summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/fs/host
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry/fs/host')
-rw-r--r--pkg/sentry/fs/host/BUILD2
-rw-r--r--pkg/sentry/fs/host/control.go9
-rw-r--r--pkg/sentry/fs/host/descriptor.go12
-rw-r--r--pkg/sentry/fs/host/descriptor_test.go6
-rw-r--r--pkg/sentry/fs/host/file.go32
-rw-r--r--pkg/sentry/fs/host/inode.go23
-rw-r--r--pkg/sentry/fs/host/inode_state.go6
-rw-r--r--pkg/sentry/fs/host/inode_test.go10
-rw-r--r--pkg/sentry/fs/host/ioctl_unsafe.go10
-rw-r--r--pkg/sentry/fs/host/socket.go18
-rw-r--r--pkg/sentry/fs/host/socket_iovec.go11
-rw-r--r--pkg/sentry/fs/host/socket_state.go4
-rw-r--r--pkg/sentry/fs/host/socket_test.go30
-rw-r--r--pkg/sentry/fs/host/socket_unsafe.go17
-rw-r--r--pkg/sentry/fs/host/util.go28
-rw-r--r--pkg/sentry/fs/host/util_amd64_unsafe.go13
-rw-r--r--pkg/sentry/fs/host/util_arm64_unsafe.go13
-rw-r--r--pkg/sentry/fs/host/util_unsafe.go20
-rw-r--r--pkg/sentry/fs/host/wait_test.go10
19 files changed, 138 insertions, 136 deletions
diff --git a/pkg/sentry/fs/host/BUILD b/pkg/sentry/fs/host/BUILD
index 1368014c4..3c45f6cc5 100644
--- a/pkg/sentry/fs/host/BUILD
+++ b/pkg/sentry/fs/host/BUILD
@@ -56,6 +56,7 @@ go_library(
"//pkg/unet",
"//pkg/usermem",
"//pkg/waiter",
+ "@org_golang_x_sys//unix:go_default_library",
],
)
@@ -80,5 +81,6 @@ go_test(
"//pkg/tcpip",
"//pkg/usermem",
"//pkg/waiter",
+ "@org_golang_x_sys//unix:go_default_library",
],
)
diff --git a/pkg/sentry/fs/host/control.go b/pkg/sentry/fs/host/control.go
index 0d8d36afa..e53998be1 100644
--- a/pkg/sentry/fs/host/control.go
+++ b/pkg/sentry/fs/host/control.go
@@ -15,8 +15,7 @@
package host
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/fs"
"gvisor.dev/gvisor/pkg/sentry/socket/control"
@@ -59,7 +58,7 @@ func (c *scmRights) Clone() transport.RightsControlMessage {
// Release implements transport.RightsControlMessage.Release.
func (c *scmRights) Release(ctx context.Context) {
for _, fd := range c.fds {
- syscall.Close(fd)
+ unix.Close(fd)
}
c.fds = nil
}
@@ -71,7 +70,7 @@ func fdsToFiles(ctx context.Context, fds []int) []*fs.File {
for _, fd := range fds {
// Get flags. We do it here because they may be modified
// by subsequent functions.
- fileFlags, _, errno := syscall.Syscall(syscall.SYS_FCNTL, uintptr(fd), syscall.F_GETFL, 0)
+ fileFlags, _, errno := unix.Syscall(unix.SYS_FCNTL, uintptr(fd), unix.F_GETFL, 0)
if errno != 0 {
ctx.Warningf("Error retrieving host FD flags: %v", error(errno))
break
@@ -86,7 +85,7 @@ func fdsToFiles(ctx context.Context, fds []int) []*fs.File {
// Set known flags.
file.SetFlags(fs.SettableFileFlags{
- NonBlocking: fileFlags&syscall.O_NONBLOCK != 0,
+ NonBlocking: fileFlags&unix.O_NONBLOCK != 0,
})
files = append(files, file)
diff --git a/pkg/sentry/fs/host/descriptor.go b/pkg/sentry/fs/host/descriptor.go
index cfdce6a74..5667b94a1 100644
--- a/pkg/sentry/fs/host/descriptor.go
+++ b/pkg/sentry/fs/host/descriptor.go
@@ -16,8 +16,8 @@ package host
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fdnotifier"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/waiter"
@@ -48,14 +48,14 @@ func newDescriptor(fd int, saveable bool, wouldBlock bool, queue *waiter.Queue)
origFD := -1
if saveable {
var err error
- ownedFD, err = syscall.Dup(fd)
+ ownedFD, err = unix.Dup(fd)
if err != nil {
return nil, err
}
origFD = fd
}
if wouldBlock {
- if err := syscall.SetNonblock(ownedFD, true); err != nil {
+ if err := unix.SetNonblock(ownedFD, true); err != nil {
return nil, err
}
if err := fdnotifier.AddFD(int32(ownedFD), queue); err != nil {
@@ -72,12 +72,12 @@ func newDescriptor(fd int, saveable bool, wouldBlock bool, queue *waiter.Queue)
// initAfterLoad initializes the value of the descriptor after Load.
func (d *descriptor) initAfterLoad(id uint64, queue *waiter.Queue) error {
var err error
- d.value, err = syscall.Dup(d.origFD)
+ d.value, err = unix.Dup(d.origFD)
if err != nil {
return fmt.Errorf("failed to dup restored fd %d: %v", d.origFD, err)
}
if d.wouldBlock {
- if err := syscall.SetNonblock(d.value, true); err != nil {
+ if err := unix.SetNonblock(d.value, true); err != nil {
return err
}
if err := fdnotifier.AddFD(int32(d.value), queue); err != nil {
@@ -92,7 +92,7 @@ func (d *descriptor) Release() {
if d.wouldBlock {
fdnotifier.RemoveFD(int32(d.value))
}
- if err := syscall.Close(d.value); err != nil {
+ if err := unix.Close(d.value); err != nil {
log.Warningf("error closing fd %d: %v", d.value, err)
}
d.value = -1
diff --git a/pkg/sentry/fs/host/descriptor_test.go b/pkg/sentry/fs/host/descriptor_test.go
index d8e4605b6..cb809ab2d 100644
--- a/pkg/sentry/fs/host/descriptor_test.go
+++ b/pkg/sentry/fs/host/descriptor_test.go
@@ -17,9 +17,9 @@ package host
import (
"io/ioutil"
"path/filepath"
- "syscall"
"testing"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fdnotifier"
"gvisor.dev/gvisor/pkg/waiter"
)
@@ -40,7 +40,7 @@ func TestDescriptorRelease(t *testing.T) {
t.Fatal("ioutil.TempDir() failed:", err)
}
- fd, err := syscall.Open(filepath.Join(dir, "file"), syscall.O_RDWR|syscall.O_CREAT, 0666)
+ fd, err := unix.Open(filepath.Join(dir, "file"), unix.O_RDWR|unix.O_CREAT, 0666)
if err != nil {
t.Fatal("failed to open temp file:", err)
}
@@ -49,7 +49,7 @@ func TestDescriptorRelease(t *testing.T) {
queue := &waiter.Queue{}
d, err := newDescriptor(fd, tc.saveable, tc.wouldBlock, queue)
if err != nil {
- syscall.Close(fd)
+ unix.Close(fd)
t.Fatalf("newDescriptor(%d, %t, %t, queue) failed, err: %v", fd, tc.saveable, tc.wouldBlock, err)
}
if tc.saveable {
diff --git a/pkg/sentry/fs/host/file.go b/pkg/sentry/fs/host/file.go
index fd4e057d8..07bd078b7 100644
--- a/pkg/sentry/fs/host/file.go
+++ b/pkg/sentry/fs/host/file.go
@@ -16,8 +16,8 @@ package host
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -78,16 +78,16 @@ func ImportFile(ctx context.Context, fd int, isTTY bool) (*fs.File, error) {
// newFileFromDonatedFD returns an fs.File from a donated FD. If the FD is
// saveable, then saveable is true.
func newFileFromDonatedFD(ctx context.Context, donated int, saveable, isTTY bool) (*fs.File, error) {
- var s syscall.Stat_t
- if err := syscall.Fstat(donated, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(donated, &s); err != nil {
return nil, err
}
flags, err := fileFlagsFromDonatedFD(donated)
if err != nil {
return nil, err
}
- switch s.Mode & syscall.S_IFMT {
- case syscall.S_IFSOCK:
+ switch s.Mode & unix.S_IFMT {
+ case unix.S_IFSOCK:
if isTTY {
return nil, fmt.Errorf("cannot import host socket as TTY")
}
@@ -121,19 +121,19 @@ func newFileFromDonatedFD(ctx context.Context, donated int, saveable, isTTY bool
}
func fileFlagsFromDonatedFD(donated int) (fs.FileFlags, error) {
- flags, _, errno := syscall.Syscall(syscall.SYS_FCNTL, uintptr(donated), syscall.F_GETFL, 0)
+ flags, _, errno := unix.Syscall(unix.SYS_FCNTL, uintptr(donated), unix.F_GETFL, 0)
if errno != 0 {
log.Warningf("Failed to get file flags for donated FD %d (errno=%d)", donated, errno)
- return fs.FileFlags{}, syscall.EIO
+ return fs.FileFlags{}, unix.EIO
}
- accmode := flags & syscall.O_ACCMODE
+ accmode := flags & unix.O_ACCMODE
return fs.FileFlags{
- Direct: flags&syscall.O_DIRECT != 0,
- NonBlocking: flags&syscall.O_NONBLOCK != 0,
- Sync: flags&syscall.O_SYNC != 0,
- Append: flags&syscall.O_APPEND != 0,
- Read: accmode == syscall.O_RDONLY || accmode == syscall.O_RDWR,
- Write: accmode == syscall.O_WRONLY || accmode == syscall.O_RDWR,
+ Direct: flags&unix.O_DIRECT != 0,
+ NonBlocking: flags&unix.O_NONBLOCK != 0,
+ Sync: flags&unix.O_SYNC != 0,
+ Append: flags&unix.O_APPEND != 0,
+ Read: accmode == unix.O_RDONLY || accmode == unix.O_RDWR,
+ Write: accmode == unix.O_WRONLY || accmode == unix.O_RDWR,
}, nil
}
@@ -182,7 +182,7 @@ func (f *fileOperations) Readdir(ctx context.Context, file *fs.File, serializer
func (f *fileOperations) IterateDir(ctx context.Context, d *fs.Dirent, dirCtx *fs.DirCtx, offset int) (int, error) {
// We only support non-directory file descriptors that have been
// imported, so just claim that this isn't a directory, even if it is.
- return offset, syscall.ENOTDIR
+ return offset, unix.ENOTDIR
}
// Write implements fs.FileOperations.Write.
@@ -252,7 +252,7 @@ func (f *fileOperations) Fsync(ctx context.Context, file *fs.File, start int64,
}
fallthrough
case fs.SyncBackingStorage:
- return syscall.Fsync(f.iops.fileState.FD())
+ return unix.Fsync(f.iops.fileState.FD())
}
panic("invalid sync type")
}
diff --git a/pkg/sentry/fs/host/inode.go b/pkg/sentry/fs/host/inode.go
index df4b265fa..e299b532c 100644
--- a/pkg/sentry/fs/host/inode.go
+++ b/pkg/sentry/fs/host/inode.go
@@ -15,8 +15,7 @@
package host
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/safemem"
@@ -117,12 +116,12 @@ func (i *inodeFileState) SetMaskedAttributes(ctx context.Context, mask fs.AttrMa
return syserror.EPERM
}
if mask.Perms {
- if err := syscall.Fchmod(i.FD(), uint32(attr.Perms.LinuxMode())); err != nil {
+ if err := unix.Fchmod(i.FD(), uint32(attr.Perms.LinuxMode())); err != nil {
return err
}
}
if mask.Size {
- if err := syscall.Ftruncate(i.FD(), attr.Size); err != nil {
+ if err := unix.Ftruncate(i.FD(), attr.Size); err != nil {
return err
}
}
@@ -142,7 +141,7 @@ func (i *inodeFileState) SetMaskedAttributes(ctx context.Context, mask fs.AttrMa
// Sync implements fsutil.CachedFileObject.Sync.
func (i *inodeFileState) Sync(ctx context.Context) error {
- return syscall.Fsync(i.FD())
+ return unix.Fsync(i.FD())
}
// FD implements fsutil.CachedFileObject.FD.
@@ -151,8 +150,8 @@ func (i *inodeFileState) FD() int {
}
func (i *inodeFileState) unstableAttr(ctx context.Context) (fs.UnstableAttr, error) {
- var s syscall.Stat_t
- if err := syscall.Fstat(i.FD(), &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.FD(), &s); err != nil {
return fs.UnstableAttr{}, err
}
return unstableAttr(&s), nil
@@ -160,7 +159,7 @@ func (i *inodeFileState) unstableAttr(ctx context.Context) (fs.UnstableAttr, err
// Allocate implements fsutil.CachedFileObject.Allocate.
func (i *inodeFileState) Allocate(_ context.Context, offset, length int64) error {
- return syscall.Fallocate(i.FD(), 0, offset, length)
+ return unix.Fallocate(i.FD(), 0, offset, length)
}
// inodeOperations implements fs.InodeOperations.
@@ -169,8 +168,8 @@ var _ fs.InodeOperations = (*inodeOperations)(nil)
// newInode returns a new fs.Inode backed by the host FD.
func newInode(ctx context.Context, msrc *fs.MountSource, fd int, saveable bool) (*fs.Inode, error) {
// Retrieve metadata.
- var s syscall.Stat_t
- err := syscall.Fstat(fd, &s)
+ var s unix.Stat_t
+ err := unix.Fstat(fd, &s)
if err != nil {
return nil, err
}
@@ -324,7 +323,7 @@ func (i *inodeOperations) SetPermissions(ctx context.Context, inode *fs.Inode, f
// Then just change the timestamps on the FD, the host
// will synchronize the metadata update with any host
// inode and page cache.
- return syscall.Fchmod(i.fileState.FD(), uint32(f.LinuxMode())) == nil
+ return unix.Fchmod(i.fileState.FD(), uint32(f.LinuxMode())) == nil
}
// Otherwise update our cached metadata.
return i.cachingInodeOps.SetPermissions(ctx, inode, f)
@@ -350,7 +349,7 @@ func (i *inodeOperations) Truncate(ctx context.Context, inode *fs.Inode, size in
// Then just change the file size on the FD, the host
// will synchronize the metadata update with any host
// inode and page cache.
- return syscall.Ftruncate(i.fileState.FD(), size)
+ return unix.Ftruncate(i.fileState.FD(), size)
}
// Otherwise we need to go through cachingInodeOps, even if the host page
// cache is in use, to invalidate private copies of truncated pages.
diff --git a/pkg/sentry/fs/host/inode_state.go b/pkg/sentry/fs/host/inode_state.go
index 1adbd4562..03531b7e7 100644
--- a/pkg/sentry/fs/host/inode_state.go
+++ b/pkg/sentry/fs/host/inode_state.go
@@ -16,8 +16,8 @@ package host
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/sentry/device"
"gvisor.dev/gvisor/pkg/sentry/fs"
)
@@ -30,8 +30,8 @@ func (i *inodeFileState) afterLoad() {
}
// Remap the inode number.
- var s syscall.Stat_t
- if err := syscall.Fstat(i.FD(), &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.FD(), &s); err != nil {
panic(fs.ErrCorruption{fmt.Errorf("failed to get metadata for fd %d: %v", i.FD(), err)})
}
key := device.MultiDeviceKey{
diff --git a/pkg/sentry/fs/host/inode_test.go b/pkg/sentry/fs/host/inode_test.go
index 41a23b5da..11738871b 100644
--- a/pkg/sentry/fs/host/inode_test.go
+++ b/pkg/sentry/fs/host/inode_test.go
@@ -15,20 +15,20 @@
package host
import (
- "syscall"
"testing"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/sentry/contexttest"
)
// TestCloseFD verifies fds will be closed.
func TestCloseFD(t *testing.T) {
var p [2]int
- if err := syscall.Pipe(p[0:]); err != nil {
+ if err := unix.Pipe(p[0:]); err != nil {
t.Fatalf("Failed to create pipe %v", err)
}
- defer syscall.Close(p[0])
- defer syscall.Close(p[1])
+ defer unix.Close(p[0])
+ defer unix.Close(p[1])
// Use the write-end because we will detect if it's closed on the read end.
ctx := contexttest.Context(t)
@@ -39,7 +39,7 @@ func TestCloseFD(t *testing.T) {
file.DecRef(ctx)
s := make([]byte, 10)
- if c, err := syscall.Read(p[0], s); c != 0 || err != nil {
+ if c, err := unix.Read(p[0], s); c != 0 || err != nil {
t.Errorf("want 0, nil (EOF) from read end, got %v, %v", c, err)
}
}
diff --git a/pkg/sentry/fs/host/ioctl_unsafe.go b/pkg/sentry/fs/host/ioctl_unsafe.go
index 150ac8e19..303ea4d9b 100644
--- a/pkg/sentry/fs/host/ioctl_unsafe.go
+++ b/pkg/sentry/fs/host/ioctl_unsafe.go
@@ -15,9 +15,9 @@
package host
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
@@ -25,7 +25,7 @@ import (
func ioctlGetTermios(fd int) (*linux.Termios, error) {
var t linux.Termios
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t)))
if errno != 0 {
return nil, errno
}
@@ -33,7 +33,7 @@ func ioctlGetTermios(fd int) (*linux.Termios, error) {
}
func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error {
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t)))
if errno != 0 {
return errno
}
@@ -42,7 +42,7 @@ func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error {
func ioctlGetWinsize(fd int) (*linux.Winsize, error) {
var w linux.Winsize
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w)))
if errno != 0 {
return nil, errno
}
@@ -50,7 +50,7 @@ func ioctlGetWinsize(fd int) (*linux.Winsize, error) {
}
func ioctlSetWinsize(fd int, w *linux.Winsize) error {
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w)))
if errno != 0 {
return errno
}
diff --git a/pkg/sentry/fs/host/socket.go b/pkg/sentry/fs/host/socket.go
index 2b58fc52c..f2d96d1ec 100644
--- a/pkg/sentry/fs/host/socket.go
+++ b/pkg/sentry/fs/host/socket.go
@@ -17,8 +17,8 @@ package host
import (
"fmt"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fd"
@@ -75,26 +75,26 @@ type ConnectedEndpoint struct {
// init performs initialization required for creating new ConnectedEndpoints and
// for restoring them.
func (c *ConnectedEndpoint) init() *syserr.Error {
- family, err := syscall.GetsockoptInt(c.file.FD(), syscall.SOL_SOCKET, syscall.SO_DOMAIN)
+ family, err := unix.GetsockoptInt(c.file.FD(), unix.SOL_SOCKET, unix.SO_DOMAIN)
if err != nil {
return syserr.FromError(err)
}
- if family != syscall.AF_UNIX {
+ if family != unix.AF_UNIX {
// We only allow Unix sockets.
return syserr.ErrInvalidEndpointState
}
- stype, err := syscall.GetsockoptInt(c.file.FD(), syscall.SOL_SOCKET, syscall.SO_TYPE)
+ stype, err := unix.GetsockoptInt(c.file.FD(), unix.SOL_SOCKET, unix.SO_TYPE)
if err != nil {
return syserr.FromError(err)
}
- if err := syscall.SetNonblock(c.file.FD(), true); err != nil {
+ if err := unix.SetNonblock(c.file.FD(), true); err != nil {
return syserr.FromError(err)
}
- sndbuf, err := syscall.GetsockoptInt(c.file.FD(), syscall.SOL_SOCKET, syscall.SO_SNDBUF)
+ sndbuf, err := unix.GetsockoptInt(c.file.FD(), unix.SOL_SOCKET, unix.SO_SNDBUF)
if err != nil {
return syserr.FromError(err)
}
@@ -168,7 +168,7 @@ func newSocket(ctx context.Context, orgfd int, saveable bool) (*fs.File, error)
srfd := -1
if saveable {
var err error
- ownedfd, err = syscall.Dup(orgfd)
+ ownedfd, err = unix.Dup(orgfd)
if err != nil {
return nil, err
}
@@ -233,7 +233,7 @@ func (c *ConnectedEndpoint) CloseSend() {
c.mu.Lock()
defer c.mu.Unlock()
- if err := syscall.Shutdown(c.file.FD(), syscall.SHUT_WR); err != nil {
+ if err := unix.Shutdown(c.file.FD(), unix.SHUT_WR); err != nil {
// A well-formed UDS shutdown can't fail. See
// net/unix/af_unix.c:unix_shutdown.
panic(fmt.Sprintf("failed write shutdown on host socket %+v: %v", c, err))
@@ -333,7 +333,7 @@ func (c *ConnectedEndpoint) CloseRecv() {
c.mu.Lock()
defer c.mu.Unlock()
- if err := syscall.Shutdown(c.file.FD(), syscall.SHUT_RD); err != nil {
+ if err := unix.Shutdown(c.file.FD(), unix.SHUT_RD); err != nil {
// A well-formed UDS shutdown can't fail. See
// net/unix/af_unix.c:unix_shutdown.
panic(fmt.Sprintf("failed read shutdown on host socket %+v: %v", c, err))
diff --git a/pkg/sentry/fs/host/socket_iovec.go b/pkg/sentry/fs/host/socket_iovec.go
index 905afb50d..7380d75e7 100644
--- a/pkg/sentry/fs/host/socket_iovec.go
+++ b/pkg/sentry/fs/host/socket_iovec.go
@@ -15,8 +15,7 @@
package host
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/iovec"
"gvisor.dev/gvisor/pkg/syserror"
)
@@ -54,7 +53,7 @@ func copyFromMulti(dst []byte, src [][]byte) {
//
// If intermediate != nil, iovecs references intermediate rather than bufs and
// the caller must copy to/from bufs as necessary.
-func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []syscall.Iovec, intermediate []byte, err error) {
+func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []unix.Iovec, intermediate []byte, err error) {
var iovsRequired int
for _, b := range bufs {
length += int64(len(b))
@@ -78,14 +77,14 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec
// Use a single intermediate buffer instead.
b := make([]byte, stopLen)
- return stopLen, []syscall.Iovec{{
+ return stopLen, []unix.Iovec{{
Base: &b[0],
Len: uint64(stopLen),
}}, b, err
}
var total int64
- iovecs = make([]syscall.Iovec, 0, iovsRequired)
+ iovecs = make([]unix.Iovec, 0, iovsRequired)
for i := range bufs {
l := len(bufs[i])
if l == 0 {
@@ -97,7 +96,7 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec
stop = stopLen - total
}
- iovecs = append(iovecs, syscall.Iovec{
+ iovecs = append(iovecs, unix.Iovec{
Base: &bufs[i][0],
Len: uint64(stop),
})
diff --git a/pkg/sentry/fs/host/socket_state.go b/pkg/sentry/fs/host/socket_state.go
index 498018f0a..1d3e5298a 100644
--- a/pkg/sentry/fs/host/socket_state.go
+++ b/pkg/sentry/fs/host/socket_state.go
@@ -16,8 +16,8 @@ package host
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fd"
)
@@ -30,7 +30,7 @@ func (c *ConnectedEndpoint) beforeSave() {
// afterLoad is invoked by stateify.
func (c *ConnectedEndpoint) afterLoad() {
- f, err := syscall.Dup(c.srfd)
+ f, err := unix.Dup(c.srfd)
if err != nil {
panic(fmt.Sprintf("failed to dup restored FD %d: %v", c.srfd, err))
}
diff --git a/pkg/sentry/fs/host/socket_test.go b/pkg/sentry/fs/host/socket_test.go
index 9d58ea448..f7014b6b1 100644
--- a/pkg/sentry/fs/host/socket_test.go
+++ b/pkg/sentry/fs/host/socket_test.go
@@ -16,9 +16,9 @@ package host
import (
"reflect"
- "syscall"
"testing"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/fdnotifier"
"gvisor.dev/gvisor/pkg/sentry/contexttest"
@@ -40,7 +40,7 @@ var (
)
func getFl(fd int) (uint32, error) {
- fl, _, err := syscall.RawSyscall(syscall.SYS_FCNTL, uintptr(fd), syscall.F_GETFL, 0)
+ fl, _, err := unix.RawSyscall(unix.SYS_FCNTL, uintptr(fd), unix.F_GETFL, 0)
if err == 0 {
return uint32(fl), nil
}
@@ -49,7 +49,7 @@ func getFl(fd int) (uint32, error) {
func TestSocketIsBlocking(t *testing.T) {
// Using socketpair here because it's already connected.
- pair, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0)
+ pair, err := unix.Socketpair(unix.AF_UNIX, unix.SOCK_STREAM, 0)
if err != nil {
t.Fatalf("host socket creation failed: %v", err)
}
@@ -58,13 +58,13 @@ func TestSocketIsBlocking(t *testing.T) {
if err != nil {
t.Fatalf("getFl: fcntl(%v, GETFL) => %v", pair[0], err)
}
- if fl&syscall.O_NONBLOCK == syscall.O_NONBLOCK {
+ if fl&unix.O_NONBLOCK == unix.O_NONBLOCK {
t.Fatalf("Expected socket %v to be blocking", pair[0])
}
if fl, err = getFl(pair[1]); err != nil {
t.Fatalf("getFl: fcntl(%v, GETFL) => %v", pair[1], err)
}
- if fl&syscall.O_NONBLOCK == syscall.O_NONBLOCK {
+ if fl&unix.O_NONBLOCK == unix.O_NONBLOCK {
t.Fatalf("Expected socket %v to be blocking", pair[1])
}
ctx := contexttest.Context(t)
@@ -77,20 +77,20 @@ func TestSocketIsBlocking(t *testing.T) {
if fl, err = getFl(pair[0]); err != nil {
t.Fatalf("getFl: fcntl(%v, GETFL) => %v", pair[0], err)
}
- if fl&syscall.O_NONBLOCK != syscall.O_NONBLOCK {
+ if fl&unix.O_NONBLOCK != unix.O_NONBLOCK {
t.Errorf("Expected socket %v to have become non-blocking", pair[0])
}
if fl, err = getFl(pair[1]); err != nil {
t.Fatalf("getFl: fcntl(%v, GETFL) => %v", pair[1], err)
}
- if fl&syscall.O_NONBLOCK == syscall.O_NONBLOCK {
+ if fl&unix.O_NONBLOCK == unix.O_NONBLOCK {
t.Errorf("Did not expect socket %v to become non-blocking", pair[1])
}
}
func TestSocketWritev(t *testing.T) {
// Using socketpair here because it's already connected.
- pair, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0)
+ pair, err := unix.Socketpair(unix.AF_UNIX, unix.SOCK_STREAM, 0)
if err != nil {
t.Fatalf("host socket creation failed: %v", err)
}
@@ -113,7 +113,7 @@ func TestSocketWritev(t *testing.T) {
func TestSocketWritevLen0(t *testing.T) {
// Using socketpair here because it's already connected.
- pair, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0)
+ pair, err := unix.Socketpair(unix.AF_UNIX, unix.SOCK_STREAM, 0)
if err != nil {
t.Fatalf("host socket creation failed: %v", err)
}
@@ -135,7 +135,7 @@ func TestSocketWritevLen0(t *testing.T) {
func TestSocketSendMsgLen0(t *testing.T) {
// Using socketpair here because it's already connected.
- pair, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0)
+ pair, err := unix.Socketpair(unix.AF_UNIX, unix.SOCK_STREAM, 0)
if err != nil {
t.Fatalf("host socket creation failed: %v", err)
}
@@ -158,9 +158,9 @@ func TestSocketSendMsgLen0(t *testing.T) {
}
func TestListen(t *testing.T) {
- pair, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0)
+ pair, err := unix.Socketpair(unix.AF_UNIX, unix.SOCK_STREAM, 0)
if err != nil {
- t.Fatalf("syscall.Socket(syscall.AF_UNIX, syscall.SOCK_STREAM, 0) => %v", err)
+ t.Fatalf("unix.Socket(unix.AF_UNIX, unix.SOCK_STREAM, 0) => %v", err)
}
ctx := contexttest.Context(t)
sfile1, err := newSocket(ctx, pair[0], false)
@@ -186,9 +186,9 @@ func TestListen(t *testing.T) {
}
// Create a Unix socket, do not bind it.
- sock, err := syscall.Socket(syscall.AF_UNIX, syscall.SOCK_STREAM, 0)
+ sock, err := unix.Socket(unix.AF_UNIX, unix.SOCK_STREAM, 0)
if err != nil {
- t.Fatalf("syscall.Socket(syscall.AF_UNIX, syscall.SOCK_STREAM, 0) => %v", err)
+ t.Fatalf("unix.Socket(unix.AF_UNIX, unix.SOCK_STREAM, 0) => %v", err)
}
sfile3, err := newSocket(ctx, sock, false)
if err != nil {
@@ -236,7 +236,7 @@ func TestQueuedSize(t *testing.T) {
}
func TestRelease(t *testing.T) {
- f, err := syscall.Socket(syscall.AF_UNIX, syscall.SOCK_STREAM|syscall.SOCK_NONBLOCK|syscall.SOCK_CLOEXEC, 0)
+ f, err := unix.Socket(unix.AF_UNIX, unix.SOCK_STREAM|unix.SOCK_NONBLOCK|unix.SOCK_CLOEXEC, 0)
if err != nil {
t.Fatal("Creating socket:", err)
}
diff --git a/pkg/sentry/fs/host/socket_unsafe.go b/pkg/sentry/fs/host/socket_unsafe.go
index c8231e0aa..95f5d39bd 100644
--- a/pkg/sentry/fs/host/socket_unsafe.go
+++ b/pkg/sentry/fs/host/socket_unsafe.go
@@ -15,8 +15,9 @@
package host
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
// LINT.IfChange
@@ -26,9 +27,9 @@ import (
// If the total length of bufs is > maxlen, fdReadVec will do a partial read
// and err will indicate why the message was truncated.
func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (readLen int64, msgLen int64, controlLen uint64, controlTrunc bool, err error) {
- flags := uintptr(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC)
+ flags := uintptr(unix.MSG_DONTWAIT | unix.MSG_TRUNC)
if peek {
- flags |= syscall.MSG_PEEK
+ flags |= unix.MSG_PEEK
}
// Always truncate the receive buffer. All socket types will truncate
@@ -39,7 +40,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
return 0, 0, 0, false, err
}
- var msg syscall.Msghdr
+ var msg unix.Msghdr
if len(control) != 0 {
msg.Control = &control[0]
msg.Controllen = uint64(len(control))
@@ -50,7 +51,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
msg.Iovlen = uint64(len(iovecs))
}
- rawN, _, e := syscall.RawSyscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags)
+ rawN, _, e := unix.RawSyscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags)
if e != 0 {
// N.B. prioritize the syscall error over the buildIovec error.
return 0, 0, 0, false, e
@@ -62,7 +63,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
copyToMulti(bufs, intermediate)
}
- controlTrunc = msg.Flags&syscall.MSG_CTRUNC == syscall.MSG_CTRUNC
+ controlTrunc = msg.Flags&unix.MSG_CTRUNC == unix.MSG_CTRUNC
if n > length {
return length, n, msg.Controllen, controlTrunc, nil
@@ -87,13 +88,13 @@ func fdWriteVec(fd int, bufs [][]byte, maxlen int64, truncate bool) (int64, int6
copyFromMulti(intermediate, bufs)
}
- var msg syscall.Msghdr
+ var msg unix.Msghdr
if len(iovecs) > 0 {
msg.Iov = &iovecs[0]
msg.Iovlen = uint64(len(iovecs))
}
- n, _, e := syscall.RawSyscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), syscall.MSG_DONTWAIT|syscall.MSG_NOSIGNAL)
+ n, _, e := unix.RawSyscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), unix.MSG_DONTWAIT|unix.MSG_NOSIGNAL)
if e != 0 {
// N.B. prioritize the syscall error over the buildIovec error.
return 0, length, e
diff --git a/pkg/sentry/fs/host/util.go b/pkg/sentry/fs/host/util.go
index 1b0356930..ab74724a3 100644
--- a/pkg/sentry/fs/host/util.go
+++ b/pkg/sentry/fs/host/util.go
@@ -16,8 +16,8 @@ package host
import (
"os"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/sentry/device"
@@ -27,21 +27,21 @@ import (
"gvisor.dev/gvisor/pkg/syserror"
)
-func nodeType(s *syscall.Stat_t) fs.InodeType {
- switch x := (s.Mode & syscall.S_IFMT); x {
- case syscall.S_IFLNK:
+func nodeType(s *unix.Stat_t) fs.InodeType {
+ switch x := (s.Mode & unix.S_IFMT); x {
+ case unix.S_IFLNK:
return fs.Symlink
- case syscall.S_IFIFO:
+ case unix.S_IFIFO:
return fs.Pipe
- case syscall.S_IFCHR:
+ case unix.S_IFCHR:
return fs.CharacterDevice
- case syscall.S_IFBLK:
+ case unix.S_IFBLK:
return fs.BlockDevice
- case syscall.S_IFSOCK:
+ case unix.S_IFSOCK:
return fs.Socket
- case syscall.S_IFDIR:
+ case unix.S_IFDIR:
return fs.Directory
- case syscall.S_IFREG:
+ case unix.S_IFREG:
return fs.RegularFile
default:
// This shouldn't happen, but just in case...
@@ -50,12 +50,12 @@ func nodeType(s *syscall.Stat_t) fs.InodeType {
}
}
-func wouldBlock(s *syscall.Stat_t) bool {
+func wouldBlock(s *unix.Stat_t) bool {
typ := nodeType(s)
return typ == fs.Pipe || typ == fs.Socket || typ == fs.CharacterDevice
}
-func stableAttr(s *syscall.Stat_t) fs.StableAttr {
+func stableAttr(s *unix.Stat_t) fs.StableAttr {
return fs.StableAttr{
Type: nodeType(s),
DeviceID: hostFileDevice.DeviceID(),
@@ -67,14 +67,14 @@ func stableAttr(s *syscall.Stat_t) fs.StableAttr {
}
}
-func owner(s *syscall.Stat_t) fs.FileOwner {
+func owner(s *unix.Stat_t) fs.FileOwner {
return fs.FileOwner{
UID: auth.KUID(s.Uid),
GID: auth.KGID(s.Gid),
}
}
-func unstableAttr(s *syscall.Stat_t) fs.UnstableAttr {
+func unstableAttr(s *unix.Stat_t) fs.UnstableAttr {
return fs.UnstableAttr{
Size: s.Size,
Usage: s.Blocks * 512,
diff --git a/pkg/sentry/fs/host/util_amd64_unsafe.go b/pkg/sentry/fs/host/util_amd64_unsafe.go
index 66da6e9f5..21782f1da 100644
--- a/pkg/sentry/fs/host/util_amd64_unsafe.go
+++ b/pkg/sentry/fs/host/util_amd64_unsafe.go
@@ -17,18 +17,19 @@
package host
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
-func fstatat(fd int, name string, flags int) (syscall.Stat_t, error) {
- var stat syscall.Stat_t
- namePtr, err := syscall.BytePtrFromString(name)
+func fstatat(fd int, name string, flags int) (unix.Stat_t, error) {
+ var stat unix.Stat_t
+ namePtr, err := unix.BytePtrFromString(name)
if err != nil {
return stat, err
}
- _, _, errno := syscall.Syscall6(
- syscall.SYS_NEWFSTATAT,
+ _, _, errno := unix.Syscall6(
+ unix.SYS_NEWFSTATAT,
uintptr(fd),
uintptr(unsafe.Pointer(namePtr)),
uintptr(unsafe.Pointer(&stat)),
diff --git a/pkg/sentry/fs/host/util_arm64_unsafe.go b/pkg/sentry/fs/host/util_arm64_unsafe.go
index e8cb94aeb..ed8f5242a 100644
--- a/pkg/sentry/fs/host/util_arm64_unsafe.go
+++ b/pkg/sentry/fs/host/util_arm64_unsafe.go
@@ -17,18 +17,19 @@
package host
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
-func fstatat(fd int, name string, flags int) (syscall.Stat_t, error) {
- var stat syscall.Stat_t
- namePtr, err := syscall.BytePtrFromString(name)
+func fstatat(fd int, name string, flags int) (unix.Stat_t, error) {
+ var stat unix.Stat_t
+ namePtr, err := unix.BytePtrFromString(name)
if err != nil {
return stat, err
}
- _, _, errno := syscall.Syscall6(
- syscall.SYS_FSTATAT,
+ _, _, errno := unix.Syscall6(
+ unix.SYS_FSTATAT,
uintptr(fd),
uintptr(unsafe.Pointer(namePtr)),
uintptr(unsafe.Pointer(&stat)),
diff --git a/pkg/sentry/fs/host/util_unsafe.go b/pkg/sentry/fs/host/util_unsafe.go
index 23bd35d64..3c5e3ed6d 100644
--- a/pkg/sentry/fs/host/util_unsafe.go
+++ b/pkg/sentry/fs/host/util_unsafe.go
@@ -15,9 +15,9 @@
package host
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/sentry/fs"
ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
@@ -30,8 +30,8 @@ func readLink(fd int) (string, error) {
// Buffer sizing copied from os.Readlink.
for l := 128; ; l *= 2 {
b := make([]byte, l)
- n, _, errno := syscall.Syscall6(
- syscall.SYS_READLINKAT,
+ n, _, errno := unix.Syscall6(
+ unix.SYS_READLINKAT,
uintptr(fd),
uintptr(unsafe.Pointer(&NulByte)), // ""
uintptr(unsafe.Pointer(&b[0])),
@@ -46,25 +46,25 @@ func readLink(fd int) (string, error) {
}
}
-func timespecFromTimestamp(t ktime.Time, omit, setSysTime bool) syscall.Timespec {
+func timespecFromTimestamp(t ktime.Time, omit, setSysTime bool) unix.Timespec {
if omit {
- return syscall.Timespec{0, linux.UTIME_OMIT}
+ return unix.Timespec{0, linux.UTIME_OMIT}
}
if setSysTime {
- return syscall.Timespec{0, linux.UTIME_NOW}
+ return unix.Timespec{0, linux.UTIME_NOW}
}
- return syscall.NsecToTimespec(t.Nanoseconds())
+ return unix.NsecToTimespec(t.Nanoseconds())
}
func setTimestamps(fd int, ts fs.TimeSpec) error {
if ts.ATimeOmit && ts.MTimeOmit {
return nil
}
- var sts [2]syscall.Timespec
+ var sts [2]unix.Timespec
sts[0] = timespecFromTimestamp(ts.ATime, ts.ATimeOmit, ts.ATimeSetSystemTime)
sts[1] = timespecFromTimestamp(ts.MTime, ts.MTimeOmit, ts.MTimeSetSystemTime)
- _, _, errno := syscall.Syscall6(
- syscall.SYS_UTIMENSAT,
+ _, _, errno := unix.Syscall6(
+ unix.SYS_UTIMENSAT,
uintptr(fd),
0, /* path */
uintptr(unsafe.Pointer(&sts)),
diff --git a/pkg/sentry/fs/host/wait_test.go b/pkg/sentry/fs/host/wait_test.go
index c143f4ce2..5925c85ea 100644
--- a/pkg/sentry/fs/host/wait_test.go
+++ b/pkg/sentry/fs/host/wait_test.go
@@ -15,27 +15,27 @@
package host
import (
- "syscall"
"testing"
"time"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/sentry/contexttest"
"gvisor.dev/gvisor/pkg/waiter"
)
func TestWait(t *testing.T) {
var fds [2]int
- err := syscall.Pipe(fds[:])
+ err := unix.Pipe(fds[:])
if err != nil {
t.Fatalf("Unable to create pipe: %v", err)
}
- defer syscall.Close(fds[1])
+ defer unix.Close(fds[1])
ctx := contexttest.Context(t)
file, err := NewFile(ctx, fds[0])
if err != nil {
- syscall.Close(fds[0])
+ unix.Close(fds[0])
t.Fatalf("NewFile failed: %v", err)
}
@@ -56,7 +56,7 @@ func TestWait(t *testing.T) {
}
// Write to the pipe, so it should be writable now.
- syscall.Write(fds[1], []byte{1})
+ unix.Write(fds[1], []byte{1})
// Check that we get a notification. We need to yield the current thread
// so that the fdnotifier can deliver notifications, so we use a