summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--pkg/sentry/socket/netlink/netlink_state_autogen.go7
-rw-r--r--pkg/sentry/socket/netlink/socket.go12
-rw-r--r--pkg/sentry/socket/netstack/netstack.go18
-rw-r--r--pkg/sentry/socket/unix/transport/transport_state_autogen.go23
-rw-r--r--pkg/sentry/socket/unix/transport/unix.go26
-rw-r--r--pkg/sentry/socket/unix/unix.go3
-rw-r--r--pkg/sentry/socket/unix/unix_state_autogen.go3
-rw-r--r--pkg/tcpip/socketops.go42
-rw-r--r--pkg/tcpip/tcpip.go6
-rw-r--r--pkg/tcpip/tcpip_state_autogen.go3
-rw-r--r--pkg/tcpip/transport/icmp/endpoint.go1
-rw-r--r--pkg/tcpip/transport/raw/endpoint.go2
-rw-r--r--pkg/tcpip/transport/tcp/endpoint.go3
-rw-r--r--pkg/tcpip/transport/udp/endpoint.go2
14 files changed, 67 insertions, 84 deletions
diff --git a/pkg/sentry/socket/netlink/netlink_state_autogen.go b/pkg/sentry/socket/netlink/netlink_state_autogen.go
index 5c97816d0..307498c1c 100644
--- a/pkg/sentry/socket/netlink/netlink_state_autogen.go
+++ b/pkg/sentry/socket/netlink/netlink_state_autogen.go
@@ -44,7 +44,6 @@ func (s *socketOpsCommon) StateFields() []string {
"bound",
"portID",
"sendBufferSize",
- "passcred",
"filter",
}
}
@@ -62,8 +61,7 @@ func (s *socketOpsCommon) StateSave(stateSinkObject state.Sink) {
stateSinkObject.Save(6, &s.bound)
stateSinkObject.Save(7, &s.portID)
stateSinkObject.Save(8, &s.sendBufferSize)
- stateSinkObject.Save(9, &s.passcred)
- stateSinkObject.Save(10, &s.filter)
+ stateSinkObject.Save(9, &s.filter)
}
func (s *socketOpsCommon) afterLoad() {}
@@ -78,8 +76,7 @@ func (s *socketOpsCommon) StateLoad(stateSourceObject state.Source) {
stateSourceObject.Load(6, &s.bound)
stateSourceObject.Load(7, &s.portID)
stateSourceObject.Load(8, &s.sendBufferSize)
- stateSourceObject.Load(9, &s.passcred)
- stateSourceObject.Load(10, &s.filter)
+ stateSourceObject.Load(9, &s.filter)
}
func (k *kernelSCM) StateTypeName() string {
diff --git a/pkg/sentry/socket/netlink/socket.go b/pkg/sentry/socket/netlink/socket.go
index 3baad098b..057f4d294 100644
--- a/pkg/sentry/socket/netlink/socket.go
+++ b/pkg/sentry/socket/netlink/socket.go
@@ -120,9 +120,6 @@ type socketOpsCommon struct {
// fixed buffer but only consume this many bytes.
sendBufferSize uint32
- // passcred indicates if this socket wants SCM credentials.
- passcred bool
-
// filter indicates that this socket has a BPF filter "installed".
//
// TODO(gvisor.dev/issue/1119): We don't actually support filtering,
@@ -201,10 +198,7 @@ func (s *socketOpsCommon) EventUnregister(e *waiter.Entry) {
// Passcred implements transport.Credentialer.Passcred.
func (s *socketOpsCommon) Passcred() bool {
- s.mu.Lock()
- passcred := s.passcred
- s.mu.Unlock()
- return passcred
+ return s.ep.SocketOptions().GetPassCred()
}
// ConnectedPasscred implements transport.Credentialer.ConnectedPasscred.
@@ -419,9 +413,7 @@ func (s *socketOpsCommon) SetSockOpt(t *kernel.Task, level int, name int, opt []
}
passcred := usermem.ByteOrder.Uint32(opt)
- s.mu.Lock()
- s.passcred = passcred != 0
- s.mu.Unlock()
+ s.ep.SocketOptions().SetPassCred(passcred != 0)
return nil
case linux.SO_ATTACH_FILTER:
diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go
index 5afe77858..9c927efa0 100644
--- a/pkg/sentry/socket/netstack/netstack.go
+++ b/pkg/sentry/socket/netstack/netstack.go
@@ -260,10 +260,12 @@ type commonEndpoint interface {
// transport.Endpoint.GetSockOpt.
GetSockOptInt(opt tcpip.SockOptInt) (int, *tcpip.Error)
- // LastError implements tcpip.Endpoint.LastError.
+ // LastError implements tcpip.Endpoint.LastError and
+ // transport.Endpoint.LastError.
LastError() *tcpip.Error
- // SocketOptions implements tcpip.Endpoint.SocketOptions.
+ // SocketOptions implements tcpip.Endpoint.SocketOptions and
+ // transport.Endpoint.SocketOptions.
SocketOptions() *tcpip.SocketOptions
}
@@ -1068,13 +1070,8 @@ func getSockOptSocket(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, fam
return nil, syserr.ErrInvalidArgument
}
- v, err := ep.GetSockOptBool(tcpip.PasscredOption)
- if err != nil {
- return nil, syserr.TranslateNetstackError(err)
- }
-
- vP := primitive.Int32(boolToInt32(v))
- return &vP, nil
+ v := primitive.Int32(boolToInt32(ep.SocketOptions().GetPassCred()))
+ return &v, nil
case linux.SO_SNDBUF:
if outLen < sizeOfInt32 {
@@ -1923,7 +1920,8 @@ func setSockOptSocket(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, nam
}
v := usermem.ByteOrder.Uint32(optVal)
- return syserr.TranslateNetstackError(ep.SetSockOptBool(tcpip.PasscredOption, v != 0))
+ ep.SocketOptions().SetPassCred(v != 0)
+ return nil
case linux.SO_KEEPALIVE:
if len(optVal) < sizeOfInt32 {
diff --git a/pkg/sentry/socket/unix/transport/transport_state_autogen.go b/pkg/sentry/socket/unix/transport/transport_state_autogen.go
index e20168bb3..4235ff488 100644
--- a/pkg/sentry/socket/unix/transport/transport_state_autogen.go
+++ b/pkg/sentry/socket/unix/transport/transport_state_autogen.go
@@ -329,7 +329,6 @@ func (e *baseEndpoint) StateTypeName() string {
func (e *baseEndpoint) StateFields() []string {
return []string{
"Queue",
- "passcred",
"receiver",
"connected",
"path",
@@ -343,24 +342,22 @@ func (e *baseEndpoint) beforeSave() {}
func (e *baseEndpoint) StateSave(stateSinkObject state.Sink) {
e.beforeSave()
stateSinkObject.Save(0, &e.Queue)
- stateSinkObject.Save(1, &e.passcred)
- stateSinkObject.Save(2, &e.receiver)
- stateSinkObject.Save(3, &e.connected)
- stateSinkObject.Save(4, &e.path)
- stateSinkObject.Save(5, &e.linger)
- stateSinkObject.Save(6, &e.ops)
+ stateSinkObject.Save(1, &e.receiver)
+ stateSinkObject.Save(2, &e.connected)
+ stateSinkObject.Save(3, &e.path)
+ stateSinkObject.Save(4, &e.linger)
+ stateSinkObject.Save(5, &e.ops)
}
func (e *baseEndpoint) afterLoad() {}
func (e *baseEndpoint) StateLoad(stateSourceObject state.Source) {
stateSourceObject.Load(0, &e.Queue)
- stateSourceObject.Load(1, &e.passcred)
- stateSourceObject.Load(2, &e.receiver)
- stateSourceObject.Load(3, &e.connected)
- stateSourceObject.Load(4, &e.path)
- stateSourceObject.Load(5, &e.linger)
- stateSourceObject.Load(6, &e.ops)
+ stateSourceObject.Load(1, &e.receiver)
+ stateSourceObject.Load(2, &e.connected)
+ stateSourceObject.Load(3, &e.path)
+ stateSourceObject.Load(4, &e.linger)
+ stateSourceObject.Load(5, &e.ops)
}
func init() {
diff --git a/pkg/sentry/socket/unix/transport/unix.go b/pkg/sentry/socket/unix/transport/unix.go
index 18a50e9f8..0324dcd93 100644
--- a/pkg/sentry/socket/unix/transport/unix.go
+++ b/pkg/sentry/socket/unix/transport/unix.go
@@ -16,8 +16,6 @@
package transport
import (
- "sync/atomic"
-
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/log"
@@ -203,10 +201,11 @@ type Endpoint interface {
// procfs.
State() uint32
- // LastError implements tcpip.Endpoint.LastError.
+ // LastError clears and returns the last error reported by the endpoint.
LastError() *tcpip.Error
- // SocketOptions implements tcpip.Endpoint.SocketOptions.
+ // SocketOptions returns the structure which contains all the socket
+ // level options.
SocketOptions() *tcpip.SocketOptions
}
@@ -740,10 +739,6 @@ func (e *connectedEndpoint) CloseUnread() {
type baseEndpoint struct {
*waiter.Queue
- // passcred specifies whether SCM_CREDENTIALS socket control messages are
- // enabled on this endpoint. Must be accessed atomically.
- passcred int32
-
// Mutex protects the below fields.
sync.Mutex `state:"nosave"`
@@ -786,7 +781,7 @@ func (e *baseEndpoint) EventUnregister(we *waiter.Entry) {
// Passcred implements Credentialer.Passcred.
func (e *baseEndpoint) Passcred() bool {
- return atomic.LoadInt32(&e.passcred) != 0
+ return e.SocketOptions().GetPassCred()
}
// ConnectedPasscred implements Credentialer.ConnectedPasscred.
@@ -796,14 +791,6 @@ func (e *baseEndpoint) ConnectedPasscred() bool {
return e.connected != nil && e.connected.Passcred()
}
-func (e *baseEndpoint) setPasscred(pc bool) {
- if pc {
- atomic.StoreInt32(&e.passcred, 1)
- } else {
- atomic.StoreInt32(&e.passcred, 0)
- }
-}
-
// Connected implements ConnectingEndpoint.Connected.
func (e *baseEndpoint) Connected() bool {
return e.receiver != nil && e.connected != nil
@@ -870,8 +857,6 @@ func (e *baseEndpoint) SetSockOpt(opt tcpip.SettableSocketOption) *tcpip.Error {
func (e *baseEndpoint) SetSockOptBool(opt tcpip.SockOptBool, v bool) *tcpip.Error {
switch opt {
- case tcpip.PasscredOption:
- e.setPasscred(v)
case tcpip.ReuseAddressOption:
default:
log.Warningf("Unsupported socket option: %d", opt)
@@ -894,9 +879,6 @@ func (e *baseEndpoint) GetSockOptBool(opt tcpip.SockOptBool) (bool, *tcpip.Error
case tcpip.KeepaliveEnabledOption, tcpip.AcceptConnOption:
return false, nil
- case tcpip.PasscredOption:
- return e.Passcred(), nil
-
default:
log.Warningf("Unsupported socket option: %d", opt)
return false, tcpip.ErrUnknownProtocolOption
diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go
index 3e520d2ee..b32bb7ba8 100644
--- a/pkg/sentry/socket/unix/unix.go
+++ b/pkg/sentry/socket/unix/unix.go
@@ -115,9 +115,6 @@ type socketOpsCommon struct {
// bound, they cannot be modified.
abstractName string
abstractNamespace *kernel.AbstractSocketNamespace
-
- // ops is used to get socket level options.
- ops tcpip.SocketOptions
}
func (s *socketOpsCommon) isPacket() bool {
diff --git a/pkg/sentry/socket/unix/unix_state_autogen.go b/pkg/sentry/socket/unix/unix_state_autogen.go
index 9e9055b79..fba990d9a 100644
--- a/pkg/sentry/socket/unix/unix_state_autogen.go
+++ b/pkg/sentry/socket/unix/unix_state_autogen.go
@@ -87,7 +87,6 @@ func (s *socketOpsCommon) StateFields() []string {
"stype",
"abstractName",
"abstractNamespace",
- "ops",
}
}
@@ -100,7 +99,6 @@ func (s *socketOpsCommon) StateSave(stateSinkObject state.Sink) {
stateSinkObject.Save(2, &s.stype)
stateSinkObject.Save(3, &s.abstractName)
stateSinkObject.Save(4, &s.abstractNamespace)
- stateSinkObject.Save(5, &s.ops)
}
func (s *socketOpsCommon) afterLoad() {}
@@ -111,7 +109,6 @@ func (s *socketOpsCommon) StateLoad(stateSourceObject state.Source) {
stateSourceObject.Load(2, &s.stype)
stateSourceObject.Load(3, &s.abstractName)
stateSourceObject.Load(4, &s.abstractNamespace)
- stateSourceObject.Load(5, &s.ops)
}
func (s *SocketVFS2) StateTypeName() string {
diff --git a/pkg/tcpip/socketops.go b/pkg/tcpip/socketops.go
index 2a6c7c7c0..e1b0d6354 100644
--- a/pkg/tcpip/socketops.go
+++ b/pkg/tcpip/socketops.go
@@ -15,31 +15,49 @@
package tcpip
import (
- "gvisor.dev/gvisor/pkg/sync"
+ "sync/atomic"
)
-// SocketOptions contains all the variables which store values for socket
+// SocketOptions contains all the variables which store values for SOL_SOCKET
// level options.
//
// +stateify savable
type SocketOptions struct {
- // mu protects fields below.
- mu sync.Mutex `state:"nosave"`
- broadcastEnabled bool
+ // These fields are accessed and modified using atomic operations.
+
+ // broadcastEnabled determines whether datagram sockets are allowed to send
+ // packets to a broadcast address.
+ broadcastEnabled uint32
+
+ // passCredEnabled determines whether SCM_CREDENTIALS socket control messages
+ // are enabled.
+ passCredEnabled uint32
+}
+
+func storeAtomicBool(addr *uint32, v bool) {
+ var val uint32
+ if v {
+ val = 1
+ }
+ atomic.StoreUint32(addr, val)
}
// GetBroadcast gets value for SO_BROADCAST option.
func (so *SocketOptions) GetBroadcast() bool {
- so.mu.Lock()
- defer so.mu.Unlock()
-
- return so.broadcastEnabled
+ return atomic.LoadUint32(&so.broadcastEnabled) != 0
}
// SetBroadcast sets value for SO_BROADCAST option.
func (so *SocketOptions) SetBroadcast(v bool) {
- so.mu.Lock()
- defer so.mu.Unlock()
+ storeAtomicBool(&so.broadcastEnabled, v)
+}
+
+// GetPassCred gets value for SO_PASSCRED option.
+func (so *SocketOptions) GetPassCred() bool {
+ return atomic.LoadUint32(&so.passCredEnabled) != 0
+}
- so.broadcastEnabled = v
+// SetPassCred sets value for SO_PASSCRED option.
+func (so *SocketOptions) SetPassCred(v bool) {
+ storeAtomicBool(&so.passCredEnabled, v)
}
diff --git a/pkg/tcpip/tcpip.go b/pkg/tcpip/tcpip.go
index f9e83dd1c..09361360f 100644
--- a/pkg/tcpip/tcpip.go
+++ b/pkg/tcpip/tcpip.go
@@ -721,12 +721,6 @@ const (
// whether UDP checksum is disabled for this socket.
NoChecksumOption
- // PasscredOption is used by SetSockOptBool/GetSockOptBool to specify
- // whether SCM_CREDENTIALS socket control messages are enabled.
- //
- // Only supported on Unix sockets.
- PasscredOption
-
// QuickAckOption is stubbed out in SetSockOptBool/GetSockOptBool.
QuickAckOption
diff --git a/pkg/tcpip/tcpip_state_autogen.go b/pkg/tcpip/tcpip_state_autogen.go
index 09aeb0f74..66cad60db 100644
--- a/pkg/tcpip/tcpip_state_autogen.go
+++ b/pkg/tcpip/tcpip_state_autogen.go
@@ -13,6 +13,7 @@ func (so *SocketOptions) StateTypeName() string {
func (so *SocketOptions) StateFields() []string {
return []string{
"broadcastEnabled",
+ "passCredEnabled",
}
}
@@ -21,12 +22,14 @@ func (so *SocketOptions) beforeSave() {}
func (so *SocketOptions) StateSave(stateSinkObject state.Sink) {
so.beforeSave()
stateSinkObject.Save(0, &so.broadcastEnabled)
+ stateSinkObject.Save(1, &so.passCredEnabled)
}
func (so *SocketOptions) afterLoad() {}
func (so *SocketOptions) StateLoad(stateSourceObject state.Source) {
stateSourceObject.Load(0, &so.broadcastEnabled)
+ stateSourceObject.Load(1, &so.passCredEnabled)
}
func (f *FullAddress) StateTypeName() string {
diff --git a/pkg/tcpip/transport/icmp/endpoint.go b/pkg/tcpip/transport/icmp/endpoint.go
index 440cb0352..fe6514bcd 100644
--- a/pkg/tcpip/transport/icmp/endpoint.go
+++ b/pkg/tcpip/transport/icmp/endpoint.go
@@ -857,6 +857,7 @@ func (*endpoint) LastError() *tcpip.Error {
return nil
}
+// SocketOptions implements tcpip.Endpoint.SocketOptions.
func (e *endpoint) SocketOptions() *tcpip.SocketOptions {
return &e.ops
}
diff --git a/pkg/tcpip/transport/raw/endpoint.go b/pkg/tcpip/transport/raw/endpoint.go
index 4ae1f92ab..0a1e1fbb3 100644
--- a/pkg/tcpip/transport/raw/endpoint.go
+++ b/pkg/tcpip/transport/raw/endpoint.go
@@ -756,10 +756,12 @@ func (e *endpoint) Stats() tcpip.EndpointStats {
// Wait implements stack.TransportEndpoint.Wait.
func (*endpoint) Wait() {}
+// LastError implements tcpip.Endpoint.LastError.
func (*endpoint) LastError() *tcpip.Error {
return nil
}
+// SocketOptions implements tcpip.Endpoint.SocketOptions.
func (e *endpoint) SocketOptions() *tcpip.SocketOptions {
return &e.ops
}
diff --git a/pkg/tcpip/transport/tcp/endpoint.go b/pkg/tcpip/transport/tcp/endpoint.go
index 173cd28ec..36b915510 100644
--- a/pkg/tcpip/transport/tcp/endpoint.go
+++ b/pkg/tcpip/transport/tcp/endpoint.go
@@ -1279,6 +1279,7 @@ func (e *endpoint) ModerateRecvBuf(copied int) {
e.rcvListMu.Unlock()
}
+// SetOwner implements tcpip.Endpoint.SetOwner.
func (e *endpoint) SetOwner(owner tcpip.PacketOwner) {
e.owner = owner
}
@@ -1299,6 +1300,7 @@ func (e *endpoint) lastErrorLocked() *tcpip.Error {
return err
}
+// LastError implements tcpip.Endpoint.LastError.
func (e *endpoint) LastError() *tcpip.Error {
e.LockUser()
defer e.UnlockUser()
@@ -3213,6 +3215,7 @@ func (e *endpoint) Wait() {
}
}
+// SocketOptions implements tcpip.Endpoint.SocketOptions.
func (e *endpoint) SocketOptions() *tcpip.SocketOptions {
return &e.ops
}
diff --git a/pkg/tcpip/transport/udp/endpoint.go b/pkg/tcpip/transport/udp/endpoint.go
index 835dcc54e..81601f559 100644
--- a/pkg/tcpip/transport/udp/endpoint.go
+++ b/pkg/tcpip/transport/udp/endpoint.go
@@ -1535,10 +1535,12 @@ func isBroadcastOrMulticast(a tcpip.Address) bool {
return a == header.IPv4Broadcast || header.IsV4MulticastAddress(a) || header.IsV6MulticastAddress(a)
}
+// SetOwner implements tcpip.Endpoint.SetOwner.
func (e *endpoint) SetOwner(owner tcpip.PacketOwner) {
e.owner = owner
}
+// SocketOptions implements tcpip.Endpoint.SocketOptions.
func (e *endpoint) SocketOptions() *tcpip.SocketOptions {
return &e.ops
}