summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/fsimpl
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry/fsimpl')
-rw-r--r--pkg/sentry/fsimpl/eventfd/BUILD1
-rw-r--r--pkg/sentry/fsimpl/eventfd/eventfd.go22
-rw-r--r--pkg/sentry/fsimpl/fuse/BUILD1
-rw-r--r--pkg/sentry/fsimpl/fuse/connection_control.go4
-rw-r--r--pkg/sentry/fsimpl/fuse/connection_test.go4
-rw-r--r--pkg/sentry/fsimpl/fuse/dev.go7
-rw-r--r--pkg/sentry/fsimpl/fuse/request_response.go4
-rw-r--r--pkg/sentry/fsimpl/gofer/gofer.go18
-rw-r--r--pkg/sentry/fsimpl/gofer/handle.go5
-rw-r--r--pkg/sentry/fsimpl/gofer/socket.go5
-rw-r--r--pkg/sentry/fsimpl/gofer/special_file.go4
-rw-r--r--pkg/sentry/fsimpl/host/control.go7
-rw-r--r--pkg/sentry/fsimpl/host/host.go47
-rw-r--r--pkg/sentry/fsimpl/host/ioctl_unsafe.go10
-rw-r--r--pkg/sentry/fsimpl/host/save_restore.go8
-rw-r--r--pkg/sentry/fsimpl/host/socket.go18
-rw-r--r--pkg/sentry/fsimpl/host/socket_iovec.go11
-rw-r--r--pkg/sentry/fsimpl/host/socket_unsafe.go17
-rw-r--r--pkg/sentry/fsimpl/host/util.go8
-rw-r--r--pkg/sentry/fsimpl/host/util_unsafe.go9
20 files changed, 103 insertions, 107 deletions
diff --git a/pkg/sentry/fsimpl/eventfd/BUILD b/pkg/sentry/fsimpl/eventfd/BUILD
index ea167d38c..bcb01bb08 100644
--- a/pkg/sentry/fsimpl/eventfd/BUILD
+++ b/pkg/sentry/fsimpl/eventfd/BUILD
@@ -15,6 +15,7 @@ go_library(
"//pkg/syserror",
"//pkg/usermem",
"//pkg/waiter",
+ "@org_golang_x_sys//unix:go_default_library",
],
)
diff --git a/pkg/sentry/fsimpl/eventfd/eventfd.go b/pkg/sentry/fsimpl/eventfd/eventfd.go
index 5b29f2358..7f810f720 100644
--- a/pkg/sentry/fsimpl/eventfd/eventfd.go
+++ b/pkg/sentry/fsimpl/eventfd/eventfd.go
@@ -18,8 +18,8 @@ package eventfd
import (
"math"
"sync"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -92,13 +92,13 @@ func (efd *EventFileDescription) HostFD() (int, error) {
flags |= linux.EFD_SEMAPHORE
}
- fd, _, errno := syscall.Syscall(syscall.SYS_EVENTFD2, uintptr(efd.val), uintptr(flags), 0)
+ fd, _, errno := unix.Syscall(unix.SYS_EVENTFD2, uintptr(efd.val), uintptr(flags), 0)
if errno != 0 {
return -1, errno
}
if err := fdnotifier.AddFD(int32(fd), &efd.queue); err != nil {
- if closeErr := syscall.Close(int(fd)); closeErr != nil {
+ if closeErr := unix.Close(int(fd)); closeErr != nil {
log.Warningf("close(%d) eventfd failed: %v", fd, closeErr)
}
return -1, err
@@ -114,7 +114,7 @@ func (efd *EventFileDescription) Release(context.Context) {
defer efd.mu.Unlock()
if efd.hostfd >= 0 {
fdnotifier.RemoveFD(int32(efd.hostfd))
- if closeErr := syscall.Close(int(efd.hostfd)); closeErr != nil {
+ if closeErr := unix.Close(int(efd.hostfd)); closeErr != nil {
log.Warningf("close(%d) eventfd failed: %v", efd.hostfd, closeErr)
}
efd.hostfd = -1
@@ -124,7 +124,7 @@ func (efd *EventFileDescription) Release(context.Context) {
// Read implements vfs.FileDescriptionImpl.Read.
func (efd *EventFileDescription) Read(ctx context.Context, dst usermem.IOSequence, _ vfs.ReadOptions) (int64, error) {
if dst.NumBytes() < 8 {
- return 0, syscall.EINVAL
+ return 0, unix.EINVAL
}
if err := efd.read(ctx, dst); err != nil {
return 0, err
@@ -135,7 +135,7 @@ func (efd *EventFileDescription) Read(ctx context.Context, dst usermem.IOSequenc
// Write implements vfs.FileDescriptionImpl.Write.
func (efd *EventFileDescription) Write(ctx context.Context, src usermem.IOSequence, _ vfs.WriteOptions) (int64, error) {
if src.NumBytes() < 8 {
- return 0, syscall.EINVAL
+ return 0, unix.EINVAL
}
if err := efd.write(ctx, src); err != nil {
return 0, err
@@ -146,8 +146,8 @@ func (efd *EventFileDescription) Write(ctx context.Context, src usermem.IOSequen
// Preconditions: Must be called with efd.mu locked.
func (efd *EventFileDescription) hostReadLocked(ctx context.Context, dst usermem.IOSequence) error {
var buf [8]byte
- if _, err := syscall.Read(efd.hostfd, buf[:]); err != nil {
- if err == syscall.EWOULDBLOCK {
+ if _, err := unix.Read(efd.hostfd, buf[:]); err != nil {
+ if err == unix.EWOULDBLOCK {
return syserror.ErrWouldBlock
}
return err
@@ -197,8 +197,8 @@ func (efd *EventFileDescription) read(ctx context.Context, dst usermem.IOSequenc
func (efd *EventFileDescription) hostWriteLocked(val uint64) error {
var buf [8]byte
usermem.ByteOrder.PutUint64(buf[:], val)
- _, err := syscall.Write(efd.hostfd, buf[:])
- if err == syscall.EWOULDBLOCK {
+ _, err := unix.Write(efd.hostfd, buf[:])
+ if err == unix.EWOULDBLOCK {
return syserror.ErrWouldBlock
}
return err
@@ -217,7 +217,7 @@ func (efd *EventFileDescription) write(ctx context.Context, src usermem.IOSequen
// Signal is an internal function to signal the event fd.
func (efd *EventFileDescription) Signal(val uint64) error {
if val == math.MaxUint64 {
- return syscall.EINVAL
+ return unix.EINVAL
}
efd.mu.Lock()
diff --git a/pkg/sentry/fsimpl/fuse/BUILD b/pkg/sentry/fsimpl/fuse/BUILD
index 2158b1bbc..155c0f56d 100644
--- a/pkg/sentry/fsimpl/fuse/BUILD
+++ b/pkg/sentry/fsimpl/fuse/BUILD
@@ -83,5 +83,6 @@ go_test(
"//pkg/syserror",
"//pkg/usermem",
"//pkg/waiter",
+ "@org_golang_x_sys//unix:go_default_library",
],
)
diff --git a/pkg/sentry/fsimpl/fuse/connection_control.go b/pkg/sentry/fsimpl/fuse/connection_control.go
index 4ab894965..948502db6 100644
--- a/pkg/sentry/fsimpl/fuse/connection_control.go
+++ b/pkg/sentry/fsimpl/fuse/connection_control.go
@@ -16,8 +16,8 @@ package fuse
import (
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
@@ -230,7 +230,7 @@ func (conn *connection) Abort(ctx context.Context) {
// sendError() will remove them from `fd.completion` map.
// Will enter the path of a normally received error.
for _, toTerminate := range terminate {
- conn.fd.sendError(ctx, -int32(syscall.ECONNABORTED), toTerminate)
+ conn.fd.sendError(ctx, -int32(unix.ECONNABORTED), toTerminate)
}
// 3. The requests not yet written to FUSE device.
diff --git a/pkg/sentry/fsimpl/fuse/connection_test.go b/pkg/sentry/fsimpl/fuse/connection_test.go
index d8b0d7657..78ea6a31e 100644
--- a/pkg/sentry/fsimpl/fuse/connection_test.go
+++ b/pkg/sentry/fsimpl/fuse/connection_test.go
@@ -16,9 +16,9 @@ package fuse
import (
"math/rand"
- "syscall"
"testing"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/sentry/kernel"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
"gvisor.dev/gvisor/pkg/syserror"
@@ -96,7 +96,7 @@ func TestConnectionAbort(t *testing.T) {
// Abort will return ECONNABORTED error to unblocked requests.
for _, fut := range futNormal {
- if fut.getResponse().hdr.Error != -int32(syscall.ECONNABORTED) {
+ if fut.getResponse().hdr.Error != -int32(unix.ECONNABORTED) {
t.Fatalf("Incorrect error code received for aborted connection: %v", fut.getResponse().hdr.Error)
}
}
diff --git a/pkg/sentry/fsimpl/fuse/dev.go b/pkg/sentry/fsimpl/fuse/dev.go
index 1bbe6fdb7..1eeb95216 100644
--- a/pkg/sentry/fsimpl/fuse/dev.go
+++ b/pkg/sentry/fsimpl/fuse/dev.go
@@ -15,8 +15,7 @@
package fuse
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/kernel"
@@ -176,9 +175,9 @@ func (fd *DeviceFD) readLocked(ctx context.Context, dst usermem.IOSequence, opts
// The request is too large. Cannot process it. All requests must be smaller than the
// negotiated size as specified by Connection.MaxWrite set as part of the FUSE_INIT
// handshake.
- errno := -int32(syscall.EIO)
+ errno := -int32(unix.EIO)
if req.hdr.Opcode == linux.FUSE_SETXATTR {
- errno = -int32(syscall.E2BIG)
+ errno = -int32(unix.E2BIG)
}
// Return the error to the calling task.
diff --git a/pkg/sentry/fsimpl/fuse/request_response.go b/pkg/sentry/fsimpl/fuse/request_response.go
index 41d679358..10fb9d7d2 100644
--- a/pkg/sentry/fsimpl/fuse/request_response.go
+++ b/pkg/sentry/fsimpl/fuse/request_response.go
@@ -16,8 +16,8 @@ package fuse
import (
"fmt"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/marshal"
"gvisor.dev/gvisor/pkg/sentry/kernel"
@@ -199,7 +199,7 @@ func (r *Response) Error() error {
return nil
}
- sysErrNo := syscall.Errno(-errno)
+ sysErrNo := unix.Errno(-errno)
return error(sysErrNo)
}
diff --git a/pkg/sentry/fsimpl/gofer/gofer.go b/pkg/sentry/fsimpl/gofer/gofer.go
index 094d993a8..1508cbdf1 100644
--- a/pkg/sentry/fsimpl/gofer/gofer.go
+++ b/pkg/sentry/fsimpl/gofer/gofer.go
@@ -40,8 +40,8 @@ import (
"strconv"
"strings"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/log"
@@ -550,10 +550,10 @@ func (fs *filesystem) Release(ctx context.Context) {
d.dataMu.Unlock()
// Close host FDs if they exist.
if d.readFD >= 0 {
- syscall.Close(int(d.readFD))
+ unix.Close(int(d.readFD))
}
if d.writeFD >= 0 && d.readFD != d.writeFD {
- syscall.Close(int(d.writeFD))
+ unix.Close(int(d.writeFD))
}
d.readFD = -1
d.writeFD = -1
@@ -1505,10 +1505,10 @@ func (d *dentry) destroyLocked(ctx context.Context) {
d.readFile = p9file{}
d.writeFile = p9file{}
if d.readFD >= 0 {
- syscall.Close(int(d.readFD))
+ unix.Close(int(d.readFD))
}
if d.writeFD >= 0 && d.readFD != d.writeFD {
- syscall.Close(int(d.writeFD))
+ unix.Close(int(d.writeFD))
}
d.readFD = -1
d.writeFD = -1
@@ -1686,7 +1686,7 @@ func (d *dentry) ensureSharedHandle(ctx context.Context, read, write, trunc bool
// may use the old or new file description, but this
// doesn't matter since they refer to the same file, and
// any racing mappings must be read-only.
- if err := syscall.Dup3(int(h.fd), int(d.readFD), syscall.O_CLOEXEC); err != nil {
+ if err := unix.Dup3(int(h.fd), int(d.readFD), unix.O_CLOEXEC); err != nil {
oldFD := d.readFD
d.handleMu.Unlock()
ctx.Warningf("gofer.dentry.ensureSharedHandle: failed to dup fd %d to fd %d: %v", h.fd, oldFD, err)
@@ -1772,7 +1772,7 @@ func (d *dentry) ensureSharedHandle(ctx context.Context, read, write, trunc bool
d.mapsMu.Unlock()
}
for _, fd := range fdsToClose {
- syscall.Close(int(fd))
+ unix.Close(int(fd))
}
return nil
@@ -1808,7 +1808,7 @@ func (d *dentry) syncRemoteFileLocked(ctx context.Context) error {
// handles otherwise.
if d.writeFD >= 0 {
ctx.UninterruptibleSleepStart(false)
- err := syscall.Fsync(int(d.writeFD))
+ err := unix.Fsync(int(d.writeFD))
ctx.UninterruptibleSleepFinish(false)
return err
}
@@ -1817,7 +1817,7 @@ func (d *dentry) syncRemoteFileLocked(ctx context.Context) error {
}
if d.readFD >= 0 {
ctx.UninterruptibleSleepStart(false)
- err := syscall.Fsync(int(d.readFD))
+ err := unix.Fsync(int(d.readFD))
ctx.UninterruptibleSleepFinish(false)
return err
}
diff --git a/pkg/sentry/fsimpl/gofer/handle.go b/pkg/sentry/fsimpl/gofer/handle.go
index a9ebe1206..0bc201d1c 100644
--- a/pkg/sentry/fsimpl/gofer/handle.go
+++ b/pkg/sentry/fsimpl/gofer/handle.go
@@ -15,8 +15,7 @@
package gofer
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/p9"
"gvisor.dev/gvisor/pkg/safemem"
@@ -73,7 +72,7 @@ func (h *handle) close(ctx context.Context) {
h.file.close(ctx)
h.file = p9file{}
if h.fd >= 0 {
- syscall.Close(int(h.fd))
+ unix.Close(int(h.fd))
h.fd = -1
}
}
diff --git a/pkg/sentry/fsimpl/gofer/socket.go b/pkg/sentry/fsimpl/gofer/socket.go
index a21199eac..fe15f8583 100644
--- a/pkg/sentry/fsimpl/gofer/socket.go
+++ b/pkg/sentry/fsimpl/gofer/socket.go
@@ -15,8 +15,7 @@
package gofer
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/log"
@@ -118,7 +117,7 @@ func (e *endpoint) newConnectedEndpoint(ctx context.Context, flags p9.ConnectFla
return nil, syserr.ErrConnectionRefused
}
// Dup the fd so that the new endpoint can manage its lifetime.
- hostFD, err := syscall.Dup(hostFile.FD())
+ hostFD, err := unix.Dup(hostFile.FD())
if err != nil {
log.Warningf("Could not dup host socket fd %d: %v", hostFile.FD(), err)
return nil, syserr.FromError(err)
diff --git a/pkg/sentry/fsimpl/gofer/special_file.go b/pkg/sentry/fsimpl/gofer/special_file.go
index ae972fcb5..ac3b5b621 100644
--- a/pkg/sentry/fsimpl/gofer/special_file.go
+++ b/pkg/sentry/fsimpl/gofer/special_file.go
@@ -16,8 +16,8 @@ package gofer
import (
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -376,7 +376,7 @@ func (fd *specialFileFD) sync(ctx context.Context, forFilesystemSync bool) error
// RPC.
if fd.handle.fd >= 0 {
ctx.UninterruptibleSleepStart(false)
- err := syscall.Fsync(int(fd.handle.fd))
+ err := unix.Fsync(int(fd.handle.fd))
ctx.UninterruptibleSleepFinish(false)
return err
}
diff --git a/pkg/sentry/fsimpl/host/control.go b/pkg/sentry/fsimpl/host/control.go
index 13ef48cb5..1680d456e 100644
--- a/pkg/sentry/fsimpl/host/control.go
+++ b/pkg/sentry/fsimpl/host/control.go
@@ -15,8 +15,7 @@
package host
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/sentry/kernel"
@@ -60,7 +59,7 @@ func (c *scmRights) Clone() transport.RightsControlMessage {
// Release implements transport.RightsControlMessage.Release.
func (c *scmRights) Release(ctx context.Context) {
for _, fd := range c.fds {
- syscall.Close(fd)
+ unix.Close(fd)
}
c.fds = nil
}
@@ -72,7 +71,7 @@ func fdsToFiles(ctx context.Context, fds []int) []*vfs.FileDescription {
for _, fd := range fds {
// Get flags. We do it here because they may be modified
// by subsequent functions.
- fileFlags, _, errno := syscall.Syscall(syscall.SYS_FCNTL, uintptr(fd), syscall.F_GETFL, 0)
+ fileFlags, _, errno := unix.Syscall(unix.SYS_FCNTL, uintptr(fd), unix.F_GETFL, 0)
if errno != 0 {
ctx.Warningf("Error retrieving host FD flags: %v", error(errno))
break
diff --git a/pkg/sentry/fsimpl/host/host.go b/pkg/sentry/fsimpl/host/host.go
index 05f11fbd5..ad5de80dc 100644
--- a/pkg/sentry/fsimpl/host/host.go
+++ b/pkg/sentry/fsimpl/host/host.go
@@ -20,7 +20,6 @@ import (
"fmt"
"math"
"sync/atomic"
- "syscall"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
@@ -112,7 +111,7 @@ func newInode(ctx context.Context, fs *filesystem, hostFD int, savable bool, fil
seekable := err != syserror.ESPIPE
// We expect regular files to be seekable, as this is required for them to
// be memory-mappable.
- if !seekable && fileType == syscall.S_IFREG {
+ if !seekable && fileType == unix.S_IFREG {
ctx.Infof("host.newInode: host FD %d is a non-seekable regular file", hostFD)
return nil, syserror.ESPIPE
}
@@ -121,7 +120,7 @@ func newInode(ctx context.Context, fs *filesystem, hostFD int, savable bool, fil
hostFD: hostFD,
ino: fs.NextIno(),
ftype: uint16(fileType),
- mayBlock: fileType != syscall.S_IFREG && fileType != syscall.S_IFDIR,
+ mayBlock: fileType != unix.S_IFREG && fileType != unix.S_IFDIR,
seekable: seekable,
isTTY: isTTY,
savable: savable,
@@ -132,7 +131,7 @@ func newInode(ctx context.Context, fs *filesystem, hostFD int, savable bool, fil
// If the hostFD can return EWOULDBLOCK when set to non-blocking, do so and
// handle blocking behavior in the sentry.
if i.mayBlock {
- if err := syscall.SetNonblock(i.hostFD, true); err != nil {
+ if err := unix.SetNonblock(i.hostFD, true); err != nil {
return nil, err
}
if err := fdnotifier.AddFD(int32(i.hostFD), &i.queue); err != nil {
@@ -175,7 +174,7 @@ func NewFD(ctx context.Context, mnt *vfs.Mount, hostFD int, opts *NewFDOptions)
flags := opts.Flags
if !opts.HaveFlags {
// Get flags for the imported FD.
- flagsInt, err := unix.FcntlInt(uintptr(hostFD), syscall.F_GETFL, 0)
+ flagsInt, err := unix.FcntlInt(uintptr(hostFD), unix.F_GETFL, 0)
if err != nil {
return nil, err
}
@@ -263,8 +262,8 @@ func (fs *filesystem) PrependPath(ctx context.Context, vfsroot, vd vfs.VirtualDe
// CheckPermissions implements kernfs.Inode.CheckPermissions.
func (i *inode) CheckPermissions(ctx context.Context, creds *auth.Credentials, ats vfs.AccessTypes) error {
- var s syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &s); err != nil {
return err
}
return vfs.GenericCheckPermissions(creds, ats, linux.FileMode(s.Mode), auth.KUID(s.Uid), auth.KGID(s.Gid))
@@ -272,8 +271,8 @@ func (i *inode) CheckPermissions(ctx context.Context, creds *auth.Credentials, a
// Mode implements kernfs.Inode.Mode.
func (i *inode) Mode() linux.FileMode {
- var s syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &s); err != nil {
// Retrieving the mode from the host fd using fstat(2) should not fail.
// If the syscall does not succeed, something is fundamentally wrong.
panic(fmt.Sprintf("failed to retrieve mode from host fd %d: %v", i.hostFD, err))
@@ -405,8 +404,8 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre
if m&^(linux.STATX_MODE|linux.STATX_SIZE|linux.STATX_ATIME|linux.STATX_MTIME) != 0 {
return syserror.EPERM
}
- var hostStat syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &hostStat); err != nil {
+ var hostStat unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &hostStat); err != nil {
return err
}
if err := vfs.CheckSetStat(ctx, creds, &opts, linux.FileMode(hostStat.Mode), auth.KUID(hostStat.Uid), auth.KGID(hostStat.Gid)); err != nil {
@@ -414,7 +413,7 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre
}
if m&linux.STATX_MODE != 0 {
- if err := syscall.Fchmod(i.hostFD, uint32(s.Mode)); err != nil {
+ if err := unix.Fchmod(i.hostFD, uint32(s.Mode)); err != nil {
return err
}
}
@@ -422,7 +421,7 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre
if hostStat.Mode&linux.S_IFMT != linux.S_IFREG {
return syserror.EINVAL
}
- if err := syscall.Ftruncate(i.hostFD, int64(s.Size)); err != nil {
+ if err := unix.Ftruncate(i.hostFD, int64(s.Size)); err != nil {
return err
}
oldSize := uint64(hostStat.Size)
@@ -435,7 +434,7 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre
}
}
if m&(linux.STATX_ATIME|linux.STATX_MTIME) != 0 {
- ts := [2]syscall.Timespec{
+ ts := [2]unix.Timespec{
toTimespec(s.Atime, m&linux.STATX_ATIME == 0),
toTimespec(s.Mtime, m&linux.STATX_MTIME == 0),
}
@@ -468,8 +467,8 @@ func (i *inode) Open(ctx context.Context, rp *vfs.ResolvingPath, d *kernfs.Dentr
}
func (i *inode) open(ctx context.Context, d *kernfs.Dentry, mnt *vfs.Mount, flags uint32) (*vfs.FileDescription, error) {
- var s syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &s); err != nil {
return nil, err
}
fileType := s.Mode & linux.FileTypeMask
@@ -477,10 +476,10 @@ func (i *inode) open(ctx context.Context, d *kernfs.Dentry, mnt *vfs.Mount, flag
// Constrain flags to a subset we can handle.
//
// TODO(gvisor.dev/issue/2601): Support O_NONBLOCK by adding RWF_NOWAIT to pread/pwrite calls.
- flags &= syscall.O_ACCMODE | syscall.O_NONBLOCK | syscall.O_DSYNC | syscall.O_SYNC | syscall.O_APPEND
+ flags &= unix.O_ACCMODE | unix.O_NONBLOCK | unix.O_DSYNC | unix.O_SYNC | unix.O_APPEND
switch fileType {
- case syscall.S_IFSOCK:
+ case unix.S_IFSOCK:
if i.isTTY {
log.Warningf("cannot use host socket fd %d as TTY", i.hostFD)
return nil, syserror.ENOTTY
@@ -493,7 +492,7 @@ func (i *inode) open(ctx context.Context, d *kernfs.Dentry, mnt *vfs.Mount, flag
// Currently, we only allow Unix sockets to be imported.
return unixsocket.NewFileDescription(ep, ep.Type(), flags, mnt, d.VFSDentry(), &i.locks)
- case syscall.S_IFREG, syscall.S_IFIFO, syscall.S_IFCHR:
+ case unix.S_IFREG, unix.S_IFIFO, unix.S_IFCHR:
if i.isTTY {
fd := &TTYFileDescription{
fileDescription: fileDescription{inode: i},
@@ -675,8 +674,8 @@ func (f *fileDescription) Write(ctx context.Context, src usermem.IOSequence, opt
// and writing to the host fd. This is an unavoidable race condition because
// we cannot enforce synchronization on the host.
if f.vfsfd.StatusFlags()&linux.O_APPEND != 0 {
- var s syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &s); err != nil {
f.offsetMu.Unlock()
return 0, err
}
@@ -737,8 +736,8 @@ func (f *fileDescription) Seek(_ context.Context, offset int64, whence int32) (i
f.offset += offset
case linux.SEEK_END:
- var s syscall.Stat_t
- if err := syscall.Fstat(i.hostFD, &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(i.hostFD, &s); err != nil {
return f.offset, err
}
size := s.Size
@@ -781,7 +780,7 @@ func (f *fileDescription) Sync(ctx context.Context) error {
func (f *fileDescription) ConfigureMMap(_ context.Context, opts *memmap.MMapOpts) error {
// NOTE(b/38213152): Technically, some obscure char devices can be memory
// mapped, but we only allow regular files.
- if f.inode.ftype != syscall.S_IFREG {
+ if f.inode.ftype != unix.S_IFREG {
return syserror.ENODEV
}
i := f.inode
diff --git a/pkg/sentry/fsimpl/host/ioctl_unsafe.go b/pkg/sentry/fsimpl/host/ioctl_unsafe.go
index 0983bf7d8..f666a5875 100644
--- a/pkg/sentry/fsimpl/host/ioctl_unsafe.go
+++ b/pkg/sentry/fsimpl/host/ioctl_unsafe.go
@@ -15,15 +15,15 @@
package host
import (
- "syscall"
"unsafe"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
)
func ioctlGetTermios(fd int) (*linux.Termios, error) {
var t linux.Termios
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TCGETS, uintptr(unsafe.Pointer(&t)))
if errno != 0 {
return nil, errno
}
@@ -31,7 +31,7 @@ func ioctlGetTermios(fd int) (*linux.Termios, error) {
}
func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error {
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(unsafe.Pointer(t)))
if errno != 0 {
return errno
}
@@ -40,7 +40,7 @@ func ioctlSetTermios(fd int, req uint64, t *linux.Termios) error {
func ioctlGetWinsize(fd int) (*linux.Winsize, error) {
var w linux.Winsize
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCGWINSZ, uintptr(unsafe.Pointer(&w)))
if errno != 0 {
return nil, errno
}
@@ -48,7 +48,7 @@ func ioctlGetWinsize(fd int) (*linux.Winsize, error) {
}
func ioctlSetWinsize(fd int, w *linux.Winsize) error {
- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), linux.TIOCSWINSZ, uintptr(unsafe.Pointer(w)))
if errno != 0 {
return errno
}
diff --git a/pkg/sentry/fsimpl/host/save_restore.go b/pkg/sentry/fsimpl/host/save_restore.go
index 8800652a9..5688bddc8 100644
--- a/pkg/sentry/fsimpl/host/save_restore.go
+++ b/pkg/sentry/fsimpl/host/save_restore.go
@@ -18,8 +18,8 @@ import (
"fmt"
"io"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/fdnotifier"
"gvisor.dev/gvisor/pkg/safemem"
"gvisor.dev/gvisor/pkg/sentry/hostfd"
@@ -31,7 +31,7 @@ func (i *inode) beforeSave() {
if !i.savable {
panic("host.inode is not savable")
}
- if i.ftype == syscall.S_IFIFO {
+ if i.ftype == unix.S_IFIFO {
// If this pipe FD is readable, drain it so that bytes in the pipe can
// be read after restore. (This is a legacy VFS1 feature.) We don't
// know if the pipe FD is readable, so just try reading and tolerate
@@ -45,7 +45,7 @@ func (i *inode) beforeSave() {
i.buf = append(i.buf, buf[:n]...)
}
if err != nil {
- if err == io.EOF || err == syscall.EAGAIN || err == syscall.EBADF {
+ if err == io.EOF || err == unix.EAGAIN || err == unix.EBADF {
break
}
panic(fmt.Errorf("host.inode.beforeSave: buffering from pipe failed: %v", err))
@@ -60,7 +60,7 @@ func (i *inode) beforeSave() {
// afterLoad is invoked by stateify.
func (i *inode) afterLoad() {
if i.mayBlock {
- if err := syscall.SetNonblock(i.hostFD, true); err != nil {
+ if err := unix.SetNonblock(i.hostFD, true); err != nil {
panic(fmt.Sprintf("host.inode.afterLoad: failed to set host FD %d non-blocking: %v", i.hostFD, err))
}
if err := fdnotifier.AddFD(int32(i.hostFD), &i.queue); err != nil {
diff --git a/pkg/sentry/fsimpl/host/socket.go b/pkg/sentry/fsimpl/host/socket.go
index 6763f5b0c..056f910aa 100644
--- a/pkg/sentry/fsimpl/host/socket.go
+++ b/pkg/sentry/fsimpl/host/socket.go
@@ -17,8 +17,8 @@ package host
import (
"fmt"
"sync/atomic"
- "syscall"
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/fdnotifier"
@@ -87,26 +87,26 @@ type ConnectedEndpoint struct {
func (c *ConnectedEndpoint) init() *syserr.Error {
c.InitRefs()
- family, err := syscall.GetsockoptInt(c.fd, syscall.SOL_SOCKET, syscall.SO_DOMAIN)
+ family, err := unix.GetsockoptInt(c.fd, unix.SOL_SOCKET, unix.SO_DOMAIN)
if err != nil {
return syserr.FromError(err)
}
- if family != syscall.AF_UNIX {
+ if family != unix.AF_UNIX {
// We only allow Unix sockets.
return syserr.ErrInvalidEndpointState
}
- stype, err := syscall.GetsockoptInt(c.fd, syscall.SOL_SOCKET, syscall.SO_TYPE)
+ stype, err := unix.GetsockoptInt(c.fd, unix.SOL_SOCKET, unix.SO_TYPE)
if err != nil {
return syserr.FromError(err)
}
- if err := syscall.SetNonblock(c.fd, true); err != nil {
+ if err := unix.SetNonblock(c.fd, true); err != nil {
return syserr.FromError(err)
}
- sndbuf, err := syscall.GetsockoptInt(c.fd, syscall.SOL_SOCKET, syscall.SO_SNDBUF)
+ sndbuf, err := unix.GetsockoptInt(c.fd, unix.SOL_SOCKET, unix.SO_SNDBUF)
if err != nil {
return syserr.FromError(err)
}
@@ -177,7 +177,7 @@ func (c *ConnectedEndpoint) CloseSend() {
c.mu.Lock()
defer c.mu.Unlock()
- if err := syscall.Shutdown(c.fd, syscall.SHUT_WR); err != nil {
+ if err := unix.Shutdown(c.fd, unix.SHUT_WR); err != nil {
// A well-formed UDS shutdown can't fail. See
// net/unix/af_unix.c:unix_shutdown.
panic(fmt.Sprintf("failed write shutdown on host socket %+v: %v", c, err))
@@ -270,7 +270,7 @@ func (c *ConnectedEndpoint) CloseRecv() {
c.mu.Lock()
defer c.mu.Unlock()
- if err := syscall.Shutdown(c.fd, syscall.SHUT_RD); err != nil {
+ if err := unix.Shutdown(c.fd, unix.SHUT_RD); err != nil {
// A well-formed UDS shutdown can't fail. See
// net/unix/af_unix.c:unix_shutdown.
panic(fmt.Sprintf("failed read shutdown on host socket %+v: %v", c, err))
@@ -358,7 +358,7 @@ func (e *SCMConnectedEndpoint) Release(ctx context.Context) {
e.DecRef(func() {
e.mu.Lock()
fdnotifier.RemoveFD(int32(e.fd))
- if err := syscall.Close(e.fd); err != nil {
+ if err := unix.Close(e.fd); err != nil {
log.Warningf("Failed to close host fd %d: %v", err)
}
e.destroyLocked()
diff --git a/pkg/sentry/fsimpl/host/socket_iovec.go b/pkg/sentry/fsimpl/host/socket_iovec.go
index fc0d5fd38..b123a63ee 100644
--- a/pkg/sentry/fsimpl/host/socket_iovec.go
+++ b/pkg/sentry/fsimpl/host/socket_iovec.go
@@ -15,8 +15,7 @@
package host
import (
- "syscall"
-
+ "golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/iovec"
"gvisor.dev/gvisor/pkg/syserror"
)
@@ -52,7 +51,7 @@ func copyFromMulti(dst []byte, src [][]byte) {
//
// If intermediate != nil, iovecs references intermediate rather than bufs and
// the caller must copy to/from bufs as necessary.
-func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []syscall.Iovec, intermediate []byte, err error) {
+func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovecs []unix.Iovec, intermediate []byte, err error) {
var iovsRequired int
for _, b := range bufs {
length += int64(len(b))
@@ -76,14 +75,14 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec
// Use a single intermediate buffer instead.
b := make([]byte, stopLen)
- return stopLen, []syscall.Iovec{{
+ return stopLen, []unix.Iovec{{
Base: &b[0],
Len: uint64(stopLen),
}}, b, err
}
var total int64
- iovecs = make([]syscall.Iovec, 0, iovsRequired)
+ iovecs = make([]unix.Iovec, 0, iovsRequired)
for i := range bufs {
l := len(bufs[i])
if l == 0 {
@@ -95,7 +94,7 @@ func buildIovec(bufs [][]byte, maxlen int64, truncate bool) (length int64, iovec
stop = stopLen - total
}
- iovecs = append(iovecs, syscall.Iovec{
+ iovecs = append(iovecs, unix.Iovec{
Base: &bufs[i][0],
Len: uint64(stop),
})
diff --git a/pkg/sentry/fsimpl/host/socket_unsafe.go b/pkg/sentry/fsimpl/host/socket_unsafe.go
index c0bf45f08..34f24e95c 100644
--- a/pkg/sentry/fsimpl/host/socket_unsafe.go
+++ b/pkg/sentry/fsimpl/host/socket_unsafe.go
@@ -15,8 +15,9 @@
package host
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
// fdReadVec receives from fd to bufs.
@@ -24,9 +25,9 @@ import (
// If the total length of bufs is > maxlen, fdReadVec will do a partial read
// and err will indicate why the message was truncated.
func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (readLen int64, msgLen int64, controlLen uint64, controlTrunc bool, err error) {
- flags := uintptr(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC)
+ flags := uintptr(unix.MSG_DONTWAIT | unix.MSG_TRUNC)
if peek {
- flags |= syscall.MSG_PEEK
+ flags |= unix.MSG_PEEK
}
// Always truncate the receive buffer. All socket types will truncate
@@ -37,7 +38,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
return 0, 0, 0, false, err
}
- var msg syscall.Msghdr
+ var msg unix.Msghdr
if len(control) != 0 {
msg.Control = &control[0]
msg.Controllen = uint64(len(control))
@@ -48,7 +49,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
msg.Iovlen = uint64(len(iovecs))
}
- rawN, _, e := syscall.RawSyscall(syscall.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags)
+ rawN, _, e := unix.RawSyscall(unix.SYS_RECVMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), flags)
if e != 0 {
// N.B. prioritize the syscall error over the buildIovec error.
return 0, 0, 0, false, e
@@ -60,7 +61,7 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
copyToMulti(bufs, intermediate)
}
- controlTrunc = msg.Flags&syscall.MSG_CTRUNC == syscall.MSG_CTRUNC
+ controlTrunc = msg.Flags&unix.MSG_CTRUNC == unix.MSG_CTRUNC
if n > length {
return length, n, msg.Controllen, controlTrunc, nil
@@ -85,13 +86,13 @@ func fdWriteVec(fd int, bufs [][]byte, maxlen int64, truncate bool) (int64, int6
copyFromMulti(intermediate, bufs)
}
- var msg syscall.Msghdr
+ var msg unix.Msghdr
if len(iovecs) > 0 {
msg.Iov = &iovecs[0]
msg.Iovlen = uint64(len(iovecs))
}
- n, _, e := syscall.RawSyscall(syscall.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), syscall.MSG_DONTWAIT|syscall.MSG_NOSIGNAL)
+ n, _, e := unix.RawSyscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), unix.MSG_DONTWAIT|unix.MSG_NOSIGNAL)
if e != 0 {
// N.B. prioritize the syscall error over the buildIovec error.
return 0, length, e
diff --git a/pkg/sentry/fsimpl/host/util.go b/pkg/sentry/fsimpl/host/util.go
index b2f43a119..63b465859 100644
--- a/pkg/sentry/fsimpl/host/util.go
+++ b/pkg/sentry/fsimpl/host/util.go
@@ -15,21 +15,19 @@
package host
import (
- "syscall"
-
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/syserror"
)
-func toTimespec(ts linux.StatxTimestamp, omit bool) syscall.Timespec {
+func toTimespec(ts linux.StatxTimestamp, omit bool) unix.Timespec {
if omit {
- return syscall.Timespec{
+ return unix.Timespec{
Sec: 0,
Nsec: unix.UTIME_OMIT,
}
}
- return syscall.Timespec{
+ return unix.Timespec{
Sec: ts.Sec,
Nsec: int64(ts.Nsec),
}
diff --git a/pkg/sentry/fsimpl/host/util_unsafe.go b/pkg/sentry/fsimpl/host/util_unsafe.go
index 5136ac844..b36eed2e2 100644
--- a/pkg/sentry/fsimpl/host/util_unsafe.go
+++ b/pkg/sentry/fsimpl/host/util_unsafe.go
@@ -15,13 +15,14 @@
package host
import (
- "syscall"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
-func setTimestamps(fd int, ts *[2]syscall.Timespec) error {
- _, _, errno := syscall.Syscall6(
- syscall.SYS_UTIMENSAT,
+func setTimestamps(fd int, ts *[2]unix.Timespec) error {
+ _, _, errno := unix.Syscall6(
+ unix.SYS_UTIMENSAT,
uintptr(fd),
0, /* path */
uintptr(unsafe.Pointer(ts)),
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 18:19:13 +0000