From bcef079ec24d56d37a670c4c4149c638be6fb110 Mon Sep 17 00:00:00 2001 From: "Zyad A. Ali" Date: Wed, 11 Aug 2021 21:24:10 +0200 Subject: Move CtxIPCNamespace to kernel/ipc package. CtxIPCNamespace is needed by mqfs package to be able to retreive an IPCNamespace using ctx.Value. As ctx.Value compares keys as interfaces, we need to use type kernel.contextID in package mqfs, which is not possible due to circular depenedency, so move it to kernel/ipc instead. Updates #136 --- pkg/sentry/kernel/BUILD | 1 + pkg/sentry/kernel/context.go | 6 ++---- pkg/sentry/kernel/ipc/BUILD | 1 + pkg/sentry/kernel/ipc/ns.go | 22 ++++++++++++++++++++++ pkg/sentry/kernel/kernel.go | 5 +++-- pkg/sentry/kernel/task_context.go | 3 ++- 6 files changed, 31 insertions(+), 7 deletions(-) create mode 100644 pkg/sentry/kernel/ipc/ns.go (limited to 'pkg/sentry/kernel') diff --git a/pkg/sentry/kernel/BUILD b/pkg/sentry/kernel/BUILD index e91338da7..6ff3deb97 100644 --- a/pkg/sentry/kernel/BUILD +++ b/pkg/sentry/kernel/BUILD @@ -216,6 +216,7 @@ go_library( visibility = ["//:sandbox"], deps = [ ":uncaught_signal_go_proto", + "//pkg/sentry/kernel/ipc", "//pkg/abi", "//pkg/abi/linux", "//pkg/abi/linux/errno", diff --git a/pkg/sentry/kernel/context.go b/pkg/sentry/kernel/context.go index a8596410f..7e11c6580 100644 --- a/pkg/sentry/kernel/context.go +++ b/pkg/sentry/kernel/context.go @@ -16,6 +16,7 @@ package kernel import ( "gvisor.dev/gvisor/pkg/context" + "gvisor.dev/gvisor/pkg/sentry/kernel/ipc" ) // contextID is the kernel package's type for context.Context.Value keys. @@ -37,9 +38,6 @@ const ( // CtxUTSNamespace is a Context.Value key for a UTSNamespace. CtxUTSNamespace - - // CtxIPCNamespace is a Context.Value key for a IPCNamespace. - CtxIPCNamespace ) // ContextCanTrace returns true if ctx is permitted to trace t, in the same sense @@ -82,7 +80,7 @@ func UTSNamespaceFromContext(ctx context.Context) *UTSNamespace { // or nil if there is no such IPC namespace. It takes a reference on the // namespace. func IPCNamespaceFromContext(ctx context.Context) *IPCNamespace { - if v := ctx.Value(CtxIPCNamespace); v != nil { + if v := ctx.Value(ipc.CtxIPCNamespace); v != nil { return v.(*IPCNamespace) } return nil diff --git a/pkg/sentry/kernel/ipc/BUILD b/pkg/sentry/kernel/ipc/BUILD index e42a94e15..a5cbb2b51 100644 --- a/pkg/sentry/kernel/ipc/BUILD +++ b/pkg/sentry/kernel/ipc/BUILD @@ -7,6 +7,7 @@ go_library( srcs = [ "object.go", "registry.go", + "ns.go", ], visibility = ["//pkg/sentry:internal"], deps = [ diff --git a/pkg/sentry/kernel/ipc/ns.go b/pkg/sentry/kernel/ipc/ns.go new file mode 100644 index 000000000..220c9eafb --- /dev/null +++ b/pkg/sentry/kernel/ipc/ns.go @@ -0,0 +1,22 @@ +// Copyright 2021 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package ipc + +type contextID int + +// CtxIPCNamespace is the context.Value key used to retreive an IPC namespace. +// We define it here because it's needed in several packages, and is not +// possible to use otherwise without causing a circular depenedency. +const CtxIPCNamespace contextID = iota diff --git a/pkg/sentry/kernel/kernel.go b/pkg/sentry/kernel/kernel.go index df5160b67..6ce3625d4 100644 --- a/pkg/sentry/kernel/kernel.go +++ b/pkg/sentry/kernel/kernel.go @@ -59,6 +59,7 @@ import ( "gvisor.dev/gvisor/pkg/sentry/kernel/auth" "gvisor.dev/gvisor/pkg/sentry/kernel/epoll" "gvisor.dev/gvisor/pkg/sentry/kernel/futex" + "gvisor.dev/gvisor/pkg/sentry/kernel/ipc" "gvisor.dev/gvisor/pkg/sentry/kernel/sched" ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time" "gvisor.dev/gvisor/pkg/sentry/limits" @@ -861,7 +862,7 @@ func (ctx *createProcessContext) Value(key interface{}) interface{} { return ctx.args.PIDNamespace case CtxUTSNamespace: return ctx.args.UTSNamespace - case CtxIPCNamespace: + case ipc.CtxIPCNamespace: ipcns := ctx.args.IPCNamespace ipcns.IncRef() return ipcns @@ -1689,7 +1690,7 @@ func (ctx supervisorContext) Value(key interface{}) interface{} { return ctx.k.tasks.Root case CtxUTSNamespace: return ctx.k.rootUTSNamespace - case CtxIPCNamespace: + case ipc.CtxIPCNamespace: ipcns := ctx.k.rootIPCNamespace ipcns.IncRef() return ipcns diff --git a/pkg/sentry/kernel/task_context.go b/pkg/sentry/kernel/task_context.go index c82d9e82b..cb9bcd7c0 100644 --- a/pkg/sentry/kernel/task_context.go +++ b/pkg/sentry/kernel/task_context.go @@ -23,6 +23,7 @@ import ( "gvisor.dev/gvisor/pkg/sentry/fs" "gvisor.dev/gvisor/pkg/sentry/inet" "gvisor.dev/gvisor/pkg/sentry/kernel/auth" + "gvisor.dev/gvisor/pkg/sentry/kernel/ipc" ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time" "gvisor.dev/gvisor/pkg/sentry/limits" "gvisor.dev/gvisor/pkg/sentry/pgalloc" @@ -73,7 +74,7 @@ func (t *Task) contextValue(key interface{}, isTaskGoroutine bool) interface{} { defer t.mu.Unlock() } return t.utsns - case CtxIPCNamespace: + case ipc.CtxIPCNamespace: if !isTaskGoroutine { t.mu.Lock() defer t.mu.Unlock() -- cgit v1.2.3