822 lines
23 KiB
Go
822 lines
23 KiB
Go
// Copyright 2019 The gVisor Authors.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package proc
|
|
|
|
import (
|
|
"bytes"
|
|
"fmt"
|
|
"io"
|
|
"sort"
|
|
"strings"
|
|
|
|
"gvisor.dev/gvisor/pkg/abi/linux"
|
|
"gvisor.dev/gvisor/pkg/context"
|
|
"gvisor.dev/gvisor/pkg/safemem"
|
|
"gvisor.dev/gvisor/pkg/sentry/fs"
|
|
"gvisor.dev/gvisor/pkg/sentry/fsbridge"
|
|
"gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs"
|
|
"gvisor.dev/gvisor/pkg/sentry/kernel"
|
|
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
|
|
"gvisor.dev/gvisor/pkg/sentry/limits"
|
|
"gvisor.dev/gvisor/pkg/sentry/mm"
|
|
"gvisor.dev/gvisor/pkg/sentry/usage"
|
|
"gvisor.dev/gvisor/pkg/sentry/vfs"
|
|
"gvisor.dev/gvisor/pkg/syserror"
|
|
"gvisor.dev/gvisor/pkg/usermem"
|
|
)
|
|
|
|
// mm gets the kernel task's MemoryManager. No additional reference is taken on
|
|
// mm here. This is safe because MemoryManager.destroy is required to leave the
|
|
// MemoryManager in a state where it's still usable as a DynamicBytesSource.
|
|
func getMM(task *kernel.Task) *mm.MemoryManager {
|
|
var tmm *mm.MemoryManager
|
|
task.WithMuLocked(func(t *kernel.Task) {
|
|
if mm := t.MemoryManager(); mm != nil {
|
|
tmm = mm
|
|
}
|
|
})
|
|
return tmm
|
|
}
|
|
|
|
// getMMIncRef returns t's MemoryManager. If getMMIncRef succeeds, the
|
|
// MemoryManager's users count is incremented, and must be decremented by the
|
|
// caller when it is no longer in use.
|
|
func getMMIncRef(task *kernel.Task) (*mm.MemoryManager, error) {
|
|
if task.ExitState() == kernel.TaskExitDead {
|
|
return nil, syserror.ESRCH
|
|
}
|
|
var m *mm.MemoryManager
|
|
task.WithMuLocked(func(t *kernel.Task) {
|
|
m = t.MemoryManager()
|
|
})
|
|
if m == nil || !m.IncUsers() {
|
|
return nil, io.EOF
|
|
}
|
|
return m, nil
|
|
}
|
|
|
|
type bufferWriter struct {
|
|
buf *bytes.Buffer
|
|
}
|
|
|
|
// WriteFromBlocks writes up to srcs.NumBytes() bytes from srcs and returns
|
|
// the number of bytes written. It may return a partial write without an
|
|
// error (i.e. (n, nil) where 0 < n < srcs.NumBytes()). It should not
|
|
// return a full write with an error (i.e. srcs.NumBytes(), err) where err
|
|
// != nil).
|
|
func (w *bufferWriter) WriteFromBlocks(srcs safemem.BlockSeq) (uint64, error) {
|
|
written := srcs.NumBytes()
|
|
for !srcs.IsEmpty() {
|
|
w.buf.Write(srcs.Head().ToSlice())
|
|
srcs = srcs.Tail()
|
|
}
|
|
return written, nil
|
|
}
|
|
|
|
// auxvData implements vfs.DynamicBytesSource for /proc/[pid]/auxv.
|
|
//
|
|
// +stateify savable
|
|
type auxvData struct {
|
|
kernfs.DynamicBytesFile
|
|
|
|
task *kernel.Task
|
|
}
|
|
|
|
var _ dynamicInode = (*auxvData)(nil)
|
|
|
|
// Generate implements vfs.DynamicBytesSource.Generate.
|
|
func (d *auxvData) Generate(ctx context.Context, buf *bytes.Buffer) error {
|
|
m, err := getMMIncRef(d.task)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer m.DecUsers(ctx)
|
|
|
|
// Space for buffer with AT_NULL (0) terminator at the end.
|
|
auxv := m.Auxv()
|
|
buf.Grow((len(auxv) + 1) * 16)
|
|
for _, e := range auxv {
|
|
var tmp [8]byte
|
|
usermem.ByteOrder.PutUint64(tmp[:], e.Key)
|
|
buf.Write(tmp[:])
|
|
|
|
usermem.ByteOrder.PutUint64(tmp[:], uint64(e.Value))
|
|
buf.Write(tmp[:])
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// execArgType enumerates the types of exec arguments that are exposed through
|
|
// proc.
|
|
type execArgType int
|
|
|
|
const (
|
|
cmdlineDataArg execArgType = iota
|
|
environDataArg
|
|
)
|
|
|
|
// cmdlineData implements vfs.DynamicBytesSource for /proc/[pid]/cmdline.
|
|
//
|
|
// +stateify savable
|
|
type cmdlineData struct {
|
|
kernfs.DynamicBytesFile
|
|
|
|
task *kernel.Task
|
|
|
|
// arg is the type of exec argument this file contains.
|
|
arg execArgType
|
|
}
|
|
|
|
var _ dynamicInode = (*cmdlineData)(nil)
|
|
|
|
// Generate implements vfs.DynamicBytesSource.Generate.
|
|
func (d *cmdlineData) Generate(ctx context.Context, buf *bytes.Buffer) error {
|
|
m, err := getMMIncRef(d.task)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer m.DecUsers(ctx)
|
|
|
|
// Figure out the bounds of the exec arg we are trying to read.
|
|
var ar usermem.AddrRange
|
|
switch d.arg {
|
|
case cmdlineDataArg:
|
|
ar = usermem.AddrRange{
|
|
Start: m.ArgvStart(),
|
|
End: m.ArgvEnd(),
|
|
}
|
|
case environDataArg:
|
|
ar = usermem.AddrRange{
|
|
Start: m.EnvvStart(),
|
|
End: m.EnvvEnd(),
|
|
}
|
|
default:
|
|
panic(fmt.Sprintf("unknown exec arg type %v", d.arg))
|
|
}
|
|
if ar.Start == 0 || ar.End == 0 {
|
|
// Don't attempt to read before the start/end are set up.
|
|
return io.EOF
|
|
}
|
|
|
|
// N.B. Technically this should be usermem.IOOpts.IgnorePermissions = true
|
|
// until Linux 4.9 (272ddc8b3735 "proc: don't use FOLL_FORCE for reading
|
|
// cmdline and environment").
|
|
writer := &bufferWriter{buf: buf}
|
|
if n, err := m.CopyInTo(ctx, usermem.AddrRangeSeqOf(ar), writer, usermem.IOOpts{}); n == 0 || err != nil {
|
|
// Nothing to copy or something went wrong.
|
|
return err
|
|
}
|
|
|
|
// On Linux, if the NULL byte at the end of the argument vector has been
|
|
// overwritten, it continues reading the environment vector as part of
|
|
// the argument vector.
|
|
if d.arg == cmdlineDataArg && buf.Bytes()[buf.Len()-1] != 0 {
|
|
if end := bytes.IndexByte(buf.Bytes(), 0); end != -1 {
|
|
// If we found a NULL character somewhere else in argv, truncate the
|
|
// return up to the NULL terminator (including it).
|
|
buf.Truncate(end)
|
|
return nil
|
|
}
|
|
|
|
// There is no NULL terminator in the string, return into envp.
|
|
arEnvv := usermem.AddrRange{
|
|
Start: m.EnvvStart(),
|
|
End: m.EnvvEnd(),
|
|
}
|
|
|
|
// Upstream limits the returned amount to one page of slop.
|
|
// https://elixir.bootlin.com/linux/v4.20/source/fs/proc/base.c#L208
|
|
// we'll return one page total between argv and envp because of the
|
|
// above page restrictions.
|
|
if buf.Len() >= usermem.PageSize {
|
|
// Returned at least one page already, nothing else to add.
|
|
return nil
|
|
}
|
|
remaining := usermem.PageSize - buf.Len()
|
|
if int(arEnvv.Length()) > remaining {
|
|
end, ok := arEnvv.Start.AddLength(uint64(remaining))
|
|
if !ok {
|
|
return syserror.EFAULT
|
|
}
|
|
arEnvv.End = end
|
|
}
|
|
if _, err := m.CopyInTo(ctx, usermem.AddrRangeSeqOf(arEnvv), writer, usermem.IOOpts{}); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Linux will return envp up to and including the first NULL character,
|
|
// so find it.
|
|
if end := bytes.IndexByte(buf.Bytes()[ar.Length():], 0); end != -1 {
|
|
buf.Truncate(end)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// +stateify savable
|
|
type commInode struct {
|
|
kernfs.DynamicBytesFile
|
|
|
|
task *kernel.Task
|
|
}
|
|
|
|
func newComm(task *kernel.Task, ino uint64, perm linux.FileMode) *kernfs.Dentry {
|
|
inode := &commInode{task: task}
|
|
inode.DynamicBytesFile.Init(task.Credentials(), ino, &commData{task: task}, perm)
|
|
|
|
d := &kernfs.Dentry{}
|
|
d.Init(inode)
|
|
return d
|
|
}
|
|
|
|
func (i *commInode) CheckPermissions(ctx context.Context, creds *auth.Credentials, ats vfs.AccessTypes) error {
|
|
// This file can always be read or written by members of the same thread
|
|
// group. See fs/proc/base.c:proc_tid_comm_permission.
|
|
//
|
|
// N.B. This check is currently a no-op as we don't yet support writing and
|
|
// this file is world-readable anyways.
|
|
t := kernel.TaskFromContext(ctx)
|
|
if t != nil && t.ThreadGroup() == i.task.ThreadGroup() && !ats.MayExec() {
|
|
return nil
|
|
}
|
|
|
|
return i.DynamicBytesFile.CheckPermissions(ctx, creds, ats)
|
|
}
|
|
|
|
// commData implements vfs.DynamicBytesSource for /proc/[pid]/comm.
|
|
//
|
|
// +stateify savable
|
|
type commData struct {
|
|
kernfs.DynamicBytesFile
|
|
|
|
task *kernel.Task
|
|
}
|
|
|
|
var _ dynamicInode = (*commData)(nil)
|
|
|
|
// Generate implements vfs.DynamicBytesSource.Generate.
|
|
func (d *commData) Generate(ctx context.Context, buf *bytes.Buffer) error {
|
|
buf.WriteString(d.task.Name())
|
|
buf.WriteString("\n")
|
|
return nil
|
|
}
|
|
|
|
// idMapData implements vfs.DynamicBytesSource for /proc/[pid]/{gid_map|uid_map}.
|
|
//
|
|
// +stateify savable
|
|
type idMapData struct {
|
|
kernfs.DynamicBytesFile
|
|
|
|
task *kernel.Task
|
|
gids bool
|
|
}
|
|
|
|
var _ dynamicInode = (*idMapData)(nil)
|
|
|
|
// Generate implements vfs.DynamicBytesSource.Generate.
|
|
func (d *idMapData) Generate(ctx context.Context, buf *bytes.Buffer) error {
|
|
var entries []auth.IDMapEntry
|
|
if d.gids {
|
|
entries = d.task.UserNamespace().GIDMap()
|
|
} else {
|
|
entries = d.task.UserNamespace().UIDMap()
|
|
}
|
|
for _, e := range entries {
|
|
fmt.Fprintf(buf, "%10d %10d %10d\n", e.FirstID, e.FirstParentID, e.Length)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// mapsData implements vfs.DynamicBytesSource for /proc/[pid]/maps.
|
|
//
|
|
// +stateify savable
|
|
type mapsData struct {
|
|
kernfs.DynamicBytesFile
|
|
|
|
task *kernel.Task
|
|
}
|
|
|
|
var _ dynamicInode = (*mapsData)(nil)
|
|
|
|
// Generate implements vfs.DynamicBytesSource.Generate.
|
|
func (d *mapsData) Generate(ctx context.Context, buf *bytes.Buffer) error {
|
|
if mm := getMM(d.task); mm != nil {
|
|
mm.ReadMapsDataInto(ctx, buf)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// smapsData implements vfs.DynamicBytesSource for /proc/[pid]/smaps.
|
|
//
|
|
// +stateify savable
|
|
type smapsData struct {
|
|
kernfs.DynamicBytesFile
|
|
|
|
task *kernel.Task
|
|
}
|
|
|
|
var _ dynamicInode = (*smapsData)(nil)
|
|
|
|
// Generate implements vfs.DynamicBytesSource.Generate.
|
|
func (d *smapsData) Generate(ctx context.Context, buf *bytes.Buffer) error {
|
|
if mm := getMM(d.task); mm != nil {
|
|
mm.ReadSmapsDataInto(ctx, buf)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// +stateify savable
|
|
type taskStatData struct {
|
|
kernfs.DynamicBytesFile
|
|
|
|
task *kernel.Task
|
|
|
|
// If tgstats is true, accumulate fault stats (not implemented) and CPU
|
|
// time across all tasks in t's thread group.
|
|
tgstats bool
|
|
|
|
// pidns is the PID namespace associated with the proc filesystem that
|
|
// includes the file using this statData.
|
|
pidns *kernel.PIDNamespace
|
|
}
|
|
|
|
var _ dynamicInode = (*taskStatData)(nil)
|
|
|
|
// Generate implements vfs.DynamicBytesSource.Generate.
|
|
func (s *taskStatData) Generate(ctx context.Context, buf *bytes.Buffer) error {
|
|
fmt.Fprintf(buf, "%d ", s.pidns.IDOfTask(s.task))
|
|
fmt.Fprintf(buf, "(%s) ", s.task.Name())
|
|
fmt.Fprintf(buf, "%c ", s.task.StateStatus()[0])
|
|
ppid := kernel.ThreadID(0)
|
|
if parent := s.task.Parent(); parent != nil {
|
|
ppid = s.pidns.IDOfThreadGroup(parent.ThreadGroup())
|
|
}
|
|
fmt.Fprintf(buf, "%d ", ppid)
|
|
fmt.Fprintf(buf, "%d ", s.pidns.IDOfProcessGroup(s.task.ThreadGroup().ProcessGroup()))
|
|
fmt.Fprintf(buf, "%d ", s.pidns.IDOfSession(s.task.ThreadGroup().Session()))
|
|
fmt.Fprintf(buf, "0 0 " /* tty_nr tpgid */)
|
|
fmt.Fprintf(buf, "0 " /* flags */)
|
|
fmt.Fprintf(buf, "0 0 0 0 " /* minflt cminflt majflt cmajflt */)
|
|
var cputime usage.CPUStats
|
|
if s.tgstats {
|
|
cputime = s.task.ThreadGroup().CPUStats()
|
|
} else {
|
|
cputime = s.task.CPUStats()
|
|
}
|
|
fmt.Fprintf(buf, "%d %d ", linux.ClockTFromDuration(cputime.UserTime), linux.ClockTFromDuration(cputime.SysTime))
|
|
cputime = s.task.ThreadGroup().JoinedChildCPUStats()
|
|
fmt.Fprintf(buf, "%d %d ", linux.ClockTFromDuration(cputime.UserTime), linux.ClockTFromDuration(cputime.SysTime))
|
|
fmt.Fprintf(buf, "%d %d ", s.task.Priority(), s.task.Niceness())
|
|
fmt.Fprintf(buf, "%d ", s.task.ThreadGroup().Count())
|
|
|
|
// itrealvalue. Since kernel 2.6.17, this field is no longer
|
|
// maintained, and is hard coded as 0.
|
|
fmt.Fprintf(buf, "0 ")
|
|
|
|
// Start time is relative to boot time, expressed in clock ticks.
|
|
fmt.Fprintf(buf, "%d ", linux.ClockTFromDuration(s.task.StartTime().Sub(s.task.Kernel().Timekeeper().BootTime())))
|
|
|
|
var vss, rss uint64
|
|
s.task.WithMuLocked(func(t *kernel.Task) {
|
|
if mm := t.MemoryManager(); mm != nil {
|
|
vss = mm.VirtualMemorySize()
|
|
rss = mm.ResidentSetSize()
|
|
}
|
|
})
|
|
fmt.Fprintf(buf, "%d %d ", vss, rss/usermem.PageSize)
|
|
|
|
// rsslim.
|
|
fmt.Fprintf(buf, "%d ", s.task.ThreadGroup().Limits().Get(limits.Rss).Cur)
|
|
|
|
fmt.Fprintf(buf, "0 0 0 0 0 " /* startcode endcode startstack kstkesp kstkeip */)
|
|
fmt.Fprintf(buf, "0 0 0 0 0 " /* signal blocked sigignore sigcatch wchan */)
|
|
fmt.Fprintf(buf, "0 0 " /* nswap cnswap */)
|
|
terminationSignal := linux.Signal(0)
|
|
if s.task == s.task.ThreadGroup().Leader() {
|
|
terminationSignal = s.task.ThreadGroup().TerminationSignal()
|
|
}
|
|
fmt.Fprintf(buf, "%d ", terminationSignal)
|
|
fmt.Fprintf(buf, "0 0 0 " /* processor rt_priority policy */)
|
|
fmt.Fprintf(buf, "0 0 0 " /* delayacct_blkio_ticks guest_time cguest_time */)
|
|
fmt.Fprintf(buf, "0 0 0 0 0 0 0 " /* start_data end_data start_brk arg_start arg_end env_start env_end */)
|
|
fmt.Fprintf(buf, "0\n" /* exit_code */)
|
|
|
|
return nil
|
|
}
|
|
|
|
// statmData implements vfs.DynamicBytesSource for /proc/[pid]/statm.
|
|
//
|
|
// +stateify savable
|
|
type statmData struct {
|
|
kernfs.DynamicBytesFile
|
|
|
|
task *kernel.Task
|
|
}
|
|
|
|
var _ dynamicInode = (*statmData)(nil)
|
|
|
|
// Generate implements vfs.DynamicBytesSource.Generate.
|
|
func (s *statmData) Generate(ctx context.Context, buf *bytes.Buffer) error {
|
|
var vss, rss uint64
|
|
s.task.WithMuLocked(func(t *kernel.Task) {
|
|
if mm := t.MemoryManager(); mm != nil {
|
|
vss = mm.VirtualMemorySize()
|
|
rss = mm.ResidentSetSize()
|
|
}
|
|
})
|
|
|
|
fmt.Fprintf(buf, "%d %d 0 0 0 0 0\n", vss/usermem.PageSize, rss/usermem.PageSize)
|
|
return nil
|
|
}
|
|
|
|
// statusData implements vfs.DynamicBytesSource for /proc/[pid]/status.
|
|
//
|
|
// +stateify savable
|
|
type statusData struct {
|
|
kernfs.DynamicBytesFile
|
|
|
|
task *kernel.Task
|
|
pidns *kernel.PIDNamespace
|
|
}
|
|
|
|
var _ dynamicInode = (*statusData)(nil)
|
|
|
|
// Generate implements vfs.DynamicBytesSource.Generate.
|
|
func (s *statusData) Generate(ctx context.Context, buf *bytes.Buffer) error {
|
|
fmt.Fprintf(buf, "Name:\t%s\n", s.task.Name())
|
|
fmt.Fprintf(buf, "State:\t%s\n", s.task.StateStatus())
|
|
fmt.Fprintf(buf, "Tgid:\t%d\n", s.pidns.IDOfThreadGroup(s.task.ThreadGroup()))
|
|
fmt.Fprintf(buf, "Pid:\t%d\n", s.pidns.IDOfTask(s.task))
|
|
ppid := kernel.ThreadID(0)
|
|
if parent := s.task.Parent(); parent != nil {
|
|
ppid = s.pidns.IDOfThreadGroup(parent.ThreadGroup())
|
|
}
|
|
fmt.Fprintf(buf, "PPid:\t%d\n", ppid)
|
|
tpid := kernel.ThreadID(0)
|
|
if tracer := s.task.Tracer(); tracer != nil {
|
|
tpid = s.pidns.IDOfTask(tracer)
|
|
}
|
|
fmt.Fprintf(buf, "TracerPid:\t%d\n", tpid)
|
|
var fds int
|
|
var vss, rss, data uint64
|
|
s.task.WithMuLocked(func(t *kernel.Task) {
|
|
if fdTable := t.FDTable(); fdTable != nil {
|
|
fds = fdTable.Size()
|
|
}
|
|
if mm := t.MemoryManager(); mm != nil {
|
|
vss = mm.VirtualMemorySize()
|
|
rss = mm.ResidentSetSize()
|
|
data = mm.VirtualDataSize()
|
|
}
|
|
})
|
|
fmt.Fprintf(buf, "FDSize:\t%d\n", fds)
|
|
fmt.Fprintf(buf, "VmSize:\t%d kB\n", vss>>10)
|
|
fmt.Fprintf(buf, "VmRSS:\t%d kB\n", rss>>10)
|
|
fmt.Fprintf(buf, "VmData:\t%d kB\n", data>>10)
|
|
fmt.Fprintf(buf, "Threads:\t%d\n", s.task.ThreadGroup().Count())
|
|
creds := s.task.Credentials()
|
|
fmt.Fprintf(buf, "CapInh:\t%016x\n", creds.InheritableCaps)
|
|
fmt.Fprintf(buf, "CapPrm:\t%016x\n", creds.PermittedCaps)
|
|
fmt.Fprintf(buf, "CapEff:\t%016x\n", creds.EffectiveCaps)
|
|
fmt.Fprintf(buf, "CapBnd:\t%016x\n", creds.BoundingCaps)
|
|
fmt.Fprintf(buf, "Seccomp:\t%d\n", s.task.SeccompMode())
|
|
// We unconditionally report a single NUMA node. See
|
|
// pkg/sentry/syscalls/linux/sys_mempolicy.go.
|
|
fmt.Fprintf(buf, "Mems_allowed:\t1\n")
|
|
fmt.Fprintf(buf, "Mems_allowed_list:\t0\n")
|
|
return nil
|
|
}
|
|
|
|
// ioUsage is the /proc/[pid]/io and /proc/[pid]/task/[tid]/io data provider.
|
|
type ioUsage interface {
|
|
// IOUsage returns the io usage data.
|
|
IOUsage() *usage.IO
|
|
}
|
|
|
|
// +stateify savable
|
|
type ioData struct {
|
|
kernfs.DynamicBytesFile
|
|
|
|
ioUsage
|
|
}
|
|
|
|
var _ dynamicInode = (*ioData)(nil)
|
|
|
|
// Generate implements vfs.DynamicBytesSource.Generate.
|
|
func (i *ioData) Generate(ctx context.Context, buf *bytes.Buffer) error {
|
|
io := usage.IO{}
|
|
io.Accumulate(i.IOUsage())
|
|
|
|
fmt.Fprintf(buf, "char: %d\n", io.CharsRead)
|
|
fmt.Fprintf(buf, "wchar: %d\n", io.CharsWritten)
|
|
fmt.Fprintf(buf, "syscr: %d\n", io.ReadSyscalls)
|
|
fmt.Fprintf(buf, "syscw: %d\n", io.WriteSyscalls)
|
|
fmt.Fprintf(buf, "read_bytes: %d\n", io.BytesRead)
|
|
fmt.Fprintf(buf, "write_bytes: %d\n", io.BytesWritten)
|
|
fmt.Fprintf(buf, "cancelled_write_bytes: %d\n", io.BytesWriteCancelled)
|
|
return nil
|
|
}
|
|
|
|
// oomScoreAdj is a stub of the /proc/<pid>/oom_score_adj file.
|
|
//
|
|
// +stateify savable
|
|
type oomScoreAdj struct {
|
|
kernfs.DynamicBytesFile
|
|
|
|
task *kernel.Task
|
|
}
|
|
|
|
var _ vfs.WritableDynamicBytesSource = (*oomScoreAdj)(nil)
|
|
|
|
// Generate implements vfs.DynamicBytesSource.Generate.
|
|
func (o *oomScoreAdj) Generate(ctx context.Context, buf *bytes.Buffer) error {
|
|
if o.task.ExitState() == kernel.TaskExitDead {
|
|
return syserror.ESRCH
|
|
}
|
|
fmt.Fprintf(buf, "%d\n", o.task.OOMScoreAdj())
|
|
return nil
|
|
}
|
|
|
|
// Write implements vfs.WritableDynamicBytesSource.Write.
|
|
func (o *oomScoreAdj) Write(ctx context.Context, src usermem.IOSequence, offset int64) (int64, error) {
|
|
if src.NumBytes() == 0 {
|
|
return 0, nil
|
|
}
|
|
|
|
// Limit input size so as not to impact performance if input size is large.
|
|
src = src.TakeFirst(usermem.PageSize - 1)
|
|
|
|
var v int32
|
|
n, err := usermem.CopyInt32StringInVec(ctx, src.IO, src.Addrs, &v, src.Opts)
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
|
|
if o.task.ExitState() == kernel.TaskExitDead {
|
|
return 0, syserror.ESRCH
|
|
}
|
|
if err := o.task.SetOOMScoreAdj(v); err != nil {
|
|
return 0, err
|
|
}
|
|
|
|
return n, nil
|
|
}
|
|
|
|
// exeSymlink is an symlink for the /proc/[pid]/exe file.
|
|
//
|
|
// +stateify savable
|
|
type exeSymlink struct {
|
|
kernfs.InodeAttrs
|
|
kernfs.InodeNoopRefCount
|
|
kernfs.InodeSymlink
|
|
|
|
task *kernel.Task
|
|
}
|
|
|
|
var _ kernfs.Inode = (*exeSymlink)(nil)
|
|
|
|
func newExeSymlink(task *kernel.Task, ino uint64) *kernfs.Dentry {
|
|
inode := &exeSymlink{task: task}
|
|
inode.Init(task.Credentials(), ino, linux.ModeSymlink|0777)
|
|
|
|
d := &kernfs.Dentry{}
|
|
d.Init(inode)
|
|
return d
|
|
}
|
|
|
|
// Readlink implements kernfs.Inode.
|
|
func (s *exeSymlink) Readlink(ctx context.Context) (string, error) {
|
|
if !kernel.ContextCanTrace(ctx, s.task, false) {
|
|
return "", syserror.EACCES
|
|
}
|
|
|
|
// Pull out the executable for /proc/[pid]/exe.
|
|
exec, err := s.executable()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
defer exec.DecRef()
|
|
|
|
return exec.PathnameWithDeleted(ctx), nil
|
|
}
|
|
|
|
func (s *exeSymlink) executable() (file fsbridge.File, err error) {
|
|
s.task.WithMuLocked(func(t *kernel.Task) {
|
|
mm := t.MemoryManager()
|
|
if mm == nil {
|
|
// TODO(b/34851096): Check shouldn't allow Readlink once the
|
|
// Task is zombied.
|
|
err = syserror.EACCES
|
|
return
|
|
}
|
|
|
|
// The MemoryManager may be destroyed, in which case
|
|
// MemoryManager.destroy will simply set the executable to nil
|
|
// (with locks held).
|
|
file = mm.Executable()
|
|
if file == nil {
|
|
err = syserror.ENOENT
|
|
}
|
|
})
|
|
return
|
|
}
|
|
|
|
// forEachMountSource runs f for the process root mount and each mount that is
|
|
// a descendant of the root.
|
|
func forEachMount(t *kernel.Task, fn func(string, *fs.Mount)) {
|
|
var fsctx *kernel.FSContext
|
|
t.WithMuLocked(func(t *kernel.Task) {
|
|
fsctx = t.FSContext()
|
|
})
|
|
if fsctx == nil {
|
|
// The task has been destroyed. Nothing to show here.
|
|
return
|
|
}
|
|
|
|
// All mount points must be relative to the rootDir, and mounts outside
|
|
// will be excluded.
|
|
rootDir := fsctx.RootDirectory()
|
|
if rootDir == nil {
|
|
// The task has been destroyed. Nothing to show here.
|
|
return
|
|
}
|
|
defer rootDir.DecRef()
|
|
|
|
mnt := t.MountNamespace().FindMount(rootDir)
|
|
if mnt == nil {
|
|
// Has it just been unmounted?
|
|
return
|
|
}
|
|
ms := t.MountNamespace().AllMountsUnder(mnt)
|
|
sort.Slice(ms, func(i, j int) bool {
|
|
return ms[i].ID < ms[j].ID
|
|
})
|
|
for _, m := range ms {
|
|
mroot := m.Root()
|
|
if mroot == nil {
|
|
continue // No longer valid.
|
|
}
|
|
mountPath, desc := mroot.FullName(rootDir)
|
|
mroot.DecRef()
|
|
if !desc {
|
|
// MountSources that are not descendants of the chroot jail are ignored.
|
|
continue
|
|
}
|
|
fn(mountPath, m)
|
|
}
|
|
}
|
|
|
|
// mountInfoData is used to implement /proc/[pid]/mountinfo.
|
|
//
|
|
// +stateify savable
|
|
type mountInfoData struct {
|
|
kernfs.DynamicBytesFile
|
|
|
|
task *kernel.Task
|
|
}
|
|
|
|
var _ dynamicInode = (*mountInfoData)(nil)
|
|
|
|
// Generate implements vfs.DynamicBytesSource.Generate.
|
|
func (i *mountInfoData) Generate(ctx context.Context, buf *bytes.Buffer) error {
|
|
forEachMount(i.task, func(mountPath string, m *fs.Mount) {
|
|
mroot := m.Root()
|
|
if mroot == nil {
|
|
return // No longer valid.
|
|
}
|
|
defer mroot.DecRef()
|
|
|
|
// Format:
|
|
// 36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
|
|
// (1)(2)(3) (4) (5) (6) (7) (8) (9) (10) (11)
|
|
|
|
// (1) MountSource ID.
|
|
fmt.Fprintf(buf, "%d ", m.ID)
|
|
|
|
// (2) Parent ID (or this ID if there is no parent).
|
|
pID := m.ID
|
|
if !m.IsRoot() && !m.IsUndo() {
|
|
pID = m.ParentID
|
|
}
|
|
fmt.Fprintf(buf, "%d ", pID)
|
|
|
|
// (3) Major:Minor device ID. We don't have a superblock, so we
|
|
// just use the root inode device number.
|
|
sa := mroot.Inode.StableAttr
|
|
fmt.Fprintf(buf, "%d:%d ", sa.DeviceFileMajor, sa.DeviceFileMinor)
|
|
|
|
// (4) Root: the pathname of the directory in the filesystem
|
|
// which forms the root of this mount.
|
|
//
|
|
// NOTE(b/78135857): This will always be "/" until we implement
|
|
// bind mounts.
|
|
fmt.Fprintf(buf, "/ ")
|
|
|
|
// (5) Mount point (relative to process root).
|
|
fmt.Fprintf(buf, "%s ", mountPath)
|
|
|
|
// (6) Mount options.
|
|
flags := mroot.Inode.MountSource.Flags
|
|
opts := "rw"
|
|
if flags.ReadOnly {
|
|
opts = "ro"
|
|
}
|
|
if flags.NoAtime {
|
|
opts += ",noatime"
|
|
}
|
|
if flags.NoExec {
|
|
opts += ",noexec"
|
|
}
|
|
fmt.Fprintf(buf, "%s ", opts)
|
|
|
|
// (7) Optional fields: zero or more fields of the form "tag[:value]".
|
|
// (8) Separator: the end of the optional fields is marked by a single hyphen.
|
|
fmt.Fprintf(buf, "- ")
|
|
|
|
// (9) Filesystem type.
|
|
fmt.Fprintf(buf, "%s ", mroot.Inode.MountSource.FilesystemType)
|
|
|
|
// (10) Mount source: filesystem-specific information or "none".
|
|
fmt.Fprintf(buf, "none ")
|
|
|
|
// (11) Superblock options, and final newline.
|
|
fmt.Fprintf(buf, "%s\n", superBlockOpts(mountPath, mroot.Inode.MountSource))
|
|
})
|
|
return nil
|
|
}
|
|
|
|
func superBlockOpts(mountPath string, msrc *fs.MountSource) string {
|
|
// gVisor doesn't (yet) have a concept of super block options, so we
|
|
// use the ro/rw bit from the mount flag.
|
|
opts := "rw"
|
|
if msrc.Flags.ReadOnly {
|
|
opts = "ro"
|
|
}
|
|
|
|
// NOTE(b/147673608): If the mount is a cgroup, we also need to include
|
|
// the cgroup name in the options. For now we just read that from the
|
|
// path.
|
|
// TODO(gvisor.dev/issues/190): Once gVisor has full cgroup support, we
|
|
// should get this value from the cgroup itself, and not rely on the
|
|
// path.
|
|
if msrc.FilesystemType == "cgroup" {
|
|
splitPath := strings.Split(mountPath, "/")
|
|
cgroupType := splitPath[len(splitPath)-1]
|
|
opts += "," + cgroupType
|
|
}
|
|
return opts
|
|
}
|
|
|
|
// mountsData is used to implement /proc/[pid]/mounts.
|
|
//
|
|
// +stateify savable
|
|
type mountsData struct {
|
|
kernfs.DynamicBytesFile
|
|
|
|
task *kernel.Task
|
|
}
|
|
|
|
var _ dynamicInode = (*mountInfoData)(nil)
|
|
|
|
// Generate implements vfs.DynamicBytesSource.Generate.
|
|
func (i *mountsData) Generate(ctx context.Context, buf *bytes.Buffer) error {
|
|
forEachMount(i.task, func(mountPath string, m *fs.Mount) {
|
|
// Format:
|
|
// <special device or remote filesystem> <mount point> <filesystem type> <mount options> <needs dump> <fsck order>
|
|
//
|
|
// We use the filesystem name as the first field, since there
|
|
// is no real block device we can point to, and we also should
|
|
// not expose anything about the remote filesystem.
|
|
//
|
|
// Only ro/rw option is supported for now.
|
|
//
|
|
// The "needs dump"and fsck flags are always 0, which is allowed.
|
|
root := m.Root()
|
|
if root == nil {
|
|
return // No longer valid.
|
|
}
|
|
defer root.DecRef()
|
|
|
|
flags := root.Inode.MountSource.Flags
|
|
opts := "rw"
|
|
if flags.ReadOnly {
|
|
opts = "ro"
|
|
}
|
|
fmt.Fprintf(buf, "%s %s %s %s %d %d\n", "none", mountPath, root.Inode.MountSource.FilesystemType, opts, 0, 0)
|
|
})
|
|
return nil
|
|
}
|