summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry')
-rw-r--r--pkg/sentry/arch/arch.go4
-rwxr-xr-xpkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go4
-rw-r--r--pkg/sentry/loader/elf.go17
-rw-r--r--pkg/sentry/platform/kvm/machine.go3
-rwxr-xr-xpkg/sentry/platform/ring0/defs_impl.go2
-rwxr-xr-xpkg/sentry/time/seqatomic_parameters_unsafe.go4
6 files changed, 26 insertions, 8 deletions
diff --git a/pkg/sentry/arch/arch.go b/pkg/sentry/arch/arch.go
index ace7d5b18..498ca4669 100644
--- a/pkg/sentry/arch/arch.go
+++ b/pkg/sentry/arch/arch.go
@@ -33,6 +33,8 @@ type Arch int
const (
// AMD64 is the x86-64 architecture.
AMD64 Arch = iota
+ // ARM64 is the aarch64 architecture.
+ ARM64
)
// String implements fmt.Stringer.
@@ -40,6 +42,8 @@ func (a Arch) String() string {
switch a {
case AMD64:
return "amd64"
+ case ARM64:
+ return "arm64"
default:
return fmt.Sprintf("Arch(%d)", a)
}
diff --git a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go
index 24528b66a..25ad17a4e 100755
--- a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go
+++ b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go
@@ -1,12 +1,12 @@
package kernel
import (
+ "fmt"
+ "reflect"
"strings"
"unsafe"
- "fmt"
"gvisor.dev/gvisor/third_party/gvsync"
- "reflect"
)
// SeqAtomicLoad returns a copy of *ptr, ensuring that the read does not race
diff --git a/pkg/sentry/loader/elf.go b/pkg/sentry/loader/elf.go
index fba2f27fe..bc5b841fb 100644
--- a/pkg/sentry/loader/elf.go
+++ b/pkg/sentry/loader/elf.go
@@ -148,12 +148,17 @@ func parseHeader(ctx context.Context, f *fs.File) (elfInfo, error) {
}
binary.Unmarshal(hdrBuf, byteOrder, &hdr)
- // We only support amd64.
- if machine := elf.Machine(hdr.Machine); machine != elf.EM_X86_64 {
+ // We support amd64 and arm64.
+ var a arch.Arch
+ switch machine := elf.Machine(hdr.Machine); machine {
+ case elf.EM_X86_64:
+ a = arch.AMD64
+ case elf.EM_AARCH64:
+ a = arch.ARM64
+ default:
log.Infof("Unsupported ELF machine %d", machine)
return elfInfo{}, syserror.ENOEXEC
}
- a := arch.AMD64
var sharedObject bool
elfType := elf.Type(hdr.Type)
@@ -560,6 +565,12 @@ func loadInitialELF(ctx context.Context, m *mm.MemoryManager, fs *cpuid.FeatureS
return loadedELF{}, nil, err
}
+ // Check Image Compatibility.
+ if arch.Host != info.arch {
+ ctx.Warningf("Found mismatch for platform %s with ELF type %s", arch.Host.String(), info.arch.String())
+ return loadedELF{}, nil, syserror.ENOEXEC
+ }
+
// Create the arch.Context now so we can prepare the mmap layout before
// mapping anything.
ac := arch.New(info.arch, fs)
diff --git a/pkg/sentry/platform/kvm/machine.go b/pkg/sentry/platform/kvm/machine.go
index 679087e25..cc6c138b2 100644
--- a/pkg/sentry/platform/kvm/machine.go
+++ b/pkg/sentry/platform/kvm/machine.go
@@ -388,7 +388,10 @@ func (m *machine) Get() *vCPU {
func (m *machine) Put(c *vCPU) {
c.unlock()
runtime.UnlockOSThread()
+
+ m.mu.RLock()
m.available.Signal()
+ m.mu.RUnlock()
}
// newDirtySet returns a new dirty set.
diff --git a/pkg/sentry/platform/ring0/defs_impl.go b/pkg/sentry/platform/ring0/defs_impl.go
index a30a9dd4a..a36a17e37 100755
--- a/pkg/sentry/platform/ring0/defs_impl.go
+++ b/pkg/sentry/platform/ring0/defs_impl.go
@@ -2,13 +2,13 @@ package ring0
import (
"gvisor.dev/gvisor/pkg/cpuid"
- "io"
"reflect"
"syscall"
"fmt"
"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
"gvisor.dev/gvisor/pkg/sentry/usermem"
+ "io"
)
var (
diff --git a/pkg/sentry/time/seqatomic_parameters_unsafe.go b/pkg/sentry/time/seqatomic_parameters_unsafe.go
index fb30a22c6..89792c56d 100755
--- a/pkg/sentry/time/seqatomic_parameters_unsafe.go
+++ b/pkg/sentry/time/seqatomic_parameters_unsafe.go
@@ -1,12 +1,12 @@
package time
import (
+ "fmt"
+ "reflect"
"strings"
"unsafe"
- "fmt"
"gvisor.dev/gvisor/third_party/gvsync"
- "reflect"
)
// SeqAtomicLoad returns a copy of *ptr, ensuring that the read does not race