkMessage, interfaces map[int32]inet.Interface, interfaceAddrs map[int32][]inet.InterfaceAddr) error {
for _, link := range links {
- if link.Header.Type != syscall.RTM_NEWLINK {
+ if link.Header.Type != unix.RTM_NEWLINK {
continue
}
- if len(link.Data) < syscall.SizeofIfInfomsg {
- return fmt.Errorf("RTM_GETLINK returned RTM_NEWLINK message with invalid data length (%d bytes, expected at least %d bytes)", len(link.Data), syscall.SizeofIfInfomsg)
+ if len(link.Data) < unix.SizeofIfInfomsg {
+ return fmt.Errorf("RTM_GETLINK returned RTM_NEWLINK message with invalid data length (%d bytes, expected at least %d bytes)", len(link.Data), unix.SizeofIfInfomsg)
}
- var ifinfo syscall.IfInfomsg
- binary.Unmarshal(link.Data[:syscall.SizeofIfInfomsg], usermem.ByteOrder, &ifinfo)
+ var ifinfo unix.IfInfomsg
+ binary.Unmarshal(link.Data[:unix.SizeofIfInfomsg], usermem.ByteOrder, &ifinfo)
inetIF := inet.Interface{
DeviceType: ifinfo.Type,
Flags: ifinfo.Flags,
@@ -159,9 +160,9 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli
}
for _, attr := range attrs {
switch attr.Attr.Type {
- case syscall.IFLA_ADDRESS:
+ case unix.IFLA_ADDRESS:
inetIF.Addr = attr.Value
- case syscall.IFLA_IFNAME:
+ case unix.IFLA_IFNAME:
inetIF.Name = string(attr.Value[:len(attr.Value)-1])
}
}
@@ -169,14 +170,14 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli
}
for _, addr := range addrs {
- if addr.Header.Type != syscall.RTM_NEWADDR {
+ if addr.Header.Type != unix.RTM_NEWADDR {
continue
}
- if len(addr.Data) < syscall.SizeofIfAddrmsg {
- return fmt.Errorf("RTM_GETADDR returned RTM_NEWADDR message with invalid data length (%d bytes, expected at least %d bytes)", len(addr.Data), syscall.SizeofIfAddrmsg)
+ if len(addr.Data) < unix.SizeofIfAddrmsg {
+ return fmt.Errorf("RTM_GETADDR returned RTM_NEWADDR message with invalid data length (%d bytes, expected at least %d bytes)", len(addr.Data), unix.SizeofIfAddrmsg)
}
- var ifaddr syscall.IfAddrmsg
- binary.Unmarshal(addr.Data[:syscall.SizeofIfAddrmsg], usermem.ByteOrder, &ifaddr)
+ var ifaddr unix.IfAddrmsg
+ binary.Unmarshal(addr.Data[:unix.SizeofIfAddrmsg], usermem.ByteOrder, &ifaddr)
inetAddr := inet.InterfaceAddr{
Family: ifaddr.Family,
PrefixLen: ifaddr.Prefixlen,
@@ -188,7 +189,7 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli
}
for _, attr := range attrs {
switch attr.Attr.Type {
- case syscall.IFA_ADDRESS:
+ case unix.IFA_ADDRESS:
inetAddr.Addr = attr.Value
}
}
@@ -203,12 +204,12 @@ func ExtractHostInterfaces(links []syscall.NetlinkMessage, addrs []syscall.Netli
func ExtractHostRoutes(routeMsgs []syscall.NetlinkMessage) ([]inet.Route, error) {
var routes []inet.Route
for _, routeMsg := range routeMsgs {
- if routeMsg.Header.Type != syscall.RTM_NEWROUTE {
+ if routeMsg.Header.Type != unix.RTM_NEWROUTE {
continue
}
- var ifRoute syscall.RtMsg
- binary.Unmarshal(routeMsg.Data[:syscall.SizeofRtMsg], usermem.ByteOrder, &ifRoute)
+ var ifRoute unix.RtMsg
+ binary.Unmarshal(routeMsg.Data[:unix.SizeofRtMsg], usermem.ByteOrder, &ifRoute)
inetRoute := inet.Route{
Family: ifRoute.Family,
DstLen: ifRoute.Dst_len,
@@ -231,13 +232,13 @@ func ExtractHostRoutes(routeMsgs []syscall.NetlinkMessage) ([]inet.Route, error)
for _, attr := range attrs {
switch attr.Attr.Type {
- case syscall.RTA_DST:
+ case unix.RTA_DST:
inetRoute.DstAddr = attr.Value
- case syscall.RTA_SRC:
+ case unix.RTA_SRC:
inetRoute.SrcAddr = attr.Value
- case syscall.RTA_GATEWAY:
+ case unix.RTA_GATEWAY:
inetRoute.GatewayAddr = attr.Value
- case syscall.RTA_OIF:
+ case unix.RTA_OIF:
expected := int(binary.Size(inetRoute.OutputInterface))
if len(attr.Value) != expected {
return nil, fmt.Errorf("RTM_GETROUTE returned RTM_NEWROUTE message with invalid attribute data length (%d bytes, expected %d bytes)", len(attr.Value), expected)
@@ -253,12 +254,12 @@ func ExtractHostRoutes(routeMsgs []syscall.NetlinkMessage) ([]inet.Route, error)
}
func addHostInterfaces(s *Stack) error {
- links, err := doNetlinkRouteRequest(syscall.RTM_GETLINK)
+ links, err := doNetlinkRouteRequest(unix.RTM_GETLINK)
if err != nil {
return fmt.Errorf("RTM_GETLINK failed: %v", err)
}
- addrs, err := doNetlinkRouteRequest(syscall.RTM_GETADDR)
+ addrs, err := doNetlinkRouteRequest(unix.RTM_GETADDR)
if err != nil {
return fmt.Errorf("RTM_GETADDR failed: %v", err)
}
@@ -267,7 +268,7 @@ func addHostInterfaces(s *Stack) error {
}
func addHostRoutes(s *Stack) error {
- routes, err := doNetlinkRouteRequest(syscall.RTM_GETROUTE)
+ routes, err := doNetlinkRouteRequest(unix.RTM_GETROUTE)
if err != nil {
return fmt.Errorf("RTM_GETROUTE failed: %v", err)
}
diff --git a/pkg/sentry/socket/netlink/route/protocol.go b/pkg/sentry/socket/netlink/route/protocol.go
index f4d034c13..5a2255db3 100644
--- a/pkg/sentry/socket/netlink/route/protocol.go
+++ b/pkg/sentry/socket/netlink/route/protocol.go
@@ -17,8 +17,8 @@ package route
import (
"bytes"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/inet"
@@ -436,7 +436,7 @@ func (p *Protocol) newAddr(ctx context.Context, msg *netlink.Message, ms *netlin
Flags: ifa.Flags,
Addr: value,
})
- if err == syscall.EEXIST {
+ if err == unix.EEXIST {
flags := msg.Header().Flags
if flags&linux.NLM_F_EXCL != 0 {
return syserr.ErrExists
diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go
index f77a867f1..f2dc7c90b 100644
--- a/pkg/sentry/socket/netstack/netstack.go
+++ b/pkg/sentry/socket/netstack/netstack.go
@@ -31,7 +31,6 @@ import (
"io/ioutil"
"math"
"reflect"
- "syscall"
"time"
"golang.org/x/sys/unix"
@@ -835,7 +834,7 @@ func getSockOptSocket(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, fam
return &optP, nil
case linux.SO_PEERCRED:
- if family != linux.AF_UNIX || outLen < syscall.SizeofUcred {
+ if family != linux.AF_UNIX || outLen < unix.SizeofUcred {
return nil, syserr.ErrInvalidArgument
}
@@ -3199,15 +3198,15 @@ func nicStateFlagsToLinux(f stack.NICStateFlags) uint32 {
}
func isTCPSocket(skType linux.SockType, skProto int) bool {
- return skType == linux.SOCK_STREAM && (skProto == 0 || skProto == syscall.IPPROTO_TCP)
+ return skType == linux.SOCK_STREAM && (skProto == 0 || skProto == unix.IPPROTO_TCP)
}
func isUDPSocket(skType linux.SockType, skProto int) bool {
- return skType == linux.SOCK_DGRAM && (skProto == 0 || skProto == syscall.IPPROTO_UDP)
+ return skType == linux.SOCK_DGRAM && (skProto == 0 || skProto == unix.IPPROTO_UDP)
}
func isICMPSocket(skType linux.SockType, skProto int) bool {
- return skType == linux.SOCK_DGRAM && (skProto == syscall.IPPROTO_ICMP || skProto == syscall.IPPROTO_ICMPV6)
+ return skType == linux.SOCK_DGRAM && (skProto == unix.IPPROTO_ICMP || skProto == unix.IPPROTO_ICMPV6)
}
// State implements socket.Socket.State. State translates the internal state
diff --git a/pkg/sentry/socket/netstack/provider.go b/pkg/sentry/socket/netstack/provider.go
index 2515dda80..8605ad507 100644
--- a/pkg/sentry/socket/netstack/provider.go
+++ b/pkg/sentry/socket/netstack/provider.go
@@ -15,8 +15,7 @@
package netstack
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -48,18 +47,18 @@ type provider struct {
func getTransportProtocol(ctx context.Context, stype linux.SockType, protocol int) (tcpip.TransportProtocolNumber, bool, *syserr.Error) {
switch stype {
case linux.SOCK_STREAM:
- if protocol != 0 && protocol != syscall.IPPROTO_TCP {
+ if protocol != 0 && protocol != unix.IPPROTO_TCP {
return 0, true, syserr.ErrInvalidArgument
}
return tcp.ProtocolNumber, true, nil
case linux.SOCK_DGRAM:
switch protocol {
- case 0, syscall.IPPROTO_UDP:
+ case 0, unix.IPPROTO_UDP:
return udp.ProtocolNumber, true, nil
- case syscall.IPPROTO_ICMP:
+ case unix.IPPROTO_ICMP:
return header.ICMPv4ProtocolNumber, true, nil
- case syscall.IPPROTO_ICMPV6:
+ case unix.IPPROTO_ICMPV6:
return header.ICMPv6ProtocolNumber, true, nil
}
@@ -71,18 +70,18 @@ func getTransportProtocol(ctx context.Context, stype linux.SockType, protocol in
}
switch protocol {
- case syscall.IPPROTO_ICMP:
+ case unix.IPPROTO_ICMP:
return header.ICMPv4ProtocolNumber, true, nil
- case syscall.IPPROTO_ICMPV6:
+ case unix.IPPROTO_ICMPV6:
return header.ICMPv6ProtocolNumber, true, nil
- case syscall.IPPROTO_UDP:
+ case unix.IPPROTO_UDP:
return header.UDPProtocolNumber, true, nil
- case syscall.IPPROTO_TCP:
+ case unix.IPPROTO_TCP:
return header.TCPProtocolNumber, true, nil
// IPPROTO_RAW signifies that the raw socket isn't assigned to
// a transport protocol. Users will be able to write packets'
// IP headers and won't receive anything.
- case syscall.IPPROTO_RAW:
+ case unix.IPPROTO_RAW:
return tcpip.TransportProtocolNumber(0), false, nil
}
}
diff --git a/pkg/sentry/socket/socket.go b/pkg/sentry/socket/socket.go
index cc535d794..909341dcf 100644
--- a/pkg/sentry/socket/socket.go
+++ b/pkg/sentry/socket/socket.go
@@ -21,8 +21,8 @@ import (
"bytes"
"fmt"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/binary"
"gvisor.dev/gvisor/pkg/context"
@@ -198,42 +198,42 @@ type SocketVFS2 interface {
//
// It is implemented by both Socket and SocketVFS2.
type SocketOps interface {
- // Connect implements the connect(2) linux syscall.
+ // Connect implements the connect(2) linux unix.
Connect(t *kernel.Task, sockaddr []byte, blocking bool) *syserr.Error
- // Accept implements the accept4(2) linux syscall.
+ // Accept implements the accept4(2) linux unix.
// Returns fd, real peer address length and error. Real peer address
// length is only set if len(peer) > 0.
Accept(t *kernel.Task, peerRequested bool, flags int, blocking bool) (int32, linux.SockAddr, uint32, *syserr.Error)
- // Bind implements the bind(2) linux syscall.
+ // Bind implements the bind(2) linux unix.
Bind(t *kernel.Task, sockaddr []byte) *syserr.Error
- // Listen implements the listen(2) linux syscall.
+ // Listen implements the listen(2) linux unix.
Listen(t *kernel.Task, backlog int) *syserr.Error
- // Shutdown implements the shutdown(2) linux syscall.
+ // Shutdown implements the shutdown(2) linux unix.
Shutdown(t *kernel.Task, how int) *syserr.Error
- // GetSockOpt implements the getsockopt(2) linux syscall.
+ // GetSockOpt implements the getsockopt(2) linux unix.
GetSockOpt(t *kernel.Task, level int, name int, outPtr usermem.Addr, outLen int) (marshal.Marshallable, *syserr.Error)
- // SetSockOpt implements the setsockopt(2) linux syscall.
+ // SetSockOpt implements the setsockopt(2) linux unix.
SetSockOpt(t *kernel.Task, level int, name int, opt []byte) *syserr.Error
- // GetSockName implements the getsockname(2) linux syscall.
+ // GetSockName implements the getsockname(2) linux unix.
//
// addrLen is the address length to be returned to the application, not
// necessarily the actual length of the address.
GetSockName(t *kernel.Task) (addr linux.SockAddr, addrLen uint32, err *syserr.Error)
- // GetPeerName implements the getpeername(2) linux syscall.
+ // GetPeerName implements the getpeername(2) linux unix.
//
// addrLen is the address length to be returned to the application, not
// necessarily the actual length of the address.
GetPeerName(t *kernel.Task) (addr linux.SockAddr, addrLen uint32, err *syserr.Error)
- // RecvMsg implements the recvmsg(2) linux syscall.
+ // RecvMsg implements the recvmsg(2) linux unix.
//
// senderAddrLen is the address length to be returned to the application,
// not necessarily the actual length of the address.
@@ -246,7 +246,7 @@ type SocketOps interface {
// If err != nil, the recv was not successful.
RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags int, haveDeadline bool, deadline ktime.Time, senderRequested bool, controlDataLen uint64) (n int, msgFlags int, senderAddr linux.SockAddr, senderAddrLen uint32, controlMessages ControlMessages, err *syserr.Error)
- // SendMsg implements the sendmsg(2) linux syscall. SendMsg does not take
+ // SendMsg implements the sendmsg(2) linux unix. SendMsg does not take
// ownership of the ControlMessage on error.
//
// If n > 0, err will either be nil or an error from t.Block.
@@ -569,21 +569,21 @@ func emitUnimplementedEvent(t *kernel.Task, name int) {
// given family.
func UnmarshalSockAddr(family int, data []byte) linux.SockAddr {
switch family {
- case syscall.AF_INET:
+ case unix.AF_INET:
var addr linux.SockAddrInet
- binary.Unmarshal(data[:syscall.SizeofSockaddrInet4], usermem.ByteOrder, &addr)
+ binary.Unmarshal(data[:unix.SizeofSockaddrInet4], usermem.ByteOrder, &addr)
return &addr
- case syscall.AF_INET6:
+ case unix.AF_INET6:
var addr linux.SockAddrInet6
- binary.Unmarshal(data[:syscall.SizeofSockaddrInet6], usermem.ByteOrder, &addr)
+ binary.Unmarshal(data[:unix.SizeofSockaddrInet6], usermem.ByteOrder, &addr)
return &addr
- case syscall.AF_UNIX:
+ case unix.AF_UNIX:
var addr linux.SockAddrUnix
- binary.Unmarshal(data[:syscall.SizeofSockaddrUnix], usermem.ByteOrder, &addr)
+ binary.Unmarshal(data[:unix.SizeofSockaddrUnix], usermem.ByteOrder, &addr)
return &addr
- case syscall.AF_NETLINK:
+ case unix.AF_NETLINK:
var addr linux.SockAddrNetlink
- binary.Unmarshal(data[:syscall.SizeofSockaddrNetlink], usermem.ByteOrder, &addr)
+ binary.Unmarshal(data[:unix.SizeofSockaddrNetlink], usermem.ByteOrder, &addr)
return &addr
default:
panic(fmt.Sprintf("Unsupported socket family %v", family))
diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go
index 32e5d2304..63165e1d4 100644
--- a/pkg/sentry/socket/unix/unix.go
+++ b/pkg/sentry/socket/unix/unix.go
@@ -19,8 +19,8 @@ package unix
import (
"fmt"
"strings"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fspath"
@@ -600,14 +600,14 @@ func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags
// Calculate the number of FDs for which we have space and if we are
// requesting credentials.
var wantCreds bool
- rightsLen := int(controlDataLen) - syscall.SizeofCmsghdr
+ rightsLen := int(controlDataLen) - unix.SizeofCmsghdr
if s.Passcred() {
// Credentials take priority if they are enabled and there is space.
wantCreds = rightsLen > 0
if !wantCreds {
msgFlags |= linux.MSG_CTRUNC
}
- credLen := syscall.CmsgSpace(syscall.SizeofUcred)
+ credLen := unix.CmsgSpace(unix.SizeofUcred)
rightsLen -= credLen
}
// FDs are 32 bit (4 byte) ints.
diff --git a/pkg/sentry/state/state_unsafe.go b/pkg/sentry/state/state_unsafe.go
index d271c6fc9..a3da028c4 100644
--- a/pkg/sentry/state/state_unsafe.go
+++ b/pkg/sentry/state/state_unsafe.go
@@ -16,17 +16,17 @@ package state
import (
"fmt"
- "syscall"
"time"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
// CPUTime returns the CPU time usage by Sentry and app.
func CPUTime() (time.Duration, error) {
- var ts syscall.Timespec
- _, _, errno := syscall.RawSyscall(syscall.SYS_CLOCK_GETTIME, uintptr(linux.CLOCK_PROCESS_CPUTIME_ID), uintptr(unsafe.Pointer(&ts)), 0)
+ var ts unix.Timespec
+ _, _, errno := unix.RawSyscall(unix.SYS_CLOCK_GETTIME, uintptr(linux.CLOCK_PROCESS_CPUTIME_ID), uintptr(unsafe.Pointer(&ts)), 0)
if errno != 0 {
return 0, fmt.Errorf("failed calling clock_gettime(CLOCK_PROCESS_CPUTIME_ID): errno=%d", errno)
}
diff --git a/pkg/sentry/strace/clone.go b/pkg/sentry/strace/clone.go
index e99158712..ab1060426 100644
--- a/pkg/sentry/strace/clone.go
+++ b/pkg/sentry/strace/clone.go
@@ -15,99 +15,98 @@
package strace
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi"
)
// CloneFlagSet is the set of clone(2) flags.
var CloneFlagSet = abi.FlagSet{
{
- Flag: syscall.CLONE_VM,
+ Flag: unix.CLONE_VM,
Name: "CLONE_VM",
},
{
- Flag: syscall.CLONE_FS,
+ Flag: unix.CLONE_FS,
Name: "CLONE_FS",
},
{
- Flag: syscall.CLONE_FILES,
+ Flag: unix.CLONE_FILES,
Name: "CLONE_FILES",
},
{
- Flag: syscall.CLONE_SIGHAND,
+ Flag: unix.CLONE_SIGHAND,
Name: "CLONE_SIGHAND",
},
{
- Flag: syscall.CLONE_PTRACE,
+ Flag: unix.CLONE_PTRACE,
Name: "CLONE_PTRACE",
},
{
- Flag: syscall.CLONE_VFORK,
+ Flag: unix.CLONE_VFORK,
Name: "CLONE_VFORK",
},
{
- Flag: syscall.CLONE_PARENT,
+ Flag: unix.CLONE_PARENT,
Name: "CLONE_PARENT",
},
{
- Flag: syscall.CLONE_THREAD,
+ Flag: unix.CLONE_THREAD,
Name: "CLONE_THREAD",
},
{
- Flag: syscall.CLONE_NEWNS,
+ Flag: unix.CLONE_NEWNS,
Name: "CLONE_NEWNS",
},
{
- Flag: syscall.CLONE_SYSVSEM,
+ Flag: unix.CLONE_SYSVSEM,
Name: "CLONE_SYSVSEM",
},
{
- Flag: syscall.CLONE_SETTLS,
+ Flag: unix.CLONE_SETTLS,
Name: "CLONE_SETTLS",
},
{
- Flag: syscall.CLONE_PARENT_SETTID,
+ Flag: unix.CLONE_PARENT_SETTID,
Name: "CLONE_PARENT_SETTID",
},
{
- Flag: syscall.CLONE_CHILD_CLEARTID,
+ Flag: unix.CLONE_CHILD_CLEARTID,
Name: "CLONE_CHILD_CLEARTID",
},
{
- Flag: syscall.CLONE_DETACHED,
+ Flag: unix.CLONE_DETACHED,
Name: "CLONE_DETACHED",
},
{
- Flag: syscall.CLONE_UNTRACED,
+ Flag: unix.CLONE_UNTRACED,
Name: "CLONE_UNTRACED",
},
{
- Flag: syscall.CLONE_CHILD_SETTID,
+ Flag: unix.CLONE_CHILD_SETTID,
Name: "CLONE_CHILD_SETTID",
},
{
- Flag: syscall.CLONE_NEWUTS,
+ Flag: unix.CLONE_NEWUTS,
Name: "CLONE_NEWUTS",
},
{
- Flag: syscall.CLONE_NEWIPC,
+ Flag: unix.CLONE_NEWIPC,
Name: "CLONE_NEWIPC",
},
{
- Flag: syscall.CLONE_NEWUSER,
+ Flag: unix.CLONE_NEWUSER,
Name: "CLONE_NEWUSER",
},
{
- Flag: syscall.CLONE_NEWPID,
+ Flag: unix.CLONE_NEWPID,
Name: "CLONE_NEWPID",
},
{
- Flag: syscall.CLONE_NEWNET,
+ Flag: unix.CLONE_NEWNET,
Name: "CLONE_NEWNET",
},
{
- Flag: syscall.CLONE_IO,
+ Flag: unix.CLONE_IO,
Name: "CLONE_IO",
},
}
diff --git a/pkg/sentry/strace/open.go b/pkg/sentry/strace/open.go
index e40bcb53b..5769360da 100644
--- a/pkg/sentry/strace/open.go
+++ b/pkg/sentry/strace/open.go
@@ -15,62 +15,61 @@
package strace
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi"
)
// OpenMode represents the mode to open(2) a file.
var OpenMode = abi.ValueSet{
- syscall.O_RDWR: "O_RDWR",
- syscall.O_WRONLY: "O_WRONLY",
- syscall.O_RDONLY: "O_RDONLY",
+ unix.O_RDWR: "O_RDWR",
+ unix.O_WRONLY: "O_WRONLY",
+ unix.O_RDONLY: "O_RDONLY",
}
// OpenFlagSet is the set of open(2) flags.
var OpenFlagSet = abi.FlagSet{
{
- Flag: syscall.O_APPEND,
+ Flag: unix.O_APPEND,
Name: "O_APPEND",
},
{
- Flag: syscall.O_ASYNC,
+ Flag: unix.O_ASYNC,
Name: "O_ASYNC",
},
{
- Flag: syscall.O_CLOEXEC,
+ Flag: unix.O_CLOEXEC,
Name: "O_CLOEXEC",
},
{
- Flag: syscall.O_CREAT,
+ Flag: unix.O_CREAT,
Name: "O_CREAT",
},
{
- Flag: syscall.O_DIRECT,
+ Flag: unix.O_DIRECT,
Name: "O_DIRECT",
},
{
- Flag: syscall.O_DIRECTORY,
+ Flag: unix.O_DIRECTORY,
Name: "O_DIRECTORY",
},
{
- Flag: syscall.O_EXCL,
+ Flag: unix.O_EXCL,
Name: "O_EXCL",
},
{
- Flag: syscall.O_NOATIME,
+ Flag: unix.O_NOATIME,
Name: "O_NOATIME",
},
{
- Flag: syscall.O_NOCTTY,
+ Flag: unix.O_NOCTTY,
Name: "O_NOCTTY",
},
{
- Flag: syscall.O_NOFOLLOW,
+ Flag: unix.O_NOFOLLOW,
Name: "O_NOFOLLOW",
},
{
- Flag: syscall.O_NONBLOCK,
+ Flag: unix.O_NONBLOCK,
Name: "O_NONBLOCK",
},
{
@@ -78,18 +77,18 @@ var OpenFlagSet = abi.FlagSet{
Name: "O_PATH",
},
{
- Flag: syscall.O_SYNC,
+ Flag: unix.O_SYNC,
Name: "O_SYNC",
},
{
- Flag: syscall.O_TRUNC,
+ Flag: unix.O_TRUNC,
Name: "O_TRUNC",
},
}
func open(val uint64) string {
- s := OpenMode.Parse(val & syscall.O_ACCMODE)
- if flags := OpenFlagSet.Parse(val &^ syscall.O_ACCMODE); flags != "" {
+ s := OpenMode.Parse(val & unix.O_ACCMODE)
+ if flags := OpenFlagSet.Parse(val &^ unix.O_ACCMODE); flags != "" {
s += "|" + flags
}
return s
diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go
index a6253626e..fd9649340 100644
--- a/pkg/sentry/syscalls/linux/sys_file.go
+++ b/pkg/sentry/syscalls/linux/sys_file.go
@@ -15,8 +15,7 @@
package linux
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/marshal/primitive"
@@ -368,7 +367,7 @@ func createAt(t *kernel.Task, dirFD int32, addr usermem.Addr, flags uint, mode l
// Are we able to resolve further?
if remainingTraversals == 0 {
- return syscall.ELOOP
+ return unix.ELOOP
}
// Resolve the symlink to a path via Readlink.
@@ -2217,7 +2216,7 @@ func MemfdCreate(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.S
allowSeals := flags&linux.MFD_ALLOW_SEALING != 0
cloExec := flags&linux.MFD_CLOEXEC != 0
- name, err := t.CopyInString(addr, syscall.PathMax-len(memfdPrefix))
+ name, err := t.CopyInString(addr, unix.PathMax-len(memfdPrefix))
if err != nil {
return 0, nil, err
}
diff --git a/pkg/sentry/syscalls/linux/sys_thread.go b/pkg/sentry/syscalls/linux/sys_thread.go
index 8e7ac0ffe..44738c40c 100644
--- a/pkg/sentry/syscalls/linux/sys_thread.go
+++ b/pkg/sentry/syscalls/linux/sys_thread.go
@@ -16,8 +16,8 @@ package linux
import (
"path"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/marshal/primitive"
"gvisor.dev/gvisor/pkg/sentry/arch"
@@ -417,7 +417,7 @@ func Waitid(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
si.SetUID(int32(wr.UID))
// TODO(b/73541790): convert kernel.ExitStatus to functions and make
// WaitResult.Status a linux.WaitStatus.
- s := syscall.WaitStatus(wr.Status)
+ s := unix.WaitStatus(wr.Status)
switch {
case s.Exited():
si.Code = arch.CLD_EXITED
diff --git a/pkg/sentry/time/sampler_unsafe.go b/pkg/sentry/time/sampler_unsafe.go
index e76180217..2ab57c5f8 100644
--- a/pkg/sentry/time/sampler_unsafe.go
+++ b/pkg/sentry/time/sampler_unsafe.go
@@ -15,8 +15,9 @@
package time
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
// syscallTSCReferenceClocks is the standard referenceClocks, collecting
@@ -32,8 +33,8 @@ func (syscallTSCReferenceClocks) Sample(c ClockID) (sample, error) {
s.before = Rdtsc()
// Don't call clockGettime to avoid a call which may call morestack.
- var ts syscall.Timespec
- _, _, e := syscall.RawSyscall(syscall.SYS_CLOCK_GETTIME, uintptr(c), uintptr(unsafe.Pointer(&ts)), 0)
+ var ts unix.Timespec
+ _, _, e := unix.RawSyscall(unix.SYS_CLOCK_GETTIME, uintptr(c), uintptr(unsafe.Pointer(&ts)), 0)
if e != 0 {
return sample{}, e
}
@@ -46,8 +47,8 @@ func (syscallTSCReferenceClocks) Sample(c ClockID) (sample, error) {
// clockGettime calls SYS_CLOCK_GETTIME, returning time in nanoseconds.
func clockGettime(c ClockID) (ReferenceNS, error) {
- var ts syscall.Timespec
- _, _, e := syscall.RawSyscall(syscall.SYS_CLOCK_GETTIME, uintptr(c), uintptr(unsafe.Pointer(&ts)), 0)
+ var ts unix.Timespec
+ _, _, e := unix.RawSyscall(unix.SYS_CLOCK_GETTIME, uintptr(c), uintptr(unsafe.Pointer(&ts)), 0)
if e != 0 {
return 0, e
}
diff --git a/pkg/sentry/usage/memory.go b/pkg/sentry/usage/memory.go
index 5ed6726ab..581862ee2 100644
--- a/pkg/sentry/usage/memory.go
+++ b/pkg/sentry/usage/memory.go
@@ -18,8 +18,8 @@ import (
"fmt"
"os"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/bits"
"gvisor.dev/gvisor/pkg/memutil"
"gvisor.dev/gvisor/pkg/sync"
@@ -132,7 +132,7 @@ func Init() error {
// always be the case for a newly mapped page from /dev/shm. If we obtain
// the shared memory through some other means in the future, we may have to
// explicitly zero the page.
- mmap, err := syscall.Mmap(int(file.Fd()), 0, int(RTMemoryStatsSize), syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_SHARED)
+ mmap, err := unix.Mmap(int(file.Fd()), 0, int(RTMemoryStatsSize), unix.PROT_READ|unix.PROT_WRITE, unix.MAP_SHARED)
if err != nil {
return fmt.Errorf("error mapping usage file: %v", err)
}
diff --git a/pkg/shim/proc/exec.go b/pkg/shim/proc/exec.go
index 1d1d90488..e7968d9d5 100644
--- a/pkg/shim/proc/exec.go
+++ b/pkg/shim/proc/exec.go
@@ -22,7 +22,6 @@ import (
"os"
"path/filepath"
"sync"
- "syscall"
"time"
"github.com/containerd/console"
@@ -216,7 +215,7 @@ func (e *execProcess) start(ctx context.Context) (err error) {
return e.parent.runtimeError(err, "OCI runtime exec failed")
}
if e.stdio.Stdin != "" {
- sc, err := fifo.OpenFifo(context.Background(), e.stdio.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0)
+ sc, err := fifo.OpenFifo(context.Background(), e.stdio.Stdin, unix.O_WRONLY|unix.O_NONBLOCK, 0)
if err != nil {
return fmt.Errorf("failed to open stdin fifo %s: %w", e.stdio.Stdin, err)
}
diff --git a/pkg/shim/proc/init.go b/pkg/shim/proc/init.go
index cacaade88..664465e0d 100644
--- a/pkg/shim/proc/init.go
+++ b/pkg/shim/proc/init.go
@@ -23,7 +23,6 @@ import (
"path/filepath"
"strings"
"sync"
- "syscall"
"time"
"github.com/containerd/console"
@@ -35,6 +34,7 @@ import (
"github.com/containerd/fifo"
runc "github.com/containerd/go-runc"
specs "github.com/opencontainers/runtime-spec/specs-go"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/shim/runsc"
)
@@ -81,7 +81,7 @@ func NewRunsc(root, path, namespace, runtime string, config map[string]string) *
}
return &runsc.Runsc{
Command: runtime,
- PdeathSignal: syscall.SIGKILL,
+ PdeathSignal: unix.SIGKILL,
Log: filepath.Join(path, "log.json"),
LogFormat: runc.JSON,
Root: filepath.Join(root, namespace),
@@ -136,7 +136,7 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) (err error) {
return p.runtimeError(err, "OCI runtime create failed")
}
if r.Stdin != "" {
- sc, err := fifo.OpenFifo(context.Background(), r.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0)
+ sc, err := fifo.OpenFifo(context.Background(), r.Stdin, unix.O_WRONLY|unix.O_NONBLOCK, 0)
if err != nil {
return fmt.Errorf("failed to open stdin fifo %s: %w", r.Stdin, err)
}
@@ -366,7 +366,7 @@ func (p *Init) KillAll(context context.Context) error {
}
func (p *Init) killAll(context context.Context) error {
- p.runtime.Kill(context, p.id, int(syscall.SIGKILL), &runsc.KillOpts{
+ p.runtime.Kill(context, p.id, int(unix.SIGKILL), &runsc.KillOpts{
All: true,
})
// Ignore error handling for `runsc kill --all` for now.
diff --git a/pkg/shim/proc/io.go b/pkg/shim/proc/io.go
index 34d825fb7..0e8a1a8cb 100644
--- a/pkg/shim/proc/io.go
+++ b/pkg/shim/proc/io.go
@@ -22,11 +22,11 @@ import (
"os"
"sync"
"sync/atomic"
- "syscall"
"github.com/containerd/containerd/log"
"github.com/containerd/fifo"
runc "github.com/containerd/go-runc"
+ "golang.org/x/sys/unix"
)
// TODO(random-liu): This file can be a util.
@@ -89,10 +89,10 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w
fr io.Closer
)
if ok {
- if fw, err = fifo.OpenFifo(ctx, i.name, syscall.O_WRONLY, 0); err != nil {
+ if fw, err = fifo.OpenFifo(ctx, i.name, unix.O_WRONLY, 0); err != nil {
return fmt.Errorf("gvisor-containerd-shim: opening %s failed: %s", i.name, err)
}
- if fr, err = fifo.OpenFifo(ctx, i.name, syscall.O_RDONLY, 0); err != nil {
+ if fr, err = fifo.OpenFifo(ctx, i.name, unix.O_RDONLY, 0); err != nil {
return fmt.Errorf("gvisor-containerd-shim: opening %s failed: %s", i.name, err)
}
} else {
@@ -101,7 +101,7 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w
i.dest(sameFile, nil)
continue
}
- if fw, err = os.OpenFile(i.name, syscall.O_WRONLY|syscall.O_APPEND, 0); err != nil {
+ if fw, err = os.OpenFile(i.name, unix.O_WRONLY|unix.O_APPEND, 0); err != nil {
return fmt.Errorf("gvisor-containerd-shim: opening %s failed: %s", i.name, err)
}
if stdout == stderr {
@@ -116,7 +116,7 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w
if stdin == "" {
return nil
}
- f, err := fifo.OpenFifo(context.Background(), stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0)
+ f, err := fifo.OpenFifo(context.Background(), stdin, unix.O_RDONLY|unix.O_NONBLOCK, 0)
if err != nil {
return fmt.Errorf("gvisor-containerd-shim: opening %s failed: %s", stdin, err)
}
diff --git a/pkg/shim/runsc/runsc.go b/pkg/shim/runsc/runsc.go
index 3c4cbf223..ff0521d73 100644
--- a/pkg/shim/runsc/runsc.go
+++ b/pkg/shim/runsc/runsc.go
@@ -26,12 +26,12 @@ import (
"os/exec"
"path/filepath"
"strconv"
- "syscall"
"time"
"github.com/containerd/containerd/log"
runc "github.com/containerd/go-runc"
specs "github.com/opencontainers/runtime-spec/specs-go"
+ "golang.org/x/sys/unix"
)
// DefaultCommand is the default command for Runsc.
@@ -63,7 +63,7 @@ func (l *LogMonitor) Wait(cmd *exec.Cmd, ch chan runc.Exit) (int, error) {
// Runsc is the client to the runsc cli.
type Runsc struct {
Command string
- PdeathSignal syscall.Signal
+ PdeathSignal unix.Signal
Setpgid bool
Root string
Log string
@@ -530,7 +530,7 @@ func (r *Runsc) command(context context.Context, args ...string) *exec.Cmd {
command = DefaultCommand
}
cmd := exec.CommandContext(context, command, append(r.args(), args...)...)
- cmd.SysProcAttr = &syscall.SysProcAttr{
+ cmd.SysProcAttr = &unix.SysProcAttr{
Setpgid: r.Setpgid,
}
if r.PdeathSignal != 0 {
diff --git a/pkg/shim/service.go b/pkg/shim/service.go
index eff55df53..9d9fa8ef6 100644
--- a/pkg/shim/service.go
+++ b/pkg/shim/service.go
@@ -23,7 +23,6 @@ import (
"os/exec"
"path/filepath"
"sync"
- "syscall"
"time"
"github.com/BurntSushi/toml"
@@ -193,7 +192,7 @@ func (s *service) newCommand(ctx context.Context, containerdBinary, containerdAd
cmd := exec.Command(self, args...)
cmd.Dir = cwd
cmd.Env = append(os.Environ(), "GOMAXPROCS=2")
- cmd.SysProcAttr = &syscall.SysProcAttr{
+ cmd.SysProcAttr = &unix.SysProcAttr{
Setpgid: true,
}
return cmd, nil
diff --git a/pkg/shim/service_linux.go b/pkg/shim/service_linux.go
index 11622ed60..829f69282 100644
--- a/pkg/shim/service_linux.go
+++ b/pkg/shim/service_linux.go
@@ -22,10 +22,10 @@ import (
"fmt"
"io"
"sync"
- "syscall"
"github.com/containerd/console"
"github.com/containerd/fifo"
+ "golang.org/x/sys/unix"
)
type linuxPlatform struct {
@@ -43,7 +43,7 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console
}
if stdin != "" {
- in, err := fifo.OpenFifo(context.Background(), stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0)
+ in, err := fifo.OpenFifo(context.Background(), stdin, unix.O_RDONLY|unix.O_NONBLOCK, 0)
if err != nil {
return nil, err
}
@@ -54,11 +54,11 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console
}()
}
- outw, err := fifo.OpenFifo(ctx, stdout, syscall.O_WRONLY, 0)
+ outw, err := fifo.OpenFifo(ctx, stdout, unix.O_WRONLY, 0)
if err != nil {
return nil, err
}
- outr, err := fifo.OpenFifo(ctx, stdout, syscall.O_RDONLY, 0)
+ outr, err := fifo.OpenFifo(ctx, stdout, unix.O_RDONLY, 0)
if err != nil {
return nil, err
}
diff --git a/pkg/syserr/host_linux.go b/pkg/syserr/host_linux.go
index 77faa3670..c8c10f48b 100644
--- a/pkg/syserr/host_linux.go
+++ b/pkg/syserr/host_linux.go
@@ -18,7 +18,8 @@ package syserr
import (
"fmt"
- "syscall"
+
+ "golang.org/x/sys/unix"
)
const maxErrno = 134
@@ -30,15 +31,15 @@ type linuxHostTranslation struct {
var linuxHostTranslations [maxErrno]linuxHostTranslation
-// FromHost translates a syscall.Errno to a corresponding Error value.
-func FromHost(err syscall.Errno) *Error {
+// FromHost translates a unix.Errno to a corresponding Error value.
+func FromHost(err unix.Errno) *Error {
if int(err) >= len(linuxHostTranslations) || !linuxHostTranslations[err].ok {
panic(fmt.Sprintf("unknown host errno %q (%d)", err.Error(), err))
}
return linuxHostTranslations[err].err
}
-func addLinuxHostTranslation(host syscall.Errno, trans *Error) {
+func addLinuxHostTranslation(host unix.Errno, trans *Error) {
if linuxHostTranslations[host].ok {
panic(fmt.Sprintf("duplicate translation for host errno %q (%d)", host.Error(), host))
}
diff --git a/pkg/syserr/syserr.go b/pkg/syserr/syserr.go
index ac4b799c3..b5881ea3c 100644
--- a/pkg/syserr/syserr.go
+++ b/pkg/syserr/syserr.go
@@ -19,8 +19,8 @@ package syserr
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/syserror"
)
@@ -55,7 +55,7 @@ func New(message string, linuxTranslation *linux.Errno) *Error {
panic(fmt.Sprint("invalid errno: ", errno))
}
- e := error(syscall.Errno(errno))
+ e := error(unix.Errno(errno))
// syserror.ErrWouldBlock gets translated to syserror.EWOULDBLOCK and
// enables proper blocking semantics. This should temporary address the
// class of blocking bugs that keep popping up with the current state of
@@ -87,7 +87,7 @@ func NewWithoutTranslation(message string) *Error {
return &Error{message: message, noTranslation: true}
}
-func newWithHost(message string, linuxTranslation *linux.Errno, hostErrno syscall.Errno) *Error {
+func newWithHost(message string, linuxTranslation *linux.Errno, hostErrno unix.Errno) *Error {
e := New(message, linuxTranslation)
addLinuxHostTranslation(hostErrno, e)
return e
@@ -143,133 +143,133 @@ func (e *Error) ToLinux() *linux.Errno {
// Some of the errors should be replaced with package specific errors and
// others should be removed entirely.
var (
- ErrNotPermitted = newWithHost("operation not permitted", linux.EPERM, syscall.EPERM)
- ErrNoFileOrDir = newWithHost("no such file or directory", linux.ENOENT, syscall.ENOENT)
- ErrNoProcess = newWithHost("no such process", linux.ESRCH, syscall.ESRCH)
- ErrInterrupted = newWithHost("interrupted system call", linux.EINTR, syscall.EINTR)
- ErrIO = newWithHost("I/O error", linux.EIO, syscall.EIO)
- ErrDeviceOrAddress = newWithHost("no such device or address", linux.ENXIO, syscall.ENXIO)
- ErrTooManyArgs = newWithHost("argument list too long", linux.E2BIG, syscall.E2BIG)
- ErrEcec = newWithHost("exec format error", linux.ENOEXEC, syscall.ENOEXEC)
- ErrBadFD = newWithHost("bad file number", linux.EBADF, syscall.EBADF)
- ErrNoChild = newWithHost("no child processes", linux.ECHILD, syscall.ECHILD)
- ErrTryAgain = newWithHost("try again", linux.EAGAIN, syscall.EAGAIN)
- ErrNoMemory = newWithHost("out of memory", linux.ENOMEM, syscall.ENOMEM)
- ErrPermissionDenied = newWithHost("permission denied", linux.EACCES, syscall.EACCES)
- ErrBadAddress = newWithHost("bad address", linux.EFAULT, syscall.EFAULT)
- ErrNotBlockDevice = newWithHost("block device required", linux.ENOTBLK, syscall.ENOTBLK)
- ErrBusy = newWithHost("device or resource busy", linux.EBUSY, syscall.EBUSY)
- ErrExists = newWithHost("file exists", linux.EEXIST, syscall.EEXIST)
- ErrCrossDeviceLink = newWithHost("cross-device link", linux.EXDEV, syscall.EXDEV)
- ErrNoDevice = newWithHost("no such device", linux.ENODEV, syscall.ENODEV)
- ErrNotDir = newWithHost("not a directory", linux.ENOTDIR, syscall.ENOTDIR)
- ErrIsDir = newWithHost("is a directory", linux.EISDIR, syscall.EISDIR)
- ErrInvalidArgument = newWithHost("invalid argument", linux.EINVAL, syscall.EINVAL)
- ErrFileTableOverflow = newWithHost("file table overflow", linux.ENFILE, syscall.ENFILE)
- ErrTooManyOpenFiles = newWithHost("too many open files", linux.EMFILE, syscall.EMFILE)
- ErrNotTTY = newWithHost("not a typewriter", linux.ENOTTY, syscall.ENOTTY)
- ErrTestFileBusy = newWithHost("text file busy", linux.ETXTBSY, syscall.ETXTBSY)
- ErrFileTooBig = newWithHost("file too large", linux.EFBIG, syscall.EFBIG)
- ErrNoSpace = newWithHost("no space left on device", linux.ENOSPC, syscall.ENOSPC)
- ErrIllegalSeek = newWithHost("illegal seek", linux.ESPIPE, syscall.ESPIPE)
- ErrReadOnlyFS = newWithHost("read-only file system", linux.EROFS, syscall.EROFS)
- ErrTooManyLinks = newWithHost("too many links", linux.EMLINK, syscall.EMLINK)
- ErrBrokenPipe = newWithHost("broken pipe", linux.EPIPE, syscall.EPIPE)
- ErrDomain = newWithHost("math argument out of domain of func", linux.EDOM, syscall.EDOM)
- ErrRange = newWithHost("math result not representable", linux.ERANGE, syscall.ERANGE)
- ErrDeadlock = newWithHost("resource deadlock would occur", linux.EDEADLOCK, syscall.EDEADLOCK)
- ErrNameTooLong = newWithHost("file name too long", linux.ENAMETOOLONG, syscall.ENAMETOOLONG)
- ErrNoLocksAvailable = newWithHost("no record locks available", linux.ENOLCK, syscall.ENOLCK)
- ErrInvalidSyscall = newWithHost("invalid system call number", linux.ENOSYS, syscall.ENOSYS)
- ErrDirNotEmpty = newWithHost("directory not empty", linux.ENOTEMPTY, syscall.ENOTEMPTY)
- ErrLinkLoop = newWithHost("too many symbolic links encountered", linux.ELOOP, syscall.ELOOP)
- ErrNoMessage = newWithHost("no message of desired type", linux.ENOMSG, syscall.ENOMSG)
- ErrIdentifierRemoved = newWithHost("identifier removed", linux.EIDRM, syscall.EIDRM)
- ErrChannelOutOfRange = newWithHost("channel number out of range", linux.ECHRNG, syscall.ECHRNG)
- ErrLevelTwoNotSynced = newWithHost("level 2 not synchronized", linux.EL2NSYNC, syscall.EL2NSYNC)
- ErrLevelThreeHalted = newWithHost("level 3 halted", linux.EL3HLT, syscall.EL3HLT)
- ErrLevelThreeReset = newWithHost("level 3 reset", linux.EL3RST, syscall.EL3RST)
- ErrLinkNumberOutOfRange = newWithHost("link number out of range", linux.ELNRNG, syscall.ELNRNG)
- ErrProtocolDriverNotAttached = newWithHost("protocol driver not attached", linux.EUNATCH, syscall.EUNATCH)
- ErrNoCSIAvailable = newWithHost("no CSI structure available", linux.ENOCSI, syscall.ENOCSI)
- ErrLevelTwoHalted = newWithHost("level 2 halted", linux.EL2HLT, syscall.EL2HLT)
- ErrInvalidExchange = newWithHost("invalid exchange", linux.EBADE, syscall.EBADE)
- ErrInvalidRequestDescriptor = newWithHost("invalid request descriptor", linux.EBADR, syscall.EBADR)
- ErrExchangeFull = newWithHost("exchange full", linux.EXFULL, syscall.EXFULL)
- ErrNoAnode = newWithHost("no anode", linux.ENOANO, syscall.ENOANO)
- ErrInvalidRequestCode = newWithHost("invalid request code", linux.EBADRQC, syscall.EBADRQC)
- ErrInvalidSlot = newWithHost("invalid slot", linux.EBADSLT, syscall.EBADSLT)
- ErrBadFontFile = newWithHost("bad font file format", linux.EBFONT, syscall.EBFONT)
- ErrNotStream = newWithHost("device not a stream", linux.ENOSTR, syscall.ENOSTR)
- ErrNoDataAvailable = newWithHost("no data available", linux.ENODATA, syscall.ENODATA)
- ErrTimerExpired = newWithHost("timer expired", linux.ETIME, syscall.ETIME)
- ErrStreamsResourceDepleted = newWithHost("out of streams resources", linux.ENOSR, syscall.ENOSR)
- ErrMachineNotOnNetwork = newWithHost("machine is not on the network", linux.ENONET, syscall.ENONET)
- ErrPackageNotInstalled = newWithHost("package not installed", linux.ENOPKG, syscall.ENOPKG)
- ErrIsRemote = newWithHost("object is remote", linux.EREMOTE, syscall.EREMOTE)
- ErrNoLink = newWithHost("link has been severed", linux.ENOLINK, syscall.ENOLINK)
- ErrAdvertise = newWithHost("advertise error", linux.EADV, syscall.EADV)
- ErrSRMount = newWithHost("srmount error", linux.ESRMNT, syscall.ESRMNT)
- ErrSendCommunication = newWithHost("communication error on send", linux.ECOMM, syscall.ECOMM)
- ErrProtocol = newWithHost("protocol error", linux.EPROTO, syscall.EPROTO)
- ErrMultihopAttempted = newWithHost("multihop attempted", linux.EMULTIHOP, syscall.EMULTIHOP)
- ErrRFS = newWithHost("RFS specific error", linux.EDOTDOT, syscall.EDOTDOT)
- ErrInvalidDataMessage = newWithHost("not a data message", linux.EBADMSG, syscall.EBADMSG)
- ErrOverflow = newWithHost("value too large for defined data type", linux.EOVERFLOW, syscall.EOVERFLOW)
- ErrNetworkNameNotUnique = newWithHost("name not unique on network", linux.ENOTUNIQ, syscall.ENOTUNIQ)
- ErrFDInBadState = newWithHost("file descriptor in bad state", linux.EBADFD, syscall.EBADFD)
- ErrRemoteAddressChanged = newWithHost("remote address changed", linux.EREMCHG, syscall.EREMCHG)
- ErrSharedLibraryInaccessible = newWithHost("can not access a needed shared library", linux.ELIBACC, syscall.ELIBACC)
- ErrCorruptedSharedLibrary = newWithHost("accessing a corrupted shared library", linux.ELIBBAD, syscall.ELIBBAD)
- ErrLibSectionCorrupted = newWithHost(".lib section in a.out corrupted", linux.ELIBSCN, syscall.ELIBSCN)
- ErrTooManySharedLibraries = newWithHost("attempting to link in too many shared libraries", linux.ELIBMAX, syscall.ELIBMAX)
- ErrSharedLibraryExeced = newWithHost("cannot exec a shared library directly", linux.ELIBEXEC, syscall.ELIBEXEC)
- ErrIllegalByteSequence = newWithHost("illegal byte sequence", linux.EILSEQ, syscall.EILSEQ)
- ErrShouldRestart = newWithHost("interrupted system call should be restarted", linux.ERESTART, syscall.ERESTART)
- ErrStreamPipe = newWithHost("streams pipe error", linux.ESTRPIPE, syscall.ESTRPIPE)
- ErrTooManyUsers = newWithHost("too many users", linux.EUSERS, syscall.EUSERS)
- ErrNotASocket = newWithHost("socket operation on non-socket", linux.ENOTSOCK, syscall.ENOTSOCK)
- ErrDestinationAddressRequired = newWithHost("destination address required", linux.EDESTADDRREQ, syscall.EDESTADDRREQ)
- ErrMessageTooLong = newWithHost("message too long", linux.EMSGSIZE, syscall.EMSGSIZE)
- ErrWrongProtocolForSocket = newWithHost("protocol wrong type for socket", linux.EPROTOTYPE, syscall.EPROTOTYPE)
- ErrProtocolNotAvailable = newWithHost("protocol not available", linux.ENOPROTOOPT, syscall.ENOPROTOOPT)
- ErrProtocolNotSupported = newWithHost("protocol not supported", linux.EPROTONOSUPPORT, syscall.EPROTONOSUPPORT)
- ErrSocketNotSupported = newWithHost("socket type not supported", linux.ESOCKTNOSUPPORT, syscall.ESOCKTNOSUPPORT)
- ErrEndpointOperation = newWithHost("operation not supported on transport endpoint", linux.EOPNOTSUPP, syscall.EOPNOTSUPP)
- ErrProtocolFamilyNotSupported = newWithHost("protocol family not supported", linux.EPFNOSUPPORT, syscall.EPFNOSUPPORT)
- ErrAddressFamilyNotSupported = newWithHost("address family not supported by protocol", linux.EAFNOSUPPORT, syscall.EAFNOSUPPORT)
- ErrAddressInUse = newWithHost("address already in use", linux.EADDRINUSE, syscall.EADDRINUSE)
- ErrAddressNotAvailable = newWithHost("cannot assign requested address", linux.EADDRNOTAVAIL, syscall.EADDRNOTAVAIL)
- ErrNetworkDown = newWithHost("network is down", linux.ENETDOWN, syscall.ENETDOWN)
- ErrNetworkUnreachable = newWithHost("network is unreachable", linux.ENETUNREACH, syscall.ENETUNREACH)
- ErrNetworkReset = newWithHost("network dropped connection because of reset", linux.ENETRESET, syscall.ENETRESET)
- ErrConnectionAborted = newWithHost("software caused connection abort", linux.ECONNABORTED, syscall.ECONNABORTED)
- ErrConnectionReset = newWithHost("connection reset by peer", linux.ECONNRESET, syscall.ECONNRESET)
- ErrNoBufferSpace = newWithHost("no buffer space available", linux.ENOBUFS, syscall.ENOBUFS)
- ErrAlreadyConnected = newWithHost("transport endpoint is already connected", linux.EISCONN, syscall.EISCONN)
- ErrNotConnected = newWithHost("transport endpoint is not connected", linux.ENOTCONN, syscall.ENOTCONN)
- ErrShutdown = newWithHost("cannot send after transport endpoint shutdown", linux.ESHUTDOWN, syscall.ESHUTDOWN)
- ErrTooManyRefs = newWithHost("too many references: cannot splice", linux.ETOOMANYREFS, syscall.ETOOMANYREFS)
- ErrTimedOut = newWithHost("connection timed out", linux.ETIMEDOUT, syscall.ETIMEDOUT)
- ErrConnectionRefused = newWithHost("connection refused", linux.ECONNREFUSED, syscall.ECONNREFUSED)
- ErrHostDown = newWithHost("host is down", linux.EHOSTDOWN, syscall.EHOSTDOWN)
- ErrNoRoute = newWithHost("no route to host", linux.EHOSTUNREACH, syscall.EHOSTUNREACH)
- ErrAlreadyInProgress = newWithHost("operation already in progress", linux.EALREADY, syscall.EALREADY)
- ErrInProgress = newWithHost("operation now in progress", linux.EINPROGRESS, syscall.EINPROGRESS)
- ErrStaleFileHandle = newWithHost("stale file handle", linux.ESTALE, syscall.ESTALE)
- ErrStructureNeedsCleaning = newWithHost("structure needs cleaning", linux.EUCLEAN, syscall.EUCLEAN)
- ErrIsNamedFile = newWithHost("is a named type file", linux.ENOTNAM, syscall.ENOTNAM)
- ErrRemoteIO = newWithHost("remote I/O error", linux.EREMOTEIO, syscall.EREMOTEIO)
- ErrQuotaExceeded = newWithHost("quota exceeded", linux.EDQUOT, syscall.EDQUOT)
- ErrNoMedium = newWithHost("no medium found", linux.ENOMEDIUM, syscall.ENOMEDIUM)
- ErrWrongMediumType = newWithHost("wrong medium type", linux.EMEDIUMTYPE, syscall.EMEDIUMTYPE)
- ErrCanceled = newWithHost("operation canceled", linux.ECANCELED, syscall.ECANCELED)
- ErrNoKey = newWithHost("required key not available", linux.ENOKEY, syscall.ENOKEY)
- ErrKeyExpired = newWithHost("key has expired", linux.EKEYEXPIRED, syscall.EKEYEXPIRED)
- ErrKeyRevoked = newWithHost("key has been revoked", linux.EKEYREVOKED, syscall.EKEYREVOKED)
- ErrKeyRejected = newWithHost("key was rejected by service", linux.EKEYREJECTED, syscall.EKEYREJECTED)
- ErrOwnerDied = newWithHost("owner died", linux.EOWNERDEAD, syscall.EOWNERDEAD)
- ErrNotRecoverable = newWithHost("state not recoverable", linux.ENOTRECOVERABLE, syscall.ENOTRECOVERABLE)
+ ErrNotPermitted = newWithHost("operation not permitted", linux.EPERM, unix.EPERM)
+ ErrNoFileOrDir = newWithHost("no such file or directory", linux.ENOENT, unix.ENOENT)
+ ErrNoProcess = newWithHost("no such process", linux.ESRCH, unix.ESRCH)
+ ErrInterrupted = newWithHost("interrupted system call", linux.EINTR, unix.EINTR)
+ ErrIO = newWithHost("I/O error", linux.EIO, unix.EIO)
+ ErrDeviceOrAddress = newWithHost("no such device or address", linux.ENXIO, unix.ENXIO)
+ ErrTooManyArgs = newWithHost("argument list too long", linux.E2BIG, unix.E2BIG)
+ ErrEcec = newWithHost("exec format error", linux.ENOEXEC, unix.ENOEXEC)
+ ErrBadFD = newWithHost("bad file number", linux.EBADF, unix.EBADF)
+ ErrNoChild = newWithHost("no child processes", linux.ECHILD, unix.ECHILD)
+ ErrTryAgain = newWithHost("try again", linux.EAGAIN, unix.EAGAIN)
+ ErrNoMemory = newWithHost("out of memory", linux.ENOMEM, unix.ENOMEM)
+ ErrPermissionDenied = newWithHost("permission denied", linux.EACCES, unix.EACCES)
+ ErrBadAddress = newWithHost("bad address", linux.EFAULT, unix.EFAULT)
+ ErrNotBlockDevice = newWithHost("block device required", linux.ENOTBLK, unix.ENOTBLK)
+ ErrBusy = newWithHost("device or resource busy", linux.EBUSY, unix.EBUSY)
+ ErrExists = newWithHost("file exists", linux.EEXIST, unix.EEXIST)
+ ErrCrossDeviceLink = newWithHost("cross-device link", linux.EXDEV, unix.EXDEV)
+ ErrNoDevice = newWithHost("no such device", linux.ENODEV, unix.ENODEV)
+ ErrNotDir = newWithHost("not a directory", linux.ENOTDIR, unix.ENOTDIR)
+ ErrIsDir = newWithHost("is a directory", linux.EISDIR, unix.EISDIR)
+ ErrInvalidArgument = newWithHost("invalid argument", linux.EINVAL, unix.EINVAL)
+ ErrFileTableOverflow = newWithHost("file table overflow", linux.ENFILE, unix.ENFILE)
+ ErrTooManyOpenFiles = newWithHost("too many open files", linux.EMFILE, unix.EMFILE)
+ ErrNotTTY = newWithHost("not a typewriter", linux.ENOTTY, unix.ENOTTY)
+ ErrTestFileBusy = newWithHost("text file busy", linux.ETXTBSY, unix.ETXTBSY)
+ ErrFileTooBig = newWithHost("file too large", linux.EFBIG, unix.EFBIG)
+ ErrNoSpace = newWithHost("no space left on device", linux.ENOSPC, unix.ENOSPC)
+ ErrIllegalSeek = newWithHost("illegal seek", linux.ESPIPE, unix.ESPIPE)
+ ErrReadOnlyFS = newWithHost("read-only file system", linux.EROFS, unix.EROFS)
+ ErrTooManyLinks = newWithHost("too many links", linux.EMLINK, unix.EMLINK)
+ ErrBrokenPipe = newWithHost("broken pipe", linux.EPIPE, unix.EPIPE)
+ ErrDomain = newWithHost("math argument out of domain of func", linux.EDOM, unix.EDOM)
+ ErrRange = newWithHost("math result not representable", linux.ERANGE, unix.ERANGE)
+ ErrDeadlock = newWithHost("resource deadlock would occur", linux.EDEADLOCK, unix.EDEADLOCK)
+ ErrNameTooLong = newWithHost("file name too long", linux.ENAMETOOLONG, unix.ENAMETOOLONG)
+ ErrNoLocksAvailable = newWithHost("no record locks available", linux.ENOLCK, unix.ENOLCK)
+ ErrInvalidSyscall = newWithHost("invalid system call number", linux.ENOSYS, unix.ENOSYS)
+ ErrDirNotEmpty = newWithHost("directory not empty", linux.ENOTEMPTY, unix.ENOTEMPTY)
+ ErrLinkLoop = newWithHost("too many symbolic links encountered", linux.ELOOP, unix.ELOOP)
+ ErrNoMessage = newWithHost("no message of desired type", linux.ENOMSG, unix.ENOMSG)
+ ErrIdentifierRemoved = newWithHost("identifier removed", linux.EIDRM, unix.EIDRM)
+ ErrChannelOutOfRange = newWithHost("channel number out of range", linux.ECHRNG, unix.ECHRNG)
+ ErrLevelTwoNotSynced = newWithHost("level 2 not synchronized", linux.EL2NSYNC, unix.EL2NSYNC)
+ ErrLevelThreeHalted = newWithHost("level 3 halted", linux.EL3HLT, unix.EL3HLT)
+ ErrLevelThreeReset = newWithHost("level 3 reset", linux.EL3RST, unix.EL3RST)
+ ErrLinkNumberOutOfRange = newWithHost("link number out of range", linux.ELNRNG, unix.ELNRNG)
+ ErrProtocolDriverNotAttached = newWithHost("protocol driver not attached", linux.EUNATCH, unix.EUNATCH)
+ ErrNoCSIAvailable = newWithHost("no CSI structure available", linux.ENOCSI, unix.ENOCSI)
+ ErrLevelTwoHalted = newWithHost("level 2 halted", linux.EL2HLT, unix.EL2HLT)
+ ErrInvalidExchange = newWithHost("invalid exchange", linux.EBADE, unix.EBADE)
+ ErrInvalidRequestDescriptor = newWithHost("invalid request descriptor", linux.EBADR, unix.EBADR)
+ ErrExchangeFull = newWithHost("exchange full", linux.EXFULL, unix.EXFULL)
+ ErrNoAnode = newWithHost("no anode", linux.ENOANO, unix.ENOANO)
+ ErrInvalidRequestCode = newWithHost("invalid request code", linux.EBADRQC, unix.EBADRQC)
+ ErrInvalidSlot = newWithHost("invalid slot", linux.EBADSLT, unix.EBADSLT)
+ ErrBadFontFile = newWithHost("bad font file format", linux.EBFONT, unix.EBFONT)
+ ErrNotStream = newWithHost("device not a stream", linux.ENOSTR, unix.ENOSTR)
+ ErrNoDataAvailable = newWithHost("no data available", linux.ENODATA, unix.ENODATA)
+ ErrTimerExpired = newWithHost("timer expired", linux.ETIME, unix.ETIME)
+ ErrStreamsResourceDepleted = newWithHost("out of streams resources", linux.ENOSR, unix.ENOSR)
+ ErrMachineNotOnNetwork = newWithHost("machine is not on the network", linux.ENONET, unix.ENONET)
+ ErrPackageNotInstalled = newWithHost("package not installed", linux.ENOPKG, unix.ENOPKG)
+ ErrIsRemote = newWithHost("object is remote", linux.EREMOTE, unix.EREMOTE)
+ ErrNoLink = newWithHost("link has been severed", linux.ENOLINK, unix.ENOLINK)
+ ErrAdvertise = newWithHost("advertise error", linux.EADV, unix.EADV)
+ ErrSRMount = newWithHost("srmount error", linux.ESRMNT, unix.ESRMNT)
+ ErrSendCommunication = newWithHost("communication error on send", linux.ECOMM, unix.ECOMM)
+ ErrProtocol = newWithHost("protocol error", linux.EPROTO, unix.EPROTO)
+ ErrMultihopAttempted = newWithHost("multihop attempted", linux.EMULTIHOP, unix.EMULTIHOP)
+ ErrRFS = newWithHost("RFS specific error", linux.EDOTDOT, unix.EDOTDOT)
+ ErrInvalidDataMessage = newWithHost("not a data message", linux.EBADMSG, unix.EBADMSG)
+ ErrOverflow = newWithHost("value too large for defined data type", linux.EOVERFLOW, unix.EOVERFLOW)
+ ErrNetworkNameNotUnique = newWithHost("name not unique on network", linux.ENOTUNIQ, unix.ENOTUNIQ)
+ ErrFDInBadState = newWithHost("file descriptor in bad state", linux.EBADFD, unix.EBADFD)
+ ErrRemoteAddressChanged = newWithHost("remote address changed", linux.EREMCHG, unix.EREMCHG)
+ ErrSharedLibraryInaccessible = newWithHost("can not access a needed shared library", linux.ELIBACC, unix.ELIBACC)
+ ErrCorruptedSharedLibrary = newWithHost("accessing a corrupted shared library", linux.ELIBBAD, unix.ELIBBAD)
+ ErrLibSectionCorrupted = newWithHost(".lib section in a.out corrupted", linux.ELIBSCN, unix.ELIBSCN)
+ ErrTooManySharedLibraries = newWithHost("attempting to link in too many shared libraries", linux.ELIBMAX, unix.ELIBMAX)
+ ErrSharedLibraryExeced = newWithHost("cannot exec a shared library directly", linux.ELIBEXEC, unix.ELIBEXEC)
+ ErrIllegalByteSequence = newWithHost("illegal byte sequence", linux.EILSEQ, unix.EILSEQ)
+ ErrShouldRestart = newWithHost("interrupted system call should be restarted", linux.ERESTART, unix.ERESTART)
+ ErrStreamPipe = newWithHost("streams pipe error", linux.ESTRPIPE, unix.ESTRPIPE)
+ ErrTooManyUsers = newWithHost("too many users", linux.EUSERS, unix.EUSERS)
+ ErrNotASocket = newWithHost("socket operation on non-socket", linux.ENOTSOCK, unix.ENOTSOCK)
+ ErrDestinationAddressRequired = newWithHost("destination address required", linux.EDESTADDRREQ, unix.EDESTADDRREQ)
+ ErrMessageTooLong = newWithHost("message too long", linux.EMSGSIZE, unix.EMSGSIZE)
+ ErrWrongProtocolForSocket = newWithHost("protocol wrong type for socket", linux.EPROTOTYPE, unix.EPROTOTYPE)
+ ErrProtocolNotAvailable = newWithHost("protocol not available", linux.ENOPROTOOPT, unix.ENOPROTOOPT)
+ ErrProtocolNotSupported = newWithHost("protocol not supported", linux.EPROTONOSUPPORT, unix.EPROTONOSUPPORT)
+ ErrSocketNotSupported = newWithHost("socket type not supported", linux.ESOCKTNOSUPPORT, unix.ESOCKTNOSUPPORT)
+ ErrEndpointOperation = newWithHost("operation not supported on transport endpoint", linux.EOPNOTSUPP, unix.EOPNOTSUPP)
+ ErrProtocolFamilyNotSupported = newWithHost("protocol family not supported", linux.EPFNOSUPPORT, unix.EPFNOSUPPORT)
+ ErrAddressFamilyNotSupported = newWithHost("address family not supported by protocol", linux.EAFNOSUPPORT, unix.EAFNOSUPPORT)
+ ErrAddressInUse = newWithHost("address already in use", linux.EADDRINUSE, unix.EADDRINUSE)
+ ErrAddressNotAvailable = newWithHost("cannot assign requested address", linux.EADDRNOTAVAIL, unix.EADDRNOTAVAIL)
+ ErrNetworkDown = newWithHost("network is down", linux.ENETDOWN, unix.ENETDOWN)
+ ErrNetworkUnreachable = newWithHost("network is unreachable", linux.ENETUNREACH, unix.ENETUNREACH)
+ ErrNetworkReset = newWithHost("network dropped connection because of reset", linux.ENETRESET, unix.ENETRESET)
+ ErrConnectionAborted = newWithHost("software caused connection abort", linux.ECONNABORTED, unix.ECONNABORTED)
+ ErrConnectionReset = newWithHost("connection reset by peer", linux.ECONNRESET, unix.ECONNRESET)
+ ErrNoBufferSpace = newWithHost("no buffer space available", linux.ENOBUFS, unix.ENOBUFS)
+ ErrAlreadyConnected = newWithHost("transport endpoint is already connected", linux.EISCONN, unix.EISCONN)
+ ErrNotConnected = newWithHost("transport endpoint is not connected", linux.ENOTCONN, unix.ENOTCONN)
+ ErrShutdown = newWithHost("cannot send after transport endpoint shutdown", linux.ESHUTDOWN, unix.ESHUTDOWN)
+ ErrTooManyRefs = newWithHost("too many references: cannot splice", linux.ETOOMANYREFS, unix.ETOOMANYREFS)
+ ErrTimedOut = newWithHost("connection timed out", linux.ETIMEDOUT, unix.ETIMEDOUT)
+ ErrConnectionRefused = newWithHost("connection refused", linux.ECONNREFUSED, unix.ECONNREFUSED)
+ ErrHostDown = newWithHost("host is down", linux.EHOSTDOWN, unix.EHOSTDOWN)
+ ErrNoRoute = newWithHost("no route to host", linux.EHOSTUNREACH, unix.EHOSTUNREACH)
+ ErrAlreadyInProgress = newWithHost("operation already in progress", linux.EALREADY, unix.EALREADY)
+ ErrInProgress = newWithHost("operation now in progress", linux.EINPROGRESS, unix.EINPROGRESS)
+ ErrStaleFileHandle = newWithHost("stale file handle", linux.ESTALE, unix.ESTALE)
+ ErrStructureNeedsCleaning = newWithHost("structure needs cleaning", linux.EUCLEAN, unix.EUCLEAN)
+ ErrIsNamedFile = newWithHost("is a named type file", linux.ENOTNAM, unix.ENOTNAM)
+ ErrRemoteIO = newWithHost("remote I/O error", linux.EREMOTEIO, unix.EREMOTEIO)
+ ErrQuotaExceeded = newWithHost("quota exceeded", linux.EDQUOT, unix.EDQUOT)
+ ErrNoMedium = newWithHost("no medium found", linux.ENOMEDIUM, unix.ENOMEDIUM)
+ ErrWrongMediumType = newWithHost("wrong medium type", linux.EMEDIUMTYPE, unix.EMEDIUMTYPE)
+ ErrCanceled = newWithHost("operation canceled", linux.ECANCELED, unix.ECANCELED)
+ ErrNoKey = newWithHost("required key not available", linux.ENOKEY, unix.ENOKEY)
+ ErrKeyExpired = newWithHost("key has expired", linux.EKEYEXPIRED, unix.EKEYEXPIRED)
+ ErrKeyRevoked = newWithHost("key has been revoked", linux.EKEYREVOKED, unix.EKEYREVOKED)
+ ErrKeyRejected = newWithHost("key was rejected by service", linux.EKEYREJECTED, unix.EKEYREJECTED)
+ ErrOwnerDied = newWithHost("owner died", linux.EOWNERDEAD, unix.EOWNERDEAD)
+ ErrNotRecoverable = newWithHost("state not recoverable", linux.ENOTRECOVERABLE, unix.ENOTRECOVERABLE)
// ErrWouldBlock translates to EWOULDBLOCK which is the same as EAGAIN
// on Linux.
@@ -283,7 +283,7 @@ func FromError(err error) *Error {
if err == nil {
return nil
}
- if errno, ok := err.(syscall.Errno); ok {
+ if errno, ok := err.(unix.Errno); ok {
return FromHost(errno)
}
if errno, ok := syserror.TranslateError(err); ok {
diff --git a/pkg/syserror/syserror.go b/pkg/syserror/syserror.go
index f516c8e46..97de17afe 100644
--- a/pkg/syserror/syserror.go
+++ b/pkg/syserror/syserror.go
@@ -20,68 +20,69 @@ package syserror
import (
"errors"
- "syscall"
+
+ "golang.org/x/sys/unix"
)
// The following variables have the same meaning as their syscall equivalent.
var (
- E2BIG = error(syscall.E2BIG)
- EACCES = error(syscall.EACCES)
- EADDRINUSE = error(syscall.EADDRINUSE)
- EAGAIN = error(syscall.EAGAIN)
- EBADF = error(syscall.EBADF)
- EBADFD = error(syscall.EBADFD)
- EBUSY = error(syscall.EBUSY)
- ECHILD = error(syscall.ECHILD)
- ECONNABORTED = error(syscall.ECONNABORTED)
- ECONNREFUSED = error(syscall.ECONNREFUSED)
- ECONNRESET = error(syscall.ECONNRESET)
- EDEADLK = error(syscall.EDEADLK)
- EEXIST = error(syscall.EEXIST)
- EFAULT = error(syscall.EFAULT)
- EFBIG = error(syscall.EFBIG)
- EIDRM = error(syscall.EIDRM)
- EINTR = error(syscall.EINTR)
- EINVAL = error(syscall.EINVAL)
- EIO = error(syscall.EIO)
- EISDIR = error(syscall.EISDIR)
- ELIBBAD = error(syscall.ELIBBAD)
- ELOOP = error(syscall.ELOOP)
- EMFILE = error(syscall.EMFILE)
- EMLINK = error(syscall.EMLINK)
- EMSGSIZE = error(syscall.EMSGSIZE)
- ENAMETOOLONG = error(syscall.ENAMETOOLONG)
+ E2BIG = error(unix.E2BIG)
+ EACCES = error(unix.EACCES)
+ EADDRINUSE = error(unix.EADDRINUSE)
+ EAGAIN = error(unix.EAGAIN)
+ EBADF = error(unix.EBADF)
+ EBADFD = error(unix.EBADFD)
+ EBUSY = error(unix.EBUSY)
+ ECHILD = error(unix.ECHILD)
+ ECONNABORTED = error(unix.ECONNABORTED)
+ ECONNREFUSED = error(unix.ECONNREFUSED)
+ ECONNRESET = error(unix.ECONNRESET)
+ EDEADLK = error(unix.EDEADLK)
+ EEXIST = error(unix.EEXIST)
+ EFAULT = error(unix.EFAULT)
+ EFBIG = error(unix.EFBIG)
+ EIDRM = error(unix.EIDRM)
+ EINTR = error(unix.EINTR)
+ EINVAL = error(unix.EINVAL)
+ EIO = error(unix.EIO)
+ EISDIR = error(unix.EISDIR)
+ ELIBBAD = error(unix.ELIBBAD)
+ ELOOP = error(unix.ELOOP)
+ EMFILE = error(unix.EMFILE)
+ EMLINK = error(unix.EMLINK)
+ EMSGSIZE = error(unix.EMSGSIZE)
+ ENAMETOOLONG = error(unix.ENAMETOOLONG)
ENOATTR = ENODATA
- ENOBUFS = error(syscall.ENOBUFS)
- ENODATA = error(syscall.ENODATA)
- ENODEV = error(syscall.ENODEV)
- ENOENT = error(syscall.ENOENT)
- ENOEXEC = error(syscall.ENOEXEC)
- ENOLCK = error(syscall.ENOLCK)
- ENOLINK = error(syscall.ENOLINK)
- ENOMEM = error(syscall.ENOMEM)
- ENOSPC = error(syscall.ENOSPC)
- ENOSYS = error(syscall.ENOSYS)
- ENOTCONN = error(syscall.ENOTCONN)
- ENOTDIR = error(syscall.ENOTDIR)
- ENOTEMPTY = error(syscall.ENOTEMPTY)
- ENOTSOCK = error(syscall.ENOTSOCK)
- ENOTSUP = error(syscall.ENOTSUP)
- ENOTTY = error(syscall.ENOTTY)
- ENXIO = error(syscall.ENXIO)
- EOPNOTSUPP = error(syscall.EOPNOTSUPP)
- EOVERFLOW = error(syscall.EOVERFLOW)
- EPERM = error(syscall.EPERM)
- EPIPE = error(syscall.EPIPE)
- ERANGE = error(syscall.ERANGE)
- EREMOTE = error(syscall.EREMOTE)
- EROFS = error(syscall.EROFS)
- ESPIPE = error(syscall.ESPIPE)
- ESRCH = error(syscall.ESRCH)
- ETIMEDOUT = error(syscall.ETIMEDOUT)
- EUSERS = error(syscall.EUSERS)
- EWOULDBLOCK = error(syscall.EWOULDBLOCK)
- EXDEV = error(syscall.EXDEV)
+ ENOBUFS = error(unix.ENOBUFS)
+ ENODATA = error(unix.ENODATA)
+ ENODEV = error(unix.ENODEV)
+ ENOENT = error(unix.ENOENT)
+ ENOEXEC = error(unix.ENOEXEC)
+ ENOLCK = error(unix.ENOLCK)
+ ENOLINK = error(unix.ENOLINK)
+ ENOMEM = error(unix.ENOMEM)
+ ENOSPC = error(unix.ENOSPC)
+ ENOSYS = error(unix.ENOSYS)
+ ENOTCONN = error(unix.ENOTCONN)
+ ENOTDIR = error(unix.ENOTDIR)
+ ENOTEMPTY = error(unix.ENOTEMPTY)
+ ENOTSOCK = error(unix.ENOTSOCK)
+ ENOTSUP = error(unix.ENOTSUP)
+ ENOTTY = error(unix.ENOTTY)
+ ENXIO = error(unix.ENXIO)
+ EOPNOTSUPP = error(unix.EOPNOTSUPP)
+ EOVERFLOW = error(unix.EOVERFLOW)
+ EPERM = error(unix.EPERM)
+ EPIPE = error(unix.EPIPE)
+ ERANGE = error(unix.ERANGE)
+ EREMOTE = error(unix.EREMOTE)
+ EROFS = error(unix.EROFS)
+ ESPIPE = error(unix.ESPIPE)
+ ESRCH = error(unix.ESRCH)
+ ETIMEDOUT = error(unix.ETIMEDOUT)
+ EUSERS = error(unix.EUSERS)
+ EWOULDBLOCK = error(unix.EWOULDBLOCK)
+ EXDEV = error(unix.EXDEV)
)
var (
@@ -102,16 +103,16 @@ var (
)
// errorMap is the map used to convert generic errors into errnos.
-var errorMap = map[error]syscall.Errno{}
+var errorMap = map[error]unix.Errno{}
// errorUnwrappers is an array of unwrap functions to extract typed errors.
-var errorUnwrappers = []func(error) (syscall.Errno, bool){}
+var errorUnwrappers = []func(error) (unix.Errno, bool){}
// AddErrorTranslation allows modules to populate the error map by adding their
// own translations during initialization. Returns if the error translation is
// accepted or not. A pre-existing translation will not be overwritten by the
// new translation.
-func AddErrorTranslation(from error, to syscall.Errno) bool {
+func AddErrorTranslation(from error, to unix.Errno) bool {
if _, ok := errorMap[from]; ok {
return false
}
@@ -122,13 +123,13 @@ func AddErrorTranslation(from error, to syscall.Errno) bool {
// AddErrorUnwrapper registers an unwrap method that can extract a concrete error
// from a typed, but not initialized, error.
-func AddErrorUnwrapper(unwrap func(e error) (syscall.Errno, bool)) {
+func AddErrorUnwrapper(unwrap func(e error) (unix.Errno, bool)) {
errorUnwrappers = append(errorUnwrappers, unwrap)
}
// TranslateError translates errors to errnos, it will return false if
// the error was not registered.
-func TranslateError(from error) (syscall.Errno, bool) {
+func TranslateError(from error) (unix.Errno, bool) {
err, ok := errorMap[from]
if ok {
return err, ok
@@ -222,7 +223,7 @@ func SyscallRestartErrnoFromReturn(rv uintptr) (SyscallRestartErrno, bool) {
}
func init() {
- AddErrorTranslation(ErrWouldBlock, syscall.EWOULDBLOCK)
- AddErrorTranslation(ErrInterrupted, syscall.EINTR)
- AddErrorTranslation(ErrExceedsFileSizeLimit, syscall.EFBIG)
+ AddErrorTranslation(ErrWouldBlock, unix.EWOULDBLOCK)
+ AddErrorTranslation(ErrInterrupted, unix.EINTR)
+ AddErrorTranslation(ErrExceedsFileSizeLimit, unix.EFBIG)
}
diff --git a/pkg/tcpip/link/fdbased/endpoint.go b/pkg/tcpip/link/fdbased/endpoint.go
index 0164d851b..72d3f70ac 100644
--- a/pkg/tcpip/link/fdbased/endpoint.go
+++ b/pkg/tcpip/link/fdbased/endpoint.go
@@ -41,7 +41,6 @@ package fdbased
import (
"fmt"
- "syscall"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/binary"
@@ -237,8 +236,8 @@ func New(opts *Options) (stack.LinkEndpoint, error) {
// Create per channel dispatchers.
for i := 0; i < len(e.fds); i++ {
fd := e.fds[i]
- if err := syscall.SetNonblock(fd, true); err != nil {
- return nil, fmt.Errorf("syscall.SetNonblock(%v) failed: %v", fd, err)
+ if err := unix.SetNonblock(fd, true); err != nil {
+ return nil, fmt.Errorf("unix.SetNonblock(%v) failed: %v", fd, err)
}
isSocket, err := isSocketFD(fd)
@@ -291,7 +290,7 @@ func createInboundDispatcher(e *endpoint, fd int, isSocket bool) (linkDispatcher
// hard to test fragmentation reassembly code in Netstack.
const fanoutType = unix.PACKET_FANOUT_HASH
fanoutArg := fanoutID | fanoutType<<16
- if err := syscall.SetsockoptInt(fd, syscall.SOL_PACKET, unix.PACKET_FANOUT, fanoutArg); err != nil {
+ if err := unix.SetsockoptInt(fd, unix.SOL_PACKET, unix.PACKET_FANOUT, fanoutArg); err != nil {
return nil, fmt.Errorf("failed to enable PACKET_FANOUT option: %v", err)
}
}
@@ -316,11 +315,11 @@ func createInboundDispatcher(e *endpoint, fd int, isSocket bool) (linkDispatcher
}
func isSocketFD(fd int) (bool, error) {
- var stat syscall.Stat_t
- if err := syscall.Fstat(fd, &stat); err != nil {
- return false, fmt.Errorf("syscall.Fstat(%v,...) failed: %v", fd, err)
+ var stat unix.Stat_t
+ if err := unix.Fstat(fd, &stat); err != nil {
+ return false, fmt.Errorf("unix.Fstat(%v,...) failed: %v", fd, err)
}
- return (stat.Mode & syscall.S_IFSOCK) == syscall.S_IFSOCK, nil
+ return (stat.Mode & unix.S_IFSOCK) == unix.S_IFSOCK, nil
}
// Attach launches the goroutine that reads packets from the file descriptor and
@@ -614,7 +613,7 @@ func (e *InjectableEndpoint) InjectInbound(protocol tcpip.NetworkProtocolNumber,
// NewInjectable creates a new fd-based InjectableEndpoint.
func NewInjectable(fd int, mtu uint32, capabilities stack.LinkEndpointCapabilities) *InjectableEndpoint {
- syscall.SetNonblock(fd, true)
+ unix.SetNonblock(fd, true)
return &InjectableEndpoint{endpoint: endpoint{
fds: []int{fd},
diff --git a/pkg/tcpip/link/fdbased/mmap.go b/pkg/tcpip/link/fdbased/mmap.go
index a2b63fe6b..5d698a5e9 100644
--- a/pkg/tcpip/link/fdbased/mmap.go
+++ b/pkg/tcpip/link/fdbased/mmap.go
@@ -19,7 +19,6 @@ package fdbased
import (
"encoding/binary"
"fmt"
- "syscall"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/tcpip"
@@ -137,7 +136,7 @@ func (d *packetMMapDispatcher) readMMappedPacket() ([]byte, tcpip.Error) {
Events: unix.POLLIN | unix.POLLERR,
}
if _, errno := rawfile.BlockingPoll(&event, 1, nil); errno != 0 {
- if errno == syscall.EINTR {
+ if errno == unix.EINTR {
continue
}
return nil, rawfile.TranslateErrno(errno)
diff --git a/pkg/tcpip/link/fdbased/mmap_unsafe.go b/pkg/tcpip/link/fdbased/mmap_unsafe.go
index 3894185ae..1293f68a2 100644
--- a/pkg/tcpip/link/fdbased/mmap_unsafe.go
+++ b/pkg/tcpip/link/fdbased/mmap_unsafe.go
@@ -19,14 +19,13 @@ package fdbased
import (
"fmt"
"sync/atomic"
- "syscall"
"unsafe"
"golang.org/x/sys/unix"
)
// tPacketHdrlen is the TPACKET_HDRLEN variable defined in <linux/if_packet.h>.
-var tPacketHdrlen = tPacketAlign(unsafe.Sizeof(tPacketHdr{}) + unsafe.Sizeof(syscall.RawSockaddrLinklayer{}))
+var tPacketHdrlen = tPacketAlign(unsafe.Sizeof(tPacketHdr{}) + unsafe.Sizeof(unix.RawSockaddrLinklayer{}))
// tpStatus returns the frame status field.
// The status is concurrently updated by the kernel as a result we must
@@ -62,21 +61,21 @@ func newPacketMMapDispatcher(fd int, e *endpoint) (linkDispatcher, error) {
tpFrameNR: uint32(tpFrameNR),
}
// Setup PACKET_RX_RING.
- if err := setsockopt(d.fd, syscall.SOL_PACKET, syscall.PACKET_RX_RING, unsafe.Pointer(&tReq), unsafe.Sizeof(tReq)); err != nil {
+ if err := setsockopt(d.fd, unix.SOL_PACKET, unix.PACKET_RX_RING, unsafe.Pointer(&tReq), unsafe.Sizeof(tReq)); err != nil {
return nil, fmt.Errorf("failed to enable PACKET_RX_RING: %v", err)
}
// Let's mmap the blocks.
sz := tpBlockSize * tpBlockNR
- buf, err := syscall.Mmap(d.fd, 0, sz, syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_SHARED)
+ buf, err := unix.Mmap(d.fd, 0, sz, unix.PROT_READ|unix.PROT_WRITE, unix.MAP_SHARED)
if err != nil {
- return nil, fmt.Errorf("syscall.Mmap(...,0, %v, ...) failed = %v", sz, err)
+ return nil, fmt.Errorf("unix.Mmap(...,0, %v, ...) failed = %v", sz, err)
}
d.ringBuffer = buf
return d, nil
}
func setsockopt(fd, level, name int, val unsafe.Pointer, vallen uintptr) error {
- if _, _, errno := syscall.Syscall6(syscall.SYS_SETSOCKOPT, uintptr(fd), uintptr(level), uintptr(name), uintptr(val), vallen, 0); errno != 0 {
+ if _, _, errno := unix.Syscall6(unix.SYS_SETSOCKOPT, uintptr(fd), uintptr(level), uintptr(name), uintptr(val), vallen, 0); errno != 0 {
return error(errno)
}
diff --git a/pkg/tcpip/link/fdbased/packet_dispatchers.go b/pkg/tcpip/link/fdbased/packet_dispatchers.go
index ecae1ad2d..736871d1c 100644
--- a/pkg/tcpip/link/fdbased/packet_dispatchers.go
+++ b/pkg/tcpip/link/fdbased/packet_dispatchers.go
@@ -17,8 +17,7 @@
package fdbased
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/tcpip"
"gvisor.dev/gvisor/pkg/tcpip/buffer"
"gvisor.dev/gvisor/pkg/tcpip/header"
@@ -38,7 +37,7 @@ type iovecBuffer struct {
// (skipsVnetHdr) then the first iovec points to a buffer for the vnet header
// which is stripped before the views are passed up the stack for further
// processing.
- iovecs []syscall.Iovec
+ iovecs []unix.Iovec
// sizes is an array of buffer sizes for the underlying views. sizes is
// immutable.
@@ -58,18 +57,18 @@ func newIovecBuffer(sizes []int, skipsVnetHdr bool) *iovecBuffer {
if b.skipsVnetHdr {
niov++
}
- b.iovecs = make([]syscall.Iovec, niov)
+ b.iovecs = make([]unix.Iovec, niov)
return b
}
-func (b *iovecBuffer) nextIovecs() []syscall.Iovec {
+func (b *iovecBuffer) nextIovecs() []unix.Iovec {
vnetHdrOff := 0
if b.skipsVnetHdr {
var vnetHdr [virtioNetHdrSize]byte
// The kernel adds virtioNetHdr before each packet, but
// we don't use it, so so we allocate a buffer for it,
// add it in iovecs but don't add it in a view.
- b.iovecs[0] = syscall.Iovec{
+ b.iovecs[0] = unix.Iovec{
Base: &vnetHdr[0],
Len: uint64(virtioNetHdrSize),
}
@@ -81,7 +80,7 @@ func (b *iovecBuffer) nextIovecs() []syscall.Iovec {
}
v := buffer.NewView(b.sizes[i])
b.views[i] = v
- b.iovecs[i+vnetHdrOff] = syscall.Iovec{
+ b.iovecs[i+vnetHdrOff] = unix.Iovec{
Base: &v[0],
Len: uint64(len(v)),
}
@@ -200,7 +199,7 @@ type recvMMsgDispatcher struct {
// msgHdrs is an array of MMsgHdr objects where each MMsghdr is used to
// reference an array of iovecs in the iovecs field defined above. This
// array is passed as the parameter to recvmmsg call to retrieve
- // potentially more than 1 packet per syscall.
+ // potentially more than 1 packet per unix.
msgHdrs []rawfile.MMsgHdr
}
diff --git a/pkg/tcpip/link/rawfile/blockingpoll_noyield_unsafe.go b/pkg/tcpip/link/rawfile/blockingpoll_noyield_unsafe.go
index 621ab8d29..2206fe0e6 100644
--- a/pkg/tcpip/link/rawfile/blockingpoll_noyield_unsafe.go
+++ b/pkg/tcpip/link/rawfile/blockingpoll_noyield_unsafe.go
@@ -17,14 +17,15 @@
package rawfile
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
// BlockingPoll is just a stub function that forwards to the ppoll() system call
// on non-amd64 and non-arm64 platforms.
-func BlockingPoll(fds *PollEvent, nfds int, timeout *syscall.Timespec) (int, syscall.Errno) {
- n, _, e := syscall.Syscall6(syscall.SYS_PPOLL, uintptr(unsafe.Pointer(fds)),
+func BlockingPoll(fds *PollEvent, nfds int, timeout *unix.Timespec) (int, unix.Errno) {
+ n, _, e := unix.Syscall6(unix.SYS_PPOLL, uintptr(unsafe.Pointer(fds)),
uintptr(nfds), uintptr(unsafe.Pointer(timeout)), 0, 0, 0)
return int(n), e
diff --git a/pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go b/pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go
index 7f238102e..5002245a1 100644
--- a/pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go
+++ b/pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go
@@ -21,8 +21,9 @@
package rawfile
import (
- "syscall"
_ "unsafe" // for go:linkname
+
+ "golang.org/x/sys/unix"
)
// BlockingPoll on amd64/arm64 makes the ppoll() syscall while calling the
@@ -32,7 +33,7 @@ import (
// call.
//
//go:noescape
-func BlockingPoll(fds *PollEvent, nfds int, timeout *syscall.Timespec) (int, syscall.Errno)
+func BlockingPoll(fds *PollEvent, nfds int, timeout *unix.Timespec) (int, unix.Errno)
// Use go:linkname to call into the runtime. As of Go 1.12 this has to
// be done from Go code so that we make an ABIInternal call to an
diff --git a/pkg/tcpip/link/rawfile/errors.go b/pkg/tcpip/link/rawfile/errors.go
index 406b97709..9743e70ea 100644
--- a/pkg/tcpip/link/rawfile/errors.go
+++ b/pkg/tcpip/link/rawfile/errors.go
@@ -17,8 +17,7 @@
package rawfile
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/tcpip"
)
@@ -29,47 +28,47 @@ const maxErrno = 134
//
// Valid, but unrecognized errnos will be translated to
// *tcpip.ErrInvalidEndpointState (EINVAL).
-func TranslateErrno(e syscall.Errno) tcpip.Error {
+func TranslateErrno(e unix.Errno) tcpip.Error {
switch e {
- case syscall.EEXIST:
+ case unix.EEXIST:
return &tcpip.ErrDuplicateAddress{}
- case syscall.ENETUNREACH:
+ case unix.ENETUNREACH:
return &tcpip.ErrNoRoute{}
- case syscall.EINVAL:
+ case unix.EINVAL:
return &tcpip.ErrInvalidEndpointState{}
- case syscall.EALREADY:
+ case unix.EALREADY:
return &tcpip.ErrAlreadyConnecting{}
- case syscall.EISCONN:
+ case unix.EISCONN:
return &tcpip.ErrAlreadyConnected{}
- case syscall.EADDRINUSE:
+ case unix.EADDRINUSE:
return &tcpip.ErrPortInUse{}
- case syscall.EADDRNOTAVAIL:
+ case unix.EADDRNOTAVAIL:
return &tcpip.ErrBadLocalAddress{}
- case syscall.EPIPE:
+ case unix.EPIPE:
return &tcpip.ErrClosedForSend{}
- case syscall.EWOULDBLOCK:
+ case unix.EWOULDBLOCK:
return &tcpip.ErrWouldBlock{}
- case syscall.ECONNREFUSED:
+ case unix.ECONNREFUSED:
return &tcpip.ErrConnectionRefused{}
- case syscall.ETIMEDOUT:
+ case unix.ETIMEDOUT:
return &tcpip.ErrTimeout{}
- case syscall.EINPROGRESS:
+ case unix.EINPROGRESS:
return &tcpip.ErrConnectStarted{}
- case syscall.EDESTADDRREQ:
+ case unix.EDESTADDRREQ:
return &tcpip.ErrDestinationRequired{}
- case syscall.ENOTSUP:
+ case unix.ENOTSUP:
return &tcpip.ErrNotSupported{}
- case syscall.ENOTTY:
+ case unix.ENOTTY:
return &tcpip.ErrQueueSizeNotSupported{}
- case syscall.ENOTCONN:
+ case unix.ENOTCONN:
return &tcpip.ErrNotConnected{}
- case syscall.ECONNRESET:
+ case unix.ECONNRESET:
return &tcpip.ErrConnectionReset{}
- case syscall.ECONNABORTED:
+ case unix.ECONNABORTED:
return &tcpip.ErrConnectionAborted{}
- case syscall.EMSGSIZE:
+ case unix.EMSGSIZE:
return &tcpip.ErrMessageTooLong{}
- case syscall.ENOBUFS:
+ case unix.ENOBUFS:
return &tcpip.ErrNoBufferSpace{}
default:
return &tcpip.ErrInvalidEndpointState{}
diff --git a/pkg/tcpip/link/rawfile/rawfile_unsafe.go b/pkg/tcpip/link/rawfile/rawfile_unsafe.go
index 06f3ee21e..ba92aedbc 100644
--- a/pkg/tcpip/link/rawfile/rawfile_unsafe.go
+++ b/pkg/tcpip/link/rawfile/rawfile_unsafe.go
@@ -19,7 +19,6 @@
package rawfile
import (
- "syscall"
"unsafe"
"golang.org/x/sys/unix"
@@ -28,12 +27,12 @@ import (
// GetMTU determines the MTU of a network interface device.
func GetMTU(name string) (uint32, error) {
- fd, err := syscall.Socket(syscall.AF_UNIX, syscall.SOCK_DGRAM, 0)
+ fd, err := unix.Socket(unix.AF_UNIX, unix.SOCK_DGRAM, 0)
if err != nil {
return 0, err
}
- defer syscall.Close(fd)
+ defer unix.Close(fd)
var ifreq struct {
name [16]byte
@@ -42,7 +41,7 @@ func GetMTU(name string) (uint32, error) {
}
copy(ifreq.name[:], name)
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), syscall.SIOCGIFMTU, uintptr(unsafe.Pointer(&ifreq)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), unix.SIOCGIFMTU, uintptr(unsafe.Pointer(&ifreq)))
if errno != 0 {
return 0, errno
}
@@ -58,7 +57,7 @@ func NonBlockingWrite(fd int, buf []byte) tcpip.Error {
ptr = unsafe.Pointer(&buf[0])
}
- _, _, e := syscall.RawSyscall(syscall.SYS_WRITE, uintptr(fd), uintptr(ptr), uintptr(len(buf)))
+ _, _, e := unix.RawSyscall(unix.SYS_WRITE, uintptr(fd), uintptr(ptr), uintptr(len(buf)))
if e != 0 {
return TranslateErrno(e)
}
@@ -66,11 +65,11 @@ func NonBlockingWrite(fd int, buf []byte) tcpip.Error {
return nil
}
-// NonBlockingWriteIovec writes iovec to a file descriptor in a single syscall.
+// NonBlockingWriteIovec writes iovec to a file descriptor in a single unix.
// It fails if partial data is written.
-func NonBlockingWriteIovec(fd int, iovec []syscall.Iovec) tcpip.Error {
+func NonBlockingWriteIovec(fd int, iovec []unix.Iovec) tcpip.Error {
iovecLen := uintptr(len(iovec))
- _, _, e := syscall.RawSyscall(syscall.SYS_WRITEV, uintptr(fd), uintptr(unsafe.Pointer(&iovec[0])), iovecLen)
+ _, _, e := unix.RawSyscall(unix.SYS_WRITEV, uintptr(fd), uintptr(unsafe.Pointer(&iovec[0])), iovecLen)
if e != 0 {
return TranslateErrno(e)
}
@@ -79,7 +78,7 @@ func NonBlockingWriteIovec(fd int, iovec []syscall.Iovec) tcpip.Error {
// NonBlockingSendMMsg sends multiple messages on a socket.
func NonBlockingSendMMsg(fd int, msgHdrs []MMsgHdr) (int, tcpip.Error) {
- n, _, e := syscall.RawSyscall6(unix.SYS_SENDMMSG, uintptr(fd), uintptr(unsafe.Pointer(&msgHdrs[0])), uintptr(len(msgHdrs)), syscall.MSG_DONTWAIT, 0, 0)
+ n, _, e := unix.RawSyscall6(unix.SYS_SENDMMSG, uintptr(fd), uintptr(unsafe.Pointer(&msgHdrs[0])), uintptr(len(msgHdrs)), unix.MSG_DONTWAIT, 0, 0)
if e != 0 {
return 0, TranslateErrno(e)
}
@@ -99,7 +98,7 @@ type PollEvent struct {
// descriptor becomes readable.
func BlockingRead(fd int, b []byte) (int, tcpip.Error) {
for {
- n, _, e := syscall.RawSyscall(syscall.SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(&b[0])), uintptr(len(b)))
+ n, _, e := unix.RawSyscall(unix.SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(&b[0])), uintptr(len(b)))
if e == 0 {
return int(n), nil
}
@@ -110,7 +109,7 @@ func BlockingRead(fd int, b []byte) (int, tcpip.Error) {
}
_, e = BlockingPoll(&event, 1, nil)
- if e != 0 && e != syscall.EINTR {
+ if e != 0 && e != unix.EINTR {
return 0, TranslateErrno(e)
}
}
@@ -119,9 +118,9 @@ func BlockingRead(fd int, b []byte) (int, tcpip.Error) {
// BlockingReadv reads from a file descriptor that is set up as non-blocking and
// stores the data in a list of iovecs buffers. If no data is available, it will
// block in a poll() syscall until the file descriptor becomes readable.
-func BlockingReadv(fd int, iovecs []syscall.Iovec) (int, tcpip.Error) {
+func BlockingReadv(fd int, iovecs []unix.Iovec) (int, tcpip.Error) {
for {
- n, _, e := syscall.RawSyscall(syscall.SYS_READV, uintptr(fd), uintptr(unsafe.Pointer(&iovecs[0])), uintptr(len(iovecs)))
+ n, _, e := unix.RawSyscall(unix.SYS_READV, uintptr(fd), uintptr(unsafe.Pointer(&iovecs[0])), uintptr(len(iovecs)))
if e == 0 {
return int(n), nil
}
@@ -132,7 +131,7 @@ func BlockingReadv(fd int, iovecs []syscall.Iovec) (int, tcpip.Error) {
}
_, e = BlockingPoll(&event, 1, nil)
- if e != 0 && e != syscall.EINTR {
+ if e != 0 && e != unix.EINTR {
return 0, TranslateErrno(e)
}
}
@@ -140,7 +139,7 @@ func BlockingReadv(fd int, iovecs []syscall.Iovec) (int, tcpip.Error) {
// MMsgHdr represents the mmsg_hdr structure required by recvmmsg() on linux.
type MMsgHdr struct {
- Msg syscall.Msghdr
+ Msg unix.Msghdr
Len uint32
_ [4]byte
}
@@ -151,7 +150,7 @@ type MMsgHdr struct {
// becomes readable.
func BlockingRecvMMsg(fd int, msgHdrs []MMsgHdr) (int, tcpip.Error) {
for {
- n, _, e := syscall.RawSyscall6(syscall.SYS_RECVMMSG, uintptr(fd), uintptr(unsafe.Pointer(&msgHdrs[0])), uintptr(len(msgHdrs)), syscall.MSG_DONTWAIT, 0, 0)
+ n, _, e := unix.RawSyscall6(unix.SYS_RECVMMSG, uintptr(fd), uintptr(unsafe.Pointer(&msgHdrs[0])), uintptr(len(msgHdrs)), unix.MSG_DONTWAIT, 0, 0)
if e == 0 {
return int(n), nil
}
@@ -161,7 +160,7 @@ func BlockingRecvMMsg(fd int, msgHdrs []MMsgHdr) (int, tcpip.Error) {
Events: 1, // POLLIN
}
- if _, e := BlockingPoll(&event, 1, nil); e != 0 && e != syscall.EINTR {
+ if _, e := BlockingPoll(&event, 1, nil); e != 0 && e != unix.EINTR {
return 0, TranslateErrno(e)
}
}
diff --git a/pkg/tcpip/link/sharedmem/rx.go b/pkg/tcpip/link/sharedmem/rx.go
index eec11e4cb..8e6f3e5e3 100644
--- a/pkg/tcpip/link/sharedmem/rx.go
+++ b/pkg/tcpip/link/sharedmem/rx.go
@@ -18,8 +18,8 @@ package sharedmem
import (
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/tcpip/link/rawfile"
"gvisor.dev/gvisor/pkg/tcpip/link/sharedmem/queue"
)
@@ -46,43 +46,43 @@ func (r *rx) init(mtu uint32, c *QueueConfig) error {
rxPipe, err := getBuffer(c.RxPipeFD)
if err != nil {
- syscall.Munmap(txPipe)
+ unix.Munmap(txPipe)
return err
}
data, err := getBuffer(c.DataFD)
if err != nil {
- syscall.Munmap(txPipe)
- syscall.Munmap(rxPipe)
+ unix.Munmap(txPipe)
+ unix.Munmap(rxPipe)
return err
}
sharedData, err := getBuffer(c.SharedDataFD)
if err != nil {
- syscall.Munmap(txPipe)
- syscall.Munmap(rxPipe)
- syscall.Munmap(data)
+ unix.Munmap(txPipe)
+ unix.Munmap(rxPipe)
+ unix.Munmap(data)
return err
}
// Duplicate the eventFD so that caller can close it but we can still
// use it.
- efd, err := syscall.Dup(c.EventFD)
+ efd, err := unix.Dup(c.EventFD)
if err != nil {
- syscall.Munmap(txPipe)
- syscall.Munmap(rxPipe)
- syscall.Munmap(data)
- syscall.Munmap(sharedData)
+ unix.Munmap(txPipe)
+ unix.Munmap(rxPipe)
+ unix.Munmap(data)
+ unix.Munmap(sharedData)
return err
}
// Set the eventfd as non-blocking.
- if err := syscall.SetNonblock(efd, true); err != nil {
- syscall.Munmap(txPipe)
- syscall.Munmap(rxPipe)
- syscall.Munmap(data)
- syscall.Munmap(sharedData)
- syscall.Close(efd)
+ if err := unix.SetNonblock(efd, true); err != nil {
+ unix.Munmap(txPipe)
+ unix.Munmap(rxPipe)
+ unix.Munmap(data)
+ unix.Munmap(sharedData)
+ unix.Close(efd)
return err
}
@@ -99,12 +99,12 @@ func (r *rx) init(mtu uint32, c *QueueConfig) error {
// called if init() has previously succeeded.
func (r *rx) cleanup() {
a, b := r.q.Bytes()
- syscall.Munmap(a)
- syscall.Munmap(b)
+ unix.Munmap(a)
+ unix.Munmap(b)
- syscall.Munmap(r.data)
- syscall.Munmap(r.sharedData)
- syscall.Close(r.eventFD)
+ unix.Munmap(r.data)
+ unix.Munmap(r.sharedData)
+ unix.Close(r.eventFD)
}
// postAndReceive posts the provided buffers (if any), and then tries to read
diff --git a/pkg/tcpip/link/sharedmem/sharedmem.go b/pkg/tcpip/link/sharedmem/sharedmem.go
index 2599bc406..d8d0b16b2 100644
--- a/pkg/tcpip/link/sharedmem/sharedmem.go
+++ b/pkg/tcpip/link/sharedmem/sharedmem.go
@@ -24,8 +24,8 @@ package sharedmem
import (
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/sync"
"gvisor.dev/gvisor/pkg/tcpip"
@@ -118,7 +118,7 @@ func (e *endpoint) Close() {
// Tell dispatch goroutine to stop, then write to the eventfd so that
// it wakes up in case it's sleeping.
atomic.StoreUint32(&e.stopRequested, 1)
- syscall.Write(e.rx.eventFD, []byte{1, 0, 0, 0, 0, 0, 0, 0})
+ unix.Write(e.rx.eventFD, []byte{1, 0, 0, 0, 0, 0, 0, 0})
// Cleanup the queues inline if the worker hasn't started yet; we also
// know it won't start from now on because stopRequested is set to 1.
diff --git a/pkg/tcpip/link/sharedmem/tx.go b/pkg/tcpip/link/sharedmem/tx.go
index 44f421c2d..e3210051f 100644
--- a/pkg/tcpip/link/sharedmem/tx.go
+++ b/pkg/tcpip/link/sharedmem/tx.go
@@ -16,8 +16,8 @@ package sharedmem
import (
"math"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/tcpip/buffer"
"gvisor.dev/gvisor/pkg/tcpip/link/sharedmem/queue"
)
@@ -48,14 +48,14 @@ func (t *tx) init(mtu uint32, c *QueueConfig) error {
rxPipe, err := getBuffer(c.RxPipeFD)
if err != nil {
- syscall.Munmap(txPipe)
+ unix.Munmap(txPipe)
return err
}
data, err := getBuffer(c.DataFD)
if err != nil {
- syscall.Munmap(txPipe)
- syscall.Munmap(rxPipe)
+ unix.Munmap(txPipe)
+ unix.Munmap(rxPipe)
return err
}
@@ -72,9 +72,9 @@ func (t *tx) init(mtu uint32, c *QueueConfig) error {
// called if init() has previously succeeded.
func (t *tx) cleanup() {
a, b := t.q.Bytes()
- syscall.Munmap(a)
- syscall.Munmap(b)
- syscall.Munmap(t.data)
+ unix.Munmap(a)
+ unix.Munmap(b)
+ unix.Munmap(t.data)
}
// transmit sends a packet made of bufs. Returns a boolean that specifies
@@ -145,17 +145,17 @@ func (t *tx) transmit(bufs ...buffer.View) bool {
// getBuffer returns a memory region mapped to the full contents of the given
// file descriptor.
func getBuffer(fd int) ([]byte, error) {
- var s syscall.Stat_t
- if err := syscall.Fstat(fd, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(fd, &s); err != nil {
return nil, err
}
// Check that size doesn't overflow an int.
if s.Size > int64(^uint(0)>>1) {
- return nil, syscall.EDOM
+ return nil, unix.EDOM
}
- return syscall.Mmap(fd, 0, int(s.Size), syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_SHARED|syscall.MAP_FILE)
+ return unix.Mmap(fd, 0, int(s.Size), unix.PROT_READ|unix.PROT_WRITE, unix.MAP_SHARED|unix.MAP_FILE)
}
// idDescriptor is used by idManager to either point to a tx buffer (in case
diff --git a/pkg/tcpip/link/tun/tun_unsafe.go b/pkg/tcpip/link/tun/tun_unsafe.go
index 09ca9b527..0591fbd63 100644
--- a/pkg/tcpip/link/tun/tun_unsafe.go
+++ b/pkg/tcpip/link/tun/tun_unsafe.go
@@ -18,24 +18,25 @@
package tun
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
// Open opens the specified TUN device, sets it to non-blocking mode, and
// returns its file descriptor.
func Open(name string) (int, error) {
- return open(name, syscall.IFF_TUN|syscall.IFF_NO_PI)
+ return open(name, unix.IFF_TUN|unix.IFF_NO_PI)
}
// OpenTAP opens the specified TAP device, sets it to non-blocking mode, and
// returns its file descriptor.
func OpenTAP(name string) (int, error) {
- return open(name, syscall.IFF_TAP|syscall.IFF_NO_PI)
+ return open(name, unix.IFF_TAP|unix.IFF_NO_PI)
}
func open(name string, flags uint16) (int, error) {
- fd, err := syscall.Open("/dev/net/tun", syscall.O_RDWR, 0)
+ fd, err := unix.Open("/dev/net/tun", unix.O_RDWR, 0)
if err != nil {
return -1, err
}
@@ -48,14 +49,14 @@ func open(name string, flags uint16) (int, error) {
copy(ifr.name[:], name)
ifr.flags = flags
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), syscall.TUNSETIFF, uintptr(unsafe.Pointer(&ifr)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), unix.TUNSETIFF, uintptr(unsafe.Pointer(&ifr)))
if errno != 0 {
- syscall.Close(fd)
+ unix.Close(fd)
return -1, errno
}
- if err = syscall.SetNonblock(fd, true); err != nil {
- syscall.Close(fd)
+ if err = unix.SetNonblock(fd, true); err != nil {
+ unix.Close(fd)
return -1, err
}
diff --git a/pkg/unet/unet.go b/pkg/unet/unet.go
index 22dd40f21..40fa72925 100644
--- a/pkg/unet/unet.go
+++ b/pkg/unet/unet.go
@@ -21,8 +21,8 @@ package unet
import (
"errors"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/sync"
)
@@ -39,15 +39,15 @@ var errMessageTruncated = errors.New("message truncated")
// socketType returns the appropriate type.
func socketType(packet bool) int {
if packet {
- return syscall.SOCK_SEQPACKET
+ return unix.SOCK_SEQPACKET
}
- return syscall.SOCK_STREAM
+ return unix.SOCK_STREAM
}
// socket creates a new host socket.
func socket(packet bool) (int, error) {
// Make a new socket.
- fd, err := syscall.Socket(syscall.AF_UNIX, socketType(packet), 0)
+ fd, err := unix.Socket(unix.AF_UNIX, socketType(packet), 0)
if err != nil {
return 0, err
}
@@ -57,7 +57,7 @@ func socket(packet bool) (int, error) {
// eventFD returns a new event FD with initial value 0.
func eventFD() (int, error) {
- f, _, e := syscall.Syscall(syscall.SYS_EVENTFD2, 0, 0, 0)
+ f, _, e := unix.Syscall(unix.SYS_EVENTFD2, 0, 0, 0)
if e != 0 {
return -1, e
}
@@ -89,9 +89,9 @@ type Socket struct {
//
// NewSocket takes ownership of fd.
func NewSocket(fd int) (*Socket, error) {
- // fd must be non-blocking for non-blocking syscall.Accept in
+ // fd must be non-blocking for non-blocking unix.Accept in
// ServerSocket.Accept.
- if err := syscall.SetNonblock(fd, true); err != nil {
+ if err := unix.SetNonblock(fd, true); err != nil {
return nil, err
}
@@ -112,14 +112,14 @@ func (s *Socket) finish() error {
// Signal any blocked or future polls.
//
// N.B. eventfd writes must be 8 bytes.
- if _, err := syscall.Write(s.efd, []byte{1, 0, 0, 0, 0, 0, 0, 0}); err != nil {
+ if _, err := unix.Write(s.efd, []byte{1, 0, 0, 0, 0, 0, 0, 0}); err != nil {
return err
}
// Close the gate, blocking until all FD users leave.
s.gate.Close()
- return syscall.Close(s.efd)
+ return unix.Close(s.efd)
}
// Close closes the socket.
@@ -129,7 +129,7 @@ func (s *Socket) Close() error {
fd := int(atomic.SwapInt32(&s.fd, -1))
if fd < 0 {
// Already closed or closing.
- return syscall.EBADF
+ return unix.EBADF
}
// Shutdown the socket to cancel any pending accepts.
@@ -139,7 +139,7 @@ func (s *Socket) Close() error {
return err
}
- return syscall.Close(fd)
+ return unix.Close(fd)
}
// Release releases ownership of the socket FD.
@@ -153,7 +153,7 @@ func (s *Socket) Release() (int, error) {
fd := int(atomic.SwapInt32(&s.fd, -1))
if fd < 0 {
// Already closed or closing.
- return -1, syscall.EBADF
+ return -1, unix.EBADF
}
if err := s.finish(); err != nil {
@@ -201,7 +201,7 @@ func (s *Socket) enterFD() (int, bool) {
// SocketPair creates a pair of connected sockets.
func SocketPair(packet bool) (*Socket, *Socket, error) {
// Make a new pair.
- fds, err := syscall.Socketpair(syscall.AF_UNIX, socketType(packet)|syscall.SOCK_CLOEXEC, 0)
+ fds, err := unix.Socketpair(unix.AF_UNIX, socketType(packet)|unix.SOCK_CLOEXEC, 0)
if err != nil {
return nil, nil, err
}
@@ -216,15 +216,15 @@ func SocketPair(packet bool) (*Socket, *Socket, error) {
var race int32
a, err := NewSocket(fds[0])
if err != nil {
- syscall.Close(fds[0])
- syscall.Close(fds[1])
+ unix.Close(fds[0])
+ unix.Close(fds[1])
return nil, nil, err
}
a.race = &race
b, err := NewSocket(fds[1])
if err != nil {
a.Close()
- syscall.Close(fds[1])
+ unix.Close(fds[1])
return nil, nil, err
}
b.race = &race
@@ -239,9 +239,9 @@ func Connect(addr string, packet bool) (*Socket, error) {
}
// Connect the socket.
- usa := &syscall.SockaddrUnix{Name: addr}
- if err := syscall.Connect(fd, usa); err != nil {
- syscall.Close(fd)
+ usa := &unix.SockaddrUnix{Name: addr}
+ if err := unix.Connect(fd, usa); err != nil {
+ unix.Close(fd)
return nil, err
}
@@ -260,20 +260,20 @@ type ControlMessage []byte
//
// This must be called prior to ReadVec if you want to receive FDs.
func (c *ControlMessage) EnableFDs(count int) {
- *c = make([]byte, syscall.CmsgSpace(count*4))
+ *c = make([]byte, unix.CmsgSpace(count*4))
}
// ExtractFDs returns the list of FDs in the control message.
//
// Either this or CloseFDs should be used after EnableFDs.
func (c *ControlMessage) ExtractFDs() ([]int, error) {
- msgs, err := syscall.ParseSocketControlMessage(*c)
+ msgs, err := unix.ParseSocketControlMessage(*c)
if err != nil {
return nil, err
}
var fds []int
for _, msg := range msgs {
- thisFds, err := syscall.ParseUnixRights(&msg)
+ thisFds, err := unix.ParseUnixRights(&msg)
if err != nil {
// Different control message.
return nil, err
@@ -294,7 +294,7 @@ func (c *ControlMessage) CloseFDs() {
fds, _ := c.ExtractFDs()
for _, fd := range fds {
if fd >= 0 {
- syscall.Close(fd)
+ unix.Close(fd)
}
}
}
@@ -303,7 +303,7 @@ func (c *ControlMessage) CloseFDs() {
//
// This must be used prior to WriteVec.
func (c *ControlMessage) PackFDs(fds ...int) {
- *c = ControlMessage(syscall.UnixRights(fds...))
+ *c = ControlMessage(unix.UnixRights(fds...))
}
// UnpackFDs clears the control message.
@@ -338,7 +338,7 @@ func (s *Socket) Write(p []byte) (int, error) {
func (s *Socket) GetSockOpt(level int, name int, b []byte) (uint32, error) {
fd, ok := s.enterFD()
if !ok {
- return 0, syscall.EBADF
+ return 0, unix.EBADF
}
defer s.gate.Leave()
@@ -349,7 +349,7 @@ func (s *Socket) GetSockOpt(level int, name int, b []byte) (uint32, error) {
func (s *Socket) SetSockOpt(level, name int, b []byte) error {
fd, ok := s.enterFD()
if !ok {
- return syscall.EBADF
+ return unix.EBADF
}
defer s.gate.Leave()
@@ -360,12 +360,12 @@ func (s *Socket) SetSockOpt(level, name int, b []byte) error {
func (s *Socket) GetSockName() ([]byte, error) {
fd, ok := s.enterFD()
if !ok {
- return nil, syscall.EBADF
+ return nil, unix.EBADF
}
defer s.gate.Leave()
var buf []byte
- l := syscall.SizeofSockaddrAny
+ l := unix.SizeofSockaddrAny
for {
// If the buffer is not large enough, allocate a new one with the hint.
@@ -385,12 +385,12 @@ func (s *Socket) GetSockName() ([]byte, error) {
func (s *Socket) GetPeerName() ([]byte, error) {
fd, ok := s.enterFD()
if !ok {
- return nil, syscall.EBADF
+ return nil, unix.EBADF
}
defer s.gate.Leave()
var buf []byte
- l := syscall.SizeofSockaddrAny
+ l := unix.SizeofSockaddrAny
for {
// See above.
@@ -407,14 +407,14 @@ func (s *Socket) GetPeerName() ([]byte, error) {
}
// GetPeerCred returns the peer's unix credentials.
-func (s *Socket) GetPeerCred() (*syscall.Ucred, error) {
+func (s *Socket) GetPeerCred() (*unix.Ucred, error) {
fd, ok := s.enterFD()
if !ok {
- return nil, syscall.EBADF
+ return nil, unix.EBADF
}
defer s.gate.Leave()
- return syscall.GetsockoptUcred(fd, syscall.SOL_SOCKET, syscall.SO_PEERCRED)
+ return unix.GetsockoptUcred(fd, unix.SOL_SOCKET, unix.SO_PEERCRED)
}
// SocketReader wraps an individual receive operation.
@@ -445,14 +445,14 @@ func (s *Socket) Read(p []byte) (int, error) {
func (s *Socket) shutdown(fd int) error {
// Shutdown the socket to cancel any pending accepts.
- return syscall.Shutdown(fd, syscall.SHUT_RDWR)
+ return unix.Shutdown(fd, unix.SHUT_RDWR)
}
// Shutdown closes the socket for read and write.
func (s *Socket) Shutdown() error {
fd, ok := s.enterFD()
if !ok {
- return syscall.EBADF
+ return unix.EBADF
}
defer s.gate.Leave()
@@ -481,9 +481,9 @@ func Bind(addr string, packet bool) (*ServerSocket, error) {
}
// Do the bind.
- usa := &syscall.SockaddrUnix{Name: addr}
- if err := syscall.Bind(fd, usa); err != nil {
- syscall.Close(fd)
+ usa := &unix.SockaddrUnix{Name: addr}
+ if err := unix.Bind(fd, usa); err != nil {
+ unix.Close(fd)
return nil, err
}
@@ -510,11 +510,11 @@ func BindAndListen(addr string, packet bool) (*ServerSocket, error) {
func (s *ServerSocket) Listen() error {
fd, ok := s.socket.enterFD()
if !ok {
- return syscall.EBADF
+ return unix.EBADF
}
defer s.socket.gate.Leave()
- return syscall.Listen(fd, backlog)
+ return unix.Listen(fd, backlog)
}
// Accept accepts a new connection.
@@ -526,19 +526,19 @@ func (s *ServerSocket) Listen() error {
func (s *ServerSocket) Accept() (*Socket, error) {
fd, ok := s.socket.enterFD()
if !ok {
- return nil, syscall.EBADF
+ return nil, unix.EBADF
}
defer s.socket.gate.Leave()
for {
- nfd, _, err := syscall.Accept(fd)
+ nfd, _, err := unix.Accept(fd)
switch err {
case nil:
return NewSocket(nfd)
- case syscall.EAGAIN:
+ case unix.EAGAIN:
err = s.socket.wait(false)
if err == errClosing {
- err = syscall.EBADF
+ err = unix.EBADF
}
}
if err != nil {
diff --git a/pkg/unet/unet_unsafe.go b/pkg/unet/unet_unsafe.go
index 85ef46edf..f0bf93ddd 100644
--- a/pkg/unet/unet_unsafe.go
+++ b/pkg/unet/unet_unsafe.go
@@ -17,7 +17,6 @@ package unet
import (
"io"
"sync/atomic"
- "syscall"
"unsafe"
"golang.org/x/sys/unix"
@@ -52,8 +51,8 @@ func (s *Socket) wait(write bool) error {
events[0].Events = unix.POLLOUT
}
- _, _, e := syscall.Syscall6(syscall.SYS_PPOLL, uintptr(unsafe.Pointer(&events[0])), 2, 0, 0, 0, 0)
- if e == syscall.EINTR {
+ _, _, e := unix.Syscall6(unix.SYS_PPOLL, uintptr(unsafe.Pointer(&events[0])), 2, 0, 0, 0, 0)
+ if e == unix.EINTR {
continue
}
if e != 0 {
@@ -72,11 +71,11 @@ func (s *Socket) wait(write bool) error {
// buildIovec builds an iovec slice from the given []byte slice.
//
// iovecs is used as an initial slice, to avoid excessive allocations.
-func buildIovec(bufs [][]byte, iovecs []syscall.Iovec) ([]syscall.Iovec, int) {
+func buildIovec(bufs [][]byte, iovecs []unix.Iovec) ([]unix.Iovec, int) {
var length int
for i := range bufs {
if l := len(bufs[i]); l > 0 {
- iovecs = append(iovecs, syscall.Iovec{
+ iovecs = append(iovecs, unix.Iovec{
Base: &bufs[i][0],
Len: uint64(l),
})
@@ -93,9 +92,9 @@ func buildIovec(bufs [][]byte, iovecs []syscall.Iovec) ([]syscall.Iovec, int) {
// This function is not guaranteed to read all available data, it
// returns as soon as a single recvmsg call succeeds.
func (r *SocketReader) ReadVec(bufs [][]byte) (int, error) {
- iovecs, length := buildIovec(bufs, make([]syscall.Iovec, 0, 2))
+ iovecs, length := buildIovec(bufs, make([]unix.Iovec, 0, 2))
- var msg syscall.Msghdr
+ var msg unix.Msghdr
if len(r.source) != 0 {
msg.Name = &r.source[0]
msg.Namelen = uint32(len(r.source))
@@ -116,25 +115,25 @@ func (r *SocketReader) ReadVec(bufs [][]byte) (int, error) {
fd, ok := r.socket.enterFD()
if !ok {
- return 0, syscall.EBADF
+ return 0, unix.EBADF
}
// Leave on returns below.
for {
- var e syscall.Errno
+ var e unix.Errno
// Try a non-blocking recv first, so we don't give up the go runtime M.
- n, _, e = syscall.RawSyscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), syscall.MSG_DONTWAIT|syscall.MSG_TRUNC)
+ n, _, e = unix.RawSyscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), unix.MSG_DONTWAIT|unix.MSG_TRUNC)
if e == 0 {
break
}
- if e == syscall.EINTR {
+ if e == unix.EINTR {
continue
}
if !r.blocking {
r.socket.gate.Leave()
return 0, e
}
- if e != syscall.EAGAIN && e != syscall.EWOULDBLOCK {
+ if e != unix.EAGAIN && e != unix.EWOULDBLOCK {
r.socket.gate.Leave()
return 0, e
}
@@ -142,7 +141,7 @@ func (r *SocketReader) ReadVec(bufs [][]byte) (int, error) {
// Wait for the socket to become readable.
err := r.socket.wait(false)
if err == errClosing {
- err = syscall.EBADF
+ err = unix.EBADF
}
if err != nil {
r.socket.gate.Leave()
@@ -184,14 +183,14 @@ func (r *SocketReader) ReadVec(bufs [][]byte) (int, error) {
// This function is not guaranteed to send all data, it returns
// as soon as a single sendmsg call succeeds.
func (w *SocketWriter) WriteVec(bufs [][]byte) (int, error) {
- iovecs, _ := buildIovec(bufs, make([]syscall.Iovec, 0, 2))
+ iovecs, _ := buildIovec(bufs, make([]unix.Iovec, 0, 2))
if w.race != nil {
// See comments on Socket.race.
atomic.AddInt32(w.race, 1)
}
- var msg syscall.Msghdr
+ var msg unix.Msghdr
if len(w.to) != 0 {
msg.Name = &w.to[0]
msg.Namelen = uint32(len(w.to))
@@ -209,24 +208,24 @@ func (w *SocketWriter) WriteVec(bufs [][]byte) (int, error) {
fd, ok := w.socket.enterFD()
if !ok {
- return 0, syscall.EBADF
+ return 0, unix.EBADF
}
// Leave on returns below.
for {
// Try a non-blocking send first, so we don't give up the go runtime M.
- n, _, e := syscall.RawSyscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), syscall.MSG_DONTWAIT|syscall.MSG_NOSIGNAL)
+ n, _, e := unix.RawSyscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), unix.MSG_DONTWAIT|unix.MSG_NOSIGNAL)
if e == 0 {
w.socket.gate.Leave()
return int(n), nil
}
- if e == syscall.EINTR {
+ if e == unix.EINTR {
continue
}
if !w.blocking {
w.socket.gate.Leave()
return 0, e
}
- if e != syscall.EAGAIN && e != syscall.EWOULDBLOCK {
+ if e != unix.EAGAIN && e != unix.EWOULDBLOCK {
w.socket.gate.Leave()
return 0, e
}
@@ -234,7 +233,7 @@ func (w *SocketWriter) WriteVec(bufs [][]byte) (int, error) {
// Wait for the socket to become writeable.
err := w.socket.wait(true)
if err == errClosing {
- err = syscall.EBADF
+ err = unix.EBADF
}
if err != nil {
w.socket.gate.Leave()
@@ -244,10 +243,10 @@ func (w *SocketWriter) WriteVec(bufs [][]byte) (int, error) {
// Unreachable, no s.gate.Leave needed.
}
-// getsockopt issues a getsockopt syscall.
+// getsockopt issues a getsockopt unix.
func getsockopt(fd int, level int, optname int, buf []byte) (uint32, error) {
l := uint32(len(buf))
- _, _, e := syscall.RawSyscall6(syscall.SYS_GETSOCKOPT, uintptr(fd), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&l)), 0)
+ _, _, e := unix.RawSyscall6(unix.SYS_GETSOCKOPT, uintptr(fd), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&l)), 0)
if e != 0 {
return 0, e
}
@@ -255,9 +254,9 @@ func getsockopt(fd int, level int, optname int, buf []byte) (uint32, error) {
return l, nil
}
-// setsockopt issues a setsockopt syscall.
+// setsockopt issues a setsockopt unix.
func setsockopt(fd int, level int, optname int, buf []byte) error {
- _, _, e := syscall.RawSyscall6(syscall.SYS_SETSOCKOPT, uintptr(fd), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(&buf[0])), uintptr(len(buf)), 0)
+ _, _, e := unix.RawSyscall6(unix.SYS_SETSOCKOPT, uintptr(fd), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(&buf[0])), uintptr(len(buf)), 0)
if e != 0 {
return e
}
@@ -265,10 +264,10 @@ func setsockopt(fd int, level int, optname int, buf []byte) error {
return nil
}
-// getsockname issues a getsockname syscall.
+// getsockname issues a getsockname unix.
func getsockname(fd int, buf []byte) (uint32, error) {
l := uint32(len(buf))
- _, _, e := syscall.RawSyscall(syscall.SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&l)))
+ _, _, e := unix.RawSyscall(unix.SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&l)))
if e != 0 {
return 0, e
}
@@ -276,10 +275,10 @@ func getsockname(fd int, buf []byte) (uint32, error) {
return l, nil
}
-// getpeername issues a getpeername syscall.
+// getpeername issues a getpeername unix.
func getpeername(fd int, buf []byte) (uint32, error) {
l := uint32(len(buf))
- _, _, e := syscall.RawSyscall(syscall.SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&l)))
+ _, _, e := unix.RawSyscall(unix.SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&l)))
if e != 0 {
return 0, e
}
diff --git a/pkg/usermem/access_type.go b/pkg/usermem/access_type.go
index 9c1742a59..2cfca29af 100644
--- a/pkg/usermem/access_type.go
+++ b/pkg/usermem/access_type.go
@@ -14,9 +14,7 @@
package usermem
-import (
- "syscall"
-)
+import "golang.org/x/sys/unix"
// AccessType specifies memory access types. This is used for
// setting mapping permissions, as well as communicating faults.
@@ -54,17 +52,17 @@ func (a AccessType) Any() bool {
return a.Read || a.Write || a.Execute
}
-// Prot returns the system prot (syscall.PROT_READ, etc.) for this access.
+// Prot returns the system prot (unix.PROT_READ, etc.) for this access.
func (a AccessType) Prot() int {
var prot int
if a.Read {
- prot |= syscall.PROT_READ
+ prot |= unix.PROT_READ
}
if a.Write {
- prot |= syscall.PROT_WRITE
+ prot |= unix.PROT_WRITE
}
if a.Execute {
- prot |= syscall.PROT_EXEC
+ prot |= unix.PROT_EXEC
}
return prot
}
diff --git a/pkg/usermem/usermem_arm64.go b/pkg/usermem/usermem_arm64.go
index fdfc30a66..7e7529585 100644
--- a/pkg/usermem/usermem_arm64.go
+++ b/pkg/usermem/usermem_arm64.go
@@ -18,13 +18,14 @@ package usermem
import (
"encoding/binary"
- "syscall"
+
+ "golang.org/x/sys/unix"
)
const (
// PageSize is the system page size.
// arm64 support 4K/16K/64K page size,
- // which can be get by syscall.Getpagesize().
+ // which can be get by unix.Getpagesize().
// Currently, only 4K page size is supported.
PageSize = 1 << PageShift
@@ -47,7 +48,7 @@ var (
func init() {
// Make sure the page size is 4K on arm64 platform.
- if size := syscall.Getpagesize(); size != PageSize {
+ if size := unix.Getpagesize(); size != PageSize {
panic("Only 4K page size is supported on arm64!")
}
}