diff options
Diffstat (limited to 'pkg/sentry')
200 files changed, 569 insertions, 875 deletions
diff --git a/pkg/sentry/arch/BUILD b/pkg/sentry/arch/BUILD index 0a2a35400..314b3e962 100644 --- a/pkg/sentry/arch/BUILD +++ b/pkg/sentry/arch/BUILD @@ -1,21 +1,7 @@ package(licenses = ["notice"]) # Apache 2.0 load("@io_bazel_rules_go//proto:def.bzl", "go_proto_library") -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "arch_state", - srcs = [ - "arch.go", - "arch_amd64.go", - "arch_state_x86.go", - "arch_x86.go", - "auxv.go", - "signal_amd64.go", - ], - out = "arch_state.go", - package = "arch", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "arch", @@ -24,7 +10,6 @@ go_library( "arch.go", "arch_amd64.go", "arch_amd64.s", - "arch_state.go", "arch_state_x86.go", "arch_x86.go", "auxv.go", @@ -46,7 +31,6 @@ go_library( "//pkg/sentry/context", "//pkg/sentry/limits", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", ], ) diff --git a/pkg/sentry/arch/arch.go b/pkg/sentry/arch/arch.go index 0189e958d..21cb84502 100644 --- a/pkg/sentry/arch/arch.go +++ b/pkg/sentry/arch/arch.go @@ -254,6 +254,8 @@ const ( // MemoryManager. // // Note that "highest address" below is always exclusive. +// +// +stateify savable type MmapLayout struct { // MinAddr is the lowest mappable address. MinAddr usermem.Addr diff --git a/pkg/sentry/arch/arch_amd64.go b/pkg/sentry/arch/arch_amd64.go index 23526fe8e..f1e408af9 100644 --- a/pkg/sentry/arch/arch_amd64.go +++ b/pkg/sentry/arch/arch_amd64.go @@ -95,6 +95,8 @@ const ( ) // context64 represents an AMD64 context. +// +// +stateify savable type context64 struct { State sigFPState []x86FPState // fpstate to be restored on sigreturn. diff --git a/pkg/sentry/arch/arch_state_x86.go b/pkg/sentry/arch/arch_state_x86.go index cb38d098a..e9c23a06b 100644 --- a/pkg/sentry/arch/arch_state_x86.go +++ b/pkg/sentry/arch/arch_state_x86.go @@ -56,6 +56,7 @@ func (s *State) afterLoad() { copy(s.x86FPState, old) } +// +stateify savable type syscallPtraceRegs struct { R15 uint64 R14 uint64 diff --git a/pkg/sentry/arch/arch_x86.go b/pkg/sentry/arch/arch_x86.go index 5cc4f8377..b35eec53c 100644 --- a/pkg/sentry/arch/arch_x86.go +++ b/pkg/sentry/arch/arch_x86.go @@ -153,6 +153,8 @@ func NewFloatingPointData() *FloatingPointData { // State contains the common architecture bits for X86 (the build tag of this // file ensures it's only built on x86). +// +// +stateify savable type State struct { // The system registers. Regs syscall.PtraceRegs `state:".(syscallPtraceRegs)"` diff --git a/pkg/sentry/arch/auxv.go b/pkg/sentry/arch/auxv.go index 70e0e35b7..81cfb4a01 100644 --- a/pkg/sentry/arch/auxv.go +++ b/pkg/sentry/arch/auxv.go @@ -19,6 +19,8 @@ import ( ) // An AuxEntry represents an entry in an ELF auxiliary vector. +// +// +stateify savable type AuxEntry struct { Key uint64 Value usermem.Addr diff --git a/pkg/sentry/arch/signal_amd64.go b/pkg/sentry/arch/signal_amd64.go index c1d743f38..e81717e8b 100644 --- a/pkg/sentry/arch/signal_amd64.go +++ b/pkg/sentry/arch/signal_amd64.go @@ -28,6 +28,8 @@ import ( // SignalAct represents the action that should be taken when a signal is // delivered, and is equivalent to struct sigaction on 64-bit x86. +// +// +stateify savable type SignalAct struct { Handler uint64 Flags uint64 @@ -47,6 +49,8 @@ func (s *SignalAct) DeserializeTo(other *SignalAct) { // SignalStack represents information about a user stack, and is equivalent to // stack_t on 64-bit x86. +// +// +stateify savable type SignalStack struct { Addr uint64 Flags uint32 @@ -66,6 +70,8 @@ func (s *SignalStack) DeserializeTo(other *SignalStack) { // SignalInfo represents information about a signal being delivered, and is // equivalent to struct siginfo on 64-bit x86. +// +// +stateify savable type SignalInfo struct { Signo int32 // Signal number Errno int32 // Errno value diff --git a/pkg/sentry/context/contexttest/BUILD b/pkg/sentry/context/contexttest/BUILD index 591b11a4d..01bb40b04 100644 --- a/pkg/sentry/context/contexttest/BUILD +++ b/pkg/sentry/context/contexttest/BUILD @@ -1,23 +1,11 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "contexttest_state", - srcs = [ - "contexttest.go", - ], - out = "contexttest_state.go", - package = "contexttest", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "contexttest", testonly = 1, - srcs = [ - "contexttest.go", - "contexttest_state.go", - ], + srcs = ["contexttest.go"], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/context/contexttest", visibility = ["//pkg/sentry:internal"], deps = [ @@ -28,6 +16,5 @@ go_library( "//pkg/sentry/platform", "//pkg/sentry/platform/ptrace", "//pkg/sentry/uniqueid", - "//pkg/state", ], ) diff --git a/pkg/sentry/fs/BUILD b/pkg/sentry/fs/BUILD index e3c9a9b70..18cd5ae8e 100644 --- a/pkg/sentry/fs/BUILD +++ b/pkg/sentry/fs/BUILD @@ -1,40 +1,7 @@ package(licenses = ["notice"]) # Apache 2.0 load("//tools/go_generics:defs.bzl", "go_template_instance") -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "fs_state", - srcs = [ - "attr.go", - "dentry.go", - "dirent.go", - "dirent_cache.go", - "dirent_list.go", - "dirent_state.go", - "file.go", - "file_overlay.go", - "file_state.go", - "filesystems.go", - "flags.go", - "inode.go", - "inode_inotify.go", - "inode_operations.go", - "inode_overlay.go", - "inotify.go", - "inotify_event.go", - "inotify_watch.go", - "mock.go", - "mount.go", - "mount_overlay.go", - "mount_state.go", - "mounts.go", - "overlay.go", - "path.go", - ], - out = "fs_state.go", - package = "fs", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_library( name = "fs", @@ -54,7 +21,6 @@ go_library( "filesystems.go", "flags.go", "fs.go", - "fs_state.go", "inode.go", "inode_inotify.go", "inode_operations.go", diff --git a/pkg/sentry/fs/ashmem/BUILD b/pkg/sentry/fs/ashmem/BUILD index 9f166799a..dc893d22f 100644 --- a/pkg/sentry/fs/ashmem/BUILD +++ b/pkg/sentry/fs/ashmem/BUILD @@ -1,26 +1,12 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") load("//tools/go_generics:defs.bzl", "go_template_instance") -go_stateify( - name = "ashmem_state", - srcs = [ - "area.go", - "device.go", - "pin_board.go", - "uint64_range.go", - "uint64_set.go", - ], - out = "ashmem_state.go", - package = "ashmem", -) - go_library( name = "ashmem", srcs = [ "area.go", - "ashmem_state.go", "device.go", "pin_board.go", "uint64_range.go", @@ -41,7 +27,6 @@ go_library( "//pkg/sentry/platform", "//pkg/sentry/usage", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", "//pkg/tcpip/transport/unix", ], diff --git a/pkg/sentry/fs/ashmem/area.go b/pkg/sentry/fs/ashmem/area.go index e4f76f0d0..bfd7f2762 100644 --- a/pkg/sentry/fs/ashmem/area.go +++ b/pkg/sentry/fs/ashmem/area.go @@ -39,10 +39,12 @@ const ( ) // Area implements fs.FileOperations. +// +// +stateify savable type Area struct { - fsutil.NoFsync - fsutil.DeprecatedFileOperations - fsutil.NotDirReaddir + fsutil.NoFsync `state:"nosave"` + fsutil.DeprecatedFileOperations `state:"nosave"` + fsutil.NotDirReaddir `state:"nosave"` ad *Device diff --git a/pkg/sentry/fs/ashmem/device.go b/pkg/sentry/fs/ashmem/device.go index c5b51d4a7..d0986fa11 100644 --- a/pkg/sentry/fs/ashmem/device.go +++ b/pkg/sentry/fs/ashmem/device.go @@ -27,17 +27,19 @@ import ( ) // Device implements fs.InodeOperations. +// +// +stateify savable type Device struct { - fsutil.DeprecatedFileOperations - fsutil.InodeNoExtendedAttributes - fsutil.InodeNotDirectory - fsutil.InodeNotRenameable - fsutil.InodeNotSocket - fsutil.InodeNotSymlink - fsutil.NoFsync - fsutil.NoMappable - fsutil.NoopWriteOut - fsutil.NotDirReaddir + fsutil.DeprecatedFileOperations `state:"nosave"` + fsutil.InodeNoExtendedAttributes `state:"nosave"` + fsutil.InodeNotDirectory `state:"nosave"` + fsutil.InodeNotRenameable `state:"nosave"` + fsutil.InodeNotSocket `state:"nosave"` + fsutil.InodeNotSymlink `state:"nosave"` + fsutil.NoFsync `state:"nosave"` + fsutil.NoMappable `state:"nosave"` + fsutil.NoopWriteOut `state:"nosave"` + fsutil.NotDirReaddir `state:"nosave"` mu sync.Mutex `state:"nosave"` unstable fs.UnstableAttr diff --git a/pkg/sentry/fs/ashmem/pin_board.go b/pkg/sentry/fs/ashmem/pin_board.go index c7fb3822c..ecba395a0 100644 --- a/pkg/sentry/fs/ashmem/pin_board.go +++ b/pkg/sentry/fs/ashmem/pin_board.go @@ -56,6 +56,8 @@ func (setFunctions) Split(Range, noValue, uint64) (noValue, noValue) { // segment.Set is used for implementation where segments represent // ranges of pinned bytes, while gaps represent ranges of unpinned // bytes. All ranges are page-aligned. +// +// +stateify savable type PinBoard struct { Set } diff --git a/pkg/sentry/fs/attr.go b/pkg/sentry/fs/attr.go index 56a2ad6f7..4178f18b2 100644 --- a/pkg/sentry/fs/attr.go +++ b/pkg/sentry/fs/attr.go @@ -91,6 +91,8 @@ func (n InodeType) String() string { // StableAttr contains Inode attributes that will be stable throughout the // lifetime of the Inode. +// +// +stateify savable type StableAttr struct { // Type is the InodeType of a InodeOperations. Type InodeType @@ -150,6 +152,8 @@ func IsCharDevice(s StableAttr) bool { // UnstableAttr contains Inode attributes that may change over the lifetime // of the Inode. +// +// +stateify savable type UnstableAttr struct { // Size is the file size in bytes. Size int64 @@ -186,6 +190,8 @@ func WithCurrentTime(ctx context.Context, u UnstableAttr) UnstableAttr { } // AttrMask contains fields to mask StableAttr and UnstableAttr. +// +// +stateify savable type AttrMask struct { Type bool DeviceID bool @@ -227,6 +233,8 @@ func (a AttrMask) Union(b AttrMask) AttrMask { } // PermMask are file access permissions. +// +// +stateify savable type PermMask struct { // Read indicates reading is permitted. Read bool @@ -280,6 +288,8 @@ func (p PermMask) SupersetOf(other PermMask) bool { // FilePermissions represents the permissions of a file, with // Read/Write/Execute bits for user, group, and other. +// +// +stateify savable type FilePermissions struct { User PermMask Group PermMask @@ -370,6 +380,8 @@ func (f FilePermissions) AnyRead() bool { } // FileOwner represents ownership of a file. +// +// +stateify savable type FileOwner struct { UID auth.KUID GID auth.KGID diff --git a/pkg/sentry/fs/binder/BUILD b/pkg/sentry/fs/binder/BUILD index ec3928baf..a077b91d2 100644 --- a/pkg/sentry/fs/binder/BUILD +++ b/pkg/sentry/fs/binder/BUILD @@ -1,25 +1,16 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "binder_state", - srcs = ["binder.go"], - out = "binder_state.go", - package = "binder", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "binder", srcs = [ "binder.go", - "binder_state.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/fs/binder", visibility = ["//pkg/sentry:internal"], deps = [ "//pkg/abi/linux", - "//pkg/log", "//pkg/sentry/arch", "//pkg/sentry/context", "//pkg/sentry/fs", @@ -30,8 +21,6 @@ go_library( "//pkg/sentry/platform", "//pkg/sentry/usage", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", - "//pkg/tcpip/transport/unix", ], ) diff --git a/pkg/sentry/fs/binder/binder.go b/pkg/sentry/fs/binder/binder.go index 3f87b6b08..502a262dd 100644 --- a/pkg/sentry/fs/binder/binder.go +++ b/pkg/sentry/fs/binder/binder.go @@ -40,15 +40,17 @@ const ( ) // Device implements fs.InodeOperations. +// +// +stateify savable type Device struct { - fsutil.InodeNoExtendedAttributes - fsutil.InodeNotDirectory - fsutil.InodeNotRenameable - fsutil.InodeNotSocket - fsutil.InodeNotSymlink - fsutil.NoMappable - fsutil.NoopWriteOut - fsutil.DeprecatedFileOperations + fsutil.InodeNoExtendedAttributes `state:"nosave"` + fsutil.InodeNotDirectory `state:"nosave"` + fsutil.InodeNotRenameable `state:"nosave"` + fsutil.InodeNotSocket `state:"nosave"` + fsutil.InodeNotSymlink `state:"nosave"` + fsutil.NoMappable `state:"nosave"` + fsutil.NoopWriteOut `state:"nosave"` + fsutil.DeprecatedFileOperations `state:"nosave"` // mu protects unstable. mu sync.Mutex `state:"nosave"` @@ -186,10 +188,12 @@ func (bd *Device) StatFS(context.Context) (fs.Info, error) { } // Proc implements fs.FileOperations and fs.IoctlGetter. +// +// +stateify savable type Proc struct { - fsutil.NoFsync - fsutil.DeprecatedFileOperations - fsutil.NotDirReaddir + fsutil.NoFsync `state:"nosave"` + fsutil.DeprecatedFileOperations `state:"nosave"` + fsutil.NotDirReaddir `state:"nosave"` bd *Device task *kernel.Task diff --git a/pkg/sentry/fs/dentry.go b/pkg/sentry/fs/dentry.go index d42e8da81..b347468ff 100644 --- a/pkg/sentry/fs/dentry.go +++ b/pkg/sentry/fs/dentry.go @@ -21,6 +21,8 @@ import ( ) // DentAttr is the metadata of a directory entry. It is a subset of StableAttr. +// +// +stateify savable type DentAttr struct { // Type is the InodeType of an Inode. Type InodeType @@ -154,6 +156,8 @@ func GenericReaddir(ctx *DirCtx, s *SortedDentryMap) (int, error) { } // SortedDentryMap is a sorted map of names and fs.DentAttr entries. +// +// +stateify savable type SortedDentryMap struct { // names is always kept in sorted-order. names []string diff --git a/pkg/sentry/fs/dev/BUILD b/pkg/sentry/fs/dev/BUILD index ea41615fd..fc069bb5f 100644 --- a/pkg/sentry/fs/dev/BUILD +++ b/pkg/sentry/fs/dev/BUILD @@ -1,25 +1,11 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "dev_state", - srcs = [ - "dev.go", - "fs.go", - "full.go", - "null.go", - "random.go", - ], - out = "dev_state.go", - package = "dev", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "dev", srcs = [ "dev.go", - "dev_state.go", "device.go", "fs.go", "full.go", @@ -30,8 +16,6 @@ go_library( visibility = ["//pkg/sentry:internal"], deps = [ "//pkg/abi/linux", - "//pkg/amutex", - "//pkg/log", "//pkg/rand", "//pkg/sentry/context", "//pkg/sentry/device", @@ -45,9 +29,7 @@ go_library( "//pkg/sentry/mm", "//pkg/sentry/platform", "//pkg/sentry/safemem", - "//pkg/sentry/usage", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", ], ) diff --git a/pkg/sentry/fs/dev/dev.go b/pkg/sentry/fs/dev/dev.go index 36c61bfc2..3f4f2a40a 100644 --- a/pkg/sentry/fs/dev/dev.go +++ b/pkg/sentry/fs/dev/dev.go @@ -27,6 +27,8 @@ import ( ) // Dev is the root node. +// +// +stateify savable type Dev struct { ramfs.Dir } diff --git a/pkg/sentry/fs/dev/fs.go b/pkg/sentry/fs/dev/fs.go index 3c79f3782..2ae49be4e 100644 --- a/pkg/sentry/fs/dev/fs.go +++ b/pkg/sentry/fs/dev/fs.go @@ -29,6 +29,8 @@ const binderEnabledKey = "binder_enabled" const ashmemEnabledKey = "ashmem_enabled" // filesystem is a devtmpfs. +// +// +stateify savable type filesystem struct{} func init() { diff --git a/pkg/sentry/fs/dev/full.go b/pkg/sentry/fs/dev/full.go index e13eb6c03..492b8eb3a 100644 --- a/pkg/sentry/fs/dev/full.go +++ b/pkg/sentry/fs/dev/full.go @@ -26,6 +26,8 @@ import ( ) // fullDevice is used to implement /dev/full. +// +// +stateify savable type fullDevice struct { ramfs.Entry } diff --git a/pkg/sentry/fs/dev/null.go b/pkg/sentry/fs/dev/null.go index 66b8ba967..2977c8670 100644 --- a/pkg/sentry/fs/dev/null.go +++ b/pkg/sentry/fs/dev/null.go @@ -29,6 +29,7 @@ import ( "gvisor.googlesource.com/gvisor/pkg/sentry/usermem" ) +// +stateify savable type nullDevice struct { ramfs.Entry } @@ -54,6 +55,7 @@ func (n *nullDevice) Truncate(context.Context, *fs.Inode, int64) error { return nil } +// +stateify savable type zeroDevice struct { nullDevice } @@ -80,6 +82,7 @@ func (zd *zeroDevice) GetFile(ctx context.Context, dirent *fs.Dirent, flags fs.F }), nil } +// +stateify savable type zeroFileOperations struct { fs.FileOperations } diff --git a/pkg/sentry/fs/dev/random.go b/pkg/sentry/fs/dev/random.go index 33a045a05..47b76218f 100644 --- a/pkg/sentry/fs/dev/random.go +++ b/pkg/sentry/fs/dev/random.go @@ -24,6 +24,7 @@ import ( "gvisor.googlesource.com/gvisor/pkg/sentry/usermem" ) +// +stateify savable type randomDevice struct { ramfs.Entry } diff --git a/pkg/sentry/fs/dirent.go b/pkg/sentry/fs/dirent.go index f9bf2fba6..4658d044f 100644 --- a/pkg/sentry/fs/dirent.go +++ b/pkg/sentry/fs/dirent.go @@ -81,6 +81,8 @@ var renameMu sync.RWMutex // // Dirents currently do not attempt to free entries that lack application references under // memory pressure. +// +// +stateify savable type Dirent struct { // AtomicRefCount is our reference count. refs.AtomicRefCount diff --git a/pkg/sentry/fs/dirent_cache.go b/pkg/sentry/fs/dirent_cache.go index e786e4f65..c680e4828 100644 --- a/pkg/sentry/fs/dirent_cache.go +++ b/pkg/sentry/fs/dirent_cache.go @@ -25,6 +25,8 @@ import ( // // A nil DirentCache corresponds to a cache with size 0. All methods can be // called, but nothing is actually cached. +// +// +stateify savable type DirentCache struct { // Maximum size of the cache. This must be saved manually, to handle the case // when cache is nil. diff --git a/pkg/sentry/fs/fdpipe/BUILD b/pkg/sentry/fs/fdpipe/BUILD index 4fcb06f1f..ffe4204bc 100644 --- a/pkg/sentry/fs/fdpipe/BUILD +++ b/pkg/sentry/fs/fdpipe/BUILD @@ -1,54 +1,27 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "pipe_state", - srcs = [ - "pipe.go", - "pipe_state.go", - ], - out = "pipe_autogen_state.go", - imports = ["gvisor.googlesource.com/gvisor/pkg/sentry/fs"], - package = "fdpipe", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_library( name = "fdpipe", srcs = [ "pipe.go", - "pipe_autogen_state.go", "pipe_opener.go", "pipe_state.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/fs/fdpipe", + imports = ["gvisor.googlesource.com/gvisor/pkg/sentry/fs"], visibility = ["//pkg/sentry:internal"], deps = [ - "//pkg/abi/linux", - "//pkg/amutex", "//pkg/fd", "//pkg/log", - "//pkg/metric", - "//pkg/p9", - "//pkg/refs", "//pkg/secio", "//pkg/sentry/context", - "//pkg/sentry/device", "//pkg/sentry/fs", "//pkg/sentry/fs/fsutil", - "//pkg/sentry/fs/lock", - "//pkg/sentry/kernel/auth", - "//pkg/sentry/kernel/time", - "//pkg/sentry/memmap", - "//pkg/sentry/platform", "//pkg/sentry/safemem", - "//pkg/sentry/uniqueid", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", - "//pkg/tcpip", - "//pkg/tcpip/transport/unix", - "//pkg/unet", "//pkg/waiter", "//pkg/waiter/fdnotifier", ], diff --git a/pkg/sentry/fs/fdpipe/pipe.go b/pkg/sentry/fs/fdpipe/pipe.go index 7b318e35f..2e34604e6 100644 --- a/pkg/sentry/fs/fdpipe/pipe.go +++ b/pkg/sentry/fs/fdpipe/pipe.go @@ -34,6 +34,8 @@ import ( ) // pipeOperations are the fs.FileOperations of a host pipe. +// +// +stateify savable type pipeOperations struct { fsutil.PipeSeek `state:"nosave"` fsutil.NotDirReaddir `state:"nosave"` diff --git a/pkg/sentry/fs/file.go b/pkg/sentry/fs/file.go index 6d93ef760..8e535a618 100644 --- a/pkg/sentry/fs/file.go +++ b/pkg/sentry/fs/file.go @@ -47,6 +47,8 @@ const FileMaxOffset = math.MaxInt64 // and write(2). // // FIXME: Split synchronization from cancellation. +// +// +stateify savable type File struct { refs.AtomicRefCount diff --git a/pkg/sentry/fs/file_overlay.go b/pkg/sentry/fs/file_overlay.go index 36b2cf75e..113962368 100644 --- a/pkg/sentry/fs/file_overlay.go +++ b/pkg/sentry/fs/file_overlay.go @@ -60,6 +60,8 @@ func overlayFile(ctx context.Context, inode *Inode, flags FileFlags) (*File, err } // overlayFileOperations implements FileOperations for a file in an overlay. +// +// +stateify savable type overlayFileOperations struct { // upperMu protects upper below. In contrast lower is stable. upperMu sync.Mutex `state:"nosave"` @@ -375,6 +377,8 @@ func readdirOne(ctx context.Context, d *Dirent) (map[string]DentAttr, error) { // overlayMappingIdentity wraps a MappingIdentity, and also holds a reference // on a file during its lifetime. +// +// +stateify savable type overlayMappingIdentity struct { refs.AtomicRefCount id memmap.MappingIdentity diff --git a/pkg/sentry/fs/filesystems.go b/pkg/sentry/fs/filesystems.go index 200e792f4..5a1e7a270 100644 --- a/pkg/sentry/fs/filesystems.go +++ b/pkg/sentry/fs/filesystems.go @@ -125,6 +125,8 @@ func GetFilesystems() []Filesystem { } // MountSourceFlags represents all mount option flags as a struct. +// +// +stateify savable type MountSourceFlags struct { // ReadOnly corresponds to mount(2)'s "MS_RDONLY" and indicates that // the filesystem should be mounted read-only. diff --git a/pkg/sentry/fs/filetest/BUILD b/pkg/sentry/fs/filetest/BUILD index f481c57fb..d137fee4c 100644 --- a/pkg/sentry/fs/filetest/BUILD +++ b/pkg/sentry/fs/filetest/BUILD @@ -1,34 +1,20 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "filetest_state", - srcs = [ - "filetest.go", - ], - out = "filetest_state.go", - package = "filetest", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "filetest", testonly = 1, - srcs = [ - "filetest.go", - "filetest_state.go", - ], + srcs = ["filetest.go"], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/fs/filetest", visibility = ["//pkg/sentry:internal"], deps = [ - "//pkg/refs", "//pkg/sentry/context", "//pkg/sentry/context/contexttest", "//pkg/sentry/fs", "//pkg/sentry/fs/anon", "//pkg/sentry/fs/fsutil", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/waiter", ], ) diff --git a/pkg/sentry/fs/flags.go b/pkg/sentry/fs/flags.go index da0ff58af..1aa271560 100644 --- a/pkg/sentry/fs/flags.go +++ b/pkg/sentry/fs/flags.go @@ -19,6 +19,8 @@ import ( ) // FileFlags encodes file flags. +// +// +stateify savable type FileFlags struct { // Direct indicates that I/O should be done directly. Direct bool diff --git a/pkg/sentry/fs/fsutil/BUILD b/pkg/sentry/fs/fsutil/BUILD index 6eea64298..3512bae6f 100644 --- a/pkg/sentry/fs/fsutil/BUILD +++ b/pkg/sentry/fs/fsutil/BUILD @@ -1,24 +1,7 @@ package(licenses = ["notice"]) # Apache 2.0 load("//tools/go_generics:defs.bzl", "go_template_instance") -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "fsutil_state", - srcs = [ - "dirty_set_impl.go", - "file.go", - "file_range_set_impl.go", - "frame_ref_set_impl.go", - "handle.go", - "host_file_mapper.go", - "host_file_mapper_state.go", - "inode.go", - "inode_cached.go", - ], - out = "fsutil_state.go", - package = "fsutil", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_template_instance( name = "dirty_set_impl", @@ -84,7 +67,6 @@ go_library( "frame_ref_set.go", "frame_ref_set_impl.go", "fsutil.go", - "fsutil_state.go", "handle.go", "host_file_mapper.go", "host_file_mapper_state.go", diff --git a/pkg/sentry/fs/fsutil/dirty_set.go b/pkg/sentry/fs/fsutil/dirty_set.go index 9c6c98542..8e31e48fd 100644 --- a/pkg/sentry/fs/fsutil/dirty_set.go +++ b/pkg/sentry/fs/fsutil/dirty_set.go @@ -32,6 +32,8 @@ import ( // DirtyInfo is the value type of DirtySet, and represents information about a // Mappable offset that is dirty (the cached data for that offset is newer than // its source). +// +// +stateify savable type DirtyInfo struct { // Keep is true if the represented offset is concurrently writable, such // that writing the data for that offset back to the source does not diff --git a/pkg/sentry/fs/fsutil/handle.go b/pkg/sentry/fs/fsutil/handle.go index 149c0f84a..e7efd3c0f 100644 --- a/pkg/sentry/fs/fsutil/handle.go +++ b/pkg/sentry/fs/fsutil/handle.go @@ -27,6 +27,8 @@ import ( // // FIXME: Remove Handle entirely in favor of individual fs.File // implementations using simple generic utilities. +// +// +stateify savable type Handle struct { NoopRelease `state:"nosave"` NoIoctl `state:"nosave"` diff --git a/pkg/sentry/fs/fsutil/host_file_mapper.go b/pkg/sentry/fs/fsutil/host_file_mapper.go index d0a27fc1c..9c1e2f76f 100644 --- a/pkg/sentry/fs/fsutil/host_file_mapper.go +++ b/pkg/sentry/fs/fsutil/host_file_mapper.go @@ -29,6 +29,8 @@ import ( // HostFileMapper caches mappings of an arbitrary host file descriptor. It is // used by implementations of memmap.Mappable that represent a host file // descriptor. +// +// +stateify savable type HostFileMapper struct { // HostFile conceptually breaks the file into pieces called chunks, of // size and alignment chunkSize, and caches mappings of the file on a chunk diff --git a/pkg/sentry/fs/fsutil/inode.go b/pkg/sentry/fs/fsutil/inode.go index e1ad07df2..177396fdc 100644 --- a/pkg/sentry/fs/fsutil/inode.go +++ b/pkg/sentry/fs/fsutil/inode.go @@ -31,6 +31,8 @@ func NewSimpleInodeOperations(i InodeSimpleAttributes) fs.InodeOperations { } // simpleInodeOperations is a simple implementation of Inode. +// +// +stateify savable type simpleInodeOperations struct { DeprecatedFileOperations `state:"nosave"` InodeNotDirectory `state:"nosave"` @@ -48,6 +50,8 @@ type simpleInodeOperations struct { // InodeSimpleAttributes implements a subset of the Inode interface. It provides // read-only access to attributes. +// +// +stateify savable type InodeSimpleAttributes struct { // FSType is the filesystem type reported by StatFS. FSType uint64 @@ -110,6 +114,8 @@ func (*InodeSimpleAttributes) Truncate(context.Context, *fs.Inode, int64) error // // Users need not initialize Xattrs to non-nil (it will be initialized // when the first extended attribute is set. +// +// +stateify savable type InMemoryAttributes struct { Unstable fs.UnstableAttr Xattrs map[string][]byte diff --git a/pkg/sentry/fs/fsutil/inode_cached.go b/pkg/sentry/fs/fsutil/inode_cached.go index cba642a8f..0a320e2d8 100644 --- a/pkg/sentry/fs/fsutil/inode_cached.go +++ b/pkg/sentry/fs/fsutil/inode_cached.go @@ -55,6 +55,8 @@ import ( // // Implementations of InodeOperations.WriteOut must call Sync to write out // in-memory modifications of data and metadata to the CachedFileObject. +// +// +stateify savable type CachingInodeOperations struct { // backingFile is a handle to a cached file object. backingFile CachedFileObject diff --git a/pkg/sentry/fs/gofer/BUILD b/pkg/sentry/fs/gofer/BUILD index 1277379e7..cb17339c9 100644 --- a/pkg/sentry/fs/gofer/BUILD +++ b/pkg/sentry/fs/gofer/BUILD @@ -1,21 +1,6 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "gofer_state", - srcs = [ - "file.go", - "file_state.go", - "fs.go", - "inode.go", - "inode_state.go", - "session.go", - "session_state.go", - ], - out = "gofer_state.go", - package = "gofer", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_library( name = "gofer", @@ -27,7 +12,6 @@ go_library( "file.go", "file_state.go", "fs.go", - "gofer_state.go", "handles.go", "inode.go", "inode_state.go", @@ -41,7 +25,6 @@ go_library( visibility = ["//pkg/sentry:internal"], deps = [ "//pkg/abi/linux", - "//pkg/amutex", "//pkg/fd", "//pkg/log", "//pkg/metric", @@ -54,15 +37,11 @@ go_library( "//pkg/sentry/fs/fdpipe", "//pkg/sentry/fs/fsutil", "//pkg/sentry/fs/host", - "//pkg/sentry/fs/lock", "//pkg/sentry/kernel/auth", "//pkg/sentry/kernel/time", "//pkg/sentry/memmap", - "//pkg/sentry/platform", "//pkg/sentry/safemem", - "//pkg/sentry/uniqueid", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", "//pkg/tcpip", "//pkg/tcpip/transport/unix", diff --git a/pkg/sentry/fs/gofer/file.go b/pkg/sentry/fs/gofer/file.go index 039618808..46a6bbd5d 100644 --- a/pkg/sentry/fs/gofer/file.go +++ b/pkg/sentry/fs/gofer/file.go @@ -33,6 +33,8 @@ import ( var openedWX = metric.MustCreateNewUint64Metric("/gofer/opened_write_execute_file", true /* sync */, "Number of times a writable+executable file was opened from a gofer.") // fileOperations implements fs.FileOperations for a remote file system. +// +// +stateify savable type fileOperations struct { fsutil.NoIoctl `state:"nosave"` waiter.AlwaysReady `state:"nosave"` diff --git a/pkg/sentry/fs/gofer/fs.go b/pkg/sentry/fs/gofer/fs.go index dd5d43c47..3ae93f059 100644 --- a/pkg/sentry/fs/gofer/fs.go +++ b/pkg/sentry/fs/gofer/fs.go @@ -83,6 +83,8 @@ var ( ) // filesystem is a 9p client. +// +// +stateify savable type filesystem struct{} func init() { diff --git a/pkg/sentry/fs/gofer/inode.go b/pkg/sentry/fs/gofer/inode.go index df584c382..7fc8f77b0 100644 --- a/pkg/sentry/fs/gofer/inode.go +++ b/pkg/sentry/fs/gofer/inode.go @@ -35,6 +35,8 @@ import ( ) // inodeOperations implements fs.InodeOperations. +// +// +stateify savable type inodeOperations struct { fsutil.InodeNotVirtual `state:"nosave"` fsutil.InodeNoExtendedAttributes `state:"nosave"` @@ -68,6 +70,8 @@ type inodeOperations struct { // circular load dependency between it and inodeOperations). Even with // lazy loading, this approach defines the dependencies between objects // and the expected load behavior more concretely. +// +// +stateify savable type inodeFileState struct { // s is common file system state for Gofers. s *session `state:"wait"` diff --git a/pkg/sentry/fs/gofer/session.go b/pkg/sentry/fs/gofer/session.go index b6841526a..648a11435 100644 --- a/pkg/sentry/fs/gofer/session.go +++ b/pkg/sentry/fs/gofer/session.go @@ -27,6 +27,7 @@ import ( "gvisor.googlesource.com/gvisor/pkg/unet" ) +// +stateify savable type endpointMap struct { mu sync.RWMutex `state:"nosave"` // TODO: Make map with private unix sockets savable. @@ -63,6 +64,8 @@ func (e *endpointMap) get(key device.MultiDeviceKey) unix.BoundEndpoint { } // session holds state for each 9p session established during sys_mount. +// +// +stateify savable type session struct { refs.AtomicRefCount diff --git a/pkg/sentry/fs/host/BUILD b/pkg/sentry/fs/host/BUILD index 23ec66f50..29c79284a 100644 --- a/pkg/sentry/fs/host/BUILD +++ b/pkg/sentry/fs/host/BUILD @@ -1,23 +1,6 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "host_state", - srcs = [ - "control.go", - "descriptor.go", - "descriptor_state.go", - "file.go", - "fs.go", - "inode.go", - "inode_state.go", - "socket.go", - "socket_state.go", - ], - out = "host_state.go", - package = "host", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_library( name = "host", @@ -28,7 +11,6 @@ go_library( "device.go", "file.go", "fs.go", - "host_state.go", "inode.go", "inode_state.go", "ioctl_unsafe.go", @@ -42,7 +24,6 @@ go_library( visibility = ["//pkg/sentry:internal"], deps = [ "//pkg/abi/linux", - "//pkg/amutex", "//pkg/fd", "//pkg/log", "//pkg/refs", @@ -52,20 +33,14 @@ go_library( "//pkg/sentry/device", "//pkg/sentry/fs", "//pkg/sentry/fs/fsutil", - "//pkg/sentry/fs/lock", "//pkg/sentry/kernel", "//pkg/sentry/kernel/auth", "//pkg/sentry/kernel/time", "//pkg/sentry/memmap", - "//pkg/sentry/platform", "//pkg/sentry/safemem", - "//pkg/sentry/socket", "//pkg/sentry/socket/control", "//pkg/sentry/socket/unix", - "//pkg/sentry/uniqueid", - "//pkg/sentry/usage", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", "//pkg/tcpip", "//pkg/tcpip/link/rawfile", diff --git a/pkg/sentry/fs/host/descriptor.go b/pkg/sentry/fs/host/descriptor.go index 613bd06e8..3aee4d11c 100644 --- a/pkg/sentry/fs/host/descriptor.go +++ b/pkg/sentry/fs/host/descriptor.go @@ -25,6 +25,8 @@ import ( ) // descriptor wraps a host fd. +// +// +stateify savable type descriptor struct { // donated is true if the host fd was donated by another process. donated bool diff --git a/pkg/sentry/fs/host/file.go b/pkg/sentry/fs/host/file.go index bdf844337..f9bef6d93 100644 --- a/pkg/sentry/fs/host/file.go +++ b/pkg/sentry/fs/host/file.go @@ -37,6 +37,8 @@ import ( ) // fileOperations implements fs.FileOperations for a host file descriptor. +// +// +stateify savable type fileOperations struct { fsutil.NoopRelease `state:"nosave"` diff --git a/pkg/sentry/fs/host/fs.go b/pkg/sentry/fs/host/fs.go index 974700636..e46ae433c 100644 --- a/pkg/sentry/fs/host/fs.go +++ b/pkg/sentry/fs/host/fs.go @@ -51,6 +51,8 @@ const maxTraversals = 10 // to lock down the configurations. This filesystem should only be mounted at root. // // Think twice before exposing this to applications. +// +// +stateify savable type Filesystem struct { // whitelist is a set of host paths to whitelist. paths []string @@ -266,8 +268,10 @@ func newMountSource(ctx context.Context, root string, mounter fs.FileOwner, file } // superOperations implements fs.MountSourceOperations. +// +// +stateify savable type superOperations struct { - fs.SimpleMountSourceOperations `state:"nosave"` + fs.SimpleMountSourceOperations // root is the path of the mount point. All inode mappings // are relative to this root. diff --git a/pkg/sentry/fs/host/inode.go b/pkg/sentry/fs/host/inode.go index 226bc5164..761ccde33 100644 --- a/pkg/sentry/fs/host/inode.go +++ b/pkg/sentry/fs/host/inode.go @@ -34,6 +34,8 @@ import ( // inodeOperations implements fs.InodeOperations for an fs.Inodes backed // by a host file descriptor. +// +// +stateify savable type inodeOperations struct { fsutil.InodeNotVirtual `state:"nosave"` fsutil.InodeNoExtendedAttributes `state:"nosave"` @@ -65,6 +67,8 @@ type inodeOperations struct { // circular load dependency between it and inodeOperations). Even with // lazy loading, this approach defines the dependencies between objects // and the expected load behavior more concretely. +// +// +stateify savable type inodeFileState struct { // Common file system state. mops *superOperations `state:"wait"` diff --git a/pkg/sentry/fs/host/socket.go b/pkg/sentry/fs/host/socket.go index f4689f51f..1d93eb1e3 100644 --- a/pkg/sentry/fs/host/socket.go +++ b/pkg/sentry/fs/host/socket.go @@ -34,6 +34,8 @@ import ( ) // endpoint encapsulates the state needed to represent a host Unix socket. +// +// +stateify savable type endpoint struct { queue waiter.Queue `state:"nosave"` diff --git a/pkg/sentry/fs/inode.go b/pkg/sentry/fs/inode.go index 6c8e6f188..d0dbce5dd 100644 --- a/pkg/sentry/fs/inode.go +++ b/pkg/sentry/fs/inode.go @@ -28,6 +28,8 @@ import ( // Inode is a file system object that can be simultaneously referenced by different // components of the VFS (Dirent, fs.File, etc). +// +// +stateify savable type Inode struct { // AtomicRefCount is our reference count. refs.AtomicRefCount @@ -58,6 +60,8 @@ type Inode struct { // Note that in Linux fcntl(2) and flock(2) locks are _not_ cooperative, because race and // deadlock conditions make merging them prohibitive. We do the same and keep them oblivious // to each other but provide a "context" as a convenient container. +// +// +stateify savable type LockCtx struct { // Posix is a set of POSIX-style regional advisory locks, see fcntl(2). Posix lock.Locks diff --git a/pkg/sentry/fs/inode_inotify.go b/pkg/sentry/fs/inode_inotify.go index 358bbecdf..683140afe 100644 --- a/pkg/sentry/fs/inode_inotify.go +++ b/pkg/sentry/fs/inode_inotify.go @@ -20,6 +20,8 @@ import ( ) // Watches is the collection of inotify watches on an inode. +// +// +stateify savable type Watches struct { // mu protects the fields below. mu sync.RWMutex `state:"nosave"` diff --git a/pkg/sentry/fs/inotify.go b/pkg/sentry/fs/inotify.go index 6f5e8ce5e..2aabdded8 100644 --- a/pkg/sentry/fs/inotify.go +++ b/pkg/sentry/fs/inotify.go @@ -34,6 +34,8 @@ import ( // // Lock ordering: // Inotify.mu -> Inode.Watches.mu -> Watch.mu -> Inotify.evMu +// +// +stateify savable type Inotify struct { // Unique identifier for this inotify instance. We don't just reuse the // inotify fd because fds can be duped. These should not be exposed to the diff --git a/pkg/sentry/fs/inotify_event.go b/pkg/sentry/fs/inotify_event.go index 217915ba4..e9b5e0f56 100644 --- a/pkg/sentry/fs/inotify_event.go +++ b/pkg/sentry/fs/inotify_event.go @@ -28,6 +28,8 @@ import ( const inotifyEventBaseSize = 16 // Event represents a struct inotify_event from linux. +// +// +stateify savable type Event struct { ilist.Entry diff --git a/pkg/sentry/fs/inotify_watch.go b/pkg/sentry/fs/inotify_watch.go index 8904ef544..3e1959e83 100644 --- a/pkg/sentry/fs/inotify_watch.go +++ b/pkg/sentry/fs/inotify_watch.go @@ -27,6 +27,8 @@ import ( // holding an extra ref on each dirent known (by inotify) to point to the // inode. These are known as pins. For a full discussion, see // fs/g3doc/inotify.md. +// +// +stateify savable type Watch struct { // Inotify instance which owns this watch. owner *Inotify diff --git a/pkg/sentry/fs/lock/BUILD b/pkg/sentry/fs/lock/BUILD index 2607d7ed3..3159ff1da 100644 --- a/pkg/sentry/fs/lock/BUILD +++ b/pkg/sentry/fs/lock/BUILD @@ -1,18 +1,7 @@ package(licenses = ["notice"]) # Apache 2.0 load("//tools/go_generics:defs.bzl", "go_template_instance") -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "lock_state", - srcs = [ - "lock.go", - "lock_range.go", - "lock_set.go", - ], - out = "lock_state.go", - package = "lock", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_template_instance( name = "lock_range", @@ -49,13 +38,11 @@ go_library( "lock_range.go", "lock_set.go", "lock_set_functions.go", - "lock_state.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/fs/lock", visibility = ["//pkg/sentry:internal"], deps = [ "//pkg/log", - "//pkg/state", "//pkg/waiter", ], ) diff --git a/pkg/sentry/fs/lock/lock.go b/pkg/sentry/fs/lock/lock.go index 24d54c989..e9b376eb6 100644 --- a/pkg/sentry/fs/lock/lock.go +++ b/pkg/sentry/fs/lock/lock.go @@ -88,6 +88,8 @@ const LockEOF = math.MaxUint64 // // A Lock may be downgraded from a write lock to a read lock only if // the write lock's uid is the same as the read lock. +// +// +stateify savable type Lock struct { // Readers are the set of read lock holders identified by UniqueID. // If len(Readers) > 0 then HasWriter must be false. @@ -103,6 +105,8 @@ type Lock struct { } // Locks is a thread-safe wrapper around a LockSet. +// +// +stateify savable type Locks struct { // mu protects locks below. mu sync.Mutex `state:"nosave"` @@ -111,7 +115,7 @@ type Locks struct { locks LockSet // blockedQueue is the queue of waiters that are waiting on a lock. - blockedQueue waiter.Queue + blockedQueue waiter.Queue `state:"zerovalue"` } // Blocker is the interface used for blocking locks. Passing a nil Blocker diff --git a/pkg/sentry/fs/mount.go b/pkg/sentry/fs/mount.go index eb1897174..4ede767f9 100644 --- a/pkg/sentry/fs/mount.go +++ b/pkg/sentry/fs/mount.go @@ -101,6 +101,8 @@ func (i InodeMappings) String() string { // (e.g. cannot be mounted at different locations). // // TODO: Move mount-specific information out of MountSource. +// +// +stateify savable type MountSource struct { refs.AtomicRefCount @@ -260,6 +262,8 @@ func NewNonCachingMountSource(filesystem Filesystem, flags MountSourceFlags) *Mo } // SimpleMountSourceOperations implements MountSourceOperations. +// +// +stateify savable type SimpleMountSourceOperations struct { keep bool } diff --git a/pkg/sentry/fs/mount_overlay.go b/pkg/sentry/fs/mount_overlay.go index 1be81e3a1..d135e8a37 100644 --- a/pkg/sentry/fs/mount_overlay.go +++ b/pkg/sentry/fs/mount_overlay.go @@ -18,6 +18,8 @@ import "gvisor.googlesource.com/gvisor/pkg/sentry/context" // overlayMountSourceOperations implements MountSourceOperations for an overlay // mount point. +// +// +stateify savable type overlayMountSourceOperations struct { upper *MountSource lower *MountSource @@ -72,6 +74,8 @@ func (o *overlayMountSourceOperations) Destroy() { } // type overlayFilesystem is the filesystem for overlay mounts. +// +// +stateify savable type overlayFilesystem struct{} // Name implements Filesystem.Name. diff --git a/pkg/sentry/fs/mounts.go b/pkg/sentry/fs/mounts.go index 87da4ee0e..144d3427d 100644 --- a/pkg/sentry/fs/mounts.go +++ b/pkg/sentry/fs/mounts.go @@ -32,6 +32,8 @@ import ( const DefaultTraversalLimit = 10 // MountNamespace defines a collection of mounts. +// +// +stateify savable type MountNamespace struct { refs.AtomicRefCount diff --git a/pkg/sentry/fs/overlay.go b/pkg/sentry/fs/overlay.go index 7357d6401..af13dc8c7 100644 --- a/pkg/sentry/fs/overlay.go +++ b/pkg/sentry/fs/overlay.go @@ -145,6 +145,8 @@ func newOverlayInode(ctx context.Context, o *overlayEntry, msrc *MountSource) *I } // overlayEntry is the overlay metadata of an Inode. It implements Mappable. +// +// +stateify savable type overlayEntry struct { // lowerExists is true if an Inode exists for this file in the lower // filesystem. If lowerExists is true, then the overlay must create diff --git a/pkg/sentry/fs/proc/BUILD b/pkg/sentry/fs/proc/BUILD index 870df47b2..2d9f07f2f 100644 --- a/pkg/sentry/fs/proc/BUILD +++ b/pkg/sentry/fs/proc/BUILD @@ -1,32 +1,6 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "proc_state", - srcs = [ - "cpuinfo.go", - "exec_args.go", - "fds.go", - "file.go", - "filesystems.go", - "fs.go", - "loadavg.go", - "meminfo.go", - "mounts.go", - "net.go", - "proc.go", - "stat.go", - "sys.go", - "sys_net.go", - "task.go", - "uid_gid_map.go", - "uptime.go", - "version.go", - ], - out = "proc_state.go", - package = "proc", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_library( name = "proc", @@ -42,7 +16,6 @@ go_library( "mounts.go", "net.go", "proc.go", - "proc_state.go", "rpcinet_proc.go", "stat.go", "sys.go", @@ -56,9 +29,6 @@ go_library( visibility = ["//pkg/sentry:internal"], deps = [ "//pkg/abi/linux", - "//pkg/amutex", - "//pkg/log", - "//pkg/sentry/arch", "//pkg/sentry/context", "//pkg/sentry/fs", "//pkg/sentry/fs/proc/device", @@ -73,8 +43,6 @@ go_library( "//pkg/sentry/socket/rpcinet", "//pkg/sentry/usage", "//pkg/sentry/usermem", - "//pkg/state", - "//pkg/syserr", "//pkg/syserror", ], ) diff --git a/pkg/sentry/fs/proc/cpuinfo.go b/pkg/sentry/fs/proc/cpuinfo.go index f80aaa5b1..4dfec03a4 100644 --- a/pkg/sentry/fs/proc/cpuinfo.go +++ b/pkg/sentry/fs/proc/cpuinfo.go @@ -27,6 +27,8 @@ import ( // cpuinfo is a file describing the CPU capabilities. // // Presently cpuinfo never changes, so it doesn't need to be a SeqFile. +// +// +stateify savable type cpuinfo struct { ramfs.Entry diff --git a/pkg/sentry/fs/proc/exec_args.go b/pkg/sentry/fs/proc/exec_args.go index 0e1523bf1..a69cbaa0e 100644 --- a/pkg/sentry/fs/proc/exec_args.go +++ b/pkg/sentry/fs/proc/exec_args.go @@ -37,6 +37,8 @@ const ( // execArgFile is a file containing the exec args (either cmdline or environ) // for a given task. +// +// +stateify savable type execArgFile struct { ramfs.Entry diff --git a/pkg/sentry/fs/proc/fds.go b/pkg/sentry/fs/proc/fds.go index 194a9c12a..cca8f874c 100644 --- a/pkg/sentry/fs/proc/fds.go +++ b/pkg/sentry/fs/proc/fds.go @@ -138,6 +138,8 @@ func (f *fd) Close() error { } // fdDir implements /proc/TID/fd. +// +// +stateify savable type fdDir struct { ramfs.Dir @@ -197,6 +199,8 @@ func (f *fdDir) DeprecatedReaddir(ctx context.Context, dirCtx *fs.DirCtx, offset } // fdInfo is a single file in /proc/TID/fdinfo/. +// +// +stateify savable type fdInfo struct { ramfs.File @@ -229,6 +233,8 @@ func (*fdInfo) Truncate(ctx context.Context, inode *fs.Inode, size int64) error // fdInfoDir implements /proc/TID/fdinfo. It embeds an fdDir, but overrides // Lookup and Readdir. +// +// +stateify savable type fdInfoDir struct { ramfs.Dir diff --git a/pkg/sentry/fs/proc/file.go b/pkg/sentry/fs/proc/file.go index 9a433cdf8..4b2d08e75 100644 --- a/pkg/sentry/fs/proc/file.go +++ b/pkg/sentry/fs/proc/file.go @@ -22,6 +22,7 @@ import ( "gvisor.googlesource.com/gvisor/pkg/sentry/usermem" ) +// +stateify savable type file struct { fs.InodeOperations diff --git a/pkg/sentry/fs/proc/filesystems.go b/pkg/sentry/fs/proc/filesystems.go index 37db9cf9c..49b92fd8a 100644 --- a/pkg/sentry/fs/proc/filesystems.go +++ b/pkg/sentry/fs/proc/filesystems.go @@ -24,6 +24,8 @@ import ( ) // filesystemsData backs /proc/filesystems. +// +// +stateify savable type filesystemsData struct{} // NeedsUpdate returns true on the first generation. The set of registered file diff --git a/pkg/sentry/fs/proc/fs.go b/pkg/sentry/fs/proc/fs.go index 3aadd6ac4..061824b8c 100644 --- a/pkg/sentry/fs/proc/fs.go +++ b/pkg/sentry/fs/proc/fs.go @@ -22,6 +22,8 @@ import ( ) // filesystem is a procfs. +// +// +stateify savable type filesystem struct{} func init() { diff --git a/pkg/sentry/fs/proc/loadavg.go b/pkg/sentry/fs/proc/loadavg.go index 7583b6ccd..6fac251d2 100644 --- a/pkg/sentry/fs/proc/loadavg.go +++ b/pkg/sentry/fs/proc/loadavg.go @@ -23,6 +23,8 @@ import ( ) // loadavgData backs /proc/loadavg. +// +// +stateify savable type loadavgData struct{} // NeedsUpdate implements seqfile.SeqSource.NeedsUpdate. diff --git a/pkg/sentry/fs/proc/meminfo.go b/pkg/sentry/fs/proc/meminfo.go index 49cb0faed..53dfd59ef 100644 --- a/pkg/sentry/fs/proc/meminfo.go +++ b/pkg/sentry/fs/proc/meminfo.go @@ -26,6 +26,8 @@ import ( ) // meminfoData backs /proc/meminfo. +// +// +stateify savable type meminfoData struct { // k is the owning Kernel. k *kernel.Kernel diff --git a/pkg/sentry/fs/proc/mounts.go b/pkg/sentry/fs/proc/mounts.go index 108432f4e..2b8167c28 100644 --- a/pkg/sentry/fs/proc/mounts.go +++ b/pkg/sentry/fs/proc/mounts.go @@ -71,6 +71,8 @@ func forEachMountSource(t *kernel.Task, fn func(string, *fs.MountSource)) { } // mountInfoFile is used to implement /proc/[pid]/mountinfo. +// +// +stateify savable type mountInfoFile struct { t *kernel.Task } @@ -152,6 +154,8 @@ func (mif *mountInfoFile) ReadSeqFileData(ctx context.Context, handle seqfile.Se } // mountsFile is used to implement /proc/[pid]/mountinfo. +// +// +stateify savable type mountsFile struct { t *kernel.Task } diff --git a/pkg/sentry/fs/proc/proc.go b/pkg/sentry/fs/proc/proc.go index b2a8d639c..07029a7bb 100644 --- a/pkg/sentry/fs/proc/proc.go +++ b/pkg/sentry/fs/proc/proc.go @@ -33,6 +33,8 @@ import ( ) // proc is a root proc node. +// +// +stateify savable type proc struct { ramfs.Dir @@ -47,6 +49,8 @@ type proc struct { // stubProcFSFile is a file type that can be used to return file contents // which are constant. This file is not writable and will always have mode // 0444. +// +// +stateify savable type stubProcFSFile struct { ramfs.Entry diff --git a/pkg/sentry/fs/proc/seqfile/BUILD b/pkg/sentry/fs/proc/seqfile/BUILD index c84f7e20d..53c475652 100644 --- a/pkg/sentry/fs/proc/seqfile/BUILD +++ b/pkg/sentry/fs/proc/seqfile/BUILD @@ -1,22 +1,10 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "seqfile_state", - srcs = [ - "seqfile.go", - ], - out = "seqfile_state.go", - package = "seqfile", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_library( name = "seqfile", - srcs = [ - "seqfile.go", - "seqfile_state.go", - ], + srcs = ["seqfile.go"], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/fs/proc/seqfile", visibility = ["//pkg/sentry:internal"], deps = [ @@ -26,26 +14,16 @@ go_library( "//pkg/sentry/fs/ramfs", "//pkg/sentry/kernel/time", "//pkg/sentry/usermem", - "//pkg/state", ], ) -go_stateify( - name = "seqfile_test_state", - srcs = ["seqfile_test.go"], - out = "seqfile_test_state.go", - package = "seqfile", -) - go_test( name = "seqfile_test", size = "small", - srcs = [ - "seqfile_test.go", - "seqfile_test_state.go", - ], + srcs = ["seqfile_test.go"], embed = [":seqfile"], deps = [ + "//pkg/sentry/context", "//pkg/sentry/context/contexttest", "//pkg/sentry/fs", "//pkg/sentry/fs/ramfs/test", diff --git a/pkg/sentry/fs/proc/seqfile/seqfile.go b/pkg/sentry/fs/proc/seqfile/seqfile.go index c08565f8a..51cae5e37 100644 --- a/pkg/sentry/fs/proc/seqfile/seqfile.go +++ b/pkg/sentry/fs/proc/seqfile/seqfile.go @@ -30,6 +30,8 @@ import ( type SeqHandle interface{} // SeqData holds the data for one unit in the file. +// +// +stateify savable type SeqData struct { // The data to be returned to the user. Buf []byte @@ -82,6 +84,8 @@ func (s *SeqGenerationCounter) IsCurrent(generation int64) bool { } // SeqFile is used to provide dynamic files that can be ordered by record. +// +// +stateify savable type SeqFile struct { ramfs.Entry diff --git a/pkg/sentry/fs/proc/stat.go b/pkg/sentry/fs/proc/stat.go index 284f3e52b..bf7650211 100644 --- a/pkg/sentry/fs/proc/stat.go +++ b/pkg/sentry/fs/proc/stat.go @@ -25,6 +25,8 @@ import ( ) // statData backs /proc/stat. +// +// +stateify savable type statData struct { // k is the owning Kernel. k *kernel.Kernel diff --git a/pkg/sentry/fs/proc/sys.go b/pkg/sentry/fs/proc/sys.go index aab891c53..a2d36ca23 100644 --- a/pkg/sentry/fs/proc/sys.go +++ b/pkg/sentry/fs/proc/sys.go @@ -28,6 +28,8 @@ import ( ) // hostname is a file containing the system hostname. +// +// +stateify savable type hostname struct { ramfs.Entry } @@ -52,6 +54,8 @@ func (p *proc) newHostname(ctx context.Context, msrc *fs.MountSource) *fs.Inode } // mmapMinAddrData backs /proc/sys/vm/mmap_min_addr. +// +// +stateify savable type mmapMinAddrData struct { k *kernel.Kernel } @@ -74,6 +78,7 @@ func (d *mmapMinAddrData) ReadSeqFileData(ctx context.Context, h seqfile.SeqHand }, 0 } +// +stateify savable type overcommitMemory struct{} func (*overcommitMemory) NeedsUpdate(generation int64) bool { diff --git a/pkg/sentry/fs/proc/sys_net.go b/pkg/sentry/fs/proc/sys_net.go index f3a5043f8..beb25be20 100644 --- a/pkg/sentry/fs/proc/sys_net.go +++ b/pkg/sentry/fs/proc/sys_net.go @@ -33,6 +33,7 @@ const ( tcpWMem ) +// +stateify savable type tcpMem struct { ramfs.Entry s inet.Stack @@ -100,6 +101,7 @@ func (m *tcpMem) DeprecatedPwritev(ctx context.Context, src usermem.IOSequence, return n, cperr } +// +stateify savable type tcpSack struct { ramfs.Entry s inet.Stack diff --git a/pkg/sentry/fs/proc/task.go b/pkg/sentry/fs/proc/task.go index efc635946..748ca4320 100644 --- a/pkg/sentry/fs/proc/task.go +++ b/pkg/sentry/fs/proc/task.go @@ -52,6 +52,8 @@ func getTaskMM(t *kernel.Task) (*mm.MemoryManager, error) { } // taskDir represents a task-level directory. +// +// +stateify savable type taskDir struct { ramfs.Dir @@ -92,6 +94,8 @@ func newTaskDir(t *kernel.Task, msrc *fs.MountSource, pidns *kernel.PIDNamespace } // subtasks represents a /proc/TID/task directory. +// +// +stateify savable type subtasks struct { ramfs.Dir @@ -167,6 +171,8 @@ func (s *subtasks) DeprecatedReaddir(ctx context.Context, dirCtx *fs.DirCtx, off } // exe is an fs.InodeOperations symlink for the /proc/PID/exe file. +// +// +stateify savable type exe struct { ramfs.Symlink @@ -226,6 +232,8 @@ func (e *exe) Readlink(ctx context.Context, inode *fs.Inode) (string, error) { // namespaceFile represents a file in the namespacefs, such as the files in // /proc/<pid>/ns. +// +// +stateify savable type namespaceFile struct { ramfs.Symlink @@ -274,6 +282,8 @@ func newNamespaceDir(t *kernel.Task, msrc *fs.MountSource) *fs.Inode { } // mapsData implements seqfile.SeqSource for /proc/[pid]/maps. +// +// +stateify savable type mapsData struct { t *kernel.Task } @@ -311,6 +321,7 @@ func (md *mapsData) ReadSeqFileData(ctx context.Context, h seqfile.SeqHandle) ([ return []seqfile.SeqData{}, 0 } +// +stateify savable type taskStatData struct { t *kernel.Task @@ -391,6 +402,8 @@ func (s *taskStatData) ReadSeqFileData(ctx context.Context, h seqfile.SeqHandle) } // statmData implements seqfile.SeqSource for /proc/[pid]/statm. +// +// +stateify savable type statmData struct { t *kernel.Task } @@ -425,6 +438,8 @@ func (s *statmData) ReadSeqFileData(ctx context.Context, h seqfile.SeqHandle) ([ } // statusData implements seqfile.SeqSource for /proc/[pid]/status. +// +// +stateify savable type statusData struct { t *kernel.Task pidns *kernel.PIDNamespace @@ -490,6 +505,7 @@ type ioUsage interface { IOUsage() *usage.IO } +// +stateify savable type ioData struct { ioUsage } @@ -530,6 +546,8 @@ func (i *ioData) ReadSeqFileData(ctx context.Context, h seqfile.SeqHandle) ([]se // On Linux, /proc/[pid]/comm is writable, and writing to the comm file changes // the thread name. We don't implement this yet as there are no known users of // this feature. +// +// +stateify savable type comm struct { ramfs.Entry @@ -559,6 +577,8 @@ func (c *comm) DeprecatedPreadv(ctx context.Context, dst usermem.IOSequence, off } // auxvec is a file containing the auxiliary vector for a task. +// +// +stateify savable type auxvec struct { ramfs.Entry diff --git a/pkg/sentry/fs/proc/uid_gid_map.go b/pkg/sentry/fs/proc/uid_gid_map.go index 85acb5163..9811d9c9d 100644 --- a/pkg/sentry/fs/proc/uid_gid_map.go +++ b/pkg/sentry/fs/proc/uid_gid_map.go @@ -29,6 +29,8 @@ import ( // An idMapSeqSource is a seqfile.SeqSource that returns UID or GID mappings // from a task's user namespace. +// +// +stateify savable type idMapSeqSource struct { t *kernel.Task gids bool @@ -70,6 +72,7 @@ type idMapSeqHandle struct { value int } +// +stateify savable type idMapSeqFile struct { seqfile.SeqFile } diff --git a/pkg/sentry/fs/proc/uptime.go b/pkg/sentry/fs/proc/uptime.go index 4679d5821..f3a9b81df 100644 --- a/pkg/sentry/fs/proc/uptime.go +++ b/pkg/sentry/fs/proc/uptime.go @@ -27,6 +27,8 @@ import ( ) // uptime is a file containing the system uptime. +// +// +stateify savable type uptime struct { ramfs.Entry diff --git a/pkg/sentry/fs/proc/version.go b/pkg/sentry/fs/proc/version.go index c0f2e87e3..00f6a2afd 100644 --- a/pkg/sentry/fs/proc/version.go +++ b/pkg/sentry/fs/proc/version.go @@ -23,6 +23,8 @@ import ( ) // versionData backs /proc/version. +// +// +stateify savable type versionData struct { // k is the owning Kernel. k *kernel.Kernel diff --git a/pkg/sentry/fs/ramfs/BUILD b/pkg/sentry/fs/ramfs/BUILD index d84f2c624..5230157fe 100644 --- a/pkg/sentry/fs/ramfs/BUILD +++ b/pkg/sentry/fs/ramfs/BUILD @@ -1,19 +1,6 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "ramfs_state", - srcs = [ - "dir.go", - "file.go", - "ramfs.go", - "socket.go", - "symlink.go", - ], - out = "ramfs_state.go", - package = "ramfs", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_library( name = "ramfs", @@ -21,7 +8,6 @@ go_library( "dir.go", "file.go", "ramfs.go", - "ramfs_state.go", "socket.go", "symlink.go", "tree.go", @@ -29,12 +15,8 @@ go_library( importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/fs/ramfs", visibility = ["//pkg/sentry:internal"], deps = [ - "//pkg/amutex", - "//pkg/log", - "//pkg/refs", "//pkg/secio", "//pkg/sentry/context", - "//pkg/sentry/device", "//pkg/sentry/fs", "//pkg/sentry/fs/anon", "//pkg/sentry/fs/fsutil", @@ -42,7 +24,6 @@ go_library( "//pkg/sentry/memmap", "//pkg/sentry/safemem", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", "//pkg/tcpip/transport/unix", "//pkg/waiter", diff --git a/pkg/sentry/fs/ramfs/dir.go b/pkg/sentry/fs/ramfs/dir.go index 19d5612ed..04432f28c 100644 --- a/pkg/sentry/fs/ramfs/dir.go +++ b/pkg/sentry/fs/ramfs/dir.go @@ -44,6 +44,8 @@ type CreateOps struct { } // Dir represents a single directory in the filesystem. +// +// +stateify savable type Dir struct { Entry diff --git a/pkg/sentry/fs/ramfs/ramfs.go b/pkg/sentry/fs/ramfs/ramfs.go index d6cfaf753..13e72e775 100644 --- a/pkg/sentry/fs/ramfs/ramfs.go +++ b/pkg/sentry/fs/ramfs/ramfs.go @@ -60,6 +60,8 @@ var ( // Entry represents common internal state for file and directory nodes. // This may be used by other packages to easily create ramfs files. +// +// +stateify savable type Entry struct { waiter.AlwaysReady `state:"nosave"` fsutil.NoMappable `state:"nosave"` diff --git a/pkg/sentry/fs/ramfs/socket.go b/pkg/sentry/fs/ramfs/socket.go index b0c79325f..93427a1ff 100644 --- a/pkg/sentry/fs/ramfs/socket.go +++ b/pkg/sentry/fs/ramfs/socket.go @@ -21,6 +21,8 @@ import ( ) // Socket represents a socket. +// +// +stateify savable type Socket struct { Entry diff --git a/pkg/sentry/fs/ramfs/symlink.go b/pkg/sentry/fs/ramfs/symlink.go index 9bbf78619..1c54d9991 100644 --- a/pkg/sentry/fs/ramfs/symlink.go +++ b/pkg/sentry/fs/ramfs/symlink.go @@ -22,6 +22,8 @@ import ( ) // Symlink represents a symlink. +// +// +stateify savable type Symlink struct { Entry diff --git a/pkg/sentry/fs/ramfs/test/BUILD b/pkg/sentry/fs/ramfs/test/BUILD index 57fee45e2..187eac49d 100644 --- a/pkg/sentry/fs/ramfs/test/BUILD +++ b/pkg/sentry/fs/ramfs/test/BUILD @@ -1,30 +1,16 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "test_state", - srcs = [ - "test.go", - ], - out = "test_state.go", - package = "test", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "test", testonly = 1, - srcs = [ - "test.go", - "test_state.go", - ], + srcs = ["test.go"], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/fs/ramfs/test", visibility = ["//pkg/sentry:internal"], deps = [ "//pkg/sentry/context", - "//pkg/sentry/device", "//pkg/sentry/fs", "//pkg/sentry/fs/ramfs", - "//pkg/state", ], ) diff --git a/pkg/sentry/fs/sys/BUILD b/pkg/sentry/fs/sys/BUILD index 095ff1f25..bc24e980e 100644 --- a/pkg/sentry/fs/sys/BUILD +++ b/pkg/sentry/fs/sys/BUILD @@ -1,16 +1,6 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "sys_state", - srcs = [ - "fs.go", - "sys.go", - ], - out = "sys_state.go", - package = "sys", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "sys", @@ -18,7 +8,6 @@ go_library( "device.go", "fs.go", "sys.go", - "sys_state.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/fs/sys", visibility = ["//pkg/sentry:internal"], @@ -28,6 +17,5 @@ go_library( "//pkg/sentry/fs", "//pkg/sentry/fs/ramfs", "//pkg/sentry/usermem", - "//pkg/state", ], ) diff --git a/pkg/sentry/fs/sys/fs.go b/pkg/sentry/fs/sys/fs.go index c6d5f7fd8..625525540 100644 --- a/pkg/sentry/fs/sys/fs.go +++ b/pkg/sentry/fs/sys/fs.go @@ -20,6 +20,8 @@ import ( ) // filesystem is a sysfs. +// +// +stateify savable type filesystem struct{} func init() { diff --git a/pkg/sentry/fs/sys/sys.go b/pkg/sentry/fs/sys/sys.go index ccf56f644..b9b2fb4a1 100644 --- a/pkg/sentry/fs/sys/sys.go +++ b/pkg/sentry/fs/sys/sys.go @@ -22,12 +22,13 @@ import ( "gvisor.googlesource.com/gvisor/pkg/sentry/usermem" ) -type Dir struct { +// +stateify savable +type dir struct { ramfs.Dir } func newDir(ctx context.Context, msrc *fs.MountSource, contents map[string]*fs.Inode) *fs.Inode { - d := &Dir{} + d := &dir{} d.InitDir(ctx, contents, fs.RootOwner, fs.FilePermsFromMode(0555)) return fs.NewInode(d, msrc, fs.StableAttr{ DeviceID: sysfsDevice.DeviceID(), diff --git a/pkg/sentry/fs/timerfd/BUILD b/pkg/sentry/fs/timerfd/BUILD index 8b1b7872e..ffdd7e0dc 100644 --- a/pkg/sentry/fs/timerfd/BUILD +++ b/pkg/sentry/fs/timerfd/BUILD @@ -1,33 +1,19 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "timerfd_state", - srcs = [ - "timerfd.go", - ], - out = "timerfd_state.go", - package = "timerfd", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "timerfd", - srcs = [ - "timerfd.go", - "timerfd_state.go", - ], + srcs = ["timerfd.go"], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/fs/timerfd", visibility = ["//pkg/sentry:internal"], deps = [ - "//pkg/refs", "//pkg/sentry/context", "//pkg/sentry/fs", "//pkg/sentry/fs/anon", "//pkg/sentry/fs/fsutil", "//pkg/sentry/kernel/time", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", "//pkg/waiter", ], diff --git a/pkg/sentry/fs/timerfd/timerfd.go b/pkg/sentry/fs/timerfd/timerfd.go index ae58f6fd7..767db95a0 100644 --- a/pkg/sentry/fs/timerfd/timerfd.go +++ b/pkg/sentry/fs/timerfd/timerfd.go @@ -30,6 +30,8 @@ import ( ) // TimerOperations implements fs.FileOperations for timerfds. +// +// +stateify savable type TimerOperations struct { fsutil.ZeroSeek `state:"nosave"` fsutil.NotDirReaddir `state:"nosave"` @@ -38,7 +40,7 @@ type TimerOperations struct { fsutil.NoMMap `state:"nosave"` fsutil.NoIoctl `state:"nosave"` - events waiter.Queue `state:"nosave"` + events waiter.Queue `state:"zerovalue"` timer *ktime.Timer // val is the number of timer expirations since the last successful call to diff --git a/pkg/sentry/fs/tmpfs/BUILD b/pkg/sentry/fs/tmpfs/BUILD index 473ab4296..cfe11ab02 100644 --- a/pkg/sentry/fs/tmpfs/BUILD +++ b/pkg/sentry/fs/tmpfs/BUILD @@ -1,18 +1,6 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "tmpfs_state", - srcs = [ - "file_regular.go", - "fs.go", - "inode_file.go", - "tmpfs.go", - ], - out = "tmpfs_state.go", - package = "tmpfs", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_library( name = "tmpfs", @@ -22,13 +10,11 @@ go_library( "fs.go", "inode_file.go", "tmpfs.go", - "tmpfs_state.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/fs/tmpfs", visibility = ["//pkg/sentry:internal"], deps = [ "//pkg/abi/linux", - "//pkg/log", "//pkg/sentry/context", "//pkg/sentry/device", "//pkg/sentry/fs", @@ -41,7 +27,6 @@ go_library( "//pkg/sentry/safemem", "//pkg/sentry/usage", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/tcpip/transport/unix", "//pkg/waiter", ], diff --git a/pkg/sentry/fs/tmpfs/file_regular.go b/pkg/sentry/fs/tmpfs/file_regular.go index 9811d90bc..342688f81 100644 --- a/pkg/sentry/fs/tmpfs/file_regular.go +++ b/pkg/sentry/fs/tmpfs/file_regular.go @@ -25,6 +25,8 @@ import ( // regularFileOperations implements fs.FileOperations for a regular // tmpfs file. +// +// +stateify savable type regularFileOperations struct { waiter.AlwaysReady `state:"nosave"` fsutil.NoopRelease `state:"nosave"` diff --git a/pkg/sentry/fs/tmpfs/fs.go b/pkg/sentry/fs/tmpfs/fs.go index 5bd9ade52..ca620e65e 100644 --- a/pkg/sentry/fs/tmpfs/fs.go +++ b/pkg/sentry/fs/tmpfs/fs.go @@ -47,6 +47,8 @@ const ( var modeRegexp = regexp.MustCompile("0[0-7][0-7][0-7]") // Filesystem is a tmpfs. +// +// +stateify savable type Filesystem struct{} func init() { diff --git a/pkg/sentry/fs/tmpfs/inode_file.go b/pkg/sentry/fs/tmpfs/inode_file.go index 4e803c9ff..1e4fe47d2 100644 --- a/pkg/sentry/fs/tmpfs/inode_file.go +++ b/pkg/sentry/fs/tmpfs/inode_file.go @@ -43,6 +43,8 @@ import ( // include an InvalidatorRegion associated with that reference. When the // referenced portion of the file is removed (with Truncate), the associated // InvalidatorRegion is invalidated. +// +// +stateify savable type fileInodeOperations struct { fsutil.DeprecatedFileOperations `state:"nosave"` fsutil.InodeNotDirectory `state:"nosave"` diff --git a/pkg/sentry/fs/tmpfs/tmpfs.go b/pkg/sentry/fs/tmpfs/tmpfs.go index 1cc7ae491..10cb5451d 100644 --- a/pkg/sentry/fs/tmpfs/tmpfs.go +++ b/pkg/sentry/fs/tmpfs/tmpfs.go @@ -49,6 +49,8 @@ func rename(ctx context.Context, oldParent *fs.Inode, oldName string, newParent } // Dir is a directory. +// +// +stateify savable type Dir struct { ramfs.Dir @@ -122,6 +124,8 @@ func (*Dir) StatFS(context.Context) (fs.Info, error) { } // Symlink is a symlink. +// +// +stateify savable type Symlink struct { ramfs.Symlink } @@ -149,6 +153,8 @@ func (s *Symlink) StatFS(context.Context) (fs.Info, error) { } // Socket is a socket. +// +// +stateify savable type Socket struct { ramfs.Socket } @@ -176,6 +182,8 @@ func (s *Socket) StatFS(context.Context) (fs.Info, error) { } // Fifo is a tmpfs named pipe. +// +// +stateify savable type Fifo struct { ramfs.Entry } diff --git a/pkg/sentry/fs/tty/BUILD b/pkg/sentry/fs/tty/BUILD index 363897b2c..3c446eef4 100644 --- a/pkg/sentry/fs/tty/BUILD +++ b/pkg/sentry/fs/tty/BUILD @@ -1,22 +1,6 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "tty_state", - srcs = [ - "dir.go", - "fs.go", - "inode.go", - "line_discipline.go", - "master.go", - "queue.go", - "slave.go", - "terminal.go", - ], - out = "tty_state.go", - package = "tty", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_library( name = "tty", @@ -29,7 +13,6 @@ go_library( "queue.go", "slave.go", "terminal.go", - "tty_state.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/fs/tty", visibility = ["//pkg/sentry:internal"], @@ -44,7 +27,6 @@ go_library( "//pkg/sentry/kernel/auth", "//pkg/sentry/kernel/time", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", "//pkg/tcpip/transport/unix", "//pkg/waiter", diff --git a/pkg/sentry/fs/tty/dir.go b/pkg/sentry/fs/tty/dir.go index 2c5b2aed6..c91091db4 100644 --- a/pkg/sentry/fs/tty/dir.go +++ b/pkg/sentry/fs/tty/dir.go @@ -49,14 +49,16 @@ import ( // corresponding Dirents hold on their parent (this directory). // // dirInodeOperations implements fs.InodeOperations. +// +// +stateify savable type dirInodeOperations struct { - fsutil.DeprecatedFileOperations - fsutil.InodeNotSocket - fsutil.InodeNotRenameable - fsutil.InodeNotSymlink - fsutil.InodeNoExtendedAttributes - fsutil.NoMappable - fsutil.NoopWriteOut + fsutil.DeprecatedFileOperations `state:"nosave"` + fsutil.InodeNotSocket `state:"nosave"` + fsutil.InodeNotRenameable `state:"nosave"` + fsutil.InodeNotSymlink `state:"nosave"` + fsutil.InodeNoExtendedAttributes `state:"nosave"` + fsutil.NoMappable `state:"nosave"` + fsutil.NoopWriteOut `state:"nosave"` // msrc is the super block this directory is on. // @@ -348,6 +350,8 @@ func (d *dirInodeOperations) masterClose(t *Terminal) { // // This is nearly identical to fsutil.DirFileOperations, except that it takes // df.di.mu in IterateDir. +// +// +stateify savable type dirFileOperations struct { waiter.AlwaysReady `state:"nosave"` fsutil.NoopRelease `state:"nosave"` diff --git a/pkg/sentry/fs/tty/fs.go b/pkg/sentry/fs/tty/fs.go index dbaffe95e..e28635607 100644 --- a/pkg/sentry/fs/tty/fs.go +++ b/pkg/sentry/fs/tty/fs.go @@ -28,6 +28,8 @@ var ptsDevice = device.NewAnonDevice() // // This devpts is always in the new "multi-instance" mode. i.e., it contains a // ptmx device tied to this mount. +// +// +stateify savable type filesystem struct{} func init() { @@ -69,6 +71,8 @@ func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSou } // superOperations implements fs.MountSourceOperations, preventing caching. +// +// +stateify savable type superOperations struct{} // Revalidate implements fs.DirentOperations.Revalidate. diff --git a/pkg/sentry/fs/tty/inode.go b/pkg/sentry/fs/tty/inode.go index 04b9a7727..c0fa2b407 100644 --- a/pkg/sentry/fs/tty/inode.go +++ b/pkg/sentry/fs/tty/inode.go @@ -31,6 +31,8 @@ import ( // // * fs.InodeOperations.Release // * fs.InodeOperations.GetFile +// +// +stateify savable type inodeOperations struct { fsutil.DeprecatedFileOperations `state:"nosave"` fsutil.InodeNoExtendedAttributes `state:"nosave"` diff --git a/pkg/sentry/fs/tty/line_discipline.go b/pkg/sentry/fs/tty/line_discipline.go index f094635f5..d243ee40e 100644 --- a/pkg/sentry/fs/tty/line_discipline.go +++ b/pkg/sentry/fs/tty/line_discipline.go @@ -72,6 +72,8 @@ const ( // termiosMu // inQueue.mu // outQueue.mu +// +// +stateify savable type lineDiscipline struct { // inQueue is the input queue of the terminal. inQueue queue @@ -183,6 +185,8 @@ type transformer interface { // outputQueueTransformer implements transformer. It performs line discipline // transformations on the output queue. +// +// +stateify savable type outputQueueTransformer struct{} // transform does output processing for one end of the pty. See @@ -254,6 +258,8 @@ func (*outputQueueTransformer) transform(l *lineDiscipline, q *queue, buf []byte // inputQueueTransformer implements transformer. It performs line discipline // transformations on the input queue. +// +// +stateify savable type inputQueueTransformer struct{} // transform does input processing for one end of the pty. Characters read are diff --git a/pkg/sentry/fs/tty/master.go b/pkg/sentry/fs/tty/master.go index 74cdbe874..c7198e218 100644 --- a/pkg/sentry/fs/tty/master.go +++ b/pkg/sentry/fs/tty/master.go @@ -27,6 +27,8 @@ import ( // masterInodeOperations are the fs.InodeOperations for the master end of the // Terminal (ptmx file). +// +// +stateify savable type masterInodeOperations struct { inodeOperations @@ -96,6 +98,8 @@ func (mi *masterInodeOperations) GetFile(ctx context.Context, d *fs.Dirent, flag } // masterFileOperations are the fs.FileOperations for the master end of a terminal. +// +// +stateify savable type masterFileOperations struct { fsutil.PipeSeek `state:"nosave"` fsutil.NotDirReaddir `state:"nosave"` diff --git a/pkg/sentry/fs/tty/queue.go b/pkg/sentry/fs/tty/queue.go index 026d5e077..42c105abc 100644 --- a/pkg/sentry/fs/tty/queue.go +++ b/pkg/sentry/fs/tty/queue.go @@ -32,11 +32,13 @@ import ( // processed (i.e. undergo termios transformations) as they are added to the // read buffer. The read buffer is readable when its length is nonzero and // readable is true. +// +// +stateify savable type queue struct { // mu protects everything in queue. mu sync.Mutex `state:"nosave"` - waiter.Queue `state:"nosave"` + waiter.Queue `state:"zerovalue"` // readBuf is buffer of data ready to be read when readable is true. // This data has been processed. diff --git a/pkg/sentry/fs/tty/slave.go b/pkg/sentry/fs/tty/slave.go index f5eec726e..1c562b172 100644 --- a/pkg/sentry/fs/tty/slave.go +++ b/pkg/sentry/fs/tty/slave.go @@ -27,6 +27,8 @@ import ( // slaveInodeOperations are the fs.InodeOperations for the slave end of the // Terminal (pts file). +// +// +stateify savable type slaveInodeOperations struct { inodeOperations @@ -86,6 +88,8 @@ func (si *slaveInodeOperations) GetFile(ctx context.Context, d *fs.Dirent, flags } // slaveFileOperations are the fs.FileOperations for the slave end of a terminal. +// +// +stateify savable type slaveFileOperations struct { fsutil.PipeSeek `state:"nosave"` fsutil.NotDirReaddir `state:"nosave"` diff --git a/pkg/sentry/fs/tty/terminal.go b/pkg/sentry/fs/tty/terminal.go index fa5b00409..3cb135124 100644 --- a/pkg/sentry/fs/tty/terminal.go +++ b/pkg/sentry/fs/tty/terminal.go @@ -21,6 +21,8 @@ import ( ) // Terminal is a pseudoterminal. +// +// +stateify savable type Terminal struct { refs.AtomicRefCount diff --git a/pkg/sentry/inet/BUILD b/pkg/sentry/inet/BUILD index eaf8f15b2..159c50efb 100644 --- a/pkg/sentry/inet/BUILD +++ b/pkg/sentry/inet/BUILD @@ -3,26 +3,15 @@ package( licenses = ["notice"], # Apache 2.0 ) -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "inet_state", - srcs = ["inet.go"], - out = "inet_state.go", - package = "inet", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "inet", srcs = [ "context.go", "inet.go", - "inet_state.go", "test_stack.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/inet", - deps = [ - "//pkg/sentry/context", - "//pkg/state", - ], + deps = ["//pkg/sentry/context"], ) diff --git a/pkg/sentry/inet/inet.go b/pkg/sentry/inet/inet.go index e4b326993..e54a61196 100644 --- a/pkg/sentry/inet/inet.go +++ b/pkg/sentry/inet/inet.go @@ -87,6 +87,8 @@ type InterfaceAddr struct { } // TCPBufferSize contains settings controlling TCP buffer sizing. +// +// +stateify savable type TCPBufferSize struct { // Min is the minimum size. Min int diff --git a/pkg/sentry/kernel/BUILD b/pkg/sentry/kernel/BUILD index 1c1633068..69a3fbc45 100644 --- a/pkg/sentry/kernel/BUILD +++ b/pkg/sentry/kernel/BUILD @@ -1,59 +1,7 @@ package(licenses = ["notice"]) # Apache 2.0 load("//tools/go_generics:defs.bzl", "go_template_instance") -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "kernel_state", - srcs = [ - "abstract_socket_namespace.go", - "fd_map.go", - "fs_context.go", - "ipc_namespace.go", - "kernel.go", - "kernel_state.go", - "pending_signals.go", - "pending_signals_state.go", - "process_group_list.go", - "ptrace.go", - "rseq.go", - "session_list.go", - "sessions.go", - "signal.go", - "signal_handlers.go", - "syscalls.go", - "syscalls_state.go", - "syslog.go", - "task.go", - "task_clone.go", - "task_context.go", - "task_exec.go", - "task_exit.go", - "task_list.go", - "task_resources.go", - "task_run.go", - "task_sched.go", - "task_signals.go", - "task_start.go", - "task_syscall.go", - "thread_group.go", - "threads.go", - "timekeeper.go", - "timekeeper_state.go", - "timer.go", - "uts_namespace.go", - "vdso.go", - "version.go", - ], - out = "kernel_autogen_state.go", - imports = [ - "gvisor.googlesource.com/gvisor/pkg/bpf", - "gvisor.googlesource.com/gvisor/pkg/sentry/arch", - "gvisor.googlesource.com/gvisor/pkg/sentry/kernel/kdefs", - "gvisor.googlesource.com/gvisor/pkg/tcpip", - ], - package = "kernel", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_template_instance( name = "pending_signals_list", @@ -119,7 +67,6 @@ go_library( "fs_context.go", "ipc_namespace.go", "kernel.go", - "kernel_autogen_state.go", "kernel_state.go", "pending_signals.go", "pending_signals_list.go", @@ -165,6 +112,11 @@ go_library( "version.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/kernel", + imports = [ + "gvisor.googlesource.com/gvisor/pkg/bpf", + "gvisor.googlesource.com/gvisor/pkg/sentry/arch", + "gvisor.googlesource.com/gvisor/pkg/tcpip", + ], visibility = ["//:sandbox"], deps = [ "//pkg/abi", diff --git a/pkg/sentry/kernel/abstract_socket_namespace.go b/pkg/sentry/kernel/abstract_socket_namespace.go index 014c4a3bf..d6d1d341d 100644 --- a/pkg/sentry/kernel/abstract_socket_namespace.go +++ b/pkg/sentry/kernel/abstract_socket_namespace.go @@ -22,6 +22,7 @@ import ( "gvisor.googlesource.com/gvisor/pkg/tcpip/transport/unix" ) +// +stateify savable type abstractEndpoint struct { ep unix.BoundEndpoint wr *refs.WeakRef @@ -39,6 +40,8 @@ func (e *abstractEndpoint) WeakRefGone() { } // AbstractSocketNamespace is used to implement the Linux abstract socket functionality. +// +// +stateify savable type AbstractSocketNamespace struct { mu sync.Mutex `state:"nosave"` diff --git a/pkg/sentry/kernel/auth/BUILD b/pkg/sentry/kernel/auth/BUILD index 5b7b30557..a81085372 100644 --- a/pkg/sentry/kernel/auth/BUILD +++ b/pkg/sentry/kernel/auth/BUILD @@ -1,20 +1,7 @@ package(licenses = ["notice"]) # Apache 2.0 load("//tools/go_generics:defs.bzl", "go_template_instance") -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "auth_state", - srcs = [ - "credentials.go", - "id.go", - "id_map_range.go", - "id_map_set.go", - "user_namespace.go", - ], - out = "auth_state.go", - package = "auth", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_template_instance( name = "id_map_range", @@ -48,7 +35,6 @@ go_library( name = "auth", srcs = [ "auth.go", - "auth_state.go", "capability_set.go", "context.go", "credentials.go", @@ -66,7 +52,6 @@ go_library( "//pkg/bits", "//pkg/log", "//pkg/sentry/context", - "//pkg/state", "//pkg/syserror", ], ) diff --git a/pkg/sentry/kernel/auth/credentials.go b/pkg/sentry/kernel/auth/credentials.go index f6fb05285..f18f7dac9 100644 --- a/pkg/sentry/kernel/auth/credentials.go +++ b/pkg/sentry/kernel/auth/credentials.go @@ -21,6 +21,8 @@ import ( // Credentials contains information required to authorize privileged operations // in a user namespace. +// +// +stateify savable type Credentials struct { // Real/effective/saved user/group IDs in the root user namespace. None of // these should ever be NoID. diff --git a/pkg/sentry/kernel/auth/id_map.go b/pkg/sentry/kernel/auth/id_map.go index 6adb33530..bd0090e0f 100644 --- a/pkg/sentry/kernel/auth/id_map.go +++ b/pkg/sentry/kernel/auth/id_map.go @@ -77,6 +77,8 @@ func (ns *UserNamespace) allIDsMapped(m *idMapSet, start, end uint32) bool { // An IDMapEntry represents a mapping from a range of contiguous IDs in a user // namespace to an equally-sized range of contiguous IDs in the namespace's // parent. +// +// +stateify savable type IDMapEntry struct { // FirstID is the first ID in the range in the namespace. FirstID uint32 diff --git a/pkg/sentry/kernel/auth/user_namespace.go b/pkg/sentry/kernel/auth/user_namespace.go index 0980aeadf..d359f3f31 100644 --- a/pkg/sentry/kernel/auth/user_namespace.go +++ b/pkg/sentry/kernel/auth/user_namespace.go @@ -23,6 +23,8 @@ import ( // A UserNamespace represents a user namespace. See user_namespaces(7) for // details. +// +// +stateify savable type UserNamespace struct { // parent is this namespace's parent. If this is the root namespace, parent // is nil. The parent pointer is immutable. diff --git a/pkg/sentry/kernel/epoll/BUILD b/pkg/sentry/kernel/epoll/BUILD index 7d491efbc..5e8b36ed6 100644 --- a/pkg/sentry/kernel/epoll/BUILD +++ b/pkg/sentry/kernel/epoll/BUILD @@ -1,22 +1,11 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "epoll_autogen_state", - srcs = [ - "epoll.go", - "epoll_state.go", - ], - out = "epoll_autogen_state.go", - package = "epoll", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_library( name = "epoll", srcs = [ "epoll.go", - "epoll_autogen_state.go", "epoll_state.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/kernel/epoll", @@ -29,9 +18,7 @@ go_library( "//pkg/sentry/fs/anon", "//pkg/sentry/fs/fsutil", "//pkg/sentry/kernel/kdefs", - "//pkg/sentry/kernel/time", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/waiter", ], ) diff --git a/pkg/sentry/kernel/epoll/epoll.go b/pkg/sentry/kernel/epoll/epoll.go index b572fcd7e..d87e64a1c 100644 --- a/pkg/sentry/kernel/epoll/epoll.go +++ b/pkg/sentry/kernel/epoll/epoll.go @@ -58,6 +58,8 @@ const ( // potentially be reassigned. We also cannot use just the file pointer because // it is possible to have multiple entries for the same file object as long as // they are created with different FDs (i.e., the FDs point to the same file). +// +// +stateify savable type FileIdentifier struct { File *fs.File Fd kdefs.FD @@ -65,6 +67,8 @@ type FileIdentifier struct { // pollEntry holds all the state associated with an event poll entry, that is, // a file being observed by an event poll object. +// +// +stateify savable type pollEntry struct { ilist.Entry file *refs.WeakRef `state:"manual"` @@ -92,6 +96,8 @@ func (p *pollEntry) WeakRefGone() { // EventPoll holds all the state associated with an event poll object, that is, // collection of files to observe and their current state. +// +// +stateify savable type EventPoll struct { fsutil.PipeSeek `state:"zerovalue"` fsutil.NotDirReaddir `state:"zerovalue"` @@ -102,7 +108,7 @@ type EventPoll struct { // Wait queue is used to notify interested parties when the event poll // object itself becomes readable or writable. - waiter.Queue + waiter.Queue `state:"zerovalue"` // files is the map of all the files currently being observed, it is // protected by mu. diff --git a/pkg/sentry/kernel/eventfd/BUILD b/pkg/sentry/kernel/eventfd/BUILD index 7ec179bd8..cc1120b4f 100644 --- a/pkg/sentry/kernel/eventfd/BUILD +++ b/pkg/sentry/kernel/eventfd/BUILD @@ -1,33 +1,19 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "eventfd_state", - srcs = [ - "eventfd.go", - ], - out = "eventfd_state.go", - package = "eventfd", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_library( name = "eventfd", - srcs = [ - "eventfd.go", - "eventfd_state.go", - ], + srcs = ["eventfd.go"], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/kernel/eventfd", visibility = ["//pkg/sentry:internal"], deps = [ "//pkg/abi/linux", - "//pkg/refs", "//pkg/sentry/context", "//pkg/sentry/fs", "//pkg/sentry/fs/anon", "//pkg/sentry/fs/fsutil", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", "//pkg/waiter", "//pkg/waiter/fdnotifier", diff --git a/pkg/sentry/kernel/eventfd/eventfd.go b/pkg/sentry/kernel/eventfd/eventfd.go index bd50bd9fe..a4ada0e78 100644 --- a/pkg/sentry/kernel/eventfd/eventfd.go +++ b/pkg/sentry/kernel/eventfd/eventfd.go @@ -35,6 +35,8 @@ import ( // EventOperations represents an event with the semantics of Linux's file-based event // notification (eventfd). Eventfds are usually internal to the Sentry but in certain // situations they may be converted into a host-backed eventfd. +// +// +stateify savable type EventOperations struct { fsutil.NoopRelease `state:"nosave"` fsutil.PipeSeek `state:"nosave"` @@ -49,7 +51,7 @@ type EventOperations struct { // Queue is used to notify interested parties when the event object // becomes readable or writable. - wq waiter.Queue `state:"nosave"` + wq waiter.Queue `state:"zerovalue"` // val is the current value of the event counter. val uint64 diff --git a/pkg/sentry/kernel/fd_map.go b/pkg/sentry/kernel/fd_map.go index 299506330..d5d4aaacb 100644 --- a/pkg/sentry/kernel/fd_map.go +++ b/pkg/sentry/kernel/fd_map.go @@ -46,6 +46,8 @@ func (f FDs) Less(i, j int) bool { } // FDFlags define flags for an individual descriptor. +// +// +stateify savable type FDFlags struct { // CloseOnExec indicates the descriptor should be closed on exec. CloseOnExec bool @@ -69,12 +71,16 @@ func (f FDFlags) ToLinuxFDFlags() (mask uint) { // descriptor holds the details about a file descriptor, namely a pointer the // file itself and the descriptor flags. +// +// +stateify savable type descriptor struct { file *fs.File flags FDFlags } // FDMap is used to manage File references and flags. +// +// +stateify savable type FDMap struct { refs.AtomicRefCount k *Kernel diff --git a/pkg/sentry/kernel/fs_context.go b/pkg/sentry/kernel/fs_context.go index dbc097696..f3f05e8f5 100644 --- a/pkg/sentry/kernel/fs_context.go +++ b/pkg/sentry/kernel/fs_context.go @@ -25,6 +25,8 @@ import ( // FSContext contains filesystem context. // // This includes umask and working directory. +// +// +stateify savable type FSContext struct { refs.AtomicRefCount diff --git a/pkg/sentry/kernel/futex/BUILD b/pkg/sentry/kernel/futex/BUILD index a97a43549..b44a26974 100644 --- a/pkg/sentry/kernel/futex/BUILD +++ b/pkg/sentry/kernel/futex/BUILD @@ -1,7 +1,7 @@ package(licenses = ["notice"]) # Apache 2.0 load("//tools/go_generics:defs.bzl", "go_template_instance") -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_template_instance( name = "waiter_list", @@ -14,29 +14,15 @@ go_template_instance( }, ) -go_stateify( - name = "futex_state", - srcs = [ - "futex.go", - "waiter_list.go", - ], - out = "futex_state.go", - package = "futex", -) - go_library( name = "futex", srcs = [ "futex.go", - "futex_state.go", "waiter_list.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/kernel/futex", visibility = ["//pkg/sentry:internal"], - deps = [ - "//pkg/state", - "//pkg/syserror", - ], + deps = ["//pkg/syserror"], ) go_test( diff --git a/pkg/sentry/kernel/futex/futex.go b/pkg/sentry/kernel/futex/futex.go index 15e3e5e2c..4a1f2a0ef 100644 --- a/pkg/sentry/kernel/futex/futex.go +++ b/pkg/sentry/kernel/futex/futex.go @@ -196,6 +196,8 @@ func bucketIndexForAddr(addr uintptr) uintptr { } // Manager holds futex state for a single virtual address space. +// +// +stateify savable type Manager struct { buckets [bucketCount]bucket `state:"zerovalue"` } diff --git a/pkg/sentry/kernel/ipc_namespace.go b/pkg/sentry/kernel/ipc_namespace.go index a86bda77b..5eef49f59 100644 --- a/pkg/sentry/kernel/ipc_namespace.go +++ b/pkg/sentry/kernel/ipc_namespace.go @@ -21,6 +21,8 @@ import ( ) // IPCNamespace represents an IPC namespace. +// +// +stateify savable type IPCNamespace struct { // User namespace which owns this IPC namespace. Immutable. userNS *auth.UserNamespace diff --git a/pkg/sentry/kernel/kernel.go b/pkg/sentry/kernel/kernel.go index 64439cd9d..419a1d473 100644 --- a/pkg/sentry/kernel/kernel.go +++ b/pkg/sentry/kernel/kernel.go @@ -62,6 +62,8 @@ import ( // Kernel represents an emulated Linux kernel. It must be initialized by calling // Init() or LoadFrom(). +// +// +stateify savable type Kernel struct { // extMu serializes external changes to the Kernel with calls to // Kernel.SaveTo. (Kernel.SaveTo requires that the state of the Kernel @@ -158,7 +160,7 @@ type Kernel struct { // exitErr is the error causing the sandbox to exit, if any. It is // protected by extMu. - exitErr error + exitErr error `state:"nosave"` // danglingEndpoints is used to save / restore tcpip.DanglingEndpoints. danglingEndpoints struct{} `state:".([]tcpip.Endpoint)"` diff --git a/pkg/sentry/kernel/pending_signals.go b/pkg/sentry/kernel/pending_signals.go index 5dc0f266c..06be5a7e1 100644 --- a/pkg/sentry/kernel/pending_signals.go +++ b/pkg/sentry/kernel/pending_signals.go @@ -38,6 +38,8 @@ const ( // pendingSignals holds a collection of pending signals. The zero value of // pendingSignals is a valid empty collection. pendingSignals is thread-unsafe; // users must provide synchronization. +// +// +stateify savable type pendingSignals struct { // signals contains all pending signals. // @@ -52,11 +54,14 @@ type pendingSignals struct { } // pendingSignalQueue holds a pendingSignalList for a single signal number. +// +// +stateify savable type pendingSignalQueue struct { pendingSignalList length int } +// +stateify savable type pendingSignal struct { // pendingSignalEntry links into a pendingSignalList. pendingSignalEntry diff --git a/pkg/sentry/kernel/pipe/BUILD b/pkg/sentry/kernel/pipe/BUILD index 4600d19bd..19b23c6d2 100644 --- a/pkg/sentry/kernel/pipe/BUILD +++ b/pkg/sentry/kernel/pipe/BUILD @@ -1,20 +1,6 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "pipe_state", - srcs = [ - "buffers.go", - "node.go", - "pipe.go", - "reader.go", - "reader_writer.go", - "writer.go", - ], - out = "pipe_state.go", - package = "pipe", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_library( name = "pipe", @@ -23,7 +9,6 @@ go_library( "device.go", "node.go", "pipe.go", - "pipe_state.go", "reader.go", "reader_writer.go", "writer.go", @@ -34,15 +19,12 @@ go_library( "//pkg/abi/linux", "//pkg/amutex", "//pkg/ilist", - "//pkg/log", - "//pkg/refs", "//pkg/sentry/arch", "//pkg/sentry/context", "//pkg/sentry/device", "//pkg/sentry/fs", "//pkg/sentry/fs/fsutil", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", "//pkg/waiter", ], diff --git a/pkg/sentry/kernel/pipe/buffers.go b/pkg/sentry/kernel/pipe/buffers.go index f300537c5..a82e45c3f 100644 --- a/pkg/sentry/kernel/pipe/buffers.go +++ b/pkg/sentry/kernel/pipe/buffers.go @@ -20,6 +20,8 @@ import ( // Buffer encapsulates a queueable byte buffer that can // easily be truncated. It is designed only for use with pipes. +// +// +stateify savable type Buffer struct { ilist.Entry data []byte diff --git a/pkg/sentry/kernel/pipe/node.go b/pkg/sentry/kernel/pipe/node.go index e418cf174..23d692da1 100644 --- a/pkg/sentry/kernel/pipe/node.go +++ b/pkg/sentry/kernel/pipe/node.go @@ -24,6 +24,8 @@ import ( ) // inodeOperations wraps fs.InodeOperations operations with common pipe opening semantics. +// +// +stateify savable type inodeOperations struct { fs.InodeOperations diff --git a/pkg/sentry/kernel/pipe/pipe.go b/pkg/sentry/kernel/pipe/pipe.go index 9a21df5b4..ced2559a7 100644 --- a/pkg/sentry/kernel/pipe/pipe.go +++ b/pkg/sentry/kernel/pipe/pipe.go @@ -41,6 +41,8 @@ const DefaultPipeSize = 65536 // Pipe is an encapsulation of a platform-independent pipe. // It manages a buffered byte queue shared between a reader/writer // pair. +// +// +stateify savable type Pipe struct { waiter.Queue `state:"nosave"` diff --git a/pkg/sentry/kernel/pipe/reader.go b/pkg/sentry/kernel/pipe/reader.go index 40d5e4943..1fa5e9a32 100644 --- a/pkg/sentry/kernel/pipe/reader.go +++ b/pkg/sentry/kernel/pipe/reader.go @@ -20,6 +20,8 @@ import ( // Reader satisfies the fs.FileOperations interface for read-only pipes. // Reader should be used with !fs.FileFlags.Write to reject writes. +// +// +stateify savable type Reader struct { ReaderWriter } diff --git a/pkg/sentry/kernel/pipe/reader_writer.go b/pkg/sentry/kernel/pipe/reader_writer.go index dc642a3a6..82607367b 100644 --- a/pkg/sentry/kernel/pipe/reader_writer.go +++ b/pkg/sentry/kernel/pipe/reader_writer.go @@ -31,6 +31,8 @@ import ( // read and write requests. This should only be used directly for named pipes. // pipe(2) and pipe2(2) only support unidirectional pipes and should use // either pipe.Reader or pipe.Writer. +// +// +stateify savable type ReaderWriter struct { fsutil.PipeSeek `state:"nosave"` fsutil.NotDirReaddir `state:"nosave"` diff --git a/pkg/sentry/kernel/pipe/writer.go b/pkg/sentry/kernel/pipe/writer.go index fd13008ac..d93324b53 100644 --- a/pkg/sentry/kernel/pipe/writer.go +++ b/pkg/sentry/kernel/pipe/writer.go @@ -20,6 +20,8 @@ import ( // Writer satisfies the fs.FileOperations interface for write-only pipes. // Writer should be used with !fs.FileFlags.Read to reject reads. +// +// +stateify savable type Writer struct { ReaderWriter } diff --git a/pkg/sentry/kernel/ptrace.go b/pkg/sentry/kernel/ptrace.go index f1c2c4bf0..e9e69004d 100644 --- a/pkg/sentry/kernel/ptrace.go +++ b/pkg/sentry/kernel/ptrace.go @@ -25,6 +25,8 @@ import ( // ptraceOptions are the subset of options controlling a task's ptrace behavior // that are set by ptrace(PTRACE_SETOPTIONS). +// +// +stateify savable type ptraceOptions struct { // ExitKill is true if the tracee should be sent SIGKILL when the tracer // exits. @@ -185,6 +187,8 @@ func (t *Task) hasTracer() bool { } // ptraceStop is a TaskStop placed on tasks in a ptrace-stop. +// +// +stateify savable type ptraceStop struct { // If frozen is true, the stopped task's tracer is currently operating on // it, so Task.Kill should not remove the stop. diff --git a/pkg/sentry/kernel/rseq.go b/pkg/sentry/kernel/rseq.go index 635372993..1f3de58e3 100644 --- a/pkg/sentry/kernel/rseq.go +++ b/pkg/sentry/kernel/rseq.go @@ -23,6 +23,8 @@ import ( // Restartable sequences, as described in https://lwn.net/Articles/650333/. // RSEQCriticalRegion describes a restartable sequence critical region. +// +// +stateify savable type RSEQCriticalRegion struct { // When a task in this thread group has its CPU preempted (as defined by // platform.ErrContextCPUPreempted) or has a signal delivered to an diff --git a/pkg/sentry/kernel/semaphore/BUILD b/pkg/sentry/kernel/semaphore/BUILD index 969145fe1..e7fa44e2c 100644 --- a/pkg/sentry/kernel/semaphore/BUILD +++ b/pkg/sentry/kernel/semaphore/BUILD @@ -1,7 +1,7 @@ package(licenses = ["notice"]) # Apache 2.0 load("//tools/go_generics:defs.bzl", "go_template_instance") -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_template_instance( name = "waiter_list", @@ -14,21 +14,10 @@ go_template_instance( }, ) -go_stateify( - name = "semaphore_state", - srcs = [ - "semaphore.go", - "waiter_list.go", - ], - out = "semaphore_autogen_state.go", - package = "semaphore", -) - go_library( name = "semaphore", srcs = [ "semaphore.go", - "semaphore_autogen_state.go", "waiter_list.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/kernel/semaphore", @@ -40,8 +29,6 @@ go_library( "//pkg/sentry/fs", "//pkg/sentry/kernel/auth", "//pkg/sentry/kernel/time", - "//pkg/state", - "//pkg/state/statefile", "//pkg/syserror", ], ) diff --git a/pkg/sentry/kernel/semaphore/semaphore.go b/pkg/sentry/kernel/semaphore/semaphore.go index a1ee83ce5..aa07946cf 100644 --- a/pkg/sentry/kernel/semaphore/semaphore.go +++ b/pkg/sentry/kernel/semaphore/semaphore.go @@ -42,6 +42,8 @@ const ( ) // Registry maintains a set of semaphores that can be found by key or ID. +// +// +stateify savable type Registry struct { // userNS owning the ipc name this registry belongs to. Immutable. userNS *auth.UserNamespace @@ -52,6 +54,8 @@ type Registry struct { } // Set represents a set of semaphores that can be operated atomically. +// +// +stateify savable type Set struct { // registry owning this sem set. Immutable. registry *Registry @@ -79,6 +83,8 @@ type Set struct { } // sem represents a single semanphore from a set. +// +// +stateify savable type sem struct { value int16 waiters waiterList `state:"zerovalue"` @@ -86,6 +92,8 @@ type sem struct { // waiter represents a caller that is waiting for the semaphore value to // become positive or zero. +// +// +stateify savable type waiter struct { waiterEntry diff --git a/pkg/sentry/kernel/sessions.go b/pkg/sentry/kernel/sessions.go index fa4c7b8f6..cf4e18805 100644 --- a/pkg/sentry/kernel/sessions.go +++ b/pkg/sentry/kernel/sessions.go @@ -27,6 +27,8 @@ type SessionID ThreadID type ProcessGroupID ThreadID // Session contains a leader threadgroup and a list of ProcessGroups. +// +// +stateify savable type Session struct { refs refs.AtomicRefCount @@ -76,6 +78,8 @@ func (s *Session) decRef() { } // ProcessGroup contains an originator threadgroup and a parent Session. +// +// +stateify savable type ProcessGroup struct { refs refs.AtomicRefCount // not exported. diff --git a/pkg/sentry/kernel/shm/BUILD b/pkg/sentry/kernel/shm/BUILD index 0f88eb0ac..40e641355 100644 --- a/pkg/sentry/kernel/shm/BUILD +++ b/pkg/sentry/kernel/shm/BUILD @@ -1,22 +1,12 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "shm_state", - srcs = [ - "shm.go", - ], - out = "shm_autogen_state.go", - package = "shm", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "shm", srcs = [ "device.go", "shm.go", - "shm_autogen_state.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/kernel/shm", visibility = ["//pkg/sentry:internal"], @@ -33,7 +23,6 @@ go_library( "//pkg/sentry/platform", "//pkg/sentry/usage", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", ], ) diff --git a/pkg/sentry/kernel/shm/shm.go b/pkg/sentry/kernel/shm/shm.go index 7217e8103..1ac444094 100644 --- a/pkg/sentry/kernel/shm/shm.go +++ b/pkg/sentry/kernel/shm/shm.go @@ -72,6 +72,8 @@ const ( // Registry tracks all shared memory segments in an IPC namespace. The registry // provides the mechanisms for creating and finding segments, and reporting // global shm parameters. +// +// +stateify savable type Registry struct { // userNS owns the IPC namespace this registry belong to. Immutable. userNS *auth.UserNamespace @@ -288,6 +290,8 @@ func (r *Registry) remove(s *Shm) { // shmctl(SHM_RMID). // // Shm implements memmap.Mappable and memmap.MappingIdentity. +// +// +stateify savable type Shm struct { // AtomicRefCount tracks the number of references to this segment from // maps. A segment always holds a reference to itself, until it's marked for diff --git a/pkg/sentry/kernel/signal_handlers.go b/pkg/sentry/kernel/signal_handlers.go index 21ba4ee70..3649f5e4d 100644 --- a/pkg/sentry/kernel/signal_handlers.go +++ b/pkg/sentry/kernel/signal_handlers.go @@ -22,6 +22,8 @@ import ( ) // SignalHandlers holds information about signal actions. +// +// +stateify savable type SignalHandlers struct { // mu protects actions, as well as the signal state of all tasks and thread // groups using this SignalHandlers object. (See comment on diff --git a/pkg/sentry/kernel/syscalls.go b/pkg/sentry/kernel/syscalls.go index e20fa3eb6..4c7811b6c 100644 --- a/pkg/sentry/kernel/syscalls.go +++ b/pkg/sentry/kernel/syscalls.go @@ -176,6 +176,8 @@ type Stracer interface { // SyscallTable is a lookup table of system calls. Critically, a SyscallTable // is *immutable*. In order to make supporting suspend and resume sane, they // must be uniquely registered and may not change during operation. +// +// +stateify savable type SyscallTable struct { // OS is the operating system that this syscall table implements. OS abi.OS `state:"wait"` diff --git a/pkg/sentry/kernel/syslog.go b/pkg/sentry/kernel/syslog.go index 31541749e..125312b6a 100644 --- a/pkg/sentry/kernel/syslog.go +++ b/pkg/sentry/kernel/syslog.go @@ -23,6 +23,8 @@ import ( // syslog represents a sentry-global kernel log. // // Currently, it contains only fun messages for a dmesg easter egg. +// +// +stateify savable type syslog struct { // mu protects the below. mu sync.Mutex `state:"nosave"` diff --git a/pkg/sentry/kernel/task.go b/pkg/sentry/kernel/task.go index e705260da..19029adb1 100644 --- a/pkg/sentry/kernel/task.go +++ b/pkg/sentry/kernel/task.go @@ -52,6 +52,8 @@ import ( // All fields that are "exclusive to the task goroutine" can only be accessed // by the task goroutine while it is running. The task goroutine does not // require synchronization to read or write these fields. +// +// +stateify savable type Task struct { taskNode diff --git a/pkg/sentry/kernel/task_clone.go b/pkg/sentry/kernel/task_clone.go index 3b77a4965..526165af0 100644 --- a/pkg/sentry/kernel/task_clone.go +++ b/pkg/sentry/kernel/task_clone.go @@ -352,6 +352,7 @@ func (t *Task) unstopVforkParent() { } } +// +stateify savable type runSyscallAfterPtraceEventClone struct { vforkChild *Task @@ -369,6 +370,7 @@ func (r *runSyscallAfterPtraceEventClone) execute(t *Task) taskRunState { return (*runSyscallExit)(nil) } +// +stateify savable type runSyscallAfterVforkStop struct { // childTID has the same meaning as // runSyscallAfterPtraceEventClone.vforkChildTID. @@ -474,6 +476,8 @@ func (t *Task) Unshare(opts *SharingOptions) error { // current MM. (Normally, CLONE_VFORK is used in conjunction with CLONE_VM, so // that the child and parent share mappings until the child execve()s into a // new process image or exits.) +// +// +stateify savable type vforkStop struct{} // StopIgnoresKill implements TaskStop.Killable. diff --git a/pkg/sentry/kernel/task_context.go b/pkg/sentry/kernel/task_context.go index 5c563ba08..9a59cbd33 100644 --- a/pkg/sentry/kernel/task_context.go +++ b/pkg/sentry/kernel/task_context.go @@ -35,6 +35,8 @@ var ErrNoSyscalls = errors.New("no syscall table found") type Auxmap map[string]interface{} // TaskContext is the subset of a task's data that is provided by the loader. +// +// +stateify savable type TaskContext struct { // Name is the thread name set by the prctl(PR_SET_NAME) system call. Name string diff --git a/pkg/sentry/kernel/task_exec.go b/pkg/sentry/kernel/task_exec.go index 2285847a2..385299b24 100644 --- a/pkg/sentry/kernel/task_exec.go +++ b/pkg/sentry/kernel/task_exec.go @@ -73,6 +73,8 @@ import ( // execStop is a TaskStop that a task sets on itself when it wants to execve // and is waiting for the other tasks in its thread group to exit first. +// +// +stateify savable type execStop struct{} // Killable implements TaskStop.Killable. @@ -119,6 +121,8 @@ func (t *Task) Execve(newTC *TaskContext) (*SyscallControl, error) { // The runSyscallAfterExecStop state continues execve(2) after all siblings of // a thread in the execve syscall have exited. +// +// +stateify savable type runSyscallAfterExecStop struct { tc *TaskContext } diff --git a/pkg/sentry/kernel/task_exit.go b/pkg/sentry/kernel/task_exit.go index d6604f37b..b16844e91 100644 --- a/pkg/sentry/kernel/task_exit.go +++ b/pkg/sentry/kernel/task_exit.go @@ -38,6 +38,8 @@ import ( // An ExitStatus is a value communicated from an exiting task or thread group // to the party that reaps it. +// +// +stateify savable type ExitStatus struct { // Code is the numeric value passed to the call to exit or exit_group that // caused the exit. If the exit was not caused by such a call, Code is 0. @@ -222,6 +224,8 @@ func (t *Task) advanceExitStateLocked(oldExit, newExit TaskExitState) { } // runExit is the entry point into the task exit path. +// +// +stateify savable type runExit struct{} func (*runExit) execute(t *Task) taskRunState { @@ -229,6 +233,7 @@ func (*runExit) execute(t *Task) taskRunState { return (*runExitMain)(nil) } +// +stateify savable type runExitMain struct{} func (*runExitMain) execute(t *Task) taskRunState { @@ -531,6 +536,7 @@ func (t *Task) reparentLocked(parent *Task) { // tracer (if one exists) and reaps the leader immediately. In Linux, this is // in fs/exec.c:de_thread(); in the sentry, this is in Task.promoteLocked(). +// +stateify savable type runExitNotify struct{} func (*runExitNotify) execute(t *Task) taskRunState { diff --git a/pkg/sentry/kernel/task_resources.go b/pkg/sentry/kernel/task_resources.go index 4ca25664a..0832bf989 100644 --- a/pkg/sentry/kernel/task_resources.go +++ b/pkg/sentry/kernel/task_resources.go @@ -21,6 +21,8 @@ import ( // TaskResources is the subset of a task's data provided by its creator that is // not provided by the loader. +// +// +stateify savable type TaskResources struct { // SignalMask is the set of signals whose delivery is currently blocked. // diff --git a/pkg/sentry/kernel/task_run.go b/pkg/sentry/kernel/task_run.go index a03fa6ac0..8dd0ef6ea 100644 --- a/pkg/sentry/kernel/task_run.go +++ b/pkg/sentry/kernel/task_run.go @@ -131,6 +131,8 @@ func (t *Task) doStop() { // The runApp state checks for interrupts before executing untrusted // application code. +// +// +stateify savable type runApp struct{} func (*runApp) execute(t *Task) taskRunState { diff --git a/pkg/sentry/kernel/task_sched.go b/pkg/sentry/kernel/task_sched.go index b50139077..49141ab74 100644 --- a/pkg/sentry/kernel/task_sched.go +++ b/pkg/sentry/kernel/task_sched.go @@ -65,6 +65,8 @@ const ( // TaskGoroutineSchedInfo contains task goroutine scheduling state which must // be read and updated atomically. +// +// +stateify savable type TaskGoroutineSchedInfo struct { // Timestamp was the value of Kernel.cpuClock when this // TaskGoroutineSchedInfo was last updated. diff --git a/pkg/sentry/kernel/task_signals.go b/pkg/sentry/kernel/task_signals.go index 91f6c0874..62ec530be 100644 --- a/pkg/sentry/kernel/task_signals.go +++ b/pkg/sentry/kernel/task_signals.go @@ -748,6 +748,8 @@ func (t *Task) CopyInSignalStack(addr usermem.Addr) (arch.SignalStack, error) { // groupStop is a TaskStop placed on tasks that have received a stop signal // (SIGSTOP, SIGTSTP, SIGTTIN, SIGTTOU). (The term "group-stop" originates from // the ptrace man page.) +// +// +stateify savable type groupStop struct{} // Killable implements TaskStop.Killable. @@ -881,6 +883,8 @@ func (t *Task) signalStop(target *Task, code int32, status int32) { } // The runInterrupt state handles conditions indicated by interrupts. +// +// +stateify savable type runInterrupt struct{} func (*runInterrupt) execute(t *Task) taskRunState { @@ -1020,6 +1024,7 @@ func (*runInterrupt) execute(t *Task) taskRunState { return (*runApp)(nil) } +// +stateify savable type runInterruptAfterSignalDeliveryStop struct{} func (*runInterruptAfterSignalDeliveryStop) execute(t *Task) taskRunState { diff --git a/pkg/sentry/kernel/task_syscall.go b/pkg/sentry/kernel/task_syscall.go index 92ca0acd9..f0373c375 100644 --- a/pkg/sentry/kernel/task_syscall.go +++ b/pkg/sentry/kernel/task_syscall.go @@ -241,6 +241,7 @@ func (t *Task) doSyscallEnter(sysno uintptr, args arch.SyscallArguments) taskRun return t.doSyscallInvoke(sysno, args) } +// +stateify savable type runSyscallAfterSyscallEnterStop struct{} func (*runSyscallAfterSyscallEnterStop) execute(t *Task) taskRunState { @@ -260,6 +261,7 @@ func (*runSyscallAfterSyscallEnterStop) execute(t *Task) taskRunState { return t.doSyscallInvoke(sysno, args) } +// +stateify savable type runSyscallAfterSysemuStop struct{} func (*runSyscallAfterSysemuStop) execute(t *Task) taskRunState { @@ -294,6 +296,7 @@ func (t *Task) doSyscallInvoke(sysno uintptr, args arch.SyscallArguments) taskRu return (*runSyscallExit)(nil).execute(t) } +// +stateify savable type runSyscallReinvoke struct{} func (*runSyscallReinvoke) execute(t *Task) taskRunState { @@ -310,6 +313,7 @@ func (*runSyscallReinvoke) execute(t *Task) taskRunState { return t.doSyscallInvoke(sysno, args) } +// +stateify savable type runSyscallExit struct{} func (*runSyscallExit) execute(t *Task) taskRunState { diff --git a/pkg/sentry/kernel/thread_group.go b/pkg/sentry/kernel/thread_group.go index 8fffd3446..441b8a822 100644 --- a/pkg/sentry/kernel/thread_group.go +++ b/pkg/sentry/kernel/thread_group.go @@ -28,6 +28,8 @@ import ( // groups" are usually called "processes" in userspace documentation.) // // ThreadGroup is a superset of Linux's struct signal_struct. +// +// +stateify savable type ThreadGroup struct { threadGroupNode diff --git a/pkg/sentry/kernel/threads.go b/pkg/sentry/kernel/threads.go index 440da9dad..844213c35 100644 --- a/pkg/sentry/kernel/threads.go +++ b/pkg/sentry/kernel/threads.go @@ -50,6 +50,8 @@ func (tid ThreadID) String() string { const InitTID ThreadID = 1 // A TaskSet comprises all tasks in a system. +// +// +stateify savable type TaskSet struct { // mu protects all relationships betweens tasks and thread groups in the // TaskSet. (mu is approximately equivalent to Linux's tasklist_lock.) @@ -110,6 +112,8 @@ func (ts *TaskSet) forEachThreadGroupLocked(f func(tg *ThreadGroup)) { // // N.B. A task is said to be visible in a PID namespace if the PID namespace // contains a thread ID that maps to that task. +// +// +stateify savable type PIDNamespace struct { // owner is the TaskSet that this PID namespace belongs to. The owner // pointer is immutable. @@ -263,6 +267,8 @@ func (ns *PIDNamespace) UserNamespace() *auth.UserNamespace { // (threadGroupNode is an anonymous field in ThreadGroup; this is to expose // threadGroupEntry's methods on ThreadGroup to make it implement // threadGroupLinker.) +// +// +stateify savable type threadGroupNode struct { // pidns is the PID namespace containing the thread group and all of its // member tasks. The pidns pointer is immutable. @@ -382,6 +388,8 @@ func (tg *ThreadGroup) ID() ThreadID { // A taskNode defines the relationship between a task and the rest of the // system. The comments on threadGroupNode also apply to taskNode. +// +// +stateify savable type taskNode struct { // tg is the thread group that this task belongs to. The tg pointer is // immutable. diff --git a/pkg/sentry/kernel/time/BUILD b/pkg/sentry/kernel/time/BUILD index b3ed42aa4..5d8db2273 100644 --- a/pkg/sentry/kernel/time/BUILD +++ b/pkg/sentry/kernel/time/BUILD @@ -1,30 +1,18 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "time_state", - srcs = [ - "time.go", - ], - out = "time_state.go", - package = "time", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "time", srcs = [ "context.go", "time.go", - "time_state.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/kernel/time", visibility = ["//pkg/sentry:internal"], deps = [ "//pkg/abi/linux", - "//pkg/log", "//pkg/sentry/context", - "//pkg/state", "//pkg/syserror", "//pkg/waiter", ], diff --git a/pkg/sentry/kernel/time/time.go b/pkg/sentry/kernel/time/time.go index c223c2f19..6eadd2878 100644 --- a/pkg/sentry/kernel/time/time.go +++ b/pkg/sentry/kernel/time/time.go @@ -42,6 +42,8 @@ const ( // // Time may represent time with respect to any clock and may not have any // meaning in the real world. +// +// +stateify savable type Time struct { ns int64 } @@ -286,6 +288,8 @@ type TimerListener interface { } // Setting contains user-controlled mutable Timer properties. +// +// +stateify savable type Setting struct { // Enabled is true if the timer is running. Enabled bool @@ -371,6 +375,8 @@ func (s Setting) advancedTo(now Time) (Setting, uint64) { // // Timers should be created using NewTimer and must be cleaned up by calling // Timer.Destroy when no longer used. +// +// +stateify savable type Timer struct { // clock is the time source. clock is immutable. clock Clock diff --git a/pkg/sentry/kernel/timekeeper.go b/pkg/sentry/kernel/timekeeper.go index 4de8ac13b..df5dbe128 100644 --- a/pkg/sentry/kernel/timekeeper.go +++ b/pkg/sentry/kernel/timekeeper.go @@ -25,6 +25,8 @@ import ( ) // Timekeeper manages all of the kernel clocks. +// +// +stateify savable type Timekeeper struct { // clocks are the clock sources. // diff --git a/pkg/sentry/kernel/timer.go b/pkg/sentry/kernel/timer.go index 03a3310be..534d03d0f 100644 --- a/pkg/sentry/kernel/timer.go +++ b/pkg/sentry/kernel/timer.go @@ -26,6 +26,8 @@ import ( // timekeeperClock is a ktime.Clock that reads time from a // kernel.Timekeeper-managed clock. +// +// +stateify savable type timekeeperClock struct { tk *Timekeeper c sentrytime.ClockID @@ -49,6 +51,8 @@ func (tc *timekeeperClock) Now() ktime.Time { // tgClock is a ktime.Clock that measures the time a thread group has spent // executing. +// +// +stateify savable type tgClock struct { tg *ThreadGroup @@ -155,6 +159,8 @@ func (tc *taskClock) Now() ktime.Time { } // signalNotifier is a ktime.Listener that sends signals to a ThreadGroup. +// +// +stateify savable type signalNotifier struct { tg *ThreadGroup signal linux.Signal @@ -179,6 +185,8 @@ func (s *signalNotifier) Notify(exp uint64) { func (s *signalNotifier) Destroy() {} // TimerManager is a collection of supported process cpu timers. +// +// +stateify savable type TimerManager struct { // Clocks used to drive thread group execution time timers. virtClock *tgClock diff --git a/pkg/sentry/kernel/uts_namespace.go b/pkg/sentry/kernel/uts_namespace.go index 58e9b4d1b..7e0fe0d21 100644 --- a/pkg/sentry/kernel/uts_namespace.go +++ b/pkg/sentry/kernel/uts_namespace.go @@ -22,6 +22,8 @@ import ( // UTSNamespace represents a UTS namespace, a holder of two system identifiers: // the hostname and domain name. +// +// +stateify savable type UTSNamespace struct { // mu protects all fields below. mu sync.Mutex `state:"nosave"` diff --git a/pkg/sentry/kernel/vdso.go b/pkg/sentry/kernel/vdso.go index 0bacbea49..971e8bc59 100644 --- a/pkg/sentry/kernel/vdso.go +++ b/pkg/sentry/kernel/vdso.go @@ -52,6 +52,8 @@ type vdsoParams struct { // Everything in the struct is 8 bytes for easy alignment. // // It must be kept in sync with params in vdso/vdso_time.cc. +// +// +stateify savable type VDSOParamPage struct { // The parameter page is fr, allocated from platform.Memory(). platform platform.Platform diff --git a/pkg/sentry/limits/BUILD b/pkg/sentry/limits/BUILD index 3ce41cacc..90f4395d4 100644 --- a/pkg/sentry/limits/BUILD +++ b/pkg/sentry/limits/BUILD @@ -1,22 +1,12 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "limits_state", - srcs = [ - "limits.go", - ], - out = "limits_state.go", - package = "limits", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_library( name = "limits", srcs = [ "context.go", "limits.go", - "limits_state.go", "linux.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/limits", @@ -24,7 +14,6 @@ go_library( deps = [ "//pkg/abi/linux", "//pkg/sentry/context", - "//pkg/state", ], ) diff --git a/pkg/sentry/limits/limits.go b/pkg/sentry/limits/limits.go index 4230ba958..02c8b60e3 100644 --- a/pkg/sentry/limits/limits.go +++ b/pkg/sentry/limits/limits.go @@ -47,6 +47,8 @@ const ( const Infinity = ^uint64(0) // Limit specifies a system limit. +// +// +stateify savable type Limit struct { // Cur specifies the current limit. Cur uint64 @@ -55,6 +57,8 @@ type Limit struct { } // LimitSet represents the Limits that correspond to each LimitType. +// +// +stateify savable type LimitSet struct { mu sync.Mutex `state:"nosave"` data map[LimitType]Limit diff --git a/pkg/sentry/loader/BUILD b/pkg/sentry/loader/BUILD index e63052c6d..0beb4561b 100644 --- a/pkg/sentry/loader/BUILD +++ b/pkg/sentry/loader/BUILD @@ -1,7 +1,7 @@ package(licenses = ["notice"]) # Apache 2.0 load("@io_bazel_rules_go//go:def.bzl", "go_embed_data") -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") +load("//tools/go_stateify:defs.bzl", "go_library") go_embed_data( name = "vdso_bin", @@ -10,23 +10,12 @@ go_embed_data( var = "vdsoBin", ) -go_stateify( - name = "loader_state", - srcs = [ - "vdso.go", - "vdso_state.go", - ], - out = "loader_state.go", - package = "loader", -) - go_library( name = "loader", srcs = [ "elf.go", "interpreter.go", "loader.go", - "loader_state.go", "vdso.go", "vdso_state.go", ":vdso_bin", @@ -40,7 +29,6 @@ go_library( "//pkg/cpuid", "//pkg/log", "//pkg/rand", - "//pkg/refs", "//pkg/sentry/arch", "//pkg/sentry/context", "//pkg/sentry/fs", @@ -55,7 +43,6 @@ go_library( "//pkg/sentry/uniqueid", "//pkg/sentry/usage", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", "//pkg/waiter", ], diff --git a/pkg/sentry/loader/vdso.go b/pkg/sentry/loader/vdso.go index 2e8693f8e..a06e27ac9 100644 --- a/pkg/sentry/loader/vdso.go +++ b/pkg/sentry/loader/vdso.go @@ -193,6 +193,8 @@ func validateVDSO(ctx context.Context, f *fs.File, size uint64) (elfInfo, error) // // NOTE: to support multiple architectures or operating systems, this // would need to contain a VDSO for each. +// +// +stateify savable type VDSO struct { // ParamPage is the VDSO parameter page. This page should be updated to // inform the VDSO for timekeeping data. diff --git a/pkg/sentry/loader/vdso_state.go b/pkg/sentry/loader/vdso_state.go index 92004ad9e..dc71e1c2d 100644 --- a/pkg/sentry/loader/vdso_state.go +++ b/pkg/sentry/loader/vdso_state.go @@ -18,6 +18,7 @@ import ( "debug/elf" ) +// +stateify savable type elfProgHeader struct { Type elf.ProgType Flags elf.ProgFlag diff --git a/pkg/sentry/memmap/BUILD b/pkg/sentry/memmap/BUILD index 2e367e189..c9e0b95a0 100644 --- a/pkg/sentry/memmap/BUILD +++ b/pkg/sentry/memmap/BUILD @@ -1,18 +1,7 @@ package(licenses = ["notice"]) # Apache 2.0 load("//tools/go_generics:defs.bzl", "go_template_instance") -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "memmap_state", - srcs = [ - "mappable_range.go", - "mapping_set.go", - "mapping_set_impl.go", - ], - out = "memmap_state.go", - package = "memmap", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_template_instance( name = "mappable_range", @@ -46,7 +35,6 @@ go_library( "mapping_set.go", "mapping_set_impl.go", "memmap.go", - "memmap_state.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/memmap", visibility = ["//pkg/sentry:internal"], @@ -56,7 +44,6 @@ go_library( "//pkg/sentry/context", "//pkg/sentry/platform", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", ], ) diff --git a/pkg/sentry/memmap/mapping_set.go b/pkg/sentry/memmap/mapping_set.go index 0cd42ffbf..c9483905d 100644 --- a/pkg/sentry/memmap/mapping_set.go +++ b/pkg/sentry/memmap/mapping_set.go @@ -35,6 +35,8 @@ import ( type MappingsOfRange map[MappingOfRange]struct{} // MappingOfRange represents a mapping of a MappableRange. +// +// +stateify savable type MappingOfRange struct { MappingSpace MappingSpace AddrRange usermem.AddrRange diff --git a/pkg/sentry/mm/BUILD b/pkg/sentry/mm/BUILD index 3f396986a..bbdfae247 100644 --- a/pkg/sentry/mm/BUILD +++ b/pkg/sentry/mm/BUILD @@ -1,24 +1,7 @@ package(licenses = ["notice"]) # Apache 2.0 load("//tools/go_generics:defs.bzl", "go_template_instance") -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "mm_state", - srcs = [ - "aio_context.go", - "aio_context_state.go", - "file_refcount_set.go", - "io_list.go", - "mm.go", - "pma_set.go", - "save_restore.go", - "special_mappable.go", - "vma_set.go", - ], - out = "mm_state.go", - package = "mm", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_template_instance( name = "file_refcount_set", @@ -101,7 +84,6 @@ go_library( "lifecycle.go", "metadata.go", "mm.go", - "mm_state.go", "pma.go", "pma_set.go", "proc_pid_maps.go", @@ -131,7 +113,6 @@ go_library( "//pkg/sentry/safemem", "//pkg/sentry/usage", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/sync", "//pkg/syserror", "//pkg/tcpip/buffer", diff --git a/pkg/sentry/mm/aio_context.go b/pkg/sentry/mm/aio_context.go index 992bde5a5..b42156d45 100644 --- a/pkg/sentry/mm/aio_context.go +++ b/pkg/sentry/mm/aio_context.go @@ -28,6 +28,8 @@ import ( ) // aioManager creates and manages asynchronous I/O contexts. +// +// +stateify savable type aioManager struct { // mu protects below. mu sync.Mutex `state:"nosave"` @@ -89,12 +91,16 @@ func (a *aioManager) lookupAIOContext(id uint64) (*AIOContext, bool) { } // ioResult is a completed I/O operation. +// +// +stateify savable type ioResult struct { data interface{} ioEntry } // AIOContext is a single asynchronous I/O context. +// +// +stateify savable type AIOContext struct { // done is the notification channel used for all requests. done chan struct{} `state:"nosave"` @@ -190,6 +196,8 @@ func (ctx *AIOContext) WaitChannel() (chan struct{}, bool) { // aioMappable implements memmap.MappingIdentity and memmap.Mappable for AIO // ring buffers. +// +// +stateify savable type aioMappable struct { refs.AtomicRefCount diff --git a/pkg/sentry/mm/mm.go b/pkg/sentry/mm/mm.go index ce8097b7f..3299ae164 100644 --- a/pkg/sentry/mm/mm.go +++ b/pkg/sentry/mm/mm.go @@ -46,6 +46,8 @@ import ( ) // MemoryManager implements a virtual address space. +// +// +stateify savable type MemoryManager struct { // p is the platform. // @@ -207,6 +209,8 @@ type MemoryManager struct { } // vma represents a virtual memory area. +// +// +stateify savable type vma struct { // mappable is the virtual memory object mapped by this vma. If mappable is // nil, the vma represents a private anonymous mapping. @@ -346,6 +350,8 @@ func (v *vma) loadRealPerms(b int) { } // pma represents a platform mapping area. +// +// +stateify savable type pma struct { // file is the file mapped by this pma. Only pmas for which file == // platform.Platform.Memory() may be saved. pmas hold a reference to the @@ -380,6 +386,7 @@ type pma struct { internalMappings safemem.BlockSeq `state:"nosave"` } +// +stateify savable type privateRefs struct { mu sync.Mutex `state:"nosave"` diff --git a/pkg/sentry/mm/special_mappable.go b/pkg/sentry/mm/special_mappable.go index 9d3614034..aa2f87107 100644 --- a/pkg/sentry/mm/special_mappable.go +++ b/pkg/sentry/mm/special_mappable.go @@ -28,6 +28,8 @@ import ( // semantics similar to Linux's mm/mmap.c:_install_special_mapping(), except // that SpecialMappable takes ownership of the memory that it represents // (_install_special_mapping() does not.) +// +// +stateify savable type SpecialMappable struct { refs.AtomicRefCount diff --git a/pkg/sentry/platform/BUILD b/pkg/sentry/platform/BUILD index 15a7fbbc3..af9ba5394 100644 --- a/pkg/sentry/platform/BUILD +++ b/pkg/sentry/platform/BUILD @@ -1,16 +1,7 @@ package(licenses = ["notice"]) # Apache 2.0 load("//tools/go_generics:defs.bzl", "go_template_instance") -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "platform_state", - srcs = [ - "file_range.go", - ], - out = "platform_state.go", - package = "platform", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_template_instance( name = "file_range", @@ -30,7 +21,6 @@ go_library( "file_range.go", "mmap_min_addr.go", "platform.go", - "platform_state.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/platform", visibility = ["//pkg/sentry:internal"], @@ -44,7 +34,6 @@ go_library( "//pkg/sentry/safemem", "//pkg/sentry/usage", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", ], ) diff --git a/pkg/sentry/platform/filemem/BUILD b/pkg/sentry/platform/filemem/BUILD index dadba1d38..2a5982763 100644 --- a/pkg/sentry/platform/filemem/BUILD +++ b/pkg/sentry/platform/filemem/BUILD @@ -1,18 +1,7 @@ package(licenses = ["notice"]) # Apache 2.0 load("//tools/go_generics:defs.bzl", "go_template_instance") -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "filemem_autogen_state", - srcs = [ - "filemem.go", - "filemem_state.go", - "usage_set.go", - ], - out = "filemem_autogen_state.go", - package = "filemem", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_template_instance( name = "usage_set", @@ -38,7 +27,6 @@ go_library( name = "filemem", srcs = [ "filemem.go", - "filemem_autogen_state.go", "filemem_state.go", "filemem_unsafe.go", "usage_set.go", diff --git a/pkg/sentry/platform/filemem/filemem.go b/pkg/sentry/platform/filemem/filemem.go index 870274ae1..feb020ef8 100644 --- a/pkg/sentry/platform/filemem/filemem.go +++ b/pkg/sentry/platform/filemem/filemem.go @@ -155,6 +155,8 @@ type FileMem struct { } // usage tracks usage information. +// +// +stateify savable type usageInfo struct { // kind is the usage kind. kind usage.MemoryKind diff --git a/pkg/sentry/socket/BUILD b/pkg/sentry/socket/BUILD index 929787aa0..a320fca0b 100644 --- a/pkg/sentry/socket/BUILD +++ b/pkg/sentry/socket/BUILD @@ -1,22 +1,10 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "socket_state", - srcs = [ - "socket.go", - ], - out = "socket_state_autogen.go", - package = "socket", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "socket", - srcs = [ - "socket.go", - "socket_state_autogen.go", - ], + srcs = ["socket.go"], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/socket", visibility = ["//pkg/sentry:internal"], deps = [ @@ -29,7 +17,6 @@ go_library( "//pkg/sentry/kernel/kdefs", "//pkg/sentry/kernel/time", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserr", "//pkg/tcpip", "//pkg/tcpip/transport/unix", diff --git a/pkg/sentry/socket/control/BUILD b/pkg/sentry/socket/control/BUILD index faf2b4c27..c4874fdfb 100644 --- a/pkg/sentry/socket/control/BUILD +++ b/pkg/sentry/socket/control/BUILD @@ -1,26 +1,14 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "control_state", - srcs = [ - "control.go", - ], - out = "control_state.go", - imports = [ - "gvisor.googlesource.com/gvisor/pkg/sentry/fs", - ], - package = "control", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "control", - srcs = [ - "control.go", - "control_state.go", - ], + srcs = ["control.go"], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/socket/control", + imports = [ + "gvisor.googlesource.com/gvisor/pkg/sentry/fs", + ], visibility = ["//pkg/sentry:internal"], deps = [ "//pkg/abi/linux", @@ -31,7 +19,6 @@ go_library( "//pkg/sentry/kernel/auth", "//pkg/sentry/kernel/kdefs", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserror", "//pkg/tcpip/transport/unix", ], diff --git a/pkg/sentry/socket/control/control.go b/pkg/sentry/socket/control/control.go index 17ecdd11c..c31182e69 100644 --- a/pkg/sentry/socket/control/control.go +++ b/pkg/sentry/socket/control/control.go @@ -51,6 +51,8 @@ type SCMRights interface { // RightsFiles represents a SCM_RIGHTS socket control message. A reference is // maintained for each fs.File and is release either when an FD is created or // when the Release method is called. +// +// +stateify savable type RightsFiles []*fs.File // NewSCMRights creates a new SCM_RIGHTS socket control message representation @@ -128,6 +130,8 @@ func PackRights(t *kernel.Task, rights SCMRights, cloexec bool, buf []byte) []by } // scmCredentials represents an SCM_CREDENTIALS socket control message. +// +// +stateify savable type scmCredentials struct { t *kernel.Task kuid auth.KUID diff --git a/pkg/sentry/socket/epsocket/BUILD b/pkg/sentry/socket/epsocket/BUILD index 7ad5e88c5..49af8db85 100644 --- a/pkg/sentry/socket/epsocket/BUILD +++ b/pkg/sentry/socket/epsocket/BUILD @@ -1,24 +1,12 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "epsocket_state", - srcs = [ - "epsocket.go", - "save_restore.go", - "stack.go", - ], - out = "epsocket_state.go", - package = "epsocket", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "epsocket", srcs = [ "device.go", "epsocket.go", - "epsocket_state.go", "provider.go", "save_restore.go", "stack.go", @@ -31,7 +19,6 @@ go_library( "//pkg/abi/linux", "//pkg/binary", "//pkg/log", - "//pkg/refs", "//pkg/sentry/arch", "//pkg/sentry/context", "//pkg/sentry/device", @@ -44,7 +31,6 @@ go_library( "//pkg/sentry/safemem", "//pkg/sentry/socket", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserr", "//pkg/syserror", "//pkg/tcpip", diff --git a/pkg/sentry/socket/epsocket/epsocket.go b/pkg/sentry/socket/epsocket/epsocket.go index a2927e1b9..f969a1d7c 100644 --- a/pkg/sentry/socket/epsocket/epsocket.go +++ b/pkg/sentry/socket/epsocket/epsocket.go @@ -95,6 +95,8 @@ type commonEndpoint interface { // SocketOperations encapsulates all the state needed to represent a network stack // endpoint in the kernel context. +// +// +stateify savable type SocketOperations struct { socket.ReceiveTimeout fsutil.PipeSeek `state:"nosave"` diff --git a/pkg/sentry/socket/epsocket/stack.go b/pkg/sentry/socket/epsocket/stack.go index ec1d96ccb..12b4b4767 100644 --- a/pkg/sentry/socket/epsocket/stack.go +++ b/pkg/sentry/socket/epsocket/stack.go @@ -26,6 +26,8 @@ import ( ) // Stack implements inet.Stack for netstack/tcpip/stack.Stack. +// +// +stateify savable type Stack struct { Stack *stack.Stack `state:"manual"` } diff --git a/pkg/sentry/socket/hostinet/BUILD b/pkg/sentry/socket/hostinet/BUILD index 227ca3926..d623718b3 100644 --- a/pkg/sentry/socket/hostinet/BUILD +++ b/pkg/sentry/socket/hostinet/BUILD @@ -1,24 +1,12 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "hostinet_state", - srcs = [ - "save_restore.go", - "socket.go", - "stack.go", - ], - out = "hostinet_autogen_state.go", - package = "hostinet", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "hostinet", srcs = [ "device.go", "hostinet.go", - "hostinet_autogen_state.go", "save_restore.go", "socket.go", "socket_unsafe.go", @@ -42,7 +30,6 @@ go_library( "//pkg/sentry/safemem", "//pkg/sentry/socket", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserr", "//pkg/syserror", "//pkg/tcpip/transport/unix", diff --git a/pkg/sentry/socket/netlink/BUILD b/pkg/sentry/socket/netlink/BUILD index b23a243f7..b852165f7 100644 --- a/pkg/sentry/socket/netlink/BUILD +++ b/pkg/sentry/socket/netlink/BUILD @@ -1,21 +1,11 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "netlink_state", - srcs = [ - "socket.go", - ], - out = "netlink_state.go", - package = "netlink", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "netlink", srcs = [ "message.go", - "netlink_state.go", "provider.go", "socket.go", ], @@ -36,7 +26,6 @@ go_library( "//pkg/sentry/socket/netlink/port", "//pkg/sentry/socket/unix", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserr", "//pkg/syserror", "//pkg/tcpip", diff --git a/pkg/sentry/socket/netlink/port/BUILD b/pkg/sentry/socket/netlink/port/BUILD index ba6f686e4..3a7dbc5ed 100644 --- a/pkg/sentry/socket/netlink/port/BUILD +++ b/pkg/sentry/socket/netlink/port/BUILD @@ -1,23 +1,12 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "port_state", - srcs = ["port.go"], - out = "port_state.go", - package = "port", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_library( name = "port", - srcs = [ - "port.go", - "port_state.go", - ], + srcs = ["port.go"], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/socket/netlink/port", visibility = ["//pkg/sentry:internal"], - deps = ["//pkg/state"], ) go_test( diff --git a/pkg/sentry/socket/netlink/port/port.go b/pkg/sentry/socket/netlink/port/port.go index 4ccf0b84c..1c5d4c3a5 100644 --- a/pkg/sentry/socket/netlink/port/port.go +++ b/pkg/sentry/socket/netlink/port/port.go @@ -32,6 +32,8 @@ import ( const maxPorts = 10000 // Manager allocates netlink port IDs. +// +// +stateify savable type Manager struct { // mu protects the fields below. mu sync.Mutex `state:"nosave"` diff --git a/pkg/sentry/socket/netlink/route/BUILD b/pkg/sentry/socket/netlink/route/BUILD index 726469fc9..e1bcfe252 100644 --- a/pkg/sentry/socket/netlink/route/BUILD +++ b/pkg/sentry/socket/netlink/route/BUILD @@ -1,32 +1,19 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "route_state", - srcs = ["protocol.go"], - out = "route_state.go", - package = "route", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "route", - srcs = [ - "protocol.go", - "route_state.go", - ], + srcs = ["protocol.go"], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/socket/netlink/route", visibility = ["//pkg/sentry:internal"], deps = [ "//pkg/abi/linux", "//pkg/sentry/context", - "//pkg/sentry/fs", "//pkg/sentry/inet", "//pkg/sentry/kernel", "//pkg/sentry/kernel/auth", "//pkg/sentry/socket/netlink", - "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserr", ], ) diff --git a/pkg/sentry/socket/netlink/route/protocol.go b/pkg/sentry/socket/netlink/route/protocol.go index e8030c518..55a76e916 100644 --- a/pkg/sentry/socket/netlink/route/protocol.go +++ b/pkg/sentry/socket/netlink/route/protocol.go @@ -43,6 +43,8 @@ func typeKind(typ uint16) commandKind { } // Protocol implements netlink.Protocol. +// +// +stateify savable type Protocol struct{} var _ netlink.Protocol = (*Protocol)(nil) diff --git a/pkg/sentry/socket/netlink/socket.go b/pkg/sentry/socket/netlink/socket.go index 0b8f528d0..e15d1546c 100644 --- a/pkg/sentry/socket/netlink/socket.go +++ b/pkg/sentry/socket/netlink/socket.go @@ -51,6 +51,8 @@ var netlinkSocketDevice = device.NewAnonDevice() // to/from the kernel. // // Socket implements socket.Socket. +// +// +stateify savable type Socket struct { socket.ReceiveTimeout fsutil.PipeSeek `state:"nosave"` diff --git a/pkg/sentry/socket/socket.go b/pkg/sentry/socket/socket.go index bd4858a34..54fe64595 100644 --- a/pkg/sentry/socket/socket.go +++ b/pkg/sentry/socket/socket.go @@ -195,6 +195,8 @@ func NewDirent(ctx context.Context, d *device.Device) *fs.Dirent { // // Care must be taken when copying ReceiveTimeout as it contains atomic // variables. +// +// +stateify savable type ReceiveTimeout struct { // ns is length of the timeout in nanoseconds. // diff --git a/pkg/sentry/socket/unix/BUILD b/pkg/sentry/socket/unix/BUILD index 7d04d6b6b..9fe681e9a 100644 --- a/pkg/sentry/socket/unix/BUILD +++ b/pkg/sentry/socket/unix/BUILD @@ -1,15 +1,6 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "unix_state", - srcs = [ - "unix.go", - ], - out = "unix_state.go", - package = "unix", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "unix", @@ -17,7 +8,6 @@ go_library( "device.go", "io.go", "unix.go", - "unix_state.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/socket/unix", visibility = ["//pkg/sentry:internal"], @@ -37,7 +27,6 @@ go_library( "//pkg/sentry/socket/control", "//pkg/sentry/socket/epsocket", "//pkg/sentry/usermem", - "//pkg/state", "//pkg/syserr", "//pkg/syserror", "//pkg/tcpip", diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go index 27bacbbc3..5b6411f97 100644 --- a/pkg/sentry/socket/unix/unix.go +++ b/pkg/sentry/socket/unix/unix.go @@ -42,6 +42,8 @@ import ( // SocketOperations is a Unix socket. It is similar to an epsocket, except it is backed // by a unix.Endpoint instead of a tcpip.Endpoint. +// +// +stateify savable type SocketOperations struct { refs.AtomicRefCount socket.ReceiveTimeout diff --git a/pkg/sentry/syscalls/linux/BUILD b/pkg/sentry/syscalls/linux/BUILD index 32fca3811..bbdfad9da 100644 --- a/pkg/sentry/syscalls/linux/BUILD +++ b/pkg/sentry/syscalls/linux/BUILD @@ -1,18 +1,6 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "linux_state", - srcs = [ - "sys_aio.go", - "sys_futex.go", - "sys_poll.go", - "sys_time.go", - ], - out = "linux_state.go", - package = "linux", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "linux", @@ -20,7 +8,6 @@ go_library( "error.go", "flags.go", "linux64.go", - "linux_state.go", "sigset.go", "sys_aio.go", "sys_capability.go", @@ -67,7 +54,6 @@ go_library( "//pkg/abi/linux", "//pkg/binary", "//pkg/bpf", - "//pkg/eventchannel", "//pkg/log", "//pkg/metric", "//pkg/rand", @@ -75,7 +61,6 @@ go_library( "//pkg/sentry/context", "//pkg/sentry/fs", "//pkg/sentry/fs/anon", - "//pkg/sentry/fs/fsutil", "//pkg/sentry/fs/lock", "//pkg/sentry/fs/timerfd", "//pkg/sentry/kernel", @@ -86,7 +71,6 @@ go_library( "//pkg/sentry/kernel/kdefs", "//pkg/sentry/kernel/pipe", "//pkg/sentry/kernel/sched", - "//pkg/sentry/kernel/semaphore", "//pkg/sentry/kernel/shm", "//pkg/sentry/kernel/time", "//pkg/sentry/limits", @@ -98,8 +82,6 @@ go_library( "//pkg/sentry/syscalls", "//pkg/sentry/usage", "//pkg/sentry/usermem", - "//pkg/state", - "//pkg/syserr", "//pkg/syserror", "//pkg/tcpip/transport/unix", "//pkg/waiter", diff --git a/pkg/sentry/syscalls/linux/sys_aio.go b/pkg/sentry/syscalls/linux/sys_aio.go index fc3397081..54e4afa9e 100644 --- a/pkg/sentry/syscalls/linux/sys_aio.go +++ b/pkg/sentry/syscalls/linux/sys_aio.go @@ -69,6 +69,8 @@ type ioCallback struct { } // ioEvent describes an I/O result. +// +// +stateify savable type ioEvent struct { Data uint64 Obj uint64 diff --git a/pkg/sentry/syscalls/linux/sys_futex.go b/pkg/sentry/syscalls/linux/sys_futex.go index 57762d058..1a0e1f5fb 100644 --- a/pkg/sentry/syscalls/linux/sys_futex.go +++ b/pkg/sentry/syscalls/linux/sys_futex.go @@ -132,6 +132,8 @@ func (f futexChecker) Op(addr uintptr, opIn uint32) (bool, error) { // futexWaitRestartBlock encapsulates the state required to restart futex(2) // via restart_syscall(2). +// +// +stateify savable type futexWaitRestartBlock struct { duration time.Duration diff --git a/pkg/sentry/syscalls/linux/sys_poll.go b/pkg/sentry/syscalls/linux/sys_poll.go index d4dbfd285..b9bdefadb 100644 --- a/pkg/sentry/syscalls/linux/sys_poll.go +++ b/pkg/sentry/syscalls/linux/sys_poll.go @@ -274,6 +274,8 @@ func copyOutTimevalRemaining(t *kernel.Task, startNs ktime.Time, timeout time.Du // pollRestartBlock encapsulates the state required to restart poll(2) via // restart_syscall(2). +// +// +stateify savable type pollRestartBlock struct { pfdAddr usermem.Addr nfds uint diff --git a/pkg/sentry/syscalls/linux/sys_time.go b/pkg/sentry/syscalls/linux/sys_time.go index dcee694b2..8e6683444 100644 --- a/pkg/sentry/syscalls/linux/sys_time.go +++ b/pkg/sentry/syscalls/linux/sys_time.go @@ -168,6 +168,8 @@ func Time(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC // clockNanosleepRestartBlock encapsulates the state required to restart // clock_nanosleep(2) via restart_syscall(2). +// +// +stateify savable type clockNanosleepRestartBlock struct { c ktime.Clock duration time.Duration diff --git a/pkg/sentry/usage/BUILD b/pkg/sentry/usage/BUILD index edee44d96..868dfd400 100644 --- a/pkg/sentry/usage/BUILD +++ b/pkg/sentry/usage/BUILD @@ -1,17 +1,6 @@ package(licenses = ["notice"]) # Apache 2.0 -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify") - -go_stateify( - name = "usage_state", - srcs = [ - "cpu.go", - "io.go", - "memory.go", - ], - out = "usage_state.go", - package = "usage", -) +load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "usage", @@ -21,7 +10,6 @@ go_library( "memory.go", "memory_unsafe.go", "usage.go", - "usage_state.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/usage", visibility = [ @@ -29,9 +17,6 @@ go_library( ], deps = [ "//pkg/bits", - "//pkg/log", "//pkg/sentry/memutil", - "//pkg/state", - "@org_golang_x_sys//unix:go_default_library", ], ) diff --git a/pkg/sentry/usage/cpu.go b/pkg/sentry/usage/cpu.go index 1c2cc90e1..ed7b04b9e 100644 --- a/pkg/sentry/usage/cpu.go +++ b/pkg/sentry/usage/cpu.go @@ -20,6 +20,8 @@ import ( // CPUStats contains the subset of struct rusage fields that relate to CPU // scheduling. +// +// +stateify savable type CPUStats struct { // UserTime is the amount of time spent executing application code. UserTime time.Duration diff --git a/pkg/sentry/usage/io.go b/pkg/sentry/usage/io.go index a05053c32..49faa507d 100644 --- a/pkg/sentry/usage/io.go +++ b/pkg/sentry/usage/io.go @@ -19,6 +19,8 @@ import ( ) // IO contains I/O-related statistics. +// +// +stateify savable type IO struct { // CharsRead is the number of bytes read by read syscalls. CharsRead uint64 diff --git a/pkg/sentry/usermem/BUILD b/pkg/sentry/usermem/BUILD index 9dd1cd2b5..69ba919e0 100644 --- a/pkg/sentry/usermem/BUILD +++ b/pkg/sentry/usermem/BUILD @@ -1,19 +1,7 @@ package(licenses = ["notice"]) # Apache 2.0 load("//tools/go_generics:defs.bzl", "go_template_instance") -load("//tools/go_stateify:defs.bzl", "go_library", "go_stateify", "go_test") - -go_stateify( - name = "usermem_state", - srcs = [ - "access_type.go", - "addr.go", - "addr_range.go", - "addr_range_seq_unsafe.go", - ], - out = "usermem_state.go", - package = "usermem", -) +load("//tools/go_stateify:defs.bzl", "go_library", "go_test") go_template_instance( name = "addr_range", @@ -36,7 +24,6 @@ go_library( "bytes_io.go", "bytes_io_unsafe.go", "usermem.go", - "usermem_state.go", "usermem_x86.go", ], importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/usermem", @@ -47,7 +34,6 @@ go_library( "//pkg/log", "//pkg/sentry/context", "//pkg/sentry/safemem", - "//pkg/state", "//pkg/syserror", "//pkg/tcpip/buffer", ], diff --git a/pkg/sentry/usermem/access_type.go b/pkg/sentry/usermem/access_type.go index 7eabecf30..75346d854 100644 --- a/pkg/sentry/usermem/access_type.go +++ b/pkg/sentry/usermem/access_type.go @@ -20,6 +20,8 @@ import ( // AccessType specifies memory access types. This is used for // setting mapping permissions, as well as communicating faults. +// +// +stateify savable type AccessType struct { // Read is read access. Read bool diff --git a/pkg/sentry/usermem/addr.go b/pkg/sentry/usermem/addr.go index d175fdc74..fc94bee80 100644 --- a/pkg/sentry/usermem/addr.go +++ b/pkg/sentry/usermem/addr.go @@ -19,6 +19,8 @@ import ( ) // Addr represents a generic virtual address. +// +// +stateify savable type Addr uintptr // AddLength adds the given length to start and returns the result. ok is true |