summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/kernel
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry/kernel')
-rw-r--r--pkg/sentry/kernel/BUILD2
-rw-r--r--pkg/sentry/kernel/kernel.go10
-rw-r--r--pkg/sentry/kernel/seccomp.go2
-rw-r--r--pkg/sentry/kernel/syscalls_state.go10
-rw-r--r--pkg/sentry/kernel/task.go16
-rw-r--r--pkg/sentry/kernel/task_acct.go4
-rw-r--r--pkg/sentry/kernel/task_clone.go14
-rw-r--r--pkg/sentry/kernel/task_exec.go21
-rw-r--r--pkg/sentry/kernel/task_exit.go2
-rw-r--r--pkg/sentry/kernel/task_futex.go2
-rw-r--r--pkg/sentry/kernel/task_image.go (renamed from pkg/sentry/kernel/task_context.go)66
-rw-r--r--pkg/sentry/kernel/task_log.go4
-rw-r--r--pkg/sentry/kernel/task_run.go2
-rw-r--r--pkg/sentry/kernel/task_start.go12
14 files changed, 84 insertions, 83 deletions
diff --git a/pkg/sentry/kernel/BUILD b/pkg/sentry/kernel/BUILD
index 90dd4a047..ff9f0b81c 100644
--- a/pkg/sentry/kernel/BUILD
+++ b/pkg/sentry/kernel/BUILD
@@ -179,11 +179,11 @@ go_library(
"task_acct.go",
"task_block.go",
"task_clone.go",
- "task_context.go",
"task_exec.go",
"task_exit.go",
"task_futex.go",
"task_identity.go",
+ "task_image.go",
"task_list.go",
"task_log.go",
"task_net.go",
diff --git a/pkg/sentry/kernel/kernel.go b/pkg/sentry/kernel/kernel.go
index 9b2be44d4..1ecf76b2b 100644
--- a/pkg/sentry/kernel/kernel.go
+++ b/pkg/sentry/kernel/kernel.go
@@ -632,7 +632,7 @@ func (k *Kernel) invalidateUnsavableMappings(ctx context.Context) error {
defer k.tasks.mu.RUnlock()
for t := range k.tasks.Root.tids {
// We can skip locking Task.mu here since the kernel is paused.
- if mm := t.tc.MemoryManager; mm != nil {
+ if mm := t.image.MemoryManager; mm != nil {
if _, ok := invalidated[mm]; !ok {
if err := mm.InvalidateUnsavable(ctx); err != nil {
return err
@@ -642,7 +642,7 @@ func (k *Kernel) invalidateUnsavableMappings(ctx context.Context) error {
}
// I really wish we just had a sync.Map of all MMs...
if r, ok := t.runState.(*runSyscallAfterExecStop); ok {
- if err := r.tc.MemoryManager.InvalidateUnsavable(ctx); err != nil {
+ if err := r.image.MemoryManager.InvalidateUnsavable(ctx); err != nil {
return err
}
}
@@ -1017,7 +1017,7 @@ func (k *Kernel) CreateProcess(args CreateProcessArgs) (*ThreadGroup, ThreadID,
Features: k.featureSet,
}
- tc, se := k.LoadTaskImage(ctx, loadArgs)
+ image, se := k.LoadTaskImage(ctx, loadArgs)
if se != nil {
return nil, 0, errors.New(se.String())
}
@@ -1030,7 +1030,7 @@ func (k *Kernel) CreateProcess(args CreateProcessArgs) (*ThreadGroup, ThreadID,
config := &TaskConfig{
Kernel: k,
ThreadGroup: tg,
- TaskContext: tc,
+ TaskImage: image,
FSContext: fsContext,
FDTable: args.FDTable,
Credentials: args.Credentials,
@@ -1046,7 +1046,7 @@ func (k *Kernel) CreateProcess(args CreateProcessArgs) (*ThreadGroup, ThreadID,
if err != nil {
return nil, 0, err
}
- t.traceExecEvent(tc) // Simulate exec for tracing.
+ t.traceExecEvent(image) // Simulate exec for tracing.
// Success.
cu.Release()
diff --git a/pkg/sentry/kernel/seccomp.go b/pkg/sentry/kernel/seccomp.go
index 387edfa91..60917e7d3 100644
--- a/pkg/sentry/kernel/seccomp.go
+++ b/pkg/sentry/kernel/seccomp.go
@@ -106,7 +106,7 @@ func (t *Task) checkSeccompSyscall(sysno int32, args arch.SyscallArguments, ip u
func (t *Task) evaluateSyscallFilters(sysno int32, args arch.SyscallArguments, ip usermem.Addr) uint32 {
data := linux.SeccompData{
Nr: sysno,
- Arch: t.tc.st.AuditNumber,
+ Arch: t.image.st.AuditNumber,
InstructionPointer: uint64(ip),
}
// data.args is []uint64 and args is []arch.SyscallArgument (uintptr), so
diff --git a/pkg/sentry/kernel/syscalls_state.go b/pkg/sentry/kernel/syscalls_state.go
index 90f890495..0b17a562e 100644
--- a/pkg/sentry/kernel/syscalls_state.go
+++ b/pkg/sentry/kernel/syscalls_state.go
@@ -30,18 +30,18 @@ type syscallTableInfo struct {
}
// saveSt saves the SyscallTable.
-func (tc *TaskContext) saveSt() syscallTableInfo {
+func (image *TaskImage) saveSt() syscallTableInfo {
return syscallTableInfo{
- OS: tc.st.OS,
- Arch: tc.st.Arch,
+ OS: image.st.OS,
+ Arch: image.st.Arch,
}
}
// loadSt loads the SyscallTable.
-func (tc *TaskContext) loadSt(sti syscallTableInfo) {
+func (image *TaskImage) loadSt(sti syscallTableInfo) {
st, ok := LookupSyscallTable(sti.OS, sti.Arch)
if !ok {
panic(fmt.Sprintf("syscall table not found for OS %v, Arch %v", sti.OS, sti.Arch))
}
- tc.st = st // Save the table reference.
+ image.st = st // Save the table reference.
}
diff --git a/pkg/sentry/kernel/task.go b/pkg/sentry/kernel/task.go
index 037971393..e830cf948 100644
--- a/pkg/sentry/kernel/task.go
+++ b/pkg/sentry/kernel/task.go
@@ -83,7 +83,7 @@ type Task struct {
// taskWork is exclusive to the task goroutine.
taskWork []TaskWorker
- // haveSyscallReturn is true if tc.Arch().Return() represents a value
+ // haveSyscallReturn is true if image.Arch().Return() represents a value
// returned by a syscall (or set by ptrace after a syscall).
//
// haveSyscallReturn is exclusive to the task goroutine.
@@ -257,10 +257,10 @@ type Task struct {
// mu protects some of the following fields.
mu sync.Mutex `state:"nosave"`
- // tc holds task data provided by the ELF loader.
+ // image holds task data provided by the ELF loader.
//
- // tc is protected by mu, and is owned by the task goroutine.
- tc TaskContext
+ // image is protected by mu, and is owned by the task goroutine.
+ image TaskImage
// fsContext is the task's filesystem context.
//
@@ -274,7 +274,7 @@ type Task struct {
// If vforkParent is not nil, it is the task that created this task with
// vfork() or clone(CLONE_VFORK), and should have its vforkStop ended when
- // this TaskContext is released.
+ // this TaskImage is released.
//
// vforkParent is protected by the TaskSet mutex.
vforkParent *Task
@@ -751,12 +751,12 @@ func (t *Task) IsChrooted() bool {
return root != realRoot
}
-// TaskContext returns t's TaskContext.
+// TaskImage returns t's TaskImage.
//
// Precondition: The caller must be running on the task goroutine, or t.mu must
// be locked.
-func (t *Task) TaskContext() *TaskContext {
- return &t.tc
+func (t *Task) TaskImage() *TaskImage {
+ return &t.image
}
// FSContext returns t's FSContext. FSContext does not take an additional
diff --git a/pkg/sentry/kernel/task_acct.go b/pkg/sentry/kernel/task_acct.go
index 5f3e60fe8..e574997f7 100644
--- a/pkg/sentry/kernel/task_acct.go
+++ b/pkg/sentry/kernel/task_acct.go
@@ -136,14 +136,14 @@ func (tg *ThreadGroup) IOUsage() *usage.IO {
func (t *Task) Name() string {
t.mu.Lock()
defer t.mu.Unlock()
- return t.tc.Name
+ return t.image.Name
}
// SetName changes t's name.
func (t *Task) SetName(name string) {
t.mu.Lock()
defer t.mu.Unlock()
- t.tc.Name = name
+ t.image.Name = name
t.Debugf("Set thread name to %q", name)
}
diff --git a/pkg/sentry/kernel/task_clone.go b/pkg/sentry/kernel/task_clone.go
index 527344162..f305e69c0 100644
--- a/pkg/sentry/kernel/task_clone.go
+++ b/pkg/sentry/kernel/task_clone.go
@@ -115,7 +115,7 @@ type CloneOptions struct {
ParentTID usermem.Addr
// If Vfork is true, place the parent in vforkStop until the cloned task
- // releases its TaskContext.
+ // releases its TaskImage.
Vfork bool
// If Untraced is true, do not report PTRACE_EVENT_CLONE/FORK/VFORK for
@@ -226,20 +226,20 @@ func (t *Task) Clone(opts *CloneOptions) (ThreadID, *SyscallControl, error) {
})
}
- tc, err := t.tc.Fork(t, t.k, !opts.NewAddressSpace)
+ image, err := t.image.Fork(t, t.k, !opts.NewAddressSpace)
if err != nil {
return 0, nil, err
}
cu.Add(func() {
- tc.release()
+ image.release()
})
// clone() returns 0 in the child.
- tc.Arch.SetReturn(0)
+ image.Arch.SetReturn(0)
if opts.Stack != 0 {
- tc.Arch.SetStack(uintptr(opts.Stack))
+ image.Arch.SetStack(uintptr(opts.Stack))
}
if opts.SetTLS {
- if !tc.Arch.SetTLS(uintptr(opts.TLS)) {
+ if !image.Arch.SetTLS(uintptr(opts.TLS)) {
return 0, nil, syserror.EPERM
}
}
@@ -288,7 +288,7 @@ func (t *Task) Clone(opts *CloneOptions) (ThreadID, *SyscallControl, error) {
Kernel: t.k,
ThreadGroup: tg,
SignalMask: t.SignalMask(),
- TaskContext: tc,
+ TaskImage: image,
FSContext: fsContext,
FDTable: fdTable,
Credentials: creds,
diff --git a/pkg/sentry/kernel/task_exec.go b/pkg/sentry/kernel/task_exec.go
index 412d471d3..d9897e802 100644
--- a/pkg/sentry/kernel/task_exec.go
+++ b/pkg/sentry/kernel/task_exec.go
@@ -83,11 +83,12 @@ type execStop struct{}
func (*execStop) Killable() bool { return true }
// Execve implements the execve(2) syscall by killing all other tasks in its
-// thread group and switching to newTC. Execve always takes ownership of newTC.
+// thread group and switching to newImage. Execve always takes ownership of
+// newImage.
//
// Preconditions: The caller must be running Task.doSyscallInvoke on the task
// goroutine.
-func (t *Task) Execve(newTC *TaskContext) (*SyscallControl, error) {
+func (t *Task) Execve(newImage *TaskImage) (*SyscallControl, error) {
t.tg.pidns.owner.mu.Lock()
defer t.tg.pidns.owner.mu.Unlock()
t.tg.signalHandlers.mu.Lock()
@@ -96,7 +97,7 @@ func (t *Task) Execve(newTC *TaskContext) (*SyscallControl, error) {
if t.tg.exiting || t.tg.execing != nil {
// We lost to a racing group-exit, kill, or exec from another thread
// and should just exit.
- newTC.release()
+ newImage.release()
return nil, syserror.EINTR
}
@@ -118,7 +119,7 @@ func (t *Task) Execve(newTC *TaskContext) (*SyscallControl, error) {
t.beginInternalStopLocked((*execStop)(nil))
}
- return &SyscallControl{next: &runSyscallAfterExecStop{newTC}, ignoreReturn: true}, nil
+ return &SyscallControl{next: &runSyscallAfterExecStop{newImage}, ignoreReturn: true}, nil
}
// The runSyscallAfterExecStop state continues execve(2) after all siblings of
@@ -126,16 +127,16 @@ func (t *Task) Execve(newTC *TaskContext) (*SyscallControl, error) {
//
// +stateify savable
type runSyscallAfterExecStop struct {
- tc *TaskContext
+ image *TaskImage
}
func (r *runSyscallAfterExecStop) execute(t *Task) taskRunState {
- t.traceExecEvent(r.tc)
+ t.traceExecEvent(r.image)
t.tg.pidns.owner.mu.Lock()
t.tg.execing = nil
if t.killed() {
t.tg.pidns.owner.mu.Unlock()
- r.tc.release()
+ r.image.release()
return (*runInterrupt)(nil)
}
// We are the thread group leader now. Save our old thread ID for
@@ -214,7 +215,7 @@ func (r *runSyscallAfterExecStop) execute(t *Task) taskRunState {
// executables (set-user/group-ID bits and file capabilities). This
// allows us to unconditionally enable user dumpability on the new mm.
// See fs/exec.c:setup_new_exec.
- r.tc.MemoryManager.SetDumpability(mm.UserDumpable)
+ r.image.MemoryManager.SetDumpability(mm.UserDumpable)
// Switch to the new process.
t.MemoryManager().Deactivate()
@@ -222,8 +223,8 @@ func (r *runSyscallAfterExecStop) execute(t *Task) taskRunState {
// Update credentials to reflect the execve. This should precede switching
// MMs to ensure that dumpability has been reset first, if needed.
t.updateCredsForExecLocked()
- t.tc.release()
- t.tc = *r.tc
+ t.image.release()
+ t.image = *r.image
t.mu.Unlock()
t.unstopVforkParent()
t.p.FullStateChanged()
diff --git a/pkg/sentry/kernel/task_exit.go b/pkg/sentry/kernel/task_exit.go
index ce7b9641d..c5137c282 100644
--- a/pkg/sentry/kernel/task_exit.go
+++ b/pkg/sentry/kernel/task_exit.go
@@ -266,7 +266,7 @@ func (*runExitMain) execute(t *Task) taskRunState {
t.updateRSSLocked()
t.tg.pidns.owner.mu.Unlock()
t.mu.Lock()
- t.tc.release()
+ t.image.release()
t.mu.Unlock()
// Releasing the MM unblocks a blocked CLONE_VFORK parent.
diff --git a/pkg/sentry/kernel/task_futex.go b/pkg/sentry/kernel/task_futex.go
index c80391475..195c7da9b 100644
--- a/pkg/sentry/kernel/task_futex.go
+++ b/pkg/sentry/kernel/task_futex.go
@@ -26,7 +26,7 @@ import (
// Preconditions: The caller must be running on the task goroutine, or t.mu
// must be locked.
func (t *Task) Futex() *futex.Manager {
- return t.tc.fu
+ return t.image.fu
}
// SwapUint32 implements futex.Target.SwapUint32.
diff --git a/pkg/sentry/kernel/task_context.go b/pkg/sentry/kernel/task_image.go
index d1136461a..ce5fbd299 100644
--- a/pkg/sentry/kernel/task_context.go
+++ b/pkg/sentry/kernel/task_image.go
@@ -32,10 +32,10 @@ var errNoSyscalls = syserr.New("no syscall table found", linux.ENOEXEC)
// Auxmap contains miscellaneous data for the task.
type Auxmap map[string]interface{}
-// TaskContext is the subset of a task's data that is provided by the loader.
+// TaskImage is the subset of a task's data that is provided by the loader.
//
// +stateify savable
-type TaskContext struct {
+type TaskImage struct {
// Name is the thread name set by the prctl(PR_SET_NAME) system call.
Name string
@@ -52,48 +52,48 @@ type TaskContext struct {
st *SyscallTable `state:".(syscallTableInfo)"`
}
-// release releases all resources held by the TaskContext. release is called by
-// the task when it execs into a new TaskContext or exits.
-func (tc *TaskContext) release() {
+// release releases all resources held by the TaskImage. release is called by
+// the task when it execs into a new TaskImage or exits.
+func (image *TaskImage) release() {
// Nil out pointers so that if the task is saved after release, it doesn't
// follow the pointers to possibly now-invalid objects.
- if tc.MemoryManager != nil {
- tc.MemoryManager.DecUsers(context.Background())
- tc.MemoryManager = nil
+ if image.MemoryManager != nil {
+ image.MemoryManager.DecUsers(context.Background())
+ image.MemoryManager = nil
}
- tc.fu = nil
+ image.fu = nil
}
-// Fork returns a duplicate of tc. The copied TaskContext always has an
+// Fork returns a duplicate of image. The copied TaskImage always has an
// independent arch.Context. If shareAddressSpace is true, the copied
-// TaskContext shares an address space with the original; otherwise, the copied
-// TaskContext has an independent address space that is initially a duplicate
+// TaskImage shares an address space with the original; otherwise, the copied
+// TaskImage has an independent address space that is initially a duplicate
// of the original's.
-func (tc *TaskContext) Fork(ctx context.Context, k *Kernel, shareAddressSpace bool) (*TaskContext, error) {
- newTC := &TaskContext{
- Name: tc.Name,
- Arch: tc.Arch.Fork(),
- st: tc.st,
+func (image *TaskImage) Fork(ctx context.Context, k *Kernel, shareAddressSpace bool) (*TaskImage, error) {
+ newImage := &TaskImage{
+ Name: image.Name,
+ Arch: image.Arch.Fork(),
+ st: image.st,
}
if shareAddressSpace {
- newTC.MemoryManager = tc.MemoryManager
- if newTC.MemoryManager != nil {
- if !newTC.MemoryManager.IncUsers() {
- // Shouldn't be possible since tc.MemoryManager should be a
+ newImage.MemoryManager = image.MemoryManager
+ if newImage.MemoryManager != nil {
+ if !newImage.MemoryManager.IncUsers() {
+ // Shouldn't be possible since image.MemoryManager should be a
// counted user.
- panic(fmt.Sprintf("TaskContext.Fork called with userless TaskContext.MemoryManager"))
+ panic(fmt.Sprintf("TaskImage.Fork called with userless TaskImage.MemoryManager"))
}
}
- newTC.fu = tc.fu
+ newImage.fu = image.fu
} else {
- newMM, err := tc.MemoryManager.Fork(ctx)
+ newMM, err := image.MemoryManager.Fork(ctx)
if err != nil {
return nil, err
}
- newTC.MemoryManager = newMM
- newTC.fu = k.futexes.Fork()
+ newImage.MemoryManager = newMM
+ newImage.fu = k.futexes.Fork()
}
- return newTC, nil
+ return newImage, nil
}
// Arch returns t's arch.Context.
@@ -101,7 +101,7 @@ func (tc *TaskContext) Fork(ctx context.Context, k *Kernel, shareAddressSpace bo
// Preconditions: The caller must be running on the task goroutine, or t.mu
// must be locked.
func (t *Task) Arch() arch.Context {
- return t.tc.Arch
+ return t.image.Arch
}
// MemoryManager returns t's MemoryManager. MemoryManager does not take an
@@ -110,7 +110,7 @@ func (t *Task) Arch() arch.Context {
// Preconditions: The caller must be running on the task goroutine, or t.mu
// must be locked.
func (t *Task) MemoryManager() *mm.MemoryManager {
- return t.tc.MemoryManager
+ return t.image.MemoryManager
}
// SyscallTable returns t's syscall table.
@@ -118,7 +118,7 @@ func (t *Task) MemoryManager() *mm.MemoryManager {
// Preconditions: The caller must be running on the task goroutine, or t.mu
// must be locked.
func (t *Task) SyscallTable() *SyscallTable {
- return t.tc.st
+ return t.image.st
}
// Stack returns the userspace stack.
@@ -133,10 +133,10 @@ func (t *Task) Stack() *arch.Stack {
}
}
-// LoadTaskImage loads a specified file into a new TaskContext.
+// LoadTaskImage loads a specified file into a new TaskImage.
//
// args.MemoryManager does not need to be set by the caller.
-func (k *Kernel) LoadTaskImage(ctx context.Context, args loader.LoadArgs) (*TaskContext, *syserr.Error) {
+func (k *Kernel) LoadTaskImage(ctx context.Context, args loader.LoadArgs) (*TaskImage, *syserr.Error) {
// If File is not nil, we should load that instead of resolving Filename.
if args.File != nil {
args.Filename = args.File.PathnameWithDeleted(ctx)
@@ -163,7 +163,7 @@ func (k *Kernel) LoadTaskImage(ctx context.Context, args loader.LoadArgs) (*Task
if !m.IncUsers() {
panic("Failed to increment users count on new MM")
}
- return &TaskContext{
+ return &TaskImage{
Name: name,
Arch: ac,
MemoryManager: m,
diff --git a/pkg/sentry/kernel/task_log.go b/pkg/sentry/kernel/task_log.go
index d23cea802..7591eaace 100644
--- a/pkg/sentry/kernel/task_log.go
+++ b/pkg/sentry/kernel/task_log.go
@@ -237,11 +237,11 @@ func (t *Task) traceExitEvent() {
}
// traceExecEvent is called when a task calls exec.
-func (t *Task) traceExecEvent(tc *TaskContext) {
+func (t *Task) traceExecEvent(image *TaskImage) {
if !trace.IsEnabled() {
return
}
- file := tc.MemoryManager.Executable()
+ file := image.MemoryManager.Executable()
if file == nil {
trace.Logf(t.traceContext, traceCategory, "exec: << unknown >>")
return
diff --git a/pkg/sentry/kernel/task_run.go b/pkg/sentry/kernel/task_run.go
index 8dc3fec90..0f8294dcd 100644
--- a/pkg/sentry/kernel/task_run.go
+++ b/pkg/sentry/kernel/task_run.go
@@ -317,7 +317,7 @@ func (app *runApp) execute(t *Task) taskRunState {
// region. We should be able to easily identify
// vsyscalls by having a <fault><syscall> pair.
if at.Execute {
- if sysno, ok := t.tc.st.LookupEmulate(addr); ok {
+ if sysno, ok := t.image.st.LookupEmulate(addr); ok {
return t.doVsyscall(addr, sysno)
}
}
diff --git a/pkg/sentry/kernel/task_start.go b/pkg/sentry/kernel/task_start.go
index 8e28230cc..36e1384f1 100644
--- a/pkg/sentry/kernel/task_start.go
+++ b/pkg/sentry/kernel/task_start.go
@@ -46,10 +46,10 @@ type TaskConfig struct {
// SignalMask is the new task's initial signal mask.
SignalMask linux.SignalSet
- // TaskContext is the TaskContext of the new task. Ownership of the
- // TaskContext is transferred to TaskSet.NewTask, whether or not it
+ // TaskImage is the TaskImage of the new task. Ownership of the
+ // TaskImage is transferred to TaskSet.NewTask, whether or not it
// succeeds.
- TaskContext *TaskContext
+ TaskImage *TaskImage
// FSContext is the FSContext of the new task. A reference must be held on
// FSContext, which is transferred to TaskSet.NewTask whether or not it
@@ -105,7 +105,7 @@ type TaskConfig struct {
func (ts *TaskSet) NewTask(ctx context.Context, cfg *TaskConfig) (*Task, error) {
t, err := ts.newTask(cfg)
if err != nil {
- cfg.TaskContext.release()
+ cfg.TaskImage.release()
cfg.FSContext.DecRef(ctx)
cfg.FDTable.DecRef(ctx)
cfg.IPCNamespace.DecRef(ctx)
@@ -121,7 +121,7 @@ func (ts *TaskSet) NewTask(ctx context.Context, cfg *TaskConfig) (*Task, error)
// of cfg if it succeeds.
func (ts *TaskSet) newTask(cfg *TaskConfig) (*Task, error) {
tg := cfg.ThreadGroup
- tc := cfg.TaskContext
+ image := cfg.TaskImage
t := &Task{
taskNode: taskNode{
tg: tg,
@@ -132,7 +132,7 @@ func (ts *TaskSet) newTask(cfg *TaskConfig) (*Task, error) {
interruptChan: make(chan struct{}, 1),
signalMask: cfg.SignalMask,
signalStack: arch.SignalStack{Flags: arch.SignalStackFlagDisable},
- tc: *tc,
+ image: *image,
fsContext: cfg.FSContext,
fdTable: cfg.FDTable,
p: cfg.Kernel.Platform.NewContext(),