Merge release-20200608.0-83-g3970c1274 (automated)
This commit is contained in:
commit
9de6804345
|
@ -129,7 +129,7 @@ func (s *Statx) Packed() bool {
|
|||
|
||||
// MarshalUnsafe implements marshal.Marshallable.MarshalUnsafe.
|
||||
func (s *Statx) MarshalUnsafe(dst []byte) {
|
||||
if s.Ctime.Packed() && s.Mtime.Packed() && s.Atime.Packed() && s.Btime.Packed() {
|
||||
if s.Mtime.Packed() && s.Atime.Packed() && s.Btime.Packed() && s.Ctime.Packed() {
|
||||
safecopy.CopyIn(dst, unsafe.Pointer(s))
|
||||
} else {
|
||||
s.MarshalBytes(dst)
|
||||
|
@ -138,7 +138,7 @@ func (s *Statx) MarshalUnsafe(dst []byte) {
|
|||
|
||||
// UnmarshalUnsafe implements marshal.Marshallable.UnmarshalUnsafe.
|
||||
func (s *Statx) UnmarshalUnsafe(src []byte) {
|
||||
if s.Atime.Packed() && s.Btime.Packed() && s.Ctime.Packed() && s.Mtime.Packed() {
|
||||
if s.Btime.Packed() && s.Ctime.Packed() && s.Mtime.Packed() && s.Atime.Packed() {
|
||||
safecopy.CopyOut(unsafe.Pointer(s), src)
|
||||
} else {
|
||||
s.UnmarshalBytes(src)
|
||||
|
@ -204,7 +204,7 @@ func (s *Statx) CopyIn(task marshal.Task, addr usermem.Addr) (int, error) {
|
|||
|
||||
// WriteTo implements io.WriterTo.WriteTo.
|
||||
func (s *Statx) WriteTo(w io.Writer) (int64, error) {
|
||||
if !s.Mtime.Packed() && s.Atime.Packed() && s.Btime.Packed() && s.Ctime.Packed() {
|
||||
if !s.Atime.Packed() && s.Btime.Packed() && s.Ctime.Packed() && s.Mtime.Packed() {
|
||||
// Type Statx doesn't have a packed layout in memory, fall back to MarshalBytes.
|
||||
buf := make([]byte, s.SizeBytes())
|
||||
s.MarshalBytes(buf)
|
||||
|
|
|
@ -312,8 +312,9 @@ func HostFeatureSet() *FeatureSet {
|
|||
}
|
||||
}
|
||||
|
||||
// Reads bogomips from host /proc/cpuinfo. Must run before whitelisting.
|
||||
// This value is used to create the fake /proc/cpuinfo from a FeatureSet.
|
||||
// Reads bogomips from host /proc/cpuinfo. Must run before syscall filter
|
||||
// installation. This value is used to create the fake /proc/cpuinfo from a
|
||||
// FeatureSet.
|
||||
func initCPUInfo() {
|
||||
cpuinfob, err := ioutil.ReadFile("/proc/cpuinfo")
|
||||
if err != nil {
|
||||
|
|
|
@ -1057,9 +1057,9 @@ func HostFeatureSet() *FeatureSet {
|
|||
}
|
||||
}
|
||||
|
||||
// Reads max cpu frequency from host /proc/cpuinfo. Must run before
|
||||
// whitelisting. This value is used to create the fake /proc/cpuinfo from a
|
||||
// FeatureSet.
|
||||
// Reads max cpu frequency from host /proc/cpuinfo. Must run before syscall
|
||||
// filter installation. This value is used to create the fake /proc/cpuinfo
|
||||
// from a FeatureSet.
|
||||
func initCPUFreq() {
|
||||
cpuinfob, err := ioutil.ReadFile("/proc/cpuinfo")
|
||||
if err != nil {
|
||||
|
@ -1106,7 +1106,6 @@ func initFeaturesFromString() {
|
|||
}
|
||||
|
||||
func init() {
|
||||
// initCpuFreq must be run before whitelists are enabled.
|
||||
initCPUFreq()
|
||||
initFeaturesFromString()
|
||||
}
|
||||
|
|
|
@ -56,7 +56,7 @@ func (a AllowValue) String() (s string) {
|
|||
return fmt.Sprintf("%#x ", uintptr(a))
|
||||
}
|
||||
|
||||
// Rule stores the whitelist of syscall arguments.
|
||||
// Rule stores the allowed syscall arguments.
|
||||
//
|
||||
// For example:
|
||||
// rule := Rule {
|
||||
|
@ -82,7 +82,7 @@ func (r Rule) String() (s string) {
|
|||
return
|
||||
}
|
||||
|
||||
// SyscallRules stores a map of OR'ed whitelist rules indexed by the syscall number.
|
||||
// SyscallRules stores a map of OR'ed argument rules indexed by the syscall number.
|
||||
// If the 'Rules' is empty, we treat it as any argument is allowed.
|
||||
//
|
||||
// For example:
|
||||
|
|
|
@ -87,20 +87,6 @@ func RegisterFilesystem(f Filesystem) {
|
|||
filesystems.registered[f.Name()] = f
|
||||
}
|
||||
|
||||
// UnregisterFilesystem removes a file system from the global set. To keep the
|
||||
// file system set compatible with save/restore, UnregisterFilesystem must be
|
||||
// called before save/restore methods.
|
||||
//
|
||||
// For instance, packages may unregister their file system after it is mounted.
|
||||
// This makes sense for pseudo file systems that should not be visible or
|
||||
// mountable. See whitelistfs in fs/host/fs.go for one example.
|
||||
func UnregisterFilesystem(name string) {
|
||||
filesystems.mu.Lock()
|
||||
defer filesystems.mu.Unlock()
|
||||
|
||||
delete(filesystems.registered, name)
|
||||
}
|
||||
|
||||
// FindFilesystem returns a Filesystem registered at name or (nil, false) if name
|
||||
// is not a file system type that can be found in /proc/filesystems.
|
||||
func FindFilesystem(name string) (Filesystem, bool) {
|
||||
|
|
|
@ -476,8 +476,9 @@ func (i *inode) open(ctx context.Context, d *vfs.Dentry, mnt *vfs.Mount, flags u
|
|||
return unixsocket.NewFileDescription(ep, ep.Type(), flags, mnt, d, &i.locks)
|
||||
}
|
||||
|
||||
// TODO(gvisor.dev/issue/1672): Whitelist specific file types here, so that
|
||||
// we don't allow importing arbitrary file types without proper support.
|
||||
// TODO(gvisor.dev/issue/1672): Allow only specific file types here, so
|
||||
// that we don't allow importing arbitrary file types without proper
|
||||
// support.
|
||||
if i.isTTY {
|
||||
fd := &TTYFileDescription{
|
||||
fileDescription: fileDescription{inode: i},
|
||||
|
|
|
@ -324,7 +324,7 @@ func (s *socketOpsCommon) GetSockOpt(t *kernel.Task, level int, name int, outPtr
|
|||
return nil, syserr.ErrInvalidArgument
|
||||
}
|
||||
|
||||
// Whitelist options and constrain option length.
|
||||
// Only allow known and safe options.
|
||||
optlen := getSockOptLen(t, level, name)
|
||||
switch level {
|
||||
case linux.SOL_IP:
|
||||
|
@ -369,7 +369,7 @@ func (s *socketOpsCommon) GetSockOpt(t *kernel.Task, level int, name int, outPtr
|
|||
|
||||
// SetSockOpt implements socket.Socket.SetSockOpt.
|
||||
func (s *socketOpsCommon) SetSockOpt(t *kernel.Task, level int, name int, opt []byte) *syserr.Error {
|
||||
// Whitelist options and constrain option length.
|
||||
// Only allow known and safe options.
|
||||
optlen := setSockOptLen(t, level, name)
|
||||
switch level {
|
||||
case linux.SOL_IP:
|
||||
|
@ -415,7 +415,7 @@ func (s *socketOpsCommon) SetSockOpt(t *kernel.Task, level int, name int, opt []
|
|||
|
||||
// RecvMsg implements socket.Socket.RecvMsg.
|
||||
func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags int, haveDeadline bool, deadline ktime.Time, senderRequested bool, controlLen uint64) (int, int, linux.SockAddr, uint32, socket.ControlMessages, *syserr.Error) {
|
||||
// Whitelist flags.
|
||||
// Only allow known and safe flags.
|
||||
//
|
||||
// FIXME(jamieliu): We can't support MSG_ERRQUEUE because it uses ancillary
|
||||
// messages that gvisor/pkg/tcpip/transport/unix doesn't understand. Kill the
|
||||
|
@ -537,7 +537,7 @@ func (s *socketOpsCommon) RecvMsg(t *kernel.Task, dst usermem.IOSequence, flags
|
|||
|
||||
// SendMsg implements socket.Socket.SendMsg.
|
||||
func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []byte, flags int, haveDeadline bool, deadline ktime.Time, controlMessages socket.ControlMessages) (int, *syserr.Error) {
|
||||
// Whitelist flags.
|
||||
// Only allow known and safe flags.
|
||||
if flags&^(syscall.MSG_DONTWAIT|syscall.MSG_EOR|syscall.MSG_FASTOPEN|syscall.MSG_MORE|syscall.MSG_NOSIGNAL) != 0 {
|
||||
return 0, syserr.ErrInvalidArgument
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue