diff options
Diffstat (limited to 'pkg/sentry/fs/host')
-rw-r--r-- | pkg/sentry/fs/host/BUILD | 2 | ||||
-rw-r--r-- | pkg/sentry/fs/host/control.go | 9 | ||||
-rw-r--r-- | pkg/sentry/fs/host/descriptor.go | 12 | ||||
-rw-r--r-- | pkg/sentry/fs/host/descriptor_test.go | 6 | ||||
-rw-r--r-- | pkg/sentry/fs/host/file.go | 32 | ||||
-rw-r--r-- | pkg/sentry/fs/host/inode.go | 23 | ||||
-rw-r--r-- | pkg/sentry/fs/host/inode_state.go | 6 | ||||
-rw-r--r-- | pkg/sentry/fs/host/inode_test.go | 10 | ||||
-rw-r--r-- | pkg/sentry/fs/host/ioctl_unsafe.go | 10 | ||||
-rw-r--r-- | pkg/sentry/fs/host/socket.go | 18 | ||||
-rw-r--r-- | pkg/sentry/fs/host/socket_iovec.go | 11 | ||||
-rw-r--r-- | pkg/sentry/fs/host/socket_state.go | 4 | ||||
-rw-r--r-- | pkg/sentry/fs/host/socket_test.go | 30 | ||||
-rw-r--r-- | pkg/sentry/fs/host/socket_unsafe.go | 17 | ||||
-rw-r--r-- | pkg/sentry/fs/host/util.go | 28 | ||||
-rw-r--r-- | pkg/sentry/fs/host/util_amd64_unsafe.go | 13 | ||||
-rw-r--r-- | pkg/sentry/fs/host/util_arm64_unsafe.go | 13 | ||||
-rw-r--r-- | pkg/sentry/fs/host/util_unsafe.go | 20 | ||||
-rw-r--r-- | pkg/sentry/fs/host/wait_test.go | 10 |
19 files changed, 138 insertions, 136 deletions
diff --git a/pkg/sentry/fs/host/BUILD b/pkg/sentry/fs/host/BUILD index 1368014c4..3c45f6cc5 100644 --- a/pkg/sentry/fs/host/BUILD +++ b/pkg/sentry/fs/host/BUILD @@ -56,6 +56,7 @@ go_library( "//pkg/unet", "//pkg/usermem", "//pkg/waiter", + "@org_golang_x_sys//unix:go_default_library", ], ) @@ -80,5 +81,6 @@ go_test( "//pkg/tcpip", "//pkg/usermem", "//pkg/waiter", + "@org_golang_x_sys//unix:go_default_library", ], ) diff --git a/pkg/sentry/fs/host/control.go b/pkg/sentry/fs/host/control.go index 0d8d36afa..e53998be1 100644 --- a/pkg/sentry/fs/host/control.go +++ b/pkg/sentry/fs/host/control.go @@ -15,8 +15,7 @@ package host import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/sentry/fs" "gvisor.dev/gvisor/pkg/sentry/socket/control" @@ -59,7 +58,7 @@ func (c *scmRights) Clone() transport.RightsControlMessage { // Release implements transport.RightsControlMessage.Release. func (c *scmRights) Release(ctx context.Context) { for _, fd := range c.fds { - syscall.Close(fd) + unix.Close(fd) } c.fds = nil } @@ -71,7 +70,7 @@ func fdsToFiles(ctx context.Context, fds []int) []*fs.File { for _, fd := range fds { // Get flags. We do it here because they may be modified // by subsequent functions. - fileFlags, _, errno := syscall.Syscall(syscall.SYS_FCNTL, uintptr(fd), syscall.F_GETFL, 0) + fileFlags, _, errno := unix.Syscall(unix.SYS_FCNTL, uintptr(fd), unix.F_GETFL, 0) if errno != 0 { ctx.Warningf("Error retrieving host FD flags: %v", error(errno)) break @@ -86,7 +85,7 @@ func fdsToFiles(ctx context.Context, fds []int) []*fs.File { // Set known flags. file.SetFlags(fs.SettableFileFlags{ - NonBlocking: fileFlags&syscall.O_NONBLOCK != 0, + NonBlocking: fileFlags&unix.O_NONBLOCK != 0, }) files = append(files, file) diff --git a/pkg/sentry/fs/host/descriptor.go b/pkg/sentry/fs/host/descriptor.go index cfdce6a74..5667b94a1 100644 --- a/pkg/sentry/fs/host/descriptor.go +++ b/pkg/sentry/fs/host/descriptor.go @@ -16,8 +16,8 @@ package host import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/fdnotifier" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/waiter" @@ -48,14 +48,14 @@ func newDescriptor(fd int, saveable bool, wouldBlock bool, queue *waiter.Queue) origFD := -1 if saveable { var err error - ownedFD, err = syscall.Dup(fd) + ownedFD, err = unix.Dup(fd) if err != nil { return nil, err } origFD = fd } if wouldBlock { - if err := syscall.SetNonblock(ownedFD, true); err != nil { + if err := unix.SetNonblock(ownedFD, true); err != nil { return nil, err } if err := fdnotifier.AddFD(int32(ownedFD), queue); err != nil { @@ -72,12 +72,12 @@ func newDescriptor(fd int, saveable bool, wouldBlock bool, queue *waiter.Queue) // initAfterLoad initializes the value of the descriptor after Load. func (d *descriptor) initAfterLoad(id uint64, queue *waiter.Queue) error { var err error - d.value, err = syscall.Dup(d.origFD) + d.value, err = unix.Dup(d.origFD) if err != nil { return fmt.Errorf("failed to dup restored fd %d: %v", d.origFD, err) } if d.wouldBlock { - if err := syscall.SetNonblock(d.value, true); err != nil { + if err := unix.SetNonblock(d.value, true); err != nil { return err } if err := fdnotifier.AddFD(int32(d.value), queue); err != nil { @@ -92,7 +92,7 @@ func (d *descriptor) Release() { if d.wouldBlock { fdnotifier.RemoveFD(int32(d.value)) } - if err := syscall.Close(d.value); err != nil { + if err := unix.Close(d.value); err != nil { log.Warningf("error closing fd %d: %v", d.value, err) } d.value = -1 diff --git a/pkg/sentry/fs/host/descriptor_test.go b/pkg/sentry/fs/host/descriptor_test.go index d8e4605b6..cb809ab2d 100644 --- a/pkg/sentry/fs/host/descriptor_test.go +++ b/pkg/sentry/fs/host/descriptor_test.go @@ -17,9 +17,9 @@ package host import ( "io/ioutil" "path/filepath" - "syscall" "testing" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/fdnotifier" "gvisor.dev/gvisor/pkg/waiter" ) @@ -40,7 +40,7 @@ func TestDescriptorRelease(t *testing.T) { t.Fatal("ioutil.TempDir() failed:", err) } - fd, err := syscall.Open(filepath.Join(dir, "file"), syscall.O_RDWR|syscall.O_CREAT, 0666) + fd, err := unix.Open(filepath.Join(dir, "file"), unix.O_RDWR|unix.O_CREAT, 0666) if err != nil { t.Fatal("failed to open temp file:", err) } @@ -49,7 +49,7 @@ func TestDescriptorRelease(t *testing.T) { queue := &waiter.Queue{} d, err := newDescriptor(fd, tc.saveable, tc.wouldBlock, queue) if err != nil { - syscall.Close(fd) + unix.Close(fd) t.Fatalf("newDescriptor(%d, %t, %t, queue) failed, err: %v", fd, tc.saveable, tc.wouldBlock, err) } if tc.saveable { diff --git a/pkg/sentry/fs/host/file.go b/pkg/sentry/fs/host/file.go index fd4e057d8..07bd078b7 100644 --- a/pkg/sentry/fs/host/file.go +++ b/pkg/sentry/fs/host/file.go @@ -16,8 +16,8 @@ package host import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fd" "gvisor.dev/gvisor/pkg/fdnotifier" @@ -78,16 +78,16 @@ func ImportFile(ctx context.Context, fd int, isTTY bool) (*fs.File, error) { // newFileFromDonatedFD returns an fs.File from a donated FD. If the FD is // saveable, then saveable is true. func newFileFromDonatedFD(ctx context.Context, donated int, saveable, isTTY bool) (*fs.File, error) { - var s syscall.Stat_t - if err := syscall.Fstat(donated, &s); err != nil { + var s unix.Stat_t + if err := unix.Fstat(donated, &s); err != nil { return nil, err } flags, err := fileFlagsFromDonatedFD(donated) if err != nil { return nil, err } - switch s.Mode & syscall.S_IFMT { - case syscall.S_IFSOCK: + switch s.Mode & unix.S_IFMT { + case unix.S_IFSOCK: if isTTY { return nil, fmt.Errorf("cannot import host socket as TTY") } @@ -121,19 +121,19 @@ func newFileFromDonatedFD(ctx context.Context, donated int, saveable, isTTY bool } func fileFlagsFromDonatedFD(donated int) (fs.FileFlags, error) { - flags, _, errno := syscall.Syscall(syscall.SYS_FCNTL, uintptr(donated), syscall.F_GETFL, 0) + flags, _, errno := unix.Syscall(unix.SYS_FCNTL, uintptr(donated), unix.F_GETFL, 0) if errno != 0 { log.Warningf("Failed to get file flags for donated FD %d (errno=%d)", donated, errno) - return fs.FileFlags{}, syscall.EIO + return fs.FileFlags{}, unix.EIO } - accmode := flags & syscall.O_ACCMODE + accmode := flags & unix.O_ACCMODE return fs.FileFlags{ - Direct: flags&syscall.O_DIRECT != 0, - NonBlocking: flags&syscall.O_NONBLOCK != 0, - Sync: flags&syscall.O_SYNC != 0, - Append: flags&syscall.O_APPEND != 0, - Read: accmode == syscall.O_RDONLY || accmode == syscall.O_RDWR, - Write: accmode == syscall.O_WRONLY || accmode == syscall.O_RDWR, + Direct: flags&unix.O_DIRECT != 0, + NonBlocking: flags&unix.O_NONBLOCK != 0, + Sync: flags&unix.O_SYNC != 0, + Append: flags&unix.O_APPEND != 0, + Read: accmode == unix.O_RDONLY || accmode == unix.O_RDWR, + Write: accmode == unix.O_WRONLY || accmode == unix.O_RDWR, }, nil } @@ -182,7 +182,7 @@ func (f *fileOperations) Readdir(ctx context.Context, file *fs.File, serializer func (f *fileOperations) IterateDir(ctx context.Context, d *fs.Dirent, dirCtx *fs.DirCtx, offset int) (int, error) { // We only support non-directory file descriptors that have been // imported, so just claim that this isn't a directory, even if it is. - return offset, syscall.ENOTDIR + return offset, unix.ENOTDIR } // Write implements fs.FileOperations.Write. @@ -252,7 +252,7 @@ func (f *fileOperations) Fsync(ctx context.Context, file *fs.File, start int64, } fallthrough case fs.SyncBackingStorage: - return syscall.Fsync(f.iops.fileState.FD()) + return unix.Fsync(f.iops.fileState.FD()) } panic("invalid sync type") } diff --git a/pkg/sentry/fs/host/inode.go b/pkg/sentry/fs/host/inode.go index df4b265fa..e299b532c 100644 --- a/pkg/sentry/fs/host/inode.go +++ b/pkg/sentry/fs/host/inode.go @@ -15,8 +15,7 @@ package host import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fd" "gvisor.dev/gvisor/pkg/safemem" @@ -117,12 +116,12 @@ func (i *inodeFileState) SetMaskedAttributes(ctx context.Context, mask fs.AttrMa return syserror.EPERM } if mask.Perms { - if err := syscall.Fchmod(i.FD(), uint32(attr.Perms.LinuxMode())); err != nil { + if err := unix.Fchmod(i.FD(), uint32(attr.Perms.LinuxMode())); err != nil { return err } } if mask.Size { - if err := syscall.Ftruncate(i.FD(), attr.Size); err != nil { + if err := unix.Ftruncate(i.FD(), attr.Size); err != nil { return err } } @@ -142,7 +141,7 @@ func (i *inodeFileState) SetMaskedAttributes(ctx context.Context, mask fs.AttrMa // Sync implements fsutil.CachedFileObject.Sync. func (i *inodeFileState) Sync(ctx context.Context) error { - return syscall.Fsync(i.FD()) + return unix.Fsync(i.FD()) } // FD implements fsutil.CachedFileObject.FD. @@ -151,8 +150,8 @@ func (i *inodeFileState) FD() int { } func (i *inodeFileState) unstableAttr(ctx context.Context) (fs.UnstableAttr, error) { - var s syscall.Stat_t - if err := syscall.Fstat(i.FD(), &s); err != nil { + var s unix.Stat_t + if err := unix.Fstat(i.FD(), &s); err != nil { return fs.UnstableAttr{}, err } return unstableAttr(&s), nil @@ -160,7 +159,7 @@ func (i *inodeFileState) unstableAttr(ctx context.Context) (fs.UnstableAttr, err // Allocate implements fsutil.CachedFileObject.Allocate. func (i *inodeFileState) Allocate(_ context.Context, offset, length int64) error { - return syscall.Fallocate(i.FD(), 0, offset, length) + return unix.Fallocate(i.FD(), 0, offset, length) } // inodeOperations implements fs.InodeOperations. @@ -169,8 +168,8 @@ var _ fs.InodeOperations = (*inodeOperations)(nil) // newInode returns a new fs.Inode backed by the host FD. func newInode(ctx context.Context, msrc *fs.MountSource, fd int, saveable bool) (*fs.Inode, error) { // Retrieve metadata. - var s syscall.Stat_t - err := syscall.Fstat(fd, &s) + var s unix.Stat_t + err := unix.Fstat(fd, &s) if err != nil { return nil, err } @@ -324,7 +323,7 @@ func (i *inodeOperations) SetPermissions(ctx context.Context, inode *fs.Inode, f // Then just change the timestamps on the FD, the host // will synchronize the metadata update with any host // inode and page cache. - return syscall.Fchmod(i.fileState.FD(), uint32(f.LinuxMode())) == nil + return unix.Fchmod(i.fileState.FD(), uint32(f.LinuxMode())) == nil } // Otherwise update our cached metadata. return i.cachingInodeOps.SetPermissions(ctx, inode, f) @@ -350,7 +349,7 @@ func (i *inodeOperations) Truncate(ctx context.Context, inode *fs.Inode, size in // Then just change the file size on the FD, the host // will synchronize the metadata update with any host // inode and page cache. - return syscall.Ftruncate(i.fileState.FD(), size) + return unix.Ftruncate(i.fileState.FD(), size) } // Otherwise we need to go through cachingInodeOps, even if the host page // cache is in use, to invalidate private copies of truncated pages. diff --git a/pkg/sentry/fs/host/inode_state.go b/pkg/sentry/fs/host/inode_state.go index 1adbd4562..03531b7e7 100644 --- a/pkg/sentry/fs/host/inode_state.go +++ b/pkg/sentry/fs/host/inode_state.go @@ -16,8 +16,8 @@ package host import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/sentry/device" "gvisor.dev/gvisor/pkg/sentry/fs" ) @@ -30,8 +30,8 @@ func (i *inodeFileState) afterLoad() { } // Remap the inode number. - var s syscall.Stat_t - if err := syscall.Fstat(i.FD(), &s); err != nil { + var s unix.Stat_t + if err := unix.Fstat(i.FD(), &s); err != nil { panic(fs.ErrCorruption{fmt.Errorf("failed to get metadata for fd %d: %v", i.FD(), err)}) } key := device.MultiDeviceKey{ diff --git a/pkg/sentry/fs/host/inode_test.go b/pkg/sentry/fs/host/inode_test.go index 41a23b5da..11738871b 100644 --- a/pkg/sentry/fs/host/inode_test.go +++ b/pkg/sentry/fs/host/inode_test.go @@ -15,20 +15,20 @@ package host import ( - "syscall" "testing" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/sentry/contexttest" ) // TestCloseFD verifies fds will be closed. func TestCloseFD(t *testing.T) { var p [2]int - if err := syscall.Pipe(p[0:]); err != nil { + if err := unix.Pipe(p[0:]); err != nil { t.Fatalf("Failed to create pipe %v", err) } - defer syscall.Close(p[0]) - defer syscall.Close(p[1]) + defer unix.Close(p[0]) + defer unix.Close(p[1]) // Use the write-end because we will detect if it's closed on the read end. ctx := contexttest.Context(t) @@ -39,7 +39,7 @@ func TestCloseFD(t *testing.T) { file.DecRef(ctx) s := make([]byte, 10) - if c, err := syscall.Read(p[0], s); c != 0 || err != nil { + if c, err := unix.Read(p[0], s); c != 0 || err != nil { t.Errorf("want 0, nil (EOF) from read end, got %v, %v", c, err) } } diff --git a/pkg/sentry/fs/host/ioctl_unsafe.go b/pkg/sentry/fs/host/ioctl_unsafe.go index 150ac8e19..303ea4d9b 100644 --- a/pkg/sentry/fs/host/ioctl_unsafe.go +++ b/pkg/sentry/fs/host/ioctl_unsafe.go @@ -15,9 +15,9 @@ package host import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" ) @@ -25,7 +25,7 @@ import ( func ioctlGetTermios(fd int) (*linux.Termios, error) { var t linux.Termios - _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t))) + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t))) if errno != 0 { return nil, errno } @@ -33,7 +33,7 @@ func ioctlGetTermios(fd int) (*linux.Termios, error) { } func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error { - _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t))) + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t))) if errno != 0 { return errno } @@ -42,7 +42,7 @@ func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error { func ioctlGetWinsize(fd int) (*linux.Winsize, error) { var w linux.Winsize - _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w))) + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w))) if errno != 0 { return nil, errno } @@ -50,7 +50,7 @@ func ioctlGetWinsize(fd int) (*linux.Winsize, error) { } func ioctlSetWinsize(fd int, w *linux.Winsize) error { - _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w))) + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w))) if errno != 0 { return errno } diff --git a/pkg/sentry/fs/host/socket.go b/pkg/sentry/fs/host/socket.go index 2b58fc52c..f2d96d1ec 100644 --- a/pkg/sentry/fs/host/socket.go +++ b/pkg/sentry/fs/host/socket.go @@ -17,8 +17,8 @@ package host import ( "fmt" "sync/atomic" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/context" "gvisor.dev/gvisor/pkg/fd" @@ -75,26 +75,26 @@ type ConnectedEndpoint struct { // init performs initialization required for creating new ConnectedEndpoints and // for restoring them. func (c *ConnectedEndpoint) init() *syserr.Error { - family, err := syscall.GetsockoptInt(c.file.FD(), syscall.SOL_SOCKET, syscall.SO_DOMAIN) + family, err := unix.GetsockoptInt(c.file.FD(), unix.SOL_SOCKET, unix.SO_DOMAIN) if err != nil { return syserr.FromError(err) } - if family != syscall.AF_UNIX { + if family != unix.AF_UNIX { // We only allow Unix sockets. return syserr.ErrInvalidEndpointState } - stype, err := syscall.GetsockoptInt(c.file.FD(), syscall.SOL_SOCKET, syscall.SO_TYPE) + stype, err := unix.GetsockoptInt(c.file.FD(), unix.SOL_SOCKET, unix.SO_TYPE) if err != nil { return syserr.FromError(err) } - if err := syscall.SetNonblock(c.file.FD(), true); err != nil { + if err := unix.SetNonblock(c.file.FD(), true); err != nil { return syserr.FromError(err) } - sndbuf, err := syscall.GetsockoptInt(c.file.FD(), syscall.SOL_SOCKET, syscall.SO_SNDBUF) + sndbuf, err := unix.GetsockoptInt(c.file.FD(), unix.SOL_SOCKET, unix.SO_SNDBUF) if err != nil { return syserr.FromError(err) } @@ -168,7 +168,7 @@ func newSocket(ctx context.Context, orgfd int, saveable bool) (*fs.File, error) srfd := -1 if saveable { var err error - ownedfd, err = syscall.Dup(orgfd) + ownedfd, err = unix.Dup(orgfd) if err != nil { return nil, err } @@ -233,7 +233,7 @@ func (c *ConnectedEndpoint) CloseSend() { c.mu.Lock() defer c.mu.Unlock() - if err := syscall.Shutdown(c.file.FD(), syscall.SHUT_WR); err != nil { + if err := unix.Shutdown(c.file.FD(), unix.SHUT_WR); err != nil { // A well-formed UDS shutdown can't fail. See // net/unix/af_unix.c:unix_shutdown. panic(fmt.Sprintf("failed write shutdown on host socket %+v: %v", c, err)) @@ -333,7 +333,7 @@ func (c *ConnectedEndpoint) CloseRecv() { c.mu.Lock() defer c.mu.Unlock() - if err := syscall.Shutdown(c.file.FD(), syscall.SHUT_RD); err != nil { + if err := unix.Shutdown(c.file.FD(), unix.SHUT_RD); err != nil { // A well-formed UDS shutdown can't fail. See // net/unix/af_unix.c:unix_shutdown. panic(fmt.Sprintf("failed read shutdown on host socket %+v: %v", c, err)) diff --git a/pkg/sentry/fs/host/socket_iovec.go b/pkg/sentry/fs/host/socket_iovec.go index 905afb50d..7380d75e7 100644 --- a/pkg/sentry/fs/host/socket_iovec.go +++ b/pkg/sentry/fs/host/socket_iovec.go @@ -15,8 +15,7 @@ package host import ( - "syscall" - + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/iovec" "gvisor.dev/gvisor/pkg/syserror" ) @@ -54,7 +53,7 @@ func copyFromMulti(dst []byte, src [][]byte) { // // If intermediate != nil, iovecs references intermediate rather than bufs and // the caller must copy to/from bufs as necessary. -func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []syscall.Iovec, intermediate []byte, err error) { +func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []unix.Iovec, intermediate []byte, err error) { var iovsRequired int for _, b := range bufs { length += int64(len(b)) @@ -78,14 +77,14 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec // Use a single intermediate buffer instead. b := make([]byte, stopLen) - return stopLen, []syscall.Iovec{{ + return stopLen, []unix.Iovec{{ Base: &b[0], Len: uint64(stopLen), }}, b, err } var total int64 - iovecs = make([]syscall.Iovec, 0, iovsRequired) + iovecs = make([]unix.Iovec, 0, iovsRequired) for i := range bufs { l := len(bufs[i]) if l == 0 { @@ -97,7 +96,7 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec stop = stopLen - total } - iovecs = append(iovecs, syscall.Iovec{ + iovecs = append(iovecs, unix.Iovec{ Base: &bufs[i][0], Len: uint64(stop), }) diff --git a/pkg/sentry/fs/host/socket_state.go b/pkg/sentry/fs/host/socket_state.go index 498018f0a..1d3e5298a 100644 --- a/pkg/sentry/fs/host/socket_state.go +++ b/pkg/sentry/fs/host/socket_state.go @@ -16,8 +16,8 @@ package host import ( "fmt" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/fd" ) @@ -30,7 +30,7 @@ func (c *ConnectedEndpoint) beforeSave() { // afterLoad is invoked by stateify. func (c *ConnectedEndpoint) afterLoad() { - f, err := syscall.Dup(c.srfd) + f, err := unix.Dup(c.srfd) if err != nil { panic(fmt.Sprintf("failed to dup restored FD %d: %v", c.srfd, err)) } diff --git a/pkg/sentry/fs/host/socket_test.go b/pkg/sentry/fs/host/socket_test.go index 9d58ea448..f7014b6b1 100644 --- a/pkg/sentry/fs/host/socket_test.go +++ b/pkg/sentry/fs/host/socket_test.go @@ -16,9 +16,9 @@ package host import ( "reflect" - "syscall" "testing" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/fd" "gvisor.dev/gvisor/pkg/fdnotifier" "gvisor.dev/gvisor/pkg/sentry/contexttest" @@ -40,7 +40,7 @@ var ( ) func getFl(fd int) (uint32, error) { - fl, _, err := syscall.RawSyscall(syscall.SYS_FCNTL, uintptr(fd), syscall.F_GETFL, 0) + fl, _, err := unix.RawSyscall(unix.SYS_FCNTL, uintptr(fd), unix.F_GETFL, 0) if err == 0 { return uint32(fl), nil } @@ -49,7 +49,7 @@ func getFl(fd int) (uint32, error) { func TestSocketIsBlocking(t *testing.T) { // Using socketpair here because it's already connected. - pair, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0) + pair, err := unix.Socketpair(unix.AF_UNIX, unix.SOCK_STREAM, 0) if err != nil { t.Fatalf("host socket creation failed: %v", err) } @@ -58,13 +58,13 @@ func TestSocketIsBlocking(t *testing.T) { if err != nil { t.Fatalf("getFl: fcntl(%v, GETFL) => %v", pair[0], err) } - if fl&syscall.O_NONBLOCK == syscall.O_NONBLOCK { + if fl&unix.O_NONBLOCK == unix.O_NONBLOCK { t.Fatalf("Expected socket %v to be blocking", pair[0]) } if fl, err = getFl(pair[1]); err != nil { t.Fatalf("getFl: fcntl(%v, GETFL) => %v", pair[1], err) } - if fl&syscall.O_NONBLOCK == syscall.O_NONBLOCK { + if fl&unix.O_NONBLOCK == unix.O_NONBLOCK { t.Fatalf("Expected socket %v to be blocking", pair[1]) } ctx := contexttest.Context(t) @@ -77,20 +77,20 @@ func TestSocketIsBlocking(t *testing.T) { if fl, err = getFl(pair[0]); err != nil { t.Fatalf("getFl: fcntl(%v, GETFL) => %v", pair[0], err) } - if fl&syscall.O_NONBLOCK != syscall.O_NONBLOCK { + if fl&unix.O_NONBLOCK != unix.O_NONBLOCK { t.Errorf("Expected socket %v to have become non-blocking", pair[0]) } if fl, err = getFl(pair[1]); err != nil { t.Fatalf("getFl: fcntl(%v, GETFL) => %v", pair[1], err) } - if fl&syscall.O_NONBLOCK == syscall.O_NONBLOCK { + if fl&unix.O_NONBLOCK == unix.O_NONBLOCK { t.Errorf("Did not expect socket %v to become non-blocking", pair[1]) } } func TestSocketWritev(t *testing.T) { // Using socketpair here because it's already connected. - pair, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0) + pair, err := unix.Socketpair(unix.AF_UNIX, unix.SOCK_STREAM, 0) if err != nil { t.Fatalf("host socket creation failed: %v", err) } @@ -113,7 +113,7 @@ func TestSocketWritev(t *testing.T) { func TestSocketWritevLen0(t *testing.T) { // Using socketpair here because it's already connected. - pair, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0) + pair, err := unix.Socketpair(unix.AF_UNIX, unix.SOCK_STREAM, 0) if err != nil { t.Fatalf("host socket creation failed: %v", err) } @@ -135,7 +135,7 @@ func TestSocketWritevLen0(t *testing.T) { func TestSocketSendMsgLen0(t *testing.T) { // Using socketpair here because it's already connected. - pair, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0) + pair, err := unix.Socketpair(unix.AF_UNIX, unix.SOCK_STREAM, 0) if err != nil { t.Fatalf("host socket creation failed: %v", err) } @@ -158,9 +158,9 @@ func TestSocketSendMsgLen0(t *testing.T) { } func TestListen(t *testing.T) { - pair, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0) + pair, err := unix.Socketpair(unix.AF_UNIX, unix.SOCK_STREAM, 0) if err != nil { - t.Fatalf("syscall.Socket(syscall.AF_UNIX, syscall.SOCK_STREAM, 0) => %v", err) + t.Fatalf("unix.Socket(unix.AF_UNIX, unix.SOCK_STREAM, 0) => %v", err) } ctx := contexttest.Context(t) sfile1, err := newSocket(ctx, pair[0], false) @@ -186,9 +186,9 @@ func TestListen(t *testing.T) { } // Create a Unix socket, do not bind it. - sock, err := syscall.Socket(syscall.AF_UNIX, syscall.SOCK_STREAM, 0) + sock, err := unix.Socket(unix.AF_UNIX, unix.SOCK_STREAM, 0) if err != nil { - t.Fatalf("syscall.Socket(syscall.AF_UNIX, syscall.SOCK_STREAM, 0) => %v", err) + t.Fatalf("unix.Socket(unix.AF_UNIX, unix.SOCK_STREAM, 0) => %v", err) } sfile3, err := newSocket(ctx, sock, false) if err != nil { @@ -236,7 +236,7 @@ func TestQueuedSize(t *testing.T) { } func TestRelease(t *testing.T) { - f, err := syscall.Socket(syscall.AF_UNIX, syscall.SOCK_STREAM|syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC, 0) + f, err := unix.Socket(unix.AF_UNIX, unix.SOCK_STREAM|unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC, 0) if err != nil { t.Fatal("Creating socket:", err) } diff --git a/pkg/sentry/fs/host/socket_unsafe.go b/pkg/sentry/fs/host/socket_unsafe.go index c8231e0aa..95f5d39bd 100644 --- a/pkg/sentry/fs/host/socket_unsafe.go +++ b/pkg/sentry/fs/host/socket_unsafe.go @@ -15,8 +15,9 @@ package host import ( - "syscall" "unsafe" + + "golang.org/x/sys/unix" ) // LINT.IfChange @@ -26,9 +27,9 @@ import ( // If the total length of bufs is > maxlen, fdReadVec will do a partial read // and err will indicate why the message was truncated. func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (readLen int64, msgLen int64, controlLen uint64, controlTrunc bool, err error) { - flags := uintptr(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC) + flags := uintptr(unix.MSG_DONTWAIT | unix.MSG_TRUNC) if peek { - flags |= syscall.MSG_PEEK + flags |= unix.MSG_PEEK } // Always truncate the receive buffer. All socket types will truncate @@ -39,7 +40,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) ( return 0, 0, 0, false, err } - var msg syscall.Msghdr + var msg unix.Msghdr if len(control) != 0 { msg.Control = &control[0] msg.Controllen = uint64(len(control)) @@ -50,7 +51,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) ( msg.Iovlen = uint64(len(iovecs)) } - rawN, _, e := syscall.RawSyscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags) + rawN, _, e := unix.RawSyscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags) if e != 0 { // N.B. prioritize the syscall error over the buildIovec error. return 0, 0, 0, false, e @@ -62,7 +63,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) ( copyToMulti(bufs, intermediate) } - controlTrunc = msg.Flags&syscall.MSG_CTRUNC == syscall.MSG_CTRUNC + controlTrunc = msg.Flags&unix.MSG_CTRUNC == unix.MSG_CTRUNC if n > length { return length, n, msg.Controllen, controlTrunc, nil @@ -87,13 +88,13 @@ func fdWriteVec(fd int, bufs [][]byte, maxlen int64, truncate bool) (int64, int6 copyFromMulti(intermediate, bufs) } - var msg syscall.Msghdr + var msg unix.Msghdr if len(iovecs) > 0 { msg.Iov = &iovecs[0] msg.Iovlen = uint64(len(iovecs)) } - n, _, e := syscall.RawSyscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), syscall.MSG_DONTWAIT|syscall.MSG_NOSIGNAL) + n, _, e := unix.RawSyscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), unix.MSG_DONTWAIT|unix.MSG_NOSIGNAL) if e != 0 { // N.B. prioritize the syscall error over the buildIovec error. return 0, length, e diff --git a/pkg/sentry/fs/host/util.go b/pkg/sentry/fs/host/util.go index 1b0356930..ab74724a3 100644 --- a/pkg/sentry/fs/host/util.go +++ b/pkg/sentry/fs/host/util.go @@ -16,8 +16,8 @@ package host import ( "os" - "syscall" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/sentry/device" @@ -27,21 +27,21 @@ import ( "gvisor.dev/gvisor/pkg/syserror" ) -func nodeType(s *syscall.Stat_t) fs.InodeType { - switch x := (s.Mode & syscall.S_IFMT); x { - case syscall.S_IFLNK: +func nodeType(s *unix.Stat_t) fs.InodeType { + switch x := (s.Mode & unix.S_IFMT); x { + case unix.S_IFLNK: return fs.Symlink - case syscall.S_IFIFO: + case unix.S_IFIFO: return fs.Pipe - case syscall.S_IFCHR: + case unix.S_IFCHR: return fs.CharacterDevice - case syscall.S_IFBLK: + case unix.S_IFBLK: return fs.BlockDevice - case syscall.S_IFSOCK: + case unix.S_IFSOCK: return fs.Socket - case syscall.S_IFDIR: + case unix.S_IFDIR: return fs.Directory - case syscall.S_IFREG: + case unix.S_IFREG: return fs.RegularFile default: // This shouldn't happen, but just in case... @@ -50,12 +50,12 @@ func nodeType(s *syscall.Stat_t) fs.InodeType { } } -func wouldBlock(s *syscall.Stat_t) bool { +func wouldBlock(s *unix.Stat_t) bool { typ := nodeType(s) return typ == fs.Pipe || typ == fs.Socket || typ == fs.CharacterDevice } -func stableAttr(s *syscall.Stat_t) fs.StableAttr { +func stableAttr(s *unix.Stat_t) fs.StableAttr { return fs.StableAttr{ Type: nodeType(s), DeviceID: hostFileDevice.DeviceID(), @@ -67,14 +67,14 @@ func stableAttr(s *syscall.Stat_t) fs.StableAttr { } } -func owner(s *syscall.Stat_t) fs.FileOwner { +func owner(s *unix.Stat_t) fs.FileOwner { return fs.FileOwner{ UID: auth.KUID(s.Uid), GID: auth.KGID(s.Gid), } } -func unstableAttr(s *syscall.Stat_t) fs.UnstableAttr { +func unstableAttr(s *unix.Stat_t) fs.UnstableAttr { return fs.UnstableAttr{ Size: s.Size, Usage: s.Blocks * 512, diff --git a/pkg/sentry/fs/host/util_amd64_unsafe.go b/pkg/sentry/fs/host/util_amd64_unsafe.go index 66da6e9f5..21782f1da 100644 --- a/pkg/sentry/fs/host/util_amd64_unsafe.go +++ b/pkg/sentry/fs/host/util_amd64_unsafe.go @@ -17,18 +17,19 @@ package host import ( - "syscall" "unsafe" + + "golang.org/x/sys/unix" ) -func fstatat(fd int, name string, flags int) (syscall.Stat_t, error) { - var stat syscall.Stat_t - namePtr, err := syscall.BytePtrFromString(name) +func fstatat(fd int, name string, flags int) (unix.Stat_t, error) { + var stat unix.Stat_t + namePtr, err := unix.BytePtrFromString(name) if err != nil { return stat, err } - _, _, errno := syscall.Syscall6( - syscall.SYS_NEWFSTATAT, + _, _, errno := unix.Syscall6( + unix.SYS_NEWFSTATAT, uintptr(fd), uintptr(unsafe.Pointer(namePtr)), uintptr(unsafe.Pointer(&stat)), diff --git a/pkg/sentry/fs/host/util_arm64_unsafe.go b/pkg/sentry/fs/host/util_arm64_unsafe.go index e8cb94aeb..ed8f5242a 100644 --- a/pkg/sentry/fs/host/util_arm64_unsafe.go +++ b/pkg/sentry/fs/host/util_arm64_unsafe.go @@ -17,18 +17,19 @@ package host import ( - "syscall" "unsafe" + + "golang.org/x/sys/unix" ) -func fstatat(fd int, name string, flags int) (syscall.Stat_t, error) { - var stat syscall.Stat_t - namePtr, err := syscall.BytePtrFromString(name) +func fstatat(fd int, name string, flags int) (unix.Stat_t, error) { + var stat unix.Stat_t + namePtr, err := unix.BytePtrFromString(name) if err != nil { return stat, err } - _, _, errno := syscall.Syscall6( - syscall.SYS_FSTATAT, + _, _, errno := unix.Syscall6( + unix.SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(namePtr)), uintptr(unsafe.Pointer(&stat)), diff --git a/pkg/sentry/fs/host/util_unsafe.go b/pkg/sentry/fs/host/util_unsafe.go index 23bd35d64..3c5e3ed6d 100644 --- a/pkg/sentry/fs/host/util_unsafe.go +++ b/pkg/sentry/fs/host/util_unsafe.go @@ -15,9 +15,9 @@ package host import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/sentry/fs" ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time" @@ -30,8 +30,8 @@ func readLink(fd int) (string, error) { // Buffer sizing copied from os.Readlink. for l := 128; ; l *= 2 { b := make([]byte, l) - n, _, errno := syscall.Syscall6( - syscall.SYS_READLINKAT, + n, _, errno := unix.Syscall6( + unix.SYS_READLINKAT, uintptr(fd), uintptr(unsafe.Pointer(&NulByte)), // "" uintptr(unsafe.Pointer(&b[0])), @@ -46,25 +46,25 @@ func readLink(fd int) (string, error) { } } -func timespecFromTimestamp(t ktime.Time, omit, setSysTime bool) syscall.Timespec { +func timespecFromTimestamp(t ktime.Time, omit, setSysTime bool) unix.Timespec { if omit { - return syscall.Timespec{0, linux.UTIME_OMIT} + return unix.Timespec{0, linux.UTIME_OMIT} } if setSysTime { - return syscall.Timespec{0, linux.UTIME_NOW} + return unix.Timespec{0, linux.UTIME_NOW} } - return syscall.NsecToTimespec(t.Nanoseconds()) + return unix.NsecToTimespec(t.Nanoseconds()) } func setTimestamps(fd int, ts fs.TimeSpec) error { if ts.ATimeOmit && ts.MTimeOmit { return nil } - var sts [2]syscall.Timespec + var sts [2]unix.Timespec sts[0] = timespecFromTimestamp(ts.ATime, ts.ATimeOmit, ts.ATimeSetSystemTime) sts[1] = timespecFromTimestamp(ts.MTime, ts.MTimeOmit, ts.MTimeSetSystemTime) - _, _, errno := syscall.Syscall6( - syscall.SYS_UTIMENSAT, + _, _, errno := unix.Syscall6( + unix.SYS_UTIMENSAT, uintptr(fd), 0, /* path */ uintptr(unsafe.Pointer(&sts)), diff --git a/pkg/sentry/fs/host/wait_test.go b/pkg/sentry/fs/host/wait_test.go index c143f4ce2..5925c85ea 100644 --- a/pkg/sentry/fs/host/wait_test.go +++ b/pkg/sentry/fs/host/wait_test.go @@ -15,27 +15,27 @@ package host import ( - "syscall" "testing" "time" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/sentry/contexttest" "gvisor.dev/gvisor/pkg/waiter" ) func TestWait(t *testing.T) { var fds [2]int - err := syscall.Pipe(fds[:]) + err := unix.Pipe(fds[:]) if err != nil { t.Fatalf("Unable to create pipe: %v", err) } - defer syscall.Close(fds[1]) + defer unix.Close(fds[1]) ctx := contexttest.Context(t) file, err := NewFile(ctx, fds[0]) if err != nil { - syscall.Close(fds[0]) + unix.Close(fds[0]) t.Fatalf("NewFile failed: %v", err) } @@ -56,7 +56,7 @@ func TestWait(t *testing.T) { } // Write to the pipe, so it should be writable now. - syscall.Write(fds[1], []byte{1}) + unix.Write(fds[1], []byte{1}) // Check that we get a notification. We need to yield the current thread // so that the fdnotifier can deliver notifications, so we use a |