diff options
Diffstat (limited to 'pkg/sentry')
-rw-r--r-- | pkg/sentry/arch/arch.go | 4 | ||||
-rwxr-xr-x | pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go | 4 | ||||
-rw-r--r-- | pkg/sentry/loader/elf.go | 17 | ||||
-rw-r--r-- | pkg/sentry/platform/kvm/machine.go | 3 | ||||
-rwxr-xr-x | pkg/sentry/platform/ring0/defs_impl.go | 2 | ||||
-rwxr-xr-x | pkg/sentry/time/seqatomic_parameters_unsafe.go | 4 |
6 files changed, 26 insertions, 8 deletions
diff --git a/pkg/sentry/arch/arch.go b/pkg/sentry/arch/arch.go index ace7d5b18..498ca4669 100644 --- a/pkg/sentry/arch/arch.go +++ b/pkg/sentry/arch/arch.go @@ -33,6 +33,8 @@ type Arch int const ( // AMD64 is the x86-64 architecture. AMD64 Arch = iota + // ARM64 is the aarch64 architecture. + ARM64 ) // String implements fmt.Stringer. @@ -40,6 +42,8 @@ func (a Arch) String() string { switch a { case AMD64: return "amd64" + case ARM64: + return "arm64" default: return fmt.Sprintf("Arch(%d)", a) } diff --git a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go index 24528b66a..25ad17a4e 100755 --- a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go +++ b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go @@ -1,12 +1,12 @@ package kernel import ( + "fmt" + "reflect" "strings" "unsafe" - "fmt" "gvisor.dev/gvisor/third_party/gvsync" - "reflect" ) // SeqAtomicLoad returns a copy of *ptr, ensuring that the read does not race diff --git a/pkg/sentry/loader/elf.go b/pkg/sentry/loader/elf.go index fba2f27fe..bc5b841fb 100644 --- a/pkg/sentry/loader/elf.go +++ b/pkg/sentry/loader/elf.go @@ -148,12 +148,17 @@ func parseHeader(ctx context.Context, f *fs.File) (elfInfo, error) { } binary.Unmarshal(hdrBuf, byteOrder, &hdr) - // We only support amd64. - if machine := elf.Machine(hdr.Machine); machine != elf.EM_X86_64 { + // We support amd64 and arm64. + var a arch.Arch + switch machine := elf.Machine(hdr.Machine); machine { + case elf.EM_X86_64: + a = arch.AMD64 + case elf.EM_AARCH64: + a = arch.ARM64 + default: log.Infof("Unsupported ELF machine %d", machine) return elfInfo{}, syserror.ENOEXEC } - a := arch.AMD64 var sharedObject bool elfType := elf.Type(hdr.Type) @@ -560,6 +565,12 @@ func loadInitialELF(ctx context.Context, m *mm.MemoryManager, fs *cpuid.FeatureS return loadedELF{}, nil, err } + // Check Image Compatibility. + if arch.Host != info.arch { + ctx.Warningf("Found mismatch for platform %s with ELF type %s", arch.Host.String(), info.arch.String()) + return loadedELF{}, nil, syserror.ENOEXEC + } + // Create the arch.Context now so we can prepare the mmap layout before // mapping anything. ac := arch.New(info.arch, fs) diff --git a/pkg/sentry/platform/kvm/machine.go b/pkg/sentry/platform/kvm/machine.go index 679087e25..cc6c138b2 100644 --- a/pkg/sentry/platform/kvm/machine.go +++ b/pkg/sentry/platform/kvm/machine.go @@ -388,7 +388,10 @@ func (m *machine) Get() *vCPU { func (m *machine) Put(c *vCPU) { c.unlock() runtime.UnlockOSThread() + + m.mu.RLock() m.available.Signal() + m.mu.RUnlock() } // newDirtySet returns a new dirty set. diff --git a/pkg/sentry/platform/ring0/defs_impl.go b/pkg/sentry/platform/ring0/defs_impl.go index a30a9dd4a..a36a17e37 100755 --- a/pkg/sentry/platform/ring0/defs_impl.go +++ b/pkg/sentry/platform/ring0/defs_impl.go @@ -2,13 +2,13 @@ package ring0 import ( "gvisor.dev/gvisor/pkg/cpuid" - "io" "reflect" "syscall" "fmt" "gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables" "gvisor.dev/gvisor/pkg/sentry/usermem" + "io" ) var ( diff --git a/pkg/sentry/time/seqatomic_parameters_unsafe.go b/pkg/sentry/time/seqatomic_parameters_unsafe.go index fb30a22c6..89792c56d 100755 --- a/pkg/sentry/time/seqatomic_parameters_unsafe.go +++ b/pkg/sentry/time/seqatomic_parameters_unsafe.go @@ -1,12 +1,12 @@ package time import ( + "fmt" + "reflect" "strings" "unsafe" - "fmt" "gvisor.dev/gvisor/third_party/gvsync" - "reflect" ) // SeqAtomicLoad returns a copy of *ptr, ensuring that the read does not race |