Merge 69e0affa (automated)

11 files changed, 85 insertions, 147 deletions

diff --git a/runsc/boot/config.go b/runsc/boot/config.go
index 6d276f207..6f1eb9a41 100644
--- a/runsc/boot/config.go
+++ b/runsc/boot/config.go
@@ -22,40 +22,6 @@ import (
 	"gvisor.dev/gvisor/pkg/sentry/watchdog"
 )
 
-// PlatformType tells which platform to use.
-type PlatformType int
-
-const (
-	// PlatformPtrace runs the sandbox with the ptrace platform.
-	PlatformPtrace PlatformType = iota
-
-	// PlatformKVM runs the sandbox with the KVM platform.
-	PlatformKVM
-)
-
-// MakePlatformType converts type from string.
-func MakePlatformType(s string) (PlatformType, error) {
-	switch s {
-	case "ptrace":
-		return PlatformPtrace, nil
-	case "kvm":
-		return PlatformKVM, nil
-	default:
-		return 0, fmt.Errorf("invalid platform type %q", s)
-	}
-}
-
-func (p PlatformType) String() string {
-	switch p {
-	case PlatformPtrace:
-		return "ptrace"
-	case PlatformKVM:
-		return "kvm"
-	default:
-		return fmt.Sprintf("unknown(%d)", p)
-	}
-}
-
 // FileAccessType tells how the filesystem is accessed.
 type FileAccessType int
 
@@ -187,7 +153,7 @@ type Config struct {
 	LogPackets bool
 
 	// Platform is the platform to run on.
-	Platform PlatformType
+	Platform string
 
 	// Strace indicates that strace should be enabled.
 	Strace bool
@@ -247,7 +213,7 @@ func (c *Config) ToFlags() []string {
 		"--overlay=" + strconv.FormatBool(c.Overlay),
 		"--network=" + c.Network.String(),
 		"--log-packets=" + strconv.FormatBool(c.LogPackets),
-		"--platform=" + c.Platform.String(),
+		"--platform=" + c.Platform,
 		"--strace=" + strconv.FormatBool(c.Strace),
 		"--strace-syscalls=" + strings.Join(c.StraceSyscalls, ","),
 		"--strace-log-size=" + strconv.Itoa(int(c.StraceLogSize)),
diff --git a/runsc/boot/fds.go b/runsc/boot/fds.go
index 59e1b46ec..e5de1f3d7 100644
--- a/runsc/boot/fds.go
+++ b/runsc/boot/fds.go
@@ -21,32 +21,23 @@ import (
 	"gvisor.dev/gvisor/pkg/sentry/fs"
 	"gvisor.dev/gvisor/pkg/sentry/fs/host"
 	"gvisor.dev/gvisor/pkg/sentry/kernel"
-	"gvisor.dev/gvisor/pkg/sentry/kernel/kdefs"
-	"gvisor.dev/gvisor/pkg/sentry/limits"
 )
 
-// createFDMap creates an FD map that contains stdin, stdout, and stderr. If
-// console is true, then ioctl calls will be passed through to the host FD.
+// createFDTable creates an FD table that contains stdin, stdout, and stderr.
+// If console is true, then ioctl calls will be passed through to the host FD.
 // Upon success, createFDMap dups then closes stdioFDs.
-func createFDMap(ctx context.Context, l *limits.LimitSet, console bool, stdioFDs []int) (*kernel.FDMap, error) {
+func createFDTable(ctx context.Context, console bool, stdioFDs []int) (*kernel.FDTable, error) {
 	if len(stdioFDs) != 3 {
 		return nil, fmt.Errorf("stdioFDs should contain exactly 3 FDs (stdin, stdout, and stderr), but %d FDs received", len(stdioFDs))
 	}
 
 	k := kernel.KernelFromContext(ctx)
-	fdm := k.NewFDMap()
-	defer fdm.DecRef()
+	fdTable := k.NewFDTable()
+	defer fdTable.DecRef()
 	mounter := fs.FileOwnerFromContext(ctx)
 
-	// Maps sandbox FD to host FD.
-	fdMap := map[int]int{
-		0: stdioFDs[0],
-		1: stdioFDs[1],
-		2: stdioFDs[2],
-	}
-
 	var ttyFile *fs.File
-	for appFD, hostFD := range fdMap {
+	for appFD, hostFD := range stdioFDs {
 		var appFile *fs.File
 
 		if console && appFD < 3 {
@@ -80,11 +71,11 @@ func createFDMap(ctx context.Context, l *limits.LimitSet, console bool, stdioFDs
 		}
 
 		// Add the file to the FD map.
-		if err := fdm.NewFDAt(kdefs.FD(appFD), appFile, kernel.FDFlags{}, l); err != nil {
+		if err := fdTable.NewFDAt(ctx, int32(appFD), appFile, kernel.FDFlags{}); err != nil {
 			return nil, err
 		}
 	}
 
-	fdm.IncRef()
-	return fdm, nil
+	fdTable.IncRef()
+	return fdTable, nil
 }
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index e4ccb40d9..0ee5b8bbd 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -437,29 +437,6 @@ func hostInetFilters() seccomp.SyscallRules {
 	}
 }
 
-// ptraceFilters returns syscalls made exclusively by the ptrace platform.
-func ptraceFilters() seccomp.SyscallRules {
-	return seccomp.SyscallRules{
-		unix.SYS_GETCPU:            {},
-		unix.SYS_SCHED_SETAFFINITY: {},
-		syscall.SYS_PTRACE:         {},
-		syscall.SYS_TGKILL:         {},
-		syscall.SYS_WAIT4:          {},
-	}
-}
-
-// kvmFilters returns syscalls made exclusively by the KVM platform.
-func kvmFilters() seccomp.SyscallRules {
-	return seccomp.SyscallRules{
-		syscall.SYS_ARCH_PRCTL:      {},
-		syscall.SYS_IOCTL:           {},
-		syscall.SYS_MMAP:            {},
-		syscall.SYS_RT_SIGSUSPEND:   {},
-		syscall.SYS_RT_SIGTIMEDWAIT: {},
-		0xffffffffffffffff:          {}, // KVM uses syscall -1 to transition to host.
-	}
-}
-
 func controlServerFilters(fd int) seccomp.SyscallRules {
 	return seccomp.SyscallRules{
 		syscall.SYS_ACCEPT: []seccomp.Rule{
diff --git a/runsc/boot/filter/extra_filters_race.go b/runsc/boot/filter/extra_filters_race.go
index d5bee4453..9ff80276a 100644
--- a/runsc/boot/filter/extra_filters_race.go
+++ b/runsc/boot/filter/extra_filters_race.go
@@ -33,6 +33,7 @@ func instrumentationFilters() seccomp.SyscallRules {
 		syscall.SYS_MUNLOCK:         {},
 		syscall.SYS_NANOSLEEP:       {},
 		syscall.SYS_OPEN:            {},
+		syscall.SYS_OPENAT:          {},
 		syscall.SYS_SET_ROBUST_LIST: {},
 		// Used within glibc's malloc.
 		syscall.SYS_TIME: {},
diff --git a/runsc/boot/filter/filter.go b/runsc/boot/filter/filter.go
index 468481f29..e80c171b3 100644
--- a/runsc/boot/filter/filter.go
+++ b/runsc/boot/filter/filter.go
@@ -18,13 +18,9 @@
 package filter
 
 import (
-	"fmt"
-
 	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/seccomp"
 	"gvisor.dev/gvisor/pkg/sentry/platform"
-	"gvisor.dev/gvisor/pkg/sentry/platform/kvm"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ptrace"
 )
 
 // Options are seccomp filter related options.
@@ -53,14 +49,7 @@ func Install(opt Options) error {
 		s.Merge(profileFilters())
 	}
 
-	switch p := opt.Platform.(type) {
-	case *ptrace.PTrace:
-		s.Merge(ptraceFilters())
-	case *kvm.KVM:
-		s.Merge(kvmFilters())
-	default:
-		return fmt.Errorf("unknown platform type %T", p)
-	}
+	s.Merge(opt.Platform.SyscallFilters())
 
 	return seccomp.Install(s)
 }
diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go
index af52286a6..f9a6f2d3c 100644
--- a/runsc/boot/fs.go
+++ b/runsc/boot/fs.go
@@ -25,8 +25,10 @@ import (
 
 	// Include filesystem types that OCI spec might mount.
 	_ "gvisor.dev/gvisor/pkg/sentry/fs/dev"
+	"gvisor.dev/gvisor/pkg/sentry/fs/gofer"
 	_ "gvisor.dev/gvisor/pkg/sentry/fs/host"
 	_ "gvisor.dev/gvisor/pkg/sentry/fs/proc"
+	"gvisor.dev/gvisor/pkg/sentry/fs/ramfs"
 	_ "gvisor.dev/gvisor/pkg/sentry/fs/sys"
 	_ "gvisor.dev/gvisor/pkg/sentry/fs/tmpfs"
 	_ "gvisor.dev/gvisor/pkg/sentry/fs/tty"
@@ -36,8 +38,6 @@ import (
 	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/sentry/context"
 	"gvisor.dev/gvisor/pkg/sentry/fs"
-	"gvisor.dev/gvisor/pkg/sentry/fs/gofer"
-	"gvisor.dev/gvisor/pkg/sentry/fs/ramfs"
 	"gvisor.dev/gvisor/pkg/sentry/kernel"
 	"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
 	"gvisor.dev/gvisor/pkg/syserror"
@@ -85,19 +85,6 @@ func addOverlay(ctx context.Context, conf *Config, lower *fs.Inode, name string,
 	if err != nil {
 		return nil, fmt.Errorf("creating tmpfs overlay: %v", err)
 	}
-
-	// Replicate permissions and owner from lower to upper mount point.
-	attr, err := lower.UnstableAttr(ctx)
-	if err != nil {
-		return nil, fmt.Errorf("reading attributes from lower mount point: %v", err)
-	}
-	if !upper.InodeOperations.SetPermissions(ctx, upper, attr.Perms) {
-		return nil, fmt.Errorf("error setting permission to upper mount point")
-	}
-	if err := upper.InodeOperations.SetOwner(ctx, upper, attr.Owner); err != nil {
-		return nil, fmt.Errorf("setting owner to upper mount point: %v", err)
-	}
-
 	return fs.NewOverlayRoot(ctx, upper, lower, upperFlags)
 }
 
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index 41027416d..8e8c6105b 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -32,6 +32,7 @@ import (
 	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/memutil"
 	"gvisor.dev/gvisor/pkg/rand"
+	"gvisor.dev/gvisor/pkg/refs"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 	"gvisor.dev/gvisor/pkg/sentry/control"
 	"gvisor.dev/gvisor/pkg/sentry/fs/host"
@@ -41,8 +42,6 @@ import (
 	"gvisor.dev/gvisor/pkg/sentry/loader"
 	"gvisor.dev/gvisor/pkg/sentry/pgalloc"
 	"gvisor.dev/gvisor/pkg/sentry/platform"
-	"gvisor.dev/gvisor/pkg/sentry/platform/kvm"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ptrace"
 	"gvisor.dev/gvisor/pkg/sentry/sighandling"
 	slinux "gvisor.dev/gvisor/pkg/sentry/syscalls/linux"
 	"gvisor.dev/gvisor/pkg/sentry/time"
@@ -58,6 +57,7 @@ import (
 	"gvisor.dev/gvisor/pkg/tcpip/transport/tcp"
 	"gvisor.dev/gvisor/pkg/tcpip/transport/udp"
 	"gvisor.dev/gvisor/runsc/boot/filter"
+	_ "gvisor.dev/gvisor/runsc/boot/platforms" // register all platforms.
 	"gvisor.dev/gvisor/runsc/specutils"
 
 	// Include supported socket providers.
@@ -262,7 +262,7 @@ func New(args Args) (*Loader, error) {
 		// Adjust the total memory returned by the Sentry so that applications that
 		// use /proc/meminfo can make allocations based on this limit.
 		usage.MinimumTotalMemoryBytes = args.TotalMem
-		log.Infof("Setting total memory to %.2f GB", float64(args.TotalMem)/(2^30))
+		log.Infof("Setting total memory to %.2f GB", float64(args.TotalMem)/(1<<30))
 	}
 
 	// Initiate the Kernel object, which is required by the Context passed
@@ -415,19 +415,12 @@ func (l *Loader) Destroy() {
 }
 
 func createPlatform(conf *Config, deviceFile *os.File) (platform.Platform, error) {
-	switch conf.Platform {
-	case PlatformPtrace:
-		log.Infof("Platform: ptrace")
-		return ptrace.New()
-	case PlatformKVM:
-		log.Infof("Platform: kvm")
-		if deviceFile == nil {
-			return nil, fmt.Errorf("kvm device file must be provided")
-		}
-		return kvm.New(deviceFile)
-	default:
-		return nil, fmt.Errorf("invalid platform %v", conf.Platform)
+	p, err := platform.Lookup(conf.Platform)
+	if err != nil {
+		panic(fmt.Sprintf("invalid platform %v: %v", conf.Platform, err))
 	}
+	log.Infof("Platform: %s", conf.Platform)
+	return p.New(deviceFile)
 }
 
 func createMemoryFile() (*pgalloc.MemoryFile, error) {
@@ -516,13 +509,13 @@ func (l *Loader) run() error {
 		// Create the FD map, which will set stdin, stdout, and stderr.  If console
 		// is true, then ioctl calls will be passed through to the host fd.
 		ctx := l.rootProcArgs.NewContext(l.k)
-		fdm, err := createFDMap(ctx, l.rootProcArgs.Limits, l.console, l.stdioFDs)
+		fdTable, err := createFDTable(ctx, l.console, l.stdioFDs)
 		if err != nil {
 			return fmt.Errorf("importing fds: %v", err)
 		}
 		// CreateProcess takes a reference on FDMap if successful. We won't need
 		// ours either way.
-		l.rootProcArgs.FDMap = fdm
+		l.rootProcArgs.FDTable = fdTable
 
 		// cid for root container can be empty. Only subcontainers need it to set
 		// the mount location.
@@ -561,13 +554,13 @@ func (l *Loader) run() error {
 			return fmt.Errorf("creating init process: %v", err)
 		}
 
-		// CreateProcess takes a reference on FDMap if successful.
-		l.rootProcArgs.FDMap.DecRef()
+		// CreateProcess takes a reference on FDTable if successful.
+		l.rootProcArgs.FDTable.DecRef()
 	}
 
 	ep.tg = l.k.GlobalInit()
 	if l.console {
-		ttyFile := l.rootProcArgs.FDMap.GetFile(0)
+		ttyFile, _ := l.rootProcArgs.FDTable.Get(0)
 		defer ttyFile.DecRef()
 		ep.tty = ttyFile.FileOperations.(*host.TTYFileOperations)
 
@@ -647,13 +640,13 @@ func (l *Loader) startContainer(spec *specs.Spec, conf *Config, cid string, file
 
 	// Create the FD map, which will set stdin, stdout, and stderr.
 	ctx := procArgs.NewContext(l.k)
-	fdm, err := createFDMap(ctx, procArgs.Limits, false, stdioFDs)
+	fdTable, err := createFDTable(ctx, false, stdioFDs)
 	if err != nil {
 		return fmt.Errorf("importing fds: %v", err)
 	}
-	// CreateProcess takes a reference on FDMap if successful. We won't need ours
-	// either way.
-	procArgs.FDMap = fdm
+	// CreateProcess takes a reference on fdTable if successful. We won't
+	// need ours either way.
+	procArgs.FDTable = fdTable
 
 	// Can't take ownership away from os.File. dup them to get a new FDs.
 	var goferFDs []int
@@ -682,8 +675,8 @@ func (l *Loader) startContainer(spec *specs.Spec, conf *Config, cid string, file
 	}
 	l.k.StartProcess(tg)
 
-	// CreateProcess takes a reference on FDMap if successful.
-	procArgs.FDMap.DecRef()
+	// CreateProcess takes a reference on FDTable if successful.
+	procArgs.FDTable.DecRef()
 
 	l.processes[eid].tg = tg
 	return nil
@@ -1006,3 +999,8 @@ func (l *Loader) threadGroupFromIDLocked(key execID) (*kernel.ThreadGroup, *host
 	}
 	return ep.tg, ep.tty, nil
 }
+
+func init() {
+	// TODO(gvisor.dev/issue/365): Make this configurable.
+	refs.SetLeakMode(refs.NoLeakChecking)
+}
diff --git a/runsc/boot/platforms/platforms.go b/runsc/boot/platforms/platforms.go
new file mode 100644
index 000000000..056b46ad5
--- /dev/null
+++ b/runsc/boot/platforms/platforms.go
@@ -0,0 +1,30 @@
+// Copyright 2019 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package platforms imports all available platform packages.
+package platforms
+
+import (
+	// Import platforms that runsc might use.
+	_ "gvisor.dev/gvisor/pkg/sentry/platform/kvm"
+	_ "gvisor.dev/gvisor/pkg/sentry/platform/ptrace"
+)
+
+const (
+	// Ptrace runs the sandbox with the ptrace platform.
+	Ptrace = "ptrace"
+
+	// KVM runs the sandbox with the KVM platform.
+	KVM = "kvm"
+)
diff --git a/runsc/cmd/boot.go b/runsc/cmd/boot.go
index 272eb14d3..b40fded5b 100644
--- a/runsc/cmd/boot.go
+++ b/runsc/cmd/boot.go
@@ -26,6 +26,7 @@ import (
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/runsc/boot"
+	"gvisor.dev/gvisor/runsc/boot/platforms"
 	"gvisor.dev/gvisor/runsc/specutils"
 )
 
@@ -172,7 +173,7 @@ func (b *Boot) Execute(_ context.Context, f *flag.FlagSet, args ...interface{})
 		if caps == nil {
 			caps = &specs.LinuxCapabilities{}
 		}
-		if conf.Platform == boot.PlatformPtrace {
+		if conf.Platform == platforms.Ptrace {
 			// Ptrace platform requires extra capabilities.
 			const c = "CAP_SYS_PTRACE"
 			caps.Bounding = append(caps.Bounding, c)
diff --git a/runsc/main.go b/runsc/main.go
index 135061cd3..bc83c57a2 100644
--- a/runsc/main.go
+++ b/runsc/main.go
@@ -30,6 +30,7 @@ import (
 
 	"github.com/google/subcommands"
 	"gvisor.dev/gvisor/pkg/log"
+	"gvisor.dev/gvisor/pkg/sentry/platform"
 	"gvisor.dev/gvisor/runsc/boot"
 	"gvisor.dev/gvisor/runsc/cmd"
 	"gvisor.dev/gvisor/runsc/specutils"
@@ -61,7 +62,7 @@ var (
 	straceLogSize  = flag.Uint("strace-log-size", 1024, "default size (in bytes) to log data argument blobs")
 
 	// Flags that control sandbox runtime behavior.
-	platform           = flag.String("platform", "ptrace", "specifies which platform to use: ptrace (default), kvm")
+	platformName       = flag.String("platform", "ptrace", "specifies which platform to use: ptrace (default), kvm")
 	network            = flag.String("network", "sandbox", "specifies which network to use: sandbox (default), host, none. Using network inside the sandbox is more secure because it's isolated from the host network.")
 	gso                = flag.Bool("gso", true, "enable generic segmenation offload")
 	fileAccess         = flag.String("file-access", "exclusive", "specifies which filesystem to use for the root mount: exclusive (default), shared. Volume mounts are always shared.")
@@ -139,8 +140,8 @@ func main() {
 	}
 	cmd.ErrorLogger = errorLogger
 
-	platformType, err := boot.MakePlatformType(*platform)
-	if err != nil {
+	platformType := *platformName
+	if _, err := platform.Lookup(platformType); err != nil {
 		cmd.Fatalf("%v", err)
 	}
 
diff --git a/runsc/sandbox/sandbox.go b/runsc/sandbox/sandbox.go
index 6bebf0737..4a11f617d 100644
--- a/runsc/sandbox/sandbox.go
+++ b/runsc/sandbox/sandbox.go
@@ -32,9 +32,10 @@ import (
 	"gvisor.dev/gvisor/pkg/control/server"
 	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/sentry/control"
-	"gvisor.dev/gvisor/pkg/sentry/platform/kvm"
+	"gvisor.dev/gvisor/pkg/sentry/platform"
 	"gvisor.dev/gvisor/pkg/urpc"
 	"gvisor.dev/gvisor/runsc/boot"
+	"gvisor.dev/gvisor/runsc/boot/platforms"
 	"gvisor.dev/gvisor/runsc/cgroup"
 	"gvisor.dev/gvisor/runsc/console"
 	"gvisor.dev/gvisor/runsc/specutils"
@@ -491,7 +492,7 @@ func (s *Sandbox) createSandboxProcess(conf *boot.Config, args *Args, startSyncF
 		{Type: specs.UTSNamespace},
 	}
 
-	if conf.Platform == boot.PlatformPtrace {
+	if conf.Platform == platforms.Ptrace {
 		// TODO(b/75837838): Also set a new PID namespace so that we limit
 		// access to other host processes.
 		log.Infof("Sandbox will be started in the current PID namespace")
@@ -1046,19 +1047,15 @@ func (s *Sandbox) waitForStopped() error {
 
 // deviceFileForPlatform opens the device file for the given platform. If the
 // platform does not need a device file, then nil is returned.
-func deviceFileForPlatform(p boot.PlatformType) (*os.File, error) {
-	var (
-		f   *os.File
-		err error
-	)
-	switch p {
-	case boot.PlatformKVM:
-		f, err = kvm.OpenDevice()
-	default:
-		return nil, nil
+func deviceFileForPlatform(name string) (*os.File, error) {
+	p, err := platform.Lookup(name)
+	if err != nil {
+		return nil, err
 	}
+
+	f, err := p.OpenDevice()
 	if err != nil {
 		return nil, fmt.Errorf("opening device file for platform %q: %v", p, err)
 	}
-	return f, err
+	return f, nil
 }