| Age | Commit message (Collapse) | Author |
|---|
|
CL 416115 added using faccessat2(2) from syscall.Faccessat on Linux
(which is the only true way to implement AT_EACCESS flag handing),
if available. If not available, it uses some heuristics to mimic the
kernel behavior, mostly taken from glibc (see CL 126415).
Next, CL 414824 added using the above call (via unix.Eaccess) to
exec.LookPath in order to check if the binary can really be executed.
As a result, in a very specific scenario, described below,
syscall.Faccessat (and thus exec.LookPath) mistakenly tells that the
binary can not be executed, while in reality it can be. This makes
this bug a regression in Go 1.20.
This scenario involves all these conditions:
- no faccessat2 support available (i.e. either Linux kernel < 5.8,
or a seccomp set up to disable faccessat2);
- the current user is not root (i.e. geteuid() != 0);
- CAP_DAC_OVERRIDE capability is set for the current process;
- the file to be executed does not have executable permission
bit set for either the current EUID or EGID;
- the file to be executed have at least one executable bit set.
Unfortunately, this set of conditions was observed in the wild -- a
container run as a non-root user with the binary file owned by root with
executable permission set for a user only [1]. Essentially it means it
is not as rare as it may seem.
Now, CAP_DAC_OVERRIDE essentially makes the kernel bypass most of the
checks, so execve(2) and friends work the same was as for root user,
i.e. if at least one executable bit it set, the permission to execute
is granted (see generic_permission() function in the Linux kernel).
Modify the code to check for CAP_DAC_OVERRIDE and mimic the kernel
behavior for permission checks.
[1] https://github.com/opencontainers/runc/issues/3715
Fixes #58552.
Change-Id: I82a7e757ab3fd3d0193690a65c3b48fee46ff067
Reviewed-on: https://go-review.googlesource.com/c/go/+/468735
Reviewed-by: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
This CL regenerates zsyscall_windows.go, which was incorrectly
hand-edited in CL 463842.
Change-Id: Id556e69a282b2291a0b293b276ed4b9e0aeec105
Reviewed-on: https://go-review.googlesource.com/c/go/+/463848
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Quim Muntal <quimmuntal@gmail.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Bryan Mills <bcmills@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
|
|
This CL removes a fallback that used LoadLibraryA when the runtime
was loading system DLLs on Windows 7, Windows Server 2008 R2,
or earlier.
We can safely remove that fallback now, as go1.21 will require at least
Windows 8 or Server 2012.
This CL also saves some syscall initialization time and bytes:
new:
init syscall @2.3 ms, 0 ms clock, 1000 bytes, 18 allocs
old:
init syscall @3.6 ms, 0.52 ms clock, 1744 bytes, 24 allocs
Updates #57003
Change-Id: I7dcc1173537785b6b580e9f78632c0c74da658d4
Reviewed-on: https://go-review.googlesource.com/c/go/+/463842
Reviewed-by: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Quim Muntal <quimmuntal@gmail.com>
Reviewed-by: Damien Neil <dneil@google.com>
|
|
We currently check for at least three different permission bits before
running tests that require root permissions: we look for UID 0, lack
of an LXC container, and lack of a Docker container, and probe a
number of distro-specific files in /proc and /sys.
The sheer number of these checks suggests that we have probably missed
at least one. Per Alan J. Perlis, “If you have a procedure with ten
parameters, you probably missed some.” (And, indeed, we definitely
have: a Debian patch¹ adds one more environment check!)
CL 58170 added some of these container checks, but “decided to go this
way instead of just skipping os.IsPermission errors because many of
those tests were specifically written to check false positive
permission errors.” However, we can't in general distinguish between a
false-positive error and a real one caused by a container: if one is
making a change to the syscall package, they should run the tests with
-v and check for unexpected skips.
Notably:
- TestUnshare already skips itself if the command fails with an error
ending in the string "operation not permitted", which could be caused
by a variety of possible bugs.
- The Unshare tests added in CL 38471 will fail with a permission
error if CLONE_NEWNS is not supported, but it seems to me that if
CLONE_NEWNS is supported — sufficient to start the process! — then
Unmount must also be supported, and the test can at least check that
the two are consistent.
- The AmbientCaps tests should fail to start the subprocess with
EINVAL or similar (not produce bogus output) if the kernel does not
support ambient caps for any reason, which we can then detect.
(If the subprocess fails in the way the test is concerned about, it
will exit with status 2, not fail to start in the first place.)
By executing the system calls and checking for permission errors,
this change exposed an existing bug for AmbientCaps (filed as #57208),
which was detected by the linux-arm-aws builder.
For #57208.
Updates #21379.
Updates #14693.
¹https://sources.debian.org/patches/golang-1.19/1.19.3-1/0006-skip-userns-test-in-schroot-as-well.patch/
Change-Id: I9b167661fa1bb823168c8b50d8bbbf9643e49f76
Reviewed-on: https://go-review.googlesource.com/c/go/+/456375
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Bryan Mills <bcmills@google.com>
Reviewed-by: Alexander Morozov <lk4d4math@gmail.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
|
|
The various forkAndExecInChild implementations have comments
explaining that they pre-declare variables to force allocations
to occur before forking, but then later use ":=" declarations
for additional variables.
To make it clearer that those ":=" declarations do not allocate,
we move their declarations up to the predeclared blocks.
For #57208.
Change-Id: Ie8cb577fa7180b51b64d6dc398169053fdf8ea97
Reviewed-on: https://go-review.googlesource.com/c/go/+/456516
Auto-Submit: Bryan Mills <bcmills@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
This brings the exported field names on these GOARCHes
in line with the other supported linux platforms.
Fixes #57313.
Change-Id: I2107a7116ba60dc0c0a27f776318e3eb69e51682
Reviewed-on: https://go-review.googlesource.com/c/go/+/457557
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Bryan Mills <bcmills@google.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Bryan Mills <bcmills@google.com>
|
|
Change-Id: I3e9f05d221990b1ae464545d6d8b2e22c35bca21
Reviewed-on: https://go-review.googlesource.com/c/go/+/463077
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
An Apple engineer suggests that since __fork is not public API,
it would be better to use a different fix. With the benefit of source code,
they suggest using xpc_date_create_from_current instead of
xpc_atfork_child. The latter sets some flags that disable certain
functionality for the remainder of the process lifetime (expecting exec),
while the former should do the necessary setup.
Reverting the __fork fix in order to prepare a clean fix based
on CL 451735 using xpc_date_create_from_current.
This reverts commit c61d322d5f9e3fcffa4c523892af432dca030c12.
Change-Id: I2da293ff537237ffd2d40ad756d827c95c84635b
Reviewed-on: https://go-review.googlesource.com/c/go/+/460475
Auto-Submit: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
|
|
When building in schroot (for building Debian package),
the cgroupfs is not mounted in schroot (only sysfs is mounted).
Change-Id: Ieddac7b2f334d58d832f5d84d81af812badf3720
Reviewed-on: https://go-review.googlesource.com/c/go/+/460539
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
|
|
Issues #33565 and #56784 were caused by hangs in the child process
after fork, while it ran atfork handlers that ran into slow paths that
didn't work in the child.
CL 451735 worked around those two issues by calling a couple functions
at startup to try to warm up those child paths. That mostly worked,
but it broke programs using cgo with certain macOS frameworks (#57263).
CL 459175 reverted CL 451735.
This CL introduces a different fix: bypass the atfork child handlers
entirely. For a general fork call where the child and parent are both
meant to keep executing the original program, atfork handlers can be
necessary to fix any state that would otherwise be tied to the parent
process. But Go only uses fork as preparation for exec, and it takes
care to limit what it attempts to do in the child between the fork and
exec. In particular it doesn't use any of the things that the macOS
atfork handlers are trying to fix up (malloc, xpc, others). So we can
use the low-level fork system call (__fork) instead of the
atfork-wrapped one.
The full list of functions that can be called in a child after fork in
exec_libc2.go is:
- ptrace
- setsid
- setpgid
- getpid
- ioctl
- chroot
- setgroups
- setgid
- setuid
- chdir
- dup2
- fcntl
- close
- execve
- write
- exit
I disassembled all of these while attached to a hung exec.test binary
and confirmed that nearly all of them are making direct kernel calls,
not using anything that the atfork handler needs to fix up.
The exceptions are ioctl, fcntl, and exit.
The ioctl and fcntl implementations do some extra work around the
kernel call but don't call any other functions, so they should still
be OK. (If not, we could use __ioctl and __fcntl instead, but without
a good reason, we should keep using the standard entry points.)
The exit implementation calls atexit handlers. That is almost
certainly inappropriate in a failed fork child, so this CL changes
that call to __exit on darwin. To avoid making unnecessary changes at
this point in the release cycle, this CL leaves OpenBSD calling plain
exit, even though that is probably a bug in the OpenBSD port
(filed #57446).
Fixes #33565.
Fixes #56784.
Fixes #57263.
Change-Id: I26812c26a72bdd7fcf72ec41899ba11cf6b9c4ab
Reviewed-on: https://go-review.googlesource.com/c/go/+/459176
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
|
|
The Android seccomp policy does not allow faccessat2, so attempting to
use it results in a SIGSYS. Avoid it and go straight to the fallback.
Fixes #57393.
Change-Id: I8d4e12a6f46cea5642d3b5b5a02c682529882f29
Reviewed-on: https://go-review.googlesource.com/c/go/+/458495
Reviewed-by: Austin Clements <austin@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Changkun Ou <mail@changkun.de>
Run-TryBot: Michael Pratt <mpratt@google.com>
|
|
Our minimum Linux version is 2.6.32, and the accept4 system call was
introduced in 2.6.28, so we use accept4 everywhere. Unfortunately,
it turns out that the accept4 system call was only added to
linux-arm in 2.6.36, so for linux-arm only we need to try the accept4
system call and then fall back to accept if it doesn't work.
The code we use on linux-arm is the code we used in Go 1.17.
On non-arm platforms we continue using the simpler code introduced
in Go 1.18.
Adding accept4 to the ARM Linux kernel was:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21d93e2e29722d7832f61cc56d73fb953ee6578e
Fixes #57333
Change-Id: I6680cb54dd4d3514a6887dda8906e6708c64459d
Reviewed-on: https://go-review.googlesource.com/c/go/+/457995
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
After dup'ing file descriptors in syscall.ProcAttr.Files to pass
to the exec'ed process, the logic for closing the old descriptors
was incorrect and could close the new descriptor instead.
Fixes #57180
Change-Id: I7725f21a465ffba57050fe4e36f3d36ba181cfb2
Reviewed-on: https://go-review.googlesource.com/c/go/+/457115
Run-TryBot: David du Colombier <0intro@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Bryan Mills <bcmills@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: David du Colombier <0intro@gmail.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
|
|
The skipping logic should also trigger if /sys/fs/cgroup is
mounted read-only too. This is how it is mounted on the
ppc64le/p10 containers today.
Fixes #57262
Change-Id: Idc0ab050052ebf5777ac09f9519215b437b0ee7c
Reviewed-on: https://go-review.googlesource.com/c/go/+/456835
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Bryan Mills <bcmills@google.com>
Run-TryBot: Paul Murphy <murp@ibm.com>
|
|
Fixes #57208.
Updates #23152.
Change-Id: Icc9a74aeb26f1b6f151162c5d6bf1b4d7cd54d0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/456515
Run-TryBot: Bryan Mills <bcmills@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
All mips variant perform syscalls similarly. R2 (v0) holds r1 and R3
(v1) holds r2 of a syscall. The latter is only used by 2-ret syscalls.
A 1-ret syscall would not touch R3 but keeps it as is, making r2 be a
random value. Always reset it to 0 before SYSCALL to fix the issue.
Fixes #56426
Change-Id: Ie49965c0c3c224c4a895703ac659205cd040ff56
Reviewed-on: https://go-review.googlesource.com/c/go/+/452975
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Meng Zhuo <mzh@golangcn.org>
Reviewed-by: Austin Clements <austin@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Meng Zhuo <mzh@golangcn.org>
|
|
Change-Id: I69065f8adf101fdb28682c55997f503013a50e29
Reviewed-on: https://go-review.googlesource.com/c/go/+/449757
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Joedian Reid <joedian@golang.org>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Keith Randall <khr@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Joedian Reid <joedian@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
Updates syscall.Open to support opening directories via CreateFileW.
CreateFileW handles are more versatile than FindFirstFile handles.
They can be used in Win32 APIs like GetFileInformationByHandle and
SetFilePointerEx, which are needed by some Go APIs.
Fixes #52747
Fixes #36019
Change-Id: I26a00cef9844fb4abeeb18d2f9d854162a146651
Reviewed-on: https://go-review.googlesource.com/c/go/+/405275
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Patrik Nyblom <pnyb@google.com>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Quim Muntal <quimmuntal@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
Change-Id: Ia5a090953d324f0f8aa9c1808c88125ad5eb6f98
Reviewed-on: https://go-review.googlesource.com/c/go/+/448955
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Bryan Mills <bcmills@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
|
|
Check for and reject environment variables containing NULs.
The conventions for passing environment variables to subprocesses
cause most or all systems to interpret a NUL as a separator. The
syscall package rejects environment variables containing a NUL
on most systems, but erroniously did not do so on Windows. This
causes an environment variable such as "FOO=a\x00BAR=b" to be
interpreted as "FOO=a", "BAR=b".
Check for and reject NULs in environment variables passed to
syscall.StartProcess on Windows.
Add a redundant check to os/exec as extra insurance.
Fixes #56284
Fixes CVE-2022-41716
Change-Id: I2950e2b0cb14ebd26e5629be1521858f66a7d4ae
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1609434
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
TryBot-Result: Security TryBots <security-trybots@go-security-trybots.iam.gserviceaccount.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/446916
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Matthew Dempsky <mdempsky@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
|
|
The immediate reason is that we want to use godebug from math/rand,
and math/rand importing godebug importing os causes an import cycle
in package testing.
More generally, the new approach to backward compatibility outlined
in discussion #55090 will require using this package from other similarly
sensitive places, perhaps even package os itself. Best to remove all
dependencies.
Preparation for #54880.
Change-Id: Ia01657a2d90e707a8121a336c9db3b7247c0198f
Reviewed-on: https://go-review.googlesource.com/c/go/+/439418
Auto-Submit: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Austin Clements <austin@google.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
solaris
Move the writev definition for solaris from package
internal/syscall/unix to package syscall. This corresponds to where
writev is defined on aix, darwin and openbsd as well and is
go:linkname'ed from internal/poll. This also allows updating the
generated wrappers more easily if needed.
Change-Id: I671ed8232d25319f8e63f549f786d77a17602148
Reviewed-on: https://go-review.googlesource.com/c/go/+/436597
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
|
|
aix supports iovec read/write, see
https://www.ibm.com/docs/en/aix/7.2?topic=w-write-writex-write64x-writev-writevx-ewrite-ewritev-pwrite-pwritev-subroutine
Define an unexported writev wrapper in package syscall (like on openbsd
and darwin) and linkname it from internal/poll.
Change-Id: I8f9695ceac72ae861afa3692207c154d86d4e690
Reviewed-on: https://go-review.googlesource.com/c/go/+/435260
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
|
|
egrep and fgrep are obsolescent now.
This PR updates all egrep and fgrep commands to grep -E and grep -F.
Running egrep/fgrep command with grep v3.8 will output the following warning to stderr:
egrep: warning: egrep is obsolescent; using grep -E
see also:
https://www.phoronix.com/news/GNU-Grep-3.8-Stop-egrep-fgrep
https://lists.gnu.org/archive/html/info-gnu/2022-09/msg00001.html
Change-Id: Iea1ca9ae72264530c67727b5e27cf1b7a362dd97
GitHub-Last-Rev: 3584884bd48cca97271ab86010fce8e4e063c0e4
GitHub-Pull-Request: golang/go#55299
Reviewed-on: https://go-review.googlesource.com/c/go/+/432256
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
|
|
Change-Id: Iae290216687fd1ce8be720600157fb78cc2446d0
GitHub-Last-Rev: 4fba64ecb14a704d39f6ecc33989522bcac6656f
GitHub-Pull-Request: golang/go#55959
Reviewed-on: https://go-review.googlesource.com/c/go/+/436881
Auto-Submit: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
Convert a few occurrences that were submitted after CL 389935.
For #20322
For #51572
Change-Id: I0047361916c402f8e37f515e6b09d451bd499e6e
Reviewed-on: https://go-review.googlesource.com/c/go/+/437235
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
Updates #53466
Change-Id: I3c156400a105e711d6da0980854c08bf2f7e415a
Reviewed-on: https://go-review.googlesource.com/c/go/+/431655
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Mikaël Urankar <mikael.urankar@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Joel Sing <joel@sing.id.au>
Reviewed-by: Dmitri Goutnik <dgoutnik@gmail.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
|
|
to is an optional pointer to sockaddr, as written in the doc:
https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-wsasendto
For #55845
Change-Id: Ia685cec8d9bc9ff313f598db9d2213a1f409757a
Reviewed-on: https://go-review.googlesource.com/c/go/+/434535
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Run-TryBot: xie cui <523516579@qq.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
|
|
Fixes #55845
Change-Id: If30263b7d34829c40e6606846115ec520f351f2c
Reviewed-on: https://go-review.googlesource.com/c/go/+/433504
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Andy Pan <panjf2000@gmail.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
Change-Id: Idd8cee84215e61817a86915160c91242670798af
Reviewed-on: https://go-review.googlesource.com/c/go/+/431663
Reviewed-by: Yuval Pavel Zholkover <paulzhol@gmail.com>
Reviewed-by: Dmitri Goutnik <dgoutnik@gmail.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
|
|
Update #53280
Change-Id: Iaa7c0cf5dbefaa8e14c2de499f99755911c17672
Reviewed-on: https://go-review.googlesource.com/c/go/+/411596
Reviewed-by: Meng Zhuo <mzh@golangcn.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Yuval Pavel Zholkover <paulzhol@gmail.com>
Reviewed-by: Dmitri Goutnik <dgoutnik@gmail.com>
|
|
Use fcntl(oldfd, F_DUP2FD_CLOEXEC, newfd) to duplicate the file
descriptor and mark is as close-on-exec instead of dup2 & fcntl.
DragonFly BSD implements dup3 like this in libc since version 5.4.
Change-Id: I80c765faa288add8ffb236284c9e8c4f8e6c6769
Reviewed-on: https://go-review.googlesource.com/c/go/+/430535
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Jenny Rakoczy <jenny@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Jenny Rakoczy <jenny@golang.org>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Auto-Submit: Jenny Rakoczy <jenny@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
Use fcntl(oldfd, F_DUP2FD_CLOEXEC, newfd) to duplicate the file
descriptor and mark is as close-on-exec instead of dup2 & fcntl.
Note that the value for F_DUP2FD_CLOEXEC is different on Solaris and
Illumos and thus the definition is moved from zerrors_solaris_amd64.go
to solaris/illumos specific files.
Change-Id: I9a52801d1a01471ec3f065520575e3fafee92855
Reviewed-on: https://go-review.googlesource.com/c/go/+/428375
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Auto-Submit: Jenny Rakoczy <jenny@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jenny Rakoczy <jenny@golang.org>
Run-TryBot: Jenny Rakoczy <jenny@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
|
|
CL 413374 added syscall.Mmap on solaris. Use it in cmd/compile and
cmd/link if the bootstrap toolchain is Go ≥ 1.20.
For #52875
For #54265
Change-Id: I9a0534bf97926eecf0c6f1f9218e855344ba158f
Reviewed-on: https://go-review.googlesource.com/c/go/+/430496
Reviewed-by: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
|
|
Change-Id: Ib6196f01b1927ea8a84c095f445320f03a514dd1
Reviewed-on: https://go-review.googlesource.com/c/go/+/429796
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
Same as CL 429915.
Change-Id: I83f4d3bd980294d5bae387d875368b069be2d91a
Reviewed-on: https://go-review.googlesource.com/c/go/+/429955
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jenny Rakoczy <jenny@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: hopehook <hopehook@golangcn.org>
Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Auto-Submit: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Auto-Submit: Jenny Rakoczy <jenny@golang.org>
|
|
Direct syscalls should no longer be used on darwin. Instead, directly
call libc's msync when using Go ≥ 1.20 for bootstrap.
For #54265
Change-Id: Ie3f1e6ccd1a06e7f0ddd88cdef5067393a69e8db
Reviewed-on: https://go-review.googlesource.com/c/go/+/430336
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
|
|
(except mips64)
Add and use a writev libc wrapper instead of using syscall(2).
Updates golang/go#36435
Change-Id: I3c67665388ac276d9ef36868e368e91efb92800e
Reviewed-on: https://go-review.googlesource.com/c/go/+/428776
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Joel Sing <joel@sing.id.au>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
|
|
Implement CLONE_INTO_CGROUP feature, allowing to put a child in a
specified cgroup in a clean and simple way. Note that the feature only
works for cgroup v2, and requires Linux kernel 5.7 or newer.
Using the feature requires a new syscall, clone3. Currently this is the
only reason to use clone3, but the code is structured in a way so that
other cases may be easily added in the future.
Add a test case.
While at it, try to simplify the syscall calling code in
forkAndExecInChild1, which became complicated over time because:
1. It was using either rawVforkSyscall or RawSyscall6 depending on
whether CLONE_NEWUSER was set.
2. On Linux/s390, the first two arguments to clone(2) system call are
swapped (which deserved a mention in Linux ABI hall of shame). It
was worked around in rawVforkSyscall on s390, but had to be
implemented via a switch/case when using RawSyscall6, making the code
less clear.
Let's
- modify rawVforkSyscall to have two arguments (which is also required
for clone3);
- remove the arguments workaround from s390 asm, instead implementing
arguments swap in the caller (which still looks ugly but at least
it's done once and is clearly documented now);
- use rawVforkSyscall for all cases (since it is essentially similar to
RawSyscall6, except for having less parameters, not returning r2, and
saving/restoring the return address before/after syscall on 386 and
amd64).
Updates #51246.
Change-Id: Ifcd418ebead9257177338ffbcccd0bdecb94474e
Reviewed-on: https://go-review.googlesource.com/c/go/+/417695
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Run-TryBot: Kirill Kolyshkin <kolyshkin@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
Change-Id: I9de5aafb36d05bdc90bbdba516367eb2b200a7e0
Reviewed-on: https://go-review.googlesource.com/c/go/+/428777
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
Updates #54854
Change-Id: Ibaf4eea14a6259cdbca79e9e95db1602966f18e6
Reviewed-on: https://go-review.googlesource.com/c/go/+/428176
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
The kernel knob /proc/sys/kernel/unprivileged_userns_clone is
only available in Debian (and Ubuntu) kernels, so if the tests
are run on e.g. Fedora, skipUnprivilegedUserClone() skips a lot
of tests.
Modify it to treat ENOENT as "it should work".
Change-Id: I959201ede139ede989cc8ab646c9bf51e0539ada
Reviewed-on: https://go-review.googlesource.com/c/go/+/417694
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Kirill Kolyshkin <kolyshkin@gmail.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
Linux kernel 5.8 added the faccessat2 syscall taking a flags argument.
Attempt to use it in Faccessat and fall back to the existing
implementation mimicking glibc faccessat.
Do not export the new syscall value so we keep syscall API intact.
Part of this commit is generated by:
GOOS=linux ./mkall.sh -syscalls zsyscall_linux_*.go
This is similar to [1] amended by [2]. Required for [3].
[1] https://go-review.googlesource.com/c/sys/+/246537
[2] https://go-review.googlesource.com/c/sys/+/246817
[3] https://go-review.googlesource.com/c/go/+/414824
Co-authored-by: Tobias Klauser <tklauser@distanz.ch>
Change-Id: Ib7fe5ba853c15d92e869df9a16b56b79b96e43a6
Reviewed-on: https://go-review.googlesource.com/c/go/+/416115
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
|
|
Amend the "mkall.sh -syscalls" implementation to
- prepend ./ before mksyscalls.pl;
- accept the optional file list argument.
This is a preparation for CL 416115.
Change-Id: Ib4dc2b4aa0d2dd22a256414864e92f2d2fd957a5
Reviewed-on: https://go-review.googlesource.com/c/go/+/423676
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
|
|
From the append docs in the builtin package:
As a special case, it is legal to append a string to a byte slice, like this:
slice = append([]byte("hello "), "world"...)
Change-Id: Ib14039a7476873b12a3aefccd8863e8d628b9249
Reviewed-on: https://go-review.googlesource.com/c/go/+/425102
Reviewed-by: hopehook <hopehook@qq.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: David Chase <drchase@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
|
|
Using utf16.AppendRune instead of utf16.Encode safe a bunch
of allocations across the board, as many higher level functions
use it to call Windows syscalls, for example to `os` package:
name old alloc/op new alloc/op delta
Readdirname-12 15.6kB ± 0% 15.6kB ± 0% +0.26% (p=0.008 n=5+5)
Readdir-12 29.4kB ± 0% 29.4kB ± 0% +0.14% (p=0.008 n=5+5)
ReadDir-12 29.4kB ± 0% 29.4kB ± 0% +0.14% (p=0.016 n=4+5)
StatDot-12 552B ± 0% 560B ± 0% +1.45% (p=0.008 n=5+5)
StatFile-12 512B ± 0% 336B ± 0% -34.38% (p=0.008 n=5+5)
StatDir-12 432B ± 0% 288B ± 0% -33.33% (p=0.008 n=5+5)
LstatDot-12 552B ± 0% 560B ± 0% +1.45% (p=0.008 n=5+5)
LstatFile-12 512B ± 0% 336B ± 0% -34.38% (p=0.008 n=5+5)
LstatDir-12 432B ± 0% 288B ± 0% -33.33% (p=0.008 n=5+5)
StatFile-12 4.00 ± 0% 2.00 ± 0% -50.00% (p=0.008 n=5+5)
StatDir-12 4.00 ± 0% 2.00 ± 0% -50.00% (p=0.008 n=5+5)
LstatFile-12 4.00 ± 0% 2.00 ± 0% -50.00% (p=0.008 n=5+5)
LstatDir-12 4.00 ± 0% 2.00 ± 0% -50.00% (p=0.008 n=5+5)
Updates #51786
Change-Id: I0a088cf1a96e9c304da9311bb3895b70443c1637
Reviewed-on: https://go-review.googlesource.com/c/go/+/425054
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
|
|
Support for Linux kernel versions requiring the fallback to CloseOnExec
was dropped from recent Go versions. The minimum Linux kernel version is
2.6.32 as of Go 1.18. The SOCK_CLOEXEC flag for the socket syscall is
supported since kernel version 2.6.27.
Follows a similar change for net.sysSocket in CL 403634.
For #45964
Change-Id: I8b6311f07c4ed7900a9af3ecb2e146c49db08665
Reviewed-on: https://go-review.googlesource.com/c/go/+/422374
Reviewed-by: Joedian Reid <joedian@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
|
|
The constants for these were auto-generated from the C includes
into zerrors_linux* files quite some time ago. The generator is
currently broken, but some new flags need to be added nevertheless.
As the flags won't change and the values are the same for all
architectures, we can just define them statically (as it's already
done in the runtime package):
- remove the CLONE_* constants from zerrors_linux_*.go;
- patch mkerrors.sh to not generate CLONE_ constants
(in case it will be fixed and used in the future);
- add the constants and some comments about them to exec_linux.go,
using Linux v5.17 include/uapi/sched.h as the ultimate source.
This adds the following new flags:
- CLONE_CLEAR_SIGHAND
- CLONE_INTO_CGROUP
- CLONE_NEWCGROUP
- CLONE_NEWTIME
- CLONE_PIDFD
For #51246.
Change-Id: I0c635723926218bd403d37e113ee4d62194463a8
Reviewed-on: https://go-review.googlesource.com/c/go/+/407574
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Joedian Reid <joedian@golang.org>
Auto-Submit: Ian Lance Taylor <iant@google.com>
|
|
Most newer architectures (e.g. arm64, riscv64, loong64) don't provide the
epoll_create syscall. Some systems (e.g. Android) block it even if it
were available. In the kernel, the epoll_create syscall is implemented
[1] the same way EpollCreate is implemented in this package for
platforms without the epoll_create syscall. The epoll_create1 syscall is
available since Linux kernel 2.6.27 and the minimum required kernel
version is 2.6.32 since Go 1.18 (see #45964). Thus, avoid the separate
wrapper and consistently implement EpollCreate using EpollCreate1.
[1] https://elixir.bootlin.com/linux/v5.15-rc1/source/fs/eventpoll.c#L2006
The same change was already done in CL 349809 for golang.org/x/sys/unix.
For #45964
Change-Id: I5463b208aa7ae236fa2c175d6d3ec6568f1840b0
Reviewed-on: https://go-review.googlesource.com/c/go/+/411594
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
|
|
They exist on all other Unix ports, define them on GOOS=solaris as well.
Fixes #52875
Change-Id: I7285156b3b48ce12fbcc6d1d88865540a5c51a21
Reviewed-on: https://go-review.googlesource.com/c/go/+/413374
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
|
