summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/platform
AgeCommit message (Collapse)Author
2020-09-15Add support for OCI seccomp filters in the sandbox.Ian Lewis
OCI configuration includes support for specifying seccomp filters. In runc, these filter configurations are converted into seccomp BPF programs and loaded into the kernel via libseccomp. runsc needs to be a static binary so, for runsc, we cannot rely on a C library and need to implement the functionality in Go. The generator added here implements basic support for taking OCI seccomp configuration and converting it into a seccomp BPF program with the same behavior as a program generated by libseccomp. - New conditional operations were added to pkg/seccomp to support operations available in OCI. - AllowAny and AllowValue were renamed to MatchAny and EqualTo to better reflect that syscalls matching the conditionals result in the provided action not simply SCMP_RET_ALLOW. - BuildProgram in pkg/seccomp no longer panics if provided an empty list of rules. It now builds a program with the architecture sanity check only. - ProgramBuilder now allows adding labels that are unused. However, backwards jumps are still not permitted. Fixes #510 PiperOrigin-RevId: 331938697
2020-09-10arm64:place an SB sequence following an ERET instructionBin Lu
Some CPUs(eg: ampere-emag) can speculate past an ERET instruction and potentially perform speculative accesses to memory before processing the exception return. Since the register state is often controlled by a lower privilege level at the point of an ERET, this could potentially be used as part of a side-channel attack. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-09-09Don't sched_setaffinity in ptrace platform.Jamie Liu
PiperOrigin-RevId: 330777900
2020-08-26Merge pull request #3742 from lubinszARM:pr_n1_1gVisor bot
PiperOrigin-RevId: 328639254
2020-08-26Support stdlib analyzers with nogo.Adin Scannell
This immediately revealed an escape analysis violation (!), where the sync.Map was being used in a context that escapes were not allowed. This is a relatively minor fix and is included. PiperOrigin-RevId: 328611237
2020-08-24Device major number greater than 2 digits in /proc/self/maps on arm64 N1 machineBin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-08-24Bump build constraints to 1.17Michael Pratt
This enables pre-release testing with 1.16. The intention is to replace these with a nogo check before the next release. PiperOrigin-RevId: 328193911
2020-08-20Consistent precondition formattingMichael Pratt
Our "Preconditions:" blocks are very useful to determine the input invariants, but they are bit inconsistent throughout the codebase, which makes them harder to read (particularly cases with 5+ conditions in a single paragraph). I've reformatted all of the cases to fit in simple rules: 1. Cases with a single condition are placed on a single line. 2. Cases with multiple conditions are placed in a bulleted list. This format has been added to the style guide. I've also mentioned "Postconditions:", though those are much less frequently used, and all uses already match this style. PiperOrigin-RevId: 327687465
2020-08-12Running hello-world on Thunderx2 with kvmBin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-08-07Add context.FullStateChanged()Andrei Vagin
It indicates that the Sentry has changed the state of the thread and next calls of PullFullState() has to do nothing. PiperOrigin-RevId: 325567415
2020-08-07Merge pull request #3069 from lubinszARM:pr_serr_injection2gVisor bot
PiperOrigin-RevId: 325546308
2020-08-03Add callbacks to support lazy loading/restoring thread statesAndrei Vagin
PiperOrigin-RevId: 324748508
2020-07-31Merge pull request #3300 from lubinszARM:pr_fpsimd_usrgVisor bot
PiperOrigin-RevId: 324309862
2020-07-30Merge pull request #3448 from lubinszARM:pr_tls_testsgVisor bot
PiperOrigin-RevId: 324127810
2020-07-30Merge pull request #3028 from lubinszARM:pr_kvm_hello1gVisor bot
PiperOrigin-RevId: 324125938
2020-07-30add usr-tls test cases for Arm64Bin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-07-30supporting sError injection step 2 on Arm64Bin Lu
I disabled DAIF(DEBUG, sError, IRQ, FIQ) in guest kernel mode, and enabled them in guest user mode. So, I can make sure all DAIF-s come from guest user mode, and then the case 'TestBounceStress' can passed on Arm64. Test steps: 1, cd pkg/sentry/platform/kvm 2, bazel test kvm_test --strip=never --test_output=streamed Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-07-29load/store user fpsimd on Arm64Bin Lu
full context switch: add fpsimd load/store support to container application. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-07-27Merge pull request #3201 from lubinszARM:pr_sys64_2gVisor bot
PiperOrigin-RevId: 323456118
2020-07-27Merge pull request #3299 from lubinszARM:pr_asidgVisor bot
PiperOrigin-RevId: 323455097
2020-07-27Move platform.File in memmapAndrei Vagin
The subsequent systrap changes will need to import memmap from the platform package. PiperOrigin-RevId: 323409486
2020-07-26updated the functions to distinguish IA/DA for Arm64Bin Lu
We need to correctly distinguish instruction_abort/data_abort for mem_abort@Arm64. So, EC/WNR/FSC in esr_el1 should be checked. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-07-26allow guest user applications read CNTVCT_EL0/CNTFRQ_EL0Bin Lu
At present, when doing syscall_kvm test, we need to enable the function of ESR_ELx_SYS64_ISS_SYS_CNTVCT/ESR_ELx_SYS64_ISS_SYS_CNTFRQ to successfully pass the test. I set CNTKCTL_EL1.EL0VCTEN==1/CNTKCTL_EL1.EL0PCTEN==1, so that the related cases can passed. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-07-23kvm-tls-2:add the preservation of user-TLS in the Arm64 kvm platformlubinszARM
This patch load/save TLS for the container application. Related issue: full context-switch supporting for Arm64 #1238 COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/2761 from lubinszARM:pr_tls_2 cb5dbca1c9c3f378002406da7a58887f9b5032b3 PiperOrigin-RevId: 322887044
2020-07-20add asid support to Arm64Bin Lu
Support the operation of asid, so that I can optimize tlb performance by combining with nG. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-07-13Merge pull request #3200 from lubinszARM:pr_kvm_ut_1gVisor bot
PiperOrigin-RevId: 321060717
2020-07-10Split the kvm ut test cases to correspond to different platformsBin Lu
Split the kvm ut test cases to pass unit-tests on Arm64. I will add the tls and full-context test cases for Arm64 later. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-07-03allow guest user applications read ctr_el0 on Arm64Bin Lu
At present, when doing syscall_kvm test, we need to enable the function of ESR_ELx_SYS64_ISS_SYS_CTR_READ to successfully pass the test. I set SCTLR_EL1.UCT==1, so that the related cases can passed. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-06-16support sError injection in kvm module on Arm64Bin Lu
There are 3 types of asynchronous exceptions on Arm64: sError, IRQ, FIQ. In this case, we use the sError injection method in bluepillHandler to force the guest to quit. So that the test case of "TestBounce" can be passed on Arm64. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-06-10Merge pull request #2711 from lubinszARM:pr_mmiogVisor bot
PiperOrigin-RevId: 315812219
2020-06-09minor change in kvm module for Arm64Bin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-06-05Add +checkescape annotations to kvm/ring0.Adin Scannell
This analysis also catches a potential bug, which is a split on mapPhysical. This would have led to potential guest-exit during Mapping (although this would have been handled by the now-unecessary retryInGuest loop). PiperOrigin-RevId: 315025106
2020-06-01Merge pull request #2689 from lubinszARM:pr_prot_nonegVisor bot
PiperOrigin-RevId: 314186752
2020-05-29Update Go version build tagsMichael Pratt
None of the dependencies have changed in 1.15. It may be possible to simplify some of the wrappers in rawfile following 1.13, but that can come in a later change. PiperOrigin-RevId: 313863264
2020-05-17adding the VM-Exit method for Arm64Bin Lu
On amd64, it uses 'HLT' to leave the guest. Unlike amd64, arm64 can only uses mmio_exit/psci to leave the guest. So, I designed the HYPERCALL_VMEXIT to be compatible with amd64/arm64. To keep it simple, I used the address of exception table as the MMIO base address, so that I can trigger a MMIO-EXIT by forcibly writing this space. Then, in host user space, I can calculate this address to find out which hypercall. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-05-13PROT_NONE should be specially treated in the step of mapPhysicalBin Lu
It's a workaround to treat PROT_NONE as RDONLY temporarily. TODO(gvisor.dev/issue/2686): PROT_NONE should be specially treated. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-05-13adding the methods to get/set TLS for Arm64 kvm platformBin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-04-25Enable automated marshalling for signals and the arch package.Rahat Mahmood
PiperOrigin-RevId: 308472331
2020-04-24Merge pull request #1707 from lubinszARM:pr_lazy_fpsimd_2gVisor bot
PiperOrigin-RevId: 308347744
2020-04-22Specify a memory file in platform.New().Andrei Vagin
PiperOrigin-RevId: 307941984
2020-04-17Merge pull request #2235 from xiaobo55x:pcidgVisor bot
PiperOrigin-RevId: 307166482
2020-04-13Merge pull request #2321 from lubinszARM:pr_nogogVisor bot
PiperOrigin-RevId: 306300032
2020-04-09remove nogo exemption for machine_arm64_unsafe.goBin Lu
Minimize the use of unsafe. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-04-08Move pagetables.limitPCID to arch-specific file.Haibo Xu
X86 provide 12 bits for PCID while arm64 support 8/16 bits ASID. Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I0bd9236e44e6b6c4c88eb6e9adc5ac27b918bf6c
2020-04-01Automated rollback of changelist 303799678Adin Scannell
PiperOrigin-RevId: 304221302
2020-04-01Fix 386 build tagsMichael Pratt
The build tag for 32-bit x86 is 386, not i386. Updates #2298 PiperOrigin-RevId: 304206373
2020-03-30kvm: handle exit reasons even under EINTR.Adin Scannell
In the case of other signals (preemption), inject a normal bounce and defer the signal until the vCPU has been returned from guest mode. PiperOrigin-RevId: 303799678
2020-03-26Merge pull request #1986 from lubinszARM:pr_ring0_clean_1gVisor bot
PiperOrigin-RevId: 303105826
2020-03-11Import "unsafe" in bluepill_arm64_unsafe.goAndrei Vagin
This fixes a compile time error: pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go:45:35: undefined: unsafe PiperOrigin-RevId: 300375687
2020-03-09Enable thread local storage support on arm64.Haibo Xu
Linux use the task.thread.uw.tp_value field to store the TLS pointer on arm64 platform, and we use a similar way in gvisor to store it in the arch/State struct. Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: Ie76b5c6d109bc27ccfd594008a96753806db7764