summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/socket
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry/socket')
-rw-r--r--pkg/sentry/socket/netlink/netlink_state_autogen.go7
-rw-r--r--pkg/sentry/socket/netlink/socket.go12
-rw-r--r--pkg/sentry/socket/netstack/netstack.go18
-rw-r--r--pkg/sentry/socket/unix/transport/transport_state_autogen.go23
-rw-r--r--pkg/sentry/socket/unix/transport/unix.go26
-rw-r--r--pkg/sentry/socket/unix/unix.go3
-rw-r--r--pkg/sentry/socket/unix/unix_state_autogen.go3
7 files changed, 26 insertions, 66 deletions
diff --git a/pkg/sentry/socket/netlink/netlink_state_autogen.go b/pkg/sentry/socket/netlink/netlink_state_autogen.go
index 5c97816d0..307498c1c 100644
--- a/pkg/sentry/socket/netlink/netlink_state_autogen.go
+++ b/pkg/sentry/socket/netlink/netlink_state_autogen.go
@@ -44,7 +44,6 @@ func (s *socketOpsCommon) StateFields() []string {
"bound",
"portID",
"sendBufferSize",
- "passcred",
"filter",
}
}
@@ -62,8 +61,7 @@ func (s *socketOpsCommon) StateSave(stateSinkObject state.Sink) {
stateSinkObject.Save(6, &s.bound)
stateSinkObject.Save(7, &s.portID)
stateSinkObject.Save(8, &s.sendBufferSize)
- stateSinkObject.Save(9, &s.passcred)
- stateSinkObject.Save(10, &s.filter)
+ stateSinkObject.Save(9, &s.filter)
}
func (s *socketOpsCommon) afterLoad() {}
@@ -78,8 +76,7 @@ func (s *socketOpsCommon) StateLoad(stateSourceObject state.Source) {
stateSourceObject.Load(6, &s.bound)
stateSourceObject.Load(7, &s.portID)
stateSourceObject.Load(8, &s.sendBufferSize)
- stateSourceObject.Load(9, &s.passcred)
- stateSourceObject.Load(10, &s.filter)
+ stateSourceObject.Load(9, &s.filter)
}
func (k *kernelSCM) StateTypeName() string {
diff --git a/pkg/sentry/socket/netlink/socket.go b/pkg/sentry/socket/netlink/socket.go
index 3baad098b..057f4d294 100644
--- a/pkg/sentry/socket/netlink/socket.go
+++ b/pkg/sentry/socket/netlink/socket.go
@@ -120,9 +120,6 @@ type socketOpsCommon struct {
// fixed buffer but only consume this many bytes.
sendBufferSize uint32
- // passcred indicates if this socket wants SCM credentials.
- passcred bool
-
// filter indicates that this socket has a BPF filter "installed".
//
// TODO(gvisor.dev/issue/1119): We don't actually support filtering,
@@ -201,10 +198,7 @@ func (s *socketOpsCommon) EventUnregister(e *waiter.Entry) {
// Passcred implements transport.Credentialer.Passcred.
func (s *socketOpsCommon) Passcred() bool {
- s.mu.Lock()
- passcred := s.passcred
- s.mu.Unlock()
- return passcred
+ return s.ep.SocketOptions().GetPassCred()
}
// ConnectedPasscred implements transport.Credentialer.ConnectedPasscred.
@@ -419,9 +413,7 @@ func (s *socketOpsCommon) SetSockOpt(t *kernel.Task, level int, name int, opt []
}
passcred := usermem.ByteOrder.Uint32(opt)
- s.mu.Lock()
- s.passcred = passcred != 0
- s.mu.Unlock()
+ s.ep.SocketOptions().SetPassCred(passcred != 0)
return nil
case linux.SO_ATTACH_FILTER:
diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go
index 5afe77858..9c927efa0 100644
--- a/pkg/sentry/socket/netstack/netstack.go
+++ b/pkg/sentry/socket/netstack/netstack.go
@@ -260,10 +260,12 @@ type commonEndpoint interface {
// transport.Endpoint.GetSockOpt.
GetSockOptInt(opt tcpip.SockOptInt) (int, *tcpip.Error)
- // LastError implements tcpip.Endpoint.LastError.
+ // LastError implements tcpip.Endpoint.LastError and
+ // transport.Endpoint.LastError.
LastError() *tcpip.Error
- // SocketOptions implements tcpip.Endpoint.SocketOptions.
+ // SocketOptions implements tcpip.Endpoint.SocketOptions and
+ // transport.Endpoint.SocketOptions.
SocketOptions() *tcpip.SocketOptions
}
@@ -1068,13 +1070,8 @@ func getSockOptSocket(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, fam
return nil, syserr.ErrInvalidArgument
}
- v, err := ep.GetSockOptBool(tcpip.PasscredOption)
- if err != nil {
- return nil, syserr.TranslateNetstackError(err)
- }
-
- vP := primitive.Int32(boolToInt32(v))
- return &vP, nil
+ v := primitive.Int32(boolToInt32(ep.SocketOptions().GetPassCred()))
+ return &v, nil
case linux.SO_SNDBUF:
if outLen < sizeOfInt32 {
@@ -1923,7 +1920,8 @@ func setSockOptSocket(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, nam
}
v := usermem.ByteOrder.Uint32(optVal)
- return syserr.TranslateNetstackError(ep.SetSockOptBool(tcpip.PasscredOption, v != 0))
+ ep.SocketOptions().SetPassCred(v != 0)
+ return nil
case linux.SO_KEEPALIVE:
if len(optVal) < sizeOfInt32 {
diff --git a/pkg/sentry/socket/unix/transport/transport_state_autogen.go b/pkg/sentry/socket/unix/transport/transport_state_autogen.go
index e20168bb3..4235ff488 100644
--- a/pkg/sentry/socket/unix/transport/transport_state_autogen.go
+++ b/pkg/sentry/socket/unix/transport/transport_state_autogen.go
@@ -329,7 +329,6 @@ func (e *baseEndpoint) StateTypeName() string {
func (e *baseEndpoint) StateFields() []string {
return []string{
"Queue",
- "passcred",
"receiver",
"connected",
"path",
@@ -343,24 +342,22 @@ func (e *baseEndpoint) beforeSave() {}
func (e *baseEndpoint) StateSave(stateSinkObject state.Sink) {
e.beforeSave()
stateSinkObject.Save(0, &e.Queue)
- stateSinkObject.Save(1, &e.passcred)
- stateSinkObject.Save(2, &e.receiver)
- stateSinkObject.Save(3, &e.connected)
- stateSinkObject.Save(4, &e.path)
- stateSinkObject.Save(5, &e.linger)
- stateSinkObject.Save(6, &e.ops)
+ stateSinkObject.Save(1, &e.receiver)
+ stateSinkObject.Save(2, &e.connected)
+ stateSinkObject.Save(3, &e.path)
+ stateSinkObject.Save(4, &e.linger)
+ stateSinkObject.Save(5, &e.ops)
}
func (e *baseEndpoint) afterLoad() {}
func (e *baseEndpoint) StateLoad(stateSourceObject state.Source) {
stateSourceObject.Load(0, &e.Queue)
- stateSourceObject.Load(1, &e.passcred)
- stateSourceObject.Load(2, &e.receiver)
- stateSourceObject.Load(3, &e.connected)
- stateSourceObject.Load(4, &e.path)
- stateSourceObject.Load(5, &e.linger)
- stateSourceObject.Load(6, &e.ops)
+ stateSourceObject.Load(1, &e.receiver)
+ stateSourceObject.Load(2, &e.connected)
+ stateSourceObject.Load(3, &e.path)
+ stateSourceObject.Load(4, &e.linger)
+ stateSourceObject.Load(5, &e.ops)
}
func init() {
diff --git a/pkg/sentry/socket/unix/transport/unix.go b/pkg/sentry/socket/unix/transport/unix.go
index 18a50e9f8..0324dcd93 100644
--- a/pkg/sentry/socket/unix/transport/unix.go
+++ b/pkg/sentry/socket/unix/transport/unix.go
@@ -16,8 +16,6 @@
package transport
import (
- "sync/atomic"
-
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/log"
@@ -203,10 +201,11 @@ type Endpoint interface {
// procfs.
State() uint32
- // LastError implements tcpip.Endpoint.LastError.
+ // LastError clears and returns the last error reported by the endpoint.
LastError() *tcpip.Error
- // SocketOptions implements tcpip.Endpoint.SocketOptions.
+ // SocketOptions returns the structure which contains all the socket
+ // level options.
SocketOptions() *tcpip.SocketOptions
}
@@ -740,10 +739,6 @@ func (e *connectedEndpoint) CloseUnread() {
type baseEndpoint struct {
*waiter.Queue
- // passcred specifies whether SCM_CREDENTIALS socket control messages are
- // enabled on this endpoint. Must be accessed atomically.
- passcred int32
-
// Mutex protects the below fields.
sync.Mutex `state:"nosave"`
@@ -786,7 +781,7 @@ func (e *baseEndpoint) EventUnregister(we *waiter.Entry) {
// Passcred implements Credentialer.Passcred.
func (e *baseEndpoint) Passcred() bool {
- return atomic.LoadInt32(&e.passcred) != 0
+ return e.SocketOptions().GetPassCred()
}
// ConnectedPasscred implements Credentialer.ConnectedPasscred.
@@ -796,14 +791,6 @@ func (e *baseEndpoint) ConnectedPasscred() bool {
return e.connected != nil && e.connected.Passcred()
}
-func (e *baseEndpoint) setPasscred(pc bool) {
- if pc {
- atomic.StoreInt32(&e.passcred, 1)
- } else {
- atomic.StoreInt32(&e.passcred, 0)
- }
-}
-
// Connected implements ConnectingEndpoint.Connected.
func (e *baseEndpoint) Connected() bool {
return e.receiver != nil && e.connected != nil
@@ -870,8 +857,6 @@ func (e *baseEndpoint) SetSockOpt(opt tcpip.SettableSocketOption) *tcpip.Error {
func (e *baseEndpoint) SetSockOptBool(opt tcpip.SockOptBool, v bool) *tcpip.Error {
switch opt {
- case tcpip.PasscredOption:
- e.setPasscred(v)
case tcpip.ReuseAddressOption:
default:
log.Warningf("Unsupported socket option: %d", opt)
@@ -894,9 +879,6 @@ func (e *baseEndpoint) GetSockOptBool(opt tcpip.SockOptBool) (bool, *tcpip.Error
case tcpip.KeepaliveEnabledOption, tcpip.AcceptConnOption:
return false, nil
- case tcpip.PasscredOption:
- return e.Passcred(), nil
-
default:
log.Warningf("Unsupported socket option: %d", opt)
return false, tcpip.ErrUnknownProtocolOption
diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go
index 3e520d2ee..b32bb7ba8 100644
--- a/pkg/sentry/socket/unix/unix.go
+++ b/pkg/sentry/socket/unix/unix.go
@@ -115,9 +115,6 @@ type socketOpsCommon struct {
// bound, they cannot be modified.
abstractName string
abstractNamespace *kernel.AbstractSocketNamespace
-
- // ops is used to get socket level options.
- ops tcpip.SocketOptions
}
func (s *socketOpsCommon) isPacket() bool {
diff --git a/pkg/sentry/socket/unix/unix_state_autogen.go b/pkg/sentry/socket/unix/unix_state_autogen.go
index 9e9055b79..fba990d9a 100644
--- a/pkg/sentry/socket/unix/unix_state_autogen.go
+++ b/pkg/sentry/socket/unix/unix_state_autogen.go
@@ -87,7 +87,6 @@ func (s *socketOpsCommon) StateFields() []string {
"stype",
"abstractName",
"abstractNamespace",
- "ops",
}
}
@@ -100,7 +99,6 @@ func (s *socketOpsCommon) StateSave(stateSinkObject state.Sink) {
stateSinkObject.Save(2, &s.stype)
stateSinkObject.Save(3, &s.abstractName)
stateSinkObject.Save(4, &s.abstractNamespace)
- stateSinkObject.Save(5, &s.ops)
}
func (s *socketOpsCommon) afterLoad() {}
@@ -111,7 +109,6 @@ func (s *socketOpsCommon) StateLoad(stateSourceObject state.Source) {
stateSourceObject.Load(2, &s.stype)
stateSourceObject.Load(3, &s.abstractName)
stateSourceObject.Load(4, &s.abstractNamespace)
- stateSourceObject.Load(5, &s.ops)
}
func (s *SocketVFS2) StateTypeName() string {
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-06 22:49:04 +0000